38.54.57.54 Open in urlscan Pro
38.54.57.54 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://38.54.57.54/
Submission: On February 01 via manual (February 1st 2023, 8:43:15 am UTC) from FR — Scanned from FR

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 1 domains to perform 10 HTTP transactions. The main IP is 38.54.57.54, located in São Paulo, Brazil and belongs to KAOPU-HK Kaopu Cloud HK Limited, HK. The main domain is 38.54.57.54.

This is the only time 38.54.57.54 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BBVA (Financial)

Domain & IP information

	IP Address	AS Autonomous System
9	38.54.57.54 38.54.57.54	138915 (KAOPU-HK ...) (KAOPU-HK Kaopu Cloud HK Limited)
1	23.37.51.101 23.37.51.101	16625 (AKAMAI-AS) (AKAMAI-AS)
10	2

9 38.54.57.54 (São Paulo, Brazil)

ASN138915 (KAOPU-HK Kaopu Cloud HK Limited, HK)

38.54.57.54	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.37.51.101 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-51-101.deploy.static.akamaitechnologies.com

assets.caasbbva.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	caasbbva.com assets.caasbbva.com — Cisco Umbrella Rank: 77827	4 KB
10	1

	Domain	Requested by
1	assets.caasbbva.com	38.54.57.54
10	1

This site contains no links.

Subject Issuer	Validity	Valid
bbvanetcash.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-24` - `2023-03-27`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://38.54.57.54/
Frame ID: F3A6921A8B43BA844B38548203F5CC2D
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

10
Requests

10 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

2
Countries

214 kB
Transfer

291 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
38.54.57.54/ 4 KB
2 KB 406ms
203ms Document
text/html 38.54.57.54
KAOPU-HK Kaopu Cl...

General

Check archive.org

Show headers Download Go to

Full URL: http://38.54.57.54/
Protocol: HTTP/1.1
Server: 38.54.57.54 São Paulo, Brazil, ASN138915 (KAOPU-HK Kaopu Cloud HK Limited, HK),
Reverse DNS
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: ad2e8bf77670cfc056659f5f21ad5565346e0badd8a171042190931444d39240

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 1356
Content-Type: text/html; charset=UTF-8
Date: Wed, 01 Feb 2023 08:43:10 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding

GET
H/1.1 200
OK normalize.css
38.54.57.54/css/ 11 KB
2 KB 203ms
203ms Stylesheet
text/css 38.54.57.54
KAOPU-HK Kaopu Cl...

General

Check archive.org

Show headers Download Go to

Full URL: http://38.54.57.54/css/normalize.css
Requested by: Host: 38.54.57.54
URL: http://38.54.57.54/
Protocol: HTTP/1.1
Server: 38.54.57.54 São Paulo, Brazil, ASN138915 (KAOPU-HK Kaopu Cloud HK Limited, HK),
Reverse DNS
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 366e1f474f255a458f0a0c7566ccdf62624d6410b3c81b2549fe4368cbe5786b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://38.54.57.54/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 08:43:10 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 Jul 2022 05:53:30 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "2bad-5e344d25aca80-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2034

GET
H/1.1 200
OK header.css
38.54.57.54/css/ 30 KB
5 KB 399ms
200ms Stylesheet
text/css 38.54.57.54
KAOPU-HK Kaopu Cl...

General

Check archive.org

Show headers Download Go to

Full URL: http://38.54.57.54/css/header.css
Requested by: Host: 38.54.57.54
URL: http://38.54.57.54/
Protocol: HTTP/1.1
Server: 38.54.57.54 São Paulo, Brazil, ASN138915 (KAOPU-HK Kaopu Cloud HK Limited, HK),
Reverse DNS
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: d9d0af257cadab67fd0f3663aa1635d017108ea48be88031485eb6e8f53af228

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://38.54.57.54/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 08:43:10 GMT
Content-Encoding: gzip
Last-Modified: Mon, 26 Dec 2022 18:47:10 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "79e8-5f0bf9010e780-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 4878

GET
H/1.1 200
OK styles.css
38.54.57.54/css/ 50 KB
8 KB 405ms
203ms Stylesheet
text/css 38.54.57.54
KAOPU-HK Kaopu Cl...

General

Check archive.org

Show headers Download Go to

Full URL: http://38.54.57.54/css/styles.css
Requested by: Host: 38.54.57.54
URL: http://38.54.57.54/
Protocol: HTTP/1.1
Server: 38.54.57.54 São Paulo, Brazil, ASN138915 (KAOPU-HK Kaopu Cloud HK Limited, HK),
Reverse DNS
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: ecd55d8db3c35e397d33fc691d243ae54f6e5c51a5fbe2886409e050e30d64b7

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://38.54.57.54/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 08:43:10 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 Jul 2022 06:33:06 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "c9da-5e3455ff9ac80-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 7915

GET
H/1.1 200
OK logo.svg
38.54.57.54/img/ 2 KB
2 KB 388ms
203ms Image
image/svg+xml 38.54.57.54
KAOPU-HK Kaopu Cl...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://38.54.57.54/img/logo.svg
Requested by: Host: 38.54.57.54
URL: http://38.54.57.54/
Protocol: HTTP/1.1
Server: 38.54.57.54 São Paulo, Brazil, ASN138915 (KAOPU-HK Kaopu Cloud HK Limited, HK),
Reverse DNS
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 4b285aac3331fbd851ff9e33933cf15bfb8a3a37126348ecbb657006b4f6996d

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://38.54.57.54/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 08:43:10 GMT
Last-Modified: Fri, 08 Jul 2022 05:47:42 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "6eb-5e344bd9cbb80"
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 1771

GET
H2 200 identification.png
assets.caasbbva.com/argentina/net/security-tips/ 3 KB
4 KB 353ms
30ms Image
image/png 23.37.51.101
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.caasbbva.com/argentina/net/security-tips/identification.png

Requested by

Host: 38.54.57.54
URL: http://38.54.57.54/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.51.101 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-51-101.deploy.static.akamaitechnologies.com

Software

Resource Hash

ec7c21a9a4d67fd9fbca7c0781031a9b6dbca1229bd4d25c51966596f57a7aec

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://online.bbva.com.ar https://s3-dev.movil.bbva.es https://movil.bbva.es https://pre.web.bbva.es https://qa.web.grupobbva.com https://web.bbva.es https://.es.igrupobbva https://.igrupobbva https://bbvanetcash.com https://www.bbvanetcash.com https://www.bbva.es https://www.bbvanetadvance.com https://bbvanetadvance.com https://k0fe8mkn.openweb.bbva https://empresas.bbva.es https://www.bbva.pt https://bbva.pt https://www.bbvaglobalnetcash.com https://*.bbva.it https://netcash.bbva.es/
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://38.54.57.54/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 158, 158
strict-transport-security: max-age=31536000; includeSubdomains; preload
date: Wed, 01 Feb 2023 08:43:10 GMT
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' https://online.bbva.com.ar https://s3-dev.movil.bbva.es https://movil.bbva.es https://pre.web.bbva.es https://qa.web.grupobbva.com https://web.bbva.es https://*.es.igrupobbva https://*.igrupobbva https://bbvanetcash.com https://www.bbvanetcash.com https://www.bbva.es https://www.bbvanetadvance.com https://bbvanetadvance.com https://k0fe8mkn.openweb.bbva https://empresas.bbva.es https://www.bbva.pt https://bbva.pt https://www.bbvaglobalnetcash.com https://*.bbva.it https://netcash.bbva.es/
x-edgeconnect-midmile-rtt: 0, 17
content-length: 2863
x-xss-protection: 1; mode=block
etag: "41f5f0bb890fdbb9619196a49fbc1e10"
x-edgeconnect-cache-status: 1
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=81849
accept-ranges: bytes
access-control-allow-headers: Content-Type, Access-Control-Allow-Headers, Access-Control-Request-Method
expires: Thu, 02 Feb 2023 07:27:19 GMT

GET
H/1.1 200
OK BentonSansBBVA-Book.woff
38.54.57.54/css/fonts/ 59 KB
59 KB 203ms
202ms Font
font/woff 38.54.57.54
KAOPU-HK Kaopu Cl...

General

Check archive.org

Show headers Download Go to

Full URL: http://38.54.57.54/css/fonts/BentonSansBBVA-Book.woff
Requested by: Host: 38.54.57.54
URL: http://38.54.57.54/css/styles.css
Protocol: HTTP/1.1
Server: 38.54.57.54 São Paulo, Brazil, ASN138915 (KAOPU-HK Kaopu Cloud HK Limited, HK),
Reverse DNS
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: bbb3c57a1ca0ab92e36d9082b85aea35543cb2cf5ada00850603482f03bf3dd2

Request headers

Referer: http://38.54.57.54/css/styles.css
Origin: http://38.54.57.54
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 08:43:10 GMT
Last-Modified: Fri, 08 Jul 2022 05:48:34 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "eaf8-5e344c0b63080"
Content-Type: font/woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 60152

GET
H/1.1 200
OK bbvaweb-book-woff.woff
38.54.57.54/css/fonts/ 67 KB
67 KB 203ms
203ms Font
font/woff 38.54.57.54
KAOPU-HK Kaopu Cl...

General

Check archive.org

Show headers Download Go to

Full URL: http://38.54.57.54/css/fonts/bbvaweb-book-woff.woff
Requested by: Host: 38.54.57.54
URL: http://38.54.57.54/css/styles.css
Protocol: HTTP/1.1
Server: 38.54.57.54 São Paulo, Brazil, ASN138915 (KAOPU-HK Kaopu Cloud HK Limited, HK),
Reverse DNS
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: f5cbf9eefbf37f814f27cc710f7a65d28bc38549be266a917a393f6f5b6b1f5e

Request headers

Referer: http://38.54.57.54/css/styles.css
Origin: http://38.54.57.54
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 08:43:10 GMT
Last-Modified: Fri, 08 Jul 2022 05:48:28 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "10cdb-5e344c05aa300"
Content-Type: font/woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 68827

GET
H/1.1 200
OK bbva-icons-login.ttf
38.54.57.54/css/fonts/ 4 KB
5 KB 200ms
199ms Font
font/ttf 38.54.57.54
KAOPU-HK Kaopu Cl...

General

Check archive.org

Show headers Download Go to

Full URL: http://38.54.57.54/css/fonts/bbva-icons-login.ttf
Requested by: Host: 38.54.57.54
URL: http://38.54.57.54/css/styles.css
Protocol: HTTP/1.1
Server: 38.54.57.54 São Paulo, Brazil, ASN138915 (KAOPU-HK Kaopu Cloud HK Limited, HK),
Reverse DNS
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: e6ae17c55ec9c085399c353c9eed2f9c96d892c72ecc9823b6da080cbc3d98b2

Request headers

Referer: http://38.54.57.54/css/styles.css
Origin: http://38.54.57.54
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 08:43:10 GMT
Last-Modified: Fri, 08 Jul 2022 05:48:18 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "11b8-5e344bfc20c80"
Content-Type: font/ttf
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 4536

GET
H/1.1 200
OK BentonSansBBVA-Medium.woff
38.54.57.54/css/fonts/ 60 KB
60 KB 206ms
206ms Font
font/woff 38.54.57.54
KAOPU-HK Kaopu Cl...

General

Check archive.org

Show headers Download Go to

Full URL: http://38.54.57.54/css/fonts/BentonSansBBVA-Medium.woff
Requested by: Host: 38.54.57.54
URL: http://38.54.57.54/css/styles.css
Protocol: HTTP/1.1
Server: 38.54.57.54 São Paulo, Brazil, ASN138915 (KAOPU-HK Kaopu Cloud HK Limited, HK),
Reverse DNS
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 80d10509e7c3322010a5b2beef454d7c44593e6cb1cab9baedd57b4b91425990

Request headers

Referer: http://38.54.57.54/css/styles.css
Origin: http://38.54.57.54
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Wed, 01 Feb 2023 08:43:10 GMT
Last-Modified: Fri, 08 Jul 2022 05:48:40 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "ee5c-5e344c111be00"
Content-Type: font/woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 61020

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BBVA (Financial)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.caasbbva.com
23.37.51.101
38.54.57.54
366e1f474f255a458f0a0c7566ccdf62624d6410b3c81b2549fe4368cbe5786b
4b285aac3331fbd851ff9e33933cf15bfb8a3a37126348ecbb657006b4f6996d
80d10509e7c3322010a5b2beef454d7c44593e6cb1cab9baedd57b4b91425990
ad2e8bf77670cfc056659f5f21ad5565346e0badd8a171042190931444d39240
bbb3c57a1ca0ab92e36d9082b85aea35543cb2cf5ada00850603482f03bf3dd2
d9d0af257cadab67fd0f3663aa1635d017108ea48be88031485eb6e8f53af228
e6ae17c55ec9c085399c353c9eed2f9c96d892c72ecc9823b6da080cbc3d98b2
ec7c21a9a4d67fd9fbca7c0781031a9b6dbca1229bd4d25c51966596f57a7aec
ecd55d8db3c35e397d33fc691d243ae54f6e5c51a5fbe2886409e050e30d64b7
f5cbf9eefbf37f814f27cc710f7a65d28bc38549be266a917a393f6f5b6b1f5e

38.54.57.54 Open in urlscan Pro 38.54.57.54 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

10 Requests

10 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

2 Countries

214 kBTransfer

291 kBSize

0 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

38.54.57.54 Open in urlscan Pro
38.54.57.54 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

10 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

2
Countries

214 kB
Transfer

291 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!