www.agendasdeprovbip.com Open in urlscan Pro
172.67.217.225 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.agendasdeprovbip.com/
Submission: On January 02 via api (January 2nd 2024, 3:03:28 am UTC) from US — Scanned from US

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 14 HTTP transactions. The main IP is 172.67.217.225, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.agendasdeprovbip.com.
TLS certificate: Issued by E1 on January 1st 2024. Valid for: 3 months.

This is the only time www.agendasdeprovbip.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco de la Provincia de Buenos Aires (Banking)

Domain & IP information

	IP Address	AS Autonomous System
7	172.67.217.225 172.67.217.225	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
2	181.191.187.30 181.191.187.30	265806 (BANCO DE ...) (BANCO DE LA PROVINCIA DE BUENOS AIRES)
1 2	45.233.68.25 45.233.68.25	22798 (RED LINK ...) (RED LINK S.A.)
3	34.228.99.233 34.228.99.233	14618 (AMAZON-AES) (AMAZON-AES)
14	5

7 172.67.217.225 (United States)

ASN13335 (CLOUDFLARENET, US)

www.agendasdeprovbip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.137 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 181.191.187.30 (Buenos Aires, Argentina)

ASN265806 (BANCO DE LA PROVINCIA DE BUENOS AIRES, AR)
PTR: www.bancoprovincia.com.ar

www.bancoprovincia.com.ar	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.233.68.25 (Argentina) 1 redirects

ASN22798 (RED LINK S.A., AR)

analytics.redlink.com.ar	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.228.99.233 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-228-99-233.compute-1.amazonaws.com

imagenes.bancainternet.com.ar	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	agendasdeprovbip.com www.agendasdeprovbip.com	2 MB
3	bancainternet.com.ar imagenes.bancainternet.com.ar	119 KB
2	redlink.com.ar 1 redirects analytics.redlink.com.ar	770 B
2	bancoprovincia.com.ar www.bancoprovincia.com.ar	10 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 1219	82 KB
14	5

	Domain	Requested by
7	www.agendasdeprovbip.com	www.agendasdeprovbip.com
3	imagenes.bancainternet.com.ar	www.agendasdeprovbip.com imagenes.bancainternet.com.ar
2	analytics.redlink.com.ar	1 redirects
2	www.bancoprovincia.com.ar	www.agendasdeprovbip.com
1	code.jquery.com	www.agendasdeprovbip.com
14	5

This site contains no links.

Subject Issuer	Validity	Valid
agendasdeprovbip.com E1	`2024-01-01` - `2024-03-31`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
www.bancoprovincia.com.ar DigiCert SHA2 Extended Validation Server CA	`2023-01-04` - `2024-02-01`	a year	crt.sh
imagenes.bancainternet.com.ar Sectigo RSA Organization Validation Secure Server CA	`2023-08-30` - `2024-08-29`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.agendasdeprovbip.com/
Frame ID: D564494422B9AD693BD185ACA4779D22
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Página del Banco de la Provincia de Buenos Aires

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

93 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

1979 kB
Transfer

6661 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7

https://analytics.redlink.com.ar/hblogin/p1.htm?url=https://www.agendasdeprovbip.com/ HTTP 302
https://analytics.redlink.com.ar/

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.agendasdeprovbip.com/ 10 KB
3 KB 690ms
339ms Document
text/html 172.67.217.225
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.agendasdeprovbip.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.217.225 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.25
Resource Hash: fa9b7c89ed5da54dea18f8d0365b084be007b1628755efc79fe03b639d0b1779

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 83efc4b28d435e6b-EWR
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 02 Jan 2024 03:03:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YytPh7V7hTeSOzxX3It6mgtOt%2BjpgswmlEG%2B%2Fa20hZJ6pS9advbxWYApArB3wm%2FqV3avSwW1aMpmz8STN2s1iXjQjS%2FdAJdmeX8Q2yWyIKyGIEIpE6ERdIXKZW%2FWSX4JKnfBN7dKS7SIKn4%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/7.4.25

GET
H2 200 jquery-3.7.1.js Show response
code.jquery.com/ 279 KB
82 KB 328ms
3ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.7.1.js
Requested by: Host: www.agendasdeprovbip.com
URL: https://www.agendasdeprovbip.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 78a85aca2f0b110c29e0d2b137e09f0a1fb7a8e554b499f740d6744dc8962cfe

Request headers

Referer: https://www.agendasdeprovbip.com/
Origin: https://www.agendasdeprovbip.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 03:03:21 GMT
content-encoding: gzip
via: 1.1 varnish
age: 1542447
x-cache: HIT
content-length: 83619
x-served-by: cache-lga21944-LGA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1704164601.398067,VS0,VE0
etag: W/"28feccc0-45a82"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 12

GET
H2 200 helper.js Show response
www.agendasdeprovbip.com/assets/ 816 B
750 B 314ms
311ms Script
application/javascript 172.67.217.225
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.agendasdeprovbip.com/assets/helper.js
Requested by: Host: www.agendasdeprovbip.com
URL: https://www.agendasdeprovbip.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.217.225 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fa21a24a3dd314c7c10965b72b14e6a9a18aec824677023d2e9d524f9ff1fba7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.agendasdeprovbip.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 03:03:21 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 01 Jan 2024 15:09:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"330-60de3c37415fa-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ORMpml0kYaFaB5YxXbeVQPVlucUoUmzHhssKrQXo%2FsgqVUafYE0NxtDVGT9OMUKRPwvBAgj4KIs1iWXCTd5i5pgsJL61%2BEPYsPmpPKU2CMsc3teeR1J%2BGF%2FQ4H5wj4QVxsCsUF6vQNNrO88%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 83efc4b4bfe05e6b-EWR
alt-svc: h3=":443"; ma=86400

GET
H2 200 translatorProd.js Show response
www.agendasdeprovbip.com/assets/ 587 B
664 B 311ms
308ms Script
application/javascript 172.67.217.225
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.agendasdeprovbip.com/assets/translatorProd.js
Requested by: Host: www.agendasdeprovbip.com
URL: https://www.agendasdeprovbip.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.217.225 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb65b4c8572a5ac8e7c47e2477cb7ade42e54cd591aee4514ab5b6db169a1b43

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.agendasdeprovbip.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 03:03:21 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 01 Jan 2024 15:09:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"24b-60de3c396cca6-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bKbtQH8mzKQugaJ4UpDjS2NVndferxRzT%2F82YnPhNEPhRoehGV2mAhoMbcoNAMjt6%2BMIIv7WPN1ko3XpsaPpmGuMRbNHeODBCdhqxrusaB3Pv9OHa9l%2FXBQcj%2FCwfOTD1A1HIcUm9XfKG4Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 83efc4b4bfe25e6b-EWR
alt-svc: h3=":443"; ma=86400

GET
H2 200 index-992f5422.js Show response
www.agendasdeprovbip.com/assets/ 5 MB
1 MB 758ms
756ms Script
application/javascript 172.67.217.225
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.agendasdeprovbip.com/assets/index-992f5422.js
Requested by: Host: www.agendasdeprovbip.com
URL: https://www.agendasdeprovbip.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.217.225 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f70dd903525e05a9bc0cf115fcda8a25ebe5c4fce2969ec98837c4ced56942a6

Request headers

Referer: https://www.agendasdeprovbip.com/
Origin: https://www.agendasdeprovbip.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 03:03:21 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 01 Jan 2024 15:09:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"563909-60de3c3dac2ff-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7%2FeYVQ8qTM3JZwCFatVq65GOiOGA%2FQ0WMefrb40IpkD2QyMnpzwWbtcrqfkh1dgJaQ%2FGcvUy0LePYpT97fohPSwoT5BCiSVNwY4MPvQEhEj5MLuo53zqO4Tr6%2FyYGWOPGi%2Fm7wX4bTo3P6U%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 83efc4b4bfe55e6b-EWR
alt-svc: h3=":443"; ma=86400

GET
H2 200 index-d094905c.css
www.agendasdeprovbip.com/assets/ 384 KB
49 KB 613ms
611ms Stylesheet
text/css 172.67.217.225
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.agendasdeprovbip.com/assets/index-d094905c.css
Requested by: Host: www.agendasdeprovbip.com
URL: https://www.agendasdeprovbip.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.217.225 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29f0357e7bb59f7efefb9bd0376c93e7f99e36cbf538e3888039d63e7738812a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.agendasdeprovbip.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 03:03:21 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 01 Jan 2024 15:09:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"60129-60de3c38b0122-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=86TC6S0Nb%2B8k6vsty6N5g9NC6N%2BcDj%2F5TXwCGDbggOAQH1FfjROddfRqIQ%2FOlg3twp4oH2Y0zzPMEvMoP51o2YJQYYnK5a6iv1vjd%2Bs2W99m%2FPxFTZ%2B8dAwg0byo8fbMST3rKuuvLcT1MM4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 83efc4b4bfdf5e6b-EWR
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK logo_2021_S
www.bancoprovincia.com.ar/CDN/Get/ 3 KB
4 KB 1443ms
293ms Image
image/svg+xml 181.191.187.30
BANCO DE LA PROVI...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bancoprovincia.com.ar/CDN/Get/logo_2021_S
Requested by: Host: www.agendasdeprovbip.com
URL: https://www.agendasdeprovbip.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 181.191.187.30 Buenos Aires, Argentina, ASN265806 (BANCO DE LA PROVINCIA DE BUENOS AIRES, AR),
Reverse DNS: www.bancoprovincia.com.ar
Software: nginx / ASP.NET
Resource Hash: 92ab91c157fd0fd33246869e8d877dc5c14d53dbfc25917a5b1b707c3afb97d3

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.agendasdeprovbip.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Tue, 02 Jan 2024 03:03:22 GMT
X-AspNetMvc-Version: 3.0
Last-Modified: Tue, 02 Jan 2024 02:49:34 GMT
Server: nginx
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: *
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=72,public
Connection: keep-alive
Content-Length: 3372
Expires: Tue, 02 Jan 2024 03:04:34 GMT

GET
H/1.1 200
OK logo_mobile_bip
www.bancoprovincia.com.ar/CDN/Get/ 6 KB
7 KB 1433ms
283ms Image
image/svg+xml 181.191.187.30
BANCO DE LA PROVI...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bancoprovincia.com.ar/CDN/Get/logo_mobile_bip
Requested by: Host: www.agendasdeprovbip.com
URL: https://www.agendasdeprovbip.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 181.191.187.30 Buenos Aires, Argentina, ASN265806 (BANCO DE LA PROVINCIA DE BUENOS AIRES, AR),
Reverse DNS: www.bancoprovincia.com.ar
Software: nginx / ASP.NET
Resource Hash: bd7f1be0f6563bb760345728beb5523d71117903c2693faf17a09e5a8929b418

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.agendasdeprovbip.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Tue, 02 Jan 2024 03:03:22 GMT
X-AspNetMvc-Version: 3.0
Last-Modified: Tue, 02 Jan 2024 03:03:22 GMT
Server: nginx
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: *
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: public, no-cache="Set-Cookie", max-age=900,public
Connection: keep-alive
Content-Length: 6158
Expires: Tue, 02 Jan 2024 03:18:22 GMT

GET
H/1.1

200
OK

/ Show response
analytics.redlink.com.ar/
Redirect Chain

https://analytics.redlink.com.ar/hblogin/p1.htm?url=https://www.agendasdeprovbip.com/
https://analytics.redlink.com.ar/

246 B
521 B

167ms
167ms

XHR
text/html

45.233.68.25
RED LINK S.A.

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.redlink.com.ar/
Protocol: HTTP/1.1
Server: 45.233.68.25 , Argentina, ASN22798 (RED LINK S.A., AR),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 774185757f47228d9b59ce512424a72614e1ffb88e4bc0a9a38141a318021cf1

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.agendasdeprovbip.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Tue, 02 Jan 2024 03:03:22 GMT
Last-Modified: Fri, 09 Oct 2015 19:27:42 GMT
Server: Microsoft-IIS/8.5
ETag: "0b291c82d11:0"
X-Powered-By: ASP.NET
Content-Type: text/html
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Content-Length: 246

Redirect headers

Location: https://analytics.redlink.com.ar
Access-Control-Allow-Origin: *
Date: Tue, 02 Jan 2024 03:03:22 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Content-Length: 155
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200 login.js Show response
imagenes.bancainternet.com.ar/scriptdealer/script/v1/w9hwjp/ 118 KB
118 KB 871ms
76ms Script
application/javascript 34.228.99.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://imagenes.bancainternet.com.ar/scriptdealer/script/v1/w9hwjp/login.js?clientId=5d39d9a0-e642-40ae-903f-cdb41f27a57f&websiteId=1856

Requested by

Host: www.agendasdeprovbip.com
URL: https://www.agendasdeprovbip.com/assets/translatorProd.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.228.99.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-228-99-233.compute-1.amazonaws.com

Software

Resource Hash

47f985458d9948e2e2665574d33164ed70cbfc408770179d505ae47acb3e0bf5

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1;mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.agendasdeprovbip.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Tue, 02 Jan 2024 03:03:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
content-security-policy: script-src 'self'
x-content-type-options: nosniff
x-frame-options: DENY
Content-Type: application/javascript
permissions-policy: fullscreen=();microphone=();camera=();speaker=();
Connection: keep-alive
Content-Length: 120393
x-xss-protection: 1;mode=block

GET
H2 200 login-ef23bd4d.png
www.agendasdeprovbip.com/assets/ 70 KB
71 KB 302ms
299ms Image
image/png 172.67.217.225
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.agendasdeprovbip.com/assets/login-ef23bd4d.png
Requested by: Host: www.agendasdeprovbip.com
URL: https://www.agendasdeprovbip.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.217.225 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef23bd4df94bc553e61e5ec91431691a0d342bfa73864765ca1d98eda71b24de

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.agendasdeprovbip.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 03:03:22 GMT
cf-cache-status: REVALIDATED
last-modified: Mon, 01 Jan 2024 15:09:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "11982-60de3c3920600"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mpscIlAL8h42Z0ewNDVAmjjzNq7kpYCKTPfSfXIzg6I0NYSe0BKbBt0t3SCoqaTLHAs7e4KweHKUuoWA3nY0148kcHopk0IeSQP5R53kRTuG9L%2FuTn9f%2F1xbKGAYyP58FOhEHU6XdcTgO%2Bg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 83efc4b8cd1d5e6b-EWR
alt-svc: h3=":443"; ma=86400
content-length: 72066

GET
H2 200 EncodeSans-26f5e63f.ttf
www.agendasdeprovbip.com/assets/ 270 KB
271 KB 596ms
594ms Font
application/x-font-ttf 172.67.217.225
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.agendasdeprovbip.com/assets/EncodeSans-26f5e63f.ttf
Requested by: Host: www.agendasdeprovbip.com
URL: https://www.agendasdeprovbip.com/assets/index-d094905c.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.217.225 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26f5e63f8ef42fe40b4bba8cadb51238a517263e0bafe10babfe3007daa98866

Request headers

Referer: https://www.agendasdeprovbip.com/assets/index-d094905c.css
Origin: https://www.agendasdeprovbip.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 03:03:22 GMT
cf-cache-status: MISS
last-modified: Mon, 01 Jan 2024 15:09:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "4393c-60de3c37a7ab0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kHpGGDcyLXR81JUqCDOli%2FTpuTHHRoFF%2F9p1zN5wI1ZcL4B1Yc5aNg1vBcnYx24KWizBanFLn6RBHS6MLIDPtGjg1%2FjHx8MNejU7ZU5SsYIVJMuDo0m4M5Y4rKhZSAEvskKnMNKaieOW3zU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-font-ttf
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 83efc4b8cd1b5e6b-EWR
alt-svc: h3=":443"; ma=86400
content-length: 276796

OPTIONS
H/1.1 200 pageFeatures
imagenes.bancainternet.com.ar/requestserver/rest/v1/ 0
0 347ms
20ms Preflight 34.228.99.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://imagenes.bancainternet.com.ar/requestserver/rest/v1/pageFeatures?sessionId=x&clientId=5d39d9a0-e642-40ae-903f-cdb41f27a57f

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.228.99.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-228-99-233.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1;mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.agendasdeprovbip.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 0
Date: Tue, 02 Jan 2024 03:03:22 GMT
access-control-allow-credentials: true
access-control-allow-headers: x-requested-with, content-type
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: https://www.agendasdeprovbip.com
access-control-max-age: 3600
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-security-policy: script-src 'self'
permissions-policy: fullscreen=();microphone=();camera=();speaker=();
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1;mode=block

POST
H/1.1 200 pageFeatures Show response
imagenes.bancainternet.com.ar/requestserver/rest/v1/ 81 B
1 KB 16ms
16ms XHR
application/json 34.228.99.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://imagenes.bancainternet.com.ar/requestserver/rest/v1/pageFeatures?sessionId=x&clientId=5d39d9a0-e642-40ae-903f-cdb41f27a57f

Requested by

Host: imagenes.bancainternet.com.ar
URL: https://imagenes.bancainternet.com.ar/scriptdealer/script/v1/w9hwjp/login.js?clientId=5d39d9a0-e642-40ae-903f-cdb41f27a57f&websiteId=1856

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.228.99.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-228-99-233.compute-1.amazonaws.com

Software

Resource Hash

7012ef908f1e16e7eb135b9d5e65ab35779931ee58ed4a8b129e6d986ea70455

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1;mode=block

Request headers

Referer: https://www.agendasdeprovbip.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json

Response headers

Date: Tue, 02 Jan 2024 03:03:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: script-src 'self'
Transfer-Encoding: chunked
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
Connection: keep-alive
x-xss-protection: 1;mode=block
referrer-policy: no-referrer-when-downgrade
access-control-max-age: 3600
access-control-allow-methods: POST, OPTIONS
Content-Type: application/json
access-control-allow-origin: https://www.agendasdeprovbip.com
x-frame-options: DENY
access-control-allow-credentials: true
permissions-policy: fullscreen=();microphone=();camera=();speaker=();
access-control-allow-headers: x-requested-with, content-type

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco de la Provincia de Buenos Aires (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			imagenes.bancainternet.com.ar/requestserver/rest/v1	1970-01-20 17:22:46	Name: herok Value: 2886860804pvgcoiCBEP8fcS4nkGUFqTL0I6k0d4
			imagenes.bancainternet.com.ar/requestserver/rest/v1	1969-12-31 23:59:59	Name: kirby Value: 2886860804pvgcoiCBEP8fcS4nkGUFqTL0I6k0d4

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.redlink.com.ar
code.jquery.com
imagenes.bancainternet.com.ar
www.agendasdeprovbip.com
www.bancoprovincia.com.ar
151.101.130.137
172.67.217.225
181.191.187.30
34.228.99.233
45.233.68.25
26f5e63f8ef42fe40b4bba8cadb51238a517263e0bafe10babfe3007daa98866
29f0357e7bb59f7efefb9bd0376c93e7f99e36cbf538e3888039d63e7738812a
47f985458d9948e2e2665574d33164ed70cbfc408770179d505ae47acb3e0bf5
7012ef908f1e16e7eb135b9d5e65ab35779931ee58ed4a8b129e6d986ea70455
774185757f47228d9b59ce512424a72614e1ffb88e4bc0a9a38141a318021cf1
78a85aca2f0b110c29e0d2b137e09f0a1fb7a8e554b499f740d6744dc8962cfe
92ab91c157fd0fd33246869e8d877dc5c14d53dbfc25917a5b1b707c3afb97d3
bd7f1be0f6563bb760345728beb5523d71117903c2693faf17a09e5a8929b418
eb65b4c8572a5ac8e7c47e2477cb7ade42e54cd591aee4514ab5b6db169a1b43
ef23bd4df94bc553e61e5ec91431691a0d342bfa73864765ca1d98eda71b24de
f70dd903525e05a9bc0cf115fcda8a25ebe5c4fce2969ec98837c4ced56942a6
fa21a24a3dd314c7c10965b72b14e6a9a18aec824677023d2e9d524f9ff1fba7
fa9b7c89ed5da54dea18f8d0365b084be007b1628755efc79fe03b639d0b1779

www.agendasdeprovbip.com Open in urlscan Pro 172.67.217.225 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

14 Requests

93 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

5 IPs

2 Countries

1979 kBTransfer

6661 kBSize

2 Cookies

0 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

2 Cookies

Indicators

www.agendasdeprovbip.com Open in urlscan Pro
172.67.217.225 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

93 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

1979 kB
Transfer

6661 kB
Size

2
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!