lc-pas.com - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 6 HTTP transactions. The main IP is 2800:6c0:2::5f, located in Buenos Aires, Argentina and belongs to Dattatec.com, AR. The main domain is lc-pas.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 4th 2024. Valid for: a year.

This is the only time lc-pas.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco de la Provincia de Buenos Aires (Banking)

Domain & IP information

	IP Address	AS Autonomous System
5	2800:6c0:2::5f 2800:6c0:2::5f	27823 (Dattatec.com) (Dattatec.com)
1	181.191.186.44 181.191.186.44	265806 (BANCO DE ...) (BANCO DE LA PROVINCIA DE BUENOS AIRES)
6	2

5 2800:6c0:2::5f (Buenos Aires, Argentina)

ASN27823 (Dattatec.com, AR)

lc-pas.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 181.191.186.44 (Buenos Aires, Argentina)

ASN265806 (BANCO DE LA PROVINCIA DE BUENOS AIRES, AR)

www.bancoprovincia.bancainternet.com.ar	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	lc-pas.com lc-pas.com	390 KB
1	bancainternet.com.ar www.bancoprovincia.bancainternet.com.ar	15 KB
6	2

	Domain	Requested by
5	lc-pas.com	lc-pas.com
1	www.bancoprovincia.bancainternet.com.ar
6	2

This site contains no links.

Subject Issuer	Validity	Valid
lc-pas.com Sectigo RSA Domain Validation Secure Server CA	`2024-05-04` - `2025-04-03`	a year	crt.sh
www.bancoprovincia.bancainternet.com.ar Sectigo RSA Extended Validation Secure Server CA	`2023-10-26` - `2024-11-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://lc-pas.com/Provincia/
Frame ID: D605EAED05867209A87FE29A6D2B05DB
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Inicio sesión

Page Statistics

6
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

405 kB
Transfer

743 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
lc-pas.com/Provincia/ 8 KB
2 KB 1778ms
1260ms Document
text/html 2800:6c0:2::5f
Dattatec.com

General

Check archive.org

Show headers Download Go to

Full URL: https://lc-pas.com/Provincia/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2800:6c0:2::5f Buenos Aires, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS
Software: Apache / PHP/8.2.14
Resource Hash: 4bec6610339ac79b30d572ed0409dceb465db68aae212dc477ff0a94e299590a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 09 Jul 2024 02:01:34 GMT
server: Apache
vary: Accept-Encoding
x-powered-by: PHP/8.2.14

GET
H2 200 letsgo.css
lc-pas.com/Provincia/potencimund/ 378 KB
46 KB 514ms
513ms Stylesheet
text/css 2800:6c0:2::5f
Dattatec.com

General

Check archive.org

Show headers Download Go to

Full URL: https://lc-pas.com/Provincia/potencimund/letsgo.css
Requested by: Host: lc-pas.com
URL: https://lc-pas.com/Provincia/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2800:6c0:2::5f Buenos Aires, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS
Software: Apache /
Resource Hash: 7e001f8ac09b76a7d17a96c3bf84c6d03bdb085d46deab33f3542d1c86a2dcb7

Request headers

Referer: https://lc-pas.com/Provincia/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:01:35 GMT
content-encoding: gzip
last-modified: Tue, 16 Apr 2024 14:51:56 GMT
server: Apache
etag: "5e762-61637e11c3b00-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 46525

GET
H2 404 b.png
lc-pas.com/Provincia/potencimund/ 1 KB
1 KB 1016ms
1016ms Image
text/html 2800:6c0:2::5f
Dattatec.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lc-pas.com/Provincia/potencimund/b.png
Requested by: Host: lc-pas.com
URL: https://lc-pas.com/Provincia/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2800:6c0:2::5f Buenos Aires, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS
Software: Apache / PHP/8.2.14
Resource Hash: e61d09918e265014f9ca55f1808a0591b51e7ed91fc1d09e86765443e97814e3

Request headers

Referer: https://lc-pas.com/Provincia/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 02:01:35 GMT
server: Apache
x-powered-by: PHP/8.2.14
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://lc-pas.com/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 login.c737df6b3067b7a985ae.png
lc-pas.com/Provincia/potencimund/ 70 KB
70 KB 743ms
742ms Image
image/png 2800:6c0:2::5f
Dattatec.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lc-pas.com/Provincia/potencimund/login.c737df6b3067b7a985ae.png
Requested by: Host: lc-pas.com
URL: https://lc-pas.com/Provincia/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2800:6c0:2::5f Buenos Aires, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS
Software: Apache /
Resource Hash: ef23bd4df94bc553e61e5ec91431691a0d342bfa73864765ca1d98eda71b24de

Request headers

Referer: https://lc-pas.com/Provincia/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:01:35 GMT
last-modified: Tue, 25 Jul 2023 23:26:30 GMT
server: Apache
accept-ranges: bytes
etag: "11982-601580f8e5580"
content-length: 72066
content-type: image/png

GET
H2 200 EncodeSans.7571ba671c931b780193.ttf
lc-pas.com/Provincia/potencimund/ 270 KB
271 KB 494ms
494ms Font
application/x-font-ttf 2800:6c0:2::5f
Dattatec.com

General

Check archive.org

Show headers Download Go to

Full URL: https://lc-pas.com/Provincia/potencimund/EncodeSans.7571ba671c931b780193.ttf
Requested by: Host: lc-pas.com
URL: https://lc-pas.com/Provincia/potencimund/letsgo.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2800:6c0:2::5f Buenos Aires, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS
Software: Apache /
Resource Hash: 26f5e63f8ef42fe40b4bba8cadb51238a517263e0bafe10babfe3007daa98866

Request headers

Referer: https://lc-pas.com/Provincia/potencimund/letsgo.css
Origin: https://lc-pas.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:01:36 GMT
last-modified: Tue, 25 Jul 2023 23:27:50 GMT
server: Apache
accept-ranges: bytes
etag: "4393c-6015814530980"
content-length: 276796
content-type: application/x-font-ttf

GET
H/1.1 200
OK favicon.ico
www.bancoprovincia.bancainternet.com.ar/spa/ 15 KB
15 KB 1281ms
264ms Other
image/vnd.microsoft.icon 181.191.186.44
BANCO DE LA PROVI...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bancoprovincia.bancainternet.com.ar/spa/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

181.191.186.44 Buenos Aires, Argentina, ASN265806 (BANCO DE LA PROVINCIA DE BUENOS AIRES, AR),

Reverse DNS

Software

/

Resource Hash

db55140fe8ae9e6f2159b740321b153e0f65cbf4a895364c6cd4da6a109c029d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://localhost https://localhost https://.bancoprovincia.bancainternet.com.ar bipmovil://.bancoprovincia.bancainternet.com.ar
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

Referer: https://lc-pas.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Tue, 09 Jul 2024 02:01:37 GMT
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Content-Security-Policy: frame-ancestors 'self' http://localhost https://localhost https://*.bancoprovincia.bancainternet.com.ar bipmovil://*.bancoprovincia.bancainternet.com.ar
Last-Modified: Mon, 01 Jul 2024 18:38:23 GMT
Content-Type: image/vnd.microsoft.icon
Cache-Control: max-age=0
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=10000
Content-Length: 15086
Expires: Tue, 09 Jul 2024 02:01:37 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco de la Provincia de Buenos Aires (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			lc-pas.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 46e5ae2884e4e4d3ea178435437aa4df

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://lc-pas.com/Provincia/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://lc-pas.com/Provincia/potencimund/b.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

lc-pas.com
www.bancoprovincia.bancainternet.com.ar
181.191.186.44
2800:6c0:2::5f
26f5e63f8ef42fe40b4bba8cadb51238a517263e0bafe10babfe3007daa98866
4bec6610339ac79b30d572ed0409dceb465db68aae212dc477ff0a94e299590a
7e001f8ac09b76a7d17a96c3bf84c6d03bdb085d46deab33f3542d1c86a2dcb7
db55140fe8ae9e6f2159b740321b153e0f65cbf4a895364c6cd4da6a109c029d
e61d09918e265014f9ca55f1808a0591b51e7ed91fc1d09e86765443e97814e3
ef23bd4df94bc553e61e5ec91431691a0d342bfa73864765ca1d98eda71b24de

lc-pas.com Open in urlscan Pro 2800:6c0:2::5f Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

6 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

405 kBTransfer

743 kBSize

1 Cookies

0 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

2 Console Messages

Indicators

lc-pas.com Open in urlscan Pro
2800:6c0:2::5f Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

405 kB
Transfer

743 kB
Size

1
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!