verificaciones-ciudad.com
Open in
urlscan Pro
173.201.182.85
Malicious Activity!
Public Scan
URL:
http://verificaciones-ciudad.com/
Submission Tags: https://phish.report @phish_report Search All
Submission: On August 24 via api from FI — Scanned from FI
Submission Tags: https://phish.report @phish_report Search All
Submission: On August 24 via api from FI — Scanned from FI
Summary
This website contacted 9 IPs
in 5 countries
across 9 domains to perform 28 HTTP transactions.
The main IP is 173.201.182.85, located in
United States and
belongs to GO-DADDY-COM-LLC, US.
The main domain is verificaciones-ciudad.com.
This is the only time verificaciones-ciudad.com was scanned on urlscan.io!
This is the only time verificaciones-ciudad.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco Ciudad (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 19 | 173.201.182.85 173.201.182.85 | 398101 (GO-DADDY-...) (GO-DADDY-COM-LLC) | |
| 1 | 45.233.68.123 45.233.68.123 | 22798 (RED LINK ...) (RED LINK S.A.) | |
| 1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:3b | 20446 (STACKPATH...) (STACKPATH-CDN) | |
| 1 | 2606:50c0:800... 2606:50c0:8002::153 | 54113 (FASTLY) (FASTLY) | |
| 1 | 2606:4700::68... 2606:4700::6810:5714 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:800::2008 | 15169 (GOOGLE) (GOOGLE) | |
| 2 | 2a00:1450:400... 2a00:1450:4001:812::200e | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 2a00:1450:400... 2a00:1450:400c:c06::9b | 15169 (GOOGLE) (GOOGLE) | |
| 1 2 | 45.233.68.25 45.233.68.25 | 22798 (RED LINK ...) (RED LINK S.A.) | |
| 28 | 9 |
19
173.201.182.85
(United States)
ASN398101 (GO-DADDY-COM-LLC, US)
PTR: ip-173-201-182-85.ip.secureserver.net
ASN398101 (GO-DADDY-COM-LLC, US)
PTR: ip-173-201-182-85.ip.secureserver.net
| verificaciones-ciudad.com |
1
45.233.68.123
(Argentina)
ASN22798 (RED LINK S.A., AR)
PTR: hbcustom.redlink.com.ar
ASN22798 (RED LINK S.A., AR)
PTR: hbcustom.redlink.com.ar
| hb.bancociudad.com.ar |
1
2a00:1450:4001:800::2008
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE, US)
ASN15169 (GOOGLE, US)
| www.googletagmanager.com |
2
2a00:1450:4001:812::200e
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE, US)
ASN15169 (GOOGLE, US)
| www.google-analytics.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 19 |
verificaciones-ciudad.com
verificaciones-ciudad.com |
194 KB |
| 2 |
redlink.com.ar
1 redirects
analytics.redlink.com.ar |
770 B |
| 2 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 45 |
20 KB |
| 1 |
doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 108 |
445 B |
| 1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 78 |
43 KB |
| 1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 422 |
8 KB |
| 1 |
github.com
malsup.github.com — Cisco Umbrella Rank: 241752 |
|
| 1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 615 |
30 KB |
| 1 |
bancociudad.com.ar
hb.bancociudad.com.ar |
7 KB |
| 28 | 9 |
| Domain | Requested by | |
|---|---|---|
| 19 | verificaciones-ciudad.com |
verificaciones-ciudad.com
|
| 2 | analytics.redlink.com.ar |
1 redirects
verificaciones-ciudad.com
|
| 2 | www.google-analytics.com |
www.googletagmanager.com
verificaciones-ciudad.com |
| 1 | stats.g.doubleclick.net |
verificaciones-ciudad.com
|
| 1 | www.googletagmanager.com |
verificaciones-ciudad.com
|
| 1 | cdn.jsdelivr.net |
verificaciones-ciudad.com
|
| 1 | malsup.github.com |
verificaciones-ciudad.com
|
| 1 | code.jquery.com |
verificaciones-ciudad.com
|
| 1 | hb.bancociudad.com.ar |
verificaciones-ciudad.com
|
| 28 | 9 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| hb.bancociudad.com.ar |
| www.bancociudad.com.ar |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| hb.bancociudad.com.ar GeoTrust EV RSA CA 2018 |
2021-09-01 - 2022-09-29 |
a year | crt.sh |
| *.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-06-02 - 2023-06-01 |
a year | crt.sh |
| *.google-analytics.com GTS CA 1C3 |
2022-08-01 - 2022-10-24 |
3 months | crt.sh |
| *.g.doubleclick.net GTS CA 1C3 |
2022-08-01 - 2022-10-24 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://verificaciones-ciudad.com/
Frame ID: 25BBD9CA0EE2B6E6540416F1F8EFA449
Requests: 28 HTTP requests in this frame
Screenshot
Page Title
CiudadBanco CiudadDetected technologies
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Google Analytics
(Analytics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Google Tag Manager
(Tag Managers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- googletagmanager\.com/ns\.html[^>]+></iframe>
- googletagmanager\.com/gtm\.js
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
URL: https://hb.bancociudad.com.ar/ayuda
Title: Ayuda
Title: Ayuda
Search URL Search Domain Scan URL
URL: https://hb.bancociudad.com.ar/enrolarUsuario
Title: Nuevo usuario
Title: Nuevo usuario
Search URL Search Domain Scan URL
URL: https://www.bancociudad.com.ar/institucional/?herramienta=canalesDeAtencion
Title: Contacto
Title: Contacto
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 13- http://malsup.github.com/jquery.form.js HTTP 307
- https://malsup.github.com/jquery.form.js
- https://analytics.redlink.com.ar/hblogin/p1.htm?url=http://verificaciones-ciudad.com/ HTTP 302
- https://analytics.redlink.com.ar/
28 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
/
verificaciones-ciudad.com/ |
13 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bootstrap.min.css
verificaciones-ciudad.com/css/ |
157 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
css.min.css
verificaciones-ciudad.com/css/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
analytics.js.descarga
verificaciones-ciudad.com/BancoCiudad_files/ |
49 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
gtm.js.descarga
verificaciones-ciudad.com/BancoCiudad_files/ |
111 KB 42 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
styles.542f8738520c301b6503.css
verificaciones-ciudad.com/ |
235 KB 38 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ciudad.svg
verificaciones-ciudad.com/BancoCiudad_files/ |
4 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
icono-login.png
hb.bancociudad.com.ar/assets/img/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-3.5.1.slim.min.js.descarga
verificaciones-ciudad.com/BancoCiudad_files/ |
71 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
popper.min.js.descarga
verificaciones-ciudad.com/BancoCiudad_files/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bootstrap.min.js.descarga
verificaciones-ciudad.com/BacoCiudad_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
serviceworker.js.descarga
verificaciones-ciudad.com/BancoCiudad_files/ |
139 B 459 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
colors.js.descarga
verificaciones-ciudad.com/BancoCiudad_files/ |
755 B 726 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-3.5.1.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.form.js
malsup.github.com/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
popper.min.js
cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/ |
21 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bootstrap.js
verificaciones-ciudad.com/js/ |
137 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
custom.js
verificaciones-ciudad.com/js/ |
1 KB 944 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
gtm.js
www.googletagmanager.com/ |
111 KB 43 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Roboto-Regular.73f0a88bbca1bec19fb1.woff2
verificaciones-ciudad.com/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
GuardianTextSans-Regular-App.2648b97ab884e20f4b2b.ttf
verificaciones-ciudad.com/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
GuardianTextSans-Medium-App.aa2f0a6e826c5f02646a.ttf
verificaciones-ciudad.com/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
analytics.js
www.google-analytics.com/ |
49 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
collect
www.google-analytics.com/j/ |
2 B 213 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Roboto-Regular.12b50e8557e9de979737.woff
verificaciones-ciudad.com/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
collect
stats.g.doubleclick.net/j/ |
1 B 445 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Roboto-Regular.3e1af3ef546b9e6ecef9.ttf
verificaciones-ciudad.com/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
analytics.redlink.com.ar/ Redirect Chain
|
246 B 521 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco Ciudad (Banking)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation object| dataLayer function| $ function| jQuery function| Popper object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| bootstrap object| gaplugins object| gaGlobal object| gaData object| _0x713a function| call3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .verificaciones-ciudad.com/ | Name: _ga Value: GA1.2.1942653730.1661334956 |
|
| .verificaciones-ciudad.com/ | Name: _gid Value: GA1.2.162676468.1661334956 |
|
| .verificaciones-ciudad.com/ | Name: _gat_UA-160231695-1 Value: 1 |
7 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
analytics.redlink.com.ar
cdn.jsdelivr.net
code.jquery.com
hb.bancociudad.com.ar
malsup.github.com
stats.g.doubleclick.net
verificaciones-ciudad.com
www.google-analytics.com
www.googletagmanager.com
173.201.182.85
2001:4de0:ac18::1:a:3b
2606:4700::6810:5714
2606:50c0:8002::153
2a00:1450:4001:800::2008
2a00:1450:4001:812::200e
2a00:1450:400c:c06::9b
45.233.68.123
45.233.68.25
12ec9ce079aefbcd306de6ec2859927dc4aed3e6053b79078ca1b06ffac04fb5
1bcf3b35aece6723b7766ba4df1fa011fa8816994385e49e493f8e6133b86d05
1fccbef51bf50f25da90187c60ed4afde68e1769a148da4bea6d28fb55f5d681
5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a
625b022a42ed5d9c39911e42050f4fd9834ea039af978b7716f7800ade95eb55
69c24732e6b7afebfc32b64f5dc465aed7c1e5ae2083d8a4327931618f323f17
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
774185757f47228d9b59ce512424a72614e1ffb88e4bc0a9a38141a318021cf1
77757f0b9f9c4bd4342f33e4ffa371ce47f092a5aea5afc3b092ee1f643a9230
830c8c46ae7149f8c395c44b9089d0a12ccca34449d2a8b1992186b059c43fd9
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
b935d5b2bd43637b53dac2a1b70a42f7b8692d718b924c5eadc888fc872322a0
bf15ddcaa9d1e8dcc42d385983c30efdec4b85650c6d2452df31979b404e3160
c0e6f30e7bbb291540bdc48ead3ce0c41a9c99cf813e521572225a46215e7931
c46dc051ce81c4af2b2096abbf885ae4ba7467ff5db0f0106ceee928cf3658a3
d962deacc2263641da73df84664ea6354c1e8658b2c24453b224f88e21aeb192
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df7049d0859f6ecfe004524ba23d6aae67b9a5e06baf9efb8c45ead6ca01d5d1
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fe28dc38bc057f6eb11180235bbe458b3295a39b674d889075d3d9a0b5071d9f