yunklios.me
Open in
urlscan Pro
75.119.204.209
Malicious Activity!
Public Scan
Submission: On March 19 via api from EE — Scanned from JP
Summary
TLS certificate: Issued by R3 on March 15th 2024. Valid for: 3 months.
This is the only time yunklios.me was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco Galicia (Banking)Live information
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 75.119.204.209 75.119.204.209 | 26347 (DREAMHOST-AS) (DREAMHOST-AS) | |
1 | 2a04:4e42:200... 2a04:4e42:200::649 | 54113 (FASTLY) (FASTLY) | |
4 | 2a04:4e42:200... 2a04:4e42:200::485 | 54113 (FASTLY) (FASTLY) | |
1 | 104.26.13.205 104.26.13.205 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
12 | 4 |
ASN26347 (DREAMHOST-AS, US)
PTR: apache2-linus.pdx1-shared-a1-24.dreamhost.com
yunklios.me |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
yunklios.me
yunklios.me |
1 MB |
4 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 437 |
200 KB |
1 |
ipify.org
api.ipify.org — Cisco Umbrella Rank: 2857 |
156 B |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 1217 |
82 KB |
12 | 4 |
Domain | Requested by | |
---|---|---|
6 | yunklios.me |
yunklios.me
|
4 | cdn.jsdelivr.net |
yunklios.me
cdn.jsdelivr.net |
1 | api.ipify.org |
yunklios.me
|
1 | code.jquery.com |
yunklios.me
|
12 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.yunklios.me R3 |
2024-03-15 - 2024-06-13 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3 |
2023-09-27 - 2024-10-28 |
a year | crt.sh |
ipify.org GTS CA 1P5 |
2024-01-22 - 2024-04-21 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://yunklios.me/64873/onlinebanking.html
Frame ID: 6E7DD46CE9427B1A2C1B9EFCFD46EACC
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
Online BankingDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
onlinebanking.html
yunklios.me/64873/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.7.1.js
code.jquery.com/ |
279 KB 82 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap-icons.min.css
cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/ |
84 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/ |
227 KB 35 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
desing.css
yunklios.me/64873/style/ |
1 KB 558 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nuevo-logo.jpg
yunklios.me/64873/img/ |
20 KB 20 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img-costado.png
yunklios.me/64873/img/ |
1 MB 1 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/ |
79 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
yunklios.me/64873/js/ |
346 B 205 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
configuracion.js
yunklios.me/64873/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap-icons.woff2
cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/fonts/ |
127 KB 128 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
api.ipify.org/ |
23 B 156 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco Galicia (Banking)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| soloNumeros number| uidEvent object| bootstrap number| intentos0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.ipify.org
cdn.jsdelivr.net
code.jquery.com
yunklios.me
104.26.13.205
2a04:4e42:200::485
2a04:4e42:200::649
75.119.204.209
0d9dabb062ed39c05ca493dd75703a275e91783ee598b68f60728f94fd06ffa0
2cfc02eb064650fed54113b6809ba9d83ae95b2f69c13fd4b905a3e4d4536aa4
3017df4a76db5f01c2b99b603d88b03106df13bcfe18e67b7c13c2341d3a67df
3fa9395aa48ab4a39cb1e023422ce376b89ae05671d67fa52fed7af3106e26ef
476adf42b40325098fcfa8b36ab3e769186bb4f6ce6a249753e2e1a9c22bf99e
58e921d0828308474fd3f25fb309c0b49b2ea756d8af52f7a2f8c67c0143f943
78a85aca2f0b110c29e0d2b137e09f0a1fb7a8e554b499f740d6744dc8962cfe
82f64f62bb03c1bc1824b0f9c9e05f70dba33e146818e63cdf5c306c8cf3dedd
89aceb3d17b9fda57f3e7e79e8e320dc70fb2d615fc237afb74ce51b1d0047f2
bd7301fcfe9ebcb3d57ba9b5217bb64e7f30a1583a4109184f4b4f142d8c9b77
e892a78ef12bf47d3d7d039f774b6a3baca1ed038b82e91ac0f8c49fcb9ba2c3
f643d6fe7e679f9de3e16311600c5ef5cd6b098f7a3a8828fcc29255d2b33e62