54-175-0-69.ipv4.nknlabs.io Open in urlscan Pro
54.175.0.69 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://54-175-0-69.ipv4.nknlabs.io/USER
Submission: On October 27 via automatic, source openphish (October 27th 2022, 1:35:31 am UTC) — Scanned from DE

Summary HTTP 16 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 16 HTTP transactions. The main IP is 54.175.0.69, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is 54-175-0-69.ipv4.nknlabs.io.

This is the only time 54-175-0-69.ipv4.nknlabs.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bancolombia (Banking)

Domain & IP information

	IP Address		AS Autonomous System
16	54.175.0.69 54.175.0.69		14618 (AMAZON-AES) (AMAZON-AES)
16	1

16 54.175.0.69 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-175-0-69.compute-1.amazonaws.com

54-175-0-69.ipv4.nknlabs.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	nknlabs.io 54-175-0-69.ipv4.nknlabs.io	780 KB
16	1

	Domain	Requested by
16	54-175-0-69.ipv4.nknlabs.io	54-175-0-69.ipv4.nknlabs.io
16	1

This site contains links to these domains. Also see Links.

Domain
www.grupobancolombia.com

Subject Issuer	Validity	Valid

This page contains 2 frames:

Primary Page: http://54-175-0-69.ipv4.nknlabs.io/USER
Frame ID: C80E48E9D112FC844D75505B2175C744
Requests: 14 HTTP requests in this frame

Frame: http://54-175-0-69.ipv4.nknlabs.io/static/login_SVP_BC_zonaA_Login.html?v=4.5.1.RC2_1628811357932
Frame ID: 3A080F44C5BB274A18161F6812933879
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bancolombia Sucursal Virtual Personas

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

780 kB
Transfer

775 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://www.grupobancolombia.com/home/micrositios/demoSVP/index.html
Title: Mira el DEMO

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request USER Show response 54-175-0-69.ipv4.nknlabs.io/	12 KB 12 KB	882ms 619ms	Document text/html	54.175.0.69 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL http://54-175-0-69.ipv4.nknlabs.io/USER Protocol HTTP/1.1 Server 54.175.0.69 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-175-0-69.compute-1.amazonaws.com Software Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 / PHP/8.1.10 Resource Hash `5864255e25ae00d85e99b8715e50765921f6edc4fda66fe4f2d7527014860eb9` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Thu, 27 Oct 2022 01:35:25 GMT Keep-Alive timeout=5, max=100 Server Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 Transfer-Encoding chunked X-Powered-By PHP/8.1.10
GET H/1.1	200 OK	styles.css 54-175-0-69.ipv4.nknlabs.io/css/	105 KB 106 KB	109ms 108ms	Stylesheet text/css	54.175.0.69 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL http://54-175-0-69.ipv4.nknlabs.io/css/styles.css?v=4.5.1.RC2_1628811357932 Requested by Host: 54-175-0-69.ipv4.nknlabs.io URL: http://54-175-0-69.ipv4.nknlabs.io/USER Protocol HTTP/1.1 Server 54.175.0.69 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-175-0-69.compute-1.amazonaws.com Software Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 / Resource Hash `1a99ea321168439217b54f22b45e970918c6f76e95230cf7b214ec050c72f2ef` Request headers accept-language de-DE,de;q=0.9 Referer http://54-175-0-69.ipv4.nknlabs.io/USER User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Date Thu, 27 Oct 2022 01:35:25 GMT Last-Modified Fri, 25 Feb 2022 20:09:34 GMT Server Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 ETag "1a597-5d8dd46fe5b80" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 107927
GET H/1.1	200 OK	bootstrap.css 54-175-0-69.ipv4.nknlabs.io/css/	118 KB 119 KB	110ms 108ms	Stylesheet text/css	54.175.0.69 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL http://54-175-0-69.ipv4.nknlabs.io/css/bootstrap.css Requested by Host: 54-175-0-69.ipv4.nknlabs.io URL: http://54-175-0-69.ipv4.nknlabs.io/USER Protocol HTTP/1.1 Server 54.175.0.69 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-175-0-69.compute-1.amazonaws.com Software Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 / Resource Hash `5e7aacc05a5cfe4d2fa8407d5a885b9c2511e0213fb5abd0599cdef3f0e0e524` Request headers accept-language de-DE,de;q=0.9 Referer http://54-175-0-69.ipv4.nknlabs.io/USER User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Date Thu, 27 Oct 2022 01:35:25 GMT Last-Modified Tue, 17 Aug 2021 21:02:50 GMT Server Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 ETag "1d9e0-5c9c7a3f57280" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 121312
GET H/1.1	200 OK	jquery-3.6.0.min.js Show response 54-175-0-69.ipv4.nknlabs.io/js/	87 KB 88 KB	219ms 110ms	Script application/javascript	54.175.0.69 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL http://54-175-0-69.ipv4.nknlabs.io/js/jquery-3.6.0.min.js Requested by Host: 54-175-0-69.ipv4.nknlabs.io URL: http://54-175-0-69.ipv4.nknlabs.io/USER Protocol HTTP/1.1 Server 54.175.0.69 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-175-0-69.compute-1.amazonaws.com Software Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 / Resource Hash `ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e` Request headers accept-language de-DE,de;q=0.9 Referer http://54-175-0-69.ipv4.nknlabs.io/USER User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Date Thu, 27 Oct 2022 01:35:26 GMT Last-Modified Mon, 19 Jul 2021 18:15:14 GMT Server Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 ETag "15d9d-5c77deb2d3080" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 89501
GET H/1.1	200 OK	jquery.redirect.js Show response 54-175-0-69.ipv4.nknlabs.io/js/	6 KB 7 KB	219ms 110ms	Script application/javascript	54.175.0.69 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL http://54-175-0-69.ipv4.nknlabs.io/js/jquery.redirect.js Requested by Host: 54-175-0-69.ipv4.nknlabs.io URL: http://54-175-0-69.ipv4.nknlabs.io/USER Protocol HTTP/1.1 Server 54.175.0.69 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-175-0-69.compute-1.amazonaws.com Software Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 / Resource Hash `6d69ae5c4892d35573385da52afebec92fb02feaf7670b0684c1b2aa6f2cfb98` Request headers accept-language de-DE,de;q=0.9 Referer http://54-175-0-69.ipv4.nknlabs.io/USER User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Date Thu, 27 Oct 2022 01:35:26 GMT Last-Modified Mon, 19 Jul 2021 18:15:04 GMT Server Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 ETag "18d2-5c77dea949a00" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 6354
GET H/1.1	200 OK	login.js Show response 54-175-0-69.ipv4.nknlabs.io/js/	645 B 968 B	220ms 110ms	Script application/javascript	54.175.0.69 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL http://54-175-0-69.ipv4.nknlabs.io/js/login.js Requested by Host: 54-175-0-69.ipv4.nknlabs.io URL: http://54-175-0-69.ipv4.nknlabs.io/USER Protocol HTTP/1.1 Server 54.175.0.69 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-175-0-69.compute-1.amazonaws.com Software Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 / Resource Hash `bfcaba3322c2db79e29d65e5400cb3a889fa3dd02b71e394cc74af24a08ecae9` Request headers accept-language de-DE,de;q=0.9 Referer http://54-175-0-69.ipv4.nknlabs.io/USER User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Date Thu, 27 Oct 2022 01:35:26 GMT Last-Modified Fri, 05 Aug 2022 20:43:36 GMT Server Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 ETag "285-5e58485282e00" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 645
GET H/1.1	200 OK	bootstrap.js Show response 54-175-0-69.ipv4.nknlabs.io/js/	35 KB 36 KB	220ms 111ms	Script application/javascript	54.175.0.69 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL http://54-175-0-69.ipv4.nknlabs.io/js/bootstrap.js Requested by Host: 54-175-0-69.ipv4.nknlabs.io URL: http://54-175-0-69.ipv4.nknlabs.io/USER Protocol HTTP/1.1 Server 54.175.0.69 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-175-0-69.compute-1.amazonaws.com Software Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 / Resource Hash `a678fbd5d6c7dbad7ec89b486ad1baf3323296c8dde801141955969fe5026a73` Request headers accept-language de-DE,de;q=0.9 Referer http://54-175-0-69.ipv4.nknlabs.io/USER User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Date Thu, 27 Oct 2022 01:35:26 GMT Last-Modified Tue, 17 Aug 2021 21:02:12 GMT Server Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 ETag "8d9a-5c9c7a1b19d00" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 36250
GET H/1.1	200 OK	Init.js Show response 54-175-0-69.ipv4.nknlabs.io/js/	91 B 411 B	333ms 111ms	Script application/javascript	54.175.0.69 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL http://54-175-0-69.ipv4.nknlabs.io/js/Init.js Requested by Host: 54-175-0-69.ipv4.nknlabs.io URL: http://54-175-0-69.ipv4.nknlabs.io/USER Protocol HTTP/1.1 Server 54.175.0.69 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-175-0-69.compute-1.amazonaws.com Software Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 / Resource Hash `5b4ad7f9f3223bd9801a51f5f26908566cf79980f1001a5848f7a2273b591250` Request headers accept-language de-DE,de;q=0.9 Referer http://54-175-0-69.ipv4.nknlabs.io/USER User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Date Thu, 27 Oct 2022 01:35:26 GMT Last-Modified Sat, 30 Jul 2022 00:52:38 GMT Server Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 ETag "5b-5e4fb2ee16180" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 91
GET H/1.1	200 OK	jquery.jclockNew.js Show response 54-175-0-69.ipv4.nknlabs.io/js/	8 KB 8 KB	334ms 112ms	Script application/javascript	54.175.0.69 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL http://54-175-0-69.ipv4.nknlabs.io/js/jquery.jclockNew.js?v=4.5.1.RC2_1628811357932 Requested by Host: 54-175-0-69.ipv4.nknlabs.io URL: http://54-175-0-69.ipv4.nknlabs.io/USER Protocol HTTP/1.1 Server 54.175.0.69 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-175-0-69.compute-1.amazonaws.com Software Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 / Resource Hash `c6abf874d8228e1e37ece02cbd25c86ac1d64200331f7b91b085885eaa5e3074` Request headers accept-language de-DE,de;q=0.9 Referer http://54-175-0-69.ipv4.nknlabs.io/USER User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Date Thu, 27 Oct 2022 01:35:26 GMT Last-Modified Tue, 17 Aug 2021 21:03:22 GMT Server Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 ETag "1e72-5c9c7a5ddba80" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 7794
GET H/1.1	200 OK	login_SVP_BC_zonaA_Login.html Show response 54-175-0-69.ipv4.nknlabs.io/static/ Frame 3A08	268 B 577 B	109ms 108ms	Document text/html	54.175.0.69 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL http://54-175-0-69.ipv4.nknlabs.io/static/login_SVP_BC_zonaA_Login.html?v=4.5.1.RC2_1628811357932 Requested by Host: 54-175-0-69.ipv4.nknlabs.io URL: http://54-175-0-69.ipv4.nknlabs.io/USER Protocol HTTP/1.1 Server 54.175.0.69 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-175-0-69.compute-1.amazonaws.com Software Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 / Resource Hash `d1a8637f4e707fb78ae4331748682a229dfa010a935301ef88a6ceafa7547fa9` Request headers Referer http://54-175-0-69.ipv4.nknlabs.io/USER Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Length 268 Content-Type text/html Date Thu, 27 Oct 2022 01:35:26 GMT ETag "10c-5d8e7fbda8380" Keep-Alive timeout=5, max=98 Last-Modified Sat, 26 Feb 2022 08:55:58 GMT Server Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10
GET H/1.1	200 OK	logo.svg 54-175-0-69.ipv4.nknlabs.io/images/	7 KB 7 KB	109ms 108ms	Image image/svg+xml	54.175.0.69 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL http://54-175-0-69.ipv4.nknlabs.io/images/logo.svg Requested by Host: 54-175-0-69.ipv4.nknlabs.io URL: http://54-175-0-69.ipv4.nknlabs.io/css/styles.css?v=4.5.1.RC2_1628811357932 Protocol HTTP/1.1 Server 54.175.0.69 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-175-0-69.compute-1.amazonaws.com Software Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 / Resource Hash `7d1be670021e4a7ea14dcb6207fa0b6c52249487081f806fff378d68c0b398fc` Request headers accept-language de-DE,de;q=0.9 Referer http://54-175-0-69.ipv4.nknlabs.io/css/styles.css?v=4.5.1.RC2_1628811357932 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Date Thu, 27 Oct 2022 01:35:26 GMT Last-Modified Tue, 17 Aug 2021 21:10:04 GMT Server Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 ETag "1b7a-5c9c7bdd3c300" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 7034
GET H/1.1	200 OK	icon-user.png 54-175-0-69.ipv4.nknlabs.io/images/icons/	447 B 756 B	109ms 109ms	Image image/png	54.175.0.69 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL http://54-175-0-69.ipv4.nknlabs.io/images/icons/icon-user.png Requested by Host: 54-175-0-69.ipv4.nknlabs.io URL: http://54-175-0-69.ipv4.nknlabs.io/css/styles.css?v=4.5.1.RC2_1628811357932 Protocol HTTP/1.1 Server 54.175.0.69 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-175-0-69.compute-1.amazonaws.com Software Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 / Resource Hash `75d5b455151a3b1a0a5b100041fee37de2daa0b41d1d177deaa863177c5b5b83` Request headers accept-language de-DE,de;q=0.9 Referer http://54-175-0-69.ipv4.nknlabs.io/css/styles.css?v=4.5.1.RC2_1628811357932 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Date Thu, 27 Oct 2022 01:35:26 GMT Last-Modified Tue, 17 Aug 2021 21:16:02 GMT Server Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 ETag "1bf-5c9c7d32a6880" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 447
GET H/1.1	200 OK	OpenSans-Regular.ttf 54-175-0-69.ipv4.nknlabs.io/fonts/opensans/	212 KB 212 KB	114ms 114ms	Font font/ttf	54.175.0.69 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL http://54-175-0-69.ipv4.nknlabs.io/fonts/opensans/OpenSans-Regular.ttf Requested by Host: 54-175-0-69.ipv4.nknlabs.io URL: http://54-175-0-69.ipv4.nknlabs.io/css/styles.css?v=4.5.1.RC2_1628811357932 Protocol HTTP/1.1 Server 54.175.0.69 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-175-0-69.compute-1.amazonaws.com Software Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 / Resource Hash `13c03e22a633919beb2847c58c8285fb8a735ee97097d7c48fd403f8294b05f8` Request headers Referer http://54-175-0-69.ipv4.nknlabs.io/css/styles.css?v=4.5.1.RC2_1628811357932 Origin http://54-175-0-69.ipv4.nknlabs.io accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Date Thu, 27 Oct 2022 01:35:26 GMT Last-Modified Tue, 17 Aug 2021 21:15:08 GMT Server Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 ETag "350bc-5c9c7cff26f00" Content-Type font/ttf Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 217276
GET H/1.1	200 OK	CIBFontSans-Light.ttf 54-175-0-69.ipv4.nknlabs.io/fonts/opensans/	108 KB 108 KB	113ms 113ms	Font font/ttf	54.175.0.69 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL http://54-175-0-69.ipv4.nknlabs.io/fonts/opensans/CIBFontSans-Light.ttf Requested by Host: 54-175-0-69.ipv4.nknlabs.io URL: http://54-175-0-69.ipv4.nknlabs.io/css/styles.css?v=4.5.1.RC2_1628811357932 Protocol HTTP/1.1 Server 54.175.0.69 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-175-0-69.compute-1.amazonaws.com Software Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 / Resource Hash `decf1c3cb09b3e38d867e0d5cf648220584404c9cf8d18a6c51bdfa2af5047cc` Request headers Referer http://54-175-0-69.ipv4.nknlabs.io/css/styles.css?v=4.5.1.RC2_1628811357932 Origin http://54-175-0-69.ipv4.nknlabs.io accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Date Thu, 27 Oct 2022 01:35:26 GMT Last-Modified Tue, 17 Aug 2021 21:17:14 GMT Server Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 ETag "1b014-5c9c7d7750a80" Content-Type font/ttf Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 110612
GET H/1.1	200 OK	icon_font_bc.ttf 54-175-0-69.ipv4.nknlabs.io/fonts/iconfont/	31 KB 32 KB	114ms 114ms	Font font/ttf	54.175.0.69 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL http://54-175-0-69.ipv4.nknlabs.io/fonts/iconfont/icon_font_bc.ttf?61jkgi Requested by Host: 54-175-0-69.ipv4.nknlabs.io URL: http://54-175-0-69.ipv4.nknlabs.io/css/styles.css?v=4.5.1.RC2_1628811357932 Protocol HTTP/1.1 Server 54.175.0.69 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-175-0-69.compute-1.amazonaws.com Software Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 / Resource Hash `ad0f43b7fd52d2f1574ba930c85ce401f95d69e21ad997ffe8e7ad98fec2ffda` Request headers Referer http://54-175-0-69.ipv4.nknlabs.io/css/styles.css?v=4.5.1.RC2_1628811357932 Origin http://54-175-0-69.ipv4.nknlabs.io accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Date Thu, 27 Oct 2022 01:35:26 GMT Last-Modified Tue, 17 Aug 2021 21:11:38 GMT Server Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 ETag "7ce8-5c9c7c36e1680" Content-Type font/ttf Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 31976
GET H/1.1	200 OK	imgPublicidad2.jpg 54-175-0-69.ipv4.nknlabs.io/static/ Frame 3A08	43 KB 43 KB	109ms 108ms	Image image/jpeg	54.175.0.69 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL http://54-175-0-69.ipv4.nknlabs.io/static/imgPublicidad2.jpg Requested by Host: 54-175-0-69.ipv4.nknlabs.io URL: http://54-175-0-69.ipv4.nknlabs.io/static/login_SVP_BC_zonaA_Login.html?v=4.5.1.RC2_1628811357932 Protocol HTTP/1.1 Server 54.175.0.69 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-175-0-69.compute-1.amazonaws.com Software Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 / Resource Hash `e1a1946613ce2e000dbc69b8459c9f3afa40b3f190f0f8088f76e8ef8ae6619c` Request headers accept-language de-DE,de;q=0.9 Referer http://54-175-0-69.ipv4.nknlabs.io/static/login_SVP_BC_zonaA_Login.html?v=4.5.1.RC2_1628811357932 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Date Thu, 27 Oct 2022 01:35:26 GMT Last-Modified Sat, 26 Feb 2022 08:55:24 GMT Server Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.10 ETag "ac89-5d8e7f9d3b700" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 44169

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bancolombia (Banking)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

54-175-0-69.ipv4.nknlabs.io
54.175.0.69
13c03e22a633919beb2847c58c8285fb8a735ee97097d7c48fd403f8294b05f8
1a99ea321168439217b54f22b45e970918c6f76e95230cf7b214ec050c72f2ef
5864255e25ae00d85e99b8715e50765921f6edc4fda66fe4f2d7527014860eb9
5b4ad7f9f3223bd9801a51f5f26908566cf79980f1001a5848f7a2273b591250
5e7aacc05a5cfe4d2fa8407d5a885b9c2511e0213fb5abd0599cdef3f0e0e524
6d69ae5c4892d35573385da52afebec92fb02feaf7670b0684c1b2aa6f2cfb98
75d5b455151a3b1a0a5b100041fee37de2daa0b41d1d177deaa863177c5b5b83
7d1be670021e4a7ea14dcb6207fa0b6c52249487081f806fff378d68c0b398fc
a678fbd5d6c7dbad7ec89b486ad1baf3323296c8dde801141955969fe5026a73
ad0f43b7fd52d2f1574ba930c85ce401f95d69e21ad997ffe8e7ad98fec2ffda
bfcaba3322c2db79e29d65e5400cb3a889fa3dd02b71e394cc74af24a08ecae9
c6abf874d8228e1e37ece02cbd25c86ac1d64200331f7b91b085885eaa5e3074
d1a8637f4e707fb78ae4331748682a229dfa010a935301ef88a6ceafa7547fa9
decf1c3cb09b3e38d867e0d5cf648220584404c9cf8d18a6c51bdfa2af5047cc
e1a1946613ce2e000dbc69b8459c9f3afa40b3f190f0f8088f76e8ef8ae6619c
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

54-175-0-69.ipv4.nknlabs.io Open in urlscan Pro 54.175.0.69 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

16 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

780 kBTransfer

775 kBSize

0 Cookies

1 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

0 Cookies

Indicators

54-175-0-69.ipv4.nknlabs.io Open in urlscan Pro
54.175.0.69 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

780 kB
Transfer

775 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!