xcvbji.info
Open in
urlscan Pro
192.169.148.149
Malicious Activity!
Public Scan
Submission: On October 19 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by xcvbji.info on October 17th 2021. Valid for: a year.
This is the only time xcvbji.info was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: National Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 192.169.148.149 192.169.148.149 | 398101 (GO-DADDY-...) (GO-DADDY-COM-LLC) | |
1 | 2.20.193.111 2.20.193.111 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
13 | 2 |
ASN398101 (GO-DADDY-COM-LLC, US)
PTR: ip-192-169-148-149.ip.secureserver.net
xcvbji.info |
ASN16625 (AKAMAI-AS, US)
PTR: a2-20-193-111.deploy.static.akamaitechnologies.com
connexion.bnc.ca |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
xcvbji.info
xcvbji.info |
966 KB |
1 |
bnc.ca
connexion.bnc.ca |
|
13 | 2 |
Domain | Requested by | |
---|---|---|
12 | xcvbji.info |
xcvbji.info
|
1 | connexion.bnc.ca |
xcvbji.info
|
13 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
xcvbji.info xcvbji.info |
2021-10-17 - 2022-10-17 |
a year | crt.sh |
bvi.bnc.ca Entrust Certification Authority - L1M |
2021-09-14 - 2022-09-14 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://xcvbji.info/natio.html
Frame ID: D6B80AD66AEFA4098742364C268D729E
Requests: 12 HTTP requests in this frame
Frame:
https://xcvbji.info/files/dest5.htm
Frame ID: 7729288B90C0237D34E926BA2F9D19E8
Requests: 1 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
natio.html
xcvbji.info/ |
15 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2ebcca20.css
xcvbji.info/files/ |
160 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s-code-contents-705dd2e073e48aac6d392f2de76226665f309e5d.js
xcvbji.info/files/ |
76 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
xcvbji.info/files/ |
3 MB 906 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pict-login.jpg
connexion.bnc.ca/resources/login/sbip2/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
check.1791a3c8.svg
xcvbji.info/static/media/ |
2 KB 2 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gilroy-bold-webfont.9fa57d4c.woff2
xcvbji.info/static/media/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gilroy-medium-webfont.bc511f39.woff2
xcvbji.info/static/media/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gilroy-regular-webfont.e2732807.woff2
xcvbji.info/static/media/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gilroy-bold-webfont.f391fbfe.woff
xcvbji.info/static/media/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gilroy-medium-webfont.eadb7586.woff
xcvbji.info/static/media/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gilroy-regular-webfont.fa7bbe74.woff
xcvbji.info/static/media/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dest5.htm
xcvbji.info/files/ Frame 7729 |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: National Bank (Banking)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforexrselect boolean| originAgentCluster function| AppMeasurement_Module_AudienceManagement function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq function| DIL number| s_objectID number| s_giq object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| IntlPolyfill0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
7 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
connexion.bnc.ca
xcvbji.info
192.169.148.149
2.20.193.111
21920b794c051e1d0fe56f2ac14d49e106cec66b245a4663f09234da0d2ff4fd
8faa6252135202d4e3221090294b0b0d5e0eaf2706c4c49e54ee1f5c930c625c
b92e6333f689aaebfb2e77b845e25ffacd2da8d12f6eedf698419500fef6496e
cdc8b52c9402b72ef9c698027c0d2ea63058ed98b832a31d3ac57c9e7f8b35ed
cfa64b87f3ac51a795d69b7189d19e2c51d57c2f1f8361393b9f0301557ec873
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f81e9acb21122440ede2d6c1ce159cc7fc6e58f05efafb12fbfb69042e19b2f4