loginbnz.info
Open in
urlscan Pro
212.114.52.153
Malicious Activity!
Public Scan
Effective URL: https://loginbnz.info/bz
Submission: On January 30 via manual from AU — Scanned from AU
Summary
TLS certificate: Issued by R3 on January 29th 2023. Valid for: 3 months.
This is the only time loginbnz.info was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BNZ Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 8 | 212.114.52.153 212.114.52.153 | 30823 (COMBAHTON...) (COMBAHTON combahton GmbH) | |
1 | 69.16.175.10 69.16.175.10 | 20446 (STACKPATH...) (STACKPATH-CDN) | |
9 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
loginbnz.info
1 redirects
loginbnz.info |
430 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 673 |
31 KB |
9 | 2 |
Domain | Requested by | |
---|---|---|
8 | loginbnz.info |
1 redirects
loginbnz.info
code.jquery.com |
1 | code.jquery.com |
loginbnz.info
|
9 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
loginbnz.info R3 |
2023-01-29 - 2023-04-29 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://loginbnz.info/bz
Frame ID: 9D08153BD09279E80C552FF83D2A82CF
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
WelcomePage URL History Show full URLs
-
https://loginbnz.info/
HTTP 302
https://loginbnz.info/bz Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://loginbnz.info/
HTTP 302
https://loginbnz.info/bz Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
bz
loginbnz.info/ Redirect Chain
|
5 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
loginbnz.info/assets/bz/css/ |
74 KB 74 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
loginbnz.info/assets/bz/js/ |
266 KB 266 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
global.css
loginbnz.info/assets/bz/ |
78 KB 79 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
loginbnz.info/assets/bz/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.min.js
code.jquery.com/ |
87 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
actions.js
loginbnz.info/assets/js/ |
644 B 971 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
21 KB 21 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
19 KB 19 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
action
loginbnz.info/apis/lr/ |
25 B 394 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST |
active
loginbnz.info/apis/lr/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- loginbnz.info
- URL
- https://loginbnz.info/apis/lr/active
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BNZ Bank (Banking)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| $ function| jQuery string| lrbank string| lrinfo1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
loginbnz.info/ | Name: PHPSESSID Value: 8n9a38o67fptebi154d10hq69q |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
loginbnz.info
loginbnz.info
212.114.52.153
69.16.175.10
00597164b7643a1a0040f59fe7167231ba550754b16f0c7df456d7490698ba11
2b04bc93646279dab0fb7498a94ae9527cd499616bbec1536cba0f8fbc993321
3160a5af41fcdd11075c6d9e50c91790151aefd58e4a1416ab5fd9ef230e0033
31d3c6dd16db3671f74d1d8c83466bf59efce44028f85cfac9aaddbad3da1d78
3396ac6b59a64c671beb8b2d7dbf9478a65808541022ed1c51c930b04168d325
4ef5f864f89db7feaaaa5332c0a99d76076af49fef488806541ca2561e4cb379
684ec77cd53c959e18b8d1eddf96412c68ab430c732dea0805bc37eba212b31d
9e63cdc77de3df5b0b0685849e03d263716a22ccf56e4ed74807504dc227221c
c1cbbd152a050ee0dc982af665d16b3508db3942527b4b1d65aff0127244ac9e
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e