bncronlinefi.000webhostapp.com
Open in
urlscan Pro
2a02:4780:dead:3591::1
Malicious Activity!
Public Scan
Effective URL: https://bncronlinefi.000webhostapp.com/?i=1
Submission: On November 15 via manual from CR — Scanned from DE
Summary
TLS certificate: Issued by RapidSSL TLS DV RSA Mixed SHA256 2020... on July 10th 2021. Valid for: a year.
This is the only time bncronlinefi.000webhostapp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco Nacional (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 195.201.172.53 195.201.172.53 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 3 | 185.27.134.228 185.27.134.228 | 34119 (WILDCARD-...) (WILDCARD-AS Wildcard UK Limited) | |
6 | 2a02:4780:dea... 2a02:4780:dead:3591::1 | 204915 (AWEX) (AWEX) | |
1 | 2a00:1450:400... 2a00:1450:4001:82f::2003 | 15169 (GOOGLE) (GOOGLE) | |
12 | 4 |
ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)
xbiwuqiyxmazaqueizykjxypwyejwx.22web.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
000webhostapp.com
bncronlinefi.000webhostapp.com |
936 KB |
3 |
22web.org
1 redirects
xbiwuqiyxmazaqueizykjxypwyejwx.22web.org |
32 KB |
1 |
gstatic.com
fonts.gstatic.com |
19 KB |
1 |
ai6.net
1 redirects
ai6.net |
593 B |
12 | 4 |
Domain | Requested by | |
---|---|---|
6 | bncronlinefi.000webhostapp.com |
xbiwuqiyxmazaqueizykjxypwyejwx.22web.org
bncronlinefi.000webhostapp.com |
3 | xbiwuqiyxmazaqueizykjxypwyejwx.22web.org |
1 redirects
xbiwuqiyxmazaqueizykjxypwyejwx.22web.org
|
1 | fonts.gstatic.com |
bncronlinefi.000webhostapp.com
|
1 | ai6.net | 1 redirects |
12 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.000webhostapp.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1 |
2021-07-10 - 2022-08-10 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-10-18 - 2022-01-10 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://bncronlinefi.000webhostapp.com/?i=1
Frame ID: 2943472D1CD5A918D8EB260B3E6F1B76
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
Banco Nacional de Costa Rica. Inicio de SesionPage URL History Show full URLs
-
https://ai6.net/0oOuPJ
HTTP 301
http://xbiwuqiyxmazaqueizykjxypwyejwx.22web.org/ Page URL
-
http://xbiwuqiyxmazaqueizykjxypwyejwx.22web.org/?i=1
HTTP 301
https://bncronlinefi.000webhostapp.com/?i=1 Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://ai6.net/0oOuPJ
HTTP 301
http://xbiwuqiyxmazaqueizykjxypwyejwx.22web.org/ Page URL
-
http://xbiwuqiyxmazaqueizykjxypwyejwx.22web.org/?i=1
HTTP 301
https://bncronlinefi.000webhostapp.com/?i=1 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://ai6.net/0oOuPJ HTTP 301
- http://xbiwuqiyxmazaqueizykjxypwyejwx.22web.org/
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
xbiwuqiyxmazaqueizykjxypwyejwx.22web.org/ Redirect Chain
|
851 B 848 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aes.js
xbiwuqiyxmazaqueizykjxypwyejwx.22web.org/ |
30 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
bncronlinefi.000webhostapp.com/ Redirect Chain
|
61 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
bncronlinefi.000webhostapp.com/files/ |
29 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
css
bncronlinefi.000webhostapp.com/files/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
css(1)
bncronlinefi.000webhostapp.com/files/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
css(2)
bncronlinefi.000webhostapp.com/files/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
bncronlinefi.000webhostapp.com/files/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
BNChat.png
bncronlinefi.000webhostapp.com/files/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
bncronlinefi.000webhostapp.com/ |
61 KB 61 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fondo.png
bncronlinefi.000webhostapp.com/files/ |
849 KB 851 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v12/ |
18 KB 19 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- bncronlinefi.000webhostapp.com
- URL
- https://bncronlinefi.000webhostapp.com/files/css
- Domain
- bncronlinefi.000webhostapp.com
- URL
- https://bncronlinefi.000webhostapp.com/files/css(1)
- Domain
- bncronlinefi.000webhostapp.com
- URL
- https://bncronlinefi.000webhostapp.com/files/css(2)
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco Nacional (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ai6.net/ | Name: 0oOuPJ Value: 0oOuPJ |
|
xbiwuqiyxmazaqueizykjxypwyejwx.22web.org/ | Name: __test Value: 909b394e0dc8059c8e03f9f29263d3a5 |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ai6.net
bncronlinefi.000webhostapp.com
fonts.gstatic.com
xbiwuqiyxmazaqueizykjxypwyejwx.22web.org
bncronlinefi.000webhostapp.com
185.27.134.228
195.201.172.53
2a00:1450:4001:82f::2003
2a02:4780:dead:3591::1
07f298455e75fcd947aaf460e7d4dbf0ce4aab7955a8abe198f6834cd2c80308
2e4ecfa7866203cf7f8f705c2c9fffa8cdeb3b11bea0cae4399f6bc974b07b6f
4177b514e7cbf5efef5263662a21547172ba18f0c2832dd9aac189f48dcfe095
4ab7918478793ceb022d3f5449e401b44b78d87bc4429058ebb8b64163640da2
4d4bbf294528fb4108d48d878b0be630c5c83166719c45069e2c98eeb698f11a
a11306b40a20c1d8d40e2746d1ee259b7556c00bcbc719e5e1065f02b7cc427c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855