crbnauthsteeps.000webhostapp.com
Open in
urlscan Pro
2a02:4780:dead:97b4::1
Malicious Activity!
Public Scan
Effective URL: https://crbnauthsteeps.000webhostapp.com/?i=1
Submission Tags: 7362685
Submission: On November 24 via api from US — Scanned from DE
Summary
TLS certificate: Issued by RapidSSL TLS DV RSA Mixed SHA256 2020... on July 10th 2021. Valid for: a year.
This is the only time crbnauthsteeps.000webhostapp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco Nacional (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 195.201.172.53 195.201.172.53 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 3 | 185.27.134.142 185.27.134.142 | 34119 (WILDCARD-...) (WILDCARD-AS Wildcard UK Limited) | |
6 | 2a02:4780:dea... 2a02:4780:dead:97b4::1 | 204915 (AWEX) (AWEX) | |
1 | 2a00:1450:400... 2a00:1450:4001:827::2003 | 15169 (GOOGLE) (GOOGLE) | |
12 | 4 |
ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)
qvudherbepiuawygjeepdfqpmaeptx.22web.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
000webhostapp.com
crbnauthsteeps.000webhostapp.com |
936 KB |
3 |
22web.org
1 redirects
qvudherbepiuawygjeepdfqpmaeptx.22web.org |
32 KB |
1 |
gstatic.com
fonts.gstatic.com |
19 KB |
1 |
ai6.net
1 redirects
ai6.net |
593 B |
12 | 4 |
Domain | Requested by | |
---|---|---|
6 | crbnauthsteeps.000webhostapp.com |
qvudherbepiuawygjeepdfqpmaeptx.22web.org
crbnauthsteeps.000webhostapp.com |
3 | qvudherbepiuawygjeepdfqpmaeptx.22web.org |
1 redirects
qvudherbepiuawygjeepdfqpmaeptx.22web.org
|
1 | fonts.gstatic.com |
crbnauthsteeps.000webhostapp.com
|
1 | ai6.net | 1 redirects |
12 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.000webhostapp.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1 |
2021-07-10 - 2022-08-10 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-11-01 - 2022-01-24 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://crbnauthsteeps.000webhostapp.com/?i=1
Frame ID: 32AB1C9FB707BD2E092D149D39EE693E
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
Banco Nacional de Costa Rica. Inicio de SesionPage URL History Show full URLs
-
https://ai6.net/Ev40QR
HTTP 301
http://qvudherbepiuawygjeepdfqpmaeptx.22web.org/ Page URL
-
http://qvudherbepiuawygjeepdfqpmaeptx.22web.org/?i=1
HTTP 301
https://crbnauthsteeps.000webhostapp.com/?i=1 Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://ai6.net/Ev40QR
HTTP 301
http://qvudherbepiuawygjeepdfqpmaeptx.22web.org/ Page URL
-
http://qvudherbepiuawygjeepdfqpmaeptx.22web.org/?i=1
HTTP 301
https://crbnauthsteeps.000webhostapp.com/?i=1 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://ai6.net/Ev40QR HTTP 301
- http://qvudherbepiuawygjeepdfqpmaeptx.22web.org/
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
qvudherbepiuawygjeepdfqpmaeptx.22web.org/ Redirect Chain
|
851 B 845 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aes.js
qvudherbepiuawygjeepdfqpmaeptx.22web.org/ |
30 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
crbnauthsteeps.000webhostapp.com/ Redirect Chain
|
61 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
crbnauthsteeps.000webhostapp.com/files/ |
29 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
css
crbnauthsteeps.000webhostapp.com/files/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
css(1)
crbnauthsteeps.000webhostapp.com/files/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
css(2)
crbnauthsteeps.000webhostapp.com/files/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
crbnauthsteeps.000webhostapp.com/files/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
BNChat.png
crbnauthsteeps.000webhostapp.com/files/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
crbnauthsteeps.000webhostapp.com/ |
61 KB 61 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fondo.png
crbnauthsteeps.000webhostapp.com/files/ |
849 KB 851 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v12/ |
18 KB 19 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- crbnauthsteeps.000webhostapp.com
- URL
- https://crbnauthsteeps.000webhostapp.com/files/css
- Domain
- crbnauthsteeps.000webhostapp.com
- URL
- https://crbnauthsteeps.000webhostapp.com/files/css(1)
- Domain
- crbnauthsteeps.000webhostapp.com
- URL
- https://crbnauthsteeps.000webhostapp.com/files/css(2)
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco Nacional (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ai6.net/ | Name: Ev40QR Value: Ev40QR |
|
qvudherbepiuawygjeepdfqpmaeptx.22web.org/ | Name: __test Value: c3a40e8639209fb9e111ce969f873ab6 |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ai6.net
crbnauthsteeps.000webhostapp.com
fonts.gstatic.com
qvudherbepiuawygjeepdfqpmaeptx.22web.org
crbnauthsteeps.000webhostapp.com
185.27.134.142
195.201.172.53
2a00:1450:4001:827::2003
2a02:4780:dead:97b4::1
01a8a83840a2965e5dea07693a910af3d83579d23eed2893ac04fc1060a14680
07f298455e75fcd947aaf460e7d4dbf0ce4aab7955a8abe198f6834cd2c80308
2e4ecfa7866203cf7f8f705c2c9fffa8cdeb3b11bea0cae4399f6bc974b07b6f
4177b514e7cbf5efef5263662a21547172ba18f0c2832dd9aac189f48dcfe095
4ab7918478793ceb022d3f5449e401b44b78d87bc4429058ebb8b64163640da2
4d4bbf294528fb4108d48d878b0be630c5c83166719c45069e2c98eeb698f11a
a11306b40a20c1d8d40e2746d1ee259b7556c00bcbc719e5e1065f02b7cc427c
d2701c86a2a31a641520e72121749dbbabeed4b1a59aece20bbf14f9c9de82bc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855