kingrepubliceebrouu3.c1.biz
Open in
urlscan Pro
185.176.43.106
Malicious Activity!
Public Scan
Effective URL: http://kingrepubliceebrouu3.c1.biz/index1.html
Submission: On August 31 via manual from UY — Scanned from DE
Summary
This is the only time kingrepubliceebrouu3.c1.biz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco de la República Oriental del Uruguay (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 192.185.35.31 192.185.35.31 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 14 | 185.176.43.106 185.176.43.106 | 44476 (ZETTA-AS) (ZETTA-AS) | |
13 | 1 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: tropiccoffeeltd.com
hhbyemen.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
c1.biz
1 redirects
kingrepubliceebrouu3.c1.biz |
778 KB |
2 |
hhbyemen.com
2 redirects
hhbyemen.com |
173 B |
13 | 2 |
Domain | Requested by | |
---|---|---|
14 | kingrepubliceebrouu3.c1.biz |
1 redirects
kingrepubliceebrouu3.c1.biz
|
2 | hhbyemen.com | 2 redirects |
13 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://kingrepubliceebrouu3.c1.biz/index1.html
Frame ID: 171AC550E289B403E4CA08FDB4982BCE
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
InicioPage URL History Show full URLs
-
https://hhbyemen.com/mde/upload.php/
HTTP 301
https://hhbyemen.com/mde/upload.php HTTP 302
http://kingrepubliceebrouu3.c1.biz/ HTTP 302
http://kingrepubliceebrouu3.c1.biz/index1.html Page URL
Detected technologies
Ionicons (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+ionicons(?:\.min)?\.css
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://hhbyemen.com/mde/upload.php/
HTTP 301
https://hhbyemen.com/mde/upload.php HTTP 302
http://kingrepubliceebrouu3.c1.biz/ HTTP 302
http://kingrepubliceebrouu3.c1.biz/index1.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index1.html
kingrepubliceebrouu3.c1.biz/ Redirect Chain
|
25 KB 25 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fonts.css
kingrepubliceebrouu3.c1.biz/flfs/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ionicons.css
kingrepubliceebrouu3.c1.biz/flfs/ |
59 KB 59 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2.d18bb301.chunk.css
kingrepubliceebrouu3.c1.biz/flfs/ |
34 KB 34 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.8d29879f.chunk.css
kingrepubliceebrouu3.c1.biz/flfs/ |
528 KB 528 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
slider-01.jpg
kingrepubliceebrouu3.c1.biz/flfs/ |
130 KB 130 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
selectArrowDown.b3a49a7d.svg
kingrepubliceebrouu3.c1.biz/frontend/static/media/ |
109 B 109 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
GothamBook.woff2
kingrepubliceebrouu3.c1.biz/flfs/gotham/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Gotham-Medium.woff2
kingrepubliceebrouu3.c1.biz/flfs/gotham/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Gotham-Medium.woff
kingrepubliceebrouu3.c1.biz/flfs/gotham/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
GothamBook.woff
kingrepubliceebrouu3.c1.biz/flfs/gotham/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Gotham-Medium.ttf
kingrepubliceebrouu3.c1.biz/flfs/gotham/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
GothamBook.ttf
kingrepubliceebrouu3.c1.biz/flfs/gotham/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco de la República Oriental del Uruguay (Banking)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
7 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
hhbyemen.com
kingrepubliceebrouu3.c1.biz
185.176.43.106
192.185.35.31
367cba5c66dcb77e9efdefae321a5fa51b4ed0773b15ebbd7a8ee35b913e75fe
3ffb95edd9704443da9b764aa5085b5985554b2d6b611487080911f7c1da7ff2
62ebac9119c82db12553de55773d265db5cc81db125dda0e84443a59f7f9c369
970a245e193b5fcb6fb9e0fa1ecc9a8ee55f3775aa766fcea860ea2d9af9741f
9afde12f75dafba0637d0c7894c3d2426c102ab9f4fd8f330f076c4326a1b0a5
d4d41483cf38b6182b0a495196cfc55821cfd2e3d310861f32bcd2240806f187
ffa3bcf329ed085c6d4c0c79ce6d98ac589b92ecdd3471eda4a602d8045a5f13