www.hrcompetitive.com Open in urlscan Pro
167.114.53.186 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.hrcompetitive.com/trontonb/logiste1/index.html
Submission Tags: @phish_report
Submission: On March 08 via api (March 8th 2024, 2:14:40 pm UTC) from FI — Scanned from CA

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 167.114.53.186, located in Montreal, Canada and belongs to OVH, FR. The main domain is www.hrcompetitive.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on December 29th 2023. Valid for: 3 months.

This is the only time www.hrcompetitive.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco de la República Oriental del Uruguay (Banking)

Domain & IP information

	IP Address		AS Autonomous System
10	167.114.53.186 167.114.53.186		16276 (OVH) (OVH)
10	1

10 167.114.53.186 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: webhostingpx.itdospuntocero.net

www.hrcompetitive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	hrcompetitive.com www.hrcompetitive.com	950 KB
10	1

	Domain	Requested by
10	www.hrcompetitive.com	www.hrcompetitive.com
10	1

This site contains no links.

Subject Issuer	Validity	Valid
hrcompetitive.com cPanel, Inc. Certification Authority	`2023-12-29` - `2024-03-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.hrcompetitive.com/trontonb/logiste1/index.html
Frame ID: 7530F4616757FC12592ED87759288403
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Principal HomeU

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

950 kB
Transfer

947 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request index.html Show response
www.hrcompetitive.com/trontonb/logiste1/ 38 KB
39 KB 71ms
21ms Document
text/html 167.114.53.186
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hrcompetitive.com/trontonb/logiste1/index.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

167.114.53.186 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

webhostingpx.itdospuntocero.net

Software

Apache /

Resource Hash

8f4232ad660b19029ab4fdd816b4f2fc4b40d7fbd03eea1838b6c36acaa44efb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 39232
Content-Type: text/html
Date: Fri, 08 Mar 2024 14:14:28 GMT
Keep-Alive: timeout=5, max=100
Last-Modified: Mon, 27 Nov 2023 12:29:30 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000

GET
H/1.1 200
OK lasfuentes.css
www.hrcompetitive.com/trontonb/logiste1/cerezo/ 200 B
485 B 30ms
17ms Stylesheet
text/css 167.114.53.186
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hrcompetitive.com/trontonb/logiste1/cerezo/lasfuentes.css

Requested by

Host: www.hrcompetitive.com
URL: https://www.hrcompetitive.com/trontonb/logiste1/index.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

167.114.53.186 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

webhostingpx.itdospuntocero.net

Software

Apache /

Resource Hash

0576b7aaff76a03aa66efe1a5fda7736e048286f5c3f6e33f25dfd8e09704c24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.hrcompetitive.com/trontonb/logiste1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Fri, 08 Mar 2024 14:14:28 GMT
Strict-Transport-Security: max-age=31536000
Last-Modified: Sun, 26 Nov 2023 13:07:14 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 200

GET
H/1.1 200
OK losiconos.css
www.hrcompetitive.com/trontonb/logiste1/cerezo/ 59 KB
59 KB 52ms
18ms Stylesheet
text/css 167.114.53.186
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hrcompetitive.com/trontonb/logiste1/cerezo/losiconos.css

Requested by

Host: www.hrcompetitive.com
URL: https://www.hrcompetitive.com/trontonb/logiste1/index.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

167.114.53.186 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

webhostingpx.itdospuntocero.net

Software

Apache /

Resource Hash

d4d41483cf38b6182b0a495196cfc55821cfd2e3d310861f32bcd2240806f187

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.hrcompetitive.com/trontonb/logiste1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Fri, 08 Mar 2024 14:14:28 GMT
Strict-Transport-Security: max-age=31536000
Last-Modified: Sun, 26 Nov 2023 12:44:16 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 60205

GET
H/1.1 200
OK chuqui2.css
www.hrcompetitive.com/trontonb/logiste1/cerezo/ 39 KB
39 KB 108ms
21ms Stylesheet
text/css 167.114.53.186
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hrcompetitive.com/trontonb/logiste1/cerezo/chuqui2.css

Requested by

Host: www.hrcompetitive.com
URL: https://www.hrcompetitive.com/trontonb/logiste1/index.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

167.114.53.186 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

webhostingpx.itdospuntocero.net

Software

Apache /

Resource Hash

be2fdbd855087f7d02a38f23110b462bb58272d3041743f12a7a3fc8e3b0168e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.hrcompetitive.com/trontonb/logiste1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Fri, 08 Mar 2024 14:14:28 GMT
Strict-Transport-Security: max-age=31536000
Last-Modified: Sun, 26 Nov 2023 14:32:32 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 39764

GET
H/1.1 200
OK css.css
www.hrcompetitive.com/trontonb/logiste1/cerezo/ 5 KB
5 KB 143ms
28ms Stylesheet
text/css 167.114.53.186
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hrcompetitive.com/trontonb/logiste1/cerezo/css.css

Requested by

Host: www.hrcompetitive.com
URL: https://www.hrcompetitive.com/trontonb/logiste1/index.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

167.114.53.186 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

webhostingpx.itdospuntocero.net

Software

Apache /

Resource Hash

29c5b97114ac9696f2c7f4692d4733a2b0a7e470d6f9e048d1ded77f83f72da3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.hrcompetitive.com/trontonb/logiste1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Fri, 08 Mar 2024 14:14:28 GMT
Strict-Transport-Security: max-age=31536000
Last-Modified: Sun, 26 Nov 2023 15:57:22 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 5160

GET
H/1.1 200
OK chuquiti.css
www.hrcompetitive.com/trontonb/logiste1/cerezo/ 640 KB
640 KB 172ms
20ms Stylesheet
text/css 167.114.53.186
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hrcompetitive.com/trontonb/logiste1/cerezo/chuquiti.css

Requested by

Host: www.hrcompetitive.com
URL: https://www.hrcompetitive.com/trontonb/logiste1/index.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

167.114.53.186 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

webhostingpx.itdospuntocero.net

Software

Apache /

Resource Hash

40cacd7cd84bfcc7d25b3b96c3d48a46a5b7d92eeaa58d63bca2dc571e7f491b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.hrcompetitive.com/trontonb/logiste1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Fri, 08 Mar 2024 14:14:28 GMT
Strict-Transport-Security: max-age=31536000
Last-Modified: Sun, 26 Nov 2023 15:50:44 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 654957

GET
H/1.1 200
OK elfondito.jpg
www.hrcompetitive.com/trontonb/logiste1/mex/ 130 KB
130 KB 274ms
18ms Image
image/jpeg 167.114.53.186
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hrcompetitive.com/trontonb/logiste1/mex/elfondito.jpg

Requested by

Host: www.hrcompetitive.com
URL: https://www.hrcompetitive.com/trontonb/logiste1/index.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

167.114.53.186 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

webhostingpx.itdospuntocero.net

Software

Apache /

Resource Hash

62ebac9119c82db12553de55773d265db5cc81db125dda0e84443a59f7f9c369

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.hrcompetitive.com/trontonb/logiste1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Fri, 08 Mar 2024 14:14:28 GMT
Strict-Transport-Security: max-age=31536000
Last-Modified: Sun, 26 Nov 2023 12:44:18 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 132994

GET
H/1.1 200
OK laflecha.svg
www.hrcompetitive.com/trontonb/logiste1/mex/ 364 B
654 B 18ms
18ms Image
image/svg+xml 167.114.53.186
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hrcompetitive.com/trontonb/logiste1/mex/laflecha.svg

Requested by

Host: www.hrcompetitive.com
URL: https://www.hrcompetitive.com/trontonb/logiste1/cerezo/chuquiti.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

167.114.53.186 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

webhostingpx.itdospuntocero.net

Software

Apache /

Resource Hash

3c00a9cad0308640f0308633960577e95622fdf12097e4d5dcd418abd0e541d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.hrcompetitive.com/trontonb/logiste1/cerezo/chuquiti.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Fri, 08 Mar 2024 14:14:28 GMT
Strict-Transport-Security: max-age=31536000
Last-Modified: Sun, 26 Nov 2023 13:21:40 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 364

GET
H/1.1 200
OK goterobook.woff2
www.hrcompetitive.com/trontonb/logiste1/cerezo/ 16 KB
17 KB 33ms
17ms Font
font/woff2 167.114.53.186
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hrcompetitive.com/trontonb/logiste1/cerezo/goterobook.woff2

Requested by

Host: www.hrcompetitive.com
URL: https://www.hrcompetitive.com/trontonb/logiste1/cerezo/lasfuentes.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

167.114.53.186 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

webhostingpx.itdospuntocero.net

Software

Apache /

Resource Hash

de104a848c6a42e0e860a926db60ac470022da5f22980279e3e7b73cfc815ba2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.hrcompetitive.com/trontonb/logiste1/cerezo/lasfuentes.css
Origin: https://www.hrcompetitive.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Fri, 08 Mar 2024 14:14:28 GMT
Strict-Transport-Security: max-age=31536000
Last-Modified: Sun, 26 Nov 2023 13:05:34 GMT
Server: Apache
Content-Type: font/woff2
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 16788

GET
H/1.1 200
OK goteromedio.woff2
www.hrcompetitive.com/trontonb/logiste1/cerezo/ 20 KB
20 KB 59ms
21ms Font
font/woff2 167.114.53.186
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hrcompetitive.com/trontonb/logiste1/cerezo/goteromedio.woff2

Requested by

Host: www.hrcompetitive.com
URL: https://www.hrcompetitive.com/trontonb/logiste1/cerezo/lasfuentes.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

167.114.53.186 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

webhostingpx.itdospuntocero.net

Software

Apache /

Resource Hash

83c870f855fe762fc60ee72248007a5bc384f7e65ab4937d0cdb82e7473305cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.hrcompetitive.com/trontonb/logiste1/cerezo/lasfuentes.css
Origin: https://www.hrcompetitive.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Fri, 08 Mar 2024 14:14:28 GMT
Strict-Transport-Security: max-age=31536000
Last-Modified: Sun, 26 Nov 2023 13:05:24 GMT
Server: Apache
Content-Type: font/woff2
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=91
Content-Length: 20208

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco de la República Oriental del Uruguay (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.hrcompetitive.com
167.114.53.186
0576b7aaff76a03aa66efe1a5fda7736e048286f5c3f6e33f25dfd8e09704c24
29c5b97114ac9696f2c7f4692d4733a2b0a7e470d6f9e048d1ded77f83f72da3
3c00a9cad0308640f0308633960577e95622fdf12097e4d5dcd418abd0e541d6
40cacd7cd84bfcc7d25b3b96c3d48a46a5b7d92eeaa58d63bca2dc571e7f491b
62ebac9119c82db12553de55773d265db5cc81db125dda0e84443a59f7f9c369
83c870f855fe762fc60ee72248007a5bc384f7e65ab4937d0cdb82e7473305cb
8f4232ad660b19029ab4fdd816b4f2fc4b40d7fbd03eea1838b6c36acaa44efb
be2fdbd855087f7d02a38f23110b462bb58272d3041743f12a7a3fc8e3b0168e
d4d41483cf38b6182b0a495196cfc55821cfd2e3d310861f32bcd2240806f187
de104a848c6a42e0e860a926db60ac470022da5f22980279e3e7b73cfc815ba2

www.hrcompetitive.com Open in urlscan Pro 167.114.53.186 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

950 kBTransfer

947 kBSize

0 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

www.hrcompetitive.com Open in urlscan Pro
167.114.53.186 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

950 kB
Transfer

947 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!