www.centraldigitalcr.com
Open in
urlscan Pro
68.66.226.109
Malicious Activity!
Public Scan
Submission: On January 23 via api from CR — Scanned from DE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on December 17th 2021. Valid for: 3 months.
This is the only time www.centraldigitalcr.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco Nacional (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 68.66.226.109 68.66.226.109 | 55293 (A2HOSTING) (A2HOSTING) | |
3 | 2a00:1450:400... 2a00:1450:4001:830::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:829::2003 | 15169 (GOOGLE) (GOOGLE) | |
12 | 3 |
ASN55293 (A2HOSTING, US)
PTR: az1-ss44.a2hosting.com
www.centraldigitalcr.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
centraldigitalcr.com
www.centraldigitalcr.com |
219 KB |
3 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 47 |
2 KB |
2 |
gstatic.com
fonts.gstatic.com |
35 KB |
12 | 3 |
Domain | Requested by | |
---|---|---|
7 | www.centraldigitalcr.com |
www.centraldigitalcr.com
|
3 | fonts.googleapis.com |
www.centraldigitalcr.com
|
2 | fonts.gstatic.com |
www.centraldigitalcr.com
fonts.googleapis.com |
12 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.bncr.fi.cr |
bncr.bnonline.fi.cr |
Subject Issuer | Validity | Valid | |
---|---|---|---|
centraldigitalcr.com cPanel, Inc. Certification Authority |
2021-12-17 - 2022-03-17 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-12-27 - 2022-03-21 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-12-27 - 2022-03-21 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.centraldigitalcr.com/bn/auth.bncr.fi.cr/adfs/ls19c5.html
Frame ID: 1F4E20238E315AF046BE203E598748CC
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
Banco Nacional de Costa Rica. Inicio de SesionDetected technologies
Google Font API (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: www.bncr.fi.cr
Search URL Search Domain Scan URL
Title: Sincronizar OTP
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
ls19c5.html
www.centraldigitalcr.com/bn/auth.bncr.fi.cr/adfs/ |
55 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style8f57.css
www.centraldigitalcr.com/bn/auth.bncr.fi.cr/adfs/portal/css/ |
27 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
664 B 428 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
5 KB 731 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
illustrationba1b.png
www.centraldigitalcr.com/bn/auth.bncr.fi.cr/adfs/portal/illustration/ |
114 KB 107 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fondo.jpg
www.centraldigitalcr.com/bn/auth.bncr.fi.cr/adfs/portal/images/bncr/ |
83 KB 81 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
firma.png
www.centraldigitalcr.com/bn/auth.bncr.fi.cr/adfs/portal/images/bncr/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v12/ |
18 KB 19 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v27/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
www.centraldigitalcr.com/bn/auth.bncr.fi.cr/adfs/images/bncr/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
BNChat.png
www.centraldigitalcr.com/bn/auth.bncr.fi.cr/adfs/portal/images/bncr/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco Nacional (Banking)74 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| LoginErrors number| maxPasswordLength function| InputUtil function| SelectOption function| Login string| Title string| LoginTitle string| urlBnMovilDefault string| urlIBDefault string| urlBNSDefault string| urlLostPassword string| urlLostPasswordBnMovil string| urlAffiliate string| urlAffiliateBnMovil string| urlApiToken string| urlCambioClave string| urlCambioClaveBNM string| indiceAuth string| indiceBNM string| indiceIB string| indiceBNS string| urlIBCDescarga string| rutabase string| urlLogo string| urlChatImg string| urlChat string| FooterSeccionLeftLogin string| FooterSeccionCenterLogin string| FooterSeccionRightLogin string| FooterSeccionLeftKeyBoard string| FooterSeccionCenterKeyBoard string| FooterSeccionRightKeyBoard string| FooterSeccionLeftOTP string| FooterSeccionCenterOTP string| FooterSeccionRightOTP string| Terms string| TermsUrl string| Privacy string| PrivacyUrl string| chatLink string| helpModal object| contentHtml undefined| emails undefined| msViewportStyle undefined| viewport function| getStyle function| LoadTheme function| IsIB function| IsIBMovil function| IsBNS function| Signout function| ClearDomain function| CambioContrasena function| HideShowControl function| ElementExist function| WindowsRedirect function| ExistMFA function| DrawMFA function| ApplyCSSInput function| SetValueInput function| ControlFooter function| GetReturnUri function| GetParamts function| GetUsrName function| AppendLostPassword function| AppendCertificate function| AppendUserName function| InitControls function| LettersAndNumbers function| CertificateClick function| HelpClick function| ValidarErrorCert function| RestringirMoviles function| Close0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=63072000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
fonts.gstatic.com
www.centraldigitalcr.com
2a00:1450:4001:829::2003
2a00:1450:4001:830::200a
68.66.226.109
0202c1e41ee2a905889b0f4140b2853a48703fae16087f17292cbb75c0385ac0
183128a3c941ede3d9199fa37d6aa90e0a7dfe101b37d10b4feda0cf35e11afd
1e2d2c4222a58200a2c1f4a0df09281986a332848553a0f4f4748c4ed338c7fe
2e4ecfa7866203cf7f8f705c2c9fffa8cdeb3b11bea0cae4399f6bc974b07b6f
3e565e234129478310d0fb0aaeed7e406202460d3bd020421ca7a02ae62b9617
4ab7918478793ceb022d3f5449e401b44b78d87bc4429058ebb8b64163640da2
52691c4f90034c90a93cb95cf2c62e8bfee3f2da454e5ad4195b89db97dfe446
a11306b40a20c1d8d40e2746d1ee259b7556c00bcbc719e5e1065f02b7cc427c
a25ba1b157ec936592d10b603b83173744a279f8be236e4dc3f25aab9fbbd452
c99361c0d8561c7d88a237009bac83ecc149fe6f1f91c52dde79b7841b584c40
cce577471c2586f3e0c2518fff84a970d33f61491fb8c629341b86f238cf07c0
f8f5705ee03667d1a28565f6dc84b7748bb9d7c4ded30c270354edd054b86b32