verificacionbncr.tk Open in urlscan Pro
162.210.101.112 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://verificacionbncr.tk/
Submission: On January 18 via automatic, source openphish (January 18th 2023, 1:27:51 am UTC) — Scanned from DE

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 12 HTTP transactions. The main IP is 162.210.101.112, located in United States and belongs to STEADFAST, US. The main domain is verificacionbncr.tk.

This is the only time verificacionbncr.tk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco Nacional (Banking)

Domain & IP information

	IP Address	AS Autonomous System
7	162.210.101.112 162.210.101.112	32748 (STEADFAST) (STEADFAST)
3	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:807::2003	15169 (GOOGLE) (GOOGLE)
12	3

7 162.210.101.112 (United States)

ASN32748 (STEADFAST, US)

verificacionbncr.tk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:807::2003 (Ireland)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	verificacionbncr.tk verificacionbncr.tk	244 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	2 KB
2	gstatic.com fonts.gstatic.com	35 KB
12	3

	Domain	Requested by
7	verificacionbncr.tk	verificacionbncr.tk
3	fonts.googleapis.com	verificacionbncr.tk
2	fonts.gstatic.com	verificacionbncr.tk fonts.googleapis.com
12	3

This site contains no links.

Subject Issuer	Validity	Valid
upload.video.google.com GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://verificacionbncr.tk/
Frame ID: 94891BF0021A66DAAC680F3EDC62B595
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Banco Nacional de Costa Rica. Inicio de Sesion

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

12
Requests

42 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

282 kB
Transfer

286 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
verificacionbncr.tk/ 13 KB
13 KB 332ms
110ms Document
text/html 162.210.101.112
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: http://verificacionbncr.tk/
Protocol: HTTP/1.1
Server: 162.210.101.112 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
Software: lighttpd/1.4.28 /
Resource Hash: 7123df0811a4a464c9771f5e042e0d44629104b2cecc7e0fb5825a44d1d9647f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Content-Length: 13266
Content-Type: text/html
Date: Wed, 18 Jan 2023 01:27:45 GMT
ETag: "3330843873"
Last-Modified: Wed, 23 Jun 2021 15:19:12 GMT
Server: lighttpd/1.4.28

GET
H/1.1 200
OK style.css
verificacionbncr.tk/index_files/ 27 KB
27 KB 211ms
110ms Stylesheet
text/css 162.210.101.112
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: http://verificacionbncr.tk/index_files/style.css?id=3D07BA4E173367E495ED2F4AC5EFA966CEAC913F78A268E3D937AD57648A605B&rp=37d0e840-bdc3-e911-90f3-005056b6cfbb
Requested by: Host: verificacionbncr.tk
URL: http://verificacionbncr.tk/
Protocol: HTTP/1.1
Server: 162.210.101.112 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
Software: lighttpd/1.4.28 /
Resource Hash: 26e921f6d2364dd17ba76020b853f53c5a5fcc49ffa0d606f6a9d181f515d950

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://verificacionbncr.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Wed, 18 Jan 2023 01:27:45 GMT
Last-Modified: Wed, 23 Jun 2021 15:17:30 GMT
Server: lighttpd/1.4.28
Accept-Ranges: bytes
ETag: "2252913131"
Content-Length: 27626
Content-Type: text/css

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 144ms
44ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans

Requested by

Host: verificacionbncr.tk
URL: http://verificacionbncr.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8d683e97a1f23650a3e38cf3621b924ccf692f2a4204d193335ceddeb9b65353

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://verificacionbncr.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 18 Jan 2023 01:27:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 18 Jan 2023 00:54:52 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 18 Jan 2023 01:27:45 GMT

GET
H2 200 css
fonts.googleapis.com/ 664 B
429 B 146ms
47ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato

Requested by

Host: verificacionbncr.tk
URL: http://verificacionbncr.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5a9f9b8fdda3dc64dc104281767edc8ce0798cd76bfc307c17a7c7b4db115c86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://verificacionbncr.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 18 Jan 2023 01:27:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 18 Jan 2023 00:41:31 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 18 Jan 2023 01:27:45 GMT

GET
H2 200 css
fonts.googleapis.com/ 5 KB
734 B 148ms
49ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400&display=swap

Requested by

Host: verificacionbncr.tk
URL: http://verificacionbncr.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

75857df06751912384dd06e4481ec50a868c5225c0c9cea7f2e1b51102baab6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://verificacionbncr.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 18 Jan 2023 01:27:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 18 Jan 2023 00:05:00 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 18 Jan 2023 01:27:45 GMT

GET
H/1.1 200
OK logo.png
verificacionbncr.tk/index_files/ 2 KB
2 KB 184ms
108ms Image
image/png 162.210.101.112
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://verificacionbncr.tk/index_files/logo.png
Requested by: Host: verificacionbncr.tk
URL: http://verificacionbncr.tk/
Protocol: HTTP/1.1
Server: 162.210.101.112 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
Software: lighttpd/1.4.28 /
Resource Hash: a11306b40a20c1d8d40e2746d1ee259b7556c00bcbc719e5e1065f02b7cc427c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://verificacionbncr.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Wed, 18 Jan 2023 01:27:45 GMT
Last-Modified: Wed, 23 Jun 2021 14:25:30 GMT
Server: lighttpd/1.4.28
Accept-Ranges: bytes
ETag: "3159083520"
Content-Length: 2282
Content-Type: image/png

GET
H/1.1 200
OK ayuda.png
verificacionbncr.tk/index_files/ 1000 B
1 KB 217ms
109ms Image
image/png 162.210.101.112
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://verificacionbncr.tk/index_files/ayuda.png
Requested by: Host: verificacionbncr.tk
URL: http://verificacionbncr.tk/
Protocol: HTTP/1.1
Server: 162.210.101.112 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
Software: lighttpd/1.4.28 /
Resource Hash: 4b6f8b4cd67ffcaed6006282a9299cf4917bd121ea525e3ea33615bf675f5a6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://verificacionbncr.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Wed, 18 Jan 2023 01:27:45 GMT
Last-Modified: Wed, 23 Jun 2021 14:00:46 GMT
Server: lighttpd/1.4.28
Accept-Ranges: bytes
ETag: "1028646434"
Content-Length: 1000
Content-Type: image/png

GET
H/1.1 200
OK illustration.png
verificacionbncr.tk/index_files/ 114 KB
114 KB 108ms
108ms Image
image/png 162.210.101.112
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://verificacionbncr.tk/index_files/illustration.png?id=183128A3C941EDE3D9199FA37D6AA90E0A7DFE101B37D10B4FEDA0CF35E11AFD&rp=37d0e840-bdc3-e911-90f3-005056b6cfbb
Requested by: Host: verificacionbncr.tk
URL: http://verificacionbncr.tk/
Protocol: HTTP/1.1
Server: 162.210.101.112 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
Software: lighttpd/1.4.28 /
Resource Hash: 183128a3c941ede3d9199fa37d6aa90e0a7dfe101b37d10b4feda0cf35e11afd

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://verificacionbncr.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Wed, 18 Jan 2023 01:27:45 GMT
Last-Modified: Wed, 23 Jun 2021 14:13:42 GMT
Server: lighttpd/1.4.28
Accept-Ranges: bytes
ETag: "925197644"
Content-Length: 116699
Content-Type: image/png

GET
H/1.1 200
OK fondo.jpg
verificacionbncr.tk/index_files/ 83 KB
84 KB 111ms
110ms Image
image/jpeg 162.210.101.112
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://verificacionbncr.tk/index_files/fondo.jpg
Requested by: Host: verificacionbncr.tk
URL: http://verificacionbncr.tk/index_files/style.css?id=3D07BA4E173367E495ED2F4AC5EFA966CEAC913F78A268E3D937AD57648A605B&rp=37d0e840-bdc3-e911-90f3-005056b6cfbb
Protocol: HTTP/1.1
Server: 162.210.101.112 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
Software: lighttpd/1.4.28 /
Resource Hash: a25ba1b157ec936592d10b603b83173744a279f8be236e4dc3f25aab9fbbd452

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://verificacionbncr.tk/index_files/style.css?id=3D07BA4E173367E495ED2F4AC5EFA966CEAC913F78A268E3D937AD57648A605B&rp=37d0e840-bdc3-e911-90f3-005056b6cfbb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Wed, 18 Jan 2023 01:27:45 GMT
Last-Modified: Wed, 23 Jun 2021 14:37:02 GMT
Server: lighttpd/1.4.28
Accept-Ranges: bytes
ETag: "2245851520"
Content-Length: 85391
Content-Type: image/jpeg

GET
H/1.1 200
OK firma.png
verificacionbncr.tk/index_files/ 3 KB
3 KB 111ms
110ms Image
image/png 162.210.101.112
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://verificacionbncr.tk/index_files/firma.png
Requested by: Host: verificacionbncr.tk
URL: http://verificacionbncr.tk/index_files/style.css?id=3D07BA4E173367E495ED2F4AC5EFA966CEAC913F78A268E3D937AD57648A605B&rp=37d0e840-bdc3-e911-90f3-005056b6cfbb
Protocol: HTTP/1.1
Server: 162.210.101.112 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
Software: lighttpd/1.4.28 /
Resource Hash: 52691c4f90034c90a93cb95cf2c62e8bfee3f2da454e5ad4195b89db97dfe446

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://verificacionbncr.tk/index_files/style.css?id=3D07BA4E173367E495ED2F4AC5EFA966CEAC913F78A268E3D937AD57648A605B&rp=37d0e840-bdc3-e911-90f3-005056b6cfbb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Wed, 18 Jan 2023 01:27:45 GMT
Last-Modified: Wed, 23 Jun 2021 14:36:14 GMT
Server: lighttpd/1.4.28
Accept-Ranges: bytes
ETag: "1405674122"
Content-Length: 2576
Content-Type: image/png

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v12/ 18 KB
19 KB 167ms
47ms Font
font/woff2 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v12/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: verificacionbncr.tk
URL: http://verificacionbncr.tk/index_files/style.css?id=3D07BA4E173367E495ED2F4AC5EFA966CEAC913F78A268E3D937AD57648A605B&rp=37d0e840-bdc3-e911-90f3-005056b6cfbb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ab7918478793ceb022d3f5449e401b44b78d87bc4429058ebb8b64163640da2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://verificacionbncr.tk/
Origin: http://verificacionbncr.tk
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 06:48:11 GMT
x-content-type-options: nosniff
age: 67174
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18684
x-xss-protection: 0
last-modified: Tue, 07 Nov 2017 15:24:32 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Jan 2024 06:48:11 GMT

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v34/ 16 KB
16 KB 175ms
61ms Font
font/woff2 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://verificacionbncr.tk
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sun, 15 Jan 2023 11:09:36 GMT
x-content-type-options: nosniff
age: 224289
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16740
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:14:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 Jan 2024 11:09:36 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco Nacional (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
verificacionbncr.tk
162.210.101.112
2a00:1450:4001:82b::200a
2a00:1450:400d:807::2003
183128a3c941ede3d9199fa37d6aa90e0a7dfe101b37d10b4feda0cf35e11afd
26e921f6d2364dd17ba76020b853f53c5a5fcc49ffa0d606f6a9d181f515d950
4ab7918478793ceb022d3f5449e401b44b78d87bc4429058ebb8b64163640da2
4b6f8b4cd67ffcaed6006282a9299cf4917bd121ea525e3ea33615bf675f5a6a
52691c4f90034c90a93cb95cf2c62e8bfee3f2da454e5ad4195b89db97dfe446
5a9f9b8fdda3dc64dc104281767edc8ce0798cd76bfc307c17a7c7b4db115c86
7123df0811a4a464c9771f5e042e0d44629104b2cecc7e0fb5825a44d1d9647f
75857df06751912384dd06e4481ec50a868c5225c0c9cea7f2e1b51102baab6a
8d683e97a1f23650a3e38cf3621b924ccf692f2a4204d193335ceddeb9b65353
a11306b40a20c1d8d40e2746d1ee259b7556c00bcbc719e5e1065f02b7cc427c
a25ba1b157ec936592d10b603b83173744a279f8be236e4dc3f25aab9fbbd452
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

verificacionbncr.tk Open in urlscan Pro 162.210.101.112 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

12 Requests

42 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

282 kBTransfer

286 kBSize

0 Cookies

0 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

verificacionbncr.tk Open in urlscan Pro
162.210.101.112 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

42 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

282 kB
Transfer

286 kB
Size

0
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!