login.bnl.lt Open in urlscan Pro
94.23.73.243 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://login.bnl.lt/
Submission: On October 14 via automatic, source certstream-suspicious (October 14th 2022, 3:07:47 pm UTC) — Scanned from DE

Summary HTTP 21 Redirects Links 28 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 21 HTTP transactions. The main IP is 94.23.73.243, located in Lisbon, Portugal and belongs to OVH, FR. The main domain is login.bnl.lt.
TLS certificate: Issued by R3 on October 14th 2022. Valid for: 3 months.

This is the only time login.bnl.lt was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BNP Paribas (Banking)

Domain & IP information

	IP Address		AS Autonomous System
21	94.23.73.243 94.23.73.243		16276 (OVH) (OVH)
21	1

21 94.23.73.243 (Lisbon, Portugal)

ASN16276 (OVH, FR)
PTR: ip243.ip-94-23-73.eu

login.bnl.lt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	bnl.lt login.bnl.lt	320 KB
21	1

	Domain	Requested by
21	login.bnl.lt	login.bnl.lt
21	1

This site contains links to these domains. Also see Links.

Domain
bnl.lt
lifebanker.bnl.lt
banking.bnl.lt
www.facebook.com
twitter.com
www.acf.consob.it
www.youtube.com
socialwall.bnl.lt

Subject Issuer	Validity	Valid
login.bnl.lt R3	`2022-10-14` - `2023-01-12`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://login.bnl.lt/
Frame ID: 66F2368D1CD0F44D4E79BD01A66110F5
Requests: 12 HTTP requests in this frame

Frame: https://login.bnl.lt/login.html
Frame ID: BA5597382CAC1BF9DC4B04243E1D65AD
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login

Detected technologies

Cart Functionality (Ecommerce) Expand

Overall confidence: 100%
Detected patterns

<a[^>]*href=[^>]*/Cart

Page Statistics

21
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

320 kB
Transfer

757 kB
Size

0
Cookies

28 Outgoing links

These are links going to different origins than the main page.

URL: https://bnl.lt/it/Individui-e-Famiglie
Title: Individui e Famiglie

Search URL Search Domain Scan URL

URL: https://bnl.lt/it/Private-Banking
Title: Private Banking

Search URL Search Domain Scan URL

URL: http://lifebanker.bnl.lt/offerta-360/
Title: Life Banker

Search URL Search Domain Scan URL

URL: https://bnl.lt/it/financial-banking
Title: Financial Banking

Search URL Search Domain Scan URL

URL: https://bnl.lt/it/Professionisti-e-Imprese
Title: Professionisti e Imprese

Search URL Search Domain Scan URL

URL: https://bnl.lt/it/Corporate
Title: Corporate

Search URL Search Domain Scan URL

URL: https://bnl.lt/it/Pubblica-Amministrazione
Title: Pubblica Amministrazione

Search URL Search Domain Scan URL

URL: https://bnl.lt/it/Responsabilita-Sociale
Title: Responsabilita Sociale

Search URL Search Domain Scan URL

URL: https://bnl.lt/it/Scopri-BNL
Title: Scopri BNL

Search URL Search Domain Scan URL

URL: https://bnl.lt/comunicazione/diventacliente/
Title: Diventa Cliente

Search URL Search Domain Scan URL

URL: https://bnl.lt/it/Individui-e-Famiglie/Internet-e-Mobile/Navigare-in-sicurezza
Title: Leggi i nostri consi

Search URL Search Domain Scan URL

URL: https://banking.bnl.lt/pubblica/recuperonumeroclientefe
Title: Recupera Online il Numero Cliente

Search URL Search Domain Scan URL

URL: https://www.facebook.com/BNLBNPParibas/

Search URL Search Domain Scan URL

URL: https://twitter.com/bnpparibas

Search URL Search Domain Scan URL

URL: https://bnl.lt/it/Footer/Trasparenza

Search URL Search Domain Scan URL

URL: https://bnl.lt/it/Footer/Dati-Societari
Title: DATI SOCIETARI

Search URL Search Domain Scan URL

URL: https://bnl.lt/it/Footer/Prospetti-Consob
Title: PROSPETTI CONSOB

Search URL Search Domain Scan URL

URL: https://bnl.lt/it/Footer/Reclami-Ricorsi-Conciliazione
Title: RECLAMI-RICORSI-CONCILIAZIONE

Search URL Search Domain Scan URL

URL: https://bnl.lt/it/Footer/Richiesta-documenti
Title: RICHIESTA DOCUMENTI

Search URL Search Domain Scan URL

URL: https://www.acf.consob.it/
Title: ARBITRO CONTROVERSIE FINANZIARIE

Search URL Search Domain Scan URL

URL: https://bnl.lt/it/Footer/Privacy
Title: PRIVACY

Search URL Search Domain Scan URL

URL: https://bnl.lt/it/Footer/Note-Legali
Title: NOTE LEGALI

Search URL Search Domain Scan URL

URL: https://bnl.lt/it/Footer/Cookie
Title: COOKIE

Search URL Search Domain Scan URL

URL: https://bnl.lt/it/Individui-e-Famiglie/Contatti/Contatti-Istituzionali
Title: CONTATTI ISTITUZIONALI

Search URL Search Domain Scan URL

URL: https://bnl.lt/it/Individui-e-Famiglie/Internet-e-Mobile/Navigare-in-sicurezza/PSD2
Title: PSD2

Search URL Search Domain Scan URL

URL: https://bnl.lt/it/Footer/DAC6
Title: DAC6

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/BNLCHANNEL

Search URL Search Domain Scan URL

URL: http://socialwall.bnl.lt/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response login.bnl.lt/	30 KB 6 KB	135ms 29ms	Document text/html	94.23.73.243 OVH
General Check archive.org Show headers Download Go to Full URL https://login.bnl.lt/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR), Reverse DNS ip243.ip-94-23-73.eu Software nginx / PleskLin Resource Hash `1ea5a04e22f58d6f78f2a40fc5fe1cffaa15b17f0eee753005f04b1dc1d9227f` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding br content-type text/html date Fri, 14 Oct 2022 15:07:42 GMT etag W/"63491a5e-796b" last-modified Fri, 14 Oct 2022 08:14:22 GMT server nginx x-powered-by PleskLin
GET H2	200	footer-icons.css login.bnl.lt/css/	2 B 166 B	31ms 31ms	Stylesheet text/css	94.23.73.243 OVH
General Check archive.org Show headers Download Go to Full URL https://login.bnl.lt/css/footer-icons.css Requested by Host: login.bnl.lt URL: https://login.bnl.lt/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR), Reverse DNS ip243.ip-94-23-73.eu Software nginx / PleskLin Resource Hash `7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6` Request headers accept-language de-DE,de;q=0.9 Referer https://login.bnl.lt/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:07:42 GMT last-modified Tue, 04 Oct 2022 21:00:00 GMT server nginx x-accel-version 0.01 etag "2-5ea3bbe495400" x-powered-by PleskLin content-type text/css accept-ranges bytes content-length 2
GET H2	200	clientlib-redational-page-login.min.css login.bnl.lt/css/	423 KB 35 KB	48ms 48ms	Stylesheet text/css	94.23.73.243 OVH
General Check archive.org Show headers Download Go to Full URL https://login.bnl.lt/css/clientlib-redational-page-login.min.css Requested by Host: login.bnl.lt URL: https://login.bnl.lt/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR), Reverse DNS ip243.ip-94-23-73.eu Software nginx / PleskLin Resource Hash `aa47588d0f1fb056de3e28df8023838fd89567e6b4b3e342b9942dc75a3a5d36` Request headers accept-language de-DE,de;q=0.9 Referer https://login.bnl.lt/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:07:42 GMT content-encoding br last-modified Tue, 04 Oct 2022 21:00:00 GMT server nginx etag W/"633c9ed0-69b95" x-powered-by PleskLin content-type text/css
GET H2	200	alert2.png login.bnl.lt/images/	20 KB 20 KB	54ms 53ms	Image image/png	94.23.73.243 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://login.bnl.lt/images/alert2.png Requested by Host: login.bnl.lt URL: https://login.bnl.lt/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR), Reverse DNS ip243.ip-94-23-73.eu Software nginx / PleskLin Resource Hash `e4d615de09a41c8c2d8d395a3ab156ce9520a9fc96c23b1780bb2adab4292b67` Request headers accept-language de-DE,de;q=0.9 Referer https://login.bnl.lt/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:07:42 GMT last-modified Tue, 04 Oct 2022 21:01:32 GMT server nginx etag "633c9f2c-5041" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 20545
GET H2	200	trasparenza_BNL-1.jpg login.bnl.lt/images/	19 KB 19 KB	62ms 61ms	Image image/jpeg	94.23.73.243 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://login.bnl.lt/images/trasparenza_BNL-1.jpg Requested by Host: login.bnl.lt URL: https://login.bnl.lt/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR), Reverse DNS ip243.ip-94-23-73.eu Software nginx / PleskLin Resource Hash `24b7fc7a5247a3ccb0216515023889adce611b2ca852efd2223509caeb81b9a9` Request headers accept-language de-DE,de;q=0.9 Referer https://login.bnl.lt/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:07:42 GMT last-modified Tue, 04 Oct 2022 21:01:20 GMT server nginx etag "633c9f20-4ccd" x-powered-by PleskLin content-type image/jpeg accept-ranges bytes content-length 19661
GET H2	200	bnl_payoff_transparent.png login.bnl.lt/images/	2 B 167 B	50ms 49ms	Image image/png	94.23.73.243 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://login.bnl.lt/images/bnl_payoff_transparent.png Requested by Host: login.bnl.lt URL: https://login.bnl.lt/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR), Reverse DNS ip243.ip-94-23-73.eu Software nginx / PleskLin Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-DE,de;q=0.9 Referer https://login.bnl.lt/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:07:42 GMT last-modified Tue, 04 Oct 2022 21:01:30 GMT server nginx x-accel-version 0.01 etag "2-5ea3bc3a69e80" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 2
GET H2	200	login.html Show response login.bnl.lt/ Frame BA55	3 KB 976 B	38ms 38ms	Document text/html	94.23.73.243 OVH
General Check archive.org Show headers Download Go to Full URL https://login.bnl.lt/login.html Requested by Host: login.bnl.lt URL: https://login.bnl.lt/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR), Reverse DNS ip243.ip-94-23-73.eu Software nginx / PleskLin Resource Hash `5e1adcf1e30c801b37a21c677c723b7257ba1e017c311bcc76fca3216a1a29ba` Request headers Referer https://login.bnl.lt/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding br content-type text/html date Fri, 14 Oct 2022 15:07:42 GMT etag W/"63492dca-d15" last-modified Fri, 14 Oct 2022 09:37:14 GMT server nginx x-powered-by PleskLin
GET H2	200	bnl_logo_transparent.png login.bnl.lt/images/	11 KB 12 KB	126ms 126ms	Image image/png	94.23.73.243 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://login.bnl.lt/images/bnl_logo_transparent.png Requested by Host: login.bnl.lt URL: https://login.bnl.lt/css/clientlib-redational-page-login.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR), Reverse DNS ip243.ip-94-23-73.eu Software nginx / PleskLin Resource Hash `4f37e40f466d79806853f3758a33da54b5df0794d81a070973e9d5d1ae4636a3` Request headers accept-language de-DE,de;q=0.9 Referer https://login.bnl.lt/css/clientlib-redational-page-login.min.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:07:43 GMT last-modified Tue, 04 Oct 2022 21:01:30 GMT server nginx etag "633c9f2a-2d9a" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 11674
GET H2	200	btnTorna.gif login.bnl.lt/images/	531 B 700 B	73ms 73ms	Image image/gif	94.23.73.243 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://login.bnl.lt/images/btnTorna.gif Requested by Host: login.bnl.lt URL: https://login.bnl.lt/css/clientlib-redational-page-login.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR), Reverse DNS ip243.ip-94-23-73.eu Software nginx / PleskLin Resource Hash `237429d1bfff9ad5d7927317c9bf3787ca7fa7e1267563eb95a1159c5d42e957` Request headers accept-language de-DE,de;q=0.9 Referer https://login.bnl.lt/css/clientlib-redational-page-login.min.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:07:43 GMT last-modified Tue, 04 Oct 2022 21:01:30 GMT server nginx x-accel-version 0.01 etag "213-5ea3bc3a69e80" x-powered-by PleskLin content-type image/gif accept-ranges bytes content-length 531
GET H2	200	bnpp-sans.woff login.bnl.lt/fonts/	54 KB 54 KB	68ms 66ms	Font font/woff	94.23.73.243 OVH
General Check archive.org Show headers Download Go to Full URL https://login.bnl.lt/fonts/bnpp-sans.woff Requested by Host: login.bnl.lt URL: https://login.bnl.lt/css/clientlib-redational-page-login.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR), Reverse DNS ip243.ip-94-23-73.eu Software nginx / PleskLin Resource Hash `3ad317867dbc668f3e6dacfa4c17870a9affaa520346201b394810564e214e7c` Request headers Referer https://login.bnl.lt/css/clientlib-redational-page-login.min.css Origin https://login.bnl.lt accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:07:43 GMT last-modified Tue, 04 Oct 2022 21:00:42 GMT server nginx etag "633c9efa-d648" x-powered-by PleskLin content-type font/woff accept-ranges bytes content-length 54856
GET H2	200	bnpp-sans-bold.woff login.bnl.lt/fonts/	54 KB 54 KB	73ms 72ms	Font font/woff	94.23.73.243 OVH
General Check archive.org Show headers Download Go to Full URL https://login.bnl.lt/fonts/bnpp-sans-bold.woff Requested by Host: login.bnl.lt URL: https://login.bnl.lt/css/clientlib-redational-page-login.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR), Reverse DNS ip243.ip-94-23-73.eu Software nginx / PleskLin Resource Hash `80bf8cdea9bc8b01b1b12f18210a7eb3b5f30fefa0d9f9209813d9f9cfe6e39e` Request headers Referer https://login.bnl.lt/css/clientlib-redational-page-login.min.css Origin https://login.bnl.lt accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:07:43 GMT last-modified Tue, 04 Oct 2022 21:01:04 GMT server nginx etag "633c9f10-d6c8" x-powered-by PleskLin content-type font/woff accept-ranges bytes content-length 54984
GET H2	200	bnpp-sans-light.woff login.bnl.lt/fonts/	53 KB 53 KB	125ms 125ms	Font font/woff	94.23.73.243 OVH
General Check archive.org Show headers Download Go to Full URL https://login.bnl.lt/fonts/bnpp-sans-light.woff Requested by Host: login.bnl.lt URL: https://login.bnl.lt/css/clientlib-redational-page-login.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR), Reverse DNS ip243.ip-94-23-73.eu Software nginx / PleskLin Resource Hash `d9356a502a3e4c129bfddb49268c0531dc91c92a868f600cbe322cfa11e68cba` Request headers Referer https://login.bnl.lt/css/clientlib-redational-page-login.min.css Origin https://login.bnl.lt accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:07:43 GMT last-modified Tue, 04 Oct 2022 21:00:44 GMT server nginx etag "633c9efc-d378" x-powered-by PleskLin content-type font/woff accept-ranges bytes content-length 54136
GET H2	200	bnlicons.woff login.bnl.lt/fonts/	14 KB 14 KB	126ms 126ms	Font font/woff	94.23.73.243 OVH
General Check archive.org Show headers Download Go to Full URL https://login.bnl.lt/fonts/bnlicons.woff Requested by Host: login.bnl.lt URL: https://login.bnl.lt/css/clientlib-redational-page-login.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR), Reverse DNS ip243.ip-94-23-73.eu Software nginx / PleskLin Resource Hash `0ebd476699d79db6b7502538a5088b68ada39af6638f104ddbd06d32f30f8014` Request headers Referer https://login.bnl.lt/css/clientlib-redational-page-login.min.css Origin https://login.bnl.lt accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:07:43 GMT last-modified Tue, 04 Oct 2022 21:01:16 GMT server nginx etag "633c9f1c-3790" x-powered-by PleskLin content-type font/woff accept-ranges bytes content-length 14224
GET H2	200	style.css login.bnl.lt/css/ Frame BA55	20 KB 5 KB	97ms 96ms	Stylesheet text/css	94.23.73.243 OVH
General Check archive.org Show headers Download Go to Full URL https://login.bnl.lt/css/style.css Requested by Host: login.bnl.lt URL: https://login.bnl.lt/login.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR), Reverse DNS ip243.ip-94-23-73.eu Software nginx / PleskLin Resource Hash `77155a2b67996bb206c1a17b0c14d391aa20382fd22bb082a60ffb6df52c253c` Request headers accept-language de-DE,de;q=0.9 Referer https://login.bnl.lt/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:07:43 GMT content-encoding br last-modified Fri, 14 Oct 2022 09:34:36 GMT server nginx etag W/"63492d2c-50cc" x-powered-by PleskLin content-type text/css
GET H2	200	fonts.css login.bnl.lt/ Frame BA55	1 KB 404 B	95ms 94ms	Stylesheet text/css	94.23.73.243 OVH
General Check archive.org Show headers Download Go to Full URL https://login.bnl.lt/fonts.css Requested by Host: login.bnl.lt URL: https://login.bnl.lt/login.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR), Reverse DNS ip243.ip-94-23-73.eu Software nginx / PleskLin Resource Hash `27aeea7c3c44ea1369e80265649c99ad87191aae8d0486a7513c00418d143051` Request headers accept-language de-DE,de;q=0.9 Referer https://login.bnl.lt/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:07:43 GMT content-encoding br last-modified Tue, 04 Oct 2022 20:59:58 GMT server nginx etag W/"633c9ece-539" x-powered-by PleskLin content-type text/css
GET H2	200	login.css login.bnl.lt/css/ Frame BA55	727 B 561 B	102ms 102ms	Stylesheet text/css	94.23.73.243 OVH
General Check archive.org Show headers Download Go to Full URL https://login.bnl.lt/css/login.css Requested by Host: login.bnl.lt URL: https://login.bnl.lt/login.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR), Reverse DNS ip243.ip-94-23-73.eu Software nginx / PleskLin Resource Hash `07b2910875089c0e26dd350388cc8a9831b98a3829df82d394e2c715bf9265d4` Request headers accept-language de-DE,de;q=0.9 Referer https://login.bnl.lt/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:07:43 GMT content-encoding gzip last-modified Fri, 14 Oct 2022 09:35:18 GMT server nginx x-accel-version 0.01 etag "2d7-5eafb58058180-gzip" x-powered-by PleskLin vary Accept-Encoding content-type text/css accept-ranges bytes content-length 354
GET H2	200	hb-login.css login.bnl.lt/css/ Frame BA55	7 KB 2 KB	103ms 102ms	Stylesheet text/css	94.23.73.243 OVH
General Check archive.org Show headers Download Go to Full URL https://login.bnl.lt/css/hb-login.css Requested by Host: login.bnl.lt URL: https://login.bnl.lt/login.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR), Reverse DNS ip243.ip-94-23-73.eu Software nginx / PleskLin Resource Hash `7be26a18e63b6325aff17903b95e96ae21d5f0e178560b85685676d96e375180` Request headers accept-language de-DE,de;q=0.9 Referer https://login.bnl.lt/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:07:43 GMT content-encoding br last-modified Fri, 14 Oct 2022 16:39:46 GMT server nginx etag W/"634990d2-1d81" x-powered-by PleskLin content-type text/css
GET H2	404	style1.css login.bnl.lt/ Frame BA55	0 0	95ms 95ms	Stylesheet text/html	94.23.73.243 OVH
General Check archive.org Show headers Download Go to Full URL https://login.bnl.lt/style1.css Requested by Host: login.bnl.lt URL: https://login.bnl.lt/login.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR), Reverse DNS ip243.ip-94-23-73.eu Software nginx / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://login.bnl.lt/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:07:43 GMT content-encoding br last-modified Fri, 14 Oct 2022 08:19:31 GMT server nginx etag W/"328-5eafa490eba53" content-type text/html
GET H2	200	editoriale.css login.bnl.lt/css/ Frame BA55	5 KB 1 KB	95ms 95ms	Stylesheet text/css	94.23.73.243 OVH
General Check archive.org Show headers Download Go to Full URL https://login.bnl.lt/css/editoriale.css Requested by Host: login.bnl.lt URL: https://login.bnl.lt/login.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR), Reverse DNS ip243.ip-94-23-73.eu Software nginx / PleskLin Resource Hash `1d0f95d73dc3fffecc000871110fbe80679fa6a8afba15e9ea8370269753ab78` Request headers accept-language de-DE,de;q=0.9 Referer https://login.bnl.lt/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:07:43 GMT content-encoding br last-modified Fri, 14 Oct 2022 09:36:38 GMT server nginx etag W/"63492da6-13f7" x-powered-by PleskLin content-type text/css
GET H2	200	BNPP_Sans.woff login.bnl.lt/fonts/ Frame BA55	21 KB 21 KB	34ms 34ms	Font font/woff	94.23.73.243 OVH
General Check archive.org Show headers Download Go to Full URL https://login.bnl.lt/fonts/BNPP_Sans.woff Requested by Host: login.bnl.lt URL: https://login.bnl.lt/fonts.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR), Reverse DNS ip243.ip-94-23-73.eu Software nginx / PleskLin Resource Hash `5d05853766d6d58c7114ee0f9fb2ff9c3c5ec13f9cad1e8b45ac0fee7b06a067` Request headers Referer https://login.bnl.lt/fonts.css Origin https://login.bnl.lt accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:07:43 GMT last-modified Tue, 04 Oct 2022 21:01:20 GMT server nginx etag "633c9f20-546c" x-powered-by PleskLin content-type font/woff accept-ranges bytes content-length 21612
GET H2	200	BNPP_Sans_Light.woff login.bnl.lt/fonts/ Frame BA55	20 KB 20 KB	40ms 40ms	Font font/woff	94.23.73.243 OVH
General Check archive.org Show headers Download Go to Full URL https://login.bnl.lt/fonts/BNPP_Sans_Light.woff Requested by Host: login.bnl.lt URL: https://login.bnl.lt/fonts.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR), Reverse DNS ip243.ip-94-23-73.eu Software nginx / PleskLin Resource Hash `57c8cba095d93ded68bf9a204e030dc726aaff144a20414e46865ca7b7f7364b` Request headers Referer https://login.bnl.lt/fonts.css Origin https://login.bnl.lt accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:07:43 GMT last-modified Tue, 04 Oct 2022 21:01:18 GMT server nginx etag "633c9f1e-5038" x-powered-by PleskLin content-type font/woff accept-ranges bytes content-length 20536

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BNP Paribas (Banking)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://login.bnl.lt/(Line 10) Message: The value "" for key "initial-scale" is invalid, and has been ignored.
rendering	warning	URL: https://login.bnl.lt/(Line 10) Message: The value "" for key "maximum-scale" is invalid, and has been ignored.
rendering	warning	URL: https://login.bnl.lt/(Line 10) Message: The value "" for key "minimum-scale" is invalid, and has been ignored.
network	error	URL: https://login.bnl.lt/style1.css Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

login.bnl.lt
94.23.73.243
07b2910875089c0e26dd350388cc8a9831b98a3829df82d394e2c715bf9265d4
0ebd476699d79db6b7502538a5088b68ada39af6638f104ddbd06d32f30f8014
1d0f95d73dc3fffecc000871110fbe80679fa6a8afba15e9ea8370269753ab78
1ea5a04e22f58d6f78f2a40fc5fe1cffaa15b17f0eee753005f04b1dc1d9227f
237429d1bfff9ad5d7927317c9bf3787ca7fa7e1267563eb95a1159c5d42e957
24b7fc7a5247a3ccb0216515023889adce611b2ca852efd2223509caeb81b9a9
27aeea7c3c44ea1369e80265649c99ad87191aae8d0486a7513c00418d143051
3ad317867dbc668f3e6dacfa4c17870a9affaa520346201b394810564e214e7c
4f37e40f466d79806853f3758a33da54b5df0794d81a070973e9d5d1ae4636a3
57c8cba095d93ded68bf9a204e030dc726aaff144a20414e46865ca7b7f7364b
5d05853766d6d58c7114ee0f9fb2ff9c3c5ec13f9cad1e8b45ac0fee7b06a067
5e1adcf1e30c801b37a21c677c723b7257ba1e017c311bcc76fca3216a1a29ba
77155a2b67996bb206c1a17b0c14d391aa20382fd22bb082a60ffb6df52c253c
7be26a18e63b6325aff17903b95e96ae21d5f0e178560b85685676d96e375180
7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6
80bf8cdea9bc8b01b1b12f18210a7eb3b5f30fefa0d9f9209813d9f9cfe6e39e
aa47588d0f1fb056de3e28df8023838fd89567e6b4b3e342b9942dc75a3a5d36
d9356a502a3e4c129bfddb49268c0531dc91c92a868f600cbe322cfa11e68cba
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4d615de09a41c8c2d8d395a3ab156ce9520a9fc96c23b1780bb2adab4292b67

login.bnl.lt Open in urlscan Pro 94.23.73.243 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

21 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

320 kBTransfer

757 kBSize

0 Cookies

28 Outgoing links

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

0 Cookies

4 Console Messages

Indicators

login.bnl.lt Open in urlscan Pro
94.23.73.243 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

320 kB
Transfer

757 kB
Size

0
Cookies

21 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!