xn--bnances-rfb.net - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 1 HTTP transactions. The main IP is 163.5.169.63, located in France and belongs to VIRTUO, CA. The main domain is xn--bnances-rfb.net.
TLS certificate: Issued by E5 on September 22nd 2024. Valid for: 3 months.

This is the only time xn--bnances-rfb.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Binance (Crypto Exchange)

Domain & IP information

	IP Address		AS Autonomous System
1	163.5.169.63 163.5.169.63		399486 (VIRTUO) (VIRTUO)
1	2

1 163.5.169.63 (France)

ASN399486 (VIRTUO, CA)

xn--bnances-rfb.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	xn--bnances-rfb.net xn--bnances-rfb.net	2 MB
1	1

	Domain	Requested by
1	xn--bnances-rfb.net
1	1

This site contains links to these domains. Also see Links.

Domain
www.binance.com

Subject Issuer	Validity	Valid
xn--bnances-rfb.net E5	`2024-09-22` - `2024-12-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://xn--bnances-rfb.net/fr/certificationUpdate
Frame ID: 8D9DB53F6CE87C54D13E2E1F96FDAA7A
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Verification Center

Page Statistics

1
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

2235 kB
Transfer

2238 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.binance.com/en

Search URL Search Domain Scan URL

URL: https://www.binance.com/en/download?utm_source=referral&utm_campaign=www.binance.com
Title: More Download Options

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions
5 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request certificationUpdate Show response xn--bnances-rfb.net/fr/	2 MB 2 MB	184ms 120ms	Document text/html	163.5.169.63 VIRTUO
General Check archive.org Show headers Download Go to Full URL https://xn--bnances-rfb.net/fr/certificationUpdate Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 163.5.169.63 , France, ASN399486 (VIRTUO, CA), Reverse DNS Software / Resource Hash `ad82289ec191209fc4a9348e42d03fed8b962bc06576db484c022f7a46c9c9d6` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers Cache-Control no-cache, no-store Connection close Content-Type text/html Transfer-Encoding chunked
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `83eef421c3682a87d0a7107f6872a1e36222cb1623ade9211b817ee2dfc0059b` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png
GET DATA	200 OK	truncated /	25 KB 25 KB		Font binary/octet-stream
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4675a3d0b6e29f17dc8c2c7cc8fa0269bdb1a5838f43784d130480494114f84e` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://xn--bnances-rfb.net Referer Response headers Content-Type binary/octet-stream
GET DATA	200 OK	truncated /	27 KB 27 KB		Font binary/octet-stream
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4d0450d65a0e05e46e31a943a4da229890e2a80acfd140489aa1d5a267ca13f4` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://xn--bnances-rfb.net Referer Response headers Content-Type binary/octet-stream
GET DATA	200 OK	truncated /	33 KB 33 KB		Font binary/octet-stream
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ab872e4e3dbfaa92b129d099ddea1559ae0010a1e73b7ec6cb46e9af6fdf26f8` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://xn--bnances-rfb.net Referer Response headers Content-Type binary/octet-stream
GET DATA	200 OK	truncated /	29 KB 29 KB		Font binary/octet-stream
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d94625d03bab2a07d878028a56f11abb1d641d64faf5c46c215916984c4c7b0a` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://xn--bnances-rfb.net Referer Response headers Content-Type binary/octet-stream

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Binance (Crypto Exchange)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| clickedDownload function| _0x356d function| _0x3139

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.xn--bnances-rfb.net/	1970-01-20 23:43:55	Name: 60ea-486f Value: f255eb4ddb3ae14b505782f211d5c36665e020454752e763837f1b9b9325f4ff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

xn--bnances-rfb.net
163.5.169.63
4675a3d0b6e29f17dc8c2c7cc8fa0269bdb1a5838f43784d130480494114f84e
4d0450d65a0e05e46e31a943a4da229890e2a80acfd140489aa1d5a267ca13f4
83eef421c3682a87d0a7107f6872a1e36222cb1623ade9211b817ee2dfc0059b
ab872e4e3dbfaa92b129d099ddea1559ae0010a1e73b7ec6cb46e9af6fdf26f8
ad82289ec191209fc4a9348e42d03fed8b962bc06576db484c022f7a46c9c9d6
d94625d03bab2a07d878028a56f11abb1d641d64faf5c46c215916984c4c7b0a

xn--bnances-rfb.net Open in urlscan Pro Puny bınances.net IDN 163.5.169.63 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

1 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

2235 kBTransfer

2238 kBSize

1 Cookies

2 Outgoing links

Redirected requests

1 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

Indicators

xn--bnances-rfb.net Open in urlscan Pro Puny
bınances.net IDN
163.5.169.63 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

1
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

2235 kB
Transfer

2238 kB
Size

1
Cookies

1 HTTP transactions
5 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!