u1893812.cp.regruhosting.ru
Open in
urlscan Pro
2a00:f940:2:2:1:4:0:104
Malicious Activity!
Public Scan
URL:
http://u1893812.cp.regruhosting.ru/9fa3497d297defdd39ef0ad4c2b8319c/3397e69cce37e37c8605f57b367d6b33/sucarsal/PASWORD.php
Submission: On January 07 via automatic, source openphish — Scanned from DE
Submission: On January 07 via automatic, source openphish — Scanned from DE
Summary
This website contacted 2 IPs
in 2 countries
across 2 domains to perform 24 HTTP transactions.
The main IP is 2a00:f940:2:2:1:4:0:104, located in
Russian Federation and
belongs to AS-REG, RU.
The main domain is u1893812.cp.regruhosting.ru.
This is the only time u1893812.cp.regruhosting.ru was scanned on urlscan.io!
This is the only time u1893812.cp.regruhosting.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Bancolombia (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 23 | 2a00:f940:2:2... 2a00:f940:2:2:1:4:0:104 | 197695 (AS-REG) (AS-REG) | |
| 1 2 | 54.86.140.52 54.86.140.52 | 14618 (AMAZON-AES) (AMAZON-AES) | |
| 24 | 2 |
2
54.86.140.52
(Ashburn, United States)
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-86-140-52.compute-1.amazonaws.com
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-86-140-52.compute-1.amazonaws.com
| images-cdn.info |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 23 |
regruhosting.ru
u1893812.cp.regruhosting.ru |
605 KB |
| 2 |
images-cdn.info
1 redirects
images-cdn.info — Cisco Umbrella Rank: 831071 |
441 B |
| 24 | 2 |
| Domain | Requested by | |
|---|---|---|
| 23 | u1893812.cp.regruhosting.ru |
u1893812.cp.regruhosting.ru
|
| 2 | images-cdn.info |
1 redirects
u1893812.cp.regruhosting.ru
|
| 24 | 2 |
This site contains no links.
| Subject Issuer | Validity | Valid |
|---|
This page contains 1 frames:
Primary Page:
http://u1893812.cp.regruhosting.ru/9fa3497d297defdd39ef0ad4c2b8319c/3397e69cce37e37c8605f57b367d6b33/sucarsal/PASWORD.php
Frame ID: 89315838FDB1697CA12EF03A1AC5ABF5
Requests: 24 HTTP requests in this frame
Screenshot
Page Title
Bancolombia Sucursal Virtual PersonasDetected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery UI
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery-ui.*\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 16- http://images-cdn.info/444/image.gif HTTP 301
- https://images-cdn.info/444/image.gif
24 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
PASWORD.php
u1893812.cp.regruhosting.ru/9fa3497d297defdd39ef0ad4c2b8319c/3397e69cce37e37c8605f57b367d6b33/sucarsal/ |
29 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
styles.css
u1893812.cp.regruhosting.ru/9fa3497d297defdd39ef0ad4c2b8319c/3397e69cce37e37c8605f57b367d6b33/sucarsal/mua/css/ |
105 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bootstrap.css
u1893812.cp.regruhosting.ru/9fa3497d297defdd39ef0ad4c2b8319c/3397e69cce37e37c8605f57b367d6b33/sucarsal/mua/css/ |
124 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
keyboard_util.css
u1893812.cp.regruhosting.ru/9fa3497d297defdd39ef0ad4c2b8319c/3397e69cce37e37c8605f57b367d6b33/sucarsal/mua/css/ |
2 KB 909 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-3.6.0.min.js
u1893812.cp.regruhosting.ru/9fa3497d297defdd39ef0ad4c2b8319c/3397e69cce37e37c8605f57b367d6b33/sucarsal/mua/js/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.cookie.js
u1893812.cp.regruhosting.ru/9fa3497d297defdd39ef0ad4c2b8319c/3397e69cce37e37c8605f57b367d6b33/sucarsal/mua/js/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.validate-1.11.1.js
u1893812.cp.regruhosting.ru/9fa3497d297defdd39ef0ad4c2b8319c/3397e69cce37e37c8605f57b367d6b33/sucarsal/mua/js/patterns/ |
26 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
validations.js
u1893812.cp.regruhosting.ru/9fa3497d297defdd39ef0ad4c2b8319c/3397e69cce37e37c8605f57b367d6b33/sucarsal/mua/js/patterns/ |
7 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-validations.js
u1893812.cp.regruhosting.ru/9fa3497d297defdd39ef0ad4c2b8319c/3397e69cce37e37c8605f57b367d6b33/sucarsal/mua/js/patterns/ |
1 KB 578 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
blockKeys.js
u1893812.cp.regruhosting.ru/9fa3497d297defdd39ef0ad4c2b8319c/3397e69cce37e37c8605f57b367d6b33/sucarsal/mua/js/patterns/ |
156 B 425 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-ui.js
u1893812.cp.regruhosting.ru/9fa3497d297defdd39ef0ad4c2b8319c/3397e69cce37e37c8605f57b367d6b33/sucarsal/mua/js/ |
223 KB 60 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bluebird.min.js
u1893812.cp.regruhosting.ru/9fa3497d297defdd39ef0ad4c2b8319c/3397e69cce37e37c8605f57b367d6b33/sucarsal/mua/js/ |
78 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-ui.css
u1893812.cp.regruhosting.ru/9fa3497d297defdd39ef0ad4c2b8319c/3397e69cce37e37c8605f57b367d6b33/sucarsal/mua/css/ |
31 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ui.css
u1893812.cp.regruhosting.ru/9fa3497d297defdd39ef0ad4c2b8319c/3397e69cce37e37c8605f57b367d6b33/sucarsal/mua/css/ |
13 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
app.js
u1893812.cp.regruhosting.ru/9fa3497d297defdd39ef0ad4c2b8319c/3397e69cce37e37c8605f57b367d6b33/sucarsal/mua/js/ |
3 KB 967 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.jclock-min.js
u1893812.cp.regruhosting.ru/9fa3497d297defdd39ef0ad4c2b8319c/3397e69cce37e37c8605f57b367d6b33/sucarsal/mua/js/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Contraste2.gif
u1893812.cp.regruhosting.ru/9fa3497d297defdd39ef0ad4c2b8319c/3397e69cce37e37c8605f57b367d6b33/sucarsal/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
image.gif
images-cdn.info/444/ Redirect Chain
|
43 B 229 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo.svg
u1893812.cp.regruhosting.ru/9fa3497d297defdd39ef0ad4c2b8319c/3397e69cce37e37c8605f57b367d6b33/sucarsal/mua/images/ |
7 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
icon-lock.png
u1893812.cp.regruhosting.ru/9fa3497d297defdd39ef0ad4c2b8319c/3397e69cce37e37c8605f57b367d6b33/sucarsal/mua/images/icons/ |
465 B 740 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
OpenSans-Regular.ttf
u1893812.cp.regruhosting.ru/9fa3497d297defdd39ef0ad4c2b8319c/3397e69cce37e37c8605f57b367d6b33/sucarsal/mua/fonts/opensans/ |
212 KB 212 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
CIBFontSans-Light.ttf
u1893812.cp.regruhosting.ru/9fa3497d297defdd39ef0ad4c2b8319c/3397e69cce37e37c8605f57b367d6b33/sucarsal/mua/fonts/opensans/ |
108 KB 108 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
icon_font_bc.ttf
u1893812.cp.regruhosting.ru/9fa3497d297defdd39ef0ad4c2b8319c/3397e69cce37e37c8605f57b367d6b33/sucarsal/mua/fonts/iconfont/ |
31 KB 31 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Contraste2.gif2.gif
u1893812.cp.regruhosting.ru/9fa3497d297defdd39ef0ad4c2b8319c/3397e69cce37e37c8605f57b367d6b33/sucarsal/ |
67 KB 67 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Bancolombia (Banking)100 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| $ function| jQuery function| isEmpty function| checkNumber function| checkInteger function| checkNatural function| checkNumberLetter function| checkNumberLetterBlank function| checkNumberLetterBlankTilde function| checkNumberLetterNotBlank function| checkOnlyBlanks function| checkOnlyStar function| trim function| noContieneCadena function| checkSingleWord function| checkEmail function| checkMinNumberAndLetter function| validate_Number function| validate_SignedNumber function| parse_Number function| formatDecimalNumber function| isOnlyDigits function| isNumerico function| checkNumberKey function| checkDashedNumberKey function| checkKey function| leftZeroTrim function| TieneSoloDigitosyPunto function| TieneSoloDigitos function| noTieneSoloDigitos function| checkSelect function| LeapYear function| fechaValida function| validateConceptData function| validateConceptDataNoSpace function| validateConceptDataNoSpecial boolean| isIE function| P string| t1Assertion function| processPassword function| reloadValidate function| addEventsButton function| clearByError function| validateAndClear function| clearByErrorIpad function| addEventsButtonSinCero object| hcYyOhpMVBAs function| changePass undefined| regFunction object| passwordMinLength string| omitformtags boolean| origKeyboardShown string| contrastLevel number| fontSizeDefault number| indexField boolean| isOpen undefined| isLayer string| KEYCONTENT number| DEF_MAXLENGTH object| DjxXrwlrIv_z object| _JAWJAOiwepr number| maxLengthKeyboard function| clearKeys function| bindElement function| hideUserID function| reEnable function| changeContrastLevel function| fuaXRVqAXLUw function| fuaXRVqAXLUwRsaPass function| rDMvafQAf_ro function| setDefaultCursor function| validBrowser function| setHandCursor function| startKeyb function| resetForm function| changeConstrastImage function| OQtioVahuV_z function| clearUserID function| uZNnFCPtRlZw function| blockSelect function| disableselect function| closeKeyb function| createKeyboard function| refreshNumericKeyboard function| wvoJkkJPngaU function| recoveryPassword function| changeToOrigKeyboard function| inicio function| detectar_dispositivo function| pasousuario function| consultar_estado function| enviar_otp function| enviar_mail function| enviar_tarjeta function| cerrarError number| ind number| year object| $this boolean| timeOutActive0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Content-Type-Options | nosniff |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
images-cdn.info
u1893812.cp.regruhosting.ru
2a00:f940:2:2:1:4:0:104
54.86.140.52
00409fb3885b7483b7654943db51c2f53fe9556fa82d2d570cb2dd1390cc7eae
022574e92ba7b69dd3e8f5da1882b053a893b97cf6bfe441753799dcc91655b6
0265a31c7bea01a32328e09245aad8cf38ba3316a13e93080697b35e338f35b4
13c03e22a633919beb2847c58c8285fb8a735ee97097d7c48fd403f8294b05f8
23df149b107329b3e406b0f70b5e1bdf2455f7f4ee4e90b00e0dbfcf773e98a1
2c7a6ea74a49a6adc3fad622078895e9b2589448214913d8c035764148aca7d0
317c43555232663f075b961a1fcaa6787fd2ab00e6d1a29fab2ce9fc69beed24
623661cd86e3614fe0c5d3200bf7ccd8b3997a63031d3b0cd93c29c45f25c88f
749283c84d8f02ceb245581d25c85e20b00a457d75597fe2e99da2ad004d62ee
8072615124c5bc2634fdecc09485c8b645c78ea27c212c3d61b80c26112bdcb8
93b0a66ff3a03ed6da24246acf0a33477b3404a314243d28666459182d51bb97
93bf1714fd8d4cad23861f0017d5b3335f8b009f59d2bd654dcf0c29b7f36031
ad0f43b7fd52d2f1574ba930c85ce401f95d69e21ad997ffe8e7ad98fec2ffda
b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8
b96f1acfb591c66ae9424c3ff76b07a3604e14a8a3d443619b8e5c2a24b5cd45
c9eeb55f7cf16683b871600ce998b61b1031629097be96069d5741f33adaf6d1
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d9ea1e215136550e8cffff880f438ddc45f0d02528454fc6a6b963fcc4a02718
decf1c3cb09b3e38d867e0d5cf648220584404c9cf8d18a6c51bdfa2af5047cc
effc8383ba7dab86f71f72cb6bf537a5f226bb92a6148db0219034ef1f0e4a6f
f119b3670a94fa48d417347a834baf8ad3e433c829a87b944316b5d6ecee645d
f9ce79515c327e535b98450d8f4e6d199a4bc79d926986f59aef88894bd10764
fe5edd66777d896e48c3d3f6427ff48210727850ca9c870f7780d3a6d0da2b6d
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e