authenticatie.ri13hzt2p0g8.me
Open in
urlscan Pro
2606:4700:3035::ac43:da10
Malicious Activity!
Public Scan
Effective URL: https://authenticatie.ri13hzt2p0g8.me/b2n/a1b2c3/e8cca9c256c8c765d9208d02340f9e95/login/
Submission: On December 08 via manual from DE — Scanned from US
Summary
TLS certificate: Issued by GTS CA 1P5 on December 8th 2022. Valid for: 3 months.
This is the only time authenticatie.ri13hzt2p0g8.me was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BNP Paribas (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 31 | 2606:4700:303... 2606:4700:3035::ac43:da10 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 2 | 146.75.32.193 146.75.32.193 | () () | |
29 | 2 |
ASN13335 (CLOUDFLARENET, US)
authenticatie.ri13hzt2p0g8.me |
Apex Domain Subdomains |
Transfer | |
---|---|---|
31 |
ri13hzt2p0g8.me
3 redirects
authenticatie.ri13hzt2p0g8.me |
929 KB |
2 |
imgur.com
1 redirects
i.imgur.com |
898 B |
29 | 2 |
Domain | Requested by | |
---|---|---|
31 | authenticatie.ri13hzt2p0g8.me |
3 redirects
authenticatie.ri13hzt2p0g8.me
|
2 | i.imgur.com | 1 redirects |
29 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.ri13hzt2p0g8.me GTS CA 1P5 |
2022-12-08 - 2023-03-08 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://authenticatie.ri13hzt2p0g8.me/b2n/a1b2c3/e8cca9c256c8c765d9208d02340f9e95/login/
Frame ID: B08C83ED3915C027D2AE7E3DF1F018A8
Requests: 29 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://authenticatie.ri13hzt2p0g8.me/b2n/ Page URL
-
https://authenticatie.ri13hzt2p0g8.me/b2n/a1b2c3/e8cca9c256c8c765d9208d02340f9e95
HTTP 301
http://authenticatie.ri13hzt2p0g8.me/b2n/a1b2c3/e8cca9c256c8c765d9208d02340f9e95/ HTTP 301
https://authenticatie.ri13hzt2p0g8.me/b2n/a1b2c3/e8cca9c256c8c765d9208d02340f9e95/ HTTP 302
https://authenticatie.ri13hzt2p0g8.me/b2n/a1b2c3/e8cca9c256c8c765d9208d02340f9e95/login/ Page URL
Detected technologies
AngularJS (JavaScript Frameworks) ExpandDetected patterns
- \bangular.{0,32}\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://authenticatie.ri13hzt2p0g8.me/b2n/ Page URL
-
https://authenticatie.ri13hzt2p0g8.me/b2n/a1b2c3/e8cca9c256c8c765d9208d02340f9e95
HTTP 301
http://authenticatie.ri13hzt2p0g8.me/b2n/a1b2c3/e8cca9c256c8c765d9208d02340f9e95/ HTTP 301
https://authenticatie.ri13hzt2p0g8.me/b2n/a1b2c3/e8cca9c256c8c765d9208d02340f9e95/ HTTP 302
https://authenticatie.ri13hzt2p0g8.me/b2n/a1b2c3/e8cca9c256c8c765d9208d02340f9e95/login/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 20- https://i.imgur.com/qLLBIyP.png HTTP 302
- https://i.imgur.com/removed.png
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
authenticatie.ri13hzt2p0g8.me/b2n/ |
728 B 911 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
/
authenticatie.ri13hzt2p0g8.me/b2n/a1b2c3/e8cca9c256c8c765d9208d02340f9e95/login/ Redirect Chain
|
21 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
authenticatie.ri13hzt2p0g8.me/b2n/bower_components/jquery/dist/ |
85 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ua-parser.min.js
authenticatie.ri13hzt2p0g8.me/b2n/bower_components/ua-parser-js/dist/ |
17 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
font-awesome.min.css
authenticatie.ri13hzt2p0g8.me/b2n/bower_components/font-awesome/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core_form.js
authenticatie.ri13hzt2p0g8.me/b2n/core/form/ |
17 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core_token.js
authenticatie.ri13hzt2p0g8.me/b2n/core/token/ |
13 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
angular.min.js
authenticatie.ri13hzt2p0g8.me/b2n/bower_components/angular/ |
165 KB 59 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core_form.css
authenticatie.ri13hzt2p0g8.me/b2n/core/form/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.maskedinput.min.js
authenticatie.ri13hzt2p0g8.me/b2n/bower_components/jquery.maskedinput/dist/ |
16 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
css.css
authenticatie.ri13hzt2p0g8.me/b2n/login/form/ |
157 B 586 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Web-Banking-Unauthenticated.css
authenticatie.ri13hzt2p0g8.me/b2n/login/ |
124 B 595 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
brand.css
authenticatie.ri13hzt2p0g8.me/b2n/login/ |
266 B 662 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
mediaelementplayer.min.css
authenticatie.ri13hzt2p0g8.me/b2n/login/ |
12 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
form.js
authenticatie.ri13hzt2p0g8.me/b2n/login/form/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
token.js
authenticatie.ri13hzt2p0g8.me/b2n/login/token/ |
1 KB 1005 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ng.js
authenticatie.ri13hzt2p0g8.me/b2n/login/ng/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bnpp-fortis.css
authenticatie.ri13hzt2p0g8.me/b2n/login/ |
497 KB 89 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bnpp-fortis-pws.css
authenticatie.ri13hzt2p0g8.me/b2n/login/ |
133 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bnpp-fortis-patch.css
authenticatie.ri13hzt2p0g8.me/b2n/login/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
newloader.gif
authenticatie.ri13hzt2p0g8.me/b2n/login/form/ |
544 KB 545 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
removed.png
i.imgur.com/ Redirect Chain
|
503 B 680 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
home.php
authenticatie.ri13hzt2p0g8.me/b2n/ |
58 B 496 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
home.php
authenticatie.ri13hzt2p0g8.me/b2n/ |
58 B 496 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sprite.svg
authenticatie.ri13hzt2p0g8.me/b2n/login/ |
83 KB 26 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bnpiconfont.ttf
authenticatie.ri13hzt2p0g8.me/b2n/login/ |
53 KB 33 KB |
Font
application/font-sfnt |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bnpp_sans-webfont.ttf
authenticatie.ri13hzt2p0g8.me/b2n/login/ |
55 KB 29 KB |
Font
application/font-sfnt |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bnpp_sans_light-webfont.ttf
authenticatie.ri13hzt2p0g8.me/b2n/login/ |
56 KB 28 KB |
Font
application/font-sfnt |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bnpp_sans_cond_regular-webfont.ttf
authenticatie.ri13hzt2p0g8.me/b2n/login/ |
46 KB 25 KB |
Font
application/font-sfnt |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BNP Paribas (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| $ function| jQuery function| UAParser2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
authenticatie.ri13hzt2p0g8.me/b2n | Name: real Value: OK |
|
authenticatie.ri13hzt2p0g8.me/ | Name: bid Value: e8cca9c256c8c765d9208d02340f9e95 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
authenticatie.ri13hzt2p0g8.me
i.imgur.com
146.75.32.193
2606:4700:3035::ac43:da10
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
1a12bc7f3b15ff510d0ac65d5d7a9c5353b8d771fe6cd6c6506948bea40b43ec
2401f3161d368c0717e5d3991b8b2d123db0ec5ac584d6a725fb083ba6d77440
24575e554b0a248e687a4a95a17d0f8f96d2d8f58400362c6ba3dd500e409447
35f73a70cca067828be9e0a712b8b48908e1bc4490637c62bd70158f95cd6e27
3db83b11c9e57046fd3b39a651e5c9910dc3a2ec1933f54c410f45d2c589a1a7
43eaedd3523a071f0de1d520ed7b18d5eee105d9b03578fbcec8c597b6376b23
4c37c79fe85019baf1ea7600dbfb0e1ab2576a75c206efc6a9454fc827b6f8b8
60a1ce266a5ccb14551a31408b149f1c5dbb156a445985c563513ee5b7269457
65165b5acc3c38c0106504f9e27442f281c509d77f049c0a2bc4788e041d9a6c
6a2f967ab83a1b16b06c60bbbbbe901f1719b620718f43ee6b7a48d7578cee67
6b6b93f11eeac31cbf43a7944129b7593af8b33c11e2fc2c7b159c24947de53b
77d8b27fb385e5ea2bb4a42503a85e3d5087fb535fd6e31a02d2c0824486d47e
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
907d66973b8a86469b449cbf61d1dd0e17df8cbdb894efb6ea47cae06cd67c3f
9ad773076cd905a570b315793a3c6cd7650b7080550262ebb8ff6bd1d47c1e16
9b5936f4006146e4e1e9025b474c02863c0b5614132ad40db4b925a10e8bfbb9
a365739fce669118725df9ca838bc3a654cc5e74c692d49d09929fdfa2303b72
a56f74eaf471b8d0869d8d9556e4925e89767e210c4f0cf273ee012213086ec2
ab68cb89316af5337023db133940cef438e41dadd9668c8a912cac6c8bab2434
aff55d598a0dc79cdc4dfb0e22fcbfaa35fb062b46fb7bc1848a81230c3ce46d
c2333f5fd1328c003ee0c3fc104f9c7f66d081d32c0245257f78cd7a9bdd2942
c684afa4c39efea304e22ae389c6a1b0b3a5ef6cdafee34240ce523f44b16ca8
cfcfde61ea1f3198b2724a4a9fa7e0f9aa77a432cf40cee92b693d05aa06a104
dad960859ed82e4d606f7afbcb4ce3e895688d0f0ab704057b3c1379a0d1f6d3
de0bf66164a0388d4900334ee1d69215cd6e1562974155e0c307f0954a45a90b
e5b1ff23af7a5cfc52043f980fa2524f7a0f0a7df1ab93bdf4785c26e2df425e