berel.com.mx
Open in
urlscan Pro
34.216.250.212
Malicious Activity!
Public Scan
Submission: On January 24 via manual
Summary
TLS certificate: Issued by Amazon on January 9th 2020. Valid for: a year.
This is the only time berel.com.mx was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco do Brasil (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 34.216.250.212 34.216.250.212 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:814::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 23.111.9.35 23.111.9.35 | 33438 (HIGHWINDS2) (HIGHWINDS2) | |
2 | 2a00:1450:400... 2a00:1450:4001:81c::2003 | 15169 (GOOGLE) (GOOGLE) | |
15 | 4 |
ASN16509 (AMAZON-02, US)
PTR: ec2-34-216-250-212.us-west-2.compute.amazonaws.com
berel.com.mx |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
berel.com.mx
berel.com.mx |
138 KB |
2 |
gstatic.com
fonts.gstatic.com |
18 KB |
1 |
fontawesome.com
use.fontawesome.com |
14 KB |
1 |
googleapis.com
fonts.googleapis.com |
801 B |
15 | 4 |
Domain | Requested by | |
---|---|---|
11 | berel.com.mx |
berel.com.mx
|
2 | fonts.gstatic.com |
berel.com.mx
|
1 | use.fontawesome.com |
berel.com.mx
|
1 | fonts.googleapis.com |
berel.com.mx
|
15 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
berel.com Amazon |
2020-01-09 - 2021-02-09 |
a year | crt.sh |
*.storage.googleapis.com GTS CA 1O1 |
2020-01-07 - 2020-03-31 |
3 months | crt.sh |
*.fontawesome.com DigiCert SHA2 Secure Server CA |
2019-10-28 - 2020-12-23 |
a year | crt.sh |
*.google.com GTS CA 1O1 |
2020-01-07 - 2020-03-31 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://berel.com.mx/sites/--/https:/www2.bb.com.br/smiles//login.php
Frame ID: 084925BC30CD1DD396064DAD41B7A3B2
Requests: 15 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
CentOS (Operating Systems) Expand
Detected patterns
- headers server /CentOS/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href="https:\/\/use\.fontawesome\.com\/releases\/v([^>]+)\/css\//i
Google Font API (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login.php
berel.com.mx/sites/--/https:/www2.bb.com.br/smiles// |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.css
berel.com.mx/sites/--/https:/www2.bb.com.br/smiles//styles/ |
15 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
10 KB 801 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.css
use.fontawesome.com/releases/v5.8.1/css/ |
54 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
berel.com.mx/sites/--/https:/www2.bb.com.br/smiles//javascripts/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.js
berel.com.mx/sites/--/https:/www2.bb.com.br/smiles//javascripts/ |
8 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
destaque_cima_login.jpg
berel.com.mx/sites/--/https:/www2.bb.com.br/smiles//images/ |
71 KB 72 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
background_login_header.jpg
berel.com.mx/sites/--/https:/www2.bb.com.br/smiles//images/ |
10 KB 10 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg_cx_login.png
berel.com.mx/sites/--/https:/www2.bb.com.br/smiles//images/ |
215 B 470 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sep_bx_login.png
berel.com.mx/sites/--/https:/www2.bb.com.br/smiles//images/ |
145 B 399 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login_bx_on.png
berel.com.mx/sites/--/https:/www2.bb.com.br/smiles//images/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login_bx_2_on.png
berel.com.mx/sites/--/https:/www2.bb.com.br/smiles//images/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg_footer.gif
berel.com.mx/sites/--/https:/www2.bb.com.br/smiles//images/ |
579 B 834 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco do Brasil (Banking)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| alt_message function| check_cici function| check_codigo function| check_fone function| check_login function| checkCard function| FormataDado function| mask0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
berel.com.mx
fonts.googleapis.com
fonts.gstatic.com
use.fontawesome.com
23.111.9.35
2a00:1450:4001:814::200a
2a00:1450:4001:81c::2003
34.216.250.212
0d4962ba649e1a5e9f069771cf9ee9abe522f4c7b6849ed48e168d00edf2a90a
15b54d408557488fd7cc7fc3c6240046813d492b9d2b936a0bee8b8fe1597853
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
521936c864f7a1d096e47566673e6f3696a6ab7b8fb638ceca5082d7534e9114
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
85ff25d12bcb48480b3092be47d2a016582ab093335c594518893c8f685cb004
a03bd27a7d3756b4e09a7e9ac101f3da239a24b9635e8ca61857ed3cad21477a
b6cad66d3275431f13cceabc09d830db05eb1043105c276da3678a98b5001cd1
b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc
c6d6af98f2f41d74982ca3b99ace4f37483fe909463df5583f21838389839f93
cde5f2a739de7b9aa9f8df2294940a28bf62ed55bf438878029695969703ba50
ddba6f8cb9f95657e08d71ede2c025786c09835962a49b81978bccb9666d6817
e9a428402333b62b3df7863e3a8312dfe8e019183801137ee0a0eaa76d6c17ef
eeb17a45a48aca1d7adbcf04de155dcd0b47cb36ad036310446bb471fea9aaa3
f15e58d6db051d920c231b6dc993c81ba588838681a871335a1da4961df4a23f