netssupport.com - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 3 HTTP transactions. The main IP is 185.27.134.33, located in United Kingdom and belongs to WILDCARD-AS Wildcard UK Limited, GB. The main domain is netssupport.com.

This is the only time netssupport.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BankID (Banking)

Domain & IP information

	IP Address		AS Autonomous System
3	185.27.134.33 185.27.134.33		34119 (WILDCARD-...) (WILDCARD-AS Wildcard UK Limited)
3	2

3 185.27.134.33 (United Kingdom)

ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)

netssupport.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	netssupport.com netssupport.com	46 KB
0	Failed function sub() { [native code] }. Failed
3	2

	Domain	Requested by
3	netssupport.com	netssupport.com
0	truncated Failed	netssupport.com
3	2

This site contains links to these domains. Also see Links.

Domain
www.bankid.no

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://netssupport.com/?i=1
Frame ID: 6328DC91607A9D6419BB3A7E199EC49B
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BankID

Page URL History Show full URLs

http://netssupport.com/ Page URL
http://netssupport.com/?i=1 Page URL

Page Statistics

3
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

46 kB
Transfer

88 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bankid.no/en/private/protection-of-privacy-and-status/protection-of-privacy-bankid-app/
Title: Personvernerklæring for BankID

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://netssupport.com/ Page URL
http://netssupport.com/?i=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response netssupport.com/	826 B 822 B	141ms 56ms	Document text/html	185.27.134.33 WILDCARD-AS Wildc...
General Check archive.org Show headers Download Go to Full URL http://netssupport.com/ Protocol HTTP/1.1 Server 185.27.134.33 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB), Reverse DNS Software nginx / Resource Hash `a18497f75dbf5be362a31cba82c06e0dc37f7ed0df98967330b560eb2b063a89` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers Cache-Control no-cache Connection keep-alive Content-Encoding gzip Content-Type text/html Date Wed, 20 Sep 2023 06:49:58 GMT Expires Thu, 01 Jan 1970 00:00:01 GMT Server nginx Transfer-Encoding chunked Vary Accept-Encoding
GET H/1.1	200 OK	aes.js Show response netssupport.com/	30 KB 31 KB	56ms 56ms	Script application/javascript	185.27.134.33 WILDCARD-AS Wildc...
General Check archive.org Show headers Download Go to Full URL http://netssupport.com/aes.js Requested by Host: netssupport.com URL: http://netssupport.com/ Protocol HTTP/1.1 Server 185.27.134.33 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB), Reverse DNS Software nginx / Resource Hash `d2701c86a2a31a641520e72121749dbbabeed4b1a59aece20bbf14f9c9de82bc` Request headers accept-language en-GB,en;q=0.9 Referer http://netssupport.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Date Wed, 20 Sep 2023 06:49:58 GMT Last-Modified Sat, 08 Aug 2015 08:10:59 GMT Server nginx ETag "55c5b993-79e6" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 31206
GET H/1.1	200 OK	Primary Request / Show response netssupport.com/	52 KB 15 KB	106ms 105ms	Document text/html	185.27.134.33 WILDCARD-AS Wildc...
General Check archive.org Show headers Download Go to Full URL http://netssupport.com/?i=1 Requested by Host: netssupport.com URL: http://netssupport.com/ Protocol HTTP/1.1 Server 185.27.134.33 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB), Reverse DNS Software nginx / Resource Hash `ad28eb57656ccbdd35d05bf85596e9c522a9cd323cecc6dd74962db265274e4a` Request headers Referer http://netssupport.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers Cache-Control max-age=2592000, public, proxy-revalidate, public, proxy-revalidate Connection keep-alive Content-Encoding gzip Content-Type text/html Date Wed, 20 Sep 2023 06:49:58 GMT Expires Fri, 20 Oct 2023 06:49:58 GMT Last-Modified Wed, 13 Sep 2023 14:06:07 GMT Server nginx Transfer-Encoding chunked Vary Accept-Encoding
GET DATA	200 OK	truncated /	3 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `484e8282229f40d3e277f96ca4584b7d6c863f4270f5294bc52c365f5e6473fc` Request headers accept-language en-GB,en;q=0.9 Referer http://netssupport.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `3cc3a935838d7a548560831f6bd40597f0106a03ed9e5cad74c6f2ee7709d376` Request headers accept-language en-GB,en;q=0.9 Referer http://netssupport.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Content-Type image/svg+xml
GET		truncated /	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: truncated
URL: data:truncated

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BankID (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			netssupport.com/	1970-01-21 00:29:12	Name: __test Value: cdff621bd3be9f617ebe7f3305cbdf58

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: data: Message: Failed to load resource: net::ERR_INVALID_URL

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

netssupport.com
truncated
truncated
185.27.134.33
3cc3a935838d7a548560831f6bd40597f0106a03ed9e5cad74c6f2ee7709d376
484e8282229f40d3e277f96ca4584b7d6c863f4270f5294bc52c365f5e6473fc
a18497f75dbf5be362a31cba82c06e0dc37f7ed0df98967330b560eb2b063a89
ad28eb57656ccbdd35d05bf85596e9c522a9cd323cecc6dd74962db265274e4a
d2701c86a2a31a641520e72121749dbbabeed4b1a59aece20bbf14f9c9de82bc

netssupport.com Open in urlscan Pro 185.27.134.33 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

3 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

46 kBTransfer

88 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

netssupport.com Open in urlscan Pro
185.27.134.33 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

46 kB
Transfer

88 kB
Size

1
Cookies

3 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!