n26-sicurezzadati.com

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 198.244.140.201, located in France and belongs to OVH, FR. The main domain is n26-sicurezzadati.com.

This is the only time n26-sicurezzadati.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: N26 (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	135.125.244.179 135.125.244.179	16276 (OVH) (OVH)
4	198.244.140.201 198.244.140.201	16276 (OVH) (OVH)
5	2

1 135.125.244.179 (France)

ASN16276 (OVH, FR)

135.125.244.179	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 198.244.140.201 (France)

ASN16276 (OVH, FR)

n26-sicurezzadati.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	n26-sicurezzadati.com n26-sicurezzadati.com	50 KB
5	1

	Domain	Requested by
4	n26-sicurezzadati.com	n26-sicurezzadati.com
5	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://n26-sicurezzadati.com/
Frame ID: 26EC2E244124633D63635F17FEEA1D33
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://135.125.244.179/qheck.html Page URL
http://n26-sicurezzadati.com/ Page URL

Detected technologies

Ubuntu (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Ubuntu/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

5
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

51 kB
Transfer

73 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://135.125.244.179/qheck.html Page URL
http://n26-sicurezzadati.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	qheck.html Show response 135.125.244.179/	107 B 450 B	92ms 66ms	Document text/html	135.125.244.179 OVH
General Check archive.org Show headers Download Go to Full URL http://135.125.244.179/qheck.html Protocol HTTP/1.1 Server 135.125.244.179 , France, ASN16276 (OVH, FR), Reverse DNS Software Apache/2.4.18 (Ubuntu) / Resource Hash `5f5e4b2468c87617c169835cf4ec30c885e826489ff1e4679de28abbd37e3472` Request headers Host 135.125.244.179 Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sat, 08 May 2021 12:57:58 GMT Server Apache/2.4.18 (Ubuntu) Last-Modified Sat, 08 May 2021 12:24:43 GMT ETag "6b-5c1d0a11dc19a-gzip" Accept-Ranges bytes Vary Accept-Encoding Content-Encoding gzip Content-Length 114 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	Primary Request / Show response n26-sicurezzadati.com/	31 KB 8 KB	124ms 98ms	Document text/html	198.244.140.201 OVH
General Check archive.org Show headers Download Go to Full URL http://n26-sicurezzadati.com/ Protocol HTTP/1.1 Server 198.244.140.201 , France, ASN16276 (OVH, FR), Reverse DNS Software Apache/2.4.18 (Ubuntu) / Resource Hash `b30c27a3201dc7de9d059cc65e7918aae47f93c01b4576e2beaa46652ef6258b` Request headers Host n26-sicurezzadati.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer http://135.125.244.179/ Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer http://135.125.244.179/ Response headers Date Sat, 08 May 2021 12:57:58 GMT Server Apache/2.4.18 (Ubuntu) Last-Modified Thu, 25 Mar 2021 11:38:34 GMT ETag "7d4a-5be5adafe8280-gzip" Accept-Ranges bytes Vary Accept-Encoding Content-Encoding gzip Content-Length 7932 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	GT-America-Standard-Bold.latin.woff2 n26-sicurezzadati.com/build/fonts/	14 KB 14 KB	59ms 59ms	Font application/octet-stream	198.244.140.201 OVH
General Check archive.org Show headers Download Go to Full URL http://n26-sicurezzadati.com/build/fonts/GT-America-Standard-Bold.latin.woff2 Requested by Host: n26-sicurezzadati.com URL: http://n26-sicurezzadati.com/ Protocol HTTP/1.1 Server 198.244.140.201 , France, ASN16276 (OVH, FR), Reverse DNS Software Apache/2.4.18 (Ubuntu) / Resource Hash `c6a5e2cf7945573c6e7c595d5875a6bb3696cfb5b5783209cd3ed5c1c8ed9b9f` Request headers Pragma no-cache Origin http://n26-sicurezzadati.com Accept-Encoding gzip, deflate Host n26-sicurezzadati.com Accept-Language en-US User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept / Referer http://n26-sicurezzadati.com/ Connection keep-alive Cache-Control no-cache Origin http://n26-sicurezzadati.com Referer http://n26-sicurezzadati.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sat, 08 May 2021 12:57:58 GMT Last-Modified Thu, 30 Jan 2020 10:59:04 GMT Server Apache/2.4.18 (Ubuntu) ETag "37e0-59d595861ae00" Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 14304
GET H/1.1	200 OK	GT-America-Standard-Regular.latin.woff2 n26-sicurezzadati.com/build/fonts/	13 KB 14 KB	111ms 86ms	Font application/octet-stream	198.244.140.201 OVH
General Check archive.org Show headers Download Go to Full URL http://n26-sicurezzadati.com/build/fonts/GT-America-Standard-Regular.latin.woff2 Requested by Host: n26-sicurezzadati.com URL: http://n26-sicurezzadati.com/ Protocol HTTP/1.1 Server 198.244.140.201 , France, ASN16276 (OVH, FR), Reverse DNS Software Apache/2.4.18 (Ubuntu) / Resource Hash `57b016225d321a77e0a129515f4436a9bcd53cd6ba8dcd32a96b95ec55d7a785` Request headers Pragma no-cache Origin http://n26-sicurezzadati.com Accept-Encoding gzip, deflate Host n26-sicurezzadati.com Accept-Language en-US User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept / Referer http://n26-sicurezzadati.com/ Connection keep-alive Cache-Control no-cache Origin http://n26-sicurezzadati.com Referer http://n26-sicurezzadati.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sat, 08 May 2021 12:57:58 GMT Last-Modified Thu, 30 Jan 2020 10:56:32 GMT Server Apache/2.4.18 (Ubuntu) ETag "3550-59d594f525800" Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 13648
GET H/1.1	200 OK	GT-America-Standard-Medium.latin.woff2 n26-sicurezzadati.com/build/fonts/	14 KB 14 KB	118ms 94ms	Font application/octet-stream	198.244.140.201 OVH
General Check archive.org Show headers Download Go to Full URL http://n26-sicurezzadati.com/build/fonts/GT-America-Standard-Medium.latin.woff2 Requested by Host: n26-sicurezzadati.com URL: http://n26-sicurezzadati.com/ Protocol HTTP/1.1 Server 198.244.140.201 , France, ASN16276 (OVH, FR), Reverse DNS Software Apache/2.4.18 (Ubuntu) / Resource Hash `e1c2d323b6b5d86a647a34092f9c18b935f807b46f924578865a738f7b518f10` Request headers Pragma no-cache Origin http://n26-sicurezzadati.com Accept-Encoding gzip, deflate Host n26-sicurezzadati.com Accept-Language en-US User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept / Referer http://n26-sicurezzadati.com/ Connection keep-alive Cache-Control no-cache Origin http://n26-sicurezzadati.com Referer http://n26-sicurezzadati.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sat, 08 May 2021 12:57:58 GMT Last-Modified Thu, 30 Jan 2020 10:58:46 GMT Server Apache/2.4.18 (Ubuntu) ETag "3830-59d59574f0580" Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 14384

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: N26 (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

n26-sicurezzadati.com
135.125.244.179
198.244.140.201
57b016225d321a77e0a129515f4436a9bcd53cd6ba8dcd32a96b95ec55d7a785
5f5e4b2468c87617c169835cf4ec30c885e826489ff1e4679de28abbd37e3472
b30c27a3201dc7de9d059cc65e7918aae47f93c01b4576e2beaa46652ef6258b
c6a5e2cf7945573c6e7c595d5875a6bb3696cfb5b5783209cd3ed5c1c8ed9b9f
e1c2d323b6b5d86a647a34092f9c18b935f807b46f924578865a738f7b518f10

n26-sicurezzadati.com Open in urlscan Pro 198.244.140.201 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

5 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

51 kBTransfer

73 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

Indicators

n26-sicurezzadati.com Open in urlscan Pro
198.244.140.201 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

51 kB
Transfer

73 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!