ex-e-co.be - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 2001:41d0:301::26, located in France and belongs to OVH, FR. The main domain is ex-e-co.be.
TLS certificate: Issued by R3 on November 10th 2021. Valid for: 3 months.

This is the only time ex-e-co.be was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banca Intesa Sanpaolo (Banking)

Domain & IP information

	IP Address		AS Autonomous System
7	2001:41d0:301... 2001:41d0:301::26		16276 (OVH) (OVH)
7	1

7 2001:41d0:301::26 (France)

ASN16276 (OVH, FR)

ex-e-co.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	ex-e-co.be ex-e-co.be	762 KB
7	1

	Domain	Requested by
7	ex-e-co.be	ex-e-co.be
7	1

This site contains no links.

Subject Issuer	Validity	Valid
ex-e-co.be R3	`2021-11-10` - `2022-02-08`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ex-e-co.be/it/persone-e-famiglie/login1.php
Frame ID: 474ADCA372AEEDB64E8DB7A425552A83
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

762 kB
Transfer

1506 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request login1.php Show response ex-e-co.be/it/persone-e-famiglie/	12 KB 3 KB	51ms 18ms	Document text/html	2001:41d0:301::26 OVH
General Check archive.org Show headers Download Go to Full URL https://ex-e-co.be/it/persone-e-famiglie/login1.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2001:41d0:301::26 , France, ASN16276 (OVH, FR), Reverse DNS Software Apache / PHP/5.4 Resource Hash `dd55b96ea748437e949ebfff8b5b0432ac8f59139aac25b8bed4d9a393b7a1dd` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language fr-FR,fr;q=0.9 Response headers date Fri, 21 Jan 2022 19:25:08 GMT content-type text/html server Apache x-powered-by PHP/5.4 vary Accept-Encoding content-encoding gzip
GET H2	200	freccia_dx.png ex-e-co.be/it/persone-e-famiglie/img/	579 B 758 B	17ms 16ms	Image image/png	2001:41d0:301::26 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://ex-e-co.be/it/persone-e-famiglie/img/freccia_dx.png Requested by Host: ex-e-co.be URL: https://ex-e-co.be/it/persone-e-famiglie/login1.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2001:41d0:301::26 , France, ASN16276 (OVH, FR), Reverse DNS Software Apache / Resource Hash `0130c3c398e9a41a9f5ce8566ef6d7e769128c4c87258fd6f9faa0035cd4cae0` Request headers Accept-Language fr-FR,fr;q=0.9 Referer https://ex-e-co.be/it/persone-e-famiglie/login1.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 21 Jan 2022 19:25:08 GMT last-modified Sat, 01 Feb 2020 10:36:54 GMT server Apache content-type image/png cache-control max-age=900 accept-ranges bytes content-length 579 expires Fri, 21 Jan 2022 19:40:08 GMT
GET H2	200	css.css ex-e-co.be/it/persone-e-famiglie/css/	1 MB 472 KB	40ms 40ms	Stylesheet text/css	2001:41d0:301::26 OVH
General Check archive.org Show headers Download Go to Full URL https://ex-e-co.be/it/persone-e-famiglie/css/css.css Requested by Host: ex-e-co.be URL: https://ex-e-co.be/it/persone-e-famiglie/login1.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2001:41d0:301::26 , France, ASN16276 (OVH, FR), Reverse DNS Software Apache / Resource Hash `1b1e8c3f482e627078ec3c96a6e96b4d9b7544731e00d443813cf69b26d65aa8` Request headers Accept-Language fr-FR,fr;q=0.9 Referer https://ex-e-co.be/it/persone-e-famiglie/login1.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 21 Jan 2022 19:25:08 GMT content-encoding gzip last-modified Mon, 17 Feb 2020 10:19:52 GMT server Apache vary Accept-Encoding content-type text/css cache-control max-age=900 accept-ranges bytes expires Fri, 21 Jan 2022 19:40:08 GMT
GET H2	200	jquery-3.4.1.min.js Show response ex-e-co.be/it/persone-e-famiglie/js/	86 KB 30 KB	20ms 20ms	Script application/javascript	2001:41d0:301::26 OVH
General Check archive.org Show headers Download Go to Full URL https://ex-e-co.be/it/persone-e-famiglie/js/jquery-3.4.1.min.js Requested by Host: ex-e-co.be URL: https://ex-e-co.be/it/persone-e-famiglie/login1.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2001:41d0:301::26 , France, ASN16276 (OVH, FR), Reverse DNS Software Apache / Resource Hash `412b8ff9c5ab32b9019fcd84bcd4a54c0e265a14528474f4ee45b27a20abeaeb` Request headers Accept-Language fr-FR,fr;q=0.9 Referer https://ex-e-co.be/it/persone-e-famiglie/login1.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 21 Jan 2022 19:25:08 GMT content-encoding gzip last-modified Thu, 20 Feb 2020 15:18:58 GMT server Apache vary Accept-Encoding content-type application/javascript cache-control max-age=900 accept-ranges bytes content-length 30682 expires Fri, 21 Jan 2022 19:40:08 GMT
GET H2	200	OpenSans-Regular.woff ex-e-co.be/it/persone-e-famiglie/fonts/	18 KB 18 KB	20ms 19ms	Font application/x-font-woff	2001:41d0:301::26 OVH
General Check archive.org Show headers Download Go to Full URL https://ex-e-co.be/it/persone-e-famiglie/fonts/OpenSans-Regular.woff Requested by Host: ex-e-co.be URL: https://ex-e-co.be/it/persone-e-famiglie/css/css.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2001:41d0:301::26 , France, ASN16276 (OVH, FR), Reverse DNS Software Apache / Resource Hash `81f0ec27796225ea29f9f1c7b74f083edcd7bc97a09d5fc4e8d03c0134e62445` Request headers Referer https://ex-e-co.be/it/persone-e-famiglie/css/css.css Origin https://ex-e-co.be Accept-Language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 21 Jan 2022 19:25:08 GMT last-modified Sat, 01 Feb 2020 10:49:56 GMT server Apache accept-ranges bytes content-length 18100 content-type application/x-font-woff
GET H2	200	OpenSans-Semibold.woff2 ex-e-co.be/it/persone-e-famiglie/fonts/	18 KB 18 KB	17ms 17ms	Font application/octet-stream	2001:41d0:301::26 OVH
General Check archive.org Show headers Download Go to Full URL https://ex-e-co.be/it/persone-e-famiglie/fonts/OpenSans-Semibold.woff2 Requested by Host: ex-e-co.be URL: https://ex-e-co.be/it/persone-e-famiglie/css/css.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2001:41d0:301::26 , France, ASN16276 (OVH, FR), Reverse DNS Software Apache / Resource Hash `57c79375b1419ee1d984f443cda77c04b9b38c0be5330b2d41d65103115ffd72` Request headers Referer https://ex-e-co.be/it/persone-e-famiglie/css/css.css Origin https://ex-e-co.be Accept-Language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 21 Jan 2022 19:25:08 GMT last-modified Sat, 01 Feb 2020 10:49:58 GMT server Apache accept-ranges bytes content-length 18696
GET H2	200	ispfont.woff ex-e-co.be/it/persone-e-famiglie/fonts/	219 KB 220 KB	19ms 19ms	Font application/x-font-woff	2001:41d0:301::26 OVH
General Check archive.org Show headers Download Go to Full URL https://ex-e-co.be/it/persone-e-famiglie/fonts/ispfont.woff Requested by Host: ex-e-co.be URL: https://ex-e-co.be/it/persone-e-famiglie/css/css.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2001:41d0:301::26 , France, ASN16276 (OVH, FR), Reverse DNS Software Apache / Resource Hash `0a763a7e062e07ecff7353150309fe9f272f111778232f4158f0a0525fc3d930` Request headers Referer https://ex-e-co.be/it/persone-e-famiglie/css/css.css Origin https://ex-e-co.be Accept-Language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 21 Jan 2022 19:25:08 GMT last-modified Sat, 01 Feb 2020 10:50:06 GMT server Apache accept-ranges bytes content-length 224736 content-type application/x-font-woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banca Intesa Sanpaolo (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| limit3 function| limit5 function| $ function| jQuery

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ex-e-co.be
2001:41d0:301::26
0130c3c398e9a41a9f5ce8566ef6d7e769128c4c87258fd6f9faa0035cd4cae0
0a763a7e062e07ecff7353150309fe9f272f111778232f4158f0a0525fc3d930
1b1e8c3f482e627078ec3c96a6e96b4d9b7544731e00d443813cf69b26d65aa8
412b8ff9c5ab32b9019fcd84bcd4a54c0e265a14528474f4ee45b27a20abeaeb
57c79375b1419ee1d984f443cda77c04b9b38c0be5330b2d41d65103115ffd72
81f0ec27796225ea29f9f1c7b74f083edcd7bc97a09d5fc4e8d03c0134e62445
dd55b96ea748437e949ebfff8b5b0432ac8f59139aac25b8bed4d9a393b7a1dd

ex-e-co.be Open in urlscan Pro 2001:41d0:301::26 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

762 kBTransfer

1506 kBSize

0 Cookies

0 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Indicators

ex-e-co.be Open in urlscan Pro
2001:41d0:301::26 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

762 kB
Transfer

1506 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!