urlscan.io logo urlscan.io
SecurityTrails logo

ernst-elektro.com Open in urlscan Pro
212.53.128.89  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://ernst-elektro.com/apz2/conf.php
Submission: On November 14 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 11 HTTP transactions. The main IP is 212.53.128.89, located in Germany and belongs to ARTFILES-AS Zirkusweg 1, DE. The main domain is ernst-elektro.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on October 5th 2020. Valid for: 3 months.
This is the only time ernst-elektro.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: eBay (E-commerce)

Domain & IP information

IP Address AS Autonomous System
3 212.53.128.89 8893 (ARTFILES-...)
6 185.31.159.147 9186 (ONI Lisbon)
2 104.75.89.144 16625 (AKAMAI-AS)
11 4
Apex Domain
Subdomains		 Transfer
6 nicrodur.pt
www.nicrodur.pt
33 KB
3 ernst-elektro.com
ernst-elektro.com
42 KB
2 ebaystatic.com
ir.ebaystatic.com
44 KB
11 3
Domain Requested by
6 www.nicrodur.pt ernst-elektro.com
www.nicrodur.pt
3 ernst-elektro.com ernst-elektro.com
www.nicrodur.pt
2 ir.ebaystatic.com www.nicrodur.pt
11 3

This site contains links to these domains. Also see Links.

Domain
www.ebay.it
Subject Issuer Validity Valid
ernst-elektro.com
Let's Encrypt Authority X3		 2020-10-05 -
2021-01-03		 3 months crt.sh
nicrodur.pt
cPanel, Inc. Certification Authority		 2020-10-31 -
2021-01-29		 3 months crt.sh
www.ebay.com
DigiCert SHA2 Secure Server CA		 2020-08-05 -
2021-08-06		 a year crt.sh

This page contains 1 frames:

Primary Page: https://ernst-elektro.com/apz2/conf.php
Frame ID: 643EDF44070299AB5994170B2DC9128A
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

120 kB
Transfer

210 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request conf.php
ernst-elektro.com/apz2/ 		41 KB
42 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ernst-elektro.com/apz2/conf.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.53.128.89 , Germany, ASN8893 (ARTFILES-AS Zirkusweg 1, DE),
Reverse DNS
www67.c.artfiles.de
Software
Apache / PHP/7.3.23
Resource Hash
df38ceee893893ff6729a94941b62889972bc081dc35b96d3ba101a8d717bcc1

Request headers

Host
ernst-elektro.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 14 Nov 2020 01:57:18 GMT
Server
Apache
X-Powered-By
PHP/7.3.23
Keep-Alive
timeout=3, max=50
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
34wtddjp0q1v1dtu2elv5jwg4yf.css
www.nicrodur.pt/nicrodur/files/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nicrodur.pt/nicrodur/files/34wtddjp0q1v1dtu2elv5jwg4yf.css
Requested by
Host: ernst-elektro.com
URL: https://ernst-elektro.com/apz2/conf.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.31.159.147 , Portugal, ASN9186 (ONI Lisbon, Portugal., PT),
Reverse DNS
cloud.niceconnect.com
Software
nginx /
Resource Hash
bdfef9d0b3fb16454ee67571887f4e168ce212fe45e527de34061c7da8ec079d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ernst-elektro.com/apz2/conf.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 14 Nov 2020 01:57:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 28 Oct 2020 15:29:40 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
status
200
expires
Mon, 14 Dec 2020 01:57:18 GMT
cache-control
max-age=2592000
x-server-powered-by
Engintron
x-xss-protection
1; mode=block
x-nginx-upstream-cache-status
HIT
signin-render-YT9cWb6a.css
www.nicrodur.pt/nicrodur/files/ 		74 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nicrodur.pt/nicrodur/files/signin-render-YT9cWb6a.css
Requested by
Host: ernst-elektro.com
URL: https://ernst-elektro.com/apz2/conf.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.31.159.147 , Portugal, ASN9186 (ONI Lisbon, Portugal., PT),
Reverse DNS
cloud.niceconnect.com
Software
nginx /
Resource Hash
6532133dbf4d8262a4ef1c2000edbdedc074289634ccef10b868fc074e1961a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ernst-elektro.com/apz2/conf.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 14 Nov 2020 01:57:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 28 Oct 2020 15:30:58 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
status
200
expires
Mon, 14 Dec 2020 01:57:18 GMT
cache-control
max-age=2592000
x-server-powered-by
Engintron
x-xss-protection
1; mode=block
x-nginx-upstream-cache-status
HIT
nkfytkqtoxtljvzb.js
www.nicrodur.pt/nicrodur/files/ 		40 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nicrodur.pt/nicrodur/files/nkfytkqtoxtljvzb.js
Requested by
Host: ernst-elektro.com
URL: https://ernst-elektro.com/apz2/conf.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.31.159.147 , Portugal, ASN9186 (ONI Lisbon, Portugal., PT),
Reverse DNS
cloud.niceconnect.com
Software
nginx /
Resource Hash
73e022d365022ad3d2529e79c9ec9b43cf9646f409565389f657e8daeca9064f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ernst-elektro.com/apz2/conf.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 14 Nov 2020 01:57:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Sat, 31 Oct 2020 15:49:48 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
status
200
expires
Mon, 14 Dec 2020 01:57:18 GMT
cache-control
max-age=2592000
x-server-powered-by
Engintron
x-xss-protection
1; mode=block
x-nginx-upstream-cache-status
HIT
fxxj3ttftm5ltcqnto1o4baovyl.png
www.nicrodur.pt/nicrodur/files/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.nicrodur.pt/nicrodur/files/fxxj3ttftm5ltcqnto1o4baovyl.png
Requested by
Host: ernst-elektro.com
URL: https://ernst-elektro.com/apz2/conf.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.31.159.147 , Portugal, ASN9186 (ONI Lisbon, Portugal., PT),
Reverse DNS
cloud.niceconnect.com
Software
nginx /
Resource Hash
5440e48584e47738479ccd905576e9ddf2097d07b6c7ba81dda6eeb13b1d4af0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ernst-elektro.com/apz2/conf.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 14 Nov 2020 01:57:18 GMT
x-content-type-options
nosniff
last-modified
Wed, 28 Oct 2020 15:33:26 GMT
server
nginx
content-type
image/png
status
200
expires
Wed, 13 Jan 2021 01:57:18 GMT
cache-control
max-age=5184000
x-server-powered-by
Engintron
accept-ranges
bytes
content-length
4820
x-xss-protection
1; mode=block
x-nginx-upstream-cache-status
HIT
signin-render-HI84itB8.js
www.nicrodur.pt/nicrodur/files/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nicrodur.pt/nicrodur/files/signin-render-HI84itB8.js
Requested by
Host: ernst-elektro.com
URL: https://ernst-elektro.com/apz2/conf.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.31.159.147 , Portugal, ASN9186 (ONI Lisbon, Portugal., PT),
Reverse DNS
cloud.niceconnect.com
Software
/
Resource Hash

Request headers

Referer
https://ernst-elektro.com/apz2/conf.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
style=
ernst-elektro.com/apz2/ 		209 B
209 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ernst-elektro.com/apz2/style=
Requested by
Host: ernst-elektro.com
URL: https://ernst-elektro.com/apz2/conf.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.53.128.89 , Germany, ASN8893 (ARTFILES-AS Zirkusweg 1, DE),
Reverse DNS
www67.c.artfiles.de
Software
Apache /
Resource Hash
4bdddb0358539837f9aa8b122e03d7040ab58bd9560903ee09e0d6587b725a0f

Request headers

Referer
https://ernst-elektro.com/apz2/conf.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 14 Nov 2020 01:57:18 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=3, max=49
Content-Length
209
Content-Type
text/html; charset=iso-8859-1
MarketSans-SemiBold-WebS.woff2
ir.ebaystatic.com/cr/v/c1/market-sans/v1.0/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ir.ebaystatic.com/cr/v/c1/market-sans/v1.0/MarketSans-SemiBold-WebS.woff2
Requested by
Host: www.nicrodur.pt
URL: https://www.nicrodur.pt/nicrodur/files/signin-render-YT9cWb6a.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.75.89.144 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-89-144.deploy.static.akamaitechnologies.com
Software
ebay server /
Resource Hash
d1de97533f8c973f9eb1162098eee749715f058edb650efd69e9d6ac62b056b6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://ernst-elektro.com
Referer
https://www.nicrodur.pt/nicrodur/files/signin-render-YT9cWb6a.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 14 Nov 2020 01:57:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cache-lookup
MISS from lvsincludecache-2522849:80
status
200
content-length
22468
x-xss-protection
1; mode=block
server
ebay server
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
access-control-allow-credentials
true
rlogid
t6q%60uebwh%3D9iptq%60uebwh*7554741-173b08d26af-0xcb
access-control-allow-headers
*
expires
Sun, 07 Nov 2021 17:18:51 GMT
truncated
/ 		725 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1b3c84dc67fbaa659cd41ef4f90978cdc64ee8e7afa4410ee56b55652acd6263

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
f5uxsy10bmz05dtrtrqybl5qquv.png
www.nicrodur.pt/nicrodur/files/ 		994 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.nicrodur.pt/nicrodur/files/f5uxsy10bmz05dtrtrqybl5qquv.png
Requested by
Host: www.nicrodur.pt
URL: https://www.nicrodur.pt/nicrodur/files/34wtddjp0q1v1dtu2elv5jwg4yf.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.31.159.147 , Portugal, ASN9186 (ONI Lisbon, Portugal., PT),
Reverse DNS
cloud.niceconnect.com
Software
nginx /
Resource Hash
7e0f4cd0590e2cf36c094d4226d70ccf2bc12107c46f3aeb8b3b5801396b44b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.nicrodur.pt/nicrodur/files/34wtddjp0q1v1dtu2elv5jwg4yf.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 14 Nov 2020 01:57:18 GMT
x-content-type-options
nosniff
last-modified
Wed, 28 Oct 2020 15:29:12 GMT
server
nginx
content-type
image/png
status
200
expires
Wed, 13 Jan 2021 01:57:18 GMT
cache-control
max-age=5184000
x-server-powered-by
Engintron
accept-ranges
bytes
content-length
994
x-xss-protection
1; mode=block
x-nginx-upstream-cache-status
HIT
MarketSans-Regular-WebS.woff2
ir.ebaystatic.com/cr/v/c1/market-sans/v1.0/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ir.ebaystatic.com/cr/v/c1/market-sans/v1.0/MarketSans-Regular-WebS.woff2
Requested by
Host: www.nicrodur.pt
URL: https://www.nicrodur.pt/nicrodur/files/signin-render-YT9cWb6a.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.75.89.144 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-89-144.deploy.static.akamaitechnologies.com
Software
ebay server /
Resource Hash
75dceb1952ced6dab35cf68d3b6bf2f3d2ee9dd7b799ef2b5efb39323d093cc4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://ernst-elektro.com
Referer
https://www.nicrodur.pt/nicrodur/files/signin-render-YT9cWb6a.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 14 Nov 2020 01:57:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cache-lookup
MISS from rnoincludecache-970418:80
status
200
content-length
22156
x-xss-protection
1; mode=block
server
ebay server
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
access-control-allow-credentials
true
rlogid
t6q%60uebwh%3D9whhq%60uebwh*k%7F3sw%28rbpv6710-1739a4c3edc-0xd0
access-control-allow-headers
*
expires
Sun, 07 Nov 2021 17:18:51 GMT
nkfytkqtoxtljvzb.js
ernst-elektro.com/ 		217 B
417 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ernst-elektro.com/nkfytkqtoxtljvzb.js?PID=0B459DF1-2695-3173-882B-64908F679262
Requested by
Host: www.nicrodur.pt
URL: https://www.nicrodur.pt/nicrodur/files/nkfytkqtoxtljvzb.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.53.128.89 , Germany, ASN8893 (ARTFILES-AS Zirkusweg 1, DE),
Reverse DNS
www67.c.artfiles.de
Software
Apache /
Resource Hash
245789da02cdafe25da02f4f7fd787f138bd7fbdcd368a61396fdfc7270071f4

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://ernst-elektro.com/apz2/conf.php
X-Distil-Ajax
sqqwfravdctbsvvswdrwsddsbyaafybrcw
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Sat, 14 Nov 2020 01:57:18 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=3, max=48
Content-Length
217
Content-Type
text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: eBay (E-commerce)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes object| _0x174c function| FingerprintWrapper

0 Cookies