sridurgatmt.com Open in urlscan Pro
166.62.29.42 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://sridurgatmt.com/nc/
Submission: On September 28 via automatic, source openphish (September 28th 2023, 10:24:28 pm UTC) — Scanned from SG

Summary HTTP 16 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 16 HTTP transactions. The main IP is 166.62.29.42, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is sridurgatmt.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on October 17th 2022. Valid for: a year.

This is the only time sridurgatmt.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nexi (Banking)

Domain & IP information

	IP Address	AS Autonomous System
10	166.62.29.42 166.62.29.42	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
1	2a04:4e42:600... 2a04:4e42:600::649	54113 (FASTLY) (FASTLY)
2	185.198.117.126 185.198.117.126	35051 (NEXI-AS) (NEXI-AS)
1 2	23.32.29.104 23.32.29.104	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2600:1413:b00... 2600:1413:b000:1b::17d7:713	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
16	5

10 166.62.29.42 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: 42.29.62.166.host.secureserver.net

sridurgatmt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::649 (Ascension Island)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.198.117.126 (Milan, Italy)

ASN35051 (NEXI-AS, IT)

www.nexi.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.32.29.104 (United States) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-32-29-104.deploy.static.akamaitechnologies.com

img1.wsimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img6.wsimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1413:b000:1b::17d7:713 (United States)

ASN20940 (AKAMAI-ASN1, NL)

events.api.secureserver.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	sridurgatmt.com sridurgatmt.com	206 KB
2	secureserver.net events.api.secureserver.net — Cisco Umbrella Rank: 21615	564 B
2	wsimg.com 1 redirects img1.wsimg.com — Cisco Umbrella Rank: 15785 img6.wsimg.com — Cisco Umbrella Rank: 20777	12 KB
2	nexi.it www.nexi.it	188 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 1243	32 KB
16	5

	Domain	Requested by
10	sridurgatmt.com	sridurgatmt.com code.jquery.com
2	events.api.secureserver.net	img1.wsimg.com
2	www.nexi.it	sridurgatmt.com
1	img6.wsimg.com	sridurgatmt.com
1	img1.wsimg.com	1 redirects
1	code.jquery.com	sridurgatmt.com
16	6

This site contains links to these domains. Also see Links.

Domain
www.nexi.it

Subject Issuer	Validity	Valid
sridurgatmt.com Go Daddy Secure Certificate Authority - G2	`2022-10-17` - `2023-10-17`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
www.nexi.it GlobalSign RSA OV SSL CA 2018	`2023-08-04` - `2024-08-21`	a year	crt.sh
*.api.secureserver.net Starfield Secure Certificate Authority - G2	`2023-07-10` - `2024-08-10`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://sridurgatmt.com/nc/
Frame ID: 59AD444280FD7E13E4A77146B7376426
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Home

Detected technologies

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

94 %
HTTPS

40 %
IPv6

5
Domains

6
Subdomains

5
IPs

3
Countries

438 kB
Transfer

1606 kB
Size

2
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.nexi.it/?openModal=login#tab-id-privati
Title: Privati

Search URL Search Domain Scan URL

URL: https://www.nexi.it/?openModal=login
Title: Non sei tu?

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://img1.wsimg.com/traffic-assets/js/tccl.min.js HTTP 302
https://img6.wsimg.com/wrhs/5c3e20ad749ddb088afc84b1b7ff009e/tccl.min.js

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
sridurgatmt.com/nc/ 550 KB
25 KB 277ms
68ms Document
text/html 166.62.29.42
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://sridurgatmt.com/nc/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 166.62.29.42 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 42.29.62.166.host.secureserver.net
Software: Apache /
Resource Hash: 1fbbfaeb9f49f1639d933a69913afd9f9d2edd17673ada4a6631d6141f11b000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

accept-ranges: bytes
content-encoding: br
content-type: text/html
date: Thu, 28 Sep 2023 22:24:20 GMT
etag: "c7c1e7a-8969e-6062f7006fe40-br"
last-modified: Mon, 25 Sep 2023 14:04:33 GMT
server: Apache
vary: Accept-Encoding

GET
H2 200 jquery-1.9.1.min.js Show response
code.jquery.com/ 90 KB
32 KB 536ms
174ms Script
application/javascript 2a04:4e42:600::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.9.1.min.js
Requested by: Host: sridurgatmt.com
URL: https://sridurgatmt.com/nc/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::649 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sridurgatmt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 22:24:20 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 1137662
x-cache: HIT, HIT
content-length: 32772
x-served-by: cache-lga13625-LGA, cache-maa10249-MAA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1695939861.729016,VS0,VE0
etag: W/"28feccc0-169d5"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 23, 7262020

GET
H2 200 style.css
sridurgatmt.com/nc/index_files/ 568 KB
64 KB 79ms
78ms Stylesheet
text/css 166.62.29.42
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://sridurgatmt.com/nc/index_files/style.css
Requested by: Host: sridurgatmt.com
URL: https://sridurgatmt.com/nc/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 166.62.29.42 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 42.29.62.166.host.secureserver.net
Software: Apache /
Resource Hash: 23ad197def9f4c983e658350fb1788aa32894df43eec7fa5d6ade80bc30cfdda

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sridurgatmt.com/nc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 22:24:20 GMT
content-encoding: br
last-modified: Mon, 25 Sep 2023 14:04:33 GMT
server: Apache
etag: "c7c1eae-8dfd4-6062f7006fe40-br"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes

GET
H/1.1 200
OK style.css
www.nexi.it/cookieservice/nexi-it/ 21 KB
7 KB 3451ms
173ms Stylesheet
text/css 185.198.117.126
NEXI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nexi.it/cookieservice/nexi-it/style.css

Requested by

Host: sridurgatmt.com
URL: https://sridurgatmt.com/nc/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.198.117.126 Milan, Italy, ASN35051 (NEXI-AS, IT),

Reverse DNS

Software

Resource Hash

1f6bbe8591e650b3e139d0603cafb80ea3e5e76117a15c4960422b536bd419d0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sridurgatmt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Thu, 28 Sep 2023 22:24:23 GMT
Content-Security-Policy: frame-ancestors 'self'
Content-Encoding: gzip
Last-Modified: Mon, 31 Jul 2023 08:05:08 GMT
ETag: "52c6-601c3e38c3b5c"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, HEAD
Content-Type: text/css
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT"
Cache-Control: max-age=300, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 6775

GET
H2 200 css
sridurgatmt.com/nc/index_files/ 5 KB
620 B 7ms
6ms Stylesheet
text/plain 166.62.29.42
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://sridurgatmt.com/nc/index_files/css
Requested by: Host: sridurgatmt.com
URL: https://sridurgatmt.com/nc/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 166.62.29.42 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 42.29.62.166.host.secureserver.net
Software: Apache /
Resource Hash: 4afab3d0e6840203d51fac7069364c663ec478adbb6baecd8ecf229cd74eef5a

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sridurgatmt.com/nc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 22:24:20 GMT
content-encoding: br
last-modified: Mon, 25 Sep 2023 14:04:33 GMT
server: Apache
etag: "c7c1ea1-12c6-6062f7006fe40-br"
vary: Accept-Encoding
accept-ranges: bytes
content-length: 563

GET
H2 200 logo--dark.svg
sridurgatmt.com/nc/index_files/ 2 KB
1 KB 8ms
7ms Image
image/svg+xml 166.62.29.42
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sridurgatmt.com/nc/index_files/logo--dark.svg
Requested by: Host: sridurgatmt.com
URL: https://sridurgatmt.com/nc/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 166.62.29.42 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 42.29.62.166.host.secureserver.net
Software: Apache /
Resource Hash: 790272db4f81bd54720506a836a513fb2ef6520b5227ce392be7c1dac52f4621

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sridurgatmt.com/nc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 22:24:21 GMT
content-encoding: br
last-modified: Mon, 25 Sep 2023 14:04:33 GMT
server: Apache
etag: "c7c1eb6-938-6062f7006fe40-br"
vary: Accept-Encoding
content-type: image/svg+xml
accept-ranges: bytes
content-length: 1008

GET
H2 200 logo--light.svg
sridurgatmt.com/nc/index_files/ 2 KB
1 KB 7ms
6ms Image
image/svg+xml 166.62.29.42
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sridurgatmt.com/nc/index_files/logo--light.svg
Requested by: Host: sridurgatmt.com
URL: https://sridurgatmt.com/nc/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 166.62.29.42 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 42.29.62.166.host.secureserver.net
Software: Apache /
Resource Hash: 04410889c5251ebffe51063822311d828830abd030f73b6cdb5777e5b3238cb3

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sridurgatmt.com/nc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 22:24:21 GMT
content-encoding: br
last-modified: Mon, 25 Sep 2023 14:04:33 GMT
server: Apache
etag: "c7c1eb5-94f-6062f7006fe40-br"
vary: Accept-Encoding
content-type: image/svg+xml
accept-ranges: bytes
content-length: 1013

GET
H2

200

tccl.min.js Show response
img6.wsimg.com/wrhs/5c3e20ad749ddb088afc84b1b7ff009e/
Redirect Chain

https://img1.wsimg.com/traffic-assets/js/tccl.min.js
https://img6.wsimg.com/wrhs/5c3e20ad749ddb088afc84b1b7ff009e/tccl.min.js

45 KB
12 KB

42ms
4ms

Script
application/javascript

23.32.29.104
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://img6.wsimg.com/wrhs/5c3e20ad749ddb088afc84b1b7ff009e/tccl.min.js
Requested by: Host: sridurgatmt.com
URL: https://sridurgatmt.com/nc/
Protocol: H2
Server: 23.32.29.104 , United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-32-29-104.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: d10c120206d25caa3deafc45a0ed90f2a6ce5290402c4502a68d95bcaeaa898b

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sridurgatmt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-amz-version-id: sTnOEJpl_Bn63xNm3Yru0HbQaHbS55CR
content-encoding: br
date: Thu, 28 Sep 2023 22:24:21 GMT
x-amz-request-id: 1K08MGCFGNYAVXZF
x-amz-server-side-encryption: AES256
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1695939861076_387980644_2789128824_17_1274_2_0_182";dur=1
content-length: 11347
x-amz-id-2: CZXoeAWpc5+jb36BYR8uyZbNJRBFREbz0Nre0fU34nQWMlUclaRIk+VX09Y65a5zNWYS93IKD+k=
last-modified: Mon, 17 Apr 2023 05:04:44 GMT
etag: "5c3e20ad749ddb088afc84b1b7ff009e"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

Redirect headers

location: https://img6.wsimg.com/wrhs/5c3e20ad749ddb088afc84b1b7ff009e/tccl.min.js
access-control-allow-origin: *
date: Thu, 28 Sep 2023 22:24:21 GMT
cache-control: max-age=1800
timing-allow-origin: *
content-length: 0
expires: Thu, 28 Sep 2023 22:54:21 GMT

GET
H/1.1 200
OK Card_Login_IOSI-Plus_Desktop_786x694.jpg
www.nexi.it/content/dam/nexi/img/login/ 180 KB
181 KB 174ms
174ms Image
image/jpeg 185.198.117.126
NEXI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nexi.it/content/dam/nexi/img/login/Card_Login_IOSI-Plus_Desktop_786x694.jpg

Requested by

Host: sridurgatmt.com
URL: https://sridurgatmt.com/nc/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.198.117.126 Milan, Italy, ASN35051 (NEXI-AS, IT),

Reverse DNS

Software

Resource Hash

a38acfae433e9ec1c9d35ea1e226361942de99362ad13c183d502fdbe1e96273

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sridurgatmt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Thu, 28 Sep 2023 22:24:23 GMT
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Mon, 31 Jul 2023 08:07:02 GMT
ETag: "2cee1-601c3ea601874"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: GET, HEAD
Content-Type: image/jpeg
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT"
Cache-Control: max-age=300, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 184033

GET
H2 200 karbon-regular-webfont.woff
sridurgatmt.com/nc/index_files/fonts/ 24 KB
24 KB 11ms
10ms Font
font/woff 166.62.29.42
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://sridurgatmt.com/nc/index_files/fonts/karbon-regular-webfont.woff
Requested by: Host: sridurgatmt.com
URL: https://sridurgatmt.com/nc/index_files/style.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 166.62.29.42 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 42.29.62.166.host.secureserver.net
Software: Apache /
Resource Hash: ade827343407a2a81168acb91cabc1ed7d83de7010966dd1b7f06f4e0344b9e6

Request headers

Referer: https://sridurgatmt.com/nc/index_files/style.css
Origin: https://sridurgatmt.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 22:24:23 GMT
content-encoding: br
last-modified: Mon, 25 Sep 2023 14:04:33 GMT
server: Apache
etag: "c7c1ebd-5ef4-6062f7006fe40-br"
vary: Accept-Encoding
content-type: font/woff
accept-ranges: bytes
content-length: 24200

GET
H2 200 karbon-semibold-webfont.woff
sridurgatmt.com/nc/index_files/fonts/ 24 KB
24 KB 12ms
12ms Font
font/woff 166.62.29.42
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://sridurgatmt.com/nc/index_files/fonts/karbon-semibold-webfont.woff
Requested by: Host: sridurgatmt.com
URL: https://sridurgatmt.com/nc/index_files/style.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 166.62.29.42 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 42.29.62.166.host.secureserver.net
Software: Apache /
Resource Hash: 0696904b24ea3bdaf9ee857ded71391ccd44d40b84334571a5c5e71f93b4a0c6

Request headers

Referer: https://sridurgatmt.com/nc/index_files/style.css
Origin: https://sridurgatmt.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 22:24:23 GMT
content-encoding: br
last-modified: Mon, 25 Sep 2023 14:04:33 GMT
server: Apache
etag: "c7c1eb9-61c8-6062f7006fe40-br"
vary: Accept-Encoding
content-type: font/woff
accept-ranges: bytes
content-length: 24919

GET
H2 200 karbon-medium-webfont.woff
sridurgatmt.com/nc/index_files/fonts/ 24 KB
24 KB 12ms
10ms Font
font/woff 166.62.29.42
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://sridurgatmt.com/nc/index_files/fonts/karbon-medium-webfont.woff
Requested by: Host: sridurgatmt.com
URL: https://sridurgatmt.com/nc/index_files/style.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 166.62.29.42 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 42.29.62.166.host.secureserver.net
Software: Apache /
Resource Hash: 4061275193aa1a5245941f7768b307219fc0f86f44dc1cf4d293168b93a72259

Request headers

Referer: https://sridurgatmt.com/nc/index_files/style.css
Origin: https://sridurgatmt.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 22:24:23 GMT
content-encoding: br
last-modified: Mon, 25 Sep 2023 14:04:33 GMT
server: Apache
etag: "c7c1eba-617c-6062f7006fe40-br"
vary: Accept-Encoding
content-type: font/woff
accept-ranges: bytes
content-length: 24847

GET
H2 200 nexi.woff
sridurgatmt.com/nc/index_files/fonts/ 70 KB
41 KB 29ms
28ms Font
font/woff 166.62.29.42
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://sridurgatmt.com/nc/index_files/fonts/nexi.woff
Requested by: Host: sridurgatmt.com
URL: https://sridurgatmt.com/nc/index_files/style.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 166.62.29.42 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 42.29.62.166.host.secureserver.net
Software: Apache /
Resource Hash: d1700915fc4144972b88e8a2d733e1bd5cfbc8ab94f91750878fa096e3d00903

Request headers

Referer: https://sridurgatmt.com/nc/index_files/style.css
Origin: https://sridurgatmt.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 22:24:23 GMT
content-encoding: br
last-modified: Mon, 25 Sep 2023 14:04:33 GMT
server: Apache
etag: "c7c1ebe-11954-6062f7006fe40-br"
vary: Accept-Encoding
content-type: font/woff
accept-ranges: bytes
content-length: 42287

GET
H2 200 access.php Show response
sridurgatmt.com/nc/panel/ 29 B
124 B 712ms
712ms XHR
text/html 166.62.29.42
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://sridurgatmt.com/nc/panel/access.php
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-1.9.1.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 166.62.29.42 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 42.29.62.166.host.secureserver.net
Software: Apache / PHP/7.2.34
Resource Hash: f3e9093b71686098a0c98c0ec6cf23978d3a3555521173af7bf153c839d74edb

Request headers

Accept: */*
Referer: https://sridurgatmt.com/nc/
X-Requested-With: XMLHttpRequest
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 22:24:24 GMT
content-encoding: br
server: Apache
x-powered-by: PHP/7.2.34
content-length: 33
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 event Show response
events.api.secureserver.net/t/1/tl/ 43 B
282 B 349ms
169ms XHR
image/gif 2600:1413:b000:1b::17d7:713
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://events.api.secureserver.net/t/1/tl/event?cts=1695939863831&dh=sridurgatmt.com&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.5938.92%20Safari%2F537.36&vci=2026412804&cv=2.0.1&z=1434156850&vg=1ec6f09b-d35d-5d6c-b5c5-3069b17fad56&vtg=1ec6f09b-d35d-5d6c-b5c5-3069b17fad56&dp=%2Fnc&ap=cpsh&trfd=%7B%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22sg2plcpnl0190%22%2C%22dcenter%22%3A%22sg2%22%2C%22cp_id%22%3A%225860291%22%2C%22cp_cache%22%3A%22%22%2C%22cp_cl%22%3A%226%22%7D&hit_id=0210ee12-9af1-5604-b841-9e7a7120740e&ht=pageview

Requested by

Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2600:1413:b000:1b::17d7:713 , United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sridurgatmt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
date: Thu, 28 Sep 2023 22:24:24 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/gif
access-control-allow-origin: https://sridurgatmt.com
cache-control: private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 43
x-xss-protection: 1; mode=block

GET
H2 200 event Show response
events.api.secureserver.net/t/1/tl/ 43 B
282 B 631ms
454ms XHR
image/gif 2600:1413:b000:1b::17d7:713
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://events.api.secureserver.net/t/1/tl/event?cts=1695939864647&dh=sridurgatmt.com&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.5938.92%20Safari%2F537.36&vci=2026412804&cv=2.0.1&z=876594006&vg=1ec6f09b-d35d-5d6c-b5c5-3069b17fad56&vtg=1ec6f09b-d35d-5d6c-b5c5-3069b17fad56&dp=%2Fnc&ap=cpsh&trfd=%7B%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22sg2plcpnl0190%22%2C%22dcenter%22%3A%22sg2%22%2C%22cp_id%22%3A%225860291%22%2C%22cp_cache%22%3A%22%22%2C%22cp_cl%22%3A%226%22%7D&hit_id=c28995b0-356b-5cd1-b489-badacd77c975&ht=perf&tce=1695939860266&tcs=1695939860253&tdc=1695939864641&tdclee=1695939863844&tdcles=1695939863837&tdi=1695939863837&tdl=1695939860339&tdle=1695939860253&tdls=1695939860058&tfs=1695939860057&tns=1695939860056&trqs=1695939860266&tre=1695939860339&trps=1695939860335&tles=1695939864641&tlee=0&nt=navigate&lcp=3800&nav_type=hard

Requested by

Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2600:1413:b000:1b::17d7:713 , United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sridurgatmt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
date: Thu, 28 Sep 2023 22:24:25 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/gif
access-control-allow-origin: https://sridurgatmt.com
cache-control: private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 43
x-xss-protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nexi (Banking)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.sridurgatmt.com/	1970-01-20 23:51:15	Name: _tccl_visitor Value: 1ec6f09b-d35d-5d6c-b5c5-3069b17fad56
			.sridurgatmt.com/	1970-01-20 15:05:41	Name: _tccl_visit Value: 1ec6f09b-d35d-5d6c-b5c5-3069b17fad56

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
events.api.secureserver.net
img1.wsimg.com
img6.wsimg.com
sridurgatmt.com
www.nexi.it
166.62.29.42
185.198.117.126
23.32.29.104
2600:1413:b000:1b::17d7:713
2a04:4e42:600::649
04410889c5251ebffe51063822311d828830abd030f73b6cdb5777e5b3238cb3
0696904b24ea3bdaf9ee857ded71391ccd44d40b84334571a5c5e71f93b4a0c6
1f6bbe8591e650b3e139d0603cafb80ea3e5e76117a15c4960422b536bd419d0
1fbbfaeb9f49f1639d933a69913afd9f9d2edd17673ada4a6631d6141f11b000
23ad197def9f4c983e658350fb1788aa32894df43eec7fa5d6ade80bc30cfdda
4061275193aa1a5245941f7768b307219fc0f86f44dc1cf4d293168b93a72259
4afab3d0e6840203d51fac7069364c663ec478adbb6baecd8ecf229cd74eef5a
790272db4f81bd54720506a836a513fb2ef6520b5227ce392be7c1dac52f4621
a38acfae433e9ec1c9d35ea1e226361942de99362ad13c183d502fdbe1e96273
ade827343407a2a81168acb91cabc1ed7d83de7010966dd1b7f06f4e0344b9e6
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
d10c120206d25caa3deafc45a0ed90f2a6ce5290402c4502a68d95bcaeaa898b
d1700915fc4144972b88e8a2d733e1bd5cfbc8ab94f91750878fa096e3d00903
f3e9093b71686098a0c98c0ec6cf23978d3a3555521173af7bf153c839d74edb

sridurgatmt.com Open in urlscan Pro 166.62.29.42 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

16 Requests

94 %HTTPS

40 %IPv6

5 Domains

6 Subdomains

5 IPs

3 Countries

438 kBTransfer

1606 kBSize

2 Cookies

2 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

2 Cookies

Indicators

sridurgatmt.com Open in urlscan Pro
166.62.29.42 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

94 %
HTTPS

40 %
IPv6

5
Domains

6
Subdomains

5
IPs

3
Countries

438 kB
Transfer

1606 kB
Size

2
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!