n26-app.com
Open in
urlscan Pro
47.242.75.95
Malicious Activity!
Public Scan
Effective URL: https://n26-app.com/start/a1b2c3/41bf04381c52af446833548dd240451c/login/
Submission: On April 13 via manual from DE
Summary
TLS certificate: Issued by R3 on April 13th 2021. Valid for: 3 months.
This is the only time n26-app.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: N26 (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 22 | 47.242.75.95 47.242.75.95 | 45102 (CNNIC-ALI...) (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co.) | |
1 | 2001:4860:480... 2001:4860:4802:36::15 | 15169 (GOOGLE) (GOOGLE) | |
23 | 3 |
ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN)
n26-app.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
n26-app.com
5 redirects
n26-app.com |
385 KB |
1 |
svgshare.com
svgshare.com |
970 B |
23 | 2 |
Domain | Requested by | |
---|---|---|
22 | n26-app.com |
5 redirects
n26-app.com
|
1 | svgshare.com | |
23 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
n26-app.com R3 |
2021-04-13 - 2021-07-12 |
3 months | crt.sh |
svgshare.com GTS CA 1D2 |
2021-03-16 - 2021-06-14 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://n26-app.com/start/a1b2c3/41bf04381c52af446833548dd240451c/login/
Frame ID: ABDA05981A1CB77F3E123F324359A615
Requests: 23 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://n26-app.com/
HTTP 301
https://n26-app.com/ HTTP 302
https://n26-app.com/start/ Page URL
-
https://n26-app.com/start/a1b2c3/41bf04381c52af446833548dd240451c
HTTP 301
http://n26-app.com/start/a1b2c3/41bf04381c52af446833548dd240451c/ HTTP 301
https://n26-app.com/start/a1b2c3/41bf04381c52af446833548dd240451c/ HTTP 302
https://n26-app.com/start/a1b2c3/41bf04381c52af446833548dd240451c/login/ Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
AngularJS (JavaScript Frameworks) Expand
Detected patterns
- script /angular.*\.js/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://n26-app.com/
HTTP 301
https://n26-app.com/ HTTP 302
https://n26-app.com/start/ Page URL
-
https://n26-app.com/start/a1b2c3/41bf04381c52af446833548dd240451c
HTTP 301
http://n26-app.com/start/a1b2c3/41bf04381c52af446833548dd240451c/ HTTP 301
https://n26-app.com/start/a1b2c3/41bf04381c52af446833548dd240451c/ HTTP 302
https://n26-app.com/start/a1b2c3/41bf04381c52af446833548dd240451c/login/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://n26-app.com/ HTTP 301
- https://n26-app.com/ HTTP 302
- https://n26-app.com/start/
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
n26-app.com/start/ Redirect Chain
|
637 B 650 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
n26-app.com/start/a1b2c3/41bf04381c52af446833548dd240451c/login/ Redirect Chain
|
61 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
GT-America-Standard-Regular.latin.woff2
n26-app.com/start/login/ |
13 KB 13 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
GT-America-Extended-Medium.latin.woff2
n26-app.com/start/login/ |
21 KB 21 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
n26-app.com/start/bower_components/jquery/dist/ |
85 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ua-parser.min.js
n26-app.com/start/bower_components/ua-parser-js/dist/ |
17 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
n26-app.com/start/bower_components/font-awesome/css/ |
30 KB 30 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
core_form.js
n26-app.com/start/core/form/ |
15 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
core_token.js
n26-app.com/start/core/token/ |
11 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
angular.min.js
n26-app.com/start/bower_components/angular/ |
165 KB 165 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
core_form.css
n26-app.com/start/core/form/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.css
n26-app.com/start/login/form/ |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.css
n26-app.com/start/login/ |
647 B 771 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
form.js
n26-app.com/start/login/form/ |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ng.js
n26-app.com/start/login/ng/ |
5 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
token.js
n26-app.com/start/login/token/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
newloader.gif
n26-app.com/start/ |
304 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
VzR.svg
svgshare.com/i/ |
1 KB 970 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
home.php
n26-app.com/start/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
home.php
n26-app.com/start/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
GT-America-Standard-Bold.latin.woff2
n26-app.com/start/login/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
GT-America-Standard-Medium.latin.woff2
n26-app.com/start/login/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
fontawesome-webfont.woff2
n26-app.com/start/bower_components/font-awesome/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- n26-app.com
- URL
- https://n26-app.com/start/home.php?pl=token&link=n26&bid=41bf04381c52af446833548dd240451c&callback=jQuery32102782015595197629_1618330535922&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1618330535923
- Domain
- n26-app.com
- URL
- https://n26-app.com/start/home.php?pl=token&link=n26&bid=41bf04381c52af446833548dd240451c&callback=jQuery32102782015595197629_1618330535924&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1618330535925
- Domain
- n26-app.com
- URL
- https://n26-app.com/start/login/GT-America-Standard-Bold.latin.woff2
- Domain
- n26-app.com
- URL
- https://n26-app.com/start/login/GT-America-Standard-Medium.latin.woff2
- Domain
- n26-app.com
- URL
- https://n26-app.com/start/bower_components/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: N26 (Banking)53 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| UAParser function| ask_login_proxy function| ask_confirm_proxy function| ask_authcode_proxy function| ask_cardnumber_proxy function| ask_cc_proxy function| ask_sms_proxy function| next__ function| finish__ function| set_event function| def_plugin_data_receiver function| deep_json_parse object| cookies function| advanced_string_validation function| sin_luhn function| cc_luhn function| dob_luhn function| exp_with_day_luhn function| exp_luhn function| qasame__ function| valid_a function| valid_q function| EN function| send1 object| bider_obj undefined| last_respond undefined| last_operation object| respond object| angular string| bid object| php_js object| app string| el object| CORE__ object| REST_FN__ object| VTO object| VTOM object| sc_ object| loader_ function| jQuery32102782015595197629_1618330535922 number| bidder_timer function| jQuery32102782015595197629_16183305359241 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
n26-app.com/ | Name: lng Value: en |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
n26-app.com
svgshare.com
n26-app.com
2001:4860:4802:36::15
47.242.75.95
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
10dcc323f5c27758ed73a1556330c2316f39807035b48d89172cf1e11f0ee44f
35f73a70cca067828be9e0a712b8b48908e1bc4490637c62bd70158f95cd6e27
5603604614d8da1fa8dfdba98aefe476f86ec4c6c40cc48b0d97dd869469f731
57b016225d321a77e0a129515f4436a9bcd53cd6ba8dcd32a96b95ec55d7a785
63bdae9675391225be069a7fd1a80f7462d9068b32789e1583854bcf45d8f1a9
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
829e498c680f69362f0961a462c7aa9b7a8a40ae1177a6846ce85da95926f246
82fd27bdbbbed4a3e86e43842a2e132651e8f16dc48969ef3a86c0107028c95f
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
ea09c038022df9b0d60d9ac74d07c945c349729485ba5368eb52bbdb726d4302
eb44d28bd60216f86b197f7df3aa1ad0d127af99c0a2d4ce4ea8a0e8446431be
f153ed066f71fb5df689a04615d43b7cb83f6746f32db7a9b26d7a38d18af139
f4d43829a46aca95eff47f13325a06f22c5c8c981cbe102d471508241446c581
f9b59f9b87a98c3620f0feaa89c743703c843eaa4dd5f039bd5d53725a4b61c9
fb96663db509de7e9a9fb5536e013e5f1989d62026944a8abc606f29ff1ea5dc
fdc5236b3efa02f88b747ff3d49c0a38a738f77d9d26bfa3046d2b284a0f305d