netseg1.online
Open in
urlscan Pro
87.236.215.231
Malicious Activity!
Public Scan
Submission: On August 07 via manual from US
Summary
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on August 7th 2017. Valid for: 3 months.
This is the only time netseg1.online was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Citibank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 87.236.215.231 87.236.215.231 | 16125 (CHERRYSER...) (CHERRYSERVERS1-AS) | |
30 | 23.35.106.191 23.35.106.191 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 92.123.93.102 92.123.93.102 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 80.252.91.53 80.252.91.53 | 15830 (TELECITY-LON) (TELECITY-LON) | |
1 | 63.140.35.160 63.140.35.160 | 15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.) | |
39 | 5 |
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-35-106-191.deploy.static.akamaitechnologies.com
bancanet.banamex.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a92-123-93-102.deploy.akamaitechnologies.com
assets.adobedtm.com |
ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: *.122.2o7.net
citiintl.122.2o7.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
30 |
banamex.com
bancanet.banamex.com |
362 KB |
5 |
netseg1.online
netseg1.online |
142 KB |
2 |
adobedtm.com
assets.adobedtm.com |
49 KB |
1 |
2o7.net
citiintl.122.2o7.net |
43 B |
1 |
serving-sys.com
bs.serving-sys.com |
59 B |
39 | 5 |
Domain | Requested by | |
---|---|---|
30 | bancanet.banamex.com |
netseg1.online
bancanet.banamex.com |
5 | netseg1.online |
netseg1.online
|
2 | assets.adobedtm.com |
netseg1.online
assets.adobedtm.com |
1 | citiintl.122.2o7.net |
netseg1.online
|
1 | bs.serving-sys.com |
netseg1.online
|
39 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.banamex.com |
banamex.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
netseg1.online COMODO RSA Domain Validation Secure Server CA |
2017-08-07 - 2017-11-05 |
3 months | crt.sh |
bancanet.banamex.com Symantec Class 3 EV SSL CA - G3 |
2017-01-12 - 2019-03-10 |
2 years | crt.sh |
www.adobetag.com DigiCert SHA2 High Assurance Server CA |
2016-10-29 - 2019-11-06 |
3 years | crt.sh |
bs.serving-sys.com thawte SSL CA - G2 |
2017-08-02 - 2018-05-06 |
9 months | crt.sh |
*.122.2o7.net DigiCert SHA2 High Assurance Server CA |
2016-05-04 - 2019-05-23 |
3 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://netseg1.online/boveda.banamex/
Frame ID: 26192.1
Requests: 39 HTTP requests in this frame
3 Outgoing links
These are links going to different origins than the main page.
Title: SUCURSALES
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Aprende a construirla
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request 36- https://citiintl.122.2o7.net/b/ss/citiintlmexicoprod/1/H.24.1-D6PR/s56055028270060?AQB=1&ndh=1&t=7%2F7%2F2017%2016%3A43%3A43%201%200&D=D%3D&ce=UTF-8&ns=citiintl&cdp=2&pageName=MX%7Cboveda.banamex%7...
- https://citiintl.122.2o7.net/b/ss/citiintlmexicoprod/1/H.24.1-D6PR/s56055028270060?AQB=1&pccr=true&vidn=2CC44C60051D058D-6000017040002A18&&ndh=1&t=7%2F7%2F2017%2016%3A43%3A43%201%200&D=D%3D&ce=UTF-...
39 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
netseg1.online/boveda.banamex/ |
55 KB 55 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
estilo_avatar.css
bancanet.banamex.com/JPS/portal/css/ |
90 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nuevocss.css
bancanet.banamex.com/JPS/portal/css/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.6.4.min.js
bancanet.banamex.com/JPS/portal/js/ |
89 KB 31 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.cookie.js
bancanet.banamex.com/JFP/js/widgets/ |
4 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
onetab.js
bancanet.banamex.com/js/ |
3 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
browser.js
bancanet.banamex.com/JPS/portal/js/ |
5 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cssPref.js
bancanet.banamex.com/JPS/portal/js/ |
1 KB 519 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citi_s_codeB.js
bancanet.banamex.com/resources/js/libs/ |
46 KB 18 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
JFPNav.js
bancanet.banamex.com/JPS/portal/js/ |
26 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui-1.8.10.js
bancanet.banamex.com/JFP/js/jquery/plugins/ |
210 KB 52 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jfp.branding.js
bancanet.banamex.com/JFP/js/widgets/ |
86 KB 28 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jfp.widgets.js
bancanet.banamex.com/JFP/js/widgets/ |
347 KB 83 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.dcjqaccordion.2.7.min.js
bancanet.banamex.com/JFP/js/widgets/ |
9 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.hoverIntent.minified.js
bancanet.banamex.com/JFP/js/widgets/ |
2 KB 705 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
plugins.js
bancanet.banamex.com/JFP/js/jquery/plugins/ |
71 KB 21 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script.js
bancanet.banamex.com/JFP/js/jquery/plugins/ |
3 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main-script.js
netseg1.online/boveda.banamex/ |
87 KB 87 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
validations.js
bancanet.banamex.com/JPS/portal/js/mx/ |
37 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prelogin-styles.css
bancanet.banamex.com/JPS/portal/css/ |
15 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_banamex.png
bancanet.banamex.com/JFP/regional/images/layout/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
candado.png
bancanet.banamex.com/JPS/portal/img/avatar/img/ |
1016 B 1016 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
check.png
bancanet.banamex.com/JPS/portal/img/avatar/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
descargar.png
bancanet.banamex.com/JPS/portal/img/avatar/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AhnLab.js
bancanet.banamex.com/JPS/portal/js/AhnLab/ |
66 KB 12 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
LAB.js
netseg1.online/JFP/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
satelliteLib-b4108d4d3888abb699ef79ce844d850c2cc705d5.js
assets.adobedtm.com/ef26bce3913b91d7b51b08d476ea75b73d541412/ |
193 KB 49 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
overlay.png
bancanet.banamex.com/JPS/portal/img/avatar/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow_down_utilities.png
bancanet.banamex.com/JPS/portal/images/header/ |
970 B 970 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fondoRay.jpg
bancanet.banamex.com/JPS/portal/images/header/ |
487 B 487 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bottom_login2.png
bancanet.banamex.com/JFP/regional/images/ |
970 B 970 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg_2.jpg
bancanet.banamex.com/JPS/portal/img/avatar/img/bg_login/ |
44 KB 44 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
flecha_azul_r.gif
netseg1.online/JPS/portal/img/avatar/img/ |
105 B 105 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sprite_bene.png
bancanet.banamex.com/JFP/regional/images/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
spritePreSignOn.png
bancanet.banamex.com/JPS/portal/img/avatar/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s-code-contents-559db10b7ebd50620462f95a6c0b45cd33928677.js
assets.adobedtm.com/ef26bce3913b91d7b51b08d476ea75b73d541412/ |
6 B 26 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ActivityServer.bs
bs.serving-sys.com/BurstingPipe/ |
59 B 59 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s56055028270060
citiintl.122.2o7.net/b/ss/citiintlmexicoprod/1/H.24.1-D6PR/ Redirect Chain
|
43 B 43 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KeepAlive.do
netseg1.online/MXGCB/JPS/portal/ |
308 B 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Citibank (Banking)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
netseg1.online/ | Name: RT Value: |
|
.netseg1.online/ | Name: s_pers Value: %20s_adserv%3Dcitiintlmexicoprod%7C1502126023692%3B%20gpv_pageName%3DMX%257Cboveda.banamex%257Chome%7C1502126023816%3B%20s_nr%3D1502124223818-New%7C1504716223818%3B%20s_vnum%3D1504224000818%2526vn%253D1%7C1504224000818%3B%20s_invisit%3Dtrue%7C1502126023818%3B |
|
.netseg1.online/ | Name: s_sess Value: %20s_cc%3Dtrue%3B%20s_sq%3D%3B |
|
netseg1.online/ | Name: AdTrack Value: pageHistory|LOGINBNP.200 |
|
netseg1.online/ | Name: omniID Value: 150212422369173F3 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.adobedtm.com
bancanet.banamex.com
bs.serving-sys.com
citiintl.122.2o7.net
netseg1.online
23.35.106.191
63.140.35.160
80.252.91.53
87.236.215.231
92.123.93.102
044594fe88ddd885b30af7d02790e408e28f3be45df936ee830b411a87594dac
138c77968c38e2537ad659fa1d959da72f4623b0f4532ab0d11dea8d003d9f5f
317d08c930e6f8845ecadc0f265b60b8fc9b12e49b794f562b695e63eb67439a
36933131aaf35781a11bc38f759213caf41a0f26bcd17f61e93b87dc1bde922a
381b9082e95f67d1b218343336a8a64093df3d7c696263cf8404016e4aa0fe5d
3b19ab1b74e513c38c3a321d8bcd8c933da4d7b4f3668992e375bf0269b7e903
3b3cccb95b983aa00e2ca9941a7daa618903e3b0ca5bc5dff1f938ddf032e279
3d2d7df10b8fc0c4d9e6b7eda535309892662000d07b9a0122982caeea5d4d86
3d84b9cec3e77eb0b334333abe9cedc7df24469edeb5d0821ab0692b83c3b72b
47d3a1d7473efda5d2389b86041981a6e7bbcd995c55ea20d18d9cc68d7add5c
4886a0ac17de1d08ed7c3544d06230521c092ee5accdb2265acb78bc59614e76
4a0367f63847fbb447f3e0f18bc97ace4bfb4b5c08cda3dab4baf905d4a17b97
4f6a9c99d36c51fabdd3e290c6a7fafb8252e6f34627d37d133ee9381a7880e5
5f3256e40bb12b17c6735ad618d5c809fd35ee237c9118633de33fa2b6deecc4
67693686923c4de6b267cbf82aa24b9fde03f6fde16f5f1dae69245a5a82184b
6e77d1f5f968401fd8a1a30639ebe93d9b7dc2c114dedc40c0d0f6f67e7fb81c
8262b8edb6e2c7e5cc608b46553e719c71254b42dd461d2bdb150d80806a10ec
83a5018b473412ce14c178cc71de61236069089e5836c78da4fe92e593261035
8456526ab81b800172f48a675617c59857cb3a6dbcf81f3d2345125eca9df0a5
8494553dfe82c5f6498e33fb93dfb431461fd3312b9f989597ac729db12cef81
8824e4738ff9ccec6f5a45884909cdb71e44ee55d1b1d7cf6344d63ebcb32e9c
89537fcf149c29f29c7aaf44154bfe13aba9b98292845eb6810675bd859a39e3
8ff749f3d2e2751f5356d6ea13529d1d3243405ffbd06654e5815e6c8c1f505b
903f65a68636107334da75eb9f38bc1d93e25c8ac37ff6e4ef701c44b29b2745
92bc79aff41e3c9f510bb1a6551d355f408e56cd4f99ddb5daa4f321008df7b2
995c46148e879fa9903a9b10f9798215992050117960b1f1c804110bdc6ae570
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
acde8e565a0a836ba1871cf1680542c9f56cbd0b19e1f545664e9bb978b0a9b1
b10508ff6ee7ce16d2de09908fb3a40ffdd0fe3e12f6d1d91762a66f33107917
b4021b10e9415a2107e00ab35a769df3c3a15328b731da1f627a13c0c83ac6a2
bb02b010a91a78d6460d82c273678d2639f539e5c9b630f2f9b9d4c9238974c3
c19dd07ab0d3e9050ba3f09f10473e933bc49d9088aa9021803ccc98578c26ec
c7c4e85a0ad5584ef35b491e97a54d8427d6fd50fa1dfd7a8a289b70e502194f
d83a2a29cba166959c3e775cb64af40d1bb077334c55ab8c0bc983d2b8c385b8
da1eb298dfb65a6abb0499cb6c37f8af23003881ac3550d5eedbb212d9e5355f
eab005736495c68b0263f3af016c2f689dadf9ebd6ed39669e349a98d302fd7d
edb446fff95eadd6b6c21ae380fe8f16f5a0546003ac4c8c3c7ce7b687f29441
f03acccc5ed8e6eced6001c15f4ff7440f3e5c4e96f1912546d5e2bd90a89f45