sxb1plvwcpnl474184.prod.sxb1.secureserver.net Open in urlscan Pro
92.205.2.211  Malicious Activity! Public Scan

Submitted URL: http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app
Effective URL: http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/kL5ciuWinIXYVj7RO9wC9x1BA4zW30qd7PFgx98ETdx1O2uQylVRDGuOgcyTlO27oiPUUh/8502691.php?...
Submission: On June 18 via manual from DE

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 8 HTTP transactions. The main IP is 92.205.2.211, located in Strasbourg, France and belongs to GODADDY-SXB, DE. The main domain is sxb1plvwcpnl474184.prod.sxb1.secureserver.net.
This is the only time sxb1plvwcpnl474184.prod.sxb1.secureserver.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: N26 (Banking)

Domain & IP information

IP Address AS Autonomous System
5 9 92.205.2.211 21499 (GODADDY-SXB)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
8 3
Domain Requested by
9 sxb1plvwcpnl474184.prod.sxb1.secureserver.net 5 redirects sxb1plvwcpnl474184.prod.sxb1.secureserver.net
3 cdnjs.cloudflare.com sxb1plvwcpnl474184.prod.sxb1.secureserver.net
cdnjs.cloudflare.com
1 maxcdn.bootstrapcdn.com sxb1plvwcpnl474184.prod.sxb1.secureserver.net
8 3

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-10-21 -
2021-10-20
a year crt.sh

This page contains 1 frames:

Primary Page: http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/kL5ciuWinIXYVj7RO9wC9x1BA4zW30qd7PFgx98ETdx1O2uQylVRDGuOgcyTlO27oiPUUh/8502691.php?login_ga=https.n27.elogin
Frame ID: 31B68CE3DF85E4136746951838AB5778
Requests: 8 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app HTTP 301
    http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/ HTTP 302
    http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/index.php?login_ga=NvoO2l5m7M5VRX42B8dSCjNc52EmvrSM175mvBujSDFg... HTTP 302
    http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/kL5ciuWinIXYVj7RO9wC9x1BA4zW30qd7PFgx98ETdx1O2uQylVRDGuOgcyTlO2... HTTP 301
    http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/kL5ciuWinIXYVj7RO9wC9x1BA4zW30qd7PFgx98ETdx1O2uQylVRDGuOgcyTlO2... HTTP 302
    http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/kL5ciuWinIXYVj7RO9wC9x1BA4zW30qd7PFgx98ETdx1O2uQylVRDGuOgcyTlO2... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Page Statistics

8
Requests

50 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

182 kB
Transfer

334 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app HTTP 301
    http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/ HTTP 302
    http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/index.php?login_ga=NvoO2l5m7M5VRX42B8dSCjNc52EmvrSM175mvBujSDFgjznRDqc1KHSbKcR7958ceThiKiyuALWtNHlZqGfojnu4wF0zz64UvzMbfYun86j6Emin7Ty HTTP 302
    http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/kL5ciuWinIXYVj7RO9wC9x1BA4zW30qd7PFgx98ETdx1O2uQylVRDGuOgcyTlO27oiPUUh HTTP 301
    http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/kL5ciuWinIXYVj7RO9wC9x1BA4zW30qd7PFgx98ETdx1O2uQylVRDGuOgcyTlO27oiPUUh/ HTTP 302
    http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/kL5ciuWinIXYVj7RO9wC9x1BA4zW30qd7PFgx98ETdx1O2uQylVRDGuOgcyTlO27oiPUUh/8502691.php?login_ga=https.n27.elogin Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • http://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js HTTP 307
  • https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Request Chain 4
  • http://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js HTTP 307
  • https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js

8 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request 8502691.php
sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/kL5ciuWinIXYVj7RO9wC9x1BA4zW30qd7PFgx98ETdx1O2uQylVRDGuOgcyTlO27oiPUUh/
Redirect Chain
  • http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app
  • http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/
  • http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/index.php?login_ga=NvoO2l5m7M5VRX42B8dSCjNc52EmvrSM175mvBujSDFgjznRDqc1KHSbKcR7958ceThiKiyuALWtNHlZqGfojnu4wF0zz64UvzMbfYun86j6Emin7Ty
  • http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/kL5ciuWinIXYVj7RO9wC9x1BA4zW30qd7PFgx98ETdx1O2uQylVRDGuOgcyTlO27oiPUUh
  • http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/kL5ciuWinIXYVj7RO9wC9x1BA4zW30qd7PFgx98ETdx1O2uQylVRDGuOgcyTlO27oiPUUh/
  • http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/kL5ciuWinIXYVj7RO9wC9x1BA4zW30qd7PFgx98ETdx1O2uQylVRDGuOgcyTlO27oiPUUh/8502691.php?login_ga=https.n27.elogin
48 KB
10 KB
Document
General
Full URL
http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/kL5ciuWinIXYVj7RO9wC9x1BA4zW30qd7PFgx98ETdx1O2uQylVRDGuOgcyTlO27oiPUUh/8502691.php?login_ga=https.n27.elogin
Protocol
HTTP/1.1
Server
92.205.2.211 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS
ip-92-205-2-211.ip.secureserver.net
Software
Apache / PHP/7.4.16
Resource Hash
808389c43c0608cce7da4505e477666c0868f18a7dc22e0b92490c1aa8426a52

Request headers

Host
sxb1plvwcpnl474184.prod.sxb1.secureserver.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 18 Jun 2021 09:01:08 GMT
Server
Apache
X-Powered-By
PHP/7.4.16
Vary
Accept-Encoding,User-Agent
Content-Encoding
gzip
Content-Length
10050
Keep-Alive
timeout=5
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Fri, 18 Jun 2021 09:01:08 GMT
Server
Apache
X-Powered-By
PHP/7.4.16
location
8502691.php?login_ga=https.n27.elogin#auth.authorised=TssVnT0aaMnC2Gem7DnvZH7SfsVgRF2Mg186SCJ4wJj6RpfDRLVQfSFEQTzdxobA2Kt4Tp63u0PdJ3DtBXYhxvDNLoDM3OeMF73TNPjUgTLwCbCmOxo
Vary
User-Agent
Content-Length
0
Keep-Alive
timeout=5
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
GT-America-Standard-Regular.latin.woff2
sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/build/fonts/
13 KB
14 KB
Font
General
Full URL
http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/build/fonts/GT-America-Standard-Regular.latin.woff2
Requested by
Host: sxb1plvwcpnl474184.prod.sxb1.secureserver.net
URL: http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/kL5ciuWinIXYVj7RO9wC9x1BA4zW30qd7PFgx98ETdx1O2uQylVRDGuOgcyTlO27oiPUUh/8502691.php?login_ga=https.n27.elogin
Protocol
HTTP/1.1
Server
92.205.2.211 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS
ip-92-205-2-211.ip.secureserver.net
Software
Apache /
Resource Hash
57b016225d321a77e0a129515f4436a9bcd53cd6ba8dcd32a96b95ec55d7a785

Request headers

Pragma
no-cache
Origin
http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net
Accept-Encoding
gzip, deflate
Host
sxb1plvwcpnl474184.prod.sxb1.secureserver.net
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
*/*
Referer
http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/kL5ciuWinIXYVj7RO9wC9x1BA4zW30qd7PFgx98ETdx1O2uQylVRDGuOgcyTlO27oiPUUh/8502691.php?login_ga=https.n27.elogin
Connection
keep-alive
Cache-Control
no-cache
Origin
http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net
Referer
http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/kL5ciuWinIXYVj7RO9wC9x1BA4zW30qd7PFgx98ETdx1O2uQylVRDGuOgcyTlO27oiPUUh/8502691.php?login_ga=https.n27.elogin
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 18 Jun 2021 09:01:08 GMT
Content-Encoding
gzip
Last-Modified
Tue, 01 Jun 2021 15:10:22 GMT
Server
Apache
ETag
"42260b-3550-5c3b5bda8b380-gzip"
Vary
Accept-Encoding,User-Agent
Content-Type
font/woff2
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
13671
GT-America-Extended-Medium.latin.woff2
sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/build/fonts/
21 KB
21 KB
Font
General
Full URL
http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/build/fonts/GT-America-Extended-Medium.latin.woff2
Requested by
Host: sxb1plvwcpnl474184.prod.sxb1.secureserver.net
URL: http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/kL5ciuWinIXYVj7RO9wC9x1BA4zW30qd7PFgx98ETdx1O2uQylVRDGuOgcyTlO27oiPUUh/8502691.php?login_ga=https.n27.elogin
Protocol
HTTP/1.1
Server
92.205.2.211 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS
ip-92-205-2-211.ip.secureserver.net
Software
Apache /
Resource Hash
fdc5236b3efa02f88b747ff3d49c0a38a738f77d9d26bfa3046d2b284a0f305d

Request headers

Pragma
no-cache
Origin
http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net
Accept-Encoding
gzip, deflate
Host
sxb1plvwcpnl474184.prod.sxb1.secureserver.net
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
*/*
Referer
http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/kL5ciuWinIXYVj7RO9wC9x1BA4zW30qd7PFgx98ETdx1O2uQylVRDGuOgcyTlO27oiPUUh/8502691.php?login_ga=https.n27.elogin
Connection
keep-alive
Cache-Control
no-cache
Origin
http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net
Referer
http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/kL5ciuWinIXYVj7RO9wC9x1BA4zW30qd7PFgx98ETdx1O2uQylVRDGuOgcyTlO27oiPUUh/8502691.php?login_ga=https.n27.elogin
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 18 Jun 2021 09:01:08 GMT
Content-Encoding
gzip
Last-Modified
Tue, 01 Jun 2021 15:10:22 GMT
Server
Apache
ETag
"422605-52d8-5c3b5bda8b380-gzip"
Vary
Accept-Encoding,User-Agent
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Content-Type
font/woff2
Keep-Alive
timeout=5
Content-Length
21231
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/
30 KB
6 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: sxb1plvwcpnl474184.prod.sxb1.secureserver.net
URL: http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/kL5ciuWinIXYVj7RO9wC9x1BA4zW30qd7PFgx98ETdx1O2uQylVRDGuOgcyTlO27oiPUUh/8502691.php?login_ga=https.n27.elogin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 18 Jun 2021 09:01:08 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
728811
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
5631
cf-request-id
0abff357ac0000e0039f83b000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-7918"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=kaWoiQW05QhwDA38VxiynSP%2FeVxf7eZNUcJO%2BN07iOGY5alBYUtcrNF6KFJwCVi%2BmdYQ6DlQWWfI4G1hcxjPduR%2FZ18YvC%2BbxvYnT9QeZiKtwu%2FNrZXjeXCL4qjVE2gHJWneU5RolsO3Ui4EIg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
661354d2ae92e003-FRA
expires
Wed, 08 Jun 2022 09:01:08 GMT
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/
Redirect Chain
  • http://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
  • https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
48 KB
13 KB
Script
General
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Requested by
Host: sxb1plvwcpnl474184.prod.sxb1.secureserver.net
URL: http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/kL5ciuWinIXYVj7RO9wC9x1BA4zW30qd7PFgx98ETdx1O2uQylVRDGuOgcyTlO27oiPUUh/8502691.php?login_ga=https.n27.elogin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 18 Jun 2021 09:01:08 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
601, 617
age
7559494
cdn-cachedat
2021-03-11 11:57:51
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0abff357b300002c01bf262000000001
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:04 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
0d7daa950b710f1e2e1cbb721e8e464e
cf-ray
661354d2b9402c01-FRA
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True

Redirect headers

Location
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Non-Authoritative-Reason
HSTS
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/
Redirect Chain
  • http://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
  • https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
85 KB
27 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Requested by
Host: sxb1plvwcpnl474184.prod.sxb1.secureserver.net
URL: http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/kL5ciuWinIXYVj7RO9wC9x1BA4zW30qd7PFgx98ETdx1O2uQylVRDGuOgcyTlO27oiPUUh/8502691.php?login_ga=https.n27.elogin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 18 Jun 2021 09:01:08 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
1947112
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
27277
cf-request-id
0abff357ad0000e003d2bc8000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:48 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec4-15283"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=5wkA9%2BFphLklOWzWus2JW6eYNzTR5UATjI2H8Bxoqb2wqHNuh0Pdty1F24ml%2F1je8sLDoHxV2ptBZLHVnmstF2%2FeLoTVCQaMQL08U4gqzjXAXIAklXY0Vpup09eLaj4HfYA6G%2FpUeytOfeO6pg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
661354d2ae95e003-FRA
expires
Wed, 08 Jun 2022 09:01:08 GMT

Redirect headers

Location
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Non-Authoritative-Reason
HSTS
GT-America-Standard-Medium.latin.woff2
sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/build/fonts/
14 KB
14 KB
Font
General
Full URL
http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/build/fonts/GT-America-Standard-Medium.latin.woff2
Requested by
Host: sxb1plvwcpnl474184.prod.sxb1.secureserver.net
URL: http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/kL5ciuWinIXYVj7RO9wC9x1BA4zW30qd7PFgx98ETdx1O2uQylVRDGuOgcyTlO27oiPUUh/8502691.php?login_ga=https.n27.elogin
Protocol
HTTP/1.1
Server
92.205.2.211 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS
ip-92-205-2-211.ip.secureserver.net
Software
Apache /
Resource Hash
e1c2d323b6b5d86a647a34092f9c18b935f807b46f924578865a738f7b518f10

Request headers

Pragma
no-cache
Origin
http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net
Accept-Encoding
gzip, deflate
Host
sxb1plvwcpnl474184.prod.sxb1.secureserver.net
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
*/*
Referer
http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/kL5ciuWinIXYVj7RO9wC9x1BA4zW30qd7PFgx98ETdx1O2uQylVRDGuOgcyTlO27oiPUUh/8502691.php?login_ga=https.n27.elogin
Connection
keep-alive
Cache-Control
no-cache
Origin
http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net
Referer
http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net/~serv2/app/n/kL5ciuWinIXYVj7RO9wC9x1BA4zW30qd7PFgx98ETdx1O2uQylVRDGuOgcyTlO27oiPUUh/8502691.php?login_ga=https.n27.elogin
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 18 Jun 2021 09:01:08 GMT
Content-Encoding
gzip
Last-Modified
Tue, 01 Jun 2021 15:10:22 GMT
Server
Apache
ETag
"422609-3830-5c3b5bda8b380-gzip"
Vary
Accept-Encoding,User-Agent
Content-Type
font/woff2
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
14407
fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/
75 KB
76 KB
Font
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Origin
http://sxb1plvwcpnl474184.prod.sxb1.secureserver.net
Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 18 Jun 2021 09:01:08 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
1258342
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
77160
cf-request-id
0abff357ea00000eb377920000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-12d68"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=rAx3pP%2FmX2Cxq0m92fYyEd1gYtpZ%2F0aEjkdH8l%2BgP2Sx1N%2FdS7hIE5c6AughhF%2FxCfV%2Fl5A8BwdEo3jfqtMXL5cmrfdyF9Qo%2FAX3hYumPSXJoRgNYwdVfkGEJq1IrwGRENB7rQl3Q42fJxEPYw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
661354d30b2a0eb3-FRA
expires
Wed, 08 Jun 2022 09:01:08 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: N26 (Banking)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| bootstrap function| $ function| jQuery function| checkStatus function| checkUserLoggedIN

0 Cookies