curbaware.com Open in urlscan Pro
69.16.206.17 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://modernconceptsplans.com/it/docs/n/fm7/
Effective URL:
https://curbaware.com/DE/n26_fr-m3tri/n26-log.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbG...
Submission Tags: 7470324
Submission: On March 24 via api (March 24th 2022, 8:05:33 am UTC) from US — Scanned from IT

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 3 domains to perform 8 HTTP transactions. The main IP is 69.16.206.17, located in United States and belongs to LIQUIDWEB, US. The main domain is curbaware.com.
TLS certificate: Issued by R3 on February 6th 2022. Valid for: 3 months.

This is the only time curbaware.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: N26 (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	192.249.115.234 192.249.115.234	22611 (INMOTION) (INMOTION)
1	46.105.201.240 46.105.201.240	16276 (OVH) (OVH)
1	198.27.80.143 198.27.80.143	16276 (OVH) (OVH)
1 4	69.16.206.17 69.16.206.17	32244 (LIQUIDWEB) (LIQUIDWEB)
8	5

1 192.249.115.234 (United States)

ASN22611 (INMOTION, US)
PTR: ded5421.inmotionhosting.com

modernconceptsplans.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.201.240 (France)

ASN16276 (OVH, FR)

s10.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.27.80.143 (Canada)

ASN16276 (OVH, FR)
PTR: ns558056.ip-198-27-80.net

s4.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.16.206.17 (United States) 1 redirects

ASN32244 (LIQUIDWEB, US)
PTR: host3.sampleaday.com

curbaware.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	curbaware.com 1 redirects curbaware.com	52 KB
2	histats.com s10.histats.com — Cisco Umbrella Rank: 17418 s4.histats.com — Cisco Umbrella Rank: 14980	5 KB
1	modernconceptsplans.com modernconceptsplans.com	485 B
8	3

	Domain	Requested by
4	curbaware.com	1 redirects modernconceptsplans.com curbaware.com
1	s4.histats.com	s10.histats.com
1	s10.histats.com	modernconceptsplans.com
1	modernconceptsplans.com
8	4

This site contains no links.

Subject Issuer	Validity	Valid
modernconceptsplans.com cPanel, Inc. Certification Authority	`2022-01-27` - `2022-04-27`	3 months	crt.sh
histats.com R3	`2022-01-21` - `2022-04-21`	3 months	crt.sh
www.curbaware.com R3	`2022-02-06` - `2022-05-07`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://curbaware.com/DE/n26_fr-m3tri/n26-log.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2MTkyLjE0NS4xMjcuMjE1MjAyMjpNYXI6VGh1
Frame ID: B868B3B276EF2097451A900A7BCED518
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Effettua l’accesso — N26

Page URL History Show full URLs

https://modernconceptsplans.com/it/docs/n/fm7/ Page URL
https://curbaware.com/DE/n26_fr-m3tri/ HTTP 302
https://curbaware.com/DE/n26_fr-m3tri/n26-log.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

75 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

5
IPs

3
Countries

57 kB
Transfer

144 kB
Size

7
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://modernconceptsplans.com/it/docs/n/fm7/ Page URL
https://curbaware.com/DE/n26_fr-m3tri/ HTTP 302
https://curbaware.com/DE/n26_fr-m3tri/n26-log.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2MTkyLjE0NS4xMjcuMjE1MjAyMjpNYXI6VGh1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response modernconceptsplans.com/it/docs/n/fm7/	790 B 485 B	1192ms 343ms	Document text/html	192.249.115.234 INMOTION
General Check archive.org Show headers Download Go to Full URL https://modernconceptsplans.com/it/docs/n/fm7/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.249.115.234 , United States, ASN22611 (INMOTION, US), Reverse DNS ded5421.inmotionhosting.com Software nginx/1.21.6 / Resource Hash `790d55cc54a59b8bc30e32c9b4fa3805f3dc2a8083f172cdf948ddfa995876b6` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language it-IT,it;q=0.9 Response headers server nginx/1.21.6 date Thu, 24 Mar 2022 08:05:28 GMT content-type text/html; charset=UTF-8 vary Accept-Encoding x-proxy-cache HIT content-encoding br
GET H2	200	js15_as.js Show response s10.histats.com/	11 KB 4 KB	109ms 28ms	Script text/javascript	46.105.201.240 OVH
General Check archive.org Show headers Download Go to Full URL https://s10.histats.com/js15_as.js Requested by Host: modernconceptsplans.com URL: https://modernconceptsplans.com/it/docs/n/fm7/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 46.105.201.240 , France, ASN16276 (OVH, FR), Reverse DNS Software / Resource Hash `2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede` Request headers Accept-Language it-IT,it;q=0.9 Referer https://modernconceptsplans.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Thu, 24 Mar 2022 08:01:34 GMT content-encoding br last-modified Thu, 16 Apr 2020 10:44:16 GMT x-cdn-pop-ip 137.74.120.0/27 etag "-375139978" x-cacheable Matched cache content-type text/javascript x-cdn-pop sbg accept-ranges bytes content-length 4364 x-request-id 371332628
GET H/1.1	200 OK	0.php Show response s4.histats.com/stats/	49 B 183 B	356ms 115ms	Script text/html	198.27.80.143 OVH
General Check archive.org Show headers Download Go to Full URL https://s4.histats.com/stats/0.php?4033322&@f16&@g1&@h1&@i1&@j1648109128660&@k0&@l1&@m&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:-5672539&@b3:1648109129&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fmodernconceptsplans.com%2Fit%2Fdocs%2Fn%2Ffm7%2F&@w Requested by Host: s10.histats.com URL: https://s10.histats.com/js15_as.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.27.80.143 , Canada, ASN16276 (OVH, FR), Reverse DNS ns558056.ip-198-27-80.net Software / Resource Hash `a3eacd88c2c5f0475470205e3337fa3e04d7337ba02aec7ed06e363b670e05bf` Request headers Accept-Language it-IT,it;q=0.9 Referer https://modernconceptsplans.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Thu, 24 Mar 2022 08:05:28 GMT Connection close Content-Length 49 Content-Type text/html;charset=UTF-8
GET H2	200	Primary Request n26-log.php Show response curbaware.com/DE/n26_fr-m3tri/ Redirect Chain https://curbaware.com/DE/n26_fr-m3tri/ https://curbaware.com/DE/n26_fr-m3tri/n26-log.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhc...	32 KB 8 KB	593ms 593ms	Document text/html	69.16.206.17 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://curbaware.com/DE/n26_fr-m3tri/n26-log.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2MTkyLjE0NS4xMjcuMjE1MjAyMjpNYXI6VGh1 Requested by Host: modernconceptsplans.com URL: https://modernconceptsplans.com/it/docs/n/fm7/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 69.16.206.17 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS host3.sampleaday.com Software Apache/2.4.53 (cPanel) OpenSSL/1.1.1n mod_bwlimited/1.4 mod_fcgid/2.3.9 / Resource Hash `12dc66f769a90d79fcf663ea7d9ad417705f2a387690a175a5d37a15e6ba5df6` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language it-IT,it;q=0.9 Referer https://modernconceptsplans.com/ Response headers vary Accept-Encoding cache-control max-age=600 expires Thu, 24 Mar 2022 08:15:30 GMT content-encoding br referrer-policy no-referrer-when-downgrade content-length 7965 content-type text/html; charset=UTF-8 date Thu, 24 Mar 2022 08:05:30 GMT server Apache/2.4.53 (cPanel) OpenSSL/1.1.1n mod_bwlimited/1.4 mod_fcgid/2.3.9 Redirect headers vary Accept-Encoding location n26-log.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2MTkyLjE0NS4xMjcuMjE1MjAyMjpNYXI6VGh1 cache-control max-age=600 expires Thu, 24 Mar 2022 08:15:29 GMT content-encoding br referrer-policy no-referrer-when-downgrade content-length 8 content-type text/html; charset=UTF-8 date Thu, 24 Mar 2022 08:05:29 GMT server Apache/2.4.53 (cPanel) OpenSSL/1.1.1n mod_bwlimited/1.4 mod_fcgid/2.3.9
GET H2	200	jquery.min.js Show response curbaware.com/DE/n26_fr-m3tri/n26_files/	86 KB 30 KB	332ms 332ms	Script application/x-javascript	69.16.206.17 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://curbaware.com/DE/n26_fr-m3tri/n26_files/jquery.min.js Requested by Host: curbaware.com URL: https://curbaware.com/DE/n26_fr-m3tri/n26-log.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2MTkyLjE0NS4xMjcuMjE1MjAyMjpNYXI6VGh1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 69.16.206.17 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS host3.sampleaday.com Software Apache/2.4.53 (cPanel) OpenSSL/1.1.1n mod_bwlimited/1.4 mod_fcgid/2.3.9 / Resource Hash `2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a` Request headers Accept-Language it-IT,it;q=0.9 Referer https://curbaware.com/DE/n26_fr-m3tri/n26-log.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2MTkyLjE0NS4xMjcuMjE1MjAyMjpNYXI6VGh1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Thu, 24 Mar 2022 08:05:30 GMT content-encoding gzip referrer-policy no-referrer-when-downgrade last-modified Wed, 23 Mar 2022 08:43:33 GMT server Apache/2.4.53 (cPanel) OpenSSL/1.1.1n mod_bwlimited/1.4 mod_fcgid/2.3.9 etag "15851-5dadeb97b1740-gzip" vary Accept-Encoding content-type application/x-javascript cache-control max-age=31536000 accept-ranges bytes content-length 30679 expires Fri, 24 Mar 2023 08:05:30 GMT
GET H2	200	GT-America-Standard-Regular.latin.woff2 curbaware.com/DE/n26_fr-m3tri/n26_files/	13 KB 14 KB	193ms 193ms	Font application/font-woff2	69.16.206.17 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://curbaware.com/DE/n26_fr-m3tri/n26_files/GT-America-Standard-Regular.latin.woff2 Requested by Host: curbaware.com URL: https://curbaware.com/DE/n26_fr-m3tri/n26-log.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2MTkyLjE0NS4xMjcuMjE1MjAyMjpNYXI6VGh1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 69.16.206.17 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS host3.sampleaday.com Software Apache/2.4.53 (cPanel) OpenSSL/1.1.1n mod_bwlimited/1.4 mod_fcgid/2.3.9 / Resource Hash `57b016225d321a77e0a129515f4436a9bcd53cd6ba8dcd32a96b95ec55d7a785` Request headers Referer https://curbaware.com/DE/n26_fr-m3tri/n26-log.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2MTkyLjE0NS4xMjcuMjE1MjAyMjpNYXI6VGh1 Origin https://curbaware.com Accept-Language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Thu, 24 Mar 2022 08:05:30 GMT content-encoding br referrer-policy no-referrer-when-downgrade server Apache/2.4.53 (cPanel) OpenSSL/1.1.1n mod_bwlimited/1.4 mod_fcgid/2.3.9 etag "3550-5dadeb97b1740-br" vary Accept-Encoding content-type application/font-woff2 cache-control max-age=31536000 accept-ranges bytes content-length 13652 expires Fri, 24 Mar 2023 08:05:30 GMT
GET		GT-America-Standard-Bold.latin.woff2 curbaware.com/DE/n26_fr-m3tri/n26_files/	0 0

GET		GT-America-Standard-Medium.latin.woff2 curbaware.com/DE/n26_fr-m3tri/n26_files/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: curbaware.com
URL: https://curbaware.com/DE/n26_fr-m3tri/n26_files/GT-America-Standard-Bold.latin.woff2

Domain: curbaware.com
URL: https://curbaware.com/DE/n26_fr-m3tri/n26_files/GT-America-Standard-Medium.latin.woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: N26 (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
modernconceptsplans.com/	1970-01-20 10:34:05	Name: HstCfa4033322 Value: 1648109128660
modernconceptsplans.com/	1970-01-20 10:34:05	Name: HstCla4033322 Value: 1648109128660
modernconceptsplans.com/	1970-01-20 10:34:05	Name: HstCmu4033322 Value: 1648109128660
modernconceptsplans.com/	1970-01-20 10:34:05	Name: HstPn4033322 Value: 1
modernconceptsplans.com/	1970-01-20 10:34:05	Name: HstPt4033322 Value: 1
modernconceptsplans.com/	1970-01-20 10:34:05	Name: HstCnv4033322 Value: 1
modernconceptsplans.com/	1970-01-20 10:34:05	Name: HstCns4033322 Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

curbaware.com
modernconceptsplans.com
s10.histats.com
s4.histats.com
curbaware.com
192.249.115.234
198.27.80.143
46.105.201.240
69.16.206.17
12dc66f769a90d79fcf663ea7d9ad417705f2a387690a175a5d37a15e6ba5df6
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
57b016225d321a77e0a129515f4436a9bcd53cd6ba8dcd32a96b95ec55d7a785
790d55cc54a59b8bc30e32c9b4fa3805f3dc2a8083f172cdf948ddfa995876b6
a3eacd88c2c5f0475470205e3337fa3e04d7337ba02aec7ed06e363b670e05bf

curbaware.com Open in urlscan Pro 69.16.206.17 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

75 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

5 IPs

3 Countries

57 kBTransfer

144 kBSize

7 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

7 Cookies

Indicators

curbaware.com Open in urlscan Pro
69.16.206.17 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

75 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

5
IPs

3
Countries

57 kB
Transfer

144 kB
Size

7
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!