bank-n26.com - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 7 HTTP transactions. The main IP is 2a00:f940:2:2:1:1:0:164, located in Russian Federation and belongs to AS-REG, RU. The main domain is bank-n26.com.
TLS certificate: Issued by GlobalSign GCC R3 DV TLS CA 2020 on February 14th 2022. Valid for: a year.

This is the only time bank-n26.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: N26 (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	185.46.9.68 185.46.9.68	197695 (AS-REG) (AS-REG)
6	2a00:f940:2:2... 2a00:f940:2:2:1:1:0:164	197695 (AS-REG) (AS-REG)
7	2

1 185.46.9.68 (Russian Federation)

ASN197695 (AS-REG, RU)
PTR: 185-46-9-68.cloudvps.regruhosting.ru

n26-my.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:f940:2:2:1:1:0:164 (Russian Federation)

ASN197695 (AS-REG, RU)

bank-n26.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	bank-n26.com bank-n26.com	12 KB
1	n26-my.com n26-my.com	338 B
7	2

	Domain	Requested by
6	bank-n26.com	bank-n26.com
1	n26-my.com
7	2

This site contains no links.

Subject Issuer	Validity	Valid
www.bank-n26.com GlobalSign GCC R3 DV TLS CA 2020	`2022-02-14` - `2023-03-18`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://bank-n26.com/myaccount/verified/card/login/
Frame ID: D6649240C302939D0582FB89864A718E
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login — N26

Page URL History Show full URLs

http://n26-my.com/send/verifid Page URL
https://bank-n26.com/myaccount/verified/card/login/ Page URL

Page Statistics

7
Requests

86 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

13 kB
Transfer

62 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://n26-my.com/send/verifid Page URL
https://bank-n26.com/myaccount/verified/card/login/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	verifid Show response n26-my.com/send/	112 B 338 B	150ms 73ms	Document text/html	185.46.9.68 AS-REG
General Check archive.org Show headers Download Go to Full URL http://n26-my.com/send/verifid Protocol HTTP/1.1 Server 185.46.9.68 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS 185-46-9-68.cloudvps.regruhosting.ru Software nginx/1.18.0 (Ubuntu) / Resource Hash `072c3176c7704b3c214a673dd80ac85a38cf9377a2f2041f2b0a03271596a821` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language it-IT,it;q=0.9 Response headers Server nginx/1.18.0 (Ubuntu) Date Tue, 15 Feb 2022 07:19:26 GMT Content-Length 112 Connection keep-alive Last-Modified Mon, 14 Feb 2022 09:52:57 GMT ETag "70-5d7f7618f47be" Accept-Ranges bytes
GET H2	200	Primary Request / Show response bank-n26.com/myaccount/verified/card/login/	6 KB 2 KB	296ms 88ms	Document text/html	2a00:f940:2:2:1:1:0:164 AS-REG
General Check archive.org Show headers Download Go to Full URL https://bank-n26.com/myaccount/verified/card/login/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:164 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / PHP/7.3.33 Resource Hash `a0026d68a9a254f8201a4999765c86fd7fa0bd0307ce9be8010624522edb4328` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language it-IT,it;q=0.9 Referer http://n26-my.com/ Response headers server nginx date Tue, 15 Feb 2022 07:19:27 GMT content-type text/html; charset=UTF-8 vary Accept-Encoding x-powered-by PHP/7.3.33 content-encoding gzip
GET H2	200	Login_style.css bank-n26.com/myaccount/verified/card/css/	43 KB 7 KB	65ms 65ms	Stylesheet text/css	2a00:f940:2:2:1:1:0:164 AS-REG
General Check archive.org Show headers Download Go to Full URL https://bank-n26.com/myaccount/verified/card/css/Login_style.css Requested by Host: bank-n26.com URL: https://bank-n26.com/myaccount/verified/card/login/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:164 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash `2e2a2b4e8f892fd49bce74204cb3fb2de790628e34f4885dd12ea282428be0c9` Request headers Accept-Language it-IT,it;q=0.9 Referer https://bank-n26.com/myaccount/verified/card/login/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 07:19:27 GMT content-encoding gzip last-modified Mon, 14 Feb 2022 08:54:21 GMT server nginx etag W/"620a18bd-aabf" vary Accept-Encoding content-type text/css cache-control max-age=3888000 expires Fri, 01 Apr 2022 07:19:27 GMT
GET H2	200	Login_form.css bank-n26.com/myaccount/verified/card/css/	14 KB 3 KB	66ms 66ms	Stylesheet text/css	2a00:f940:2:2:1:1:0:164 AS-REG
General Check archive.org Show headers Download Go to Full URL https://bank-n26.com/myaccount/verified/card/css/Login_form.css Requested by Host: bank-n26.com URL: https://bank-n26.com/myaccount/verified/card/login/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:164 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash `5894adfa35e4a565b189669629163fa22fd4f0f7cff655d5f53949af775eacc2` Request headers Accept-Language it-IT,it;q=0.9 Referer https://bank-n26.com/myaccount/verified/card/login/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 07:19:27 GMT content-encoding gzip last-modified Mon, 14 Feb 2022 08:54:21 GMT server nginx etag W/"620a18bd-3651" vary Accept-Encoding content-type text/css cache-control max-age=3888000 expires Fri, 01 Apr 2022 07:19:27 GMT
GET H2	404	GT-America-Standard-Bold.latin.woff2 bank-n26.com/build/fonts/	0 0	171ms 170ms	Font text/html	2a00:f940:2:2:1:1:0:164 AS-REG
General Check archive.org Show headers Download Go to Full URL https://bank-n26.com/build/fonts/GT-America-Standard-Bold.latin.woff2 Requested by Host: bank-n26.com URL: https://bank-n26.com/myaccount/verified/card/css/Login_style.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:164 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash Request headers Referer https://bank-n26.com/myaccount/verified/card/css/Login_style.css Origin https://bank-n26.com Accept-Language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 07:19:27 GMT content-encoding gzip server nginx vary Accept-Encoding content-type text/html; charset=utf-8
GET H2	404	GT-America-Standard-Regular.latin.woff2 bank-n26.com/build/fonts/	0 0	170ms 170ms	Font text/html	2a00:f940:2:2:1:1:0:164 AS-REG
General Check archive.org Show headers Download Go to Full URL https://bank-n26.com/build/fonts/GT-America-Standard-Regular.latin.woff2 Requested by Host: bank-n26.com URL: https://bank-n26.com/myaccount/verified/card/css/Login_style.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:164 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash Request headers Referer https://bank-n26.com/myaccount/verified/card/css/Login_style.css Origin https://bank-n26.com Accept-Language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 07:19:27 GMT content-encoding gzip server nginx vary Accept-Encoding content-type text/html; charset=utf-8
GET H2	404	GT-America-Standard-Medium.latin.woff2 bank-n26.com/build/fonts/	0 0	107ms 107ms	Font text/html	2a00:f940:2:2:1:1:0:164 AS-REG
General Check archive.org Show headers Download Go to Full URL https://bank-n26.com/build/fonts/GT-America-Standard-Medium.latin.woff2 Requested by Host: bank-n26.com URL: https://bank-n26.com/myaccount/verified/card/css/Login_style.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:164 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash Request headers Referer https://bank-n26.com/myaccount/verified/card/css/Login_style.css Origin https://bank-n26.com Accept-Language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 07:19:27 GMT content-encoding gzip server nginx vary Accept-Encoding content-type text/html; charset=utf-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: N26 (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://bank-n26.com/build/fonts/GT-America-Standard-Medium.latin.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://bank-n26.com/build/fonts/GT-America-Standard-Regular.latin.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://bank-n26.com/build/fonts/GT-America-Standard-Bold.latin.woff2 Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bank-n26.com
n26-my.com
185.46.9.68
2a00:f940:2:2:1:1:0:164
072c3176c7704b3c214a673dd80ac85a38cf9377a2f2041f2b0a03271596a821
2e2a2b4e8f892fd49bce74204cb3fb2de790628e34f4885dd12ea282428be0c9
5894adfa35e4a565b189669629163fa22fd4f0f7cff655d5f53949af775eacc2
a0026d68a9a254f8201a4999765c86fd7fa0bd0307ce9be8010624522edb4328

bank-n26.com Open in urlscan Pro 2a00:f940:2:2:1:1:0:164 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

7 Requests

86 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

13 kBTransfer

62 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

3 Console Messages

Indicators

bank-n26.com Open in urlscan Pro
2a00:f940:2:2:1:1:0:164 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

86 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

13 kB
Transfer

62 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!