nb-net.online Open in urlscan Pro
136.144.41.113 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://adlaw.jp/inc.php?fdMcsa
Effective URL:
https://nb-net.online/login?1
Submission: On March 07 via manual (March 7th 2022, 3:53:32 pm UTC) from PT — Scanned from JP

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 136.144.41.113, located in San Francisco, United States and belongs to AS_DELIS, US. The main domain is nb-net.online.
TLS certificate: Issued by R3 on March 6th 2022. Valid for: 3 months.

This is the only time nb-net.online was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Novobanco (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	163.44.187.151 163.44.187.151	7506 (INTERQ GM...) (INTERQ GMO Internet)
7	136.144.41.113 136.144.41.113	211252 (AS_DELIS) (AS_DELIS)
9	3

1 163.44.187.151 (Japan)

ASN7506 (INTERQ GMO Internet,Inc, JP)
PTR: www20.onamae.ne.jp

adlaw.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 136.144.41.113 (San Francisco, United States)

ASN211252 (AS_DELIS, US)

nb-net.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	nb-net.online nb-net.online	636 KB
1	adlaw.jp adlaw.jp	264 B
9	2

	Domain	Requested by
7	nb-net.online	nb-net.online
1	adlaw.jp
9	2

This site contains no links.

Subject Issuer	Validity	Valid
adlaw.jp R3	`2022-02-09` - `2022-05-10`	3 months	crt.sh
nb-net.online R3	`2022-03-06` - `2022-06-04`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://nb-net.online/login?1
Frame ID: C5B8DEC56EE307DCF0A6FDC1DC326529
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login NBnet | novobanco

Page URL History Show full URLs

https://adlaw.jp/inc.php?fdMcsa Page URL
https://nb-net.online/login?1 Page URL

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

<div class="[^"]*aem-Grid
/etc\.clientlibs/

Page Statistics

9
Requests

89 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

636 kB
Transfer

1508 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://adlaw.jp/inc.php?fdMcsa Page URL
https://nb-net.online/login?1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 inc.php Show response
adlaw.jp/ 76 B
264 B 8ms
2ms Document
text/html 163.44.187.151
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL

https://adlaw.jp/inc.php?fdMcsa

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

163.44.187.151 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),

Reverse DNS

www20.onamae.ne.jp

Software

nginx / PHP/7.1.33

Resource Hash

aa68e63e8e216a56096904a9836fec691f07251b21baf8dcc6b41dced1330ef9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: jp-JP,jp;q=0.9

Response headers

server: nginx
date: Mon, 07 Mar 2022 15:53:26 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache: HIT
content-encoding: gzip

GET
H/1.1 200
OK Primary Request login Show response
nb-net.online/ 11 KB
3 KB 917ms
258ms Document
text/html 136.144.41.113
AS_DELIS

General

Check archive.org

Show headers Download Go to

Full URL: https://nb-net.online/login?1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 136.144.41.113 San Francisco, United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 239315e34e3505de1711613e8e342ad396a97a92c74116b2aa64c37a3e92a594

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: jp-JP,jp;q=0.9
Referer: https://adlaw.jp/

Response headers

Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 07 Mar 2022 15:53:27 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
ETag: W/"2c76-KoEEMyaguatf4l+EBU7TNCO3F/g"
Vary: Accept-Encoding
Content-Encoding: gzip

GET
H/1.1 200
OK clientlib-base.lc-63b7e15262fa4bc16392c4ff620119c4-lc.min.css
nb-net.online/etc.clientlibs/novobancopublicsites/clientlibs/ 904 KB
83 KB 479ms
478ms Stylesheet
text/css 136.144.41.113
AS_DELIS

General

Check archive.org

Show headers Download Go to

Full URL: https://nb-net.online/etc.clientlibs/novobancopublicsites/clientlibs/clientlib-base.lc-63b7e15262fa4bc16392c4ff620119c4-lc.min.css
Requested by: Host: nb-net.online
URL: https://nb-net.online/login?1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 136.144.41.113 San Francisco, United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 88d34466c6999cb9aa100942dbd9f696ac0d70ba91bcc5700d49c575fc011c0f

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://nb-net.online/login?1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 07 Mar 2022 15:53:28 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Thu, 28 Oct 2021 16:51:46 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"e1fb4-17cc7d08cd0"
Transfer-Encoding: chunked
Content-Type: text/css; charset=UTF-8
Cache-Control: public, max-age=0
Connection: keep-alive
Accept-Ranges: bytes

GET skiptomaincontent.lc-15c8e6e0e8a432d5ad140592e0b96372-lc.min.css
nb-net.online/etc.clientlibs/core/wcm/components/page/v2/page/clientlibs/site/ 0
0

GET
H/1.1 200
OK novobanco-icons.svg
nb-net.online/etc.clientlibs/novobancopublicsites/clientlibs/clientlib-base/resources/ 61 KB
20 KB 250ms
250ms Other
image/svg+xml 136.144.41.113
AS_DELIS

General

Check archive.org

Show headers Download Go to

Full URL: https://nb-net.online/etc.clientlibs/novobancopublicsites/clientlibs/clientlib-base/resources/novobanco-icons.svg
Requested by: Host: nb-net.online
URL: https://nb-net.online/login?1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 136.144.41.113 San Francisco, United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 7a7c300249d7ebe0d8419609fdae3953325a9b51548c88be622665a1bdd6ce6d

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://nb-net.online/login?1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 07 Mar 2022 15:53:29 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Mon, 02 Aug 2021 22:01:10 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"f585-17b08e28c70"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: public, max-age=0
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK cq5dam.web.1280.1280.jpeg
nb-net.online/content/dam/novobancopublicsites/particulares/login_bg.jpeg/jcr:content/renditions/ 463 KB
463 KB 472ms
472ms Image
image/jpeg 136.144.41.113
AS_DELIS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nb-net.online/content/dam/novobancopublicsites/particulares/login_bg.jpeg/jcr:content/renditions/cq5dam.web.1280.1280.jpeg
Requested by: Host: nb-net.online
URL: https://nb-net.online/login?1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 136.144.41.113 San Francisco, United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 50b1758f17eca066d3c2e147a55c41368d67697adaee7c97f3c3d7706ac00393

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://nb-net.online/login?1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 07 Mar 2022 15:53:29 GMT
Last-Modified: Mon, 02 Aug 2021 22:02:07 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"73be7-17b08e36b18"
Content-Type: image/jpeg
Cache-Control: public, max-age=0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 474087

GET
H/1.1 200
OK NovobancoText-Book.woff
nb-net.online/etc.clientlibs/novobancopublicsites/clientlibs/clientlib-resources/resources/fonts/ 32 KB
32 KB 483ms
233ms Font
font/woff 136.144.41.113
AS_DELIS

General

Check archive.org

Show headers Download Go to

Full URL: https://nb-net.online/etc.clientlibs/novobancopublicsites/clientlibs/clientlib-resources/resources/fonts/NovobancoText-Book.woff
Requested by: Host: nb-net.online
URL: https://nb-net.online/etc.clientlibs/novobancopublicsites/clientlibs/clientlib-base.lc-63b7e15262fa4bc16392c4ff620119c4-lc.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 136.144.41.113 San Francisco, United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: ceaa2f8cc66bf5aa5e36a7cf28e9618c073db4896d60dfaf82f3b58e0a04b672

Request headers

Referer: https://nb-net.online/etc.clientlibs/novobancopublicsites/clientlibs/clientlib-base.lc-63b7e15262fa4bc16392c4ff620119c4-lc.min.css
Origin: https://nb-net.online
Accept-Language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 07 Mar 2022 15:53:29 GMT
Last-Modified: Mon, 02 Aug 2021 22:00:05 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"7fe8-17b08e18e88"
Content-Type: font/woff
Cache-Control: public, max-age=0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 32744

GET
H/1.1 200
OK NovobancoText-Medium.woff
nb-net.online/etc.clientlibs/novobancopublicsites/clientlibs/clientlib-resources/resources/fonts/ 32 KB
33 KB 906ms
457ms Font
font/woff 136.144.41.113
AS_DELIS

General

Check archive.org

Show headers Download Go to

Full URL: https://nb-net.online/etc.clientlibs/novobancopublicsites/clientlibs/clientlib-resources/resources/fonts/NovobancoText-Medium.woff
Requested by: Host: nb-net.online
URL: https://nb-net.online/etc.clientlibs/novobancopublicsites/clientlibs/clientlib-base.lc-63b7e15262fa4bc16392c4ff620119c4-lc.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 136.144.41.113 San Francisco, United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 63ec9237cef48b2cfd492b33ea283f8c80059761fa5cc1564e4c664f995e9223

Request headers

Referer: https://nb-net.online/etc.clientlibs/novobancopublicsites/clientlibs/clientlib-base.lc-63b7e15262fa4bc16392c4ff620119c4-lc.min.css
Origin: https://nb-net.online
Accept-Language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 07 Mar 2022 15:53:29 GMT
Last-Modified: Mon, 02 Aug 2021 22:05:12 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"8188-17b08e63dc0"
Content-Type: font/woff
Cache-Control: public, max-age=0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 33160

GET
H/1.1 200
OK original.svg
nb-net.online/content/dam/novobancopublicsites/logos/novobanco_negativo.svg/_jcr_content/renditions/ 4 KB
2 KB 654ms
238ms Image
image/svg+xml 136.144.41.113
AS_DELIS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nb-net.online/content/dam/novobancopublicsites/logos/novobanco_negativo.svg/_jcr_content/renditions/original.svg
Requested by: Host: nb-net.online
URL: https://nb-net.online/login?1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 136.144.41.113 San Francisco, United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: e6c646ee2dd1deee0befd3a421422abd8cb605fd7c69c4b0efc646472a1ed737

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://nb-net.online/login?1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 07 Mar 2022 15:53:29 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Thu, 28 Oct 2021 16:56:40 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"f38-17cc7d50940"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: public, max-age=0
Connection: keep-alive
Accept-Ranges: bytes

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: nb-net.online
URL: https://nb-net.online/etc.clientlibs/core/wcm/components/page/v2/page/clientlibs/site/skiptomaincontent.lc-15c8e6e0e8a432d5ad140592e0b96372-lc.min.css

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Novobanco (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://nb-net.online/login?1(Line 45) Message: Refused to apply style from 'https://nb-net.online/etc.clientlibs/core/wcm/components/page/v2/page/clientlibs/site/skiptomaincontent.lc-15c8e6e0e8a432d5ad140592e0b96372-lc.min.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adlaw.jp
nb-net.online
nb-net.online
136.144.41.113
163.44.187.151
239315e34e3505de1711613e8e342ad396a97a92c74116b2aa64c37a3e92a594
50b1758f17eca066d3c2e147a55c41368d67697adaee7c97f3c3d7706ac00393
63ec9237cef48b2cfd492b33ea283f8c80059761fa5cc1564e4c664f995e9223
7a7c300249d7ebe0d8419609fdae3953325a9b51548c88be622665a1bdd6ce6d
88d34466c6999cb9aa100942dbd9f696ac0d70ba91bcc5700d49c575fc011c0f
aa68e63e8e216a56096904a9836fec691f07251b21baf8dcc6b41dced1330ef9
ceaa2f8cc66bf5aa5e36a7cf28e9618c073db4896d60dfaf82f3b58e0a04b672
e6c646ee2dd1deee0befd3a421422abd8cb605fd7c69c4b0efc646472a1ed737

nb-net.online Open in urlscan Pro 136.144.41.113 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

89 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

636 kBTransfer

1508 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

1 Console Messages

Security Headers

Indicators

nb-net.online Open in urlscan Pro
136.144.41.113 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

89 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

636 kB
Transfer

1508 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!