209.141.41.20 Open in urlscan Pro
209.141.41.20 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://209.141.41.20/bro/eng/login.html
Submission: On November 02 via manual (November 2nd 2022, 9:36:58 pm UTC) from IN — Scanned from DE

Summary HTTP 24 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 24 HTTP transactions. The main IP is 209.141.41.20, located in Las Vegas, United States and belongs to PONYNET, US. The main domain is 209.141.41.20.

This is the only time 209.141.41.20 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: National Bank of Greece (Banking)

Domain & IP information

	IP Address	AS Autonomous System
22	209.141.41.20 209.141.41.20	53667 (PONYNET) (PONYNET)
1	2600:9000:214... 2600:9000:214f:9c00:1b:ef38:3680:21	16509 (AMAZON-02) (AMAZON-02)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3b	20446 (STACKPATH...) (STACKPATH-CDN)
24	3

22 209.141.41.20 (Las Vegas, United States)

ASN53667 (PONYNET, US)

209.141.41.20	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:9c00:1b:ef38:3680:21 (United States)

ASN16509 (AMAZON-02, US)

d21y75miwcfqoq.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 959	30 KB
1	cloudfront.net d21y75miwcfqoq.cloudfront.net	439 B
24	2

	Domain	Requested by
1	code.jquery.com	209.141.41.20
1	d21y75miwcfqoq.cloudfront.net	209.141.41.20
24	2

This site contains links to these domains. Also see Links.

Domain
www.nbg.gr
www.facebook.com
twitter.com
www.youtube.com
www.linkedin.com

Subject Issuer	Validity	Valid
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://209.141.41.20/bro/eng/login.html
Frame ID: B40F86E58F2890C345A85E1783C951FB
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

NBG i-bank

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

24
Requests

8 %
HTTPS

67 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

1444 kB
Transfer

4417 kB
Size

0
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://www.nbg.gr/Style%20Library/ReusableContent/privacy_statement.pdf
Title: εδώ

Search URL Search Domain Scan URL

URL: https://www.nbg.gr/greek/Pages/cookies_page.aspx
Title: Ρυθμίσεις Cookies

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ibanknbg

Search URL Search Domain Scan URL

URL: https://twitter.com/NationalBankGR

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCAwPZIUpdP3aIQlfw4bETLQ

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/national-bank-of-greece/

Search URL Search Domain Scan URL

URL: https://www.nbg.gr/en/contact/contact-form

Search URL Search Domain Scan URL

URL: https://www.nbg.gr/Style%20Library/ReusableContent/Privacy_statement_en.pdf
Title: Privacy Policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login.html Show response 209.141.41.20/bro/eng/	9 KB 3 KB	552ms 151ms	Document text/html	209.141.41.20 PONYNET
General Check archive.org Show headers Download Go to Full URL http://209.141.41.20/bro/eng/login.html Protocol HTTP/1.1 Server 209.141.41.20 Las Vegas, United States, ASN53667 (PONYNET, US), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `244881c5945a68a874485f994cc4bc2456044b9410f8fad7f82ad31b45d63538` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Encoding gzip Content-Length 3053 Content-Type text/html Date Wed, 02 Nov 2022 21:36:52 GMT ETag "2269-5d31e15eebb80-gzip" Keep-Alive timeout=5, max=100 Last-Modified Tue, 14 Dec 2021 16:57:34 GMT Server Apache/2.4.41 (Ubuntu) Vary Accept-Encoding
GET H/1.1	200 OK	style.ca526fce9e30c290bc50.css 209.141.41.20/bro/eng/dist/	202 KB 33 KB	164ms 164ms	Stylesheet text/css	209.141.41.20 PONYNET
General Check archive.org Show headers Download Go to Full URL http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css Requested by Host: 209.141.41.20 URL: http://209.141.41.20/bro/eng/login.html Protocol HTTP/1.1 Server 209.141.41.20 Las Vegas, United States, ASN53667 (PONYNET, US), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `19df7680322f127251b8b1a18a4a44c9948207b3861bf574b337a2eca41ec6d8` Request headers accept-language de-DE,de;q=0.9 Referer http://209.141.41.20/bro/eng/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Wed, 02 Nov 2022 21:36:52 GMT Content-Encoding gzip Last-Modified Tue, 14 Dec 2021 16:04:36 GMT Server Apache/2.4.41 (Ubuntu) ETag "3290f-5d31d58824d00-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 33826
GET H/1.1	200 OK	nbg.jquery.cookiebar.css 209.141.41.20/bro/eng/dist/	1 KB 842 B	302ms 151ms	Stylesheet text/css	209.141.41.20 PONYNET
General Check archive.org Show headers Download Go to Full URL http://209.141.41.20/bro/eng/dist/nbg.jquery.cookiebar.css Requested by Host: 209.141.41.20 URL: http://209.141.41.20/bro/eng/login.html Protocol HTTP/1.1 Server 209.141.41.20 Las Vegas, United States, ASN53667 (PONYNET, US), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `3da133631e21a5aeffab884ec8d9f33413bc8bcc5568450446e25052241a0343` Request headers accept-language de-DE,de;q=0.9 Referer http://209.141.41.20/bro/eng/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Wed, 02 Nov 2022 21:36:52 GMT Content-Encoding gzip Last-Modified Tue, 14 Dec 2021 16:04:36 GMT Server Apache/2.4.41 (Ubuntu) ETag "5ac-5d31d58824d00-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 506
GET H/1.1	200 OK	login-logo.el.png 209.141.41.20/bro/eng/dist/	26 KB 27 KB	163ms 151ms	Image image/png	209.141.41.20 PONYNET
General Check archive.org Show headers Download Go to Show image Full URL http://209.141.41.20/bro/eng/dist/login-logo.el.png Requested by Host: 209.141.41.20 URL: http://209.141.41.20/bro/eng/login.html Protocol HTTP/1.1 Server 209.141.41.20 Las Vegas, United States, ASN53667 (PONYNET, US), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `909457e7d2ab71d52c2fa3386917fee5031be62e179b01804940a6cc9f5d61ac` Request headers accept-language de-DE,de;q=0.9 Referer http://209.141.41.20/bro/eng/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Wed, 02 Nov 2022 21:36:52 GMT Last-Modified Tue, 14 Dec 2021 16:04:38 GMT Server Apache/2.4.41 (Ubuntu) ETag "691b-5d31d58a0d180" Content-Type image/png Content-Language el Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 26907
GET H2	200	c003107e d21y75miwcfqoq.cloudfront.net/	68 B 439 B	655ms 596ms	Image image/png	2600:9000:214f:9c00:1b:ef38:3680:21 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d21y75miwcfqoq.cloudfront.net/c003107e Requested by Host: 209.141.41.20 URL: http://209.141.41.20/bro/eng/login.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:214f:9c00:1b:ef38:3680:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058` Request headers accept-language de-DE,de;q=0.9 Referer http://209.141.41.20/bro/eng/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers date Wed, 02 Nov 2022 21:36:53 GMT via 1.1 f8895de4463e8d120a0f4b4a1f7703e4.cloudfront.net (CloudFront) last-modified Wed, 09 Dec 2020 14:53:47 GMT server AmazonS3 x-amz-cf-pop FRA53-C1 etag "91e42db1c66c0b276abf6234dc50b2eb" x-amz-server-side-encryption AES256 x-cache Miss from cloudfront content-type image/png cache-control no-cache, no-store accept-ranges bytes content-length 68 x-amz-cf-id GUOwLBF0ckH_XfvqyXuWmsV2D1gyRPX7Wp6kzOseqtAjIFsw2drkuw==
GET H/1.1	200 OK	vendor.ca526fce9e30c290bc50.js Show response 209.141.41.20/bro/eng/dist/	1 MB 335 KB	321ms 171ms	Script application/javascript	209.141.41.20 PONYNET
General Check archive.org Show headers Download Go to Full URL http://209.141.41.20/bro/eng/dist/vendor.ca526fce9e30c290bc50.js Requested by Host: 209.141.41.20 URL: http://209.141.41.20/bro/eng/login.html Protocol HTTP/1.1 Server 209.141.41.20 Las Vegas, United States, ASN53667 (PONYNET, US), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `a8c43d0ed4394bc536240ecfa13b5a8fb0ccbf31b7636cbd4deb4d1163874b71` Request headers accept-language de-DE,de;q=0.9 Referer http://209.141.41.20/bro/eng/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Wed, 02 Nov 2022 21:36:52 GMT Content-Encoding gzip Last-Modified Tue, 14 Dec 2021 16:04:38 GMT Server Apache/2.4.41 (Ubuntu) ETag "151926-5d31d58a0d180-gzip" Vary Accept-Encoding Transfer-Encoding chunked Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100
GET H/1.1	200 OK	app.ca526fce9e30c290bc50.js Show response 209.141.41.20/bro/eng/dist/	2 MB 457 KB	326ms 173ms	Script application/javascript	209.141.41.20 PONYNET
General Check archive.org Show headers Download Go to Full URL http://209.141.41.20/bro/eng/dist/app.ca526fce9e30c290bc50.js Requested by Host: 209.141.41.20 URL: http://209.141.41.20/bro/eng/login.html Protocol HTTP/1.1 Server 209.141.41.20 Las Vegas, United States, ASN53667 (PONYNET, US), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `fcf26f77bb08e015b03b904ae25a0745659a32f1d073a086cb8136f5a3da5602` Request headers accept-language de-DE,de;q=0.9 Referer http://209.141.41.20/bro/eng/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Wed, 02 Nov 2022 21:36:52 GMT Content-Encoding gzip Last-Modified Tue, 14 Dec 2021 16:04:40 GMT Server Apache/2.4.41 (Ubuntu) ETag "2216e1-5d31d58bf5600-gzip" Vary Accept-Encoding Transfer-Encoding chunked Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100
GET H2	200	jquery-3.4.1.min.js Show response code.jquery.com/	86 KB 30 KB	101ms 45ms	Script application/javascript	2001:4de0:ac18::1:a:3b STACKPATH-CDN
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.4.1.min.js Requested by Host: 209.141.41.20 URL: http://209.141.41.20/bro/eng/login.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (STACKPATH-CDN, US), Reverse DNS Software nginx / Resource Hash `0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a` Request headers accept-language de-DE,de;q=0.9 Referer http://209.141.41.20/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers date Wed, 02 Nov 2022 21:36:52 GMT content-encoding gzip last-modified Fri, 12 Aug 2022 13:47:02 GMT server nginx etag W/"62f659d6-15851" vary Accept-Encoding x-hw 1667425012.dop137.fr8.t,1667425012.cds158.fr8.hn,1667425012.cds236.fr8.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 30638
GET H/1.1	200 OK	CcaZ0AB Show response 209.141.41.20/bro/eng/dist/	77 KB 77 KB	336ms 168ms	Script text/plain	209.141.41.20 PONYNET
General Check archive.org Show headers Download Go to Full URL http://209.141.41.20/bro/eng/dist/CcaZ0AB Requested by Host: 209.141.41.20 URL: http://209.141.41.20/bro/eng/login.html Protocol HTTP/1.1 Server 209.141.41.20 Las Vegas, United States, ASN53667 (PONYNET, US), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `7923c5df4689d8e2b03d4b24349057eb7415f9d70b6cd91975fd19814b402821` Request headers accept-language de-DE,de;q=0.9 Referer http://209.141.41.20/bro/eng/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Wed, 02 Nov 2022 21:36:52 GMT Last-Modified Tue, 14 Dec 2021 16:04:40 GMT Server Apache/2.4.41 (Ubuntu) ETag "132fe-5d31d58bf5600" Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 78590
GET H/1.1	200 OK	jquery.cookiebar.js Show response 209.141.41.20/bro/eng/dist/	9 KB 3 KB	440ms 154ms	Script application/javascript	209.141.41.20 PONYNET
General Check archive.org Show headers Download Go to Full URL http://209.141.41.20/bro/eng/dist/jquery.cookiebar.js?rev=240519 Requested by Host: 209.141.41.20 URL: http://209.141.41.20/bro/eng/login.html Protocol HTTP/1.1 Server 209.141.41.20 Las Vegas, United States, ASN53667 (PONYNET, US), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `32ee55428b14817e64dc0dd6fcc14b628dad6f663359027b553680de06046d13` Request headers accept-language de-DE,de;q=0.9 Referer http://209.141.41.20/bro/eng/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Wed, 02 Nov 2022 21:36:52 GMT Content-Encoding gzip Last-Modified Tue, 14 Dec 2021 16:04:40 GMT Server Apache/2.4.41 (Ubuntu) ETag "2211-5d31d58bf5600-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 2643
GET H/1.1	200 OK	new-login-big.66c1b00b0c38dbef35ad2235cc7203a2.jpg 209.141.41.20/bro/eng/dist/images/	87 KB 87 KB	1051ms 150ms	Image image/jpeg	209.141.41.20 PONYNET
General Check archive.org Show headers Download Go to Show image Full URL http://209.141.41.20/bro/eng/dist/images/new-login-big.66c1b00b0c38dbef35ad2235cc7203a2.jpg Requested by Host: 209.141.41.20 URL: http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css Protocol HTTP/1.1 Server 209.141.41.20 Las Vegas, United States, ASN53667 (PONYNET, US), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `b6a641e96d081785173e64c24b36a0b3828c2b4ca65c82b872edcd0a5a3eb4b3` Request headers accept-language de-DE,de;q=0.9 Referer http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Wed, 02 Nov 2022 21:36:53 GMT Last-Modified Tue, 14 Dec 2021 16:51:34 GMT Server Apache/2.4.41 (Ubuntu) ETag "15b30-5d31e00799180" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=93 Content-Length 88880
GET H/1.1	200 OK	help-faq.09d363d89aba54167e4e163aef23d5bd.svg 209.141.41.20/bro/eng/dist/icons/	2 KB 3 KB	1028ms 150ms	Image image/svg+xml	209.141.41.20 PONYNET
General Check archive.org Show headers Download Go to Show image Full URL http://209.141.41.20/bro/eng/dist/icons/help-faq.09d363d89aba54167e4e163aef23d5bd.svg Requested by Host: 209.141.41.20 URL: http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css Protocol HTTP/1.1 Server 209.141.41.20 Las Vegas, United States, ASN53667 (PONYNET, US), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `161761d367e7686d40033c1a0daeb88006e9e90b676c3e1368362748a2791fda` Request headers accept-language de-DE,de;q=0.9 Referer http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Wed, 02 Nov 2022 21:36:53 GMT Last-Modified Tue, 14 Dec 2021 16:49:10 GMT Server Apache/2.4.41 (Ubuntu) ETag "9dd-5d31df7e44d80" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 2525
GET H/1.1	404 Not Found	visibility.d128f570a1a619be86a37334ffc80b37.svg 209.141.41.20/bro/eng/dist/icons/	275 B 275 B	1029ms 158ms	Image text/html	209.141.41.20 PONYNET
General Check archive.org Show headers Download Go to Show image Full URL http://209.141.41.20/bro/eng/dist/icons/visibility.d128f570a1a619be86a37334ffc80b37.svg Requested by Host: 209.141.41.20 URL: http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css Protocol HTTP/1.1 Server 209.141.41.20 Las Vegas, United States, ASN53667 (PONYNET, US), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `377f24c1fc13d0e129693d2496350b38538e92adaea19a25a487714fc2688d03` Request headers accept-language de-DE,de;q=0.9 Referer http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Wed, 02 Nov 2022 21:36:53 GMT Server Apache/2.4.41 (Ubuntu) Connection Keep-Alive Keep-Alive timeout=5, max=98 Content-Length 275 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	lock-circle.8d6ed53141c46ef004136125d2fdd5e8.svg 209.141.41.20/bro/eng/dist/icons/	1 KB 1 KB	919ms 155ms	Image image/svg+xml	209.141.41.20 PONYNET
General Check archive.org Show headers Download Go to Show image Full URL http://209.141.41.20/bro/eng/dist/icons/lock-circle.8d6ed53141c46ef004136125d2fdd5e8.svg Requested by Host: 209.141.41.20 URL: http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css Protocol HTTP/1.1 Server 209.141.41.20 Las Vegas, United States, ASN53667 (PONYNET, US), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `3e58030714e1fb747fe8762143cd2683e7e5857072762dec1d6f6ace912e44f4` Request headers accept-language de-DE,de;q=0.9 Referer http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Wed, 02 Nov 2022 21:36:53 GMT Last-Modified Tue, 14 Dec 2021 16:49:24 GMT Server Apache/2.4.41 (Ubuntu) ETag "48c-5d31df8b9ed00" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 1164
GET H/1.1	200 OK	fb.ab304d17b9496bc6b935c4432936bd0c.svg 209.141.41.20/bro/eng/dist/icons/	1 KB 1 KB	887ms 150ms	Image image/svg+xml	209.141.41.20 PONYNET
General Check archive.org Show headers Download Go to Show image Full URL http://209.141.41.20/bro/eng/dist/icons/fb.ab304d17b9496bc6b935c4432936bd0c.svg Requested by Host: 209.141.41.20 URL: http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css Protocol HTTP/1.1 Server 209.141.41.20 Las Vegas, United States, ASN53667 (PONYNET, US), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `ab9872644e58c312c6c45df79fd68e005b03423385801e0689d96cadbd0620bb` Request headers accept-language de-DE,de;q=0.9 Referer http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Wed, 02 Nov 2022 21:36:53 GMT Last-Modified Tue, 14 Dec 2021 16:48:02 GMT Server Apache/2.4.41 (Ubuntu) ETag "41d-5d31df3d6b480" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=94 Content-Length 1053
GET H/1.1	200 OK	twitter.82ce7df40056fcadd0606296fd2fd6cc.svg 209.141.41.20/bro/eng/dist/icons/	2 KB 2 KB	736ms 150ms	Image image/svg+xml	209.141.41.20 PONYNET
General Check archive.org Show headers Download Go to Show image Full URL http://209.141.41.20/bro/eng/dist/icons/twitter.82ce7df40056fcadd0606296fd2fd6cc.svg Requested by Host: 209.141.41.20 URL: http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css Protocol HTTP/1.1 Server 209.141.41.20 Las Vegas, United States, ASN53667 (PONYNET, US), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `a2f2447ea2c696232412fb46b12c8344dc93740b712a8689d324031e0428beb2` Request headers accept-language de-DE,de;q=0.9 Referer http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Wed, 02 Nov 2022 21:36:53 GMT Last-Modified Tue, 14 Dec 2021 16:48:04 GMT Server Apache/2.4.41 (Ubuntu) ETag "84d-5d31df3f53900" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 2125
GET H/1.1	200 OK	youtube.487fffeb171ea4b2b655013e3d76a6a7.svg 209.141.41.20/bro/eng/dist/icons/	3 KB 3 KB	923ms 151ms	Image image/svg+xml	209.141.41.20 PONYNET
General Check archive.org Show headers Download Go to Show image Full URL http://209.141.41.20/bro/eng/dist/icons/youtube.487fffeb171ea4b2b655013e3d76a6a7.svg Requested by Host: 209.141.41.20 URL: http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css Protocol HTTP/1.1 Server 209.141.41.20 Las Vegas, United States, ASN53667 (PONYNET, US), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `91dc715405d0bb25103890b512621749faeacf1fb13299fbda4eac81f15e7cab` Request headers accept-language de-DE,de;q=0.9 Referer http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Wed, 02 Nov 2022 21:36:53 GMT Last-Modified Tue, 14 Dec 2021 16:47:42 GMT Server Apache/2.4.41 (Ubuntu) ETag "bda-5d31df2a58780" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 3034
GET H/1.1	200 OK	linkedin.8d26e4a4e8edd5cb6c5ce18076102dc3.svg 209.141.41.20/bro/eng/dist/icons/	2 KB 2 KB	878ms 151ms	Image image/svg+xml	209.141.41.20 PONYNET
General Check archive.org Show headers Download Go to Show image Full URL http://209.141.41.20/bro/eng/dist/icons/linkedin.8d26e4a4e8edd5cb6c5ce18076102dc3.svg Requested by Host: 209.141.41.20 URL: http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css Protocol HTTP/1.1 Server 209.141.41.20 Las Vegas, United States, ASN53667 (PONYNET, US), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `724be1d544d3f4044e97e8e515f23c0f33f08e96e421021c6729947e62f10642` Request headers accept-language de-DE,de;q=0.9 Referer http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Wed, 02 Nov 2022 21:36:53 GMT Last-Modified Tue, 14 Dec 2021 16:47:46 GMT Server Apache/2.4.41 (Ubuntu) ETag "794-5d31df2e29080" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 1940
GET H/1.1	200 OK	email.58449ee1338aaa0ed3b91944e1c7812c.svg 209.141.41.20/bro/eng/dist/icons/	1 KB 2 KB	726ms 150ms	Image image/svg+xml	209.141.41.20 PONYNET
General Check archive.org Show headers Download Go to Show image Full URL http://209.141.41.20/bro/eng/dist/icons/email.58449ee1338aaa0ed3b91944e1c7812c.svg Requested by Host: 209.141.41.20 URL: http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css Protocol HTTP/1.1 Server 209.141.41.20 Las Vegas, United States, ASN53667 (PONYNET, US), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `1615a6f2e08b5edf2b9756ce02bf0e4be6b83860951c4beb9f1b4c0c39886be1` Request headers accept-language de-DE,de;q=0.9 Referer http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Wed, 02 Nov 2022 21:36:53 GMT Last-Modified Tue, 14 Dec 2021 16:47:48 GMT Server Apache/2.4.41 (Ubuntu) ETag "4e7-5d31df3011500" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 1255
GET H/1.1	200 OK	PFDinDisplayPro-Regular.840952ed9468a2c7444f89b6f748e734.woff2 209.141.41.20/bro/eng/dist/images/	87 KB 88 KB	285ms 150ms	Font font/woff2	209.141.41.20 PONYNET
General Check archive.org Show headers Download Go to Full URL http://209.141.41.20/bro/eng/dist/images/PFDinDisplayPro-Regular.840952ed9468a2c7444f89b6f748e734.woff2 Requested by Host: 209.141.41.20 URL: http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css Protocol HTTP/1.1 Server 209.141.41.20 Las Vegas, United States, ASN53667 (PONYNET, US), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `7a95f0a36d31f363f9789ef519f3c11b63b5ae3dc51d0a26bced8af0c1bd001d` Request headers Referer http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css Origin http://209.141.41.20 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Wed, 02 Nov 2022 21:36:52 GMT Last-Modified Tue, 14 Dec 2021 16:50:00 GMT Server Apache/2.4.41 (Ubuntu) ETag "15cf0-5d31dfadf3e00" Content-Type font/woff2 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 89328
GET H/1.1	200 OK	ibredesign.f0ceac6f3471ca7186d40de1d3e2f374.woff 209.141.41.20/bro/eng/dist/images/	10 KB 10 KB	295ms 151ms	Font font/woff	209.141.41.20 PONYNET
General Check archive.org Show headers Download Go to Full URL http://209.141.41.20/bro/eng/dist/images/ibredesign.f0ceac6f3471ca7186d40de1d3e2f374.woff Requested by Host: 209.141.41.20 URL: http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css Protocol HTTP/1.1 Server 209.141.41.20 Las Vegas, United States, ASN53667 (PONYNET, US), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `7eaddeb2eaff03e45ce46c2b46ebce3739fa54c7ccad58a640ca4f819eac5ef2` Request headers Referer http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css Origin http://209.141.41.20 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Wed, 02 Nov 2022 21:36:52 GMT Last-Modified Tue, 14 Dec 2021 16:50:02 GMT Server Apache/2.4.41 (Ubuntu) ETag "2730-5d31dfafdc280" Content-Type font/woff Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 10032
GET H/1.1	200 OK	PFDinDisplayPro-Medium.61e7fd90675f0eb31beed62b660edde2.woff2 209.141.41.20/bro/eng/dist/images/	92 KB 93 KB	445ms 150ms	Font font/woff2	209.141.41.20 PONYNET
General Check archive.org Show headers Download Go to Full URL http://209.141.41.20/bro/eng/dist/images/PFDinDisplayPro-Medium.61e7fd90675f0eb31beed62b660edde2.woff2 Requested by Host: 209.141.41.20 URL: http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css Protocol HTTP/1.1 Server 209.141.41.20 Las Vegas, United States, ASN53667 (PONYNET, US), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `657bea5fc93d3f34725e07ac72fd20201673054ebe4e88507efee5b8331d0305` Request headers Referer http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css Origin http://209.141.41.20 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Wed, 02 Nov 2022 21:36:53 GMT Last-Modified Tue, 14 Dec 2021 16:50:02 GMT Server Apache/2.4.41 (Ubuntu) ETag "17118-5d31dfafdc280" Content-Type font/woff2 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 94488
GET H/1.1	200 OK	PFDinDisplayPro-Light.23cdddacd0d56977093551f2faea9a13.woff2 209.141.41.20/bro/eng/dist/images/	93 KB 94 KB	458ms 153ms	Font font/woff2	209.141.41.20 PONYNET
General Check archive.org Show headers Download Go to Full URL http://209.141.41.20/bro/eng/dist/images/PFDinDisplayPro-Light.23cdddacd0d56977093551f2faea9a13.woff2 Requested by Host: 209.141.41.20 URL: http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css Protocol HTTP/1.1 Server 209.141.41.20 Las Vegas, United States, ASN53667 (PONYNET, US), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `9ffdc3a68b780337a39d808139258907be67d951cc439a149443e4da7b36129e` Request headers Referer http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css Origin http://209.141.41.20 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Wed, 02 Nov 2022 21:36:53 GMT Last-Modified Tue, 14 Dec 2021 16:49:58 GMT Server Apache/2.4.41 (Ubuntu) ETag "17570-5d31dfac0b980" Content-Type font/woff2 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 95600
GET H/1.1	200 OK	PFDinDisplayPro-Bold.97f76d8aeaf843ff0dc265092c4d465b.woff2 209.141.41.20/bro/eng/dist/images/	92 KB 92 KB	538ms 181ms	Font font/woff2	209.141.41.20 PONYNET
General Check archive.org Show headers Download Go to Full URL http://209.141.41.20/bro/eng/dist/images/PFDinDisplayPro-Bold.97f76d8aeaf843ff0dc265092c4d465b.woff2 Requested by Host: 209.141.41.20 URL: http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css Protocol HTTP/1.1 Server 209.141.41.20 Las Vegas, United States, ASN53667 (PONYNET, US), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `b9e0f337b1ab2be7a2461abcd17a50b5ac18c4a1c5b9b14cc7005d08df57b8dc` Request headers Referer http://209.141.41.20/bro/eng/dist/style.ca526fce9e30c290bc50.css Origin http://209.141.41.20 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Wed, 02 Nov 2022 21:36:53 GMT Last-Modified Tue, 14 Dec 2021 16:50:04 GMT Server Apache/2.4.41 (Ubuntu) ETag "17028-5d31dfb1c4700" Content-Type font/woff2 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 94248

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: National Bank of Greece (Banking)

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://209.141.41.20/bro/eng/dist/icons/visibility.d128f570a1a619be86a37334ffc80b37.svg Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
d21y75miwcfqoq.cloudfront.net
2001:4de0:ac18::1:a:3b
209.141.41.20
2600:9000:214f:9c00:1b:ef38:3680:21
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
1615a6f2e08b5edf2b9756ce02bf0e4be6b83860951c4beb9f1b4c0c39886be1
161761d367e7686d40033c1a0daeb88006e9e90b676c3e1368362748a2791fda
19df7680322f127251b8b1a18a4a44c9948207b3861bf574b337a2eca41ec6d8
244881c5945a68a874485f994cc4bc2456044b9410f8fad7f82ad31b45d63538
32ee55428b14817e64dc0dd6fcc14b628dad6f663359027b553680de06046d13
377f24c1fc13d0e129693d2496350b38538e92adaea19a25a487714fc2688d03
3da133631e21a5aeffab884ec8d9f33413bc8bcc5568450446e25052241a0343
3e58030714e1fb747fe8762143cd2683e7e5857072762dec1d6f6ace912e44f4
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
657bea5fc93d3f34725e07ac72fd20201673054ebe4e88507efee5b8331d0305
724be1d544d3f4044e97e8e515f23c0f33f08e96e421021c6729947e62f10642
7923c5df4689d8e2b03d4b24349057eb7415f9d70b6cd91975fd19814b402821
7a95f0a36d31f363f9789ef519f3c11b63b5ae3dc51d0a26bced8af0c1bd001d
7eaddeb2eaff03e45ce46c2b46ebce3739fa54c7ccad58a640ca4f819eac5ef2
909457e7d2ab71d52c2fa3386917fee5031be62e179b01804940a6cc9f5d61ac
91dc715405d0bb25103890b512621749faeacf1fb13299fbda4eac81f15e7cab
9ffdc3a68b780337a39d808139258907be67d951cc439a149443e4da7b36129e
a2f2447ea2c696232412fb46b12c8344dc93740b712a8689d324031e0428beb2
a8c43d0ed4394bc536240ecfa13b5a8fb0ccbf31b7636cbd4deb4d1163874b71
ab9872644e58c312c6c45df79fd68e005b03423385801e0689d96cadbd0620bb
b6a641e96d081785173e64c24b36a0b3828c2b4ca65c82b872edcd0a5a3eb4b3
b9e0f337b1ab2be7a2461abcd17a50b5ac18c4a1c5b9b14cc7005d08df57b8dc
fcf26f77bb08e015b03b904ae25a0745659a32f1d073a086cb8136f5a3da5602

209.141.41.20 Open in urlscan Pro 209.141.41.20 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

24 Requests

8 %HTTPS

67 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

1444 kBTransfer

4417 kBSize

0 Cookies

8 Outgoing links

Redirected requests

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

21 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

209.141.41.20 Open in urlscan Pro
209.141.41.20 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

24
Requests

8 %
HTTPS

67 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

1444 kB
Transfer

4417 kB
Size

0
Cookies

24 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!