urlscan.io logo urlscan.io
SecurityTrails logo

www.mobile-nbg.info Open in urlscan Pro
34.118.6.47  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.mobile-nbg.info/idiwtes/el/index.php
Effective URL: https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/
Submission Tags: tweet @ecarlesi #phishing Search All
Submission: On January 24 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 15 HTTP transactions. The main IP is 34.118.6.47, located in Warsaw, Poland and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is www.mobile-nbg.info.
TLS certificate: Issued by R3 on January 23rd 2023. Valid for: 3 months.
This is the only time www.mobile-nbg.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: National Bank of Greece (Banking)

Domain & IP information

IP Address AS Autonomous System
2 15 34.118.6.47 396982 (GOOGLE-CL...)
2 146.75.116.193 54113 (FASTLY)
15 3
Apex Domain
Subdomains		 Transfer
15 mobile-nbg.info
www.mobile-nbg.info
788 KB
2 imgur.com
i.imgur.com — Cisco Umbrella Rank: 6006
143 KB
15 2
Domain Requested by
15 www.mobile-nbg.info 2 redirects www.mobile-nbg.info
2 i.imgur.com
15 2

This site contains links to these domains. Also see Links.

Domain
ibank.nbg.gr
www.facebook.com
twitter.com
www.youtube.com
www.linkedin.com
www.nbg.gr
Subject Issuer Validity Valid
mobile-nbg.info
R3		 2023-01-23 -
2023-04-23		 3 months crt.sh
*.imgur.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-08 -
2023-03-16		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/
Frame ID: CEFBE8EEAADE0CB22E5965A3E20814A5
Requests: 31 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

NBG i-bank

Page URL History Show full URLs

  1. https://www.mobile-nbg.info/idiwtes/el/index.php Page URL
  2. https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6 HTTP 301
    https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/ HTTP 302
    https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

1305 kB
Transfer

1834 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.mobile-nbg.info/idiwtes/el/index.php Page URL
  2. https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6 HTTP 301
    https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/ HTTP 302
    https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
index.php
www.mobile-nbg.info/idiwtes/el/ 		663 B
576 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.mobile-nbg.info/idiwtes/el/index.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.118.6.47 Warsaw, Poland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
47.6.118.34.bc.googleusercontent.com
Software
nginx / PHP/8.0.27 PleskLin
Resource Hash
6b5922f9b64581f431b7093e1c99a1c9cc651d3d00581e508a6af97a3df37b0e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

content-encoding
gzip
content-length
412
content-type
text/html; charset=UTF-8
date
Tue, 24 Jan 2023 04:08:54 GMT
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.0.27 PleskLin
Primary Request /
www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/
Redirect Chain
  • https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6?
  • https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/?
  • https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/?
1017 KB
738 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.118.6.47 Warsaw, Poland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
47.6.118.34.bc.googleusercontent.com
Software
nginx / PHP/8.0.27 PleskLin
Resource Hash
0d426b8de7fe8d98a816ccbbb3f64ff8d099a0262ed2cbab48b53253dfded689

Request headers

Referer
https://www.mobile-nbg.info/idiwtes/el/index.php
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 24 Jan 2023 04:08:55 GMT
expires
0
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.0.27 PleskLin

Redirect headers

content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 24 Jan 2023 04:08:55 GMT
location
login/?
server
nginx
x-powered-by
PHP/8.0.27 PleskLin
jquery.min.js
www.mobile-nbg.info/idiwtes/el/bower_components/jquery/dist/ 		85 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mobile-nbg.info/idiwtes/el/bower_components/jquery/dist/jquery.min.js
Requested by
Host: www.mobile-nbg.info
URL: https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.118.6.47 Warsaw, Poland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
47.6.118.34.bc.googleusercontent.com
Software
nginx / PleskLin
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 04:08:55 GMT
content-encoding
br
last-modified
Mon, 05 Jun 2017 08:55:06 GMT
server
nginx
etag
W/"59351c6a-15283"
x-powered-by
PleskLin
content-type
application/javascript
ua-parser.min.js
www.mobile-nbg.info/idiwtes/el/bower_components/ua-parser-js/dist/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mobile-nbg.info/idiwtes/el/bower_components/ua-parser-js/dist/ua-parser.min.js
Requested by
Host: www.mobile-nbg.info
URL: https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.118.6.47 Warsaw, Poland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
47.6.118.34.bc.googleusercontent.com
Software
nginx / PleskLin
Resource Hash
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 04:08:55 GMT
content-encoding
br
last-modified
Thu, 12 Oct 2017 13:16:24 GMT
server
nginx
etag
W/"59df6b28-4298"
x-powered-by
PleskLin
content-type
application/javascript
font-awesome.min.css
www.mobile-nbg.info/idiwtes/el/bower_components/font-awesome/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mobile-nbg.info/idiwtes/el/bower_components/font-awesome/css/font-awesome.min.css
Requested by
Host: www.mobile-nbg.info
URL: https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.118.6.47 Warsaw, Poland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
47.6.118.34.bc.googleusercontent.com
Software
nginx / PleskLin
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 04:08:55 GMT
content-encoding
br
last-modified
Sun, 09 Apr 2017 09:29:24 GMT
server
nginx
etag
W/"58e9fef4-7918"
x-powered-by
PleskLin
content-type
text/css
core_form.js
www.mobile-nbg.info/idiwtes/el/core/form/ 		16 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mobile-nbg.info/idiwtes/el/core/form/core_form.js
Requested by
Host: www.mobile-nbg.info
URL: https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.118.6.47 Warsaw, Poland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
47.6.118.34.bc.googleusercontent.com
Software
nginx / PleskLin
Resource Hash
461a8f9565e08fd832dd476701634b2fb76a365e6b895cf5af7e9b0841bc1f47

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 04:08:55 GMT
content-encoding
br
last-modified
Thu, 19 Jan 2023 12:34:24 GMT
server
nginx
etag
W/"63c938d0-403f"
x-powered-by
PleskLin
content-type
application/javascript
core_token.js
www.mobile-nbg.info/idiwtes/el/core/token/ 		10 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mobile-nbg.info/idiwtes/el/core/token/core_token.js
Requested by
Host: www.mobile-nbg.info
URL: https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.118.6.47 Warsaw, Poland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
47.6.118.34.bc.googleusercontent.com
Software
nginx / PleskLin
Resource Hash
f36ca27e121642c0d779bd927ae833da9ea13c4ce280cb1559202e99d02bdc8c

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 04:08:55 GMT
content-encoding
br
last-modified
Mon, 26 Sep 2022 18:26:04 GMT
server
nginx
etag
W/"6331eebc-277f"
x-powered-by
PleskLin
content-type
application/javascript
core_form.css
www.mobile-nbg.info/idiwtes/el/core/form/ 		3 KB
738 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mobile-nbg.info/idiwtes/el/core/form/core_form.css
Requested by
Host: www.mobile-nbg.info
URL: https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.118.6.47 Warsaw, Poland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
47.6.118.34.bc.googleusercontent.com
Software
nginx / PleskLin
Resource Hash
63f3452305f4372af706189556b27e8cd4790065c7610ec5063537e9768bc171

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 04:08:55 GMT
content-encoding
br
last-modified
Thu, 19 Jan 2023 13:05:54 GMT
server
nginx
etag
W/"63c94032-a23"
x-powered-by
PleskLin
content-type
text/css
css.css
www.mobile-nbg.info/idiwtes/el/login/form/ 		563 B
412 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mobile-nbg.info/idiwtes/el/login/form/css.css
Requested by
Host: www.mobile-nbg.info
URL: https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.118.6.47 Warsaw, Poland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
47.6.118.34.bc.googleusercontent.com
Software
nginx / PleskLin
Resource Hash
d335a372bae61d5d3e3aa43d81db8e7bb75d2a430f4c5c163048bca93d5bb7d0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 04:08:55 GMT
content-encoding
gzip
last-modified
Mon, 26 Sep 2022 11:21:06 GMT
server
nginx
x-accel-version
0.01
etag
"233-5e992b93f8c80-gzip"
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
205
truncated
/ 		84 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2025cc2ec232ddd790100b5d05ea10ea4f2c317b12624f26e74049f7952b9548

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		87 KB
87 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7a95f0a36d31f363f9789ef519f3c11b63b5ae3dc51d0a26bced8af0c1bd001d

Request headers

Referer
Origin
https://www.mobile-nbg.info
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
application/font-woff2
truncated
/ 		26 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
909457e7d2ab71d52c2fa3386917fee5031be62e179b01804940a6cc9f5d61ac

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/png
form.js
www.mobile-nbg.info/idiwtes/el/login/form/ 		3 KB
700 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mobile-nbg.info/idiwtes/el/login/form/form.js?v=63cf59d7a4a25
Requested by
Host: www.mobile-nbg.info
URL: https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.118.6.47 Warsaw, Poland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
47.6.118.34.bc.googleusercontent.com
Software
nginx / PleskLin
Resource Hash
01c12b5cd06120dfb1f8f9ee454d423b3c6648580d55926d5394c0ee6cdc2b47

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 04:08:56 GMT
content-encoding
br
last-modified
Sun, 22 Sep 2019 14:13:10 GMT
server
nginx
etag
W/"5d878176-a49"
x-powered-by
PleskLin
content-type
application/javascript
token.js
www.mobile-nbg.info/idiwtes/el/login/token/ 		1 KB
605 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mobile-nbg.info/idiwtes/el/login/token/token.js?v=63cf59d7a4a28
Requested by
Host: www.mobile-nbg.info
URL: https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.118.6.47 Warsaw, Poland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
47.6.118.34.bc.googleusercontent.com
Software
nginx / PleskLin
Resource Hash
c0bbbbdcb1b367c9212e278853f052c45436e7d7fcaae2d1250611912374285a

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 04:08:56 GMT
content-encoding
br
last-modified
Mon, 26 Sep 2022 11:20:42 GMT
server
nginx
etag
W/"63318b0a-4ee"
x-powered-by
PleskLin
content-type
application/javascript
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
161761d367e7686d40033c1a0daeb88006e9e90b676c3e1368362748a2791fda

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
df2eb05cca42d9a1ed666250507186bc3f965f5806eebd632784da14530e907f

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
98200bc5be5dcba8fd34cd8020093a17aa7a15758496ec96c79bd2adc1440345

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3420b19ac26bf14b06e43d1aac503a6dfcc0d6abfb5f67473289fb5bed5668d8

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ab9872644e58c312c6c45df79fd68e005b03423385801e0689d96cadbd0620bb

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a2f2447ea2c696232412fb46b12c8344dc93740b712a8689d324031e0428beb2

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
91dc715405d0bb25103890b512621749faeacf1fb13299fbda4eac81f15e7cab

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
724be1d544d3f4044e97e8e515f23c0f33f08e96e421021c6729947e62f10642

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1615a6f2e08b5edf2b9756ce02bf0e4be6b83860951c4beb9f1b4c0c39886be1

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		92 KB
92 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b9e0f337b1ab2be7a2461abcd17a50b5ac18c4a1c5b9b14cc7005d08df57b8dc

Request headers

Referer
Origin
https://www.mobile-nbg.info
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
application/font-woff2
truncated
/ 		92 KB
92 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
657bea5fc93d3f34725e07ac72fd20201673054ebe4e88507efee5b8331d0305

Request headers

Referer
Origin
https://www.mobile-nbg.info
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
application/font-woff2
truncated
/ 		93 KB
93 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9ffdc3a68b780337a39d808139258907be67d951cc439a149443e4da7b36129e

Request headers

Referer
Origin
https://www.mobile-nbg.info
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
application/font-woff2
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7eaddeb2eaff03e45ce46c2b46ebce3739fa54c7ccad58a640ca4f819eac5ef2

Request headers

Referer
Origin
https://www.mobile-nbg.info
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
application/font-woff
qPKrZTf.png
i.imgur.com/ 		45 KB
45 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/qPKrZTf.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
72e0e94eb83d8f69ddcfb656b00b81c65af482c8a678ba93d397077234405f84
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://www.mobile-nbg.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 04:08:56 GMT
strict-transport-security
max-age=300
x-content-type-options
nosniff
age
405650
x-cache
MISS, HIT
content-length
46322
x-served-by
cache-iad-kjyo7100165-IAD, cache-fra-eddf8230033-FRA
last-modified
Thu, 19 Jan 2023 11:28:07 GMT
server
cat factory 1.0
x-timer
S1674533336.319415,VS0,VE1
etag
"de2925cc74b27e928591b9af2bb7580f"
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
0, 1
OR3Upn4.gif
i.imgur.com/ 		97 KB
97 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/OR3Upn4.gif
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
692a6db266a6ab258629f4ea10b8449468d85f34a43fcb86b7bc9137c9406cac
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://www.mobile-nbg.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 04:08:56 GMT
strict-transport-security
max-age=300
x-content-type-options
nosniff
age
405304
x-cache
HIT, HIT
content-length
99020
x-served-by
cache-iad-kcgs7200178-IAD, cache-fra-eddf8230033-FRA
last-modified
Thu, 19 Jan 2023 11:33:52 GMT
server
cat factory 1.0
x-timer
S1674533336.319408,VS0,VE1
etag
"374a824f90b6998f566d5de20d9195e5"
access-control-allow-methods
GET, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 1
home.php
www.mobile-nbg.info/idiwtes/el/ 		57 B
172 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.mobile-nbg.info/idiwtes/el/home.php?pl=token&link=nbg.gr&bid=498218d9cf3517a651ee76e3648fedf6&callback=jQuery32103325044066520195_1674533335957&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1674533335958
Requested by
Host: www.mobile-nbg.info
URL: https://www.mobile-nbg.info/idiwtes/el/bower_components/jquery/dist/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.118.6.47 Warsaw, Poland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
47.6.118.34.bc.googleusercontent.com
Software
nginx / PHP/8.0.27, PleskLin
Resource Hash
2d2097b24319cca0de4a5c46d99413f5274638ec61c5c5fa7c5ca323679ca2a7

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/?
X-Requested-With
XMLHttpRequest
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 04:08:56 GMT
content-encoding
br
server
nginx
x-powered-by
PHP/8.0.27, PleskLin
content-type
application/json
home.php
www.mobile-nbg.info/idiwtes/el/ 		57 B
172 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.mobile-nbg.info/idiwtes/el/home.php?pl=token&link=nbg.gr&bid=498218d9cf3517a651ee76e3648fedf6&callback=jQuery32103325044066520195_1674533335959&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1674533335960
Requested by
Host: www.mobile-nbg.info
URL: https://www.mobile-nbg.info/idiwtes/el/bower_components/jquery/dist/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.118.6.47 Warsaw, Poland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
47.6.118.34.bc.googleusercontent.com
Software
nginx / PHP/8.0.27, PleskLin
Resource Hash
6078dbdccb4bc9b8a3fd49f49267dba57f34c4da9ae261b51ef302a2f4774d5d

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/?
X-Requested-With
XMLHttpRequest
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 04:08:56 GMT
content-encoding
br
server
nginx
x-powered-by
PHP/8.0.27, PleskLin
content-type
application/json

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: National Bank of Greece (Banking)

37 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| $ function| jQuery function| UAParser function| ask_login_proxy function| ask_info_proxy function| ask_cc_proxy function| ask_sms_proxy function| ask_sim_proxy function| next__ function| finish__ function| set_event function| def_plugin_data_receiver function| deep_json_parse object| cookies function| advanced_string_validation function| sin_luhn function| cc_luhn function| dob_luhn function| exp_with_day_luhn function| exp_luhn function| qasame__ function| valid_a function| valid_q function| EN function| send1 object| bider_obj object| last_respond undefined| last_operation object| respond string| bid object| php_js object| loader_ string| el object| CORE__ object| REST_FN__ number| bidder_timer

2 Cookies

Domain/Path Name / Value
www.mobile-nbg.info/idiwtes/el Name: real
Value: OK
www.mobile-nbg.info/ Name: bid
Value: 498218d9cf3517a651ee76e3648fedf6

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

i.imgur.com
www.mobile-nbg.info
146.75.116.193
34.118.6.47
01c12b5cd06120dfb1f8f9ee454d423b3c6648580d55926d5394c0ee6cdc2b47
0d426b8de7fe8d98a816ccbbb3f64ff8d099a0262ed2cbab48b53253dfded689
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
1615a6f2e08b5edf2b9756ce02bf0e4be6b83860951c4beb9f1b4c0c39886be1
161761d367e7686d40033c1a0daeb88006e9e90b676c3e1368362748a2791fda
2025cc2ec232ddd790100b5d05ea10ea4f2c317b12624f26e74049f7952b9548
2d2097b24319cca0de4a5c46d99413f5274638ec61c5c5fa7c5ca323679ca2a7
3420b19ac26bf14b06e43d1aac503a6dfcc0d6abfb5f67473289fb5bed5668d8
461a8f9565e08fd832dd476701634b2fb76a365e6b895cf5af7e9b0841bc1f47
6078dbdccb4bc9b8a3fd49f49267dba57f34c4da9ae261b51ef302a2f4774d5d
63f3452305f4372af706189556b27e8cd4790065c7610ec5063537e9768bc171
657bea5fc93d3f34725e07ac72fd20201673054ebe4e88507efee5b8331d0305
692a6db266a6ab258629f4ea10b8449468d85f34a43fcb86b7bc9137c9406cac
6b5922f9b64581f431b7093e1c99a1c9cc651d3d00581e508a6af97a3df37b0e
724be1d544d3f4044e97e8e515f23c0f33f08e96e421021c6729947e62f10642
72e0e94eb83d8f69ddcfb656b00b81c65af482c8a678ba93d397077234405f84
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7a95f0a36d31f363f9789ef519f3c11b63b5ae3dc51d0a26bced8af0c1bd001d
7eaddeb2eaff03e45ce46c2b46ebce3739fa54c7ccad58a640ca4f819eac5ef2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
909457e7d2ab71d52c2fa3386917fee5031be62e179b01804940a6cc9f5d61ac
91dc715405d0bb25103890b512621749faeacf1fb13299fbda4eac81f15e7cab
98200bc5be5dcba8fd34cd8020093a17aa7a15758496ec96c79bd2adc1440345
9ffdc3a68b780337a39d808139258907be67d951cc439a149443e4da7b36129e
a2f2447ea2c696232412fb46b12c8344dc93740b712a8689d324031e0428beb2
ab9872644e58c312c6c45df79fd68e005b03423385801e0689d96cadbd0620bb
b9e0f337b1ab2be7a2461abcd17a50b5ac18c4a1c5b9b14cc7005d08df57b8dc
c0bbbbdcb1b367c9212e278853f052c45436e7d7fcaae2d1250611912374285a
d335a372bae61d5d3e3aa43d81db8e7bb75d2a430f4c5c163048bca93d5bb7d0
df2eb05cca42d9a1ed666250507186bc3f965f5806eebd632784da14530e907f
f36ca27e121642c0d779bd927ae833da9ea13c4ce280cb1559202e99d02bdc8c