www.mobile-nbg.info
Open in
urlscan Pro
34.118.6.47
Malicious Activity!
Public Scan
Effective URL: https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/
Submission Tags: tweet @ecarlesi #phishing Search All
Submission: On January 24 via api from FI — Scanned from FI
Summary
TLS certificate: Issued by R3 on January 23rd 2023. Valid for: 3 months.
This is the only time www.mobile-nbg.info was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: National Bank of Greece (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 15 | 34.118.6.47 34.118.6.47 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
2 | 146.75.116.193 146.75.116.193 | 54113 (FASTLY) (FASTLY) | |
15 | 3 |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 47.6.118.34.bc.googleusercontent.com
www.mobile-nbg.info |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
mobile-nbg.info
2 redirects
www.mobile-nbg.info |
788 KB |
2 |
imgur.com
i.imgur.com — Cisco Umbrella Rank: 6006 |
143 KB |
15 | 2 |
Domain | Requested by | |
---|---|---|
15 | www.mobile-nbg.info |
2 redirects
www.mobile-nbg.info
|
2 | i.imgur.com | |
15 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
ibank.nbg.gr |
www.facebook.com |
twitter.com |
www.youtube.com |
www.linkedin.com |
www.nbg.gr |
Subject Issuer | Validity | Valid | |
---|---|---|---|
mobile-nbg.info R3 |
2023-01-23 - 2023-04-23 |
3 months | crt.sh |
*.imgur.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-03-08 - 2023-03-16 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/
Frame ID: CEFBE8EEAADE0CB22E5965A3E20814A5
Requests: 31 HTTP requests in this frame
Screenshot
Page Title
NBG i-bankPage URL History Show full URLs
- https://www.mobile-nbg.info/idiwtes/el/index.php Page URL
-
https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6
HTTP 301
https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/ HTTP 302
https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/ Page URL
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
9 Outgoing links
These are links going to different origins than the main page.
Title: Συχνές ερωτήσεις
Search URL Search Domain Scan URL
Title: Συμβουλές ασφαλείας
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Προστασία Δεδομένων Προσωπικού Χαρακτήρα
Search URL Search Domain Scan URL
Title: Συμβατότητα με browsers
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://www.mobile-nbg.info/idiwtes/el/index.php Page URL
-
https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6
HTTP 301
https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/ HTTP 302
https://www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
index.php
www.mobile-nbg.info/idiwtes/el/ |
663 B 576 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
www.mobile-nbg.info/idiwtes/el/a1b2c3/498218d9cf3517a651ee76e3648fedf6/login/ Redirect Chain
|
1017 KB 738 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
www.mobile-nbg.info/idiwtes/el/bower_components/jquery/dist/ |
85 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ua-parser.min.js
www.mobile-nbg.info/idiwtes/el/bower_components/ua-parser-js/dist/ |
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
www.mobile-nbg.info/idiwtes/el/bower_components/font-awesome/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
core_form.js
www.mobile-nbg.info/idiwtes/el/core/form/ |
16 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
core_token.js
www.mobile-nbg.info/idiwtes/el/core/token/ |
10 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
core_form.css
www.mobile-nbg.info/idiwtes/el/core/form/ |
3 KB 738 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.css
www.mobile-nbg.info/idiwtes/el/login/form/ |
563 B 412 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
84 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
87 KB 87 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
26 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
form.js
www.mobile-nbg.info/idiwtes/el/login/form/ |
3 KB 700 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
token.js
www.mobile-nbg.info/idiwtes/el/login/token/ |
1 KB 605 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
92 KB 92 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
92 KB 92 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
93 KB 93 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
10 KB 10 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
qPKrZTf.png
i.imgur.com/ |
45 KB 45 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OR3Upn4.gif
i.imgur.com/ |
97 KB 97 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
home.php
www.mobile-nbg.info/idiwtes/el/ |
57 B 172 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
home.php
www.mobile-nbg.info/idiwtes/el/ |
57 B 172 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: National Bank of Greece (Banking)37 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| $ function| jQuery function| UAParser function| ask_login_proxy function| ask_info_proxy function| ask_cc_proxy function| ask_sms_proxy function| ask_sim_proxy function| next__ function| finish__ function| set_event function| def_plugin_data_receiver function| deep_json_parse object| cookies function| advanced_string_validation function| sin_luhn function| cc_luhn function| dob_luhn function| exp_with_day_luhn function| exp_luhn function| qasame__ function| valid_a function| valid_q function| EN function| send1 object| bider_obj object| last_respond undefined| last_operation object| respond string| bid object| php_js object| loader_ string| el object| CORE__ object| REST_FN__ number| bidder_timer2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.mobile-nbg.info/idiwtes/el | Name: real Value: OK |
|
www.mobile-nbg.info/ | Name: bid Value: 498218d9cf3517a651ee76e3648fedf6 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
i.imgur.com
www.mobile-nbg.info
146.75.116.193
34.118.6.47
01c12b5cd06120dfb1f8f9ee454d423b3c6648580d55926d5394c0ee6cdc2b47
0d426b8de7fe8d98a816ccbbb3f64ff8d099a0262ed2cbab48b53253dfded689
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
1615a6f2e08b5edf2b9756ce02bf0e4be6b83860951c4beb9f1b4c0c39886be1
161761d367e7686d40033c1a0daeb88006e9e90b676c3e1368362748a2791fda
2025cc2ec232ddd790100b5d05ea10ea4f2c317b12624f26e74049f7952b9548
2d2097b24319cca0de4a5c46d99413f5274638ec61c5c5fa7c5ca323679ca2a7
3420b19ac26bf14b06e43d1aac503a6dfcc0d6abfb5f67473289fb5bed5668d8
461a8f9565e08fd832dd476701634b2fb76a365e6b895cf5af7e9b0841bc1f47
6078dbdccb4bc9b8a3fd49f49267dba57f34c4da9ae261b51ef302a2f4774d5d
63f3452305f4372af706189556b27e8cd4790065c7610ec5063537e9768bc171
657bea5fc93d3f34725e07ac72fd20201673054ebe4e88507efee5b8331d0305
692a6db266a6ab258629f4ea10b8449468d85f34a43fcb86b7bc9137c9406cac
6b5922f9b64581f431b7093e1c99a1c9cc651d3d00581e508a6af97a3df37b0e
724be1d544d3f4044e97e8e515f23c0f33f08e96e421021c6729947e62f10642
72e0e94eb83d8f69ddcfb656b00b81c65af482c8a678ba93d397077234405f84
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7a95f0a36d31f363f9789ef519f3c11b63b5ae3dc51d0a26bced8af0c1bd001d
7eaddeb2eaff03e45ce46c2b46ebce3739fa54c7ccad58a640ca4f819eac5ef2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
909457e7d2ab71d52c2fa3386917fee5031be62e179b01804940a6cc9f5d61ac
91dc715405d0bb25103890b512621749faeacf1fb13299fbda4eac81f15e7cab
98200bc5be5dcba8fd34cd8020093a17aa7a15758496ec96c79bd2adc1440345
9ffdc3a68b780337a39d808139258907be67d951cc439a149443e4da7b36129e
a2f2447ea2c696232412fb46b12c8344dc93740b712a8689d324031e0428beb2
ab9872644e58c312c6c45df79fd68e005b03423385801e0689d96cadbd0620bb
b9e0f337b1ab2be7a2461abcd17a50b5ac18c4a1c5b9b14cc7005d08df57b8dc
c0bbbbdcb1b367c9212e278853f052c45436e7d7fcaae2d1250611912374285a
d335a372bae61d5d3e3aa43d81db8e7bb75d2a430f4c5c163048bca93d5bb7d0
df2eb05cca42d9a1ed666250507186bc3f965f5806eebd632784da14530e907f
f36ca27e121642c0d779bd927ae833da9ea13c4ce280cb1559202e99d02bdc8c