nmifoods.com Open in urlscan Pro
208.91.198.178 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://nmifoods.com/v1.2/
Effective URL:
https://nmifoods.com/v1.2/
Submission: On May 24 via api (May 24th 2024, 1:53:37 pm UTC) from CN — Scanned from DE

Summary HTTP 17 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 17 HTTP transactions. The main IP is 208.91.198.178, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is nmifoods.com.
TLS certificate: Issued by R3 on April 27th 2024. Valid for: 3 months.

This is the only time nmifoods.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: HSBC (Banking)

Domain & IP information

	IP Address	AS Autonomous System
13	208.91.198.178 208.91.198.178	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	18.66.192.123 18.66.192.123	16509 (AMAZON-02) (AMAZON-02)
17	4

13 208.91.198.178 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 208-91-198-178.unifiedlayer.com

nmifoods.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.192.123 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-192-123.muc50.r.cloudfront.net

www.hsbc.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	nmifoods.com nmifoods.com	454 KB
2	hsbc.co.uk www.hsbc.co.uk — Cisco Umbrella Rank: 63621	4 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 237	29 KB
0	hsbc.com Failed www.us.hsbc.com Failed
17	4

	Domain	Requested by
13	nmifoods.com	cdnjs.cloudflare.com nmifoods.com
2	www.hsbc.co.uk	nmifoods.com
1	cdnjs.cloudflare.com	nmifoods.com
0	www.us.hsbc.com Failed	nmifoods.com
17	4

This site contains links to these domains. Also see Links.

Domain
www.hsbc.co.uk
www.business.hsbc.co.uk
uk-sit.hsbc.com.hk
www.about.hsbc.co.uk

Subject Issuer	Validity	Valid
*.nmifoods.com R3	`2024-04-27` - `2024-07-26`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
www.hsbc.co.uk DigiCert EV RSA CA G2	`2024-05-24` - `2024-09-15`	4 months	crt.sh

This page contains 1 frames:

Primary Page: https://nmifoods.com/v1.2/
Frame ID: 594AADD60A04522C921A10DBDF9E6453
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Welcome to Online Banking | Log on | HSBC

Page URL History Show full URLs

http://nmifoods.com/v1.2/ HTTP 307
https://nmifoods.com/v1.2/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

94 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

487 kB
Transfer

1645 kB
Size

0
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://www.hsbc.co.uk/

Search URL Search Domain Scan URL

URL: http://www.business.hsbc.co.uk/
Title: Business Opens in new window

Search URL Search Domain Scan URL

URL: https://www.hsbc.co.uk/register/
Title: Register

Search URL Search Domain Scan URL

URL: https://uk-sit.hsbc.com.hk/bin/dsp/postback.html?url=/content/hsbc/gb/en_gb/security/log-off
Title: Logoff

Search URL Search Domain Scan URL

URL: https://www.hsbc.co.uk/help/
Title: Help & Support

Search URL Search Domain Scan URL

URL: https://www.hsbc.co.uk/help/security-centre/
Title: Staying safe online

Search URL Search Domain Scan URL

URL: https://www.hsbc.co.uk/ways-to-bank/mobile/
Title: Find out more about Mobile Banking

Search URL Search Domain Scan URL

URL: https://www.about.hsbc.co.uk/
Title: About HSBC

Search URL Search Domain Scan URL

URL: https://www.hsbc.co.uk/legal/
Title: Legal

Search URL Search Domain Scan URL

URL: https://www.hsbc.co.uk/privacy-notice/
Title: Privacy Notice

Search URL Search Domain Scan URL

URL: https://www.hsbc.co.uk/cookie-notice/
Title: Cookie Policy

Search URL Search Domain Scan URL

URL: https://www.hsbc.co.uk/accessibility/
Title: Accessibility

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://nmifoods.com/v1.2/ HTTP 307
https://nmifoods.com/v1.2/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
nmifoods.com/v1.2/
Redirect Chain

http://nmifoods.com/v1.2/
https://nmifoods.com/v1.2/

3 KB
2 KB

976ms
206ms

Document
text/html

208.91.198.178
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://nmifoods.com/v1.2/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.91.198.178 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 208-91-198-178.unifiedlayer.com
Software: Apache /
Resource Hash: 07577ff26e8da231756ad7763075eca1a3f34c656765961964d2dc8e3c80b7b7

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
content-encoding: gzip
content-length: 1479
content-type: text/html
date: Fri, 24 May 2024 13:53:31 GMT
last-modified: Fri, 23 Feb 2024 23:37:10 GMT
server: Apache
vary: Accept-Encoding

Redirect headers

Location: https://nmifoods.com/v1.2/
Non-Authoritative-Reason: HttpsUpgrades

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/ 90 KB
29 KB 122ms
72ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Host: nmifoods.com
URL: https://nmifoods.com/v1.2/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nmifoods.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 24 May 2024 13:53:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2567094
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 29363
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-169d5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CQYUGPMfUcx3pI8cymOP19tAvxyoJ1SlU6L3H7vvdzz2x2WgjsKixz6m%2BC6azoFaJvt9pDvlzR7jVJVyNKhaQe%2F4Bb6FxtxeYqKLwNOnm%2F%2FytO1aXe7PL8o9tXrJR5%2B9whjwyRog"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 888dc5c00ae7929f-FRA
expires: Wed, 14 May 2025 13:53:32 GMT

POST
H2 200 _mjx3_.php Show response
nmifoods.com/v1.2/ 950 KB
113 KB 412ms
411ms XHR
text/html 208.91.198.178
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://nmifoods.com/v1.2/_mjx3_.php?_do=layout&email=
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.91.198.178 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 208-91-198-178.unifiedlayer.com
Software: Apache /
Resource Hash: 8c700180b286e567c3f54683156e860ce4413ca59e3ae8a442f9cef89392a3cf

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: */*
Referer: https://nmifoods.com/v1.2/
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Fri, 24 May 2024 13:53:32 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 favicon.ico
nmifoods.com/v1.2/assets/ 15 KB
15 KB 207ms
204ms Other
image/x-icon 208.91.198.178
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://nmifoods.com/v1.2/assets/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.91.198.178 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 208-91-198-178.unifiedlayer.com
Software: Apache /
Resource Hash: 6792c4c37672b1a8d6c2842f403c70c85f3b66f3ebaa434b816b5cd25203113b

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nmifoods.com/v1.2/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 24 May 2024 13:53:32 GMT
last-modified: Thu, 22 Feb 2024 05:36:38 GMT
server: Apache
content-type: image/x-icon
cache-control: max-age=604800
accept-ranges: bytes
content-length: 15086
expires: Fri, 31 May 2024 13:53:32 GMT

GET
H2 200 clientlib-all.min.d5b2187e9c840dd357fb9549e6baaf62.css
nmifoods.com/v1.2/assets/b/ 120 KB
83 KB 206ms
205ms Stylesheet
text/css 208.91.198.178
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://nmifoods.com/v1.2/assets/b/clientlib-all.min.d5b2187e9c840dd357fb9549e6baaf62.css
Requested by: Host: nmifoods.com
URL: https://nmifoods.com/v1.2/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.91.198.178 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 208-91-198-178.unifiedlayer.com
Software: Apache /
Resource Hash: ca544ba85d60287eb39676d0e471681332bf82921a7f8149c73823cb7d7e9893

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nmifoods.com/v1.2/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 24 May 2024 13:53:33 GMT
content-encoding: gzip
last-modified: Fri, 23 Feb 2024 04:15:48 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/css

GET
H2 200 hsbc-uk.svg
www.hsbc.co.uk/content/dam/hsbc/gb/images/logos/ 2 KB
1 KB 173ms
46ms Image
image/svg+xml 18.66.192.123
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsbc.co.uk/content/dam/hsbc/gb/images/logos/hsbc-uk.svg

Requested by

Host: nmifoods.com
URL: https://nmifoods.com/v1.2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.192.123 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-192-123.muc50.r.cloudfront.net

Software

Apache /

Resource Hash

42136cbd91f2a29bb206b47286b6a83a4e5b74cd1a7e25cb943b8b23944f2e08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nmifoods.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 16:40:45 GMT
strict-transport-security: max-age=31536000; includeSubdomains
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 5cc4b35b46cb9b55d49e7f47442e6838.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P1
age: 249168
x-cache: Hit from cloudfront
content-length: 1029
x-xss-protection: 1; mode=block
last-modified: Tue, 21 May 2024 12:44:49 GMT
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=2592000, s-maxage=2592000
accept-ranges: bytes
s: dispatcher2euwest1
x-amz-cf-id: g5vJlOor4aqTS_QDmboGDkGCJeh5tOOANapqBy7b9KSmziJ9g6q6ig==

GET
H2 200 protecting_your_money.ffdff6755bec3c8aee99816429803b87.png
nmifoods.com/v1.2/assets/ 35 KB
35 KB 210ms
209ms Image
image/png 208.91.198.178
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nmifoods.com/v1.2/assets/protecting_your_money.ffdff6755bec3c8aee99816429803b87.png
Requested by: Host: nmifoods.com
URL: https://nmifoods.com/v1.2/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.91.198.178 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 208-91-198-178.unifiedlayer.com
Software: Apache /
Resource Hash: 716bbc7e83501eb347075c70dfda794c30ac7ff6ab2f39b00b0b600ee095a4e8

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nmifoods.com/v1.2/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 24 May 2024 13:53:33 GMT
last-modified: Thu, 22 Feb 2024 05:52:58 GMT
server: Apache
accept-ranges: bytes
content-length: 35461
content-type: image/png

GET
H2 200 keep_your_money_safe@2x.fcb562e9d8fb963c01c35a2d8d569d65.png
nmifoods.com/v1.2/assets/ 8 KB
8 KB 210ms
209ms Image
image/png 208.91.198.178
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nmifoods.com/v1.2/assets/keep_your_money_safe@2x.fcb562e9d8fb963c01c35a2d8d569d65.png
Requested by: Host: nmifoods.com
URL: https://nmifoods.com/v1.2/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.91.198.178 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 208-91-198-178.unifiedlayer.com
Software: Apache /
Resource Hash: 746c1ed111f1677222ea68df3dfa62a0bb2c769604cd16543437b388b67ea01a

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nmifoods.com/v1.2/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 24 May 2024 13:53:33 GMT
last-modified: Thu, 22 Feb 2024 05:53:18 GMT
server: Apache
accept-ranges: bytes
content-length: 8528
content-type: image/png

GET
H2 200 Transmitmain.min.e0b19721c3473004e230.css
nmifoods.com/v1.2/assets/b/ 260 KB
69 KB 211ms
210ms Stylesheet
text/css 208.91.198.178
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://nmifoods.com/v1.2/assets/b/Transmitmain.min.e0b19721c3473004e230.css
Requested by: Host: nmifoods.com
URL: https://nmifoods.com/v1.2/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.91.198.178 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 208-91-198-178.unifiedlayer.com
Software: Apache /
Resource Hash: d45a6fcf975da20a9f76220b3e8b8a0d88c992eac53833acf0fe417ae018bbc2

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nmifoods.com/v1.2/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 24 May 2024 13:53:33 GMT
content-encoding: gzip
last-modified: Fri, 23 Feb 2024 04:17:22 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/css

GET
H2 200 clientlib-all.min.5c23575dd2a45b73c671a7797acc5d2d.css
nmifoods.com/v1.2/assets/b/ 112 KB
80 KB 210ms
210ms Stylesheet
text/css 208.91.198.178
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://nmifoods.com/v1.2/assets/b/clientlib-all.min.5c23575dd2a45b73c671a7797acc5d2d.css
Requested by: Host: nmifoods.com
URL: https://nmifoods.com/v1.2/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.91.198.178 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 208-91-198-178.unifiedlayer.com
Software: Apache /
Resource Hash: 2e18527352dce080a44fb0a8a140e706a836061534ef389e17b39cea3ed12dbc

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nmifoods.com/v1.2/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 24 May 2024 13:53:33 GMT
content-encoding: gzip
last-modified: Fri, 23 Feb 2024 04:25:28 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/css

GET
H2 200 chat-icon-global-32.png
www.hsbc.co.uk/content/dam/hsbc/gb/images/live-chat/ 2 KB
2 KB 172ms
47ms Image
image/png 18.66.192.123
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsbc.co.uk/content/dam/hsbc/gb/images/live-chat/chat-icon-global-32.png

Requested by

Host: nmifoods.com
URL: https://nmifoods.com/v1.2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.192.123 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-192-123.muc50.r.cloudfront.net

Software

Apache /

Resource Hash

031767d25a9ef69b4c86d47c6cf92152eb22fee2799b13f8807223bd08647a69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nmifoods.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 13:54:57 GMT
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 5cc4b35b46cb9b55d49e7f47442e6838.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P1
age: 172716
x-cache: Hit from cloudfront
content-length: 1800
x-xss-protection: 1; mode=block
last-modified: Wed, 22 May 2024 13:06:48 GMT
server: Apache
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000, s-maxage=2592000
accept-ranges: bytes
s: dispatcher2euwest1
x-amz-cf-id: TUeXfJFTtXeDKfs0hHDpcKIEsVSMouRQZznq7LQdT4Y6f_vR9xaoCA==

GET
H2 404 chevron_down_thick.svg
nmifoods.com/v1.2/assets/b/assets/images/ 583 B
583 B 204ms
204ms Image
text/html 208.91.198.178
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nmifoods.com/v1.2/assets/b/assets/images/chevron_down_thick.svg
Requested by: Host: nmifoods.com
URL: https://nmifoods.com/v1.2/assets/b/clientlib-all.min.d5b2187e9c840dd357fb9549e6baaf62.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.91.198.178 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 208-91-198-178.unifiedlayer.com
Software: Apache /
Resource Hash: 50e0767f2731da7ddb56d719dc85a7f830c4a860d8f09d0f25401d3dc7097d7d

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nmifoods.com/v1.2/assets/b/clientlib-all.min.d5b2187e9c840dd357fb9549e6baaf62.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 24 May 2024 13:53:33 GMT
content-encoding: gzip
last-modified: Tue, 15 Mar 2022 22:07:43 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
accept-ranges: bytes
content-length: 355

GET
H2 200 UniversNextforHSBC-Regular.woff
nmifoods.com/v1.2/assets/ 26 KB
26 KB 204ms
203ms Font
font/woff 208.91.198.178
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://nmifoods.com/v1.2/assets/UniversNextforHSBC-Regular.woff
Requested by: Host: nmifoods.com
URL: https://nmifoods.com/v1.2/assets/b/clientlib-all.min.5c23575dd2a45b73c671a7797acc5d2d.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.91.198.178 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 208-91-198-178.unifiedlayer.com
Software: Apache /
Resource Hash: f2c9f8279b2f7f4864ff4a2685306c9d978a30b82d0c396ed20752f22374c82f

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nmifoods.com/v1.2/assets/b/clientlib-all.min.5c23575dd2a45b73c671a7797acc5d2d.css
Origin: https://nmifoods.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 24 May 2024 13:53:33 GMT
last-modified: Thu, 22 Feb 2024 11:20:44 GMT
server: Apache
accept-ranges: bytes
content-length: 26196
content-type: font/woff

GET /
www.us.hsbc.com/customer-service/contact-us/ 0
0

GET
H2 200 HSBCIcon-Font.woff
nmifoods.com/v1.2/assets/ 23 KB
23 KB 204ms
203ms Font
font/woff 208.91.198.178
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://nmifoods.com/v1.2/assets/HSBCIcon-Font.woff
Requested by: Host: nmifoods.com
URL: https://nmifoods.com/v1.2/assets/b/clientlib-all.min.5c23575dd2a45b73c671a7797acc5d2d.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.91.198.178 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 208-91-198-178.unifiedlayer.com
Software: Apache /
Resource Hash: e9a3b36151838b0f414f746033f07a79989e9b4bbe327190e395ffe631ff7a31

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nmifoods.com/v1.2/assets/b/clientlib-all.min.5c23575dd2a45b73c671a7797acc5d2d.css
Origin: https://nmifoods.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 24 May 2024 13:53:33 GMT
last-modified: Thu, 22 Feb 2024 11:20:36 GMT
server: Apache
accept-ranges: bytes
content-length: 23724
content-type: font/woff

GET
H2 404 HSBCIcon-Font.woff
nmifoods.com/v1.2/assets/b/assets/fonts/HSBCIcon-Font/ 0
0 205ms
205ms Font
text/html 208.91.198.178
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://nmifoods.com/v1.2/assets/b/assets/fonts/HSBCIcon-Font/HSBCIcon-Font.woff
Requested by: Host: nmifoods.com
URL: https://nmifoods.com/v1.2/assets/b/clientlib-all.min.d5b2187e9c840dd357fb9549e6baaf62.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.91.198.178 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 208-91-198-178.unifiedlayer.com
Software: Apache /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nmifoods.com/v1.2/assets/b/clientlib-all.min.d5b2187e9c840dd357fb9549e6baaf62.css
Origin: https://nmifoods.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 24 May 2024 13:53:33 GMT
content-encoding: gzip
last-modified: Tue, 15 Mar 2022 22:07:43 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
accept-ranges: bytes
content-length: 355

GET
H2 404 HSBCIcon-Font.ttf
nmifoods.com/v1.2/assets/b/assets/fonts/HSBCIcon-Font/ 0
0 206ms
206ms Font
text/html 208.91.198.178
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://nmifoods.com/v1.2/assets/b/assets/fonts/HSBCIcon-Font/HSBCIcon-Font.ttf
Requested by: Host: nmifoods.com
URL: https://nmifoods.com/v1.2/assets/b/clientlib-all.min.d5b2187e9c840dd357fb9549e6baaf62.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.91.198.178 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 208-91-198-178.unifiedlayer.com
Software: Apache /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://nmifoods.com/v1.2/assets/b/clientlib-all.min.d5b2187e9c840dd357fb9549e6baaf62.css
Origin: https://nmifoods.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 24 May 2024 13:53:34 GMT
content-encoding: gzip
last-modified: Tue, 15 Mar 2022 22:07:43 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
accept-ranges: bytes
content-length: 355

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.us.hsbc.com
URL: https://www.us.hsbc.com/customer-service/contact-us/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: HSBC (Banking)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	warning	URL: https://nmifoods.com/v1.2/ Message: [DOM] Found 3 elements with non-unique id #frm_offlineOtp: (More info: https://goo.gl/9p2vKq) %o %o %o
network	error	URL: https://nmifoods.com/v1.2/assets/b/assets/images/chevron_down_thick.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://nmifoods.com/v1.2/assets/b/assets/fonts/HSBCIcon-Font/HSBCIcon-Font.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://nmifoods.com/v1.2/assets/b/assets/fonts/HSBCIcon-Font/HSBCIcon-Font.ttf Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
nmifoods.com
www.hsbc.co.uk
www.us.hsbc.com
www.us.hsbc.com
104.17.25.14
18.66.192.123
208.91.198.178
031767d25a9ef69b4c86d47c6cf92152eb22fee2799b13f8807223bd08647a69
07577ff26e8da231756ad7763075eca1a3f34c656765961964d2dc8e3c80b7b7
2e18527352dce080a44fb0a8a140e706a836061534ef389e17b39cea3ed12dbc
42136cbd91f2a29bb206b47286b6a83a4e5b74cd1a7e25cb943b8b23944f2e08
50e0767f2731da7ddb56d719dc85a7f830c4a860d8f09d0f25401d3dc7097d7d
6792c4c37672b1a8d6c2842f403c70c85f3b66f3ebaa434b816b5cd25203113b
716bbc7e83501eb347075c70dfda794c30ac7ff6ab2f39b00b0b600ee095a4e8
746c1ed111f1677222ea68df3dfa62a0bb2c769604cd16543437b388b67ea01a
8c700180b286e567c3f54683156e860ce4413ca59e3ae8a442f9cef89392a3cf
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
ca544ba85d60287eb39676d0e471681332bf82921a7f8149c73823cb7d7e9893
d45a6fcf975da20a9f76220b3e8b8a0d88c992eac53833acf0fe417ae018bbc2
e9a3b36151838b0f414f746033f07a79989e9b4bbe327190e395ffe631ff7a31
f2c9f8279b2f7f4864ff4a2685306c9d978a30b82d0c396ed20752f22374c82f

nmifoods.com Open in urlscan Pro 208.91.198.178 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

94 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

487 kBTransfer

1645 kBSize

0 Cookies

12 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

0 Cookies

4 Console Messages

Indicators

nmifoods.com Open in urlscan Pro
208.91.198.178 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

94 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

487 kB
Transfer

1645 kB
Size

0
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!