bnppirabas.pl Open in urlscan Pro
77.91.68.201 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://bnppirabas.pl/
Effective URL:
https://bnppirabas.pl/
Submission: On June 09 via automatic, source phishtank (June 9th 2023, 11:22:04 pm UTC) — Scanned from PL

Summary HTTP 20 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 20 HTTP transactions. The main IP is 77.91.68.201, located in Helsinki, Finland and belongs to ALTAWK, UA. The main domain is bnppirabas.pl.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on June 8th 2023. Valid for: 3 months.

This is the only time bnppirabas.pl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BNP Paribas (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 20	77.91.68.201 77.91.68.201	203727 (ALTAWK) (ALTAWK)
1 2	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
20	2

20 77.91.68.201 (Helsinki, Finland) 1 redirects

ASN203727 (ALTAWK, UA)
PTR: vps3609.altawk.network

bnppirabas.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.139.128.10 (United States) 1 redirects

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

cdn.mouseflow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	bnppirabas.pl 1 redirects bnppirabas.pl	2 MB
2	mouseflow.com 1 redirects cdn.mouseflow.com — Cisco Umbrella Rank: 7357	55 KB
20	2

	Domain	Requested by
20	bnppirabas.pl	1 redirects bnppirabas.pl
2	cdn.mouseflow.com	1 redirects bnppirabas.pl
20	2

This site contains links to these domains. Also see Links.

Domain
www.bnpparibas.pl
video-chat.bnpparibas.pl
goonline.bnpparibas.pl

Subject Issuer	Validity	Valid
bnppirabas.pl ZeroSSL RSA Domain Secure Site CA	`2023-06-08` - `2023-09-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://bnppirabas.pl/
Frame ID: F38C9D7BE05CD2BFEE28DE989F1CA507
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Zaloguj się do GOonline | BNP Paribas Bank Polska S.A.

Page URL History Show full URLs

http://bnppirabas.pl/ HTTP 301
https://bnppirabas.pl/ Page URL

Detected technologies

Django (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

(?:powered by <a[^>]+>Django ?([\d.]+)?<\/a>|<input[^>]*name=["']csrfmiddlewaretoken["'][^>]*>)

Mouse Flow (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.mouseflow\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

20
Requests

95 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

2362 kB
Transfer

2502 kB
Size

1
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bnpparibas.pl/klienci-indywidualni/bankowosc-internetowa/goonline
Title: Poznaj GOonline

Search URL Search Domain Scan URL

URL: https://video-chat.bnpparibas.pl/bnp-video/?mediachannel=4
Title: Masz pytania dotyczące GOonline?

Search URL Search Domain Scan URL

URL: https://www.bnpparibas.pl/o-banku/nagrody-i-wyroznienia
Title: Dowiedz się więcej

Search URL Search Domain Scan URL

URL: https://www.bnpparibas.pl/kontakt/oddzialy-z-obsluga-detaliczna-i-biznesowa?type=department_retail_business
Title: Oddziały

Search URL Search Domain Scan URL

URL: https://www.bnpparibas.pl/bezpieczenstwo
Title: Bezpieczeństwo

Search URL Search Domain Scan URL

URL: https://goonline.bnpparibas.pl/gateway/api/auth/new-user
Title: Nie mam loginu

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bnppirabas.pl/ HTTP 301
https://bnppirabas.pl/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18

https://cdn.mouseflow.com/projects/fbdfaa95-7e3c-4d8f-9231-665e8d0604ee.js HTTP 301
https://cdn.mouseflow.com/projects/fbdfaa95-7e3c-4d8f-9231-665e8d0604ee_eu.js

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
bnppirabas.pl/
Redirect Chain

http://bnppirabas.pl/
https://bnppirabas.pl/

16 KB
5 KB

264ms
65ms

Document
text/html

77.91.68.201
ALTAWK

General

Check archive.org

Show headers Download Go to

Full URL

https://bnppirabas.pl/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

77.91.68.201 Helsinki, Finland, ASN203727 (ALTAWK, UA),

Reverse DNS

vps3609.altawk.network

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

081bc41744313201195cef407aa0dee0de9b2ae8f753b49aa0dcb83e538ddd97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Date: Fri, 09 Jun 2023 23:21:57 GMT
Referrer-Policy: same-origin
Server: nginx/1.18.0 (Ubuntu)
Transfer-Encoding: chunked
Vary: Cookie
X-Content-Type-Options: nosniff
X-Frame-Options: DENY

Redirect headers

Connection: keep-alive
Content-Length: 178
Content-Type: text/html
Date: Fri, 09 Jun 2023 23:21:57 GMT
Location: https://bnppirabas.pl/
Server: nginx/1.18.0 (Ubuntu)

GET
H/1.1 200
OK style.min.css
bnppirabas.pl/static/css/ 1 KB
2 KB 65ms
64ms Stylesheet
text/css 77.91.68.201
ALTAWK

General

Check archive.org

Show headers Download Go to

Full URL: https://bnppirabas.pl/static/css/style.min.css
Requested by: Host: bnppirabas.pl
URL: https://bnppirabas.pl/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 77.91.68.201 Helsinki, Finland, ASN203727 (ALTAWK, UA),
Reverse DNS: vps3609.altawk.network
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 6330d16589cfc01bfb8b11c4a333a42f77e21d063bbec6050401fc2e12fb871c

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://bnppirabas.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Fri, 09 Jun 2023 23:21:58 GMT
Last-Modified: Sat, 03 Jun 2023 13:49:57 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Disposition: inline; filename="style.min.css"
Content-Length: 1421
Content-Type: text/css

GET
H/1.1 200
OK jquery-3.3.1.min.js Show response
bnppirabas.pl/static/js/ 85 KB
85 KB 252ms
126ms Script
text/javascript 77.91.68.201
ALTAWK

General

Check archive.org

Show headers Download Go to

Full URL: https://bnppirabas.pl/static/js/jquery-3.3.1.min.js
Requested by: Host: bnppirabas.pl
URL: https://bnppirabas.pl/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 77.91.68.201 Helsinki, Finland, ASN203727 (ALTAWK, UA),
Reverse DNS: vps3609.altawk.network
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://bnppirabas.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Fri, 09 Jun 2023 23:21:58 GMT
Last-Modified: Sat, 03 Jun 2023 13:50:06 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Disposition: inline; filename="jquery-3.3.1.min.js"
Content-Length: 86927
Content-Type: text/javascript

GET
H/1.1 200
OK site.js Show response
bnppirabas.pl/static/js/ 230 B
488 B 195ms
65ms Script
text/javascript 77.91.68.201
ALTAWK

General

Check archive.org

Show headers Download Go to

Full URL: https://bnppirabas.pl/static/js/site.js
Requested by: Host: bnppirabas.pl
URL: https://bnppirabas.pl/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 77.91.68.201 Helsinki, Finland, ASN203727 (ALTAWK, UA),
Reverse DNS: vps3609.altawk.network
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 33f35692fd57e7407f9a7a650fcc5cc12b828824f44f8f2c4d133323d87b3c11

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://bnppirabas.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Fri, 09 Jun 2023 23:21:58 GMT
Last-Modified: Sat, 03 Jun 2023 13:50:06 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Disposition: inline; filename="site.js"
Content-Length: 230
Content-Type: text/javascript

GET
H/1.1 200
OK preloder.css
bnppirabas.pl/static/css/ 1 KB
1 KB 129ms
64ms Stylesheet
text/css 77.91.68.201
ALTAWK

General

Check archive.org

Show headers Download Go to

Full URL: https://bnppirabas.pl/static/css/preloder.css
Requested by: Host: bnppirabas.pl
URL: https://bnppirabas.pl/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 77.91.68.201 Helsinki, Finland, ASN203727 (ALTAWK, UA),
Reverse DNS: vps3609.altawk.network
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: f79d9b40598a91960754751f5c8060152dda9c544e111e0a9c71fbf48e0fdbf7

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://bnppirabas.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Fri, 09 Jun 2023 23:21:58 GMT
Last-Modified: Tue, 06 Jun 2023 17:42:18 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Disposition: inline; filename="preloder.css"
Content-Length: 1038
Content-Type: text/css

GET
H/1.1 200
OK preloadinator.js Show response
bnppirabas.pl/static/js/ 2 KB
2 KB 194ms
66ms Script
text/javascript 77.91.68.201
ALTAWK

General

Check archive.org

Show headers Download Go to

Full URL: https://bnppirabas.pl/static/js/preloadinator.js
Requested by: Host: bnppirabas.pl
URL: https://bnppirabas.pl/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 77.91.68.201 Helsinki, Finland, ASN203727 (ALTAWK, UA),
Reverse DNS: vps3609.altawk.network
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 64207e28237841b1b76168e0fc1d30527afedd17722c9fb0e1956c039cf8a1b3

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://bnppirabas.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Fri, 09 Jun 2023 23:21:58 GMT
Last-Modified: Sat, 03 Jun 2023 13:50:06 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Disposition: inline; filename="preloadinator.js"
Content-Length: 1703
Content-Type: text/javascript

GET
H/1.1 200
OK main.css
bnppirabas.pl/static/css/ 46 KB
46 KB 251ms
127ms Stylesheet
text/css 77.91.68.201
ALTAWK

General

Check archive.org

Show headers Download Go to

Full URL: https://bnppirabas.pl/static/css/main.css
Requested by: Host: bnppirabas.pl
URL: https://bnppirabas.pl/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 77.91.68.201 Helsinki, Finland, ASN203727 (ALTAWK, UA),
Reverse DNS: vps3609.altawk.network
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3941ca5704046af7f9ca877b714d6203ff6edc2753b738d75b935d0557007b55

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://bnppirabas.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Fri, 09 Jun 2023 23:21:58 GMT
Last-Modified: Sat, 03 Jun 2023 13:49:56 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Disposition: inline; filename="main.css"
Content-Length: 47192
Content-Type: text/css

GET
H/1.1 200
OK logo.png
bnppirabas.pl/static/img/ 160 KB
161 KB 67ms
66ms Image
image/png 77.91.68.201
ALTAWK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bnppirabas.pl/static/img/logo.png
Requested by: Host: bnppirabas.pl
URL: https://bnppirabas.pl/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 77.91.68.201 Helsinki, Finland, ASN203727 (ALTAWK, UA),
Reverse DNS: vps3609.altawk.network
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 07f2efdd0a170a4dfa9e9911e25e2e3087dc1fbeab18d9c88bd2c26fc03ff87a

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://bnppirabas.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Fri, 09 Jun 2023 23:21:58 GMT
Last-Modified: Sat, 03 Jun 2023 13:50:04 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Disposition: inline; filename="logo.png"
Content-Length: 164249
Content-Type: image/png

GET
H/1.1 200
OK the-banker-poland.png
bnppirabas.pl/static/img/ 2 KB
2 KB 66ms
66ms Image
image/png 77.91.68.201
ALTAWK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bnppirabas.pl/static/img/the-banker-poland.png
Requested by: Host: bnppirabas.pl
URL: https://bnppirabas.pl/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 77.91.68.201 Helsinki, Finland, ASN203727 (ALTAWK, UA),
Reverse DNS: vps3609.altawk.network
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 1ad43cd69ab87d44698b331a63932599e614c77028ff26f4e856588a7700f384

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://bnppirabas.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Fri, 09 Jun 2023 23:21:58 GMT
Last-Modified: Sat, 03 Jun 2023 13:50:04 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Disposition: inline; filename="the-banker-poland.png"
Content-Length: 1597
Content-Type: image/png

GET
H/1.1 200
OK retail.83b99448ac7488de.css
bnppirabas.pl/static/css/ 1 MB
1 MB 65ms
65ms Stylesheet
text/css 77.91.68.201
ALTAWK

General

Check archive.org

Show headers Download Go to

Full URL: https://bnppirabas.pl/static/css/retail.83b99448ac7488de.css
Requested by: Host: bnppirabas.pl
URL: https://bnppirabas.pl/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 77.91.68.201 Helsinki, Finland, ASN203727 (ALTAWK, UA),
Reverse DNS: vps3609.altawk.network
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: f02d4862e9e9a8290315b25e7513277604f9c86ca0b0654573177cfa14f382f3

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://bnppirabas.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Fri, 09 Jun 2023 23:21:58 GMT
Last-Modified: Tue, 06 Jun 2023 17:47:41 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Disposition: inline; filename="retail.83b99448ac7488de.css"
Content-Length: 1312934
Content-Type: text/css

GET
H/1.1 200
OK bnp-paribas-logo-full.svg
bnppirabas.pl/static/img/ 22 KB
22 KB 64ms
64ms Image
image/svg+xml 77.91.68.201
ALTAWK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bnppirabas.pl/static/img/bnp-paribas-logo-full.svg
Requested by: Host: bnppirabas.pl
URL: https://bnppirabas.pl/static/css/retail.83b99448ac7488de.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 77.91.68.201 Helsinki, Finland, ASN203727 (ALTAWK, UA),
Reverse DNS: vps3609.altawk.network
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 88f246e3938e92d4b1a93b93cf636c856a302f4ace772ef42591d877ee5ef5d5

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://bnppirabas.pl/static/css/retail.83b99448ac7488de.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Fri, 09 Jun 2023 23:21:59 GMT
Last-Modified: Sat, 03 Jun 2023 13:49:59 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Disposition: inline; filename="bnp-paribas-logo-full.svg"
Content-Length: 22524
Content-Type: image/svg+xml

GET
H/1.1 200
OK login-bg.jpg
bnppirabas.pl/static/img/ 490 KB
491 KB 66ms
65ms Image
image/jpeg 77.91.68.201
ALTAWK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bnppirabas.pl/static/img/login-bg.jpg
Requested by: Host: bnppirabas.pl
URL: https://bnppirabas.pl/static/css/retail.83b99448ac7488de.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 77.91.68.201 Helsinki, Finland, ASN203727 (ALTAWK, UA),
Reverse DNS: vps3609.altawk.network
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 88f2f32e046ea812a5607ebcc895f0bab1561cd09346e5f1b20f90fd813a6268

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://bnppirabas.pl/static/css/retail.83b99448ac7488de.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Fri, 09 Jun 2023 23:21:59 GMT
Last-Modified: Sat, 03 Jun 2023 13:50:04 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Disposition: inline; filename="login-bg.jpg"
Content-Length: 502213
Content-Type: image/jpeg

GET
H/1.1 200
OK flag-pl.svg
bnppirabas.pl/static/img/ 252 B
512 B 64ms
64ms Image
image/svg+xml 77.91.68.201
ALTAWK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bnppirabas.pl/static/img/flag-pl.svg
Requested by: Host: bnppirabas.pl
URL: https://bnppirabas.pl/static/css/retail.83b99448ac7488de.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 77.91.68.201 Helsinki, Finland, ASN203727 (ALTAWK, UA),
Reverse DNS: vps3609.altawk.network
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: ce198ebb9d21b8485609a5cb1c46c625e8070f2e1c2404134dc4c16ddc9f4327

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://bnppirabas.pl/static/css/retail.83b99448ac7488de.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Fri, 09 Jun 2023 23:21:59 GMT
Last-Modified: Sat, 03 Jun 2023 13:50:03 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Disposition: inline; filename="flag-pl.svg"
Content-Length: 252
Content-Type: image/svg+xml

GET
H/1.1 200
OK norton.png
bnppirabas.pl/static/img/ 5 KB
5 KB 154ms
152ms Image
image/png 77.91.68.201
ALTAWK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bnppirabas.pl/static/img/norton.png
Requested by: Host: bnppirabas.pl
URL: https://bnppirabas.pl/static/css/retail.83b99448ac7488de.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 77.91.68.201 Helsinki, Finland, ASN203727 (ALTAWK, UA),
Reverse DNS: vps3609.altawk.network
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 69d0396ad6ad2716e3cb74ef58891ed26896b9704eadda4d2bb325ba2de4feaa

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://bnppirabas.pl/static/css/retail.83b99448ac7488de.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Fri, 09 Jun 2023 23:21:59 GMT
Last-Modified: Sat, 03 Jun 2023 13:50:04 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Disposition: inline; filename="norton.png"
Content-Length: 4759
Content-Type: image/png

GET
H/1.1 200
OK bnpp_sans.woff
bnppirabas.pl/static/img/ 54 KB
54 KB 137ms
135ms Font
font/woff 77.91.68.201
ALTAWK

General

Check archive.org

Show headers Download Go to

Full URL: https://bnppirabas.pl/static/img/bnpp_sans.woff
Requested by: Host: bnppirabas.pl
URL: https://bnppirabas.pl/static/css/retail.83b99448ac7488de.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 77.91.68.201 Helsinki, Finland, ASN203727 (ALTAWK, UA),
Reverse DNS: vps3609.altawk.network
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3ad317867dbc668f3e6dacfa4c17870a9affaa520346201b394810564e214e7c

Request headers

Referer: https://bnppirabas.pl/static/css/retail.83b99448ac7488de.css
Origin: https://bnppirabas.pl
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Fri, 09 Jun 2023 23:21:59 GMT
Last-Modified: Sat, 03 Jun 2023 13:49:59 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Disposition: inline; filename="bnpp_sans.woff"
Content-Length: 54856
Content-Type: font/woff

GET
H/1.1 200
OK iconfont.woff2
bnppirabas.pl/static/img/ 31 KB
31 KB 138ms
136ms Font
font/woff2 77.91.68.201
ALTAWK

General

Check archive.org

Show headers Download Go to

Full URL: https://bnppirabas.pl/static/img/iconfont.woff2
Requested by: Host: bnppirabas.pl
URL: https://bnppirabas.pl/static/css/retail.83b99448ac7488de.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 77.91.68.201 Helsinki, Finland, ASN203727 (ALTAWK, UA),
Reverse DNS: vps3609.altawk.network
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 0a8b9451b8de67589fa2e8caa96cd7aee975b208815adad986ce256f060b490e

Request headers

Referer: https://bnppirabas.pl/static/css/retail.83b99448ac7488de.css
Origin: https://bnppirabas.pl
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Fri, 09 Jun 2023 23:21:59 GMT
Last-Modified: Sat, 03 Jun 2023 13:50:03 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Disposition: inline; filename="iconfont.woff2"
Content-Length: 31544
Content-Type: font/woff2

GET
H/1.1 200
OK bnpp_sans_light.woff
bnppirabas.pl/static/img/ 27 KB
27 KB 126ms
65ms Font
font/woff 77.91.68.201
ALTAWK

General

Check archive.org

Show headers Download Go to

Full URL: https://bnppirabas.pl/static/img/bnpp_sans_light.woff
Requested by: Host: bnppirabas.pl
URL: https://bnppirabas.pl/static/css/retail.83b99448ac7488de.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 77.91.68.201 Helsinki, Finland, ASN203727 (ALTAWK, UA),
Reverse DNS: vps3609.altawk.network
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 6b819ba1ca6fb58d0838c232a9a9f4de58743ed0112f135cffd73b07475ae77d

Request headers

Referer: https://bnppirabas.pl/static/css/retail.83b99448ac7488de.css
Origin: https://bnppirabas.pl
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Fri, 09 Jun 2023 23:21:59 GMT
Last-Modified: Sat, 03 Jun 2023 13:50:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Disposition: inline; filename="bnpp_sans_light.woff"
Content-Length: 27816
Content-Type: font/woff

GET
H/1.1 200
OK bnpp_sans_condensed_bold.woff
bnppirabas.pl/static/img/ 36 KB
36 KB 194ms
130ms Font
font/woff 77.91.68.201
ALTAWK

General

Check archive.org

Show headers Download Go to

Full URL: https://bnppirabas.pl/static/img/bnpp_sans_condensed_bold.woff
Requested by: Host: bnppirabas.pl
URL: https://bnppirabas.pl/static/css/retail.83b99448ac7488de.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 77.91.68.201 Helsinki, Finland, ASN203727 (ALTAWK, UA),
Reverse DNS: vps3609.altawk.network
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c51282549720e2ef8e9b6d2c2dc535e9cca0e332ceb0fbc21a315dfb3e269224

Request headers

Referer: https://bnppirabas.pl/static/css/retail.83b99448ac7488de.css
Origin: https://bnppirabas.pl
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Fri, 09 Jun 2023 23:21:59 GMT
Last-Modified: Sat, 03 Jun 2023 13:50:01 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Disposition: inline; filename="bnpp_sans_condensed_bold.woff"
Content-Length: 36644
Content-Type: font/woff

GET
H/1.1 200
OK bnpp_sans_bold.woff
bnppirabas.pl/static/img/ 54 KB
54 KB 193ms
65ms Font
font/woff 77.91.68.201
ALTAWK

General

Check archive.org

Show headers Download Go to

Full URL: https://bnppirabas.pl/static/img/bnpp_sans_bold.woff
Requested by: Host: bnppirabas.pl
URL: https://bnppirabas.pl/static/css/retail.83b99448ac7488de.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 77.91.68.201 Helsinki, Finland, ASN203727 (ALTAWK, UA),
Reverse DNS: vps3609.altawk.network
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 80bf8cdea9bc8b01b1b12f18210a7eb3b5f30fefa0d9f9209813d9f9cfe6e39e

Request headers

Referer: https://bnppirabas.pl/static/css/retail.83b99448ac7488de.css
Origin: https://bnppirabas.pl
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Fri, 09 Jun 2023 23:21:59 GMT
Last-Modified: Sat, 03 Jun 2023 13:50:00 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Disposition: inline; filename="bnpp_sans_bold.woff"
Content-Length: 54984
Content-Type: font/woff

GET
H2

200

fbdfaa95-7e3c-4d8f-9231-665e8d0604ee_eu.js Show response
cdn.mouseflow.com/projects/
Redirect Chain

https://cdn.mouseflow.com/projects/fbdfaa95-7e3c-4d8f-9231-665e8d0604ee.js
https://cdn.mouseflow.com/projects/fbdfaa95-7e3c-4d8f-9231-665e8d0604ee_eu.js

188 KB
55 KB

32ms
31ms

Script
application/javascript

151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.mouseflow.com/projects/fbdfaa95-7e3c-4d8f-9231-665e8d0604ee_eu.js

Requested by

Host: bnppirabas.pl
URL: https://bnppirabas.pl/

Protocol

Server

151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),

Reverse DNS

map3.hwcdn.net

Software

Mouseflow /

Resource Hash

fae90ce181ce1fa69a9f715cd0d8a72ab0b1a8ef6a83ac9c70388e0eebf0e78f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: pl-PL,pl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Fri, 09 Jun 2023 23:21:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Sun, 12 Feb 2023 23:02:30 GMT
server: Mouseflow
etag: W/"5e775515363fd91:0"
x-cache-status: MISS
x-hw: 1686352919.cds208.wa1.hn,1686352919.cds210.wa1.c
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 55812

Redirect headers

date: Fri, 09 Jun 2023 23:21:59 GMT
x-hw: 1686352919.cds208.wa1.hn,1686352919.cds209.wa1.c
location: https://cdn.mouseflow.com/projects/fbdfaa95-7e3c-4d8f-9231-665e8d0604ee_eu.js
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
x-hw-loc: https://cdn.mouseflow.com/projects/fbdfaa95-7e3c-4d8f-9231-665e8d0604ee.js
content-length: 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BNP Paribas (Banking)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			bnppirabas.pl/	1970-01-20 21:10:02	Name: csrftoken Value: JEavv0gcGLA1OzhZQzUvg1Ig4hKVNquG

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bnppirabas.pl
cdn.mouseflow.com
151.139.128.10
77.91.68.201
07f2efdd0a170a4dfa9e9911e25e2e3087dc1fbeab18d9c88bd2c26fc03ff87a
081bc41744313201195cef407aa0dee0de9b2ae8f753b49aa0dcb83e538ddd97
0a8b9451b8de67589fa2e8caa96cd7aee975b208815adad986ce256f060b490e
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1ad43cd69ab87d44698b331a63932599e614c77028ff26f4e856588a7700f384
33f35692fd57e7407f9a7a650fcc5cc12b828824f44f8f2c4d133323d87b3c11
3941ca5704046af7f9ca877b714d6203ff6edc2753b738d75b935d0557007b55
3ad317867dbc668f3e6dacfa4c17870a9affaa520346201b394810564e214e7c
6330d16589cfc01bfb8b11c4a333a42f77e21d063bbec6050401fc2e12fb871c
64207e28237841b1b76168e0fc1d30527afedd17722c9fb0e1956c039cf8a1b3
69d0396ad6ad2716e3cb74ef58891ed26896b9704eadda4d2bb325ba2de4feaa
6b819ba1ca6fb58d0838c232a9a9f4de58743ed0112f135cffd73b07475ae77d
80bf8cdea9bc8b01b1b12f18210a7eb3b5f30fefa0d9f9209813d9f9cfe6e39e
88f246e3938e92d4b1a93b93cf636c856a302f4ace772ef42591d877ee5ef5d5
88f2f32e046ea812a5607ebcc895f0bab1561cd09346e5f1b20f90fd813a6268
c51282549720e2ef8e9b6d2c2dc535e9cca0e332ceb0fbc21a315dfb3e269224
ce198ebb9d21b8485609a5cb1c46c625e8070f2e1c2404134dc4c16ddc9f4327
f02d4862e9e9a8290315b25e7513277604f9c86ca0b0654573177cfa14f382f3
f79d9b40598a91960754751f5c8060152dda9c544e111e0a9c71fbf48e0fdbf7
fae90ce181ce1fa69a9f715cd0d8a72ab0b1a8ef6a83ac9c70388e0eebf0e78f

bnppirabas.pl Open in urlscan Pro 77.91.68.201 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

95 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

2362 kBTransfer

2502 kBSize

1 Cookies

6 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

bnppirabas.pl Open in urlscan Pro
77.91.68.201 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

95 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

2362 kB
Transfer

2502 kB
Size

1
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!