nbg.6768.ink Open in urlscan Pro
35.155.30.240 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://lan.to/8m5k8
Effective URL:
https://nbg.6768.ink/localSignIn.php?identity&login?ReturnUrl=732968239
Submission: On November 05 via manual (November 5th 2021, 3:07:01 pm UTC) from IN — Scanned from DE

Summary HTTP 23 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 5 countries across 6 domains to perform 23 HTTP transactions. The main IP is 35.155.30.240, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is nbg.6768.ink.
TLS certificate: Issued by R3 on November 2nd 2021. Valid for: 3 months.

This is the only time nbg.6768.ink was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: National Bank of Greece (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	216.239.32.21 216.239.32.21	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2010	15169 (GOOGLE) (GOOGLE)
1	13.49.111.16 13.49.111.16	16509 (AMAZON-02) (AMAZON-02)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3b	20446 (HIGHWINDS3) (HIGHWINDS3)
1	35.187.109.50 35.187.109.50	15169 (GOOGLE) (GOOGLE)
2 12	35.155.30.240 35.155.30.240	16509 (AMAZON-02) (AMAZON-02)
23	6

1 216.239.32.21 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: any-in-2015.1e100.net

lan.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2010 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.49.111.16 (Stockholm, Sweden)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-49-111-16.eu-north-1.compute.amazonaws.com

wjs.wurflcloud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.187.109.50 (Brussels, Belgium)

ASN15169 (GOOGLE, US)
PTR: 50.109.187.35.bc.googleusercontent.com

statistics.gateway360.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 35.155.30.240 (Boardman, United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-155-30-240.us-west-2.compute.amazonaws.com

nbg.6768.ink	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	6768.ink 2 redirects nbg.6768.ink	54 KB
1	gateway360.com statistics.gateway360.com	219 B
1	jquery.com code.jquery.com	33 KB
1	wurflcloud.com wjs.wurflcloud.com	631 B
1	googleapis.com storage.googleapis.com	3 KB
1	lan.to 1 redirects lan.to	245 B
23	6

	Domain	Requested by
12	nbg.6768.ink	2 redirects storage.googleapis.com nbg.6768.ink
1	statistics.gateway360.com	code.jquery.com
1	code.jquery.com	storage.googleapis.com
1	wjs.wurflcloud.com	storage.googleapis.com
1	storage.googleapis.com
1	lan.to	1 redirects
23	6

This site contains no links.

Subject Issuer	Validity	Valid
*.storage.googleapis.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
wurflcloud.com Amazon	`2021-10-24` - `2022-11-21`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
*.gateway360.com Sectigo RSA Domain Validation Secure Server CA	`2021-01-04` - `2022-02-03`	a year	crt.sh
6768.ink R3	`2021-11-02` - `2022-01-31`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://nbg.6768.ink/localSignIn.php?identity&login?ReturnUrl=732968239
Frame ID: 88E025E90D75F471E2D78F5E156EB2FA
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://lan.to/8m5k8 HTTP 301
https://storage.googleapis.com/ws-urls/tracker/index.html?url=https%3A%2F%2Fnbg.6768.ink&c=0&ref=fhEECGfIjG... Page URL
https://nbg.6768.ink/ Page URL
https://nbg.6768.ink/getMoreDetails.php HTTP 302
https://nbg.6768.ink/gatewayToSign.php HTTP 302
https://nbg.6768.ink/localSignIn.php?identity&login?ReturnUrl=732968239 Page URL

Page Statistics

23
Requests

61 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

6
IPs

5
Countries

91 kB
Transfer

389 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://lan.to/8m5k8 HTTP 301
https://storage.googleapis.com/ws-urls/tracker/index.html?url=https%3A%2F%2Fnbg.6768.ink&c=0&ref=fhEECGfIjGAd&csm=067e25662106d2bc7e0436bdb35778a5&callback_id=14628417 Page URL
https://nbg.6768.ink/ Page URL
https://nbg.6768.ink/getMoreDetails.php HTTP 302
https://nbg.6768.ink/gatewayToSign.php HTTP 302
https://nbg.6768.ink/localSignIn.php?identity&login?ReturnUrl=732968239 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://lan.to/8m5k8 HTTP 301
https://storage.googleapis.com/ws-urls/tracker/index.html?url=https%3A%2F%2Fnbg.6768.ink&c=0&ref=fhEECGfIjGAd&csm=067e25662106d2bc7e0436bdb35778a5&callback_id=14628417

23 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	index.html Show response storage.googleapis.com/ws-urls/tracker/ Redirect Chain https://lan.to/8m5k8 https://storage.googleapis.com/ws-urls/tracker/index.html?url=https%3A%2F%2Fnbg.6768.ink&c=0&ref=fhEECGfIjGAd&csm=067e25662106d2bc7e0436bdb35778a5&callback_id=14628417	2 KB 3 KB	94ms 58ms	Document text/html	2a00:1450:4001:813::2010 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://storage.googleapis.com/ws-urls/tracker/index.html?url=https%3A%2F%2Fnbg.6768.ink&c=0&ref=fhEECGfIjGAd&csm=067e25662106d2bc7e0436bdb35778a5&callback_id=14628417 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software UploadServer / Resource Hash `ddba077680eff7cc7e9d8ec8cbb20ebe7b84e34b7c8200eedee71c09ad8c8f72` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers x-guploader-uploadid ADPycdupUNs5a34RK1B4t00f58STML2IlTYOUHKWdFi3YkeftjXnP0zwIipdtC0qO8R128HTVFbI9NQvS12lROhj2hs expires Fri, 05 Nov 2021 16:06:56 GMT date Fri, 05 Nov 2021 15:06:56 GMT cache-control public, max-age=3600 last-modified Mon, 11 Nov 2019 16:56:45 GMT etag "7d329a83ba8a0f04b4f433a8f0935e99" x-goog-generation 1573491405382830 x-goog-metageneration 1 x-goog-stored-content-encoding identity x-goog-stored-content-length 2475 content-type text/html x-goog-hash crc32c=CJfJsg== md5=fTKag7qKDwS09DOo8JNemQ== x-goog-storage-class STANDARD accept-ranges bytes content-length 2475 server UploadServer alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Redirect headers content-type text/html; charset=UTF-8 location https://storage.googleapis.com/ws-urls/tracker/index.html?url=https%3A%2F%2Fnbg.6768.ink&c=0&ref=fhEECGfIjGAd&csm=067e25662106d2bc7e0436bdb35778a5&callback_id=14628417 x-cloud-trace-context 3bc8b852b73002a67ab6df844279028a;o=1 date Fri, 05 Nov 2021 15:06:56 GMT server Google Frontend content-length 0
GET H2	200	wurfl.js Show response wjs.wurflcloud.com/	965 B 631 B	108ms 30ms	Script application/javascript	13.49.111.16 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://wjs.wurflcloud.com/wurfl.js Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ws-urls/tracker/index.html?url=https%3A%2F%2Fnbg.6768.ink&c=0&ref=fhEECGfIjGAd&csm=067e25662106d2bc7e0436bdb35778a5&callback_id=14628417 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.49.111.16 Stockholm, Sweden, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-49-111-16.eu-north-1.compute.amazonaws.com Software / Resource Hash `8b7f573d449aa3b1bce877a1b013d17c09581177cfa7260f0d042dfa6eb1c043` Request headers Accept-Language de-DE,de;q=0.9 Referer https://storage.googleapis.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers access-control-allow-origin * date Fri, 05 Nov 2021 15:06:56 GMT cache-control private, max-age=86400 content-encoding br content-length 456 vary accept-encoding, user-agent content-type application/javascript
GET H2	200	jquery-1.12.4.min.js Show response code.jquery.com/	95 KB 33 KB	60ms 20ms	Script application/javascript	2001:4de0:ac18::1:a:3b HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-1.12.4.min.js Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ws-urls/tracker/index.html?url=https%3A%2F%2Fnbg.6768.ink&c=0&ref=fhEECGfIjGAd&csm=067e25662106d2bc7e0436bdb35778a5&callback_id=14628417 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (HIGHWINDS3, US), Reverse DNS Software nginx / Resource Hash `668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404` Request headers Accept-Language de-DE,de;q=0.9 Referer https://storage.googleapis.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Fri, 05 Nov 2021 15:06:56 GMT content-encoding gzip last-modified Fri, 20 May 2016 17:18:54 GMT server nginx etag "573f46fe-17b8b" vary Accept-Encoding x-hw 1636124816.dop012.ml1.t,1636124816.cds221.ml1.hn,1636124816.cds214.ml1.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 33738
POST H/1.1	200 OK	collect-url-load statistics.gateway360.com/	0 219 B	66ms 18ms	XHR text/html	35.187.109.50 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://statistics.gateway360.com/collect-url-load Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-1.12.4.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 35.187.109.50 Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS 50.109.187.35.bc.googleusercontent.com Software Apache / Resource Hash Request headers Accept / Referer https://storage.googleapis.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers Access-Control-Allow-Origin * Date Fri, 05 Nov 2021 15:06:56 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 0 Content-Type text/html; charset=UTF-8
GET H2	200	/ Show response nbg.6768.ink/	2 KB 751 B	876ms 166ms	Document text/html	35.155.30.240 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://nbg.6768.ink/ Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ws-urls/tracker/index.html?url=https%3A%2F%2Fnbg.6768.ink&c=0&ref=fhEECGfIjGAd&csm=067e25662106d2bc7e0436bdb35778a5&callback_id=14628417 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.155.30.240 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-155-30-240.us-west-2.compute.amazonaws.com Software openresty / Resource Hash `b574cf6d383a9fd3b68fc03db8cb6dfaf1e1b9b243123e6bfbb43b28c2b14a22` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://storage.googleapis.com/ Response headers server openresty date Fri, 05 Nov 2021 15:06:57 GMT content-type text/html; charset=UTF-8 content-length 582 content-encoding br vary Accept-Encoding x-turbo-charged-by LiteSpeed x-cache BYPASS x-service pixie-cpanel
GET H2	200	style.60345a170f14e2d30af4.css nbg.6768.ink/css/	198 KB 31 KB	326ms 325ms	Stylesheet text/css	35.155.30.240 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://nbg.6768.ink/css/style.60345a170f14e2d30af4.css Requested by Host: nbg.6768.ink URL: https://nbg.6768.ink/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.155.30.240 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-155-30-240.us-west-2.compute.amazonaws.com Software openresty / Resource Hash `eee0de974dc453065f99ef24913aad33ed87c19841d8b1269786e27378fcb53b` Request headers Accept-Language de-DE,de;q=0.9 Referer https://nbg.6768.ink/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Fri, 05 Nov 2021 15:06:57 GMT content-encoding br last-modified Sat, 04 Sep 2021 21:22:48 GMT server openresty vary Accept-Encoding x-cache BYPASS content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed x-service pixie-cpanel accept-ranges bytes content-length 31403 expires Fri, 12 Nov 2021 15:06:57 GMT
GET H2	200	logo.545b013c218ea4ff3ba78d121759aba6.svg nbg.6768.ink/img/	14 KB 5 KB	167ms 167ms	Image image/svg+xml	35.155.30.240 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://nbg.6768.ink/img/logo.545b013c218ea4ff3ba78d121759aba6.svg Requested by Host: nbg.6768.ink URL: https://nbg.6768.ink/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.155.30.240 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-155-30-240.us-west-2.compute.amazonaws.com Software openresty / Resource Hash `a7291d2136d459077949df2e28734f6307acd3b245d20e8958b07dfd81f23951` Request headers Accept-Language de-DE,de;q=0.9 Referer https://nbg.6768.ink/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Fri, 05 Nov 2021 15:06:57 GMT content-encoding br last-modified Sat, 04 Sep 2021 21:22:48 GMT server openresty vary Accept-Encoding x-cache BYPASS content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed x-service pixie-cpanel accept-ranges bytes content-length 4752 expires Fri, 12 Nov 2021 15:06:57 GMT
GET H2	200	logo-full-black.f26495ed09f202369ae54fbb35eb5631.svg nbg.6768.ink/img/	57 KB 10 KB	482ms 482ms	Image image/svg+xml	35.155.30.240 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://nbg.6768.ink/img/logo-full-black.f26495ed09f202369ae54fbb35eb5631.svg Requested by Host: nbg.6768.ink URL: https://nbg.6768.ink/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.155.30.240 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-155-30-240.us-west-2.compute.amazonaws.com Software openresty / Resource Hash `7583021663983a838e88f47a0721d751a51a302d45c69595780c083cd2e99909` Request headers Accept-Language de-DE,de;q=0.9 Referer https://nbg.6768.ink/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Fri, 05 Nov 2021 15:06:57 GMT content-encoding br last-modified Sat, 04 Sep 2021 21:22:48 GMT server openresty vary Accept-Encoding x-cache BYPASS content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed x-service pixie-cpanel accept-ranges bytes content-length 10243 expires Fri, 12 Nov 2021 15:06:57 GMT
GET H2	404	new-login-big.66c1b00b0c38dbef35ad2235cc7203a2.jpg nbg.6768.ink/css/images/	1 KB 1 KB	166ms 166ms	Image text/html	35.155.30.240 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://nbg.6768.ink/css/images/new-login-big.66c1b00b0c38dbef35ad2235cc7203a2.jpg Requested by Host: nbg.6768.ink URL: https://nbg.6768.ink/css/style.60345a170f14e2d30af4.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.155.30.240 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-155-30-240.us-west-2.compute.amazonaws.com Software openresty / Resource Hash `79ce4e2bbf25c4a4d91458d191d6ef268b4592169ae6586ba52242f412670b5d` Request headers Accept-Language de-DE,de;q=0.9 Referer https://nbg.6768.ink/css/style.60345a170f14e2d30af4.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers pragma no-cache date Fri, 05 Nov 2021 15:06:58 GMT content-encoding gzip server openresty vary Accept-Encoding content-type text/html; charset=utf-8 cache-control private, no-cache, no-store, must-revalidate, max-age=0 x-turbo-charged-by LiteSpeed
GET H2	404	PFDinDisplayPro-Light.23cdddacd0d56977093551f2faea9a13.woff2 nbg.6768.ink/css/images/	0 0	166ms 166ms	Font text/html	35.155.30.240 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://nbg.6768.ink/css/images/PFDinDisplayPro-Light.23cdddacd0d56977093551f2faea9a13.woff2 Requested by Host: nbg.6768.ink URL: https://nbg.6768.ink/css/style.60345a170f14e2d30af4.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.155.30.240 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-155-30-240.us-west-2.compute.amazonaws.com Software openresty / Resource Hash Request headers Referer https://nbg.6768.ink/css/style.60345a170f14e2d30af4.css Origin https://nbg.6768.ink Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers pragma no-cache date Fri, 05 Nov 2021 15:06:58 GMT content-encoding gzip server openresty vary Accept-Encoding content-type text/html; charset=utf-8 cache-control private, no-cache, no-store, must-revalidate, max-age=0 x-turbo-charged-by LiteSpeed
GET H2	404	PFDinDisplayPro-Regular.840952ed9468a2c7444f89b6f748e734.woff2 nbg.6768.ink/css/images/	0 0	165ms 165ms	Font text/html	35.155.30.240 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://nbg.6768.ink/css/images/PFDinDisplayPro-Regular.840952ed9468a2c7444f89b6f748e734.woff2 Requested by Host: nbg.6768.ink URL: https://nbg.6768.ink/css/style.60345a170f14e2d30af4.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.155.30.240 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-155-30-240.us-west-2.compute.amazonaws.com Software openresty / Resource Hash Request headers Referer https://nbg.6768.ink/css/style.60345a170f14e2d30af4.css Origin https://nbg.6768.ink Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers pragma no-cache date Fri, 05 Nov 2021 15:06:58 GMT content-encoding gzip server openresty vary Accept-Encoding content-type text/html; charset=utf-8 cache-control private, no-cache, no-store, must-revalidate, max-age=0 x-turbo-charged-by LiteSpeed
GET H2	404	PFDinDisplayPro-Light.9a5171a196de11651813859c360f195f.woff nbg.6768.ink/css/images/	0 0	166ms 165ms	Font text/html	35.155.30.240 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://nbg.6768.ink/css/images/PFDinDisplayPro-Light.9a5171a196de11651813859c360f195f.woff Requested by Host: nbg.6768.ink URL: https://nbg.6768.ink/css/style.60345a170f14e2d30af4.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.155.30.240 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-155-30-240.us-west-2.compute.amazonaws.com Software openresty / Resource Hash Request headers Referer https://nbg.6768.ink/css/style.60345a170f14e2d30af4.css Origin https://nbg.6768.ink Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers pragma no-cache date Fri, 05 Nov 2021 15:06:58 GMT content-encoding gzip server openresty vary Accept-Encoding content-type text/html; charset=utf-8 cache-control private, no-cache, no-store, must-revalidate, max-age=0 x-turbo-charged-by LiteSpeed
GET H2	404	PFDinDisplayPro-Regular.21be48ba435316c8a4cd39438cd89083.woff nbg.6768.ink/css/images/	0 0	166ms 166ms	Font text/html	35.155.30.240 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://nbg.6768.ink/css/images/PFDinDisplayPro-Regular.21be48ba435316c8a4cd39438cd89083.woff Requested by Host: nbg.6768.ink URL: https://nbg.6768.ink/css/style.60345a170f14e2d30af4.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.155.30.240 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-155-30-240.us-west-2.compute.amazonaws.com Software openresty / Resource Hash Request headers Referer https://nbg.6768.ink/css/style.60345a170f14e2d30af4.css Origin https://nbg.6768.ink Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers pragma no-cache date Fri, 05 Nov 2021 15:06:58 GMT content-encoding gzip server openresty vary Accept-Encoding content-type text/html; charset=utf-8 cache-control private, no-cache, no-store, must-revalidate, max-age=0 x-turbo-charged-by LiteSpeed
GET H2	200	Primary Request localSignIn.php Show response nbg.6768.ink/ Redirect Chain https://nbg.6768.ink/getMoreDetails.php https://nbg.6768.ink/gatewayToSign.php https://nbg.6768.ink/localSignIn.php?identity&login?ReturnUrl=732968239	19 KB 6 KB	170ms 170ms	Document text/html	35.155.30.240 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://nbg.6768.ink/localSignIn.php?identity&login?ReturnUrl=732968239 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.155.30.240 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-155-30-240.us-west-2.compute.amazonaws.com Software openresty / Resource Hash `a5ff913f4fc66b41635880a1f96a118b0eb730319288fcb42622a4f2a8463d48` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://nbg.6768.ink/ Response headers server openresty date Fri, 05 Nov 2021 15:07:00 GMT content-type text/html; charset=UTF-8 content-length 5364 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache content-encoding br vary Accept-Encoding x-turbo-charged-by LiteSpeed x-cache BYPASS x-service pixie-cpanel Redirect headers server openresty date Fri, 05 Nov 2021 15:07:00 GMT content-type text/html; charset=UTF-8 content-length 0 location localSignIn.php?identity&login?ReturnUrl=732968239 cache-control no-cache, no-store, must-revalidate, max-age=0 x-turbo-charged-by LiteSpeed x-cache BYPASS x-service pixie-cpanel
GET		css.css nbg.6768.ink/	0 0

GET		logo.png nbg.6768.ink/img/	0 0

GET		fb.svg nbg.6768.ink/img/	0 0

GET		twitter.svg nbg.6768.ink/img/	0 0

GET		youtube.svg nbg.6768.ink/img/	0 0

GET		linkedin.svg nbg.6768.ink/img/	0 0

GET		email.svg nbg.6768.ink/img/	0 0

GET		loaderr.svg nbg.6768.ink/img/	0 0

GET		login-otp.svg nbg.6768.ink/img/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: nbg.6768.ink
URL: https://nbg.6768.ink/css.css?1.5.0

Domain: nbg.6768.ink
URL: https://nbg.6768.ink/img/logo.png

Domain: nbg.6768.ink
URL: https://nbg.6768.ink/img/fb.svg

Domain: nbg.6768.ink
URL: https://nbg.6768.ink/img/twitter.svg

Domain: nbg.6768.ink
URL: https://nbg.6768.ink/img/youtube.svg

Domain: nbg.6768.ink
URL: https://nbg.6768.ink/img/linkedin.svg

Domain: nbg.6768.ink
URL: https://nbg.6768.ink/img/email.svg

Domain: nbg.6768.ink
URL: https://nbg.6768.ink/img/loaderr.svg

Domain: nbg.6768.ink
URL: https://nbg.6768.ink/img/login-otp.svg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: National Bank of Greece (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://nbg.6768.ink/css/images/new-login-big.66c1b00b0c38dbef35ad2235cc7203a2.jpg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://nbg.6768.ink/css/images/PFDinDisplayPro-Light.23cdddacd0d56977093551f2faea9a13.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://nbg.6768.ink/css/images/PFDinDisplayPro-Regular.840952ed9468a2c7444f89b6f748e734.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://nbg.6768.ink/css/images/PFDinDisplayPro-Light.9a5171a196de11651813859c360f195f.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://nbg.6768.ink/css/images/PFDinDisplayPro-Regular.21be48ba435316c8a4cd39438cd89083.woff Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
lan.to
nbg.6768.ink
statistics.gateway360.com
storage.googleapis.com
wjs.wurflcloud.com
nbg.6768.ink
13.49.111.16
2001:4de0:ac18::1:a:3b
216.239.32.21
2a00:1450:4001:813::2010
35.155.30.240
35.187.109.50
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
7583021663983a838e88f47a0721d751a51a302d45c69595780c083cd2e99909
79ce4e2bbf25c4a4d91458d191d6ef268b4592169ae6586ba52242f412670b5d
8b7f573d449aa3b1bce877a1b013d17c09581177cfa7260f0d042dfa6eb1c043
a5ff913f4fc66b41635880a1f96a118b0eb730319288fcb42622a4f2a8463d48
a7291d2136d459077949df2e28734f6307acd3b245d20e8958b07dfd81f23951
b574cf6d383a9fd3b68fc03db8cb6dfaf1e1b9b243123e6bfbb43b28c2b14a22
ddba077680eff7cc7e9d8ec8cbb20ebe7b84e34b7c8200eedee71c09ad8c8f72
eee0de974dc453065f99ef24913aad33ed87c19841d8b1269786e27378fcb53b

nbg.6768.ink Open in urlscan Pro 35.155.30.240 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

23 Requests

61 %HTTPS

33 %IPv6

6 Domains

6 Subdomains

6 IPs

5 Countries

91 kBTransfer

389 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

5 Console Messages

Indicators

nbg.6768.ink Open in urlscan Pro
35.155.30.240 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

61 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

6
IPs

5
Countries

91 kB
Transfer

389 kB
Size

0
Cookies

23 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!