Submitted URL: http://nvobnco.sbs/
Effective URL: https://nvobnco.sbs/QYCPX8117WI9ZM31NP18OUOP1F/login
Submission Tags: @phish_report
Submission: On August 16 via api from FI — Scanned from PL

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 12 HTTP transactions. The main IP is 185.241.208.219, located in Warsaw, Poland and belongs to SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK, DE. The main domain is nvobnco.sbs.
TLS certificate: Issued by R10 on August 16th 2024. Valid for: 3 months.
This is the only time nvobnco.sbs was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Novobanco (Banking)

Community Verdicts: Malicious2 votes Show Verdicts


Live information

Domain & IP information

IP Address AS Autonomous System
11 185.241.208.219 210558 (SERVICES-...)
1 76.76.21.93 16509 (AMAZON-02)
12 3
Apex Domain
Subdomains
Transfer
11 nvobnco.sbs
nvobnco.sbs
54 KB
1 vercel.app
geoip-lite.vercel.app
517 B
12 2
Domain Requested by
11 nvobnco.sbs nvobnco.sbs
1 geoip-lite.vercel.app nvobnco.sbs
12 2

This site contains no links.

Subject Issuer Validity Valid
nvobnco.sbs
R10
2024-08-16 -
2024-11-14
3 months crt.sh
*.vercel.app
R11
2024-08-14 -
2024-11-12
3 months crt.sh

This page contains 1 frames:

Primary Page: https://nvobnco.sbs/QYCPX8117WI9ZM31NP18OUOP1F/login
Frame ID: DAFF77451F0C4800610A39F502E78CED
Requests: 13 HTTP requests in this frame

Screenshot

Page Title

_]-_.

Page URL History Show full URLs

  1. http://nvobnco.sbs/ HTTP 307
    https://nvobnco.sbs/ Page URL
  2. https://nvobnco.sbs/QYCPX8117WI9ZM31NP18OUOP1F/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

55 kB
Transfer

220 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://nvobnco.sbs/ HTTP 307
    https://nvobnco.sbs/ Page URL
  2. https://nvobnco.sbs/QYCPX8117WI9ZM31NP18OUOP1F/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://nvobnco.sbs/ HTTP 307
  • https://nvobnco.sbs/

12 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
nvobnco.sbs/
Redirect Chain
  • http://nvobnco.sbs/
  • https://nvobnco.sbs/
3 KB
2 KB
Document
General
Full URL
https://nvobnco.sbs/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.241.208.219 Warsaw, Poland, ASN210558 (SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK, DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
197d5636d2686ef30a01999efb367d0f0345b426e035f9989ba861f6027a4414

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Fri, 16 Aug 2024 12:56:55 GMT
ETag
W/"cff-/8UZbBH89QMS8a4gqx3H0b0UJGc"
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Powered-By
Express

Redirect headers

Location
https://nvobnco.sbs/
Non-Authoritative-Reason
HttpsUpgrades
all.css
nvobnco.sbs/public/styles/
5 KB
2 KB
Stylesheet
General
Full URL
https://nvobnco.sbs/public/styles/all.css
Requested by
Host: nvobnco.sbs
URL: https://nvobnco.sbs/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.241.208.219 Warsaw, Poland, ASN210558 (SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK, DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
cd13896ab186c6b592a29edda3b6b3add02d94665263c13852b0770fbbeef097

Request headers

Referer
https://nvobnco.sbs/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

Date
Fri, 16 Aug 2024 12:56:55 GMT
Content-Encoding
gzip
Last-Modified
Wed, 14 Aug 2024 21:34:39 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"14b7-19152d07598"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
jquery.min.js
nvobnco.sbs/public/javascripts/
85 KB
30 KB
Script
General
Full URL
https://nvobnco.sbs/public/javascripts/jquery.min.js
Requested by
Host: nvobnco.sbs
URL: https://nvobnco.sbs/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.241.208.219 Warsaw, Poland, ASN210558 (SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK, DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de

Request headers

Referer
https://nvobnco.sbs/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

Date
Fri, 16 Aug 2024 12:56:55 GMT
Content-Encoding
gzip
Last-Modified
Mon, 04 Jul 2022 04:30:24 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"15391-181c7794b00"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
jquery.mask.js
nvobnco.sbs/public/javascripts/
6 KB
3 KB
Script
General
Full URL
https://nvobnco.sbs/public/javascripts/jquery.mask.js
Requested by
Host: nvobnco.sbs
URL: https://nvobnco.sbs/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.241.208.219 Warsaw, Poland, ASN210558 (SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK, DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
e28402acf82dc0bbd4cb1cbd1bca97cbee7d8862d828a31d256a8821eca5b299

Request headers

Referer
https://nvobnco.sbs/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

Date
Fri, 16 Aug 2024 12:56:55 GMT
Content-Encoding
gzip
Last-Modified
Mon, 04 Jul 2022 04:30:32 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"18bd-181c7796a40"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
favicon.ico
nvobnco.sbs/
150 B
482 B
Other
General
Full URL
https://nvobnco.sbs/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.241.208.219 Warsaw, Poland, ASN210558 (SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK, DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
6e21162bc64073fe9e3d3d6375ca24d04fed1912a5b7716aac0cb0f2d16fae7c
Security Headers
Name Value
Content-Security-Policy default-src 'none'
X-Content-Type-Options nosniff

Request headers

Referer
https://nvobnco.sbs/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

Date
Fri, 16 Aug 2024 12:56:55 GMT
Content-Security-Policy
default-src 'none'
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/html; charset=utf-8
Connection
keep-alive
/
geoip-lite.vercel.app/
171 B
517 B
XHR
General
Full URL
https://geoip-lite.vercel.app/
Requested by
Host: nvobnco.sbs
URL: https://nvobnco.sbs/public/javascripts/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
9bbd1345eda254befd0400ef9c2f5650731feddadc9aac1181a145ea89ed2cda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept
*/*
Referer
https://nvobnco.sbs/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Fri, 16 Aug 2024 12:56:56 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
server
Vercel
x-vercel-id
fra1::sfo1::5sv95-1723813016758-83ff6dfec62f
age
0
x-vercel-cache
MISS
access-control-allow-methods
GET, PUT, POST, DELETE, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
access-control-allow-headers
Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With
content-length
171
loader.gif
nvobnco.sbs/public/images/
5 KB
5 KB
Image
General
Full URL
https://nvobnco.sbs/public/images/loader.gif
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.241.208.219 Warsaw, Poland, ASN210558 (SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK, DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
990f3452736f1806199700baf0c66068b20b77c542daedec6959ec0fa2e73c15

Request headers

Referer
https://nvobnco.sbs/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

Date
Fri, 16 Aug 2024 12:56:56 GMT
Last-Modified
Mon, 14 Nov 2022 10:23:36 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"1444-18475aa7440"
Content-Type
image/gif
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5188
QYCPX8117WI9ZM31NP18OUOP1F.html
nvobnco.sbs/
80 B
626 B
XHR
General
Full URL
https://nvobnco.sbs/QYCPX8117WI9ZM31NP18OUOP1F.html?ip=146.70.85.170&loc=GB&city=&reg=
Requested by
Host: nvobnco.sbs
URL: https://nvobnco.sbs/public/javascripts/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.241.208.219 Warsaw, Poland, ASN210558 (SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK, DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash

Request headers

Accept
*/*
Referer
https://nvobnco.sbs/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

Date
Fri, 16 Aug 2024 12:56:57 GMT
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"50-nZak/a1Qq35lKxgreR3jfE+Pzic"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/html; charset=utf-8
Connection
keep-alive
Primary Request login
nvobnco.sbs/QYCPX8117WI9ZM31NP18OUOP1F/
13 KB
10 KB
Document
General
Full URL
https://nvobnco.sbs/QYCPX8117WI9ZM31NP18OUOP1F/login
Requested by
Host: nvobnco.sbs
URL: https://nvobnco.sbs/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.241.208.219 Warsaw, Poland, ASN210558 (SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK, DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
5c9c6f5dead58b95396b84142ede3dc384c65d04302f4dd389175fec8d801e06

Request headers

Referer
https://nvobnco.sbs/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Fri, 16 Aug 2024 12:56:57 GMT
ETag
W/"356b-5UMPYUOfserlWz0nY3FeAxYyFhQ"
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Powered-By
Express
all.css
nvobnco.sbs/public/styles/
5 KB
274 B
Stylesheet
General
Full URL
https://nvobnco.sbs/public/styles/all.css
Requested by
Host: nvobnco.sbs
URL: https://nvobnco.sbs/QYCPX8117WI9ZM31NP18OUOP1F/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.241.208.219 Warsaw, Poland, ASN210558 (SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK, DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
cd13896ab186c6b592a29edda3b6b3add02d94665263c13852b0770fbbeef097

Request headers

Referer
https://nvobnco.sbs/QYCPX8117WI9ZM31NP18OUOP1F/login
If-None-Match
W/"14b7-19152d07598"
If-Modified-Since
Wed, 14 Aug 2024 21:34:39 GMT
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

Date
Fri, 16 Aug 2024 12:56:57 GMT
Last-Modified
Wed, 14 Aug 2024 21:34:39 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"14b7-19152d07598"
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
jquery.min.js
nvobnco.sbs/public/javascripts/
85 KB
275 B
Script
General
Full URL
https://nvobnco.sbs/public/javascripts/jquery.min.js
Requested by
Host: nvobnco.sbs
URL: https://nvobnco.sbs/QYCPX8117WI9ZM31NP18OUOP1F/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.241.208.219 Warsaw, Poland, ASN210558 (SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK, DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de

Request headers

Referer
https://nvobnco.sbs/QYCPX8117WI9ZM31NP18OUOP1F/login
If-None-Match
W/"15391-181c7794b00"
If-Modified-Since
Mon, 04 Jul 2022 04:30:24 GMT
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

Date
Fri, 16 Aug 2024 12:56:57 GMT
Last-Modified
Mon, 04 Jul 2022 04:30:24 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"15391-181c7794b00"
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
jquery.mask.js
nvobnco.sbs/public/javascripts/
6 KB
274 B
Script
General
Full URL
https://nvobnco.sbs/public/javascripts/jquery.mask.js
Requested by
Host: nvobnco.sbs
URL: https://nvobnco.sbs/QYCPX8117WI9ZM31NP18OUOP1F/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.241.208.219 Warsaw, Poland, ASN210558 (SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK, DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
e28402acf82dc0bbd4cb1cbd1bca97cbee7d8862d828a31d256a8821eca5b299

Request headers

Referer
https://nvobnco.sbs/QYCPX8117WI9ZM31NP18OUOP1F/login
If-None-Match
W/"18bd-181c7796a40"
If-Modified-Since
Mon, 04 Jul 2022 04:30:32 GMT
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

Date
Fri, 16 Aug 2024 12:56:57 GMT
Last-Modified
Mon, 04 Jul 2022 04:30:32 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"18bd-181c7796a40"
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
truncated
/
5 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
858f5fc6c36c6f7a6fb9ecde1d295f4ff988f43054379702063cca9054107681

Request headers

Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment


Malicious page.domain
Submitted on August 16th 2024, 1:18:52 pm UTC — From Portugal

Threats: Phishing
Brands: Novobanco PT
Comment: Fake phishing domain, targets customers of Portuguese bank (real domain is 'novobanco.pt'). Phish kit is viewable when a non-VPN Portuguese IP is used.


Malicious page.url
Submitted on August 16th 2024, 12:58:34 pm UTC — From Portugal

Threats: Phishing
Brands: Novobanco PT
Comment: phishing website for novobanco.pt clients

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Novobanco (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| decrypt function| base64ToArrayBuffer function| insertDecryptedContent

3 Cookies

Domain/Path Name / Value
nvobnco.sbs/ Name: csrf-token
Value: F1POUO81PN13MZ9IW7118XPCYQ
nvobnco.sbs/ Name: visitor
Value: 66bf4c9962d396187186af82
nvobnco.sbs/ Name: userId
Value: A0S3EPYP019EG

1 Console Messages

Source Level URL
Text
network error URL: https://nvobnco.sbs/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)