nvobnco.sbs
Open in
urlscan Pro
185.241.208.219
Malicious Activity!
Public Scan
Effective URL: https://nvobnco.sbs/QYCPX8117WI9ZM31NP18OUOP1F/login
Submission Tags: @phish_report
Submission: On August 16 via api from FI — Scanned from PL
Summary
TLS certificate: Issued by R10 on August 16th 2024. Valid for: 3 months.
This is the only time nvobnco.sbs was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Novobanco (Banking)Community Verdicts: Malicious — 2 votes Show Verdicts
Live information
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 185.241.208.219 185.241.208.219 | 210558 (SERVICES-...) (SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK) | |
1 | 76.76.21.93 76.76.21.93 | 16509 (AMAZON-02) (AMAZON-02) | |
12 | 3 |
ASN210558 (SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK, DE)
nvobnco.sbs |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
nvobnco.sbs
nvobnco.sbs |
54 KB |
1 |
vercel.app
geoip-lite.vercel.app |
517 B |
12 | 2 |
Domain | Requested by | |
---|---|---|
11 | nvobnco.sbs |
nvobnco.sbs
|
1 | geoip-lite.vercel.app |
nvobnco.sbs
|
12 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
nvobnco.sbs R10 |
2024-08-16 - 2024-11-14 |
3 months | crt.sh |
*.vercel.app R11 |
2024-08-14 - 2024-11-12 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://nvobnco.sbs/QYCPX8117WI9ZM31NP18OUOP1F/login
Frame ID: DAFF77451F0C4800610A39F502E78CED
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
_]-_.Page URL History Show full URLs
-
http://nvobnco.sbs/
HTTP 307
https://nvobnco.sbs/ Page URL
- https://nvobnco.sbs/QYCPX8117WI9ZM31NP18OUOP1F/login Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://nvobnco.sbs/
HTTP 307
https://nvobnco.sbs/ Page URL
- https://nvobnco.sbs/QYCPX8117WI9ZM31NP18OUOP1F/login Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://nvobnco.sbs/ HTTP 307
- https://nvobnco.sbs/
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
nvobnco.sbs/ Redirect Chain
|
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
all.css
nvobnco.sbs/public/styles/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
nvobnco.sbs/public/javascripts/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.mask.js
nvobnco.sbs/public/javascripts/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
nvobnco.sbs/ |
150 B 482 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
geoip-lite.vercel.app/ |
171 B 517 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loader.gif
nvobnco.sbs/public/images/ |
5 KB 5 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
QYCPX8117WI9ZM31NP18OUOP1F.html
nvobnco.sbs/ |
80 B 626 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login
nvobnco.sbs/QYCPX8117WI9ZM31NP18OUOP1F/ |
13 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
all.css
nvobnco.sbs/public/styles/ |
5 KB 274 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
nvobnco.sbs/public/javascripts/ |
85 KB 275 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.mask.js
nvobnco.sbs/public/javascripts/ |
6 KB 274 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Malicious
page.domain
Submitted on
August 16th 2024, 1:18:52 pm
UTC —
From Portugal
Threats:
Phishing
Brands:
Novobanco
PT
Comment: Fake phishing domain, targets customers of Portuguese bank (real domain is 'novobanco.pt'). Phish kit is viewable when a non-VPN Portuguese IP is used.
Malicious
page.url
Submitted on
August 16th 2024, 12:58:34 pm
UTC —
From Portugal
Threats:
Phishing
Brands:
Novobanco
PT
Comment: phishing website for novobanco.pt clients
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Novobanco (Banking)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| decrypt function| base64ToArrayBuffer function| insertDecryptedContent3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
nvobnco.sbs/ | Name: csrf-token Value: F1POUO81PN13MZ9IW7118XPCYQ |
|
nvobnco.sbs/ | Name: visitor Value: 66bf4c9962d396187186af82 |
|
nvobnco.sbs/ | Name: userId Value: A0S3EPYP019EG |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
geoip-lite.vercel.app
nvobnco.sbs
185.241.208.219
76.76.21.93
197d5636d2686ef30a01999efb367d0f0345b426e035f9989ba861f6027a4414
4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de
5c9c6f5dead58b95396b84142ede3dc384c65d04302f4dd389175fec8d801e06
6e21162bc64073fe9e3d3d6375ca24d04fed1912a5b7716aac0cb0f2d16fae7c
858f5fc6c36c6f7a6fb9ecde1d295f4ff988f43054379702063cca9054107681
990f3452736f1806199700baf0c66068b20b77c542daedec6959ec0fa2e73c15
9bbd1345eda254befd0400ef9c2f5650731feddadc9aac1181a145ea89ed2cda
cd13896ab186c6b592a29edda3b6b3add02d94665263c13852b0770fbbeef097
e28402acf82dc0bbd4cb1cbd1bca97cbee7d8862d828a31d256a8821eca5b299