urlscan.io logo urlscan.io
SecurityTrails logo

online.cyprus-com.one Open in urlscan Pro
2a01:111:f100:9001::1761:93a5  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://online.cyprus-com.one/h/0708d/netteller-web-gr.php
Submission Tags: https://phish.report @phish_report Search All
Submission: On March 01 via api from FI — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 2 HTTP transactions. The main IP is 2a01:111:f100:9001::1761:93a5, located in Amsterdam, Netherlands and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is online.cyprus-com.one.
TLS certificate: Issued by R3 on February 26th 2022. Valid for: 3 months.
This is the only time online.cyprus-com.one was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of Cyprus (Banking)

Domain & IP information

IP Address AS Autonomous System
1 2a01:111:f100... 8075 (MICROSOFT...)
1 81.4.191.110 24655 (BOC-AS)
2 3
Apex Domain
Subdomains		 Transfer
1 bankofcyprus.com
online.bankofcyprus.com
451 B
1 cyprus-com.one
online.cyprus-com.one
2 MB
2 2
Domain Requested by
1 online.bankofcyprus.com online.cyprus-com.one
1 online.cyprus-com.one
2 2

This site contains links to these domains. Also see Links.

Domain
www.bankofcyprus.com.cy
online.bankofcyprus.com
bankofcyprus.com.cy
Subject Issuer Validity Valid
online.cyprus-com.one
R3		 2022-02-26 -
2022-05-27		 3 months crt.sh
online.bankofcyprus.com
Thawte EV RSA CA 2018		 2021-12-08 -
2023-01-08		 a year crt.sh

This page contains 1 frames:

Primary Page: https://online.cyprus-com.one/h/0708d/netteller-web-gr.php
Frame ID: 470D9954BF30983D80E8DB42F7B8011B
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Bank Of Cyprus - 1Bank

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

2
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

1750 kB
Transfer

2284 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request netteller-web-gr.php
online.cyprus-com.one/h/0708d/ 		2 MB
2 MB 		Document
General
Check archive.org
Download Go to
Full URL
https://online.cyprus-com.one/h/0708d/netteller-web-gr.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a01:111:f100:9001::1761:93a5 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
c643f21fd3a29f3a13d4dadab0220c019a9c2fc9e767ff471e6707a4a208b25e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9

Response headers

content-type
text/html; charset=UTF-8
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
x-powered-by-plesk
PleskWin
date
Tue, 01 Mar 2022 09:28:01 GMT
content-length
1669391
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/png
/
online.bankofcyprus.com/EKFoDc/ 		53 B
451 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://online.bankofcyprus.com/EKFoDc/?id=boc1&c=im&phg=C0lmxTzv22Ak
Requested by
Host: online.cyprus-com.one
URL: https://online.cyprus-com.one/h/0708d/netteller-web-gr.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
81.4.191.110 , Cyprus, ASN24655 (BOC-AS, CY),
Reverse DNS
cy1110.bankofcyprus.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=19353600

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://online.cyprus-com.one/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Tue, 01 Mar 2022 09:28:01 GMT
Vary
Accept-Encoding
Content-length
53
Strict-Transport-Security
max-age=19353600
Content-type
image/jpeg
truncated
/ 		70 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2eb411f44a5e427ff298e37cb225c255ab0e68d920348268606f2130da4481bb

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		30 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2431372a0aa89c31a7d26cd47fedd06412147d0070e3f1286693a1d69d53d3bc

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a986c26c40febdfac5074b57a925fe2d7b901e75b7bcad4a19a5cbe3987b51bf

Request headers

Referer
Origin
https://online.cyprus-com.one
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		65 KB
65 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

Request headers

Referer
Origin
https://online.cyprus-com.one
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/ 		5 KB
5 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f24646b393a31eb34a23f2fe2be1cb697864ca6832a8f35234a91cbf5683b92f

Request headers

Referer
Origin
https://online.cyprus-com.one
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		5 KB
5 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a60456fc2d5420ee800a1df14e27cd10795c4422e64c62fa964eb6094d4eaabc

Request headers

Referer
Origin
https://online.cyprus-com.one
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		5 KB
5 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6c46f1701d9aa3673bbcddb2adb107f4d0782a1f94fc33c38638441a19ff4b9b

Request headers

Referer
Origin
https://online.cyprus-com.one
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d6621200328c67a58e7f049fc077058611d49a8b0462acecdd1f25ef0b20a831

Request headers

Referer
Origin
https://online.cyprus-com.one
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
eccc582a306d1166abf3880b2bfcdb1ed98df81cce0ede7b8b7f85dd9d4ec6b2

Request headers

Referer
Origin
https://online.cyprus-com.one
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		6 KB
6 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
25a6495e7b5e321f5be6e651a33c2e80a22dc16ec16c5cf55a9c61ff3a8476c9

Request headers

Referer
Origin
https://online.cyprus-com.one
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		71 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bfb0c0db47569bb9a2dcad7df3dd1e13cac29186bec383ba4e34963b6fad3c2c

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		174 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1ecad3c6ed8fe92aebd659180b7b2caee565cecdab174b0e27ad0816db42c60f

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		191 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8e376d5adfd87a3411d45012408ef62dde17eedcc7a2ed9b06c8c1f038cdd930

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of Cyprus (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| structuredClone function| savepage_ShadowLoader boolean| bLauNCTx

0 Cookies