winbank.xyz
Open in
urlscan Pro
104.21.78.85
Malicious Activity!
Public Scan
Submission: On May 10 via manual from AE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 27th 2020. Valid for: a year.
This is the only time winbank.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Piraeus Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
18 | 104.21.78.85 104.21.78.85 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
19 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
winbank.xyz
winbank.xyz |
414 KB |
19 | 1 |
Domain | Requested by | |
---|---|---|
18 | winbank.xyz |
winbank.xyz
|
19 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.piraeusbank.gr |
www.winbank.gr |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-11-27 - 2021-11-26 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://winbank.xyz/el/SiteAssets/LandingPage/index.html
Frame ID: B4B9A8E926318017F8F187D4FFB93CF8
Requests: 20 HTTP requests in this frame
Screenshot
Detected technologies
Microsoft SharePoint (CMS) ExpandCloudFlare (CDN) Expand
Detected patterns
- headers server /^cloudflare$/i
Modernizr (JavaScript Libraries) Expand
Detected patterns
- script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: ΣΥΝΔΕΘΕΙΤΕ
Search URL Search Domain Scan URL
Title: ΣΥΝΔΕΘΕΙΤΕ
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.html
winbank.xyz/el/SiteAssets/LandingPage/ |
63 KB 19 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
h4twxBG4kXOWDCl.css
winbank.xyz/ |
152 B 648 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
fonts.css
winbank.xyz/el/SiteAssets/LandingPage/stylesheets/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
screen_c.css
winbank.xyz/el/SiteAssets/LandingPage/stylesheets/ |
27 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
jquery-1.9.1.min.js
winbank.xyz/el/SiteAssets/LandingPage/Js/ |
90 KB 32 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
modernizr.js
winbank.xyz/el/SiteAssets/LandingPage/Js/ |
19 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
detect.min.js
winbank.xyz/el/SiteAssets/LandingPage/Js/ |
25 KB 8 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
common_c.js
winbank.xyz/el/SiteAssets/LandingPage/Js/ |
7 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
656c2f736974656173736574732f6c616e64696e67706167652f696e6465782e68746d6c.js
winbank.xyz/UPeKSnkrEJ/ |
32 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
089ebc0aa2ab180097b54b73ada54a1031d12db1bc6844ab100b727c42f019e6.js
winbank.xyz/Wyp0PdSZi/ |
718 KB 202 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
winbank.svg
winbank.xyz/el/SiteAssets/LandingPage/media/ |
638 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
piraeus.svg
winbank.xyz/el/SiteAssets/LandingPage/media/ |
7 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
idiwtis.svg
winbank.xyz/el/SiteAssets/LandingPage/media/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
epixeirisi.svg
winbank.xyz/el/SiteAssets/LandingPage/media/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
email-decode.min.js
winbank.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
68 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
roboto-regular-webfont.woff
winbank.xyz/el/SiteAssets/LandingPage/stylesheets/fonts/ |
50 KB 51 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
roboto-medium-webfont.woff
winbank.xyz/el/SiteAssets/LandingPage/stylesheets/fonts/ |
51 KB 52 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
icomoon.woff
winbank.xyz/el/SiteAssets/LandingPage/stylesheets/fonts/ |
10 KB 7 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
winbank.xyz/NQGgiV8/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- winbank.xyz
- URL
- https://winbank.xyz/NQGgiV8/?m=040ef8927a1d1fcfc0872c4b448635ecb3dbd83c7ffd599c775c1c7b4dbf491839ddc5324b349e8498474a637c66aa052e7ebd629af11872e4b7ae60b3147fb0c0dadb02a2968dfda81334b10abc12de4f12bf206f8c7955bf4568d365c40aa10e2952bc4d3bb20e75ab730209d8c64e365a1672b921be42e23f7c785fef3cea495a0ccdb71dad2561bc2199fbc401d268c7ffcda663a4e8673e6bd992
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Piraeus Bank (Banking)36 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| html5 object| Modernizr function| yepnope function| forEach function| detect function| browserDetect undefined| tooltip undefined| openTooltip undefined| topSpace undefined| btmSpace undefined| leftSpace undefined| rightSpace function| openTooltipFunc function| closeTooltipFunc function| resizeEvents object| EventHandler undefined| ie9rgb4 boolean| LQDS string| anti_fraud object| Jo boolean| ctyy boolean| bLauNCTx boolean| Tpimob7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
winbank.xyz/ | Name: zukUT9V Value: 082d447401101000fa42ddbd1a2fc7514d2a6a4505671173 |
|
winbank.xyz/ | Name: Ob7qVU Value: 082d4474010210000467909b6c1c8ea349612ca9fcc93896 |
|
winbank.xyz/ | Name: 9PPYgd Value: 082d4474010628006f90c2d8951ce79da7eee91e3756c4ab88af4c99eee97225212790c3b4eba2e1c4eb5ed115eefaaa |
|
winbank.xyz/ | Name: ohiwboKY Value: 082d4474010a1000194408cb8ecc4c23ae47b3158eaab026 |
|
winbank.xyz/ | Name: ycKHw Value: 089ebc0aa2ab28006556e8b5b3346bc862388eda9a076f8ec41631834500166e6d7255f0170b3f3805f88adeace2475a |
|
winbank.xyz/ | Name: TVKPbG Value: 082d4474010d18002cf4ad7df75f06922394299909a6ae0a3c14b7bae3fefafb |
|
.winbank.xyz/ | Name: __cfduid Value: df8658ff0272c89a86fdfe342c3518f811620633231 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
winbank.xyz
winbank.xyz
104.21.78.85
062d298a8ca55be3a01a478470129ebbbc6d91109c523431112437df499ce7db
0c929234dad6cdf0650c1073cc2435c410cf7eff99c42c422d030573a40ac64c
1323a2be43c596500d70728103a4c34889c55fa0de9df4d8344d6bec76c94294
170a84ba8cffefb81cd9964bcb646a67eee09faae57afc08cd42689dc15e71e8
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2d8af581ddaf7fa4f04685764cdf771b91b3138085e886f34ab9247245cbe65a
3ede2d61879f25bc5feca5982568faf0102b7d2c95f833778eb96d5de9858c13
47c82237b0b827ee39d1dfd547ac76aaddfd438a39a0e07e4b6a35ec88e97d88
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
6a5eaf36e8244f2b8d6739707f517fa7e74718adf1b9072c5149d958c1c64207
7ae26261437bdfeecdb837b226c67051c77e2711a5d38c866c6bdcf1612701ce
865a607d693402aaabc56542fe0e949cc6ec29f20dfe569a5613a5b4fa560175
967512e798b9fabe9d02c699139c6de1c494afb583eac342ba50685838139348
a13b3c1cdce1da0a2e25782eff7f003b5357d8b50f9e012c1d5ec3041264ec5b
a26201ba6964e3ae8e0b1572ff108ad5be19badcb75fb1fa890d590d4bf5196e
b3b0d273dd553d93158bedf1336f7507d909abf4f555fe27e7302f74c85da770
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c6c04b8008861f1368000f9642c5173e0e688fafeba7b6bca35415d54f7721ac
c70c9d1165e15797994a31c38f4be9c6d7be5c369a34c6046a89df65132f6ef6