www.byfeyma.com Open in urlscan Pro
81.169.167.214 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://bit.ly/1BNK-Cyprus
Effective URL:
https://www.byfeyma.com/wp-admin/css/-/boc/index.php
Submission: On July 24 via manual (July 24th 2021, 11:13:01 am UTC) from CY

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 15 HTTP transactions. The main IP is 81.169.167.214, located in Germany and belongs to STRATO STRATO AG, DE. The main domain is www.byfeyma.com.
TLS certificate: Issued by R3 on July 20th 2021. Valid for: 3 months.

This is the only time www.byfeyma.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of Cyprus (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.199.248.11 67.199.248.11	396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD)
10	81.169.167.214 81.169.167.214	6724 (STRATO ST...) (STRATO STRATO AG)
2	81.4.191.110 81.4.191.110	24655 (BOC-AS) (BOC-AS)
3	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
15	4

1 67.199.248.11 (United States) 1 redirects

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 81.169.167.214 (Germany)

ASN6724 (STRATO STRATO AG, DE)
PTR: byfeyma.com

www.byfeyma.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 81.4.191.110 (Nicosia, Cyprus)

ASN24655 (BOC-AS, CY)
PTR: cy1110.bankofcyprus.com

online.bankofcyprus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	byfeyma.com www.byfeyma.com	130 KB
3	gstatic.com fonts.gstatic.com	47 KB
2	bankofcyprus.com online.bankofcyprus.com	31 KB
1	bit.ly 1 redirects bit.ly	270 B
15	4

	Domain	Requested by
10	www.byfeyma.com	www.byfeyma.com
3	fonts.gstatic.com	www.byfeyma.com
2	online.bankofcyprus.com	www.byfeyma.com
1	bit.ly	1 redirects
15	4

This site contains no links.

Subject Issuer	Validity	Valid
byfeyma.com R3	`2021-07-20` - `2021-10-18`	3 months	crt.sh
online.bankofcyprus.com Thawte EV RSA CA 2018	`2020-12-02` - `2022-01-01`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.byfeyma.com/wp-admin/css/-/boc/index.php
Frame ID: 96EC6456A539054A56D352FD03BE1CD2
Requests: 15 HTTP requests in this frame

Frame: https://www.byfeyma.com/wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/nFnN1TlBM3ZiqLQFa06U.html
Frame ID: EA8EF2C4527535799A7E0255FA278ECB
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://bit.ly/1BNK-Cyprus HTTP 301
https://www.byfeyma.com/wp-admin/css/-/boc/index.php Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Page Statistics

15
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

208 kB
Transfer

428 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://bit.ly/1BNK-Cyprus HTTP 301
https://www.byfeyma.com/wp-admin/css/-/boc/index.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request index.php Show response
www.byfeyma.com/wp-admin/css/-/boc/
Redirect Chain

https://bit.ly/1BNK-Cyprus
https://www.byfeyma.com/wp-admin/css/-/boc/index.php

10 KB
3 KB

206ms
65ms

Document
text/html

81.169.167.214
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL

https://www.byfeyma.com/wp-admin/css/-/boc/index.php

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

81.169.167.214 , Germany, ASN6724 (STRATO STRATO AG, DE),

Reverse DNS

byfeyma.com

Software

nginx / PHP/7.2.34 PleskLin

Resource Hash

afeb5cfe286828d3b33a22b35cd2d865eeea271adf9c379c68cdb2f9eebe88f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

:method: GET
:authority: www.byfeyma.com
:scheme: https
:path: /wp-admin/css/-/boc/index.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server: nginx
date: Sat, 24 Jul 2021 11:12:43 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.2.34 PleskLin
x-cache-status: BYPASS
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br

Redirect headers

server: nginx
date: Sat, 24 Jul 2021 11:12:42 GMT
content-type: text/html; charset=utf-8
content-length: 139
cache-control: private, max-age=90
content-security-policy: referrer always;
location: https://www.byfeyma.com/wp-admin/css/-/boc/index.php
referrer-policy: unsafe-url
set-cookie: _bit=l6obcG-8102d37ff8a13be314-00z; Domain=bit.ly; Expires=Thu, 20 Jan 2022 11:12:42 GMT
via: 1.1 google
alt-svc: clear

GET
H2 200 RlIVZZZPJpEM5dN.css
www.byfeyma.com/wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/ 166 B
299 B 63ms
62ms Stylesheet
text/css 81.169.167.214
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL

https://www.byfeyma.com/wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/RlIVZZZPJpEM5dN.css

Requested by

Host: www.byfeyma.com
URL: https://www.byfeyma.com/wp-admin/css/-/boc/index.php

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

81.169.167.214 , Germany, ASN6724 (STRATO STRATO AG, DE),

Reverse DNS

byfeyma.com

Software

nginx / PleskLin

Resource Hash

2de673f2d2e5efeb272c71fff3f2df30f06d297a462009e02b0dd0916c3b61e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

:path: /wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/RlIVZZZPJpEM5dN.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.byfeyma.com
referer: https://www.byfeyma.com/wp-admin/css/-/boc/index.php
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.byfeyma.com/wp-admin/css/-/boc/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 11:12:43 GMT
content-encoding: br
vary: Accept-Encoding
last-modified: Sun, 30 May 2021 22:07:48 GMT
server: nginx
x-powered-by: PleskLin
etag: W/"60b40cb4-a6"
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/css

GET
H2 200 skinning.ecss.faces
www.byfeyma.com/wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/ 2 KB
3 KB 190ms
188ms Stylesheet
text/plain 81.169.167.214
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL

https://www.byfeyma.com/wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/skinning.ecss.faces

Requested by

Host: www.byfeyma.com
URL: https://www.byfeyma.com/wp-admin/css/-/boc/index.php

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

81.169.167.214 , Germany, ASN6724 (STRATO STRATO AG, DE),

Reverse DNS

byfeyma.com

Software

nginx / PleskLin

Resource Hash

345888042448c4f1b1801c015ee867b506fc95d9f1c7ce63d3e540ced554ba61

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

:path: /wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/skinning.ecss.faces
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.byfeyma.com
referer: https://www.byfeyma.com/wp-admin/css/-/boc/index.php
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.byfeyma.com/wp-admin/css/-/boc/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 11:12:43 GMT
last-modified: Sun, 30 May 2021 22:07:48 GMT
server: nginx
x-powered-by: PleskLin
etag: "945-5c39356d59500"
x-cache-status: BYPASS
strict-transport-security: max-age=15768000; includeSubDomains
accept-ranges: bytes
content-length: 2373

GET
H2 200 navajo-responsive.css
www.byfeyma.com/wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/ 227 KB
39 KB 119ms
117ms Stylesheet
text/css 81.169.167.214
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL

https://www.byfeyma.com/wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/navajo-responsive.css

Requested by

Host: www.byfeyma.com
URL: https://www.byfeyma.com/wp-admin/css/-/boc/index.php

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

81.169.167.214 , Germany, ASN6724 (STRATO STRATO AG, DE),

Reverse DNS

byfeyma.com

Software

nginx / PleskLin

Resource Hash

2a0973cd8fc200b1e13a821a30e3042a7834c5c4fcf26fea54152cf7f9d69ded

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

:path: /wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/navajo-responsive.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.byfeyma.com
referer: https://www.byfeyma.com/wp-admin/css/-/boc/index.php
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.byfeyma.com/wp-admin/css/-/boc/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 11:12:43 GMT
content-encoding: br
vary: Accept-Encoding
last-modified: Sun, 30 May 2021 22:56:10 GMT
server: nginx
x-powered-by: PleskLin
etag: W/"60b4180a-38cf3"
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/css

GET
H2 200 navajo-layout.css
www.byfeyma.com/wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/ 411 B
417 B 136ms
134ms Stylesheet
text/css 81.169.167.214
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL

https://www.byfeyma.com/wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/navajo-layout.css

Requested by

Host: www.byfeyma.com
URL: https://www.byfeyma.com/wp-admin/css/-/boc/index.php

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

81.169.167.214 , Germany, ASN6724 (STRATO STRATO AG, DE),

Reverse DNS

byfeyma.com

Software

nginx / PleskLin

Resource Hash

6aef9bd67386bdd6d4ed375ae564848cf8ccdb037618d46e9df2397021ba9add

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

:path: /wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/navajo-layout.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.byfeyma.com
referer: https://www.byfeyma.com/wp-admin/css/-/boc/index.php
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.byfeyma.com/wp-admin/css/-/boc/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 11:12:43 GMT
content-encoding: br
vary: Accept-Encoding
last-modified: Sun, 30 May 2021 22:07:50 GMT
server: nginx
x-powered-by: PleskLin
etag: W/"60b40cb6-19b"
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/css

GET
H2 200 font-awesome.css
www.byfeyma.com/wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/ 33 KB
6 KB 141ms
140ms Stylesheet
text/css 81.169.167.214
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL

https://www.byfeyma.com/wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/font-awesome.css

Requested by

Host: www.byfeyma.com
URL: https://www.byfeyma.com/wp-admin/css/-/boc/index.php

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

81.169.167.214 , Germany, ASN6724 (STRATO STRATO AG, DE),

Reverse DNS

byfeyma.com

Software

nginx / PleskLin

Resource Hash

433d4c8eb83f6fd3e06782a30dc516e3c373ec4dea2cc35af6a2bebd5b62dcfe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

:path: /wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/font-awesome.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.byfeyma.com
referer: https://www.byfeyma.com/wp-admin/css/-/boc/index.php
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.byfeyma.com/wp-admin/css/-/boc/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 11:12:43 GMT
content-encoding: br
vary: Accept-Encoding
last-modified: Sun, 30 May 2021 22:07:50 GMT
server: nginx
x-powered-by: PleskLin
etag: W/"60b40cb6-83c5"
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/css

GET
H2 200 css
www.byfeyma.com/wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/ 12 KB
12 KB 189ms
188ms Stylesheet
text/plain 81.169.167.214
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL

https://www.byfeyma.com/wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/css

Requested by

Host: www.byfeyma.com
URL: https://www.byfeyma.com/wp-admin/css/-/boc/index.php

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

81.169.167.214 , Germany, ASN6724 (STRATO STRATO AG, DE),

Reverse DNS

byfeyma.com

Software

nginx / PleskLin

Resource Hash

bb068bbb53fec6a4baa5b19f23d603fba94b938f242a5baa129d6af68de2df40

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

:path: /wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.byfeyma.com
referer: https://www.byfeyma.com/wp-admin/css/-/boc/index.php
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.byfeyma.com/wp-admin/css/-/boc/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 11:12:43 GMT
last-modified: Sun, 30 May 2021 22:07:50 GMT
server: nginx
x-powered-by: PleskLin
etag: "2f26-5c39356f41980"
x-cache-status: BYPASS
strict-transport-security: max-age=15768000; includeSubDomains
accept-ranges: bytes
content-length: 12070

GET
H2 200 loginSmallBanner-en.jpg
www.byfeyma.com/wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/ 67 KB
67 KB 158ms
157ms Image
image/jpeg 81.169.167.214
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.byfeyma.com/wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/loginSmallBanner-en.jpg

Requested by

Host: www.byfeyma.com
URL: https://www.byfeyma.com/wp-admin/css/-/boc/index.php

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

81.169.167.214 , Germany, ASN6724 (STRATO STRATO AG, DE),

Reverse DNS

byfeyma.com

Software

nginx / PleskLin

Resource Hash

5f18709e59f9ce79e82636e952f14a6494aeaf481295006b6769d781236292cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

:path: /wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/loginSmallBanner-en.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.byfeyma.com
referer: https://www.byfeyma.com/wp-admin/css/-/boc/index.php
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.byfeyma.com/wp-admin/css/-/boc/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 11:12:43 GMT
last-modified: Sun, 30 May 2021 22:07:50 GMT
server: nginx
x-powered-by: PleskLin
etag: "60b40cb6-10a6a"
strict-transport-security: max-age=15768000; includeSubDomains
content-type: image/jpeg
accept-ranges: bytes
content-length: 68202

GET
H2 200 jHnKmVhR9u9G.gif
www.byfeyma.com/wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/ 43 B
226 B 188ms
187ms Image
image/gif 81.169.167.214
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.byfeyma.com/wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/jHnKmVhR9u9G.gif

Requested by

Host: www.byfeyma.com
URL: https://www.byfeyma.com/wp-admin/css/-/boc/index.php

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

81.169.167.214 , Germany, ASN6724 (STRATO STRATO AG, DE),

Reverse DNS

byfeyma.com

Software

nginx / PleskLin

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

:path: /wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/jHnKmVhR9u9G.gif
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.byfeyma.com
referer: https://www.byfeyma.com/wp-admin/css/-/boc/index.php
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.byfeyma.com/wp-admin/css/-/boc/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 11:12:43 GMT
last-modified: Sun, 30 May 2021 22:07:50 GMT
server: nginx
x-powered-by: PleskLin
etag: "60b40cb6-2b"
strict-transport-security: max-age=15768000; includeSubDomains
content-type: image/gif
accept-ranges: bytes
content-length: 43

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK /
online.bankofcyprus.com/EKFoDc/ 53 B
451 B 705ms
138ms Image
image/jpeg 81.4.191.110
BOC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.bankofcyprus.com/EKFoDc/?id=boc1&c=im&phg=wdehZ58HN7Km

Requested by

Host: www.byfeyma.com
URL: https://www.byfeyma.com/wp-admin/css/-/boc/index.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

81.4.191.110 Nicosia, Cyprus, ASN24655 (BOC-AS, CY),

Reverse DNS

cy1110.bankofcyprus.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=19353600

Request headers

Referer: https://www.byfeyma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 24 Jul 2021 11:12:43 GMT
Vary: Accept-Encoding
Content-length: 53
Strict-Transport-Security: max-age=19353600
Content-type: image/jpeg

GET
H2 200 nFnN1TlBM3ZiqLQFa06U.html Show response
www.byfeyma.com/wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/ Frame EA8E 211 B
320 B 62ms
62ms Document
text/html 81.169.167.214
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL

https://www.byfeyma.com/wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/nFnN1TlBM3ZiqLQFa06U.html

Requested by

Host: www.byfeyma.com
URL: https://www.byfeyma.com/wp-admin/css/-/boc/index.php

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

81.169.167.214 , Germany, ASN6724 (STRATO STRATO AG, DE),

Reverse DNS

byfeyma.com

Software

nginx / PleskLin

Resource Hash

6e73875aa7e3a5a4ecee81775dd39ceff5da17707b5b71a570cd85ac1ed94475

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

:method: GET
:authority: www.byfeyma.com
:scheme: https
:path: /wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/nFnN1TlBM3ZiqLQFa06U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.byfeyma.com/wp-admin/css/-/boc/index.php
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.byfeyma.com/wp-admin/css/-/boc/index.php

Response headers

server: nginx
date: Sat, 24 Jul 2021 11:12:43 GMT
content-type: text/html
last-modified: Sun, 30 May 2021 22:07:50 GMT
vary: Accept-Encoding
etag: W/"60b40cb6-d3"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br

GET
H/1.1 200
OK desktop.jpg
online.bankofcyprus.com/netteller-web/resources/images/Logo/ 30 KB
31 KB 607ms
240ms Image
image/jpeg 81.4.191.110
BOC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.bankofcyprus.com/netteller-web/resources/images/Logo/desktop.jpg

Requested by

Host: www.byfeyma.com
URL: https://www.byfeyma.com/wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/navajo-responsive.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

81.4.191.110 Nicosia, Cyprus, ASN24655 (BOC-AS, CY),

Reverse DNS

cy1110.bankofcyprus.com

Software

Resource Hash

2431372a0aa89c31a7d26cd47fedd06412147d0070e3f1286693a1d69d53d3bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=19353600

Request headers

Referer: https://www.byfeyma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 24 Jul 2021 11:12:43 GMT
Last-Modified: Fri, 14 Jun 2019 11:15:46 GMT
Accept-Ranges: bytes
ETag: W/"30903-1560510946000"
Content-Length: 30903
Strict-Transport-Security: max-age=19353600
Content-Type: image/jpeg

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.byfeyma.com
URL: https://www.byfeyma.com/wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.byfeyma.com
Referer: https://www.byfeyma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Jul 2021 18:26:24 GMT
x-content-type-options: nosniff
age: 405979
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Jul 2022 18:26:24 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 16 KB
16 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.byfeyma.com
URL: https://www.byfeyma.com/wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.byfeyma.com
Referer: https://www.byfeyma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Jul 2021 17:17:27 GMT
x-content-type-options: nosniff
age: 323716
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Jul 2022 17:17:27 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: www.byfeyma.com
URL: https://www.byfeyma.com/wp-admin/css/-/boc/Bank%20Of%20Cyprus%20-%201Bank_files/css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.byfeyma.com
Referer: https://www.byfeyma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Jul 2021 12:00:01 GMT
x-content-type-options: nosniff
age: 342762
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Jul 2022 12:00:01 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of Cyprus (Banking)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bit.ly
fonts.gstatic.com
online.bankofcyprus.com
www.byfeyma.com
2a00:1450:4001:812::2003
67.199.248.11
81.169.167.214
81.4.191.110
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
2431372a0aa89c31a7d26cd47fedd06412147d0070e3f1286693a1d69d53d3bc
2a0973cd8fc200b1e13a821a30e3042a7834c5c4fcf26fea54152cf7f9d69ded
2de673f2d2e5efeb272c71fff3f2df30f06d297a462009e02b0dd0916c3b61e6
345888042448c4f1b1801c015ee867b506fc95d9f1c7ce63d3e540ced554ba61
433d4c8eb83f6fd3e06782a30dc516e3c373ec4dea2cc35af6a2bebd5b62dcfe
5f18709e59f9ce79e82636e952f14a6494aeaf481295006b6769d781236292cc
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
6aef9bd67386bdd6d4ed375ae564848cf8ccdb037618d46e9df2397021ba9add
6e73875aa7e3a5a4ecee81775dd39ceff5da17707b5b71a570cd85ac1ed94475
afeb5cfe286828d3b33a22b35cd2d865eeea271adf9c379c68cdb2f9eebe88f5
bb068bbb53fec6a4baa5b19f23d603fba94b938f242a5baa129d6af68de2df40
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

www.byfeyma.com Open in urlscan Pro 81.169.167.214 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

208 kBTransfer

428 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

www.byfeyma.com Open in urlscan Pro
81.169.167.214 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

208 kB
Transfer

428 kB
Size

0
Cookies

15 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!