urlscan.io logo urlscan.io
SecurityTrails logo

banshee-stealer.com Open in urlscan Pro
195.133.13.96  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://banshee-stealer.com/login/
Effective URL: https://banshee-stealer.com/login/
Submission: On December 12 via manual from NL — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 6 HTTP transactions. The main IP is 195.133.13.96, located in Moscow, Russian Federation and belongs to MTFINANCE-AS MT FINANCE LLC, RU. The main domain is banshee-stealer.com.
TLS certificate: Issued by R10 on December 11th 2024. Valid for: 3 months.
This is the only time banshee-stealer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 5 195.133.13.96 214822 (MTFINANCE...)
1 151.101.65.229 54113 (FASTLY)
1 142.250.181.234 15169 (GOOGLE)
6 3
Apex Domain
Subdomains		 Transfer
5 banshee-stealer.com
banshee-stealer.com
193 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
1 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 318
151 KB
6 3
Domain Requested by
5 banshee-stealer.com 1 redirects banshee-stealer.com
1 fonts.googleapis.com banshee-stealer.com
1 cdn.jsdelivr.net banshee-stealer.com
6 3

This site contains no links.

Subject Issuer Validity Valid
banshee-stealer.com
R10		 2024-12-11 -
2025-03-11		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2024 Q3		 2024-07-30 -
2025-08-31		 a year crt.sh
upload.video.google.com
WR2		 2024-11-04 -
2025-01-27		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://banshee-stealer.com/login/
Frame ID: 58770F9C61175F81619B958788301CF5
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Document

Page URL History Show full URLs

  1. http://banshee-stealer.com/login/ HTTP 307
    https://banshee-stealer.com/login/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:powered by <a[^>]+>Django ?([\d.]+)?<\/a>|<input[^>]*name=["']csrfmiddlewaretoken["'][^>]*>)
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

6
Requests

83 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

345 kB
Transfer

3061 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://banshee-stealer.com/login/ HTTP 307
    https://banshee-stealer.com/login/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://banshee-stealer.com/favicon.ico HTTP 302
  • https://banshee-stealer.com/login/

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
banshee-stealer.com/login/
Redirect Chain
  • http://banshee-stealer.com/login/
  • https://banshee-stealer.com/login/
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://banshee-stealer.com/login/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
195.133.13.96 Moscow, Russian Federation, ASN214822 (MTFINANCE-AS MT FINANCE LLC, RU),
Reverse DNS
Software
nginx/1.27.3 /
Resource Hash
ba76f9fc2619968e2326c50b07c8c6250a327f3bb2e33f435ce3a31f373d1a23
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Connection
keep-alive
Content-Length
1641
Content-Type
text/html; charset=utf-8
Cross-Origin-Opener-Policy
same-origin
Date
Thu, 12 Dec 2024 20:28:45 GMT
Referrer-Policy
same-origin
Server
nginx/1.27.3
Vary
Cookie
X-Content-Type-Options
nosniff
X-Frame-Options
DENY

Redirect headers

Location
https://banshee-stealer.com/login/
Non-Authoritative-Reason
HttpsUpgrades
main.css
banshee-stealer.com/static/css/ 		12 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://banshee-stealer.com/static/css/main.css
Requested by
Host: banshee-stealer.com
URL: https://banshee-stealer.com/login/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
195.133.13.96 Moscow, Russian Federation, ASN214822 (MTFINANCE-AS MT FINANCE LLC, RU),
Reverse DNS
Software
nginx/1.27.3 /
Resource Hash
4c8a3ddd743c550c44514ffe4dafe9ffbda964bc90531e1ea71a652a11690dbe

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://banshee-stealer.com/login/

Response headers

ETag
"6759c081-316c"
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
12652
Date
Thu, 12 Dec 2024 20:28:45 GMT
Content-Type
text/css
Last-Modified
Wed, 11 Dec 2024 16:40:33 GMT
Server
nginx/1.27.3
tailwind.min.css
cdn.jsdelivr.net/npm/tailwindcss@2.2.19/dist/ 		3 MB
151 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/tailwindcss@2.2.19/dist/tailwind.min.css
Requested by
Host: banshee-stealer.com
URL: https://banshee-stealer.com/login/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.229 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b6ad97402eddb903e7a5d7a73ee47a679204efbdda4521a391cbad9df509b932
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"2cc503-cyTPK4s7rX9aC3Y3NNaHIxjV1fQ"
age
1436008
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Thu, 12 Dec 2024 20:28:45 GMT
content-type
text/css; charset=utf-8
x-served-by
cache-fra-eddf8230029-FRA, cache-ams2100114-AMS
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
154109
x-jsd-version
2.2.19
css2
fonts.googleapis.com/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Inter:ital,opsz,wght@0,14..32,100..900;1,14..32,100..900&display=swap
Requested by
Host: banshee-stealer.com
URL: https://banshee-stealer.com/static/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.234 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f10.1e100.net
Software
ESF /
Resource Hash
f090d8d164f2fc67945ebb12af1d676601f85beb10005e7402d49119f8b90c92
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Thu, 12 Dec 2024 20:28:45 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 12 Dec 2024 20:28:45 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Thu, 12 Dec 2024 19:58:06 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
background.jpg
banshee-stealer.com/static/img/ 		176 KB
176 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://banshee-stealer.com/static/img/background.jpg
Requested by
Host: banshee-stealer.com
URL: https://banshee-stealer.com/static/css/main.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
195.133.13.96 Moscow, Russian Federation, ASN214822 (MTFINANCE-AS MT FINANCE LLC, RU),
Reverse DNS
Software
nginx/1.27.3 /
Resource Hash
b4e56806a4278f14b9539018393ce3e78bd3b9dd77a3aad5f63eea04da31a5ca

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://banshee-stealer.com/static/css/main.css

Response headers

ETag
"6759c081-2bf26"
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
180006
Date
Thu, 12 Dec 2024 20:28:45 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 11 Dec 2024 16:40:33 GMT
Server
nginx/1.27.3
/
banshee-stealer.com/login/
Redirect Chain
  • https://banshee-stealer.com/favicon.ico
  • https://banshee-stealer.com/login/
2 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://banshee-stealer.com/login/
Protocol
HTTP/1.1
Server
195.133.13.96 Moscow, Russian Federation, ASN214822 (MTFINANCE-AS MT FINANCE LLC, RU),
Reverse DNS
Software
nginx/1.27.3 /
Resource Hash
a217f389841ecbc69e8c2aaf66faacf297e9bd45af1463e63c2e1233391c3b06
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://banshee-stealer.com/login/

Response headers

Cross-Origin-Opener-Policy
same-origin
Connection
keep-alive
X-Content-Type-Options
nosniff
Referrer-Policy
same-origin
Content-Length
1641
Date
Thu, 12 Dec 2024 20:28:45 GMT
Content-Type
text/html; charset=utf-8
Vary
Cookie
Server
nginx/1.27.3
X-Frame-Options
DENY

Redirect headers

Location
/login/
Cross-Origin-Opener-Policy
same-origin
Connection
keep-alive
X-Content-Type-Options
nosniff
Referrer-Policy
same-origin
Content-Length
0
Date
Thu, 12 Dec 2024 20:28:45 GMT
Content-Type
text/html; charset=utf-8
Vary
Cookie
Server
nginx/1.27.3
X-Frame-Options
DENY

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Domain/Path Name / Value
banshee-stealer.com/ Name: csrftoken
Value: gXHQdGOgz3mpHGDPmkw11CQI79xBH3Qt

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://banshee-stealer.com/login/
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options DENY