urlscan.io logo urlscan.io
SecurityTrails logo

bank-id45876.su Open in urlscan Pro
80.85.141.204  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://bank-id45876.su/
Effective URL: https://bank-id45876.su/login.php?online_id=3e2ad53665fd445ce0c6ca953login_id=79fd80473e877614e87cc72f96297f8e79fd80473e...
Submission: On April 14 via api from DK — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 80.85.141.204, located in Netherlands and belongs to ON-LINE-DATA Server location - Netherlands, Dronten, NL. The main domain is bank-id45876.su.
TLS certificate: Issued by bank-id45876.su on April 14th 2023. Valid for: a year.
This is the only time bank-id45876.su was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Regions Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
2 11 80.85.141.204 204601 (ON-LINE-D...)
9 1
Apex Domain
Subdomains		 Transfer
11 bank-id45876.su
bank-id45876.su
402 KB
9 1
Domain Requested by
11 bank-id45876.su 2 redirects bank-id45876.su
9 1

This site contains no links.

Subject Issuer Validity Valid
bank-id45876.su
bank-id45876.su		 2023-04-14 -
2024-04-13		 a year crt.sh

This page contains 1 frames:

Primary Page: https://bank-id45876.su/login.php?online_id=3e2ad53665fd445ce0c6ca953login_id=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e&session=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e
Frame ID: B311F867634DCE93C4074D908B89124D
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Regions Online Banking | Regions

Page URL History Show full URLs

  1. http://bank-id45876.su/ HTTP 301
    https://bank-id45876.su/ HTTP 302
    https://bank-id45876.su/login.php?online_id=3e2ad53665fd445ce0c6ca953login_id=79fd80473e877614e87cc7... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

9
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

402 kB
Transfer

400 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://bank-id45876.su/ HTTP 301
    https://bank-id45876.su/ HTTP 302
    https://bank-id45876.su/login.php?online_id=3e2ad53665fd445ce0c6ca953login_id=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e&session=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.php
bank-id45876.su/
Redirect Chain
  • http://bank-id45876.su/
  • https://bank-id45876.su/
  • https://bank-id45876.su/login.php?online_id=3e2ad53665fd445ce0c6ca953login_id=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e&session=79fd80473e877614e87cc72f96297f8e79fd80473e8776...
4 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bank-id45876.su/login.php?online_id=3e2ad53665fd445ce0c6ca953login_id=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e&session=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.85.141.204 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),
Reverse DNS
darkhost.pro
Software
nginx/1.20.2 / PHP/5.4.16
Resource Hash
3425d22ca008ec556116af7897aaa762afd9e873309cd5d3b0d5504742783aee

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15
accept-language
nl-NL,nl;q=0.9

Response headers

Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Fri, 14 Apr 2023 09:35:37 GMT
Server
nginx/1.20.2
Transfer-Encoding
chunked
X-Powered-By
PHP/5.4.16

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
keep-alive
Content-Type
text/html
Date
Fri, 14 Apr 2023 09:35:36 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Location
login.php?online_id=3e2ad53665fd445ce0c6ca953login_id=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e&session=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e
Pragma
no-cache
Server
nginx/1.20.2
Transfer-Encoding
chunked
X-Powered-By
PHP/5.4.16
com-regions.css
bank-id45876.su/File/ 		369 KB
369 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bank-id45876.su/File/com-regions.css
Requested by
Host: bank-id45876.su
URL: https://bank-id45876.su/login.php?online_id=3e2ad53665fd445ce0c6ca953login_id=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e&session=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.85.141.204 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),
Reverse DNS
darkhost.pro
Software
nginx/1.20.2 /
Resource Hash
7c60e9115caafe4f38d41e3ea064cd4941f1389514910c0b6f4f0607f51cdcb1

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://bank-id45876.su/login.php?online_id=3e2ad53665fd445ce0c6ca953login_id=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e&session=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15

Response headers

Date
Fri, 14 Apr 2023 09:35:37 GMT
Last-Modified
Fri, 14 Apr 2023 09:05:41 GMT
Server
nginx/1.20.2
ETag
"64391765-5c2de"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
377566
olbAuth.min.css
bank-id45876.su/File/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bank-id45876.su/File/olbAuth.min.css
Requested by
Host: bank-id45876.su
URL: https://bank-id45876.su/login.php?online_id=3e2ad53665fd445ce0c6ca953login_id=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e&session=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.85.141.204 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),
Reverse DNS
darkhost.pro
Software
nginx/1.20.2 /
Resource Hash
9d782980884a0c3a5631f5534c0a957d08d714097a24de9b7fed6b108406d75c

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://bank-id45876.su/login.php?online_id=3e2ad53665fd445ce0c6ca953login_id=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e&session=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15

Response headers

Date
Fri, 14 Apr 2023 09:35:37 GMT
Last-Modified
Fri, 14 Apr 2023 09:05:41 GMT
Server
nginx/1.20.2
ETag
"64391765-8b6"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2230
regions-logo-no-r.svg
bank-id45876.su/File/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bank-id45876.su/File/regions-logo-no-r.svg
Requested by
Host: bank-id45876.su
URL: https://bank-id45876.su/login.php?online_id=3e2ad53665fd445ce0c6ca953login_id=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e&session=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.85.141.204 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),
Reverse DNS
darkhost.pro
Software
nginx/1.20.2 /
Resource Hash
912f72af9fe61099bc2452960df7b72ee662d5c3e6188ab246767de1fe367913

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://bank-id45876.su/login.php?online_id=3e2ad53665fd445ce0c6ca953login_id=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e&session=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15

Response headers

Date
Fri, 14 Apr 2023 09:35:37 GMT
Last-Modified
Fri, 14 Apr 2023 09:05:41 GMT
Server
nginx/1.20.2
ETag
"64391765-15fb"
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5627
Common.css
bank-id45876.su/File/ 		10 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bank-id45876.su/File/Common.css
Requested by
Host: bank-id45876.su
URL: https://bank-id45876.su/login.php?online_id=3e2ad53665fd445ce0c6ca953login_id=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e&session=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.85.141.204 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),
Reverse DNS
darkhost.pro
Software
nginx/1.20.2 /
Resource Hash
8449bf268c34f4d4669aa4634f340155a7f12df756afd8b6546692dd70a0dec5

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://bank-id45876.su/login.php?online_id=3e2ad53665fd445ce0c6ca953login_id=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e&session=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15

Response headers

Date
Fri, 14 Apr 2023 09:35:37 GMT
Last-Modified
Fri, 14 Apr 2023 09:05:41 GMT
Server
nginx/1.20.2
ETag
"64391765-27aa"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
10154
equal-housing-lender.svg
bank-id45876.su/File/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bank-id45876.su/File/equal-housing-lender.svg
Requested by
Host: bank-id45876.su
URL: https://bank-id45876.su/login.php?online_id=3e2ad53665fd445ce0c6ca953login_id=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e&session=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.85.141.204 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),
Reverse DNS
darkhost.pro
Software
nginx/1.20.2 /
Resource Hash
e4bc94279e093f25720c2867e7a08dbfaaa140636f11eab5ac4e204a93a3751e

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://bank-id45876.su/login.php?online_id=3e2ad53665fd445ce0c6ca953login_id=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e&session=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15

Response headers

Date
Fri, 14 Apr 2023 09:35:37 GMT
Last-Modified
Fri, 14 Apr 2023 09:05:41 GMT
Server
nginx/1.20.2
ETag
"64391765-ece"
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3790
member-fdic.svg
bank-id45876.su/File/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bank-id45876.su/File/member-fdic.svg
Requested by
Host: bank-id45876.su
URL: https://bank-id45876.su/login.php?online_id=3e2ad53665fd445ce0c6ca953login_id=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e&session=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.85.141.204 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),
Reverse DNS
darkhost.pro
Software
nginx/1.20.2 /
Resource Hash
8b69a3707a2ef4a748dd6c9923a1fa17d1ed5d32eee6e60240540217cf30b324

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://bank-id45876.su/login.php?online_id=3e2ad53665fd445ce0c6ca953login_id=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e&session=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15

Response headers

Date
Fri, 14 Apr 2023 09:35:37 GMT
Last-Modified
Fri, 14 Apr 2023 09:05:41 GMT
Server
nginx/1.20.2
ETag
"64391765-1771"
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6001
source-sans-pro-700-webfont.woff
bank-id45876.su/File/fonts/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://bank-id45876.su/File/fonts/source-sans-pro-700-webfont.woff
Requested by
Host: bank-id45876.su
URL: https://bank-id45876.su/File/com-regions.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.85.141.204 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),
Reverse DNS
darkhost.pro
Software
nginx/1.20.2 /
Resource Hash

Request headers

Referer
https://bank-id45876.su/File/com-regions.css
Origin
https://bank-id45876.su
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15

Response headers

Date
Fri, 14 Apr 2023 09:35:37 GMT
Server
nginx/1.20.2
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
source-sans-pro-regular-webfont.woff
bank-id45876.su/File/fonts/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://bank-id45876.su/File/fonts/source-sans-pro-regular-webfont.woff
Requested by
Host: bank-id45876.su
URL: https://bank-id45876.su/File/com-regions.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.85.141.204 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),
Reverse DNS
darkhost.pro
Software
nginx/1.20.2 /
Resource Hash

Request headers

Referer
https://bank-id45876.su/File/com-regions.css
Origin
https://bank-id45876.su
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15

Response headers

Date
Fri, 14 Apr 2023 09:35:37 GMT
Server
nginx/1.20.2
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Regions Bank (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

1 Cookies

Domain/Path Name / Value
bank-id45876.su/ Name: PHPSESSID
Value: b08tbanae4gjau9ptfrp29r631

2 Console Messages

Source Level URL
Text
network error URL: https://bank-id45876.su/File/fonts/source-sans-pro-700-webfont.woff
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://bank-id45876.su/File/fonts/source-sans-pro-regular-webfont.woff
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)