![](/screenshots/6a1b59c8-9464-4c2c-874e-2c0d45b1ed1b.png)
bank-id45876.su
Open in
urlscan Pro
80.85.141.204
Malicious Activity!
Public Scan
Effective URL: https://bank-id45876.su/login.php?online_id=3e2ad53665fd445ce0c6ca953login_id=79fd80473e877614e87cc72f96297f8e79fd80473e...
Submission: On April 14 via api from DK — Scanned from NL
Summary
TLS certificate: Issued by bank-id45876.su on April 14th 2023. Valid for: a year.
This is the only time bank-id45876.su was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Regions Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 11 | 80.85.141.204 80.85.141.204 | 204601 (ON-LINE-D...) (ON-LINE-DATA Server location - Netherlands) | |
9 | 1 |
ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL)
PTR: darkhost.pro
bank-id45876.su |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
bank-id45876.su
2 redirects
bank-id45876.su |
402 KB |
9 | 1 |
Domain | Requested by | |
---|---|---|
11 | bank-id45876.su |
2 redirects
bank-id45876.su
|
9 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
bank-id45876.su bank-id45876.su |
2023-04-14 - 2024-04-13 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://bank-id45876.su/login.php?online_id=3e2ad53665fd445ce0c6ca953login_id=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e&session=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e
Frame ID: B311F867634DCE93C4074D908B89124D
Requests: 9 HTTP requests in this frame
Screenshot
![](/screenshots/6a1b59c8-9464-4c2c-874e-2c0d45b1ed1b.png)
Page Title
Regions Online Banking | RegionsPage URL History Show full URLs
-
http://bank-id45876.su/
HTTP 301
https://bank-id45876.su/ HTTP 302
https://bank-id45876.su/login.php?online_id=3e2ad53665fd445ce0c6ca953login_id=79fd80473e877614e87cc7... Page URL
Detected technologies
Detected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://bank-id45876.su/
HTTP 301
https://bank-id45876.su/ HTTP 302
https://bank-id45876.su/login.php?online_id=3e2ad53665fd445ce0c6ca953login_id=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e&session=79fd80473e877614e87cc72f96297f8e79fd80473e877614e87cc72f96297f8e Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
bank-id45876.su/ Redirect Chain
|
4 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
com-regions.css
bank-id45876.su/File/ |
369 KB 369 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
olbAuth.min.css
bank-id45876.su/File/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
regions-logo-no-r.svg
bank-id45876.su/File/ |
5 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Common.css
bank-id45876.su/File/ |
10 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
equal-housing-lender.svg
bank-id45876.su/File/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
member-fdic.svg
bank-id45876.su/File/ |
6 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
source-sans-pro-700-webfont.woff
bank-id45876.su/File/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
source-sans-pro-regular-webfont.woff
bank-id45876.su/File/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Regions Bank (Banking)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
bank-id45876.su/ | Name: PHPSESSID Value: b08tbanae4gjau9ptfrp29r631 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bank-id45876.su
80.85.141.204
3425d22ca008ec556116af7897aaa762afd9e873309cd5d3b0d5504742783aee
7c60e9115caafe4f38d41e3ea064cd4941f1389514910c0b6f4f0607f51cdcb1
8449bf268c34f4d4669aa4634f340155a7f12df756afd8b6546692dd70a0dec5
8b69a3707a2ef4a748dd6c9923a1fa17d1ed5d32eee6e60240540217cf30b324
912f72af9fe61099bc2452960df7b72ee662d5c3e6188ab246767de1fe367913
9d782980884a0c3a5631f5534c0a957d08d714097a24de9b7fed6b108406d75c
e4bc94279e093f25720c2867e7a08dbfaaa140636f11eab5ac4e204a93a3751e