fotis.in Open in urlscan Pro
2606:4700:3034::ac43:b6d9 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://lihi.cc/yqxfp
Effective URL:
https://fotis.in/FNBO/
Submission: On March 21 via api (March 21st 2024, 9:19:57 pm UTC) from US — Scanned from US

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 12 HTTP transactions. The main IP is 2606:4700:3034::ac43:b6d9, located in United States and belongs to CLOUDFLARENET, US. The main domain is fotis.in.
TLS certificate: Issued by E1 on March 5th 2024. Valid for: 3 months.

This is the only time fotis.in was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: First National Bank of Omaha (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2 2	2606:4700:303... 2606:4700:3033::ac43:dd5f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 11	2606:4700:303... 2606:4700:3034::ac43:b6d9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2

2 2606:4700:3033::ac43:dd5f (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

lihi.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700:3034::ac43:b6d9 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

fotis.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	fotis.in 1 redirects fotis.in	115 KB
2	lihi.cc 2 redirects lihi.cc — Cisco Umbrella Rank: 713213	2 KB
12	2

	Domain	Requested by
11	fotis.in	1 redirects fotis.in
2	lihi.cc	2 redirects
12	2

This site contains no links.

Subject Issuer	Validity	Valid
fotis.in E1	`2024-03-05` - `2024-06-03`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://fotis.in/FNBO/
Frame ID: 20C10F006D8D43745477FC6B80C426C2
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

securebanklogin.com - Sign In

Page URL History Show full URLs

http://lihi.cc/yqxfp HTTP 301
https://lihi.cc/yqxfp HTTP 302
https://fotis.in/FNBO HTTP 301
https://fotis.in/FNBO/ Page URL

Page Statistics

12
Requests

83 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

115 kB
Transfer

278 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://lihi.cc/yqxfp HTTP 301
https://lihi.cc/yqxfp HTTP 302
https://fotis.in/FNBO HTTP 301
https://fotis.in/FNBO/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response fotis.in/FNBO/ Redirect Chain http://lihi.cc/yqxfp https://lihi.cc/yqxfp https://fotis.in/FNBO https://fotis.in/FNBO/	5 KB 2 KB	69ms 68ms	Document text/html	2606:4700:3034::ac43:b6d9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fotis.in/FNBO/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:b6d9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4c0042dcdafae87b439a1050d2835752d8639d54c2e615ca049b5beb701dc392` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8680fb1fabc46aed-BUF content-encoding br content-type text/html date Thu, 21 Mar 2024 21:19:34 GMT last-modified Sun, 30 Oct 2022 02:40:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BWYd02BtLTTJQxkwHrIGr6QG%2FwGVaycd4Sz5nf0LyrnKlt9u8dHveCnaJWGtEZrWlwulz%2B70tnR3VRITdyZOymmbiN6D4apr3virc83Q6Tt10SXtH9T3L2fzp3A3FSWEroCvrBGC3Q%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-turbo-charged-by LiteSpeed Redirect headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8680fb1f2ba16aed-BUF content-type text/html date Thu, 21 Mar 2024 21:19:34 GMT location https://fotis.in/FNBO/ nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6SOORveApBndKDFU8c9P3NSa9vdzPFwpugnPaJauH5DbGIbejPn%2FctigogaEGcoA732t9QxNL%2FS%2FTM55uLwfQ4j2P7%2BMBB0HcSWxBKz%2B5hrYfGv%2FnyfgW3iMCl2QKjEwlLpmcVpjiw%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare x-turbo-charged-by LiteSpeed
GET H3	404	okta-sign-in.min.js fotis.in/FNBO/js/	0 0	9466ms 9465ms	Script text/html	2606:4700:3034::ac43:b6d9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fotis.in/FNBO/js/okta-sign-in.min.js Requested by Host: fotis.in URL: https://fotis.in/FNBO/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:b6d9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer https://fotis.in/FNBO/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Thu, 21 Mar 2024 21:19:43 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-litespeed-cache miss x-dns-prefetch-control on x-litespeed-cache-control public,max-age=3600 x-litespeed-tag 561_HTTP.404,561_404,561_URL.e5142a1cb8678f7e6e86389d9eb04140,561_guest,561_,561_UCSS.719b5b04ed1e2d1fbc2b7d24e56136bd,561_MIN.44d1942fb3be931d7befde62b852a76b.css,561_MIN.d887707125a4523bd587aea2788d0def.js alt-svc h3=":443"; ma=86400 server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xK6%2FczBO5hgnk2VFHNJtfaRGv%2B2A3xeQrTpHx3Iu4AV%2Fdw7OisKh%2FjaB3MUsfjei72XtDFRSilljvj122vjm7%2Bghiz8oWq5G9RQkVEOnhgWTQMvKamG9S1ZHf2V7xIbCDKZQ15htvg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control max-age=14400, must-revalidate x-turbo-charged-by LiteSpeed cf-ray 8680fb202eb04bc1-BUF expires Wed, 11 Jan 1984 05:00:00 GMT
GET H3	200	okta-sign-in.min.css fotis.in/FNBO/css/	181 KB 25 KB	454ms 452ms	Stylesheet text/css	2606:4700:3034::ac43:b6d9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fotis.in/FNBO/css/okta-sign-in.min.css Requested by Host: fotis.in URL: https://fotis.in/FNBO/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:b6d9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ea529b703d4233c8502c032419c0b5238ec604bf77f3f9425db9ae0a8bc17aea` Request headers accept-language en-US,en;q=0.9 Referer https://fotis.in/FNBO/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Thu, 21 Mar 2024 21:19:34 GMT content-encoding br cf-cache-status MISS last-modified Sun, 30 Oct 2022 01:49:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TgkJI97iEqUeSHh%2FhA7FCAli6MypAE8F%2BUFVANBXJu%2BxP53RYaj6FYNKCpD9nc3ZJaXSpGM5xPw691cz%2FK2vzowna%2FZnOyp6zhLAZZDtMXtDpnptQzPxAhG8r3q4NNJI1XTb4a0aiw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=31557600 x-turbo-charged-by LiteSpeed cf-ray 8680fb202eb34bc1-BUF alt-svc h3=":443"; ma=86400 expires Sat, 22 Mar 2025 03:19:34 GMT
GET H3	200	custom-signin.241e0fb439244dc50c5929c0513a6765.css fotis.in/FNBO/css/	2 KB 1 KB	340ms 339ms	Stylesheet text/css	2606:4700:3034::ac43:b6d9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fotis.in/FNBO/css/custom-signin.241e0fb439244dc50c5929c0513a6765.css Requested by Host: fotis.in URL: https://fotis.in/FNBO/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:b6d9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `dcc89f32e3f978bd4c2e313916b6267abd287eea87daec0e5c049150fd9062aa` Request headers accept-language en-US,en;q=0.9 Referer https://fotis.in/FNBO/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Thu, 21 Mar 2024 21:19:34 GMT content-encoding br cf-cache-status MISS last-modified Sun, 30 Oct 2022 01:49:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g5S6EdDM1Brh%2Fkvj1xFVkUF66MWoLEw%2BUbmRje8UWZe9wpW5TLRw5wpmSgEQN0K4cw6hrtRHH7couhDJsojpurNDaAYPR%2FLFUIBgo5t2mkEcUIZeO6DIo8%2F0DY%2BaGJtEqaUsnXLJSw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=31557600 x-turbo-charged-by LiteSpeed cf-ray 8680fb202eb64bc1-BUF alt-svc h3=":443"; ma=86400 expires Sat, 22 Mar 2025 03:19:34 GMT
GET H3	200	main.css fotis.in/FNBO/css/	5 KB 2 KB	148ms 147ms	Stylesheet text/css	2606:4700:3034::ac43:b6d9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fotis.in/FNBO/css/main.css Requested by Host: fotis.in URL: https://fotis.in/FNBO/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:b6d9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4a4ad7b452b60390b77a287ccd80c90a95f8eb546c88aa04c783056a9d8e955d` Request headers accept-language en-US,en;q=0.9 Referer https://fotis.in/FNBO/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Thu, 21 Mar 2024 21:19:34 GMT content-encoding br cf-cache-status MISS last-modified Sun, 30 Oct 2022 01:49:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r4Bs20xBFZJei0jLuCBgK3rkx0FtxLAs%2BgL57Qv20WjckxSaHm%2BCyvXIeWLUEaS3JuGhI4LZ2IQX7hhIPfl%2B2Jm0yattDRPahxOIBXJTaJ2g%2BuuBDuPIiEniL3ttAmG%2BMD0IzbLzLQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=31557600 x-turbo-charged-by LiteSpeed cf-ray 8680fb202eb74bc1-BUF alt-svc h3=":443"; ma=86400 expires Sat, 22 Mar 2025 03:19:34 GMT
GET H3	200	fnbo-simple.svg fotis.in/FNBO/img/	2 KB 1 KB	485ms 484ms	Image image/svg+xml	2606:4700:3034::ac43:b6d9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://fotis.in/FNBO/img/fnbo-simple.svg Requested by Host: fotis.in URL: https://fotis.in/FNBO/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:b6d9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `acf4af3d7cda611d7d3f64fffe00bde4c3ad92dd6bb45ba3596f085c674987c2` Request headers accept-language en-US,en;q=0.9 Referer https://fotis.in/FNBO/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Thu, 21 Mar 2024 21:19:34 GMT content-encoding br cf-cache-status MISS last-modified Sun, 30 Oct 2022 01:48:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cQNTZvSMPD67Aa3H78Xsnh0ziVg1%2Bj0M9RkwJojSTU1PmKDEnbcm%2BB2r3W8ubOCtAG5kIu92%2Ftf3zttRhYDb%2Bv92sG3GqC2rkX0yVfOLSNzyTqGIB8NrzbODsPdDCVvrFX9RXDnk0w%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=31557600 x-turbo-charged-by LiteSpeed cf-ray 8680fb202eb94bc1-BUF alt-svc h3=":443"; ma=86400 expires Sat, 22 Mar 2025 03:19:34 GMT
GET H3	200	logo-equal-housing-lender.png fotis.in/FNBO/img/	19 KB 19 KB	421ms 420ms	Image image/png	2606:4700:3034::ac43:b6d9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://fotis.in/FNBO/img/logo-equal-housing-lender.png Requested by Host: fotis.in URL: https://fotis.in/FNBO/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:b6d9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c605c016ef2e50c11792b9813e19ce69d04a85c39dfaa96d13b369ee7f002a59` Request headers accept-language en-US,en;q=0.9 Referer https://fotis.in/FNBO/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Thu, 21 Mar 2024 21:19:34 GMT cf-cache-status MISS last-modified Sun, 30 Oct 2022 01:56:16 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EKuVmRIlywkTMUcJNiaYumBabc49Mc7jcb9a3IK2csP%2FtQysreD0nPUPoiCIQD4MsuSR9LhTFComkefbVVhRk81rXnGDXcRN%2FXsPYPw07ZcqTVJXsWxS6OddpT8mfx28sUMDSLbG4A%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=31557600 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 8680fb202eba4bc1-BUF alt-svc h3=":443"; ma=86400 content-length 19437 expires Sat, 22 Mar 2025 03:19:34 GMT
GET H3	404	checkbox-sign-in-widget.png fotis.in/FNBO/img/ui/forms/	64 KB 64 KB	8800ms 8800ms	Image text/html	2606:4700:3034::ac43:b6d9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://fotis.in/FNBO/img/ui/forms/checkbox-sign-in-widget.png Requested by Host: fotis.in URL: https://fotis.in/FNBO/css/okta-sign-in.min.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:b6d9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4683f29f857732d5b580d32363e6f90f86db5d11d85c9d65c580b9d42427520b` Request headers accept-language en-US,en;q=0.9 Referer https://fotis.in/FNBO/css/okta-sign-in.min.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Thu, 21 Mar 2024 21:19:52 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-litespeed-cache miss x-dns-prefetch-control on x-litespeed-cache-control public,max-age=3600 x-litespeed-tag 561_HTTP.404,561_404,561_URL.92b8e90bcdcd5a7570a85b524d961dfc,561_guest,561_,561_UCSS.7befda9636ba492231eff827c679fbce alt-svc h3=":443"; ma=86400 server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XAoehAWWnugZREa6GTTOOlfA7ulHV%2Bnc0tcTYKfmcvG80o2RYc18%2BSrSuKtBLcs8j3IKNW%2BMrhhgFHskLoA0S6thuJ2yrYjkda72GVxbe%2FcuKsnpA2%2FBcyebgXFwkUUSUU6IR6g%2Bcg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control max-age=14400, must-revalidate x-turbo-charged-by LiteSpeed cf-ray 8680fb5b6da94bc1-BUF expires Wed, 11 Jan 1984 05:00:00 GMT
GET H3	404	montserrat-light-webfont.woff fotis.in/FNBO/font/	0 0	9038ms 9038ms	Font text/html	2606:4700:3034::ac43:b6d9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fotis.in/FNBO/font/montserrat-light-webfont.woff Requested by Host: fotis.in URL: https://fotis.in/FNBO/css/okta-sign-in.min.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:b6d9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://fotis.in/FNBO/css/okta-sign-in.min.css Origin https://fotis.in accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Thu, 21 Mar 2024 21:19:52 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-litespeed-cache miss x-dns-prefetch-control on x-litespeed-cache-control public,max-age=3600 x-litespeed-tag 561_HTTP.404,561_404,561_URL.4ace2f1c17f47d638025c9bc680a53ae,561_guest,561_,561_UCSS.719b5b04ed1e2d1fbc2b7d24e56136bd,561_MIN.44d1942fb3be931d7befde62b852a76b.css,561_MIN.d887707125a4523bd587aea2788d0def.js alt-svc h3=":443"; ma=86400 server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iXmmtKoQt78nrAs5LTZk2CzaTn63sm0M%2Bmbomkz5gcnBgnTOaphKhWAXVd1DW0PUmFtMYAx81j17Qc%2F2PmtNL2PMLHDaQ%2Be7d0X3mc5MlsVgeNFPOXWD%2B0T8%2BfK4OSUdLtRPfKnoLA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control max-age=14400, must-revalidate x-turbo-charged-by LiteSpeed cf-ray 8680fb5b6dab4bc1-BUF expires Wed, 11 Jan 1984 05:00:00 GMT
GET H3	404	montserrat-regular-webfont.woff fotis.in/FNBO/font/	0 0	10394ms 10394ms	Font text/html	2606:4700:3034::ac43:b6d9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fotis.in/FNBO/font/montserrat-regular-webfont.woff Requested by Host: fotis.in URL: https://fotis.in/FNBO/css/okta-sign-in.min.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:b6d9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://fotis.in/FNBO/css/okta-sign-in.min.css Origin https://fotis.in accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Thu, 21 Mar 2024 21:19:54 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-litespeed-cache miss x-dns-prefetch-control on x-litespeed-cache-control public,max-age=3600 x-litespeed-tag 561_HTTP.404,561_404,561_URL.8f7aef079bccc288b58231d3320bca22,561_guest,561_,561_UCSS.719b5b04ed1e2d1fbc2b7d24e56136bd,561_MIN.44d1942fb3be931d7befde62b852a76b.css,561_MIN.d887707125a4523bd587aea2788d0def.js alt-svc h3=":443"; ma=86400 server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ygvBVAqWPu0Ubj9AJxUfe2zHOMk3gVXfonMnumCvLiPqnX0sm1qd4YHIWfLBqpZKN19xRPACGMuoPSSuZdZnRbwtdka%2BZL%2B6hg9RRIZsvRVt8R6kJII5g5NJWf017TA414bhCIJVBQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control max-age=14400, must-revalidate x-turbo-charged-by LiteSpeed cf-ray 8680fb5b6dac4bc1-BUF expires Wed, 11 Jan 1984 05:00:00 GMT
GET		montserrat-light-webfont.ttf fotis.in/FNBO/font/	0 0

GET		montserrat-regular-webfont.ttf fotis.in/FNBO/font/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fotis.in
URL: https://fotis.in/FNBO/font/montserrat-light-webfont.ttf

Domain: fotis.in
URL: https://fotis.in/FNBO/font/montserrat-regular-webfont.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: First National Bank of Omaha (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			lihi.cc/	1970-01-21 04:53:35	Name: redirect_id Value: eyJpdiI6IlY2WDhkR2ZzN0c1K3dEZm5zZzFqbUE9PSIsInZhbHVlIjoiTU5tUkNDV3NwSDFKZFhINEtZMTJOVGNXSDE1RjNEYzA4NitXZXJ4cTRDdWFoTjRMenAxazNSSmlHWGlKdDJvSiIsIm1hYyI6IjhkNDllMWViY2I4MGExOTk4MzE3OWNhNDZjNmU0Y2YxYWU2ZmUwZWZiOTdiZGJlYjk1NjE2MjU4YjhmODE0YmIifQ%3D%3D
			lihi.cc/	1970-01-20 19:17:36	Name: lihi_session Value: eyJpdiI6IkNTRmRpQlpKN2p4S0JSNFN0XC9yZmFnPT0iLCJ2YWx1ZSI6InBDSGx6SHlQUG1IYkNRbk1CUG1SQ3RiSVZ5V1dZaFVYTFdtSEFNdm13c0MrVkdXNHpBZHg0YnJabkJzZmtGOFEiLCJtYWMiOiIzMGZhYTM5NzlhZjEwMzA1ZDIyYWIwYjk1MmMxOTZiODU5YTU4MGExYjliMTU5ZWQ3MWE1MGQwZDkxYzY1NjY4In0%3D

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://fotis.in/FNBO/js/okta-sign-in.min.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://fotis.in/FNBO/img/ui/forms/checkbox-sign-in-widget.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://fotis.in/FNBO/font/montserrat-light-webfont.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://fotis.in/FNBO/font/montserrat-regular-webfont.woff Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fotis.in
lihi.cc
fotis.in
2606:4700:3033::ac43:dd5f
2606:4700:3034::ac43:b6d9
4683f29f857732d5b580d32363e6f90f86db5d11d85c9d65c580b9d42427520b
4a4ad7b452b60390b77a287ccd80c90a95f8eb546c88aa04c783056a9d8e955d
4c0042dcdafae87b439a1050d2835752d8639d54c2e615ca049b5beb701dc392
acf4af3d7cda611d7d3f64fffe00bde4c3ad92dd6bb45ba3596f085c674987c2
c605c016ef2e50c11792b9813e19ce69d04a85c39dfaa96d13b369ee7f002a59
dcc89f32e3f978bd4c2e313916b6267abd287eea87daec0e5c049150fd9062aa
ea529b703d4233c8502c032419c0b5238ec604bf77f3f9425db9ae0a8bc17aea

fotis.in Open in urlscan Pro 2606:4700:3034::ac43:b6d9 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

12 Requests

83 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

115 kBTransfer

278 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

2 Cookies

4 Console Messages

Indicators

fotis.in Open in urlscan Pro
2606:4700:3034::ac43:b6d9 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

83 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

115 kB
Transfer

278 kB
Size

2
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!