fnbo.194-59-31-80.cprapid.com
Open in
urlscan Pro
194.59.31.80
Malicious Activity!
Public Scan
Effective URL: https://fnbo.194-59-31-80.cprapid.com/login.php
Submission Tags: @ecarlesi threat phishing fnbo Search All
Submission: On June 25 via api from IT — Scanned from IT
Summary
TLS certificate: Issued by R11 on June 25th 2024. Valid for: 3 months.
This is the only time fnbo.194-59-31-80.cprapid.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: First National Bank of Omaha (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 10 | 194.59.31.80 194.59.31.80 | 399486 (VIRTUO) (VIRTUO) | |
11 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
cprapid.com
1 redirects
fnbo.194-59-31-80.cprapid.com |
253 KB |
0 |
securebanklogin.com
Failed
auth.securebanklogin.com Failed www.securebanklogin.com Failed |
|
11 | 2 |
Domain | Requested by | |
---|---|---|
10 | fnbo.194-59-31-80.cprapid.com |
1 redirects
fnbo.194-59-31-80.cprapid.com
|
0 | www.securebanklogin.com Failed | |
0 | auth.securebanklogin.com Failed |
fnbo.194-59-31-80.cprapid.com
|
11 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
auth.securebanklogin.com |
www.securebanklogin.com |
www.fnbo.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
cpanel.fnbo.194-59-31-80.cprapid.com R11 |
2024-06-25 - 2024-09-23 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://fnbo.194-59-31-80.cprapid.com/login.php
Frame ID: C969F9A470768B7CAF8C400969907006
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
Sign inPage URL History Show full URLs
-
http://fnbo.194-59-31-80.cprapid.com/
HTTP 307
https://fnbo.194-59-31-80.cprapid.com/ HTTP 302
https://fnbo.194-59-31-80.cprapid.com/login.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: Need help signing in?
Search URL Search Domain Scan URL
Title: Forgot User ID?
Search URL Search Domain Scan URL
Title: Need help?
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Security Statement
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://fnbo.194-59-31-80.cprapid.com/
HTTP 307
https://fnbo.194-59-31-80.cprapid.com/ HTTP 302
https://fnbo.194-59-31-80.cprapid.com/login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
fnbo.194-59-31-80.cprapid.com/ Redirect Chain
|
14 KB 14 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
okta-sign-in.min.css
fnbo.194-59-31-80.cprapid.com/fnbo_files/ |
215 KB 216 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
auth.securebanklogin.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
custom-signin.241e0fb439244dc50c5929c0513a6765.css
fnbo.194-59-31-80.cprapid.com/fnbo_files/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fnbo-simple-green.svg
fnbo.194-59-31-80.cprapid.com/fnbo_files/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-equal-housing-lender.png
fnbo.194-59-31-80.cprapid.com/fnbo_files/ |
19 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
montserrat-okta-light-webfont.woff
fnbo.194-59-31-80.cprapid.com/font/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
montserrat-okta-regular-webfont.woff
fnbo.194-59-31-80.cprapid.com/font/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
favicon.ico
www.securebanklogin.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
montserrat-okta-regular-webfont.ttf
fnbo.194-59-31-80.cprapid.com/font/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
montserrat-okta-light-webfont.ttf
fnbo.194-59-31-80.cprapid.com/font/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- auth.securebanklogin.com
- URL
- https://auth.securebanklogin.com/?brand=fnbo
- Domain
- www.securebanklogin.com
- URL
- https://www.securebanklogin.com/favicon.ico
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: First National Bank of Omaha (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| event object| fence object| sharedStorage1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
auth.securebanklogin.com/ | Name: DT Value: DI1fbyP5mhdT3Od5SMb4smrYQ |
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
auth.securebanklogin.com
fnbo.194-59-31-80.cprapid.com
www.securebanklogin.com
auth.securebanklogin.com
www.securebanklogin.com
194.59.31.80
5565f512aa63d117f4550e76339a1f1a0ac20b1f0a2a4da1b296417d95327f00
acf4af3d7cda611d7d3f64fffe00bde4c3ad92dd6bb45ba3596f085c674987c2
c605c016ef2e50c11792b9813e19ce69d04a85c39dfaa96d13b369ee7f002a59
dcc89f32e3f978bd4c2e313916b6267abd287eea87daec0e5c049150fd9062aa
ea8d801deb6776d5aaf273dfbc42d503fdaaa6f51c8934d0961e3f2a1ba13ceb