self-hire.com Open in urlscan Pro
107.180.26.78 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.haberyok.com/m.php
Effective URL:
https://self-hire.com/o/login.php
Submission: On February 21 via api (February 21st 2024, 12:58:48 am UTC) from TR — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 16 HTTP transactions. The main IP is 107.180.26.78, located in Ashburn, United States and belongs to GO-DADDY-COM-LLC, US. The main domain is self-hire.com.
TLS certificate: Issued by GeoTrust TLS ECC CA G1 on May 2nd 2023. Valid for: a year.

This is the only time self-hire.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: First National Bank of Omaha (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	45.14.164.34 45.14.164.34	60446 (DATEMA) (DATEMA)
2 17	107.180.26.78 107.180.26.78	400754 (GO-DADDY-...) (GO-DADDY-COM-LLC)
1	151.101.3.10 151.101.3.10	54113 (FASTLY) (FASTLY)
16	2

1 45.14.164.34 (Reston, United States) 1 redirects

ASN60446 (DATEMA, TR)
PTR: server.dnspanel.com.tr

www.haberyok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 107.180.26.78 (Ashburn, United States) 2 redirects

ASN400754 (GO-DADDY-COM-LLC, US)
PTR: 78.26.180.107.host.secureserver.net

self-hire.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.3.10 (United States)

ASN54113 (FASTLY, US)

www.card.fnbo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	self-hire.com 2 redirects self-hire.com	56 KB
1	fnbo.com www.card.fnbo.com — Cisco Umbrella Rank: 123630	1 KB
1	haberyok.com 1 redirects www.haberyok.com	234 B
16	3

	Domain	Requested by
17	self-hire.com	2 redirects self-hire.com
1	www.card.fnbo.com	self-hire.com
1	www.haberyok.com	1 redirects
16	3

This site contains no links.

Subject Issuer	Validity	Valid
self-hire.com GeoTrust TLS ECC CA G1	`2023-05-02` - `2024-05-01`	a year	crt.sh
www.card.fnbo.com Sectigo RSA Organization Validation Secure Server CA	`2024-02-20` - `2025-02-19`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://self-hire.com/o/login.php
Frame ID: F8E329E2855F4F89DBB69A00C547B4CD
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

securebanklogin.com - Sign In

Page URL History Show full URLs

http://www.haberyok.com/m.php HTTP 302
https://self-hire.com/o HTTP 301
https://self-hire.com/o/ HTTP 302
https://self-hire.com/o/login.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

16
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

57 kB
Transfer

304 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.haberyok.com/m.php HTTP 302
https://self-hire.com/o HTTP 301
https://self-hire.com/o/ HTTP 302
https://self-hire.com/o/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login.php Show response
self-hire.com/o/
Redirect Chain

http://www.haberyok.com/m.php
https://self-hire.com/o
https://self-hire.com/o/
https://self-hire.com/o/login.php

16 KB
3 KB

416ms
416ms

Document
text/html

107.180.26.78
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://self-hire.com/o/login.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.26.78 Ashburn, United States, ASN400754 (GO-DADDY-COM-LLC, US),
Reverse DNS: 78.26.180.107.host.secureserver.net
Software: Apache / PHP/5.6.40
Resource Hash: c0beda436133caaaea529e8f3cc2019165e53568bbaa7b79fa09b3949dd6ce8a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: br
content-length: 3452
content-type: text/html; charset=UTF-8
date: Wed, 21 Feb 2024 00:58:41 GMT
server: Apache
vary: Accept-Encoding
x-powered-by: PHP/5.6.40

Redirect headers

content-encoding: br
content-length: 1
content-type: text/html; charset=UTF-8
date: Wed, 21 Feb 2024 00:58:41 GMT
location: ./login.php
server: Apache
vary: Accept-Encoding
x-powered-by: PHP/5.6.40

GET
H2 200 okta-sign-in.min.css
self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/css/ 253 KB
28 KB 874ms
869ms Stylesheet
text/css 107.180.26.78
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/css/okta-sign-in.min.css
Requested by: Host: self-hire.com
URL: https://self-hire.com/o/login.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.26.78 Ashburn, United States, ASN400754 (GO-DADDY-COM-LLC, US),
Reverse DNS: 78.26.180.107.host.secureserver.net
Software: Apache /
Resource Hash: 884a2fedbcfd95e5316c709a650f133d488e667ced4d36cad7361badf09e6573

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://self-hire.com/o/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 00:58:42 GMT
content-encoding: br
last-modified: Sun, 10 Dec 2023 13:18:50 GMT
server: Apache
etag: "b38020e-3f456-60c27a878a280-br"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 28445

GET
H2 200 custom-signin.737a914842b846fb44d117b7a2900fcb.css
self-hire.com/o/assets/loginpage/css/ 11 KB
2 KB 582ms
577ms Stylesheet
text/css 107.180.26.78
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://self-hire.com/o/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Requested by: Host: self-hire.com
URL: https://self-hire.com/o/login.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.26.78 Ashburn, United States, ASN400754 (GO-DADDY-COM-LLC, US),
Reverse DNS: 78.26.180.107.host.secureserver.net
Software: Apache /
Resource Hash: 61ba05532ac15dc4d27d7c63b94e3a52354b03842c8bc08e106650c1217225e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://self-hire.com/o/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 00:58:42 GMT
content-encoding: br
last-modified: Sun, 10 Dec 2023 13:18:50 GMT
server: Apache
etag: "b38021b-2c3d-60c27a878a280-br"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 1878

GET
H2 200 fnbo-simple-green.svg
www.card.fnbo.com/content/dam/fnbo/logos/ 2 KB
1 KB 58ms
16ms Image
image/svg+xml 151.101.3.10
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.card.fnbo.com/content/dam/fnbo/logos/fnbo-simple-green.svg

Requested by

Host: self-hire.com
URL: https://self-hire.com/o/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.3.10 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

acf4af3d7cda611d7d3f64fffe00bde4c3ad92dd6bb45ba3596f085c674987c2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' fnbo.com *.fnbo.com www.fnbo.com;
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://self-hire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubdomains; preload;
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' fnbo.com *.fnbo.com www.fnbo.com;
date: Wed, 21 Feb 2024 00:58:42 GMT
age: 92
x-vhost: publish
x-cache: HIT
content-disposition: inline
content-length: 872
x-xss-protection: 1; mode=block
x-served-by: cache-fra-etou8220117-FRA
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 30 Nov 2021 23:47:32 GMT
x-timer: S1708477122.350003,VS0,VS0,VE2
etag: "658-5d20a2e4f2d00-gzip"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=300
accept-ranges: bytes

GET
H2 200 logo-equal-housing-lender.png
self-hire.com/o/brand/images/ 19 KB
19 KB 485ms
481ms Image
image/png 107.180.26.78
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://self-hire.com/o/brand/images/logo-equal-housing-lender.png
Requested by: Host: self-hire.com
URL: https://self-hire.com/o/login.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.26.78 Ashburn, United States, ASN400754 (GO-DADDY-COM-LLC, US),
Reverse DNS: 78.26.180.107.host.secureserver.net
Software: Apache /
Resource Hash: c605c016ef2e50c11792b9813e19ce69d04a85c39dfaa96d13b369ee7f002a59

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://self-hire.com/o/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 00:58:42 GMT
last-modified: Sun, 10 Dec 2023 13:18:50 GMT
server: Apache
accept-ranges: bytes
etag: "b380227-4bed-60c27a878a280"
content-length: 19437
content-type: image/png

GET
H2 200 checkbox-sign-in-widget.png
self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/img/ui/forms/ 3 KB
3 KB 98ms
97ms Image
image/png 107.180.26.78
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/img/ui/forms/checkbox-sign-in-widget.png
Requested by: Host: self-hire.com
URL: https://self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/css/okta-sign-in.min.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.26.78 Ashburn, United States, ASN400754 (GO-DADDY-COM-LLC, US),
Reverse DNS: 78.26.180.107.host.secureserver.net
Software: Apache /
Resource Hash: 40810b0318131f9ba52c83a17e633a0ac476ade66ea8a914d6c4980571397665

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/css/okta-sign-in.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 00:58:43 GMT
last-modified: Sun, 10 Dec 2023 13:18:50 GMT
server: Apache
accept-ranges: bytes
etag: "b380215-c45-60c27a878a280"
content-length: 3141
content-type: image/png

GET
H2 200 proximanova-reg-webfont.353416ed0ff540352235.woff2
self-hire.com/o/assets/loginpage/font/assets/ 122 B
164 B 98ms
97ms Font
font/woff2 107.180.26.78
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://self-hire.com/o/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
Requested by: Host: self-hire.com
URL: https://self-hire.com/o/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.26.78 Ashburn, United States, ASN400754 (GO-DADDY-COM-LLC, US),
Reverse DNS: 78.26.180.107.host.secureserver.net
Software: Apache /
Resource Hash: 5e88cabd5d44266ff53ef2d8faa4a5abd39ae92dd23adcfb16597e1065bbce78

Request headers

Referer: https://self-hire.com/o/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Origin: https://self-hire.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 00:58:43 GMT
content-encoding: br
last-modified: Sun, 10 Dec 2023 13:18:50 GMT
server: Apache
etag: "b38021e-7a-60c27a878a280-br"
vary: Accept-Encoding
content-type: font/woff2
accept-ranges: bytes
content-length: 99

GET
H2 200 proximanova-sbold-webfont.41acb8650115f83780fc.woff2
self-hire.com/o/assets/loginpage/font/assets/ 124 B
156 B 98ms
98ms Font
font/woff2 107.180.26.78
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://self-hire.com/o/assets/loginpage/font/assets/proximanova-sbold-webfont.41acb8650115f83780fc.woff2
Requested by: Host: self-hire.com
URL: https://self-hire.com/o/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.26.78 Ashburn, United States, ASN400754 (GO-DADDY-COM-LLC, US),
Reverse DNS: 78.26.180.107.host.secureserver.net
Software: Apache /
Resource Hash: 5572db259bd8f0bb0941c6f694bfe57acf8cff8d465de8602c16609c8c97c9d5

Request headers

Referer: https://self-hire.com/o/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Origin: https://self-hire.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 00:58:43 GMT
content-encoding: br
last-modified: Sun, 10 Dec 2023 13:18:50 GMT
server: Apache
etag: "b380220-7c-60c27a878a280-br"
vary: Accept-Encoding
content-type: font/woff2
accept-ranges: bytes
content-length: 100

GET
H2 200 proximanova-reg-webfont.51ac1a980f546ac17d67.woff
self-hire.com/o/assets/loginpage/font/assets/ 0
30 B 105ms
105ms Font
text/html 107.180.26.78
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://self-hire.com/o/assets/loginpage/font/assets/proximanova-reg-webfont.51ac1a980f546ac17d67.woff
Requested by: Host: self-hire.com
URL: https://self-hire.com/o/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.26.78 Ashburn, United States, ASN400754 (GO-DADDY-COM-LLC, US),
Reverse DNS: 78.26.180.107.host.secureserver.net
Software: Apache / PHP/5.6.40
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://self-hire.com/o/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Origin: https://self-hire.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 00:58:43 GMT
content-encoding: br
server: Apache
x-powered-by: PHP/5.6.40
content-length: 1
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 proximanova-sbold-webfont.78cef0e33b9c7cebcf75.woff
self-hire.com/o/assets/loginpage/font/assets/ 0
30 B 101ms
101ms Font
text/html 107.180.26.78
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://self-hire.com/o/assets/loginpage/font/assets/proximanova-sbold-webfont.78cef0e33b9c7cebcf75.woff
Requested by: Host: self-hire.com
URL: https://self-hire.com/o/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.26.78 Ashburn, United States, ASN400754 (GO-DADDY-COM-LLC, US),
Reverse DNS: 78.26.180.107.host.secureserver.net
Software: Apache / PHP/5.6.40
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://self-hire.com/o/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Origin: https://self-hire.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 00:58:43 GMT
content-encoding: br
server: Apache
x-powered-by: PHP/5.6.40
content-length: 1
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 proximanova-sbold-webfont.25ecfa3e3cee8643c95e.ttf
self-hire.com/o/assets/loginpage/font/assets/ 0
30 B 101ms
101ms Font
text/html 107.180.26.78
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://self-hire.com/o/assets/loginpage/font/assets/proximanova-sbold-webfont.25ecfa3e3cee8643c95e.ttf
Requested by: Host: self-hire.com
URL: https://self-hire.com/o/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.26.78 Ashburn, United States, ASN400754 (GO-DADDY-COM-LLC, US),
Reverse DNS: 78.26.180.107.host.secureserver.net
Software: Apache / PHP/5.6.40
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://self-hire.com/o/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Origin: https://self-hire.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 00:58:43 GMT
content-encoding: br
server: Apache
x-powered-by: PHP/5.6.40
content-length: 1
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 proximanova-reg-webfont.f9f2259180c0e36006aa.ttf
self-hire.com/o/assets/loginpage/font/assets/ 0
30 B 104ms
104ms Font
text/html 107.180.26.78
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://self-hire.com/o/assets/loginpage/font/assets/proximanova-reg-webfont.f9f2259180c0e36006aa.ttf
Requested by: Host: self-hire.com
URL: https://self-hire.com/o/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.26.78 Ashburn, United States, ASN400754 (GO-DADDY-COM-LLC, US),
Reverse DNS: 78.26.180.107.host.secureserver.net
Software: Apache / PHP/5.6.40
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://self-hire.com/o/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Origin: https://self-hire.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 00:58:43 GMT
content-encoding: br
server: Apache
x-powered-by: PHP/5.6.40
content-length: 1
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 montserrat-okta-regular-webfont.woff
self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/font/ 0
30 B 103ms
102ms Font
text/html 107.180.26.78
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/font/montserrat-okta-regular-webfont.woff
Requested by: Host: self-hire.com
URL: https://self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/css/okta-sign-in.min.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.26.78 Ashburn, United States, ASN400754 (GO-DADDY-COM-LLC, US),
Reverse DNS: 78.26.180.107.host.secureserver.net
Software: Apache / PHP/5.6.40
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/css/okta-sign-in.min.css
Origin: https://self-hire.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 00:58:43 GMT
content-encoding: br
server: Apache
x-powered-by: PHP/5.6.40
content-length: 1
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 montserrat-okta-light-webfont.woff
self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/font/ 0
30 B 104ms
104ms Font
text/html 107.180.26.78
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/font/montserrat-okta-light-webfont.woff
Requested by: Host: self-hire.com
URL: https://self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/css/okta-sign-in.min.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.26.78 Ashburn, United States, ASN400754 (GO-DADDY-COM-LLC, US),
Reverse DNS: 78.26.180.107.host.secureserver.net
Software: Apache / PHP/5.6.40
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/css/okta-sign-in.min.css
Origin: https://self-hire.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 00:58:43 GMT
content-encoding: br
server: Apache
x-powered-by: PHP/5.6.40
content-length: 1
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 montserrat-okta-regular-webfont.ttf
self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/font/ 0
30 B 101ms
101ms Font
text/html 107.180.26.78
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/font/montserrat-okta-regular-webfont.ttf
Requested by: Host: self-hire.com
URL: https://self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/css/okta-sign-in.min.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.26.78 Ashburn, United States, ASN400754 (GO-DADDY-COM-LLC, US),
Reverse DNS: 78.26.180.107.host.secureserver.net
Software: Apache / PHP/5.6.40
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/css/okta-sign-in.min.css
Origin: https://self-hire.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 00:58:43 GMT
content-encoding: br
server: Apache
x-powered-by: PHP/5.6.40
content-length: 1
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 montserrat-okta-light-webfont.ttf
self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/font/ 0
30 B 101ms
100ms Font
text/html 107.180.26.78
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/font/montserrat-okta-light-webfont.ttf
Requested by: Host: self-hire.com
URL: https://self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/css/okta-sign-in.min.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.26.78 Ashburn, United States, ASN400754 (GO-DADDY-COM-LLC, US),
Reverse DNS: 78.26.180.107.host.secureserver.net
Software: Apache / PHP/5.6.40
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/css/okta-sign-in.min.css
Origin: https://self-hire.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 00:58:43 GMT
content-encoding: br
server: Apache
x-powered-by: PHP/5.6.40
content-length: 1
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: First National Bank of Omaha (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| checkbox

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://self-hire.com/o/login.php Message: Failed to decode downloaded font: https://self-hire.com/o/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
other	warning	URL: https://self-hire.com/o/login.php Message: OTS parsing error: invalid sfntVersion: 1315905603
other	warning	URL: https://self-hire.com/o/login.php Message: Failed to decode downloaded font: https://self-hire.com/o/assets/loginpage/font/assets/proximanova-sbold-webfont.41acb8650115f83780fc.woff2
other	warning	URL: https://self-hire.com/o/login.php Message: OTS parsing error: invalid sfntVersion: 1315905603
other	warning	URL: https://self-hire.com/o/login.php Message: Failed to decode downloaded font: https://self-hire.com/o/assets/loginpage/font/assets/proximanova-sbold-webfont.78cef0e33b9c7cebcf75.woff
other	warning	URL: https://self-hire.com/o/login.php Message: Failed to decode downloaded font: https://self-hire.com/o/assets/loginpage/font/assets/proximanova-reg-webfont.51ac1a980f546ac17d67.woff
other	warning	URL: https://self-hire.com/o/login.php Message: Failed to decode downloaded font: https://self-hire.com/o/assets/loginpage/font/assets/proximanova-sbold-webfont.25ecfa3e3cee8643c95e.ttf
other	warning	URL: https://self-hire.com/o/login.php Message: Failed to decode downloaded font: https://self-hire.com/o/assets/loginpage/font/assets/proximanova-reg-webfont.f9f2259180c0e36006aa.ttf
other	warning	URL: https://self-hire.com/o/login.php Message: Failed to decode downloaded font: https://self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/font/montserrat-okta-regular-webfont.woff
other	warning	URL: https://self-hire.com/o/login.php Message: Failed to decode downloaded font: https://self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/font/montserrat-okta-light-webfont.woff
other	warning	URL: https://self-hire.com/o/login.php Message: Failed to decode downloaded font: https://self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/font/montserrat-okta-regular-webfont.ttf
other	warning	URL: https://self-hire.com/o/login.php Message: Failed to decode downloaded font: https://self-hire.com/o/assets/js/sdk/okta-signin-widget/7.12.2/font/montserrat-okta-light-webfont.ttf

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

self-hire.com
www.card.fnbo.com
www.haberyok.com
107.180.26.78
151.101.3.10
45.14.164.34
40810b0318131f9ba52c83a17e633a0ac476ade66ea8a914d6c4980571397665
5572db259bd8f0bb0941c6f694bfe57acf8cff8d465de8602c16609c8c97c9d5
5e88cabd5d44266ff53ef2d8faa4a5abd39ae92dd23adcfb16597e1065bbce78
61ba05532ac15dc4d27d7c63b94e3a52354b03842c8bc08e106650c1217225e9
884a2fedbcfd95e5316c709a650f133d488e667ced4d36cad7361badf09e6573
acf4af3d7cda611d7d3f64fffe00bde4c3ad92dd6bb45ba3596f085c674987c2
c0beda436133caaaea529e8f3cc2019165e53568bbaa7b79fa09b3949dd6ce8a
c605c016ef2e50c11792b9813e19ce69d04a85c39dfaa96d13b369ee7f002a59
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

self-hire.com Open in urlscan Pro 107.180.26.78 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

1 Countries

57 kBTransfer

304 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

12 Console Messages

Indicators

self-hire.com Open in urlscan Pro
107.180.26.78 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

57 kB
Transfer

304 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!