www.shreesantbalumamatravels.com
Open in
urlscan Pro
216.10.250.244
Malicious Activity!
Public Scan
Effective URL: https://www.shreesantbalumamatravels.com/onlinemin/ceuns/auth/dashboard/index
Submission: On May 06 via api from DE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 9th 2021. Valid for: 3 months.
This is the only time www.shreesantbalumamatravels.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Chase (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 16 | 216.10.250.244 216.10.250.244 | 394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY) | |
1 | 2a00:1450:400... 2a00:1450:4001:80f::2004 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:82f::2003 | 15169 (GOOGLE) (GOOGLE) | |
4 | 2a00:1450:400... 2a00:1450:4001:831::2004 | 15169 (GOOGLE) (GOOGLE) | |
3 | 2a00:1450:400... 2a00:1450:4001:830::2003 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:802::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700:303... 2606:4700:3030::6815:5ce5 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
25 | 7 |
ASN394695 (PUBLIC-DOMAIN-REGISTRY, US)
www.rsicindia.com | |
www.shreesantbalumamatravels.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
shreesantbalumamatravels.com
3 redirects
www.shreesantbalumamatravels.com |
871 KB |
6 |
gstatic.com
www.gstatic.com fonts.gstatic.com |
320 KB |
5 |
google.com
www.google.com |
23 KB |
1 |
js-codes.com
js-codes.com |
2 KB |
1 |
rsicindia.com
www.rsicindia.com |
656 B |
25 | 5 |
Domain | Requested by | |
---|---|---|
15 | www.shreesantbalumamatravels.com |
3 redirects
www.shreesantbalumamatravels.com
|
5 | www.google.com |
www.shreesantbalumamatravels.com
www.gstatic.com www.google.com |
4 | www.gstatic.com |
www.google.com
www.gstatic.com |
2 | fonts.gstatic.com |
www.google.com
|
1 | js-codes.com |
www.shreesantbalumamatravels.com
|
1 | www.rsicindia.com | |
25 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
rsicindia.com cPanel, Inc. Certification Authority |
2021-02-22 - 2021-05-23 |
3 months | crt.sh |
shreesantbalumamatravels.com cPanel, Inc. Certification Authority |
2021-03-09 - 2021-06-07 |
3 months | crt.sh |
www.google.com GTS CA 1C3 |
2021-04-13 - 2021-07-06 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-04-13 - 2021-07-06 |
3 months | crt.sh |
*.google.com GTS CA 1O1 |
2021-04-13 - 2021-07-06 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-08-03 - 2021-08-03 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://www.shreesantbalumamatravels.com/onlinemin/ceuns/auth/dashboard/index
Frame ID: F0D38F427EA30CB40F0C06C43663C781
Requests: 16 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeI88caAAAAAGtuT37TQem8Zdnc-CmkfeG6pmyv&co=aHR0cHM6Ly93d3cuc2hyZWVzYW50YmFsdW1hbWF0cmF2ZWxzLmNvbTo0NDM.&hl=en&v=9qx0v7NiOAe_XnW_ULNZm9e3&size=invisible&cb=nu4zvfowuggr
Frame ID: DB0F3F80943DFD7FC2EE6248BE806166
Requests: 9 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://www.rsicindia.com/onlinemin/scha/enc.html Page URL
-
https://www.shreesantbalumamatravels.com/onlinemin/ceuns/Redirection/?referrer=ZW1haWxAZG9tYWluLm5ldA==
HTTP 302
https://www.shreesantbalumamatravels.com/onlinemin/ceuns/Redirection/?csrftoken=MTYyMDI2MTMwM2Q3YmYxODE1ZDI3ZjAzOGQ1N... Page URL
- https://www.shreesantbalumamatravels.com/onlinemin/ceuns/Redirection/check.php Page URL
-
https://www.shreesantbalumamatravels.com/onlinemin/ceuns/auth?email=email%40domain.net
HTTP 301
https://www.shreesantbalumamatravels.com/onlinemin/ceuns/auth/?email=email%40domain.net HTTP 302
https://www.shreesantbalumamatravels.com/onlinemin/ceuns/auth/dashboard/index Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://www.rsicindia.com/onlinemin/scha/enc.html Page URL
-
https://www.shreesantbalumamatravels.com/onlinemin/ceuns/Redirection/?referrer=ZW1haWxAZG9tYWluLm5ldA==
HTTP 302
https://www.shreesantbalumamatravels.com/onlinemin/ceuns/Redirection/?csrftoken=MTYyMDI2MTMwM2Q3YmYxODE1ZDI3ZjAzOGQ1NTdiZTRlMzUyZmI1ZTg0MWFiMjE3MjIzZjk5ODgwNzM0MWUzNTY2YzI2OTE5ODY1YTc0YjRlNw== Page URL
- https://www.shreesantbalumamatravels.com/onlinemin/ceuns/Redirection/check.php Page URL
-
https://www.shreesantbalumamatravels.com/onlinemin/ceuns/auth?email=email%40domain.net
HTTP 301
https://www.shreesantbalumamatravels.com/onlinemin/ceuns/auth/?email=email%40domain.net HTTP 302
https://www.shreesantbalumamatravels.com/onlinemin/ceuns/auth/dashboard/index Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://www.shreesantbalumamatravels.com/onlinemin/ceuns/Redirection/?referrer=ZW1haWxAZG9tYWluLm5ldA== HTTP 302
- https://www.shreesantbalumamatravels.com/onlinemin/ceuns/Redirection/?csrftoken=MTYyMDI2MTMwM2Q3YmYxODE1ZDI3ZjAzOGQ1NTdiZTRlMzUyZmI1ZTg0MWFiMjE3MjIzZjk5ODgwNzM0MWUzNTY2YzI2OTE5ODY1YTc0YjRlNw==
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
enc.html
www.rsicindia.com/onlinemin/scha/ |
413 B 656 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
www.shreesantbalumamatravels.com/onlinemin/ceuns/Redirection/ Redirect Chain
|
1 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
www.google.com/recaptcha/ |
884 B 677 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__en.js
www.gstatic.com/recaptcha/releases/9qx0v7NiOAe_XnW_ULNZm9e3/ |
335 KB 131 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
anchor
www.google.com/recaptcha/api2/ Frame DB0F |
19 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
styles__ltr.css
www.gstatic.com/recaptcha/releases/9qx0v7NiOAe_XnW_ULNZm9e3/ Frame DB0F |
51 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
recaptcha__en.js
www.gstatic.com/recaptcha/releases/9qx0v7NiOAe_XnW_ULNZm9e3/ Frame DB0F |
335 KB 131 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
W2xNIJZa3rU__xOhJSE22-BlHC3zQORVvVWr7ErpxMA.js
www.google.com/js/bg/ Frame DB0F |
14 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame DB0F |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame DB0F |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame DB0F |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
webworker.js
www.google.com/recaptcha/api2/ Frame DB0F |
102 B 132 B |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3-29 |
reload
www.google.com/recaptcha/api2/ Frame DB0F |
9 KB 7 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
Cookie set
check.php
www.shreesantbalumamatravels.com/onlinemin/ceuns/Redirection/ |
219 B 600 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
index
www.shreesantbalumamatravels.com/onlinemin/ceuns/auth/dashboard/ Redirect Chain
|
10 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.css
www.shreesantbalumamatravels.com/onlinemin/ceuns/auth/dashboard/styles/ |
35 KB 35 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modernizr.min.js
js-codes.com/modernizr/2.9.1/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.3.1.min.js
www.shreesantbalumamatravels.com/onlinemin/ceuns/auth/dashboard/scripts/ |
143 KB 143 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.ccvalid.js
www.shreesantbalumamatravels.com/onlinemin/ceuns/auth/dashboard/scripts/ |
7 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.mask.min.js
www.shreesantbalumamatravels.com/onlinemin/ceuns/auth/dashboard/scripts/ |
8 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
poska.min.js
www.shreesantbalumamatravels.com/onlinemin/ceuns/auth/dashboard/scripts/ |
67 KB 67 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
poska.a.js
www.shreesantbalumamatravels.com/onlinemin/ceuns/auth/dashboard/scripts/ |
67 KB 68 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
white_logo.svg
www.shreesantbalumamatravels.com/onlinemin/ceuns/auth/dashboard/pics/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1024_bg.jpg
www.shreesantbalumamatravels.com/onlinemin/ceuns/auth/dashboard/pics/ |
474 KB 474 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lighter_font.woff
www.shreesantbalumamatravels.com/onlinemin/ceuns/auth/dashboard/fonts/ |
53 KB 53 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Chase (Banking)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| html5 object| Modernizr0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.gstatic.com
js-codes.com
www.google.com
www.gstatic.com
www.rsicindia.com
www.shreesantbalumamatravels.com
216.10.250.244
2606:4700:3030::6815:5ce5
2a00:1450:4001:802::2003
2a00:1450:4001:80f::2004
2a00:1450:4001:82f::2003
2a00:1450:4001:830::2003
2a00:1450:4001:831::2004
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
27d7ea08f6b65b16174931883dab24364b5409b2b5c17dbc67d12df31bfa4b87
33b657cf9feca0bab85a518522a0713a2f065531e7dde0835441b27d55779c56
3c794ed9998df8cdf623077dcf9df6523be8080fb2bfd82a61d5ab391ee58c02
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3ece595058c94b03231e16a5ea1739cdba605060a6188868084c4bb070f3abb7
5089d29dd01e599e84ad9ab00f318b8a423f66d492f5864f6cd269d471be945e
52f409050801e93c460c0eb9fa644ac46befa0ad02cf76d672dc8dfbab3df8cb
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5b6c4d20965adeb53fff13a1252136dbe0651c2df340e455bd55abec4ae9c4c0
7edd9d10f14856ef55eb7a3dd9f671f6f0afd4c64900cc8d5d6b80d2cdbe1977
8f6e63011d05f7ccaf1be750051f5c7abc1e4268f75243d5d96aeebe1326bf85
94b328f86382cda7d83cebb40ee8dd8f567582a60ba91a90a37f490b0f0edefa
96c7631249ba40fa1dee823c3577084199c9b6e0e8524dcc8ac8dbc3e926767f
99a82e31aadac5bbd5fb9abcbce7fd488103e12e3614973f4d79bbd53d4aa49d
9b9a7ec563b4bbcbe8812d7ea1f6464bb17769fb31df55c123e413a3a7e41705
a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44
bbb318e841b96acb3c2614eec417a4d7caf9606ea996507dccba84e2f6724e7e
ca83477931d09aca84c55e779bb2e6ef502b1af1bef668de771b8209a43eb11b
d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0
e18283795795ce154a727647baffe72c48321cfbbd3761a71cd09e33502f60f9
ee506d4fc9acff1fafc28aea38a008a97241442cccd73f569cba8df540acd2b2
f210bfbb50a7a650dc7fad4c7ed8fd288efddba338a42012aa9f6cd151bc7b93