rbanmsfgc.ac.in Open in urlscan Pro
148.66.138.157 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://rbanmsfgc.ac.in/img/b99/front/
Submission: On April 17 via automatic, source openphish (April 17th 2023, 3:01:42 pm UTC) — Scanned from SG

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 6 domains to perform 15 HTTP transactions. The main IP is 148.66.138.157, located in Singapore and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is rbanmsfgc.ac.in.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on February 19th 2023. Valid for: a year.

This is the only time rbanmsfgc.ac.in was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: bank99 (Banking)

Domain & IP information

	IP Address	AS Autonomous System
5	148.66.138.157 148.66.138.157	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
1 2	2606:4700:20:... 2606:4700:20::681a:85b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2404:6800:400... 2404:6800:4003:c03::5f	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:1734	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:6ea0:d10... 2a02:6ea0:d100::15	60068 (CDN77 ^_^) (CDN77 ^_^)
2	193.110.183.243 193.110.183.243	24656 (ARZ) (ARZ)
4	2606:4700:e0:... 2606:4700:e0::ac40:640a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	7

5 148.66.138.157 (Singapore)

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)

rbanmsfgc.ac.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:85b (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cdn.tailwindcss.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4003:c03::5f (Singapore)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1734 (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:d100::15 (Singapore)

ASN60068 (CDN77 ^_^, GB)

img.icons8.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.110.183.243 (Austria)

ASN24656 (ARZ, AT)
PTR: arz-193-110-183-243.arz.at

meine.bank99.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:e0::ac40:640a (United States)

ASN13335 (CLOUDFLARENET, US)

ka-f.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	fontawesome.com kit.fontawesome.com — Cisco Umbrella Rank: 1415 ka-f.fontawesome.com — Cisco Umbrella Rank: 2678	34 KB
5	rbanmsfgc.ac.in rbanmsfgc.ac.in	379 KB
2	bank99.at meine.bank99.at	130 KB
2	tailwindcss.com 1 redirects cdn.tailwindcss.com — Cisco Umbrella Rank: 68583	107 KB
1	icons8.com img.icons8.com — Cisco Umbrella Rank: 31427	847 B
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 323	34 KB
15	6

	Domain	Requested by
5	rbanmsfgc.ac.in	rbanmsfgc.ac.in
4	ka-f.fontawesome.com	kit.fontawesome.com
2	meine.bank99.at	rbanmsfgc.ac.in
2	cdn.tailwindcss.com	1 redirects rbanmsfgc.ac.in
1	img.icons8.com	rbanmsfgc.ac.in
1	kit.fontawesome.com	rbanmsfgc.ac.in
1	ajax.googleapis.com	rbanmsfgc.ac.in
15	7

This site contains no links.

Subject Issuer	Validity	Valid
rbanmsfgc.ac.in Go Daddy Secure Certificate Authority - G2	`2023-02-19` - `2024-02-19`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-22` - `2023-12-23`	a year	crt.sh
1004834818.rsc.cdn77.org R3	`2023-02-18` - `2023-05-19`	3 months	crt.sh
meine.bank99.at EuropeanSSL Server CA 2	`2023-01-17` - `2024-02-17`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-12` - `2023-08-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://rbanmsfgc.ac.in/img/b99/front/
Frame ID: 8938C6D12AA151D1A55397EB3CFC23DA
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
kit\.fontawesome\.com/([0-9a-z]+).js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

93 %
HTTPS

71 %
IPv6

6
Domains

7
Subdomains

7
IPs

3
Countries

685 kB
Transfer

1103 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://cdn.tailwindcss.com/ HTTP 302
https://cdn.tailwindcss.com/3.3.1

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
rbanmsfgc.ac.in/img/b99/front/ 11 KB
2 KB 44ms
15ms Document
text/html 148.66.138.157
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://rbanmsfgc.ac.in/img/b99/front/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 148.66.138.157 , Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
Software: Apache /
Resource Hash: 5d70b0bcaf5fd3e94c5c81613835cf648545e219735f23f4e249a4248e07667e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

accept-ranges: bytes
content-encoding: br
content-length: 2234
content-type: text/html
date: Mon, 17 Apr 2023 15:01:36 GMT
etag: "6ee38b7-2c69-5df83765bf0c0-br"
last-modified: Sat, 21 May 2022 10:56:43 GMT
server: Apache
vary: Accept-Encoding

GET
H2

200

3.3.1 Show response
cdn.tailwindcss.com/
Redirect Chain

https://cdn.tailwindcss.com/
https://cdn.tailwindcss.com/3.3.1

348 KB
107 KB

20ms
20ms

Script
text/javascript

2606:4700:20::681a:85b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.tailwindcss.com/3.3.1

Requested by

Host: rbanmsfgc.ac.in
URL: https://rbanmsfgc.ac.in/img/b99/front/

Protocol

Server

2606:4700:20::681a:85b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73e3ae141777c483b369db25e936d456302a5a80d30d186549a86d6980b84b68

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://rbanmsfgc.ac.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 15:01:36 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 13 Apr 2023 13:32:11 GMT
x-vercel-id: syd1::iad1::b68jm-1681392730822-5b2f2c7133a6
server: cloudflare
age: 350965
x-vercel-cache: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GN3RTrtEbrUjKPdVSI4DTDRKhx%2Fqq45b6hBKejmU2GAYU6XyCVqA7UZeFZ2Zn%2BHkHU7yK0%2FURqlqrd0on4%2F1KHp3RbVwR7DZJxL6IdaURVxwVOzCGsQg3de12cvxG9SYvQ1aUNl5WSK1cX6aBN%2FrYxk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=31536000
cf-ray: 7b958b556956a089-SIN

Redirect headers

date: Mon, 17 Apr 2023 15:01:36 GMT
strict-transport-security: max-age=63072000
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-id: syd1::iad1::zpr22-1681743046765-9445990fdd37
server: cloudflare
age: 384
x-vercel-cache: MISS
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WuWI5pa1HbTLhz7YeJd%2B%2Flx6eZbpqXptDuBODKHMFNo%2FlMEEq6nsURWkO6qcYcJYIhR%2B02QMC%2FXo0ssW1%2ByKhww0i87bOWS2eJDYW6gRMM0wHOa622Wd1%2FJGgIT10bgnf5%2BGIPavnnE9nmq1vwM%2Bl7k%3D"}],"group":"cf-nel","max_age":604800}
location: /3.3.1
cache-control: max-age=14400
cf-ray: 7b958b555930a089-SIN
content-length: 0

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ 95 KB
34 KB 33ms
5ms Script
text/javascript 2404:6800:4003:c03::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

Requested by

Host: rbanmsfgc.ac.in
URL: https://rbanmsfgc.ac.in/img/b99/front/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c03::5f , Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://rbanmsfgc.ac.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 15:00:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 172876
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33951
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Apr 2024 15:00:20 GMT

GET
H2 200 887a93ffa3.js Show response
kit.fontawesome.com/ 11 KB
4 KB 122ms
92ms Script
text/javascript 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kit.fontawesome.com/887a93ffa3.js

Requested by

Host: rbanmsfgc.ac.in
URL: https://rbanmsfgc.ac.in/img/b99/front/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ba8211293afd1fc0eb2a5ff987ed4a055cee32cfa65cd6e379040351291551d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

Referer: https://rbanmsfgc.ac.in/
Origin: https://rbanmsfgc.ac.in
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 15:01:36 GMT
strict-transport-security: max-age=31536000; preload
content-encoding: gzip
cf-cache-status: REVALIDATED
server: cloudflare
access-control-max-age: 3000
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=60, public, must-revalidate
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
cf-ray: 7b958b554dd04022-SIN
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id: F1ayiUi_XXtp3jFDwi7C

GET
H2 200 style.css
rbanmsfgc.ac.in/img/b99/front/ 4 KB
1002 B 21ms
20ms Stylesheet
text/css 148.66.138.157
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://rbanmsfgc.ac.in/img/b99/front/style.css
Requested by: Host: rbanmsfgc.ac.in
URL: https://rbanmsfgc.ac.in/img/b99/front/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 148.66.138.157 , Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
Software: Apache /
Resource Hash: 35622e99a9a2b6b14de336a558b99b748d5e304ebbdb12cea2db206fe1db2ae5

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://rbanmsfgc.ac.in/img/b99/front/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 15:01:36 GMT
content-encoding: gzip
last-modified: Sat, 21 May 2022 00:43:00 GMT
server: Apache
etag: "6ee38bb-f49-5df7ae3898d00-gzip"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=3024000, public
accept-ranges: bytes
content-length: 889

GET
H2 200 logo.png
rbanmsfgc.ac.in/img/b99/front/assets/ 30 KB
30 KB 6ms
5ms Image
image/png 148.66.138.157
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rbanmsfgc.ac.in/img/b99/front/assets/logo.png
Requested by: Host: rbanmsfgc.ac.in
URL: https://rbanmsfgc.ac.in/img/b99/front/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 148.66.138.157 , Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
Software: Apache /
Resource Hash: 9a48abc1c0966ae27ea445a3af3f6602ffc5de898fcf007c1b32800cda33f787

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://rbanmsfgc.ac.in/img/b99/front/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 15:01:36 GMT
last-modified: Thu, 19 May 2022 23:00:21 GMT
server: Apache
etag: "6ee38c4-76ff-5df6556974b40"
content-type: image/png
cache-control: max-age=3024000, public
accept-ranges: bytes
content-length: 30463

GET
H2 200 chevron.svg
rbanmsfgc.ac.in/img/b99/front/assets/ 141 B
198 B 4ms
4ms Image
image/svg+xml 148.66.138.157
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rbanmsfgc.ac.in/img/b99/front/assets/chevron.svg
Requested by: Host: rbanmsfgc.ac.in
URL: https://rbanmsfgc.ac.in/img/b99/front/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 148.66.138.157 , Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
Software: Apache /
Resource Hash: 0de36e547f6703f8416190d4d94fee1f1c149e42f850150dfc787aca3f071095

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://rbanmsfgc.ac.in/img/b99/front/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 15:01:36 GMT
content-encoding: br
last-modified: Sat, 21 May 2022 00:18:52 GMT
server: Apache
etag: "6ee38be-8d-5df7a8d3ad300-br"
vary: Accept-Encoding
content-type: image/svg+xml
accept-ranges: bytes
content-length: 107

GET
H2 200 multiply.png
img.icons8.com/ios-filled/50/000000/ 374 B
847 B 39ms
7ms Image
image/png 2a02:6ea0:d100::15
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.icons8.com/ios-filled/50/000000/multiply.png

Requested by

Host: rbanmsfgc.ac.in
URL: https://rbanmsfgc.ac.in/img/b99/front/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6ea0:d100::15 , Singapore, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

CDN77-Turbo /

Resource Hash

17bf94d88f52ca220b51dd54c41122bf329178fdb91f4f1792d794681b0b7671

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://rbanmsfgc.ac.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

x-77-pop: singaporeSG
date: Mon, 17 Apr 2023 15:01:36 GMT
strict-transport-security: max-age=15724800; includeSubDomains
version: 0.0.29
icon-format: png
x-cache: HIT
x-77-cache: HIT
x-age: 31164
content-length: 374
x-77-nzt: AY/0IaJ8Oi//vHkAAA
x-accel-expires: @1682014932
not-found-platform: false
icon-size: 50
last-modified: Mon, 17 Apr 2023 06:06:44
from-mongo-cache: false
server: CDN77-Turbo
x-77-nzt-ray: 066f3715c849a28d505f3d64ff7a9e15
vary: Origin
from-redis-cache: true
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=302400
accept-ranges: bytes
icon-id: 9433

GET
H/1.1 200
OK loading-animation.gif
meine.bank99.at/banking/resource/18c355e592860e98ced912b321b615408d8e1a63/m122/images/ 108 KB
109 KB 554ms
195ms Image
image/gif 193.110.183.243
ARZ

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://meine.bank99.at/banking/resource/18c355e592860e98ced912b321b615408d8e1a63/m122/images/loading-animation.gif

Requested by

Host: rbanmsfgc.ac.in
URL: https://rbanmsfgc.ac.in/img/b99/front/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.110.183.243 , Austria, ASN24656 (ARZ, AT),

Reverse DNS

arz-193-110-183-243.arz.at

Software

nginx /

Resource Hash

a6042095c8394001a87eae5196a219e0b53c3596cef31784e6d033a710039639

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Frame-Options	DENY

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://rbanmsfgc.ac.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
Date: Mon, 17 Apr 2023 15:01:36 GMT
Strict-Transport-Security: max-age=15552000
Server: nginx
X-Frame-Options: DENY
Content-Type: image/gif
Access-Control-Allow-Origin: *
Content-Language: en-US
Cache-Control: public,max-age=2419200,must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=15, max=100
content-length: 110541
Expires: Mon, 15 May 2023 15:01:36 GMT

GET
H2 200 free.min.css Show response
ka-f.fontawesome.com/releases/v6.4.0/css/ 100 KB
23 KB 44ms
16ms Fetch
text/css 2606:4700:e0::ac40:640a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.4.0/css/free.min.css?token=887a93ffa3
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/887a93ffa3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:640a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd28ebf7bdffb45da731413ed6e6940dc60123aa120bfa5a3909a40b2a2ba7e1

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://rbanmsfgc.ac.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 15:01:36 GMT
via: 1.1 aba148aded8f2a574ac37012d8a4aeee.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: SIN52-C3
age: 40535
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 23 Mar 2023 21:29:21 GMT
server: cloudflare
etag: W/"5febfb939e2fc4ddf14fffae53b72cf0"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W19YgnPiOpA4jflmbwRV8%2B0froYANykl9oiTYOOPzGmluJ6G7Q8qS8b5jBtCsNKf6lrxiZN2VQDym5rnIcCo2yBNjij9qE6NJIrVNntplEYvxyE0SbpNRgmR8xBsnXWak7w8ymeQHsW5yYbxoy6YC4KmaA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 7b958b563cd18998-SIN
access-control-allow-headers: fa-kit-token
x-amz-cf-id: wgcztT1tUdmKvmLMppg6APtIjh9eWbVtHHdZk74kfajMxyA1vFoTpw==

GET
H2 200 free-v4-shims.min.css Show response
ka-f.fontawesome.com/releases/v6.4.0/css/ 27 KB
5 KB 43ms
15ms Fetch
text/css 2606:4700:e0::ac40:640a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.4.0/css/free-v4-shims.min.css?token=887a93ffa3
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/887a93ffa3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:640a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 425741cc35824b5b3b18d4135fbef6afca30662d23638366af151f7e74ba2575

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://rbanmsfgc.ac.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 15:01:36 GMT
via: 1.1 c57dcf725f15a754ea7be2a7d262cec2.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: SIN52-C3
age: 40535
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 23 Mar 2023 21:29:20 GMT
server: cloudflare
etag: W/"5193a6de5225940ae4ef5f7c82126be9"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=03O%2FhK8yxAVnRO3geFA9ZKcinzUtnEwRG7VYiPILDXLeXOgisyNXXLueJJhKPifA2Z2bm9LKed3ve5a5IJiPNoC%2BzjEv%2F9eMt3rUR3Dx0QpUenQhn6P%2BSvXUU3U5y1MmAJWKjH4Z4dpeplBE0rHWWi07Gg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 7b958b563cd28998-SIN
access-control-allow-headers: fa-kit-token
x-amz-cf-id: b-u4aRpAlDR4XpaMpoTd7orPXg6hO3VoN6wTU0aWNB6SsqYQ7yiWQg==

GET
H2 200 free-v5-font-face.min.css Show response
ka-f.fontawesome.com/releases/v6.4.0/css/ 823 B
731 B 42ms
14ms Fetch
text/css 2606:4700:e0::ac40:640a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.4.0/css/free-v5-font-face.min.css?token=887a93ffa3
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/887a93ffa3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:640a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d144babd74738640f3133de675f5fa21c7fb58bfbd430dbd967ca813403afbfd

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://rbanmsfgc.ac.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 15:01:36 GMT
via: 1.1 0230bfe4b11b7df94cc75eb42cc72778.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: SIN2-C1
age: 40535
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 23 Mar 2023 21:29:20 GMT
server: cloudflare
etag: W/"5856e3f07fbc36fc4d430a95a577a87f"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hwj6RpztrweFZRXROqPBfiPCb6e79mNmCmn963hUrM%2FyScfqop4a%2BMB67rub6L0jRqEoPlnKlxGrAXsFpvdr322rLmGsTijc28zgQLvZw9UPLQzh53qKUIQZrJE2cSuB%2BPGr9Z0tmGs6GJnul%2F1jd2BNNA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 7b958b563cd38998-SIN
access-control-allow-headers: fa-kit-token
x-amz-cf-id: w8TsrGHor4r810C8WvBK6Bisaw4nPwIn-_IHDUZjTpn4zYBR6e8fiw==

GET
H2 200 free-v4-font-face.min.css Show response
ka-f.fontawesome.com/releases/v6.4.0/css/ 2 KB
1 KB 40ms
13ms Fetch
text/css 2606:4700:e0::ac40:640a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.4.0/css/free-v4-font-face.min.css?token=887a93ffa3
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/887a93ffa3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:640a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: af59041c11cf929a2d34e75e190b5da8ef037bd0fbe81a863c3bdcf430dd6b76

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://rbanmsfgc.ac.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 15:01:36 GMT
via: 1.1 a8c2772b03befab22b97b650361ac508.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: SIN52-C3
age: 40535
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 23 Mar 2023 21:29:20 GMT
server: cloudflare
etag: W/"9e7f9f634ace089bcdacc3fcc5f23ce5"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=clkmZ7Q6aWohDbJawzGe3bvs0slWetRMVSY%2F%2B%2FGmO3wfsPVzteuAif1PelUho19pYGesBoiLrJNNgiCBGyRBLv3UEvmRWhoY7LzodncNfzkTLcgkL2B6UktHLrdUrA97sd%2BRMkhUrIiRe1vCwYG7B8y0AQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 7b958b563cd58998-SIN
access-control-allow-headers: fa-kit-token
x-amz-cf-id: NjwCH-T5_L3Zh_lMq4PL500croGOwzITd9ni8lJWhH39yC3WfaFaWA==

GET
H2 200 login-background.jpg
rbanmsfgc.ac.in/img/b99/front/assets/ 346 KB
346 KB 6ms
5ms Image
image/jpeg 148.66.138.157
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rbanmsfgc.ac.in/img/b99/front/assets/login-background.jpg
Requested by: Host: rbanmsfgc.ac.in
URL: https://rbanmsfgc.ac.in/img/b99/front/style.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 148.66.138.157 , Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
Software: Apache /
Resource Hash: 7e2e5b98761af2ad33e704867bd4ffca9206c60144e68b6d05ce8eab6298dfbd

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://rbanmsfgc.ac.in/img/b99/front/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 15:01:36 GMT
last-modified: Fri, 20 May 2022 02:53:54 GMT
server: Apache
etag: "6ee38c2-56647-5df6899d4b480"
content-type: image/jpeg
cache-control: max-age=3024000, public
accept-ranges: bytes
content-length: 353863

GET
H/1.1 200
OK PostSans-Regular.woff2
meine.bank99.at/banking/resource/18c355e592860e98ced912b321b615408d8e1a63/m122/fonts/ 21 KB
21 KB 554ms
217ms Font
application/octet-stream 193.110.183.243
ARZ

General

Check archive.org

Show headers Download Go to

Full URL

https://meine.bank99.at/banking/resource/18c355e592860e98ced912b321b615408d8e1a63/m122/fonts/PostSans-Regular.woff2

Requested by

Host: rbanmsfgc.ac.in
URL: https://rbanmsfgc.ac.in/img/b99/front/style.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.110.183.243 , Austria, ASN24656 (ARZ, AT),

Reverse DNS

arz-193-110-183-243.arz.at

Software

nginx /

Resource Hash

a3b9b469d31790096180616fae0155d3af8088924ef1d724bfd085ff3d12f075

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Frame-Options	DENY

Request headers

Referer: https://rbanmsfgc.ac.in/
Origin: https://rbanmsfgc.ac.in
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
Date: Mon, 17 Apr 2023 15:01:36 GMT
Strict-Transport-Security: max-age=15552000
Server: nginx
X-Frame-Options: DENY
Content-Language: en-US
Access-Control-Allow-Origin: *
Content-Type: text/plain
Cache-Control: public,max-age=2419200,must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=15, max=100
Content-Length: 21296
Expires: Mon, 15 May 2023 15:01:36 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: bank99 (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn.tailwindcss.com
img.icons8.com
ka-f.fontawesome.com
kit.fontawesome.com
meine.bank99.at
rbanmsfgc.ac.in
148.66.138.157
193.110.183.243
2404:6800:4003:c03::5f
2606:4700:20::681a:85b
2606:4700::6812:1734
2606:4700:e0::ac40:640a
2a02:6ea0:d100::15
0de36e547f6703f8416190d4d94fee1f1c149e42f850150dfc787aca3f071095
17bf94d88f52ca220b51dd54c41122bf329178fdb91f4f1792d794681b0b7671
35622e99a9a2b6b14de336a558b99b748d5e304ebbdb12cea2db206fe1db2ae5
425741cc35824b5b3b18d4135fbef6afca30662d23638366af151f7e74ba2575
4ba8211293afd1fc0eb2a5ff987ed4a055cee32cfa65cd6e379040351291551d
5d70b0bcaf5fd3e94c5c81613835cf648545e219735f23f4e249a4248e07667e
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
73e3ae141777c483b369db25e936d456302a5a80d30d186549a86d6980b84b68
7e2e5b98761af2ad33e704867bd4ffca9206c60144e68b6d05ce8eab6298dfbd
9a48abc1c0966ae27ea445a3af3f6602ffc5de898fcf007c1b32800cda33f787
a3b9b469d31790096180616fae0155d3af8088924ef1d724bfd085ff3d12f075
a6042095c8394001a87eae5196a219e0b53c3596cef31784e6d033a710039639
af59041c11cf929a2d34e75e190b5da8ef037bd0fbe81a863c3bdcf430dd6b76
d144babd74738640f3133de675f5fa21c7fb58bfbd430dbd967ca813403afbfd
fd28ebf7bdffb45da731413ed6e6940dc60123aa120bfa5a3909a40b2a2ba7e1

rbanmsfgc.ac.in Open in urlscan Pro 148.66.138.157 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

15 Requests

93 %HTTPS

71 %IPv6

6 Domains

7 Subdomains

7 IPs

3 Countries

685 kBTransfer

1103 kBSize

0 Cookies

0 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

Indicators

rbanmsfgc.ac.in Open in urlscan Pro
148.66.138.157 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

93 %
HTTPS

71 %
IPv6

6
Domains

7
Subdomains

7
IPs

3
Countries

685 kB
Transfer

1103 kB
Size

0
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!