![](/screenshots/afa93e02-6ca9-404e-a9c2-5764e38b58dd.png)
rbanmsfgc.ac.in
Open in
urlscan Pro
148.66.138.157
Malicious Activity!
Public Scan
Submission: On April 17 via automatic, source openphish — Scanned from SG
Summary
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on February 19th 2023. Valid for: a year.
This is the only time rbanmsfgc.ac.in was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: bank99 (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 148.66.138.157 148.66.138.157 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
1 2 | 2606:4700:20:... 2606:4700:20::681a:85b | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2404:6800:400... 2404:6800:4003:c03::5f | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700::68... 2606:4700::6812:1734 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a02:6ea0:d10... 2a02:6ea0:d100::15 | 60068 (CDN77 ^_^) (CDN77 ^_^) | |
2 | 193.110.183.243 193.110.183.243 | 24656 (ARZ) (ARZ) | |
4 | 2606:4700:e0:... 2606:4700:e0::ac40:640a | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
15 | 7 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 1415 ka-f.fontawesome.com — Cisco Umbrella Rank: 2678 |
34 KB |
5 |
rbanmsfgc.ac.in
rbanmsfgc.ac.in |
379 KB |
2 |
bank99.at
meine.bank99.at |
130 KB |
2 |
tailwindcss.com
1 redirects
cdn.tailwindcss.com — Cisco Umbrella Rank: 68583 |
107 KB |
1 |
icons8.com
img.icons8.com — Cisco Umbrella Rank: 31427 |
847 B |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 323 |
34 KB |
15 | 6 |
Domain | Requested by | |
---|---|---|
5 | rbanmsfgc.ac.in |
rbanmsfgc.ac.in
|
4 | ka-f.fontawesome.com |
kit.fontawesome.com
|
2 | meine.bank99.at |
rbanmsfgc.ac.in
|
2 | cdn.tailwindcss.com |
1 redirects
rbanmsfgc.ac.in
|
1 | img.icons8.com |
rbanmsfgc.ac.in
|
1 | kit.fontawesome.com |
rbanmsfgc.ac.in
|
1 | ajax.googleapis.com |
rbanmsfgc.ac.in
|
15 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
rbanmsfgc.ac.in Go Daddy Secure Certificate Authority - G2 |
2023-02-19 - 2024-02-19 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-03-28 - 2023-06-20 |
3 months | crt.sh |
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-11-22 - 2023-12-23 |
a year | crt.sh |
1004834818.rsc.cdn77.org R3 |
2023-02-18 - 2023-05-19 |
3 months | crt.sh |
meine.bank99.at EuropeanSSL Server CA 2 |
2023-01-17 - 2024-02-17 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-12 - 2023-08-12 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://rbanmsfgc.ac.in/img/b99/front/
Frame ID: 8938C6D12AA151D1A55397EB3CFC23DA
Requests: 15 HTTP requests in this frame
Screenshot
![](/screenshots/afa93e02-6ca9-404e-a9c2-5764e38b58dd.png)
Page Title
LoginDetected technologies
![](/vendor/wappa/icons/Font Awesome.png)
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- kit\.fontawesome\.com/([0-9a-z]+).js
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://cdn.tailwindcss.com/ HTTP 302
- https://cdn.tailwindcss.com/3.3.1
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
rbanmsfgc.ac.in/img/b99/front/ |
11 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3.3.1
cdn.tailwindcss.com/ Redirect Chain
|
348 KB 107 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ |
95 KB 34 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
887a93ffa3.js
kit.fontawesome.com/ |
11 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
rbanmsfgc.ac.in/img/b99/front/ |
4 KB 1002 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
rbanmsfgc.ac.in/img/b99/front/assets/ |
30 KB 30 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chevron.svg
rbanmsfgc.ac.in/img/b99/front/assets/ |
141 B 198 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
multiply.png
img.icons8.com/ios-filled/50/000000/ |
374 B 847 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loading-animation.gif
meine.bank99.at/banking/resource/18c355e592860e98ced912b321b615408d8e1a63/m122/images/ |
108 KB 109 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free.min.css
ka-f.fontawesome.com/releases/v6.4.0/css/ |
100 KB 23 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v6.4.0/css/ |
27 KB 5 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v5-font-face.min.css
ka-f.fontawesome.com/releases/v6.4.0/css/ |
823 B 731 B |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v6.4.0/css/ |
2 KB 1 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-background.jpg
rbanmsfgc.ac.in/img/b99/front/assets/ |
346 KB 346 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
PostSans-Regular.woff2
meine.bank99.at/banking/resource/18c355e592860e98ced912b321b615408d8e1a63/m122/fonts/ |
21 KB 21 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: bank99 (Banking)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| tailwind function| $ function| jQuery object| FontAwesomeKitConfig string| /template.html function| handleSubmit0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdn.tailwindcss.com
img.icons8.com
ka-f.fontawesome.com
kit.fontawesome.com
meine.bank99.at
rbanmsfgc.ac.in
148.66.138.157
193.110.183.243
2404:6800:4003:c03::5f
2606:4700:20::681a:85b
2606:4700::6812:1734
2606:4700:e0::ac40:640a
2a02:6ea0:d100::15
0de36e547f6703f8416190d4d94fee1f1c149e42f850150dfc787aca3f071095
17bf94d88f52ca220b51dd54c41122bf329178fdb91f4f1792d794681b0b7671
35622e99a9a2b6b14de336a558b99b748d5e304ebbdb12cea2db206fe1db2ae5
425741cc35824b5b3b18d4135fbef6afca30662d23638366af151f7e74ba2575
4ba8211293afd1fc0eb2a5ff987ed4a055cee32cfa65cd6e379040351291551d
5d70b0bcaf5fd3e94c5c81613835cf648545e219735f23f4e249a4248e07667e
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
73e3ae141777c483b369db25e936d456302a5a80d30d186549a86d6980b84b68
7e2e5b98761af2ad33e704867bd4ffca9206c60144e68b6d05ce8eab6298dfbd
9a48abc1c0966ae27ea445a3af3f6602ffc5de898fcf007c1b32800cda33f787
a3b9b469d31790096180616fae0155d3af8088924ef1d724bfd085ff3d12f075
a6042095c8394001a87eae5196a219e0b53c3596cef31784e6d033a710039639
af59041c11cf929a2d34e75e190b5da8ef037bd0fbe81a863c3bdcf430dd6b76
d144babd74738640f3133de675f5fa21c7fb58bfbd430dbd967ca813403afbfd
fd28ebf7bdffb45da731413ed6e6940dc60123aa120bfa5a3909a40b2a2ba7e1