indi9naclaim9nt.vbttcollege.org Open in urlscan Pro
51.210.156.16 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://indi9naclaim9nt.vbttcollege.org/sa/login.php
Submission: On July 27 via manual (July 27th 2022, 1:13:34 am UTC) from NL — Scanned from FR

Summary HTTP 17 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 17 HTTP transactions. The main IP is 51.210.156.16, located in Doyet, France and belongs to OVH, FR. The main domain is indi9naclaim9nt.vbttcollege.org.
TLS certificate: Issued by R3 on July 16th 2022. Valid for: 3 months.

This is the only time indi9naclaim9nt.vbttcollege.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Commonwealth Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
10	51.210.156.16 51.210.156.16	16276 (OVH) (OVH)
2	2600:9000:249... 2600:9000:2490:c00:a:6cdf:4440:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:223... 2600:9000:223f:ce00:1e:54f1:26c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:225... 2600:9000:2250:4400:13:ab57:d440:93a1	16509 (AMAZON-02) (AMAZON-02)
17	5

10 51.210.156.16 (Doyet, France)

ASN16276 (OVH, FR)
PTR: server61.secureclouddns.net

indi9naclaim9nt.vbttcollege.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2490:c00:a:6cdf:4440:93a1 (United States)

ASN16509 (AMAZON-02, US)

1.a79ab95c1589a13f8a4cab612bc71f9f7.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223f:ce00:1e:54f1:26c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

1.b406929acabac9b095f124c81bdfcf57f.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2250:4400:13:ab57:d440:93a1 (United States)

ASN16509 (AMAZON-02, US)

1.c81358859121583b7adf2ace89cb39f44.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	vbttcollege.org indi9naclaim9nt.vbttcollege.org	703 KB
2	c81358859121583b7adf2ace89cb39f44.com 1.c81358859121583b7adf2ace89cb39f44.com — Cisco Umbrella Rank: 19264	4 KB
2	b406929acabac9b095f124c81bdfcf57f.com 1.b406929acabac9b095f124c81bdfcf57f.com — Cisco Umbrella Rank: 19129	4 KB
2	a79ab95c1589a13f8a4cab612bc71f9f7.com 1.a79ab95c1589a13f8a4cab612bc71f9f7.com — Cisco Umbrella Rank: 19287	4 KB
17	4

	Domain	Requested by
10	indi9naclaim9nt.vbttcollege.org	indi9naclaim9nt.vbttcollege.org
2	1.c81358859121583b7adf2ace89cb39f44.com	indi9naclaim9nt.vbttcollege.org 1.c81358859121583b7adf2ace89cb39f44.com
2	1.b406929acabac9b095f124c81bdfcf57f.com	indi9naclaim9nt.vbttcollege.org 1.b406929acabac9b095f124c81bdfcf57f.com
2	1.a79ab95c1589a13f8a4cab612bc71f9f7.com	indi9naclaim9nt.vbttcollege.org 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
17	4

This site contains links to these domains. Also see Links.

Domain
www.commbank.com.au

Subject Issuer	Validity	Valid
indi9naclaim9nt.vbttcollege.org R3	`2022-07-16` - `2022-10-14`	3 months	crt.sh
*.a79ab95c1589a13f8a4cab612bc71f9f7.com Sectigo RSA Domain Validation Secure Server CA	`2022-04-04` - `2023-04-04`	a year	crt.sh
*.b406929acabac9b095f124c81bdfcf57f.com Sectigo RSA Domain Validation Secure Server CA	`2022-04-06` - `2023-04-07`	a year	crt.sh
*.c81358859121583b7adf2ace89cb39f44.com Sectigo RSA Domain Validation Secure Server CA	`2022-04-06` - `2023-04-07`	a year	crt.sh

This page contains 7 frames:

Primary Page: https://indi9naclaim9nt.vbttcollege.org/sa/login.php
Frame ID: 0AB79F20CF097BE79ADE65BE7959A394
Requests: 8 HTTP requests in this frame

Frame: https://indi9naclaim9nt.vbttcollege.org/sa/login_files/sign-out.html
Frame ID: 036F0DDBEDEA09BF2DAA7AC5792F2DD7
Requests: 4 HTTP requests in this frame

Frame: https://indi9naclaim9nt.vbttcollege.org/sa/login_files/signout.html
Frame ID: CF1A217490211738A2A64DC53ED2AA48
Requests: 1 HTTP requests in this frame

Frame: https://indi9naclaim9nt.vbttcollege.org/sa/login_files/Logon.html
Frame ID: 72F2DD2429C297522EACC6B3AC40E54E
Requests: 1 HTTP requests in this frame

Frame: https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
Frame ID: 84A0DEAB7E37C51095E0976E56B6BE28
Requests: 2 HTTP requests in this frame

Frame: https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
Frame ID: DF1FEBA6B6CB00D99E6AEBED9B77DD18
Requests: 2 HTTP requests in this frame

Frame: https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
Frame ID: 017FE46CF94F3EF2FDC3E66F401C1E89
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<input[^>]+name="__VIEWSTATE

Page Statistics

17
Requests

94 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

715 kB
Transfer

1063 kB
Size

4
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: http://www.commbank.com.au/passwtips
Title: Find out more

Search URL Search Domain Scan URL

URL: https://www.commbank.com.au/about-us/opportunity-initiatives/opportunity-from-community/sponsorships.html?mbt=nb-ql_sponsorships
Title: Supporting the game changers in women's sport

Search URL Search Domain Scan URL

URL: https://www.commbank.com.au/support/financial-difficulty.html?mbt=nb-ql_financialdifficulty
Title: Are you in financial difficulty? Apply for assistance.

Search URL Search Domain Scan URL

URL: https://www.commbank.com.au/digital-banking/benefits-finder.html?mbt=nb-ql_benefitsfinder
Title: Find benefits you may be eligible for during lockdown.

Search URL Search Domain Scan URL

URL: https://www.commbank.com.au/latest/support-for-home-loan-customers.html?mbt=nb-ql_supportHL
Title: Support for home loan customers

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request login.php Show response indi9naclaim9nt.vbttcollege.org/sa/	10 KB 4 KB	538ms 140ms	Document text/html	51.210.156.16 OVH
General Check archive.org Show headers Download Go to Full URL https://indi9naclaim9nt.vbttcollege.org/sa/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.210.156.16 Doyet, France, ASN16276 (OVH, FR), Reverse DNS server61.secureclouddns.net Software / Resource Hash `29a2d86ba07606bcb3a1fa6a49ff80b7cb0bc78a0a8e10ac98ab5f3408d4a5e6` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers alt-svc quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000 cache-control no-store, no-cache, must-revalidate content-encoding gzip content-type text/html; charset=UTF-8 date Wed, 27 Jul 2022 01:13:29 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache vary Accept-Encoding
GET H2	200	logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css indi9naclaim9nt.vbttcollege.org/sa/login_files/	31 KB 7 KB	43ms 40ms	Stylesheet text/css	51.210.156.16 OVH
General Check archive.org Show headers Download Go to Full URL https://indi9naclaim9nt.vbttcollege.org/sa/login_files/logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css Requested by Host: indi9naclaim9nt.vbttcollege.org URL: https://indi9naclaim9nt.vbttcollege.org/sa/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.210.156.16 Doyet, France, ASN16276 (OVH, FR), Reverse DNS server61.secureclouddns.net Software / Resource Hash `3f5e113479be0b0fcc8b12f03a0d6e8c1b504691c9524d19e74f0204581bc870` Request headers accept-language fr-FR,fr;q=0.9 Referer https://indi9naclaim9nt.vbttcollege.org/sa/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers date Wed, 27 Jul 2022 01:13:29 GMT content-encoding br last-modified Thu, 21 Jul 2022 20:16:54 GMT vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 6615 expires Wed, 03 Aug 2022 01:13:29 GMT
GET H2	200	2a817845.js.download Show response indi9naclaim9nt.vbttcollege.org/sa/login_files/	605 KB 605 KB	43ms 41ms	Script application/octet-stream	51.210.156.16 OVH
General Check archive.org Show headers Download Go to Full URL https://indi9naclaim9nt.vbttcollege.org/sa/login_files/2a817845.js.download Requested by Host: indi9naclaim9nt.vbttcollege.org URL: https://indi9naclaim9nt.vbttcollege.org/sa/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.210.156.16 Doyet, France, ASN16276 (OVH, FR), Reverse DNS server61.secureclouddns.net Software / Resource Hash `d33e375915cb5eae9c0eb5d165daaf2de294633cf59b6e767d24ea64ada4eede` Request headers accept-language fr-FR,fr;q=0.9 Referer https://indi9naclaim9nt.vbttcollege.org/sa/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers date Wed, 27 Jul 2022 01:13:29 GMT last-modified Thu, 21 Jul 2022 18:33:58 GMT accept-ranges bytes content-length 619266 content-type application/octet-stream
GET H2	200	cba_mainlogo.ac9de6fb5214be84653367c74ba0b5f0.gif indi9naclaim9nt.vbttcollege.org/sa/login_files/	5 KB 5 KB	54ms 54ms	Image image/gif	51.210.156.16 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://indi9naclaim9nt.vbttcollege.org/sa/login_files/cba_mainlogo.ac9de6fb5214be84653367c74ba0b5f0.gif Requested by Host: indi9naclaim9nt.vbttcollege.org URL: https://indi9naclaim9nt.vbttcollege.org/sa/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.210.156.16 Doyet, France, ASN16276 (OVH, FR), Reverse DNS server61.secureclouddns.net Software / Resource Hash `4620bea7b8db9ffe1747e9c29910d7ea2ec84a7a3c7416e7a8a70e450073d820` Request headers accept-language fr-FR,fr;q=0.9 Referer https://indi9naclaim9nt.vbttcollege.org/sa/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers date Wed, 27 Jul 2022 01:13:29 GMT cache-control public, max-age=604800 last-modified Thu, 21 Jul 2022 18:33:58 GMT accept-ranges bytes content-type image/gif content-length 4852 expires Wed, 03 Aug 2022 01:13:29 GMT
GET H2	200	nb-logon-floods.jpg indi9naclaim9nt.vbttcollege.org/sa/login_files/	28 KB 28 KB	55ms 55ms	Image image/jpeg	51.210.156.16 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://indi9naclaim9nt.vbttcollege.org/sa/login_files/nb-logon-floods.jpg Requested by Host: indi9naclaim9nt.vbttcollege.org URL: https://indi9naclaim9nt.vbttcollege.org/sa/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.210.156.16 Doyet, France, ASN16276 (OVH, FR), Reverse DNS server61.secureclouddns.net Software / Resource Hash `c97ab139820011a8fa74366aeb672f82f7bf0295aa96478620a3c50a49e18a20` Request headers accept-language fr-FR,fr;q=0.9 Referer https://indi9naclaim9nt.vbttcollege.org/sa/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers date Wed, 27 Jul 2022 01:13:29 GMT cache-control public, max-age=604800 last-modified Thu, 21 Jul 2022 18:33:58 GMT accept-ranges bytes content-type image/jpeg content-length 28356 expires Wed, 03 Aug 2022 01:13:29 GMT
GET H2	404	hbg.0236e4e9a193069c4e8554db8b06354c.png indi9naclaim9nt.vbttcollege.org/sa/images/	708 B 708 B	43ms 43ms	Image text/html	51.210.156.16 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://indi9naclaim9nt.vbttcollege.org/sa/images/hbg.0236e4e9a193069c4e8554db8b06354c.png Requested by Host: indi9naclaim9nt.vbttcollege.org URL: https://indi9naclaim9nt.vbttcollege.org/sa/login_files/logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.210.156.16 Doyet, France, ASN16276 (OVH, FR), Reverse DNS server61.secureclouddns.net Software / Resource Hash `37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa` Request headers accept-language fr-FR,fr;q=0.9 Referer https://indi9naclaim9nt.vbttcollege.org/sa/login_files/logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers pragma no-cache date Wed, 27 Jul 2022 01:13:29 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0 content-length 708 content-type text/html
GET BLOB	200 OK	4da27fb3-bce1-4f78-8279-71dc42c8148b https://indi9naclaim9nt.vbttcollege.org/	165 KB 0		Other text/plain
General Check archive.org Show headers Download Go to Full URL blob:https://indi9naclaim9nt.vbttcollege.org/4da27fb3-bce1-4f78-8279-71dc42c8148b Requested by Host: indi9naclaim9nt.vbttcollege.org URL: https://indi9naclaim9nt.vbttcollege.org/sa/login.php Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash `25e521f17135f161c1f02f0555af227292ab009967c461380e3135c414f288e6` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers Content-Length 169098
GET H2	404	logonsprite2.307a0c523f35f709f390895b4720d350.png indi9naclaim9nt.vbttcollege.org/sa/images/	708 B 708 B	16ms 15ms	Image text/html	51.210.156.16 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://indi9naclaim9nt.vbttcollege.org/sa/images/logonsprite2.307a0c523f35f709f390895b4720d350.png Requested by Host: indi9naclaim9nt.vbttcollege.org URL: https://indi9naclaim9nt.vbttcollege.org/sa/login_files/logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.210.156.16 Doyet, France, ASN16276 (OVH, FR), Reverse DNS server61.secureclouddns.net Software / Resource Hash `37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa` Request headers accept-language fr-FR,fr;q=0.9 Referer https://indi9naclaim9nt.vbttcollege.org/sa/login_files/logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers pragma no-cache date Wed, 27 Jul 2022 01:13:29 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0 content-length 708 content-type text/html
GET H2	200	sign-out.html Show response indi9naclaim9nt.vbttcollege.org/sa/login_files/ Frame 036F	200 KB 53 KB	27ms 26ms	Document text/html	51.210.156.16 OVH
General Check archive.org Show headers Download Go to Full URL https://indi9naclaim9nt.vbttcollege.org/sa/login_files/sign-out.html Requested by Host: indi9naclaim9nt.vbttcollege.org URL: https://indi9naclaim9nt.vbttcollege.org/sa/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.210.156.16 Doyet, France, ASN16276 (OVH, FR), Reverse DNS server61.secureclouddns.net Software / Resource Hash `59fd74bfdcd4695bdb2f2d5328ad1e3c280ecacf2bac376044e4ad10ad9f9eb1` Request headers Referer https://indi9naclaim9nt.vbttcollege.org/sa/login.php Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers accept-ranges bytes content-encoding br content-length 54616 content-type text/html date Wed, 27 Jul 2022 01:13:29 GMT last-modified Thu, 21 Jul 2022 18:34:00 GMT vary Accept-Encoding
GET H2	200	signout.html Show response indi9naclaim9nt.vbttcollege.org/sa/login_files/ Frame CF1A	275 B 201 B	67ms 66ms	Document text/html	51.210.156.16 OVH
General Check archive.org Show headers Download Go to Full URL https://indi9naclaim9nt.vbttcollege.org/sa/login_files/signout.html Requested by Host: indi9naclaim9nt.vbttcollege.org URL: https://indi9naclaim9nt.vbttcollege.org/sa/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.210.156.16 Doyet, France, ASN16276 (OVH, FR), Reverse DNS server61.secureclouddns.net Software / Resource Hash `ce237f166630bff12aadbddfef6ba22befa33876b94632e150e73964e47ade92` Request headers Referer https://indi9naclaim9nt.vbttcollege.org/sa/login.php Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers accept-ranges bytes content-encoding br content-length 147 content-type text/html date Wed, 27 Jul 2022 01:13:29 GMT last-modified Thu, 21 Jul 2022 18:34:00 GMT vary Accept-Encoding
GET H2	200	Logon.html Show response indi9naclaim9nt.vbttcollege.org/sa/login_files/ Frame 72F2	149 B 178 B	66ms 66ms	Document text/html	51.210.156.16 OVH
General Check archive.org Show headers Download Go to Full URL https://indi9naclaim9nt.vbttcollege.org/sa/login_files/Logon.html Requested by Host: indi9naclaim9nt.vbttcollege.org URL: https://indi9naclaim9nt.vbttcollege.org/sa/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.210.156.16 Doyet, France, ASN16276 (OVH, FR), Reverse DNS server61.secureclouddns.net Software / Resource Hash `97f9b10039b05e1af4a3c9b778fc72ba44cf68a376e4ec1d55f2558f16cf3e50` Request headers Referer https://indi9naclaim9nt.vbttcollege.org/sa/login.php Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers accept-ranges bytes content-length 149 content-type text/html date Wed, 27 Jul 2022 01:13:29 GMT last-modified Thu, 21 Jul 2022 18:34:00 GMT
GET DATA	200 OK	truncated / Frame 036F	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame 036F	5 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame 036F	155 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `7808605ddd1f0eaa454aa444293d2f0260943e51e53838fca46506e6a69fe521` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers Content-Type image/png
GET H2	200	crossdomain.html Show response 1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/ Frame 84A0	221 B 554 B	99ms 24ms	Document text/html	2600:9000:2490:c00:a:6cdf:4440:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html Requested by Host: indi9naclaim9nt.vbttcollege.org URL: https://indi9naclaim9nt.vbttcollege.org/sa/login_files/2a817845.js.download Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:c00:a:6cdf:4440:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6` Request headers Referer https://indi9naclaim9nt.vbttcollege.org/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers accept-ranges bytes age 7388 content-length 221 content-type text/html date Tue, 26 Jul 2022 23:10:23 GMT etag "21e34cf6a03f570df49e212018a567d0" last-modified Tue, 13 Oct 2020 12:04:25 GMT server AmazonS3 via 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront) x-amz-cf-id Pk9RpdRMrql8cnJkkgmJIiZBIa_tUXt732JXyCKq8-Ys3usk-azttQ== x-amz-cf-pop FRA56-P6 x-amz-version-id null x-cache Hit from cloudfront
GET H2	200	crossdomain.html Show response 1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/ Frame DF1F	221 B 555 B	112ms 26ms	Document text/html	2600:9000:223f:ce00:1e:54f1:26c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html Requested by Host: indi9naclaim9nt.vbttcollege.org URL: https://indi9naclaim9nt.vbttcollege.org/sa/login_files/2a817845.js.download Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:223f:ce00:1e:54f1:26c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6` Request headers Referer https://indi9naclaim9nt.vbttcollege.org/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers accept-ranges bytes age 35384 content-length 221 content-type text/html date Tue, 26 Jul 2022 15:23:47 GMT etag "21e34cf6a03f570df49e212018a567d0" last-modified Tue, 13 Oct 2020 12:04:25 GMT server AmazonS3 via 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront) x-amz-cf-id rySyzs2DvIwlSBqgewSbAGlX7cpNT3dQJDcO-bvkgkw1GM82I4AM4w== x-amz-cf-pop FRA56-P5 x-amz-version-id null x-cache Hit from cloudfront
GET H2	200	crossdomain.html Show response 1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/ Frame 017F	221 B 555 B	120ms 23ms	Document text/html	2600:9000:2250:4400:13:ab57:d440:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html Requested by Host: indi9naclaim9nt.vbttcollege.org URL: https://indi9naclaim9nt.vbttcollege.org/sa/login_files/2a817845.js.download Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2250:4400:13:ab57:d440:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6` Request headers Referer https://indi9naclaim9nt.vbttcollege.org/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers accept-ranges bytes age 64242 content-length 221 content-type text/html date Tue, 26 Jul 2022 07:22:49 GMT etag "21e34cf6a03f570df49e212018a567d0" last-modified Tue, 13 Oct 2020 12:04:25 GMT server AmazonS3 via 1.1 2f72de1f504b6784c7adb04e7fe314f2.cloudfront.net (CloudFront) x-amz-cf-id NH0LOXiRc4GWl4WOe00jQUnwBtrrNUnXWZrytULpz8Z2pDIVbTkpaA== x-amz-cf-pop FRA60-P2 x-amz-version-id null x-cache Hit from cloudfront
GET H2	200	crossdomain2.12.0.5273.b96c35cc.min.js Show response 1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/ Frame 84A0	3 KB 3 KB	26ms 25ms	Script application/javascript	2600:9000:2490:c00:a:6cdf:4440:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js Requested by Host: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com URL: https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:c00:a:6cdf:4440:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622` Request headers accept-language fr-FR,fr;q=0.9 Referer https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers x-amz-version-id null via 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront) last-modified Tue, 13 Oct 2020 12:04:25 GMT server AmazonS3 age 7383 etag "9ee48a4da9c402e8a23ad085fb71f28f" x-cache Hit from cloudfront content-type application/javascript date Tue, 26 Jul 2022 23:10:29 GMT x-amz-cf-pop FRA56-P6 accept-ranges bytes content-length 3227 x-amz-cf-id IpQWHmge3caDmNkf8q0KiFS8-IsYAvN0ha2p415OwBm5LU7ynwkHNA==
GET H2	200	crossdomain2.12.0.5273.b96c35cc.min.js Show response 1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/ Frame DF1F	3 KB 3 KB	27ms 27ms	Script application/javascript	2600:9000:223f:ce00:1e:54f1:26c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js Requested by Host: 1.b406929acabac9b095f124c81bdfcf57f.com URL: https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:223f:ce00:1e:54f1:26c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622` Request headers accept-language fr-FR,fr;q=0.9 Referer https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers x-amz-version-id null via 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront) last-modified Tue, 13 Oct 2020 12:04:25 GMT server AmazonS3 age 21550 etag "9ee48a4da9c402e8a23ad085fb71f28f" x-cache Hit from cloudfront content-type application/javascript date Tue, 26 Jul 2022 19:14:22 GMT x-amz-cf-pop FRA56-P5 accept-ranges bytes content-length 3227 x-amz-cf-id BoW44Cxp64BLezuYt0J-x3ilnyGBcArKr5YlM6dYYtZt_qcwDyAyjg==
GET H2	200	crossdomain2.12.0.5273.b96c35cc.min.js Show response 1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/ Frame 017F	3 KB 3 KB	24ms 24ms	Script application/javascript	2600:9000:2250:4400:13:ab57:d440:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js Requested by Host: 1.c81358859121583b7adf2ace89cb39f44.com URL: https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2250:4400:13:ab57:d440:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622` Request headers accept-language fr-FR,fr;q=0.9 Referer https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers x-amz-version-id null via 1.1 2f72de1f504b6784c7adb04e7fe314f2.cloudfront.net (CloudFront) last-modified Tue, 13 Oct 2020 12:04:25 GMT server AmazonS3 age 34439 etag "9ee48a4da9c402e8a23ad085fb71f28f" x-cache Hit from cloudfront content-type application/javascript date Tue, 26 Jul 2022 15:39:33 GMT x-amz-cf-pop FRA60-P2 accept-ranges bytes content-length 3227 x-amz-cf-id JT0AhIjIM04eiWXNOCQDpTCJFbRc6QtRGTJ4Dg46CKmfZGtCv4qaSw==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Commonwealth Bank (Banking)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
indi9naclaim9nt.vbttcollege.org/	1969-12-31 23:59:59	Name: PHPSESSID Value: 794b63e4a9572bf89f45fe0c8d23ab6b
.vbttcollege.org/	1969-12-31 23:59:59	Name: cdContextId Value: 1
.vbttcollege.org/	1970-01-20 13:33:40	Name: bmuid Value: 1658884409923-1C911C27-49E2-4FCB-B19A-960D6C5A3BAE
.vbttcollege.org/	1970-01-20 13:33:40	Name: cdSNum Value: 1658884410674-sjn0000847-2d2a1bd4-40f0-44f6-be76-967f9c04f2c8

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://indi9naclaim9nt.vbttcollege.org/sa/images/hbg.0236e4e9a193069c4e8554db8b06354c.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://indi9naclaim9nt.vbttcollege.org/sa/images/logonsprite2.307a0c523f35f709f390895b4720d350.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.a79ab95c1589a13f8a4cab612bc71f9f7.com
1.b406929acabac9b095f124c81bdfcf57f.com
1.c81358859121583b7adf2ace89cb39f44.com
indi9naclaim9nt.vbttcollege.org
2600:9000:223f:ce00:1e:54f1:26c0:93a1
2600:9000:2250:4400:13:ab57:d440:93a1
2600:9000:2490:c00:a:6cdf:4440:93a1
51.210.156.16
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6
25e521f17135f161c1f02f0555af227292ab009967c461380e3135c414f288e6
29a2d86ba07606bcb3a1fa6a49ff80b7cb0bc78a0a8e10ac98ab5f3408d4a5e6
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
3f5e113479be0b0fcc8b12f03a0d6e8c1b504691c9524d19e74f0204581bc870
4620bea7b8db9ffe1747e9c29910d7ea2ec84a7a3c7416e7a8a70e450073d820
59fd74bfdcd4695bdb2f2d5328ad1e3c280ecacf2bac376044e4ad10ad9f9eb1
7808605ddd1f0eaa454aa444293d2f0260943e51e53838fca46506e6a69fe521
97f9b10039b05e1af4a3c9b778fc72ba44cf68a376e4ec1d55f2558f16cf3e50
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622
c97ab139820011a8fa74366aeb672f82f7bf0295aa96478620a3c50a49e18a20
ce237f166630bff12aadbddfef6ba22befa33876b94632e150e73964e47ade92
d33e375915cb5eae9c0eb5d165daaf2de294633cf59b6e767d24ea64ada4eede
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

indi9naclaim9nt.vbttcollege.org Open in urlscan Pro 51.210.156.16 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

17 Requests

94 %HTTPS

75 %IPv6

4 Domains

4 Subdomains

5 IPs

2 Countries

715 kBTransfer

1063 kBSize

4 Cookies

5 Outgoing links

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

4 Cookies

2 Console Messages

Indicators

indi9naclaim9nt.vbttcollege.org Open in urlscan Pro
51.210.156.16 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

94 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

715 kB
Transfer

1063 kB
Size

4
Cookies

17 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!