indrenicollege.edu.np Open in urlscan Pro
192.185.24.239 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://u23803410.ct.sendgrid.net/ls/click?upn=Hr95s4qHLg-2FmDAKqH9IngFiLQsgcxOTGbwWKhtpWG4v-2B-2Fu8dt5S-2FnpYUMKCCc7guwIAD_nPsgXG...
Effective URL:
https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/
Submission: On October 27 via manual (October 27th 2021, 2:04:23 pm UTC) from US — Scanned from DE

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 7 domains to perform 18 HTTP transactions. The main IP is 192.185.24.239, located in Houston, United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is indrenicollege.edu.np.
TLS certificate: Issued by R3 on September 30th 2021. Valid for: 3 months.

This is the only time indrenicollege.edu.np was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: M&T Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.89.123.16 167.89.123.16	11377 (SENDGRID) (SENDGRID)
1 1	3.33.152.147 3.33.152.147	16509 (AMAZON-02) (AMAZON-02)
2 14	192.185.24.239 192.185.24.239	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
2	69.16.175.42 69.16.175.42	20446 (HIGHWINDS3) (HIGHWINDS3)
2	104.16.18.94 104.16.18.94	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.10.207 104.18.10.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	152.199.19.160 152.199.19.160	15133 (EDGECAST) (EDGECAST)
18	5

1 167.89.123.16 (United States) 1 redirects

ASN11377 (SENDGRID, US)
PTR: o16789123x16.outbound-mail.sendgrid.net

u23803410.ct.sendgrid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.33.152.147 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a4ec4c6ea1c92e2e6.awsglobalaccelerator.com

blackiron-capital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 192.185.24.239 (Houston, United States) 2 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 192-185-24-239.unifiedlayer.com

indrenicollege.edu.np	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.16.175.42 (Phoenix, United States)

ASN20446 (HIGHWINDS3, US)
PTR: tlb.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.18.94 (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.10.207 (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.19.160 (United States)

ASN15133 (EDGECAST, US)

ajax.aspnetcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	indrenicollege.edu.np 2 redirects indrenicollege.edu.np	198 KB
2	cloudflare.com cdnjs.cloudflare.com	12 KB
2	jquery.com code.jquery.com	53 KB
1	aspnetcdn.com ajax.aspnetcdn.com	38 KB
1	bootstrapcdn.com stackpath.bootstrapcdn.com	15 KB
1	blackiron-capital.com 1 redirects blackiron-capital.com	317 B
1	sendgrid.net 1 redirects u23803410.ct.sendgrid.net	236 B
18	7

	Domain	Requested by
14	indrenicollege.edu.np	2 redirects indrenicollege.edu.np
2	cdnjs.cloudflare.com	indrenicollege.edu.np
2	code.jquery.com	indrenicollege.edu.np
1	ajax.aspnetcdn.com	indrenicollege.edu.np
1	stackpath.bootstrapcdn.com	indrenicollege.edu.np
1	blackiron-capital.com	1 redirects
1	u23803410.ct.sendgrid.net	1 redirects
18	7

This site contains no links.

Subject Issuer	Validity	Valid
*.indrenicollege.edu.np R3	`2021-09-30` - `2021-12-29`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2021-08-06` - `2022-08-06`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/
Frame ID: 2CEDBA91B0CA289EFA25A18777EC1C38
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

M&T Bank - Personal & Business Banking, Mortgages, & More | M&T Bank

Page URL History Show full URLs

https://u23803410.ct.sendgrid.net/ls/click?upn=Hr95s4qHLg-2FmDAKqH9IngFiLQsgcxOTGbwWKhtpWG4v-2B-2Fu8dt5S-2FnpY... HTTP 302
http://blackiron-capital.com/4ABW HTTP 302
https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/index.php HTTP 302
https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W HTTP 301
https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/ Page URL

Page Statistics

18
Requests

100 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

5
IPs

1
Countries

316 kB
Transfer

582 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://u23803410.ct.sendgrid.net/ls/click?upn=Hr95s4qHLg-2FmDAKqH9IngFiLQsgcxOTGbwWKhtpWG4v-2B-2Fu8dt5S-2FnpYUMKCCc7guwIAD_nPsgXGP7eH-2FFb5vlIXEz5o-2BYdWjW-2B4BhmvPBsrO2raxaTbH7QpeYMKbR9sQseFtgffH22b1GhNxlwIsf7UUWy8ymsaoYl8y3zYR6CXWcm-2BvERKMsSriivNB-2BmBftm685-2B3sy1V8OsrHrShFNlPn0w6UlD3O5BMPMltKK-2FoFh-2FNCmHHhzoqPqygFKObBZBfIYfNDSKn-2F46uiJWjpo4wEQLXurNJkPMPTW-2BCyNZxhU2Wg-3D HTTP 302
http://blackiron-capital.com/4ABW HTTP 302
https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/index.php HTTP 302
https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W HTTP 301
https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/
Redirect Chain

https://u23803410.ct.sendgrid.net/ls/click?upn=Hr95s4qHLg-2FmDAKqH9IngFiLQsgcxOTGbwWKhtpWG4v-2B-2Fu8dt5S-2FnpYUMKCCc7guwIAD_nPsgXGP7eH-2FFb5vlIXEz5o-2BYdWjW-2B4BhmvPBsrO2raxaTbH7QpeYMKbR9sQseFtgffH...
http://blackiron-capital.com/4ABW
https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/index.php
https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W
https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/

8 KB
3 KB

301ms
301ms

Document
text/html

192.185.24.239
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.24.239 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-24-239.unifiedlayer.com
Software: Apache /
Resource Hash: 109c3287b49a53c8543769064e0aab2837b37d64c0396c8cb4f84daedb54187e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

vary: Accept-Encoding
content-encoding: gzip
content-length: 3271
content-type: text/html; charset=UTF-8
date: Wed, 27 Oct 2021 14:04:18 GMT
server: Apache

Redirect headers

location: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/
content-length: 271
content-type: text/html; charset=iso-8859-1
date: Wed, 27 Oct 2021 14:04:17 GMT
server: Apache

GET
H2 200 style.css
indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/css/ 8 KB
2 KB 152ms
151ms Stylesheet
text/css 192.185.24.239
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/css/style.css
Requested by: Host: indrenicollege.edu.np
URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.24.239 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-24-239.unifiedlayer.com
Software: Apache /
Resource Hash: 4bd257e33b3684fb33188e96b56f2765a161760871f00688d037141b267ee2ca

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 14:04:18 GMT
content-encoding: gzip
last-modified: Mon, 06 Sep 2021 21:34:00 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 2282

GET
H2 200 jqueryLib.js Show response
indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/js/ 85 KB
37 KB 153ms
151ms Script
application/javascript 192.185.24.239
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/js/jqueryLib.js
Requested by: Host: indrenicollege.edu.np
URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.24.239 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-24-239.unifiedlayer.com
Software: Apache /
Resource Hash: 282da7565c2ee18708b97e9f96da8fd12ca38175808591c3990e99fb837f9e46

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 14:04:18 GMT
content-encoding: gzip
last-modified: Wed, 06 Jan 2021 19:26:28 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 jquery-3.2.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 49ms
16ms Script
application/javascript 69.16.175.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.2.1.min.js
Requested by: Host: indrenicollege.edu.np
URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.42 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: tlb.hwcdn.net
Software: nginx /
Resource Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://indrenicollege.edu.np/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 14:04:18 GMT
content-encoding: gzip
last-modified: Mon, 20 Mar 2017 19:01:15 GMT
server: nginx
etag: W/"58d026fb-15283"
vary: Accept-Encoding
x-hw: 1635343458.dop155.am5.t,1635343458.cds263.am5.hn,1635343458.cds255.am5.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30125

GET
H2 200 jquery-3.3.1.slim.min.js Show response
code.jquery.com/ 68 KB
24 KB 47ms
15ms Script
application/javascript 69.16.175.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.3.1.slim.min.js
Requested by: Host: indrenicollege.edu.np
URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.42 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: tlb.hwcdn.net
Software: nginx /
Resource Hash: dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1

Request headers

Referer: https://indrenicollege.edu.np/
Origin: https://indrenicollege.edu.np
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 14:04:18 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-1111d"
vary: Accept-Encoding
x-hw: 1635343458.dop219.am5.t,1635343458.cds228.am5.hn,1635343458.cds294.am5.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 24038

GET
H2 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/ 20 KB
7 KB 41ms
16ms Script
application/javascript 104.16.18.94
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js

Requested by

Host: indrenicollege.edu.np
URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.18.94 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02835066969199e9924f1332f7172a5d7e552f023a20c3d8ba03bb6c51ce5be5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://indrenicollege.edu.np/
Origin: https://indrenicollege.edu.np
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 14:04:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2515589
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 6458
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:15:37 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fa9-500f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ltLxxSB3SxSxRl8H1f0i%2FQiq88msSAgoBz0UppRIF4o5BtJYPSM0XITx%2FLMB7GkoeBFUzgn5Sj6BCXD8pbEFl%2B%2BJjztjzuzKNWegk%2FM4jRKlSCpDNp0wzFPp3JXnmOqffCYA7sr2"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6a4c7907085521ab-DUS
expires: Mon, 17 Oct 2022 14:04:18 GMT

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/ 49 KB
15 KB 44ms
20ms Script
application/javascript 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js

Requested by

Host: indrenicollege.edu.np
URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.10.207 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0bca10549df770ab6790046799e5a9e920c286453ebbb2afb0d3055339245339

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://indrenicollege.edu.np/
Origin: https://indrenicollege.edu.np
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 14:04:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 565, 718, 718
age: 74996
cdn-cachedat: 2021-06-08 18:02:12
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:05 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 1015ce8119d553772effd7c88919acd4
cf-ray: 6a4c790709c5fad4-DUS
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 jquery-3.3.1.min.js Show response
ajax.aspnetcdn.com/ajax/jQuery/ 85 KB
38 KB 30ms
6ms Script
application/javascript 152.199.19.160
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js

Requested by

Host: indrenicollege.edu.np
URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.160 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8E87) /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://indrenicollege.edu.np/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 14:04:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2724610
x-cache: HIT
content-length: 38892
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Jan 2018 19:27:49 GMT
server: ECAcc (frc/8E87)
etag: "af301a17b793d31:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 jquery.mask.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/ 20 KB
5 KB 43ms
19ms Script
application/javascript 104.16.18.94
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js

Requested by

Host: indrenicollege.edu.np
URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.18.94 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://indrenicollege.edu.np/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 14:04:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2616518
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4517
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec3-4e98"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8pF7G8P5f9kX8NCttXPC%2B39z7IK07xbpA4yeNSrZ3Q2vFnlQxrjtHeACS82gQWRPgkx%2BmUPX%2BqJEqyrNQKcgts6z4jDaVJectucN%2BTVPVgPi4DC%2BpAnJOhjMGnEVpyIiHvSr1siC"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6a4c79070d882151-DUS
expires: Mon, 17 Oct 2022 14:04:18 GMT

GET
H2 200 actions.js Show response
indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/js/ 1 KB
573 B 151ms
151ms Script
application/javascript 192.185.24.239
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/js/actions.js
Requested by: Host: indrenicollege.edu.np
URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.24.239 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-24-239.unifiedlayer.com
Software: Apache /
Resource Hash: 70e85a009826725354b61dda5e78f14418a117f6d4646550d2c55c499ec64a50

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 14:04:18 GMT
content-encoding: gzip
last-modified: Mon, 18 Jan 2021 21:00:58 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 502

GET
H2 200 loading.gif
indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/img/ 38 KB
38 KB 151ms
151ms Image
image/gif 192.185.24.239
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/img/loading.gif
Requested by: Host: indrenicollege.edu.np
URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.24.239 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-24-239.unifiedlayer.com
Software: Apache /
Resource Hash: 5e3d5246b17e19e65385092db07554d8e1c5c4a226a6d7f97824b8e1e8571e34

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 14:04:18 GMT
last-modified: Sat, 11 Aug 2018 18:03:52 GMT
server: Apache
accept-ranges: bytes
content-length: 38636
content-type: image/gif

GET
H2 200 altheas-spotlight-olb-desktop.jpg
indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/img/ 88 KB
88 KB 266ms
265ms Image
image/jpeg 192.185.24.239
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/img/altheas-spotlight-olb-desktop.jpg
Requested by: Host: indrenicollege.edu.np
URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.24.239 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-24-239.unifiedlayer.com
Software: Apache /
Resource Hash: 9f550e6f3dc6e0b870821bf2eee523bd46d83da8711e4f2eaad9413f6fb04353

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 14:04:18 GMT
last-modified: Mon, 06 Sep 2021 01:24:02 GMT
server: Apache
accept-ranges: bytes
content-length: 89722
content-type: image/jpeg

GET
H2 200 img2.png
indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/img/ 6 KB
6 KB 274ms
273ms Image
image/png 192.185.24.239
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/img/img2.png
Requested by: Host: indrenicollege.edu.np
URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.24.239 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-24-239.unifiedlayer.com
Software: Apache /
Resource Hash: 1963d31b3357ace8f6803cba37251f35d5ba3089e737715d21f11f4629118b1e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 14:04:18 GMT
last-modified: Mon, 27 Jul 2020 12:55:16 GMT
server: Apache
accept-ranges: bytes
content-length: 5650
content-type: image/png

GET
H2 200 img7.png
indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/img/ 3 KB
3 KB 274ms
274ms Image
image/png 192.185.24.239
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/img/img7.png
Requested by: Host: indrenicollege.edu.np
URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.24.239 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-24-239.unifiedlayer.com
Software: Apache /
Resource Hash: 7669788aaf850c14ad42eb843c95c983480c3e74f898b9290f98e9fa503d950f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 14:04:18 GMT
last-modified: Mon, 27 Jul 2020 01:41:10 GMT
server: Apache
accept-ranges: bytes
content-length: 3387
content-type: image/png

GET
H2 200 img3.png
indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/img/ 5 KB
5 KB 274ms
273ms Image
image/png 192.185.24.239
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/img/img3.png
Requested by: Host: indrenicollege.edu.np
URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.24.239 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-24-239.unifiedlayer.com
Software: Apache /
Resource Hash: bbf0f003abd044530368e0c31af1535ed447be0a6286b132f0575ddd651c08e1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 14:04:18 GMT
last-modified: Mon, 27 Jul 2020 01:36:36 GMT
server: Apache
accept-ranges: bytes
content-length: 5046
content-type: image/png

GET
H2 200 img4.png
indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/img/ 5 KB
5 KB 271ms
270ms Image
image/png 192.185.24.239
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/img/img4.png
Requested by: Host: indrenicollege.edu.np
URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.24.239 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-24-239.unifiedlayer.com
Software: Apache /
Resource Hash: 2e13ffdcf66d7b41a3e01fd305d4f472d58d62945d3fb7f26c5f5c515cf7733b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 14:04:18 GMT
last-modified: Mon, 27 Jul 2020 01:37:20 GMT
server: Apache
accept-ranges: bytes
content-length: 4782
content-type: image/png

GET
H2 200 img5.png
indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/img/ 3 KB
3 KB 270ms
270ms Image
image/png 192.185.24.239
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/img/img5.png
Requested by: Host: indrenicollege.edu.np
URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.24.239 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-24-239.unifiedlayer.com
Software: Apache /
Resource Hash: 6367477cfd5f1188d09d073ed7110d798b2b898c37b9c5319edf6e408f2338ad

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 14:04:18 GMT
last-modified: Mon, 27 Jul 2020 01:39:22 GMT
server: Apache
accept-ranges: bytes
content-length: 3409
content-type: image/png

GET
H2 200 img8.png
indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/img/ 6 KB
6 KB 270ms
270ms Image
image/png 192.185.24.239
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/img/img8.png
Requested by: Host: indrenicollege.edu.np
URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.24.239 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-24-239.unifiedlayer.com
Software: Apache /
Resource Hash: c855c3d83c53abee49d33f74321afcc166cd2dd5296b9011a8c113ff3a3318b9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 14:04:18 GMT
last-modified: Mon, 27 Jul 2020 01:42:18 GMT
server: Apache
accept-ranges: bytes
content-length: 5651
content-type: image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: M&T Bank (Banking)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			indrenicollege.edu.np/	1969-12-31 23:59:59	Name: PHPSESSID Value: 131bb94f3a50dd9bcc64e695fd356108

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.aspnetcdn.com
blackiron-capital.com
cdnjs.cloudflare.com
code.jquery.com
indrenicollege.edu.np
stackpath.bootstrapcdn.com
u23803410.ct.sendgrid.net
104.16.18.94
104.18.10.207
152.199.19.160
167.89.123.16
192.185.24.239
3.33.152.147
69.16.175.42
02835066969199e9924f1332f7172a5d7e552f023a20c3d8ba03bb6c51ce5be5
0bca10549df770ab6790046799e5a9e920c286453ebbb2afb0d3055339245339
109c3287b49a53c8543769064e0aab2837b37d64c0396c8cb4f84daedb54187e
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1963d31b3357ace8f6803cba37251f35d5ba3089e737715d21f11f4629118b1e
282da7565c2ee18708b97e9f96da8fd12ca38175808591c3990e99fb837f9e46
2e13ffdcf66d7b41a3e01fd305d4f472d58d62945d3fb7f26c5f5c515cf7733b
4bd257e33b3684fb33188e96b56f2765a161760871f00688d037141b267ee2ca
5e3d5246b17e19e65385092db07554d8e1c5c4a226a6d7f97824b8e1e8571e34
6367477cfd5f1188d09d073ed7110d798b2b898c37b9c5319edf6e408f2338ad
70e85a009826725354b61dda5e78f14418a117f6d4646550d2c55c499ec64a50
7669788aaf850c14ad42eb843c95c983480c3e74f898b9290f98e9fa503d950f
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
9f550e6f3dc6e0b870821bf2eee523bd46d83da8711e4f2eaad9413f6fb04353
bbf0f003abd044530368e0c31af1535ed447be0a6286b132f0575ddd651c08e1
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
c855c3d83c53abee49d33f74321afcc166cd2dd5296b9011a8c113ff3a3318b9
dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1

indrenicollege.edu.np Open in urlscan Pro 192.185.24.239 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

18 Requests

100 %HTTPS

0 %IPv6

7 Domains

7 Subdomains

5 IPs

1 Countries

316 kBTransfer

582 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

22 JavaScript Global Variables

1 Cookies

Indicators

indrenicollege.edu.np Open in urlscan Pro
192.185.24.239 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

5
IPs

1
Countries

316 kB
Transfer

582 kB
Size

1
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!