indrenicollege.edu.np
Open in
urlscan Pro
192.185.24.239
Malicious Activity!
Public Scan
Effective URL: https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/
Submission: On October 27 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on September 30th 2021. Valid for: 3 months.
This is the only time indrenicollege.edu.np was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: M&T Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 167.89.123.16 167.89.123.16 | 11377 (SENDGRID) (SENDGRID) | |
1 1 | 3.33.152.147 3.33.152.147 | 16509 (AMAZON-02) (AMAZON-02) | |
2 14 | 192.185.24.239 192.185.24.239 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
2 | 69.16.175.42 69.16.175.42 | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
2 | 104.16.18.94 104.16.18.94 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.18.10.207 104.18.10.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 152.199.19.160 152.199.19.160 | 15133 (EDGECAST) (EDGECAST) | |
18 | 5 |
ASN11377 (SENDGRID, US)
PTR: o16789123x16.outbound-mail.sendgrid.net
u23803410.ct.sendgrid.net |
ASN16509 (AMAZON-02, US)
PTR: a4ec4c6ea1c92e2e6.awsglobalaccelerator.com
blackiron-capital.com |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 192-185-24-239.unifiedlayer.com
indrenicollege.edu.np |
ASN20446 (HIGHWINDS3, US)
PTR: tlb.hwcdn.net
code.jquery.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
indrenicollege.edu.np
2 redirects
indrenicollege.edu.np |
198 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com |
12 KB |
2 |
jquery.com
code.jquery.com |
53 KB |
1 |
aspnetcdn.com
ajax.aspnetcdn.com |
38 KB |
1 |
bootstrapcdn.com
stackpath.bootstrapcdn.com |
15 KB |
1 |
blackiron-capital.com
1 redirects
blackiron-capital.com |
317 B |
1 |
sendgrid.net
1 redirects
u23803410.ct.sendgrid.net |
236 B |
18 | 7 |
Domain | Requested by | |
---|---|---|
14 | indrenicollege.edu.np |
2 redirects
indrenicollege.edu.np
|
2 | cdnjs.cloudflare.com |
indrenicollege.edu.np
|
2 | code.jquery.com |
indrenicollege.edu.np
|
1 | ajax.aspnetcdn.com |
indrenicollege.edu.np
|
1 | stackpath.bootstrapcdn.com |
indrenicollege.edu.np
|
1 | blackiron-capital.com | 1 redirects |
1 | u23803410.ct.sendgrid.net | 1 redirects |
18 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.indrenicollege.edu.np R3 |
2021-09-30 - 2021-12-29 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-09-21 - 2022-09-20 |
a year | crt.sh |
*.vo.msecnd.net DigiCert SHA2 Secure Server CA |
2021-08-06 - 2022-08-06 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/
Frame ID: 2CEDBA91B0CA289EFA25A18777EC1C38
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
M&T Bank - Personal & Business Banking, Mortgages, & More | M&T BankPage URL History Show full URLs
-
https://u23803410.ct.sendgrid.net/ls/click?upn=Hr95s4qHLg-2FmDAKqH9IngFiLQsgcxOTGbwWKhtpWG4v-2B-2Fu8dt5S-2FnpY...
HTTP 302
http://blackiron-capital.com/4ABW HTTP 302
https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/index.php HTTP 302
https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W HTTP 301
https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://u23803410.ct.sendgrid.net/ls/click?upn=Hr95s4qHLg-2FmDAKqH9IngFiLQsgcxOTGbwWKhtpWG4v-2B-2Fu8dt5S-2FnpYUMKCCc7guwIAD_nPsgXGP7eH-2FFb5vlIXEz5o-2BYdWjW-2B4BhmvPBsrO2raxaTbH7QpeYMKbR9sQseFtgffH22b1GhNxlwIsf7UUWy8ymsaoYl8y3zYR6CXWcm-2BvERKMsSriivNB-2BmBftm685-2B3sy1V8OsrHrShFNlPn0w6UlD3O5BMPMltKK-2FoFh-2FNCmHHhzoqPqygFKObBZBfIYfNDSKn-2F46uiJWjpo4wEQLXurNJkPMPTW-2BCyNZxhU2Wg-3D
HTTP 302
http://blackiron-capital.com/4ABW HTTP 302
https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/index.php HTTP 302
https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W HTTP 301
https://indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/ Redirect Chain
|
8 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/css/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jqueryLib.js
indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/js/ |
85 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.min.js
code.jquery.com/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.slim.min.js
code.jquery.com/ |
68 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/ |
20 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/ |
49 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.min.js
ajax.aspnetcdn.com/ajax/jQuery/ |
85 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mask.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/ |
20 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
actions.js
indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/js/ |
1 KB 573 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loading.gif
indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/img/ |
38 KB 38 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
altheas-spotlight-olb-desktop.jpg
indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/img/ |
88 KB 88 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img2.png
indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/img/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img7.png
indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img3.png
indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/img/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img4.png
indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/img/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img5.png
indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img8.png
indrenicollege.edu.np/mtbbn/3.mtb.com_lastbornencode/W/img/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: M&T Bank (Banking)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| $ function| jQuery function| numbersOnly function| digitsOnly function| allowedChars function| isOneOf string| h object| a object| j function| m object| k number| g number| f string| c string| b function| n function| Popper object| bootstrap1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
indrenicollege.edu.np/ | Name: PHPSESSID Value: 131bb94f3a50dd9bcc64e695fd356108 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.aspnetcdn.com
blackiron-capital.com
cdnjs.cloudflare.com
code.jquery.com
indrenicollege.edu.np
stackpath.bootstrapcdn.com
u23803410.ct.sendgrid.net
104.16.18.94
104.18.10.207
152.199.19.160
167.89.123.16
192.185.24.239
3.33.152.147
69.16.175.42
02835066969199e9924f1332f7172a5d7e552f023a20c3d8ba03bb6c51ce5be5
0bca10549df770ab6790046799e5a9e920c286453ebbb2afb0d3055339245339
109c3287b49a53c8543769064e0aab2837b37d64c0396c8cb4f84daedb54187e
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1963d31b3357ace8f6803cba37251f35d5ba3089e737715d21f11f4629118b1e
282da7565c2ee18708b97e9f96da8fd12ca38175808591c3990e99fb837f9e46
2e13ffdcf66d7b41a3e01fd305d4f472d58d62945d3fb7f26c5f5c515cf7733b
4bd257e33b3684fb33188e96b56f2765a161760871f00688d037141b267ee2ca
5e3d5246b17e19e65385092db07554d8e1c5c4a226a6d7f97824b8e1e8571e34
6367477cfd5f1188d09d073ed7110d798b2b898c37b9c5319edf6e408f2338ad
70e85a009826725354b61dda5e78f14418a117f6d4646550d2c55c499ec64a50
7669788aaf850c14ad42eb843c95c983480c3e74f898b9290f98e9fa503d950f
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
9f550e6f3dc6e0b870821bf2eee523bd46d83da8711e4f2eaad9413f6fb04353
bbf0f003abd044530368e0c31af1535ed447be0a6286b132f0575ddd651c08e1
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
c855c3d83c53abee49d33f74321afcc166cd2dd5296b9011a8c113ff3a3318b9
dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1