wordpress-942901-3283724.cloudwaysapps.com
Open in
urlscan Pro
139.59.66.137
Malicious Activity!
Public Scan
Submission: On February 17 via api from US — Scanned from US
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 9th 2022. Valid for: a year.
This is the only time wordpress-942901-3283724.cloudwaysapps.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: State Bank of India (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
28 | 139.59.66.137 139.59.66.137 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
1 2 | 2405:a700:14:... 2405:a700:14:12c::148 | 45644 (SBI-EMS-N...) (SBI-EMS-NET-IN IT-Networking Department) | |
29 | 2 |
ASN14061 (DIGITALOCEAN-ASN, US)
PTR: 942901.cloudwaysapps.com
wordpress-942901-3283724.cloudwaysapps.com |
ASN45644 (SBI-EMS-NET-IN IT-Networking Department, IN)
retail.onlinesbi.com | |
retail.onlinesbi.sbi |
Apex Domain Subdomains |
Transfer | |
---|---|---|
28 |
cloudwaysapps.com
wordpress-942901-3283724.cloudwaysapps.com |
395 KB |
1 |
onlinesbi.sbi
retail.onlinesbi.sbi — Cisco Umbrella Rank: 215844 |
6 KB |
1 |
onlinesbi.com
1 redirects
retail.onlinesbi.com |
118 B |
29 | 3 |
Domain | Requested by | |
---|---|---|
28 | wordpress-942901-3283724.cloudwaysapps.com |
wordpress-942901-3283724.cloudwaysapps.com
|
1 | retail.onlinesbi.sbi |
wordpress-942901-3283724.cloudwaysapps.com
|
1 | retail.onlinesbi.com | 1 redirects |
29 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.sbi.co.in |
homeloans.sbi |
retail.onlinesbi.com |
anchor-railroad-based-adobe.trycloudflare.com |
crcf.sbi.co.in |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.cloudwaysapps.com Sectigo RSA Domain Validation Secure Server CA |
2022-09-09 - 2023-10-10 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://wordpress-942901-3283724.cloudwaysapps.com/index.html
Frame ID: A3BC9C0AFD69C17B9AE9AEDD4AD6FDC2
Requests: 29 HTTP requests in this frame
Screenshot
Page Title
State Bank of India - Personal BankingState Bank of IndiaDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
16 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: About OnlineSBI
Search URL Search Domain Scan URL
Title: Forms
Search URL Search Domain Scan URL
Title: Home
Search URL Search Domain Scan URL
Title: How Do I
Search URL Search Domain Scan URL
Title: Privacy Statement
Search URL Search Domain Scan URL
Title: Disclosure
Search URL Search Domain Scan URL
Title: Terms of Service (Terms & Conditions)
Search URL Search Domain Scan URL
Title: More ...
Search URL Search Domain Scan URL
Title: Complaints
Search URL Search Domain Scan URL
Title: Password Management
Search URL Search Domain Scan URL
Title: Security Tips
Search URL Search Domain Scan URL
Title: FAQ
Search URL Search Domain Scan URL
Title: About Phishing
Search URL Search Domain Scan URL
Title: www.sbi.co.in
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 27- https://retail.onlinesbi.com/retail/simpleCaptchaServ?1676646754719 HTTP 307
- https://retail.onlinesbi.sbi/retail/simpleCaptchaServ
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.html
wordpress-942901-3283724.cloudwaysapps.com/ |
60 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min-3.4.1.css
wordpress-942901-3283724.cloudwaysapps.com/css/ |
119 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
wordpress-942901-3283724.cloudwaysapps.com/css/ |
119 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap-theme.min.css
wordpress-942901-3283724.cloudwaysapps.com/css/ |
23 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
wordpress-942901-3283724.cloudwaysapps.com/js/ |
39 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
phishing_login_lang.css
wordpress-942901-3283724.cloudwaysapps.com/css/ |
19 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.min.js
wordpress-942901-3283724.cloudwaysapps.com/js/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min-3.4.1.js
wordpress-942901-3283724.cloudwaysapps.com/js/ |
39 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common_virtual.js
wordpress-942901-3283724.cloudwaysapps.com/js/ |
21 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
virtualkb_login.js
wordpress-942901-3283724.cloudwaysapps.com/js/ |
7 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.vticker.min.js
wordpress-942901-3283724.cloudwaysapps.com/js/ |
2 KB 893 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loginTrouble_5034_security.js
wordpress-942901-3283724.cloudwaysapps.com/js/ |
5 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
md5_5034.js
wordpress-942901-3283724.cloudwaysapps.com/js/ |
7 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sha512.js
wordpress-942901-3283724.cloudwaysapps.com/js/ |
12 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
profile_sha10092020.js
wordpress-942901-3283724.cloudwaysapps.com/js/ |
10 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common.js
wordpress-942901-3283724.cloudwaysapps.com/js/ |
23 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
profile_sha_gc3_sec_260819.js
wordpress-942901-3283724.cloudwaysapps.com/js/ |
13 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
HomeLoanButton.png
wordpress-942901-3283724.cloudwaysapps.com/images/ |
20 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
personal_banner.jpg
wordpress-942901-3283724.cloudwaysapps.com/images/ |
74 KB 74 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email-decode.min.js
wordpress-942901-3283724.cloudwaysapps.com/js/ |
1 KB 851 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
veriSign_logo.png
wordpress-942901-3283724.cloudwaysapps.com/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
netbanking_img.png
wordpress-942901-3283724.cloudwaysapps.com/images/ |
78 KB 79 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_sprite.png
wordpress-942901-3283724.cloudwaysapps.com/images/ |
38 KB 38 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer_separator.png
wordpress-942901-3283724.cloudwaysapps.com/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
green_smiley.png
wordpress-942901-3283724.cloudwaysapps.com/images/ |
19 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
red_smiley.png
wordpress-942901-3283724.cloudwaysapps.com/images/ |
20 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
list_arrow.png
wordpress-942901-3283724.cloudwaysapps.com/images/ |
981 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login_img.png
wordpress-942901-3283724.cloudwaysapps.com/sbijava/retail/images/ |
16 B 16 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
simpleCaptchaServ
retail.onlinesbi.sbi/retail/ Redirect Chain
|
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: State Bank of India (Banking)90 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| oncontentvisibilityautostatechange function| $ function| jQuery function| disableautocompletion function| checkSpecial function| selectAddress function| selectPaymentMode function| addressValidation function| onSubmitCheckbook function| selectAccountNo function| changeButton function| validateTransfers function| standOnSubmitValidate6 function| standOnSubmitValidate5 function| standOnSubmitValidate4 function| standOnSubmitValidate2 function| standOnSubmitValidate1 function| rTrim function| dateValidation function| displayNo function| dateValidation1 function| getBankSystem function| setBankSystem function| validateTransfersForAccount function| openpopup undefined| fieldObj boolean| bCaps number| focus_count string| sHTML string| tempVk function| getArr function| getFocus function| constructKeyboard function| putChar function| setCaretTo function| changeCase function| setCaps function| toggleCap function| setClearAll function| backspacevk function| vkClear function| shuffle function| submitLogin function| submitRSupportLogin object| troubleID function| showForm function| submitPPK function| submitSupportLogin function| disableCtrlKeyCombination function| MD5 function| encryptPassword function| encryptLoginPassword object| CryptoJS function| encryptSha2LoginPassword function| encryptSha2ProfilePassword function| encryptShaPassCode function| verifyProfilePasswordSha function| profilePWDValidationSha function| validateSetPasswordSha function| submitLoginSha function| verifyProfilePasswordShaSalt function| encryptSha2ProfilePasswordVerify function| profilePWDValidationShaRetail function| setFocus function| disableSubmitButton function| statusChange function| selectAccountNoDD function| isNumberCheck function| submitLoginShagc string| message function| clickIE4 function| clickNS4 function| getUrlParameter function| init function| fnShowContent function| fnNewUserClick function| openemail boolean| isOpera boolean| isFirefox boolean| isSafari boolean| isIE boolean| isEdge boolean| isChrome boolean| isBlink function| getUserSelImgCaptcha function| getUserSelAudCaptcha function| refreshImg function| moveUp function| moveDown0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
retail.onlinesbi.com
retail.onlinesbi.sbi
wordpress-942901-3283724.cloudwaysapps.com
139.59.66.137
2405:a700:14:12c::148
029b23e41ef448a89ae5a11f57f82981fd39bc1f041f2efd59ce7b04a847d314
02ca0800a55a962ee21ef5384696af86a76d7a8400905e2875588ea5c584fad0
0c37ce37550aacf3097f908793a152f355c492f50581fee55699e940b0c21008
157b07aaa438e008f92fd087d56ffd7c9f5d304cf94cb6f9c4e0d94b3f2c828b
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2a13f98c355fed043f3cfc57131210826dd3f7a60e6c5163a9baaeba3ab326e5
2d58105906529c5e7d37d81d7f10e9fd044df4a2f6ff31411f598c8d7505ce3f
3b29a6a9164359e6b62430255b62d2adfcfa77f2153a3aedb8ed619f5cd8a046
46f61472da2ecf768076b0c23f2a888499c09b577315bce0b62798ce145af53d
64024ec24c64ace67037ec31bd353c5e39dea65ddff54f003f86244049eb615c
894c7dd5b82eb62abe7578e84bb55a8bddd064761dfa1941e142ead5172b4355
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
8d713897b10bac1e8642e21bebaca16a7d5afec6db669c498252d1f781fd9dd0
9e6f202ec2e66324d37eab78a4884fc70375db0497f9ae00d87ab21a982a1288
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe
a628590db5c4eece8db60001a7d58a58d866c37fdcf048aa129dac4722033606
a8ad321d66d706c27591820636e82154bf1529b63f838cef242d15bcdc47b541
b09208acdc5c450bab5ef7d33f143d138bc088297a5889d2164b128e1b7fd000
c27b5410eebda721e3882383474da7e4c52562bf402948e3d3b80d530893bbee
d7a665ab777788e73f5e8dc29734cffaa30dbfa1919bb8deab64fbe169785755
d81b23e01dd4de1ec66387746c7824ef6d1a91e1cdb0c7a2d59637072d04176c
df8cd6fb50e0991ac56ca667d9c11e5cdc0adab1586ceea4b3513757f824d9a6
e9a1d7f4f4905e3131676291515cc122232cda23fbc106cfca5f9a24739e29c6
ed57b9e2b57436b425ae9404be6ebde9ecc5001c3098af4a97aa9379848f41d8
ed662dca5eed9bd75ca1496307ad7ce5d797ab2359e47350bdbe075a422dbce2
f2e1cc227d6bbb4192e4a3becdfed971c7fc530d76200e43add11c98cb962c53
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fcb093c04126a66be130fe3b5e0196323e893b59bc13c4e87db65d634c50eb4d
fd5b80a96ebb1cc9e034f2fe02efb90c99ccf024cdfe271396a7061c8d1ab8be