intera.ca.up.b-d-a.in
Open in
urlscan Pro
111.118.215.246
Malicious Activity!
Public Scan
Submission: On January 12 via automatic, source openphish — Scanned from CA
Summary
TLS certificate: Issued by R3 on January 10th 2023. Valid for: 3 months.
This is the only time intera.ca.up.b-d-a.in was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: National Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 111.118.215.246 111.118.215.246 | 394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY) | |
6 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
b-d-a.in
intera.ca.up.b-d-a.in |
13 KB |
6 | 1 |
Domain | Requested by | |
---|---|---|
6 | intera.ca.up.b-d-a.in |
intera.ca.up.b-d-a.in
|
6 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
intera.ca.up.b-d-a.in R3 |
2023-01-10 - 2023-04-10 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/National.html?key=N8cd765674f509985a0dacca52176fa0c6265a23
Frame ID: 2F02A92A1D67EA1BD01A2211F6197CFB
Requests: 6 HTTP requests in this frame
Screenshot
Page Title
Login | National BankDetected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
National.html
intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/ |
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/National_fichiers/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_CA000006_FULL_IMAGE.svg
intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/National_fichiers/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-webfont.woff2
intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-webfont.woff
intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-webfont.ttf
intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: National Bank (Banking)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
intera.ca.up.b-d-a.in
111.118.215.246
5951f65b4c61b1bea1aae7e7de94578872544bc41bd6889e9dfd11fd4b55c704
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7ed4383e1732ec505b094b3856dc7375fef1bf351eea96775758ffc5461f1074