intera.ca.up.b-d-a.in

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 111.118.215.246, located in India and belongs to PUBLIC-DOMAIN-REGISTRY, US. The main domain is intera.ca.up.b-d-a.in.
TLS certificate: Issued by R3 on January 10th 2023. Valid for: 3 months.

This is the only time intera.ca.up.b-d-a.in was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: National Bank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
6	111.118.215.246 111.118.215.246		394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY)
6	1

6 111.118.215.246 (India)

ASN394695 (PUBLIC-DOMAIN-REGISTRY, US)

intera.ca.up.b-d-a.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	b-d-a.in intera.ca.up.b-d-a.in	13 KB
6	1

	Domain	Requested by
6	intera.ca.up.b-d-a.in	intera.ca.up.b-d-a.in
6	1

This site contains no links.

Subject Issuer	Validity	Valid
intera.ca.up.b-d-a.in R3	`2023-01-10` - `2023-04-10`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/National.html?key=N8cd765674f509985a0dacca52176fa0c6265a23
Frame ID: 2F02A92A1D67EA1BD01A2211F6197CFB
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login | National Bank

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

13 kB
Transfer

40 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request National.html Show response intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/	6 KB 2 KB	750ms 252ms	Document text/html	111.118.215.246 PUBLIC-DOMAIN-REG...
General Check archive.org Show headers Download Go to Full URL https://intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/National.html?key=N8cd765674f509985a0dacca52176fa0c6265a23 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 111.118.215.246 , India, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US), Reverse DNS Software Apache / Resource Hash `5951f65b4c61b1bea1aae7e7de94578872544bc41bd6889e9dfd11fd4b55c704` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers accept-ranges bytes content-encoding gzip content-length 2218 content-type text/html date Thu, 12 Jan 2023 01:19:48 GMT last-modified Fri, 23 Dec 2022 16:25:58 GMT server Apache vary Accept-Encoding
GET H2	200	font-awesome.min.css intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/National_fichiers/	30 KB 7 KB	253ms 253ms	Stylesheet text/css	111.118.215.246 PUBLIC-DOMAIN-REG...
General Check archive.org Show headers Download Go to Full URL https://intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/National_fichiers/font-awesome.min.css Requested by Host: intera.ca.up.b-d-a.in URL: https://intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/National.html?key=N8cd765674f509985a0dacca52176fa0c6265a23 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 111.118.215.246 , India, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US), Reverse DNS Software Apache / Resource Hash `799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd` Request headers accept-language en-CA,en;q=0.9 Referer https://intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/National.html?key=N8cd765674f509985a0dacca52176fa0c6265a23 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Thu, 12 Jan 2023 01:19:48 GMT content-encoding gzip last-modified Sun, 11 Dec 2022 21:39:52 GMT server Apache vary Accept-Encoding content-type text/css accept-ranges bytes content-length 7114
GET H2	200	logo_CA000006_FULL_IMAGE.svg intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/National_fichiers/	4 KB 4 KB	251ms 250ms	Image image/svg+xml	111.118.215.246 PUBLIC-DOMAIN-REG...
General Check archive.org Show headers Download Go to Show image Full URL https://intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/National_fichiers/logo_CA000006_FULL_IMAGE.svg Requested by Host: intera.ca.up.b-d-a.in URL: https://intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/National.html?key=N8cd765674f509985a0dacca52176fa0c6265a23 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 111.118.215.246 , India, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US), Reverse DNS Software Apache / Resource Hash `7ed4383e1732ec505b094b3856dc7375fef1bf351eea96775758ffc5461f1074` Request headers accept-language en-CA,en;q=0.9 Referer https://intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/National.html?key=N8cd765674f509985a0dacca52176fa0c6265a23 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Thu, 12 Jan 2023 01:19:48 GMT last-modified Sun, 11 Dec 2022 21:39:52 GMT server Apache accept-ranges bytes content-length 3875 content-type image/svg+xml
GET H2	404	fontawesome-webfont.woff2 intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/fonts/	0 0	341ms 341ms	Font text/html	111.118.215.246 PUBLIC-DOMAIN-REG...
General Check archive.org Show headers Download Go to Full URL https://intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/fonts/fontawesome-webfont.woff2?v=4.7.0 Requested by Host: intera.ca.up.b-d-a.in URL: https://intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/National_fichiers/font-awesome.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 111.118.215.246 , India, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US), Reverse DNS Software Apache / Resource Hash Request headers Referer https://intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/National_fichiers/font-awesome.min.css Origin https://intera.ca.up.b-d-a.in accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Thu, 12 Jan 2023 01:19:48 GMT content-encoding gzip server Apache vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 link <https://intera.ca.up.b-d-a.in/wp-json/>; rel="https://api.w.org/" content-length 10795 expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	404	fontawesome-webfont.woff intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/fonts/	0 0	349ms 349ms	Font text/html	111.118.215.246 PUBLIC-DOMAIN-REG...
General Check archive.org Show headers Download Go to Full URL https://intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/fonts/fontawesome-webfont.woff?v=4.7.0 Requested by Host: intera.ca.up.b-d-a.in URL: https://intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/National_fichiers/font-awesome.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 111.118.215.246 , India, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US), Reverse DNS Software Apache / Resource Hash Request headers Referer https://intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/National_fichiers/font-awesome.min.css Origin https://intera.ca.up.b-d-a.in accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Thu, 12 Jan 2023 01:19:48 GMT content-encoding gzip server Apache vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 link <https://intera.ca.up.b-d-a.in/wp-json/>; rel="https://api.w.org/" content-length 10795 expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	404	fontawesome-webfont.ttf intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/fonts/	0 0	342ms 342ms	Font text/html	111.118.215.246 PUBLIC-DOMAIN-REG...
General Check archive.org Show headers Download Go to Full URL https://intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/fonts/fontawesome-webfont.ttf?v=4.7.0 Requested by Host: intera.ca.up.b-d-a.in URL: https://intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/National_fichiers/font-awesome.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 111.118.215.246 , India, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US), Reverse DNS Software Apache / Resource Hash Request headers Referer https://intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/National_fichiers/font-awesome.min.css Origin https://intera.ca.up.b-d-a.in accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Thu, 12 Jan 2023 01:19:49 GMT content-encoding gzip server Apache vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 link <https://intera.ca.up.b-d-a.in/wp-json/>; rel="https://api.w.org/" content-length 10795 expires Wed, 11 Jan 1984 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: National Bank (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/fonts/fontawesome-webfont.woff2?v=4.7.0 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/fonts/fontawesome-webfont.woff?v=4.7.0 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://intera.ca.up.b-d-a.in/654049397be80ae91bab91900110ca32/NATIONALBNK/fonts/fontawesome-webfont.ttf?v=4.7.0 Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

intera.ca.up.b-d-a.in
111.118.215.246
5951f65b4c61b1bea1aae7e7de94578872544bc41bd6889e9dfd11fd4b55c704
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7ed4383e1732ec505b094b3856dc7375fef1bf351eea96775758ffc5461f1074

intera.ca.up.b-d-a.in Open in urlscan Pro 111.118.215.246 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

6 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

13 kBTransfer

40 kBSize

0 Cookies

0 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

3 Console Messages

Indicators

intera.ca.up.b-d-a.in Open in urlscan Pro
111.118.215.246 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

13 kB
Transfer

40 kB
Size

0
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!