mail.npcs.org.np
Open in
urlscan Pro
198.1.112.132
Malicious Activity!
Public Scan
Submission: On September 29 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 30th 2021. Valid for: 3 months.
This is the only time mail.npcs.org.np was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Scotiabank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 22 | 198.1.112.132 198.1.112.132 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 | 35.158.174.129 35.158.174.129 | 16509 (AMAZON-02) (AMAZON-02) | |
22 | 2 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: intellisoftnepal.com
mail.npcs.org.np |
ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-174-129.eu-central-1.compute.amazonaws.com
www.splash-screen.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
npcs.org.np
1 redirects
mail.npcs.org.np |
354 KB |
1 |
splash-screen.net
www.splash-screen.net |
867 B |
22 | 2 |
Domain | Requested by | |
---|---|---|
22 | mail.npcs.org.np |
1 redirects
mail.npcs.org.np
|
1 | www.splash-screen.net |
mail.npcs.org.np
|
22 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
maps.scotiabank.com |
www.scotiabank.com |
login.scotiabank.mobi |
Subject Issuer | Validity | Valid | |
---|---|---|---|
npcs.org.np cPanel, Inc. Certification Authority |
2021-08-30 - 2021-11-28 |
3 months | crt.sh |
*.splash-screen.net DigiCert TLS RSA SHA256 2020 CA1 |
2021-03-04 - 2022-03-09 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://mail.npcs.org.np/intercana/INTERAC/sco/
Frame ID: 5A505543D73F4AC69A54023C6179F232
Requests: 22 HTTP requests in this frame
Screenshot
Page Title
Sign in to Scotiabank Digital Banking ServicesPage URL History Show full URLs
-
https://mail.npcs.org.np/intercana/INTERAC/sco
HTTP 301
https://mail.npcs.org.np/intercana/INTERAC/sco/ Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
14 Outgoing links
These are links going to different origins than the main page.
Title: Branch & ABM Locator
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: What you need to activate
Search URL Search Domain Scan URL
Title: View demo
Search URL Search Domain Scan URL
Title: 1
Search URL Search Domain Scan URL
Title: Learn more
Search URL Search Domain Scan URL
Title: Safe Computing Practices
Search URL Search Domain Scan URL
Title: Your Security Responsibility
Search URL Search Domain Scan URL
Title: Report Online Fraud
Search URL Search Domain Scan URL
Title: Identity Theft
Search URL Search Domain Scan URL
Title: Phishing Scams
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Mobile Site
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://mail.npcs.org.np/intercana/INTERAC/sco
HTTP 301
https://mail.npcs.org.np/intercana/INTERAC/sco/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
mail.npcs.org.np/intercana/INTERAC/sco/ Redirect Chain
|
33 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
framework.pack.js
mail.npcs.org.np/intercana/INTERAC/sco/media/ |
57 KB 16 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loader.css
mail.npcs.org.np/intercana/INTERAC/sco/media/ |
357 KB 60 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-ui-1.8.2.custom.css
mail.npcs.org.np/intercana/INTERAC/sco/media/ |
10 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
c2c-loader.css
mail.npcs.org.np/intercana/INTERAC/sco/media/ |
111 B 257 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bns-jquery-1.4.2.js
mail.npcs.org.np/intercana/INTERAC/sco/media/ |
315 KB 85 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ajax-loader-small.gif
mail.npcs.org.np/intercana/INTERAC/sco/media/ |
673 B 778 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_print.png
mail.npcs.org.np/intercana/INTERAC/sco/media/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
scotiabank-group-bw.gif
mail.npcs.org.np/intercana/INTERAC/sco/media/ |
2 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
com_sun_faces_sunjsf.js.bns
mail.npcs.org.np/intercana/INTERAC/sco/media/ |
429 B 355 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_help.png
mail.npcs.org.np/intercana/INTERAC/sco/media/ |
643 B 694 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_success.png
mail.npcs.org.np/intercana/INTERAC/sco/media/ |
711 B 761 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ad-steel-mass-loginleft-en.png
mail.npcs.org.np/intercana/INTERAC/sco/media/ |
13 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ad-amex-gold-mass-loginright-en.png
mail.npcs.org.np/intercana/INTERAC/sco/media/ |
13 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nav-bg.png
mail.npcs.org.np/intercana/INTERAC/sco/media/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
scotiabank-group.gif
mail.npcs.org.np/intercana/INTERAC/sco/media/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg_vertical_dotted_line1.png
mail.npcs.org.np/intercana/INTERAC/sco/media/ |
77 B 149 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg_signon.png
mail.npcs.org.np/intercana/INTERAC/sco/media/ |
121 B 193 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lock.png
mail.npcs.org.np/intercana/INTERAC/sco/media/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
download-trustee.png
mail.npcs.org.np/intercana/INTERAC/sco/media/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rapi.js
www.splash-screen.net/18273/ |
414 B 867 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dfa.js
mail.npcs.org.np/js/ |
133 KB 135 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Scotiabank (Banking)51 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster function| Sarissa undefined| x undefined| _SARISSA_DOM_PROGID undefined| _SARISSA_XMLHTTP_PROGID undefined| _SARISSA_DOM_XMLWRITER undefined| importTable function| _JSFFormSubmit function| _clearJSFFormParameters function| clearFormHiddenParams object| A4J function| _sarissa_XMLDocument_onload object| LOG object| RichFaces undefined| $ function| jQuery function| DP_jQuery_1632878474082 function| $j string| analytics string| analyticsInternalLinks boolean| analyticsEnabled function| showContactUsCurtainByPhone function| showContactUsCurtainByMail function| showContactUsCurtainBySendEmail function| showHelpCurtainByTopQuestions function| showContactUsCurtainBySocialMedia function| clear_showContactUsByJSLink function| clearFormHiddenParams_showContactUsByJSLink function| clear_helpCentre_curtain_searchForm function| clearFormHiddenParams_helpCentre_curtain_searchForm function| moveFocus function| clear_helpCentre_curtain_contentForm function| clearFormHiddenParams_helpCentre_curtain_contentForm function| clear_helpCentre_curtainMenuControls_helpform function| clearFormHiddenParams_helpCentre_curtainMenuControls_helpform function| clear_helpCentre_curtainMenuControls_contactform function| clearFormHiddenParams_helpCentre_curtainMenuControls_contactform function| setContactTabFocus function| dpf function| apf function| jsfcljs function| rememberMyCard function| isCardNum function| rCallback function| setTrusteer function| scotiaAdvisorMailLinkEvent string| str string| host string| callback object| sn0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
mail.npcs.org.np
www.splash-screen.net
198.1.112.132
35.158.174.129
1dc148caf3ae416b653bfdcd9847da3642546e9683e164e2e0dc5c0aad6af87f
2290c1d1c885e7ffc5213c5f84fa864552c3640e35b5bfb45140d9f4356a6093
229def774e0909f6ae8d9938c0799f85f9f0d542f4026b68fb7d0d32a0df0ec3
2e434206f735dfdc7acc9d5dc5aa750f0cfee6618b97253ebcf5646831442087
340bbec44e1d7ff26bd5be0103a13a7eadec6a5adfb8ef6e659cb7fb105439c0
394c0a01807cd4bc1f625c4861728ec9830801ac90e6c0082fb3e52f792965d2
408f07113d8d08430067b70f17a6b248ce774dbe7fbf5fefd9037ff517889fd5
4320b7969df049d2ac843edc9d3b5611a6fee6802bde8bcfd97d1cbbafb7b45e
44a97b32eef433565dc0c1017f5006f90400ff552d74cc7e671824769270b701
4ad5eec2f4771fdee0d17472efc747d1c566344d8338a8805bee596ecc27d4e3
53a2a24686909a4abb16e5060056c532c65e3c98f1611114fa52b921d0a01927
541a235d37c4ecea24dbd30fb57297f1c97b7fa2a21995bc3e140d02dd58a4fb
601daeefb8827c77cddd58802053864b893b80914b242fb2269e0d5a243c3d32
744a1f4f91613c80cf192f53f37d58a97f2342551fc3688c6c1688ac3de97bad
7cf659908c2288ae706bc3c755a65b5e58ec26aa368c8ebdc29f5d9af033b324
816933517550c1e9fb4ba30176e10832a897b375de17ed22a7d53c7afb5910d3
8251c1d254247b1aa8888ee57024112771625046f92034f0ce262ebdf7f23052
a95fbdabc8d66f969f2e7c05e92b757dcc436c432c69eb4b45192aa68d90c9fd
b0e1986c0a6afc69833599884c684fc4557a820e47b4a7e357927c58d8854b1e
b48583bc5878d27332c6f751cfd7c9be9268330fb3f61d8af683ba0fa205f58a
c6cbdb8e854f700eeb987e01ff817004ed07596e74675b628f1611fe91213369
fc17754a6f9e9d37c0555502071edc6dbe99d2806b7b6d8466d032f47fc07318