ksschool.org.in
Open in
urlscan Pro
199.79.62.93
Malicious Activity!
Public Scan
Submission: On January 14 via manual from IN — Scanned from DE
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 3rd 2021. Valid for: a year.
This is the only time ksschool.org.in was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 199.79.62.93 199.79.62.93 | 394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY) | |
1 | 2606:4700::68... 2606:4700::6811:8b6b | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 172.67.203.14 172.67.203.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 3 |
ASN394695 (PUBLIC-DOMAIN-REGISTRY, US)
PTR: cp-32.webhostbox.net
ksschool.org.in |
Apex Domain Subdomains |
Transfer | |
---|---|---|
1 |
retailnews.asia
www.retailnews.asia |
21 KB |
1 |
aftership.com
assets.aftership.com — Cisco Umbrella Rank: 135422 |
1 KB |
1 |
ksschool.org.in
ksschool.org.in |
1 KB |
3 | 3 |
Domain | Requested by | |
---|---|---|
1 | www.retailnews.asia |
ksschool.org.in
|
1 | assets.aftership.com |
ksschool.org.in
|
1 | ksschool.org.in | |
3 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ksschool.org.in Sectigo RSA Domain Validation Secure Server CA |
2021-09-03 - 2022-09-03 |
a year | crt.sh |
*.aftership.com Sectigo RSA Domain Validation Secure Server CA |
2021-03-08 - 2022-04-08 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-07-20 - 2022-07-19 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://ksschool.org.in/ric/DHL/portal/index.php
Frame ID: 6C188272D02853EED4DDBB219B45B1F2
Requests: 3 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
3 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.php
ksschool.org.in/ric/DHL/portal/ |
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dhl-global-mail.svg
assets.aftership.com/couriers/svg/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DHL-DB-620x400.jpg
www.retailnews.asia/wp-content/uploads/2017/05/ |
21 KB 21 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onsecuritypolicyviolation object| onslotchange0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.aftership.com
ksschool.org.in
www.retailnews.asia
172.67.203.14
199.79.62.93
2606:4700::6811:8b6b
0ed1e5fd4cd361206314340a9e48635ace0c6bee38c8f018763cca831f2b6630
26c51a4d55b139fe3f24d1b2630622998636cad914ad953b9d15e90db12e68cf
db6ebba2977a42a5e9b482609e688bcb5bd2952bb5eeb6170a0b3bac41ee2b3b