ksschool.org.in - urlscan.io

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 3 HTTP transactions. The main IP is 199.79.62.93, located in United States and belongs to PUBLIC-DOMAIN-REGISTRY, US. The main domain is ksschool.org.in.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 3rd 2021. Valid for: a year.

This is the only time ksschool.org.in was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1	199.79.62.93 199.79.62.93	394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY)
1	2606:4700::68... 2606:4700::6811:8b6b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.203.14 172.67.203.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	3

1 199.79.62.93 (United States)

ASN394695 (PUBLIC-DOMAIN-REGISTRY, US)
PTR: cp-32.webhostbox.net

ksschool.org.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:8b6b (United States)

ASN13335 (CLOUDFLARENET, US)

assets.aftership.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.203.14 (United States)

ASN13335 (CLOUDFLARENET, US)

www.retailnews.asia	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	retailnews.asia www.retailnews.asia	21 KB
1	aftership.com assets.aftership.com — Cisco Umbrella Rank: 135422	1 KB
1	ksschool.org.in ksschool.org.in	1 KB
3	3

	Domain	Requested by
1	www.retailnews.asia	ksschool.org.in
1	assets.aftership.com	ksschool.org.in
1	ksschool.org.in
3	3

This site contains no links.

Subject Issuer	Validity	Valid
ksschool.org.in Sectigo RSA Domain Validation Secure Server CA	`2021-09-03` - `2022-09-03`	a year	crt.sh
*.aftership.com Sectigo RSA Domain Validation Secure Server CA	`2021-03-08` - `2022-04-08`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-20` - `2022-07-19`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://ksschool.org.in/ric/DHL/portal/index.php
Frame ID: 6C188272D02853EED4DDBB219B45B1F2
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

DHL | eCommerce Login

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

3
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

24 kB
Transfer

25 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request index.php Show response
ksschool.org.in/ric/DHL/portal/ 3 KB
1 KB 1077ms
522ms Document
text/html 199.79.62.93
PUBLIC-DOMAIN-REG...

General

Check archive.org

Show headers Download Go to

Full URL: https://ksschool.org.in/ric/DHL/portal/index.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 199.79.62.93 , United States, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS: cp-32.webhostbox.net
Software: Apache /
Resource Hash: 26c51a4d55b139fe3f24d1b2630622998636cad914ad953b9d15e90db12e68cf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Fri, 14 Jan 2022 10:42:45 GMT
server: Apache
content-type: text/html; charset=UTF-8
content-length: 1217
vary: Accept-Encoding
content-encoding: gzip
x-server-cache: false

GET
H2 200 dhl-global-mail.svg
assets.aftership.com/couriers/svg/ 2 KB
1 KB 110ms
61ms Image
image/svg+xml 2606:4700::6811:8b6b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.aftership.com/couriers/svg/dhl-global-mail.svg

Requested by

Host: ksschool.org.in
URL: https://ksschool.org.in/ric/DHL/portal/index.php

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:8b6b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db6ebba2977a42a5e9b482609e688bcb5bd2952bb5eeb6170a0b3bac41ee2b3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ksschool.org.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 10:42:46 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 5575
x-amz-request-id: 9QMM50C0WR2G4R48
x-amz-id-2: aaXvs0/wRtq43dd7xLDKnWSYE3d6A/NEBsRQORNqyLrjVIVeM3PnJ5c9lRLmPH8kiHWtaQSFFmo=
last-modified: Mon, 15 Nov 2021 11:20:24 GMT
server: cloudflare
etag: W/"e6a62002150991322dbc84771ec83544"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
cache-control: public, max-age=86400
cf-ray: 6cd6426e6e565bed-FRA
expires: Sat, 15 Jan 2022 10:42:46 GMT

GET
H2 200 DHL-DB-620x400.jpg
www.retailnews.asia/wp-content/uploads/2017/05/ 21 KB
21 KB 99ms
29ms Image
image/jpeg 172.67.203.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.retailnews.asia/wp-content/uploads/2017/05/DHL-DB-620x400.jpg
Requested by: Host: ksschool.org.in
URL: https://ksschool.org.in/ric/DHL/portal/index.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.203.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ed1e5fd4cd361206314340a9e48635ace0c6bee38c8f018763cca831f2b6630

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ksschool.org.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 10:42:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1451962
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 21044
last-modified: Sat, 16 Dec 2017 11:36:33 GMT
server: cloudflare
etag: "5a350541-5234"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IF2tEMngLYNqGXgrwsljrWlgYls1FP4CT9mSNZBirOmHE3s61w19yJdlwzElczb2ybtnLDfN13LcQa90m9%2B0bvsVHUL383v%2Fz3KBxxMaBBHkNBjAG6VzFHWVXARE1KdtnReN7BxJ"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6cd6426e9e806940-FRA
expires: Fri, 27 Aug 2021 06:12:06 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onsecuritypolicyviolation object| onslotchange

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.aftership.com
ksschool.org.in
www.retailnews.asia
172.67.203.14
199.79.62.93
2606:4700::6811:8b6b
0ed1e5fd4cd361206314340a9e48635ace0c6bee38c8f018763cca831f2b6630
26c51a4d55b139fe3f24d1b2630622998636cad914ad953b9d15e90db12e68cf
db6ebba2977a42a5e9b482609e688bcb5bd2952bb5eeb6170a0b3bac41ee2b3b

ksschool.org.in Open in urlscan Pro 199.79.62.93 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

3 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

24 kBTransfer

25 kBSize

0 Cookies

0 Outgoing links

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

ksschool.org.in Open in urlscan Pro
199.79.62.93 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

24 kB
Transfer

25 kB
Size

0
Cookies

3 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!