krishnamotors.co - urlscan.io

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 5 HTTP transactions. The main IP is 194.28.85.182, located in Ukraine and belongs to HOSTPRO-AS, UA. The main domain is krishnamotors.co.

This is the only time krishnamotors.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: US Universities (Education)

Domain & IP information

	IP Address	AS Autonomous System
1	194.28.85.182 194.28.85.182	196645 (HOSTPRO-AS) (HOSTPRO-AS)
2	132.236.101.10 132.236.101.10	26 (CORNELL) (CORNELL - Cornell University)
5	3

1 194.28.85.182 (Ukraine)

ASN196645 (HOSTPRO-AS, UA)
PTR: omega.fastbighost.net

krishnamotors.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 132.236.101.10 (Ithaca, United States)

ASN26 (CORNELL - Cornell University, US)
PTR: adfs.ad.cornell.edu

adfs.ad.cornell.edu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	cornell.edu adfs.ad.cornell.edu	37 KB
1	krishnamotors.co krishnamotors.co	6 KB
5	2

	Domain	Requested by
2	adfs.ad.cornell.edu	krishnamotors.co
1	krishnamotors.co	krishnamotors.co
5	2

This site contains links to these domains. Also see Links.

Domain
www.it.cornell.edu
netid.cornell.edu
www.cit.cornell.edu
it.cornell.edu

Subject Issuer	Validity	Valid
adfs.ad.cornell.edu GeoTrust EV SSL CA - G4	`2016-05-27` - `2017-05-27`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://krishnamotors.co/ag/cornell.html
Frame ID: 18141.1
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

5
Requests

40 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

43 kB
Transfer

55 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: http://www.it.cornell.edu/services/cuweblogin/about-adfs3.cfm
Title: What is this?

Search URL Search Domain Scan URL

URL: https://netid.cornell.edu/NetIDManagement/idtype.html
Title: I forgot my password!

Search URL Search Domain Scan URL

URL: http://www.cit.cornell.edu/services/netid/faq.cfm
Title: I don't have a NetID. Now what?

Search URL Search Domain Scan URL

URL: http://it.cornell.edu/support/
Title: IT Service Desk

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request cornell.html Show response krishnamotors.co/ag/	18 KB 6 KB	160ms 33ms	Document text/html	194.28.85.182 HOSTPRO-AS
General Check archive.org Show headers Download Go to Full URL http://krishnamotors.co/ag/cornell.html Protocol HTTP/1.1 Server 194.28.85.182 , Ukraine, ASN196645 (HOSTPRO-AS, UA), Reverse DNS omega.fastbighost.net Software nginx admin / Resource Hash `e9062ad930de3023f16fc2ff28e0eb9a6be44c032d16781fc00597bdb0e3d15e` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host krishnamotors.co Accept-Language en-US,en;q=0.8 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Cache-Control no-cache Connection keep-alive Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Date Fri, 24 Mar 2017 04:35:24 GMT Content-Encoding gzip Vary Accept-Encoding Last-Modified Thu, 23 Mar 2017 17:50:56 GMT Server nginx admin Transfer-Encoding chunked Content-Type text/html Cache-Control max-age=2592000 Connection keep-alive Expires Sun, 23 Apr 2017 04:35:24 GMT
GET H/1.1	200 OK	style.css adfs.ad.cornell.edu/adfs/portal/css/	8 KB 8 KB	631ms 96ms	Stylesheet text/css	132.236.101.10 Cornell University
General Check archive.org Show headers Download Go to Full URL https://adfs.ad.cornell.edu/adfs/portal/css/style.css?id=D1C0974B05E76D98DCD6A63D8F2745B4A5D19FE4486C8321B681CB3D21C51715 Requested by Host: krishnamotors.co URL: http://krishnamotors.co/ag/cornell.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 132.236.101.10 Ithaca, United States, ASN26 (CORNELL - Cornell University, US), Reverse DNS adfs.ad.cornell.edu Software Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 / Resource Hash `6f0220eab314dbf0e7335b4fe5c621432ca7210071efd9eb9ba20632e913f631` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch, br Host adfs.ad.cornell.edu Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://krishnamotors.co/ag/cornell.html Connection keep-alive Cache-Control no-cache Referer http://krishnamotors.co/ag/cornell.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Date Fri, 24 Mar 2017 04:35:26 GMT Expires Sun, 23 Apr 2017 04:35:27 GMT Server Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 ETag D1C0974B05E76D98DCD6A63D8F2745B4A5D19FE4486C8321B681CB3D21C51715 Content-Length 8287 Content-Type text/css
GET H/1.1	200 OK	logo.jpg adfs.ad.cornell.edu/adfs/portal/logo/	29 KB 29 KB	800ms 265ms	Image image/jpg	132.236.101.10 Cornell University
General Check archive.org Show headers Download Go to Show image Full URL https://adfs.ad.cornell.edu/adfs/portal/logo/logo.jpg?id=20E1D7B4AB695D11A2D9834597263BE8AB2D397385F64A1D79AAEAD644FE3E8C Requested by Host: krishnamotors.co URL: http://krishnamotors.co/ag/cornell.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 132.236.101.10 Ithaca, United States, ASN26 (CORNELL - Cornell University, US), Reverse DNS adfs.ad.cornell.edu Software Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 / Resource Hash `20e1d7b4ab695d11a2d9834597263be8ab2d397385f64a1d79aaead644fe3e8c` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch, br Host adfs.ad.cornell.edu Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://krishnamotors.co/ag/cornell.html Connection keep-alive Cache-Control no-cache Referer http://krishnamotors.co/ag/cornell.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Date Fri, 24 Mar 2017 04:35:26 GMT Expires Sun, 23 Apr 2017 04:35:27 GMT Server Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 ETag 20E1D7B4AB695D11A2D9834597263BE8AB2D397385F64A1D79AAEAD644FE3E8C Content-Length 29882 Content-Type image/jpg
GET		illustration.jpg krishnamotors.co/adfs/portal/illustration/	0 0

GET		favicon.ico krishnamotors.co/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: krishnamotors.co
URL: http://krishnamotors.co/adfs/portal/illustration/illustration.jpg?id=7D9C2396EA13D643F3561670A3273100C6B4E5C3FBF2975F3A66CF5B3C954C62

Domain: krishnamotors.co
URL: http://krishnamotors.co/favicon.ico

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: US Universities (Education)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adfs.ad.cornell.edu
krishnamotors.co
krishnamotors.co
132.236.101.10
194.28.85.182
20e1d7b4ab695d11a2d9834597263be8ab2d397385f64a1d79aaead644fe3e8c
6f0220eab314dbf0e7335b4fe5c621432ca7210071efd9eb9ba20632e913f631
e9062ad930de3023f16fc2ff28e0eb9a6be44c032d16781fc00597bdb0e3d15e

krishnamotors.co Open in urlscan Pro 194.28.85.182 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

5 Requests

40 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

43 kBTransfer

55 kBSize

0 Cookies

4 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

krishnamotors.co Open in urlscan Pro
194.28.85.182 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

40 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

43 kB
Transfer

55 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!