urlscan.io logo urlscan.io
SecurityTrails logo

kalibreglobal.dnsracks.com Open in urlscan Pro
103.20.215.76  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://blex.co.il/tmp/Q6TBMsPEsPwi.html
Effective URL: https://kalibreglobal.dnsracks.com/app/signin
Submission: On February 24 via manual from IL — Scanned from IL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 4 countries across 4 domains to perform 3 HTTP transactions. The main IP is 103.20.215.76, located in Faridabad, India and belongs to E2E-NETWORKS-IN 282, Sector 19, IN. The main domain is kalibreglobal.dnsracks.com.
TLS certificate: Issued by R3 on February 23rd 2024. Valid for: 3 months.
This is the only time kalibreglobal.dnsracks.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 212.150.243.220 1680 (NV-ASN CE...)
1 1 188.114.97.3 13335 (CLOUDFLAR...)
1 104.21.60.52 13335 (CLOUDFLAR...)
2 3 103.20.215.76 132420 (E2E-NETWO...)
3 3
Apex Domain
Subdomains		 Transfer
3 dnsracks.com
kalibreglobal.dnsracks.com
1 KB
1 gabay-barel.co.il
gabay-barel.co.il
578 B
1 parkpension.de
go.parkpension.de
472 B
1 blex.co.il
blex.co.il
324 B
3 4
Domain Requested by
3 kalibreglobal.dnsracks.com 2 redirects
1 gabay-barel.co.il
1 go.parkpension.de 1 redirects
1 blex.co.il
3 4

This site contains no links.

Subject Issuer Validity Valid
blex.funet.co.il
R3		 2024-01-25 -
2024-04-24		 3 months crt.sh
gabay-barel.co.il
GTS CA 1P5		 2024-01-26 -
2024-04-25		 3 months crt.sh
kalibreglobal.dnsracks.com
R3		 2024-02-23 -
2024-05-23		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://kalibreglobal.dnsracks.com/app/signin
Frame ID: 9CD2F1D0E4E6115552E2104C6EA380BE
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://blex.co.il/tmp/Q6TBMsPEsPwi.html Page URL
  2. https://go.parkpension.de/Q6TBMsPEsPwi HTTP 302
    https://gabay-barel.co.il/wp-content/uploads/2024/02/gaAilGg7yT9E.php Page URL
  3. https://kalibreglobal.dnsracks.com/ HTTP 302
    https://kalibreglobal.dnsracks.com/app/index HTTP 302
    https://kalibreglobal.dnsracks.com/app/signin Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Page Statistics

3
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

4
Countries

1 kB
Transfer

0 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://blex.co.il/tmp/Q6TBMsPEsPwi.html Page URL
  2. https://go.parkpension.de/Q6TBMsPEsPwi HTTP 302
    https://gabay-barel.co.il/wp-content/uploads/2024/02/gaAilGg7yT9E.php Page URL
  3. https://kalibreglobal.dnsracks.com/ HTTP 302
    https://kalibreglobal.dnsracks.com/app/index HTTP 302
    https://kalibreglobal.dnsracks.com/app/signin Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://go.parkpension.de/Q6TBMsPEsPwi HTTP 302
  • https://gabay-barel.co.il/wp-content/uploads/2024/02/gaAilGg7yT9E.php

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Q6TBMsPEsPwi.html
blex.co.il/tmp/ 		88 B
324 B 		Document
General
Check archive.org
Download Go to
Full URL
https://blex.co.il/tmp/Q6TBMsPEsPwi.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
212.150.243.220 Yas'ur, Israel, ASN1680 (NV-ASN CELLCOM ltd., IL),
Reverse DNS
server02.funet.co.il
Software
LiteSpeed /
Resource Hash
3556c2b6e3f561c0f406bd2037ead6031ce784ea90afcbdbe2c3169c87de4cc4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language
he-IL,he;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
88
content-type
text/html
date
Sat, 24 Feb 2024 05:39:36 GMT
last-modified
Fri, 23 Feb 2024 21:46:51 GMT
server
LiteSpeed
gaAilGg7yT9E.php
gabay-barel.co.il/wp-content/uploads/2024/02/
Redirect Chain
  • https://go.parkpension.de/Q6TBMsPEsPwi
  • https://gabay-barel.co.il/wp-content/uploads/2024/02/gaAilGg7yT9E.php
85 B
578 B 		Document
General
Check archive.org
Download Go to
Full URL
https://gabay-barel.co.il/wp-content/uploads/2024/02/gaAilGg7yT9E.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.60.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/8.0.30
Resource Hash
a47b06b81b42d3439a0a9e27b1c850c4853c5edddb9c78658c41143c82a8d746

Request headers

Referer
https://blex.co.il/tmp/Q6TBMsPEsPwi.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language
he-IL,he;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
85a5606b5d0fe3db-TLV
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 24 Feb 2024 05:40:56 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9RrD2iRwtvZiJzL%2FtJ9qQP6kirM4jiLD5mT2ozqzdD9ifA8S%2FBguXds6zb8lEsi%2Fpi3p2gMMoyS9F5qosE%2BeQmtbk5NvexFa2%2FfsU%2F4xg0j782JMHv63G%2FunG7Y3VeTP4NBDTw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/8.0.30
x-turbo-charged-by
LiteSpeed

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
85a560687bc9e3d3-TLV
content-length
0
date
Sat, 24 Feb 2024 05:40:56 GMT
location
https://gabay-barel.co.il/wp-content/uploads/2024/02/gaAilGg7yT9E.php
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DImmRd0cbkLOmRgo9q6ImA%2F5c7mDA%2F3p5Ezb2I%2F8k5vJ6VCYvD8JWBk7mA4qN9LUp2GQ8wAwVUCjcKG13OSzT6I%2FkN9Qc837584aN2mGM6IQpb4I1MDaFl1GKK373rrJFClFEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Short.io/Edge
Primary Request signin
kalibreglobal.dnsracks.com/app/
Redirect Chain
  • https://kalibreglobal.dnsracks.com/
  • https://kalibreglobal.dnsracks.com/app/index
  • https://kalibreglobal.dnsracks.com/app/signin
91 B
483 B 		Document
General
Check archive.org
Download Go to
Full URL
https://kalibreglobal.dnsracks.com/app/signin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
103.20.215.76 Faridabad, India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS
e2e-4-76.ssdcloudindia.net
Software
nginx / PHP/7.4.33 PleskLin
Resource Hash
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://gabay-barel.co.il/wp-content/uploads/2024/02/gaAilGg7yT9E.php
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language
he-IL,he;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 24 Feb 2024 05:41:00 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
host
www.fbi.gov
origin
https://www.fbi.gov
pragma
no-cache
referer
https://www.fbi.gov
remote_addr
104.16.77.187
server
nginx
x-content-type
nosniff
x-forwarded-host
www.fbi.gov
x-forwarded-proto
https
x-powered-by
PHP/7.4.33 PleskLin
x-xss-protection
1; mode=block
x_forwarded_for
104.16.77.187

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-type
text/html; charset=UTF-8
date
Sat, 24 Feb 2024 05:41:00 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
host
www.fbi.gov
location
signin
origin
https://www.fbi.gov
pragma
no-cache
referer
https://www.fbi.gov
remote_addr
104.16.77.187
server
nginx
x-content-type
nosniff
x-forwarded-host
www.fbi.gov
x-forwarded-proto
https
x-powered-by
PHP/7.4.33 PleskLin
x-xss-protection
1; mode=block
x_forwarded_for
104.16.77.187

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Domain/Path Name / Value
kalibreglobal.dnsracks.com/ Name: PHPSESSID
Value: g6kab8cc32ih66mgr9h0kk0dt5

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blex.co.il
gabay-barel.co.il
go.parkpension.de
kalibreglobal.dnsracks.com
103.20.215.76
104.21.60.52
188.114.97.3
212.150.243.220
3556c2b6e3f561c0f406bd2037ead6031ce784ea90afcbdbe2c3169c87de4cc4
a47b06b81b42d3439a0a9e27b1c850c4853c5edddb9c78658c41143c82a8d746