acrsmartclassroom.com
Open in
urlscan Pro
51.79.251.183
Malicious Activity!
Public Scan
Effective URL: https://acrsmartclassroom.com/wp-admin/js/dl/rstontova.php?/srtvonsone/&action=aBCCqfJjpDCjkspeISkSEoGAFNtJrSOazvAXvDBoMZiWRLN...
Submission: On November 21 via api from IE — Scanned from DE
Summary
TLS certificate: Issued by R3 on October 2nd 2022. Valid for: 3 months.
This is the only time acrsmartclassroom.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UK Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 162.0.238.90 162.0.238.90 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
9 | 51.79.251.183 51.79.251.183 | 16276 (OVH) (OVH) | |
1 | 2606:4700:20:... 2606:4700:20::681a:407 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 167.114.209.61 167.114.209.61 | 16276 (OVH) (OVH) | |
1 | 2606:4700:10:... 2606:4700:10::6816:4aab | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 172.64.151.83 172.64.151.83 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 67.202.105.31 67.202.105.31 | 32748 (STEADFAST) (STEADFAST) | |
1 | 67.202.105.33 67.202.105.33 | () () | |
23 | 9 |
ASN16276 (OVH, FR)
PTR: vps-a7684233.vps.ovh.ca
acrsmartclassroom.com |
ASN16276 (OVH, FR)
PTR: ns515688.ip-167-114-209.net
t.dtscout.com |
ASN32748 (STEADFAST, US)
PTR: ip31.67-202-105.static.steadfastdns.net
ic.tynt.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
acrsmartclassroom.com
acrsmartclassroom.com |
348 KB |
8 |
tynt.com
cdn.tynt.com — Cisco Umbrella Rank: 10119 ic.tynt.com — Cisco Umbrella Rank: 6453 de.tynt.com |
8 KB |
2 |
dtscout.com
t.dtscout.com — Cisco Umbrella Rank: 14449 |
3 KB |
1 |
amung.us
whos.amung.us — Cisco Umbrella Rank: 16679 |
183 B |
1 |
waust.at
waust.at — Cisco Umbrella Rank: 47044 |
4 KB |
1 |
sindio.be
sindio.be |
420 B |
23 | 6 |
Domain | Requested by | |
---|---|---|
9 | acrsmartclassroom.com |
acrsmartclassroom.com
|
6 | ic.tynt.com |
acrsmartclassroom.com
|
2 | t.dtscout.com |
waust.at
t.dtscout.com |
1 | de.tynt.com |
cdn.tynt.com
|
1 | cdn.tynt.com |
waust.at
|
1 | whos.amung.us |
waust.at
|
1 | waust.at |
acrsmartclassroom.com
|
1 | sindio.be | |
23 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sindio.be cPanel, Inc. Certification Authority |
2022-10-30 - 2023-01-28 |
3 months | crt.sh |
www.acrsmartclassroom.com R3 |
2022-10-02 - 2022-12-31 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-07-04 - 2023-07-04 |
a year | crt.sh |
*.dtscout.com Sectigo RSA Domain Validation Secure Server CA |
2021-10-28 - 2022-11-27 |
a year | crt.sh |
*.amung.us Sectigo RSA Domain Validation Secure Server CA |
2022-05-18 - 2023-06-17 |
a year | crt.sh |
*.tynt.com Sectigo RSA Domain Validation Secure Server CA |
2022-09-07 - 2023-09-30 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://acrsmartclassroom.com/wp-admin/js/dl/rstontova.php?/srtvonsone/&action=aBCCqfJjpDCjkspeISkSEoGAFNtJrSOazvAXvDBoMZiWRLNlAxTdjBgWQnb
Frame ID: 70410C03555CEFA336E1FEC506148E5F
Requests: 24 HTTP requests in this frame
Screenshot
Page Title
Update DVLA - GOV.UK Verify - GOV.UKPage URL History Show full URLs
- https://sindio.be/gyy.html Page URL
- https://acrsmartclassroom.com/wp-admin/js/dl/ Page URL
- https://acrsmartclassroom.com/wp-admin/js/dl/rstontova.php?/srtvonsone/&action=aBCCqfJjpDCjkspeISkSEoGAFNt... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
GOV.UK Frontend (UI frameworks) Expand
Detected patterns
- <body[^>]+govuk-template__body
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://sindio.be/gyy.html Page URL
- https://acrsmartclassroom.com/wp-admin/js/dl/ Page URL
- https://acrsmartclassroom.com/wp-admin/js/dl/rstontova.php?/srtvonsone/&action=aBCCqfJjpDCjkspeISkSEoGAFNtJrSOazvAXvDBoMZiWRLNlAxTdjBgWQnb Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
gyy.html
sindio.be/ |
109 B 420 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
acrsmartclassroom.com/wp-admin/js/dl/ |
215 B 530 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
rstontova.php
acrsmartclassroom.com/wp-admin/js/dl/ |
12 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
acrsmartclassroom.com/wp-admin/js/dl/guess/ |
138 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vertical.png
acrsmartclassroom.com/wp-admin/js/dl/guess/ |
245 KB 243 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
horizontal.png
acrsmartclassroom.com/wp-admin/js/dl/guess/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
black.png
acrsmartclassroom.com/wp-admin/js/dl/guess/ |
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s.js
waust.at/ |
8 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
govuk-crest.png
acrsmartclassroom.com/wp-admin/js/dl/guess/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
light-v2.woff2
acrsmartclassroom.com/wp-admin/js/dl/guess/ |
33 KB 33 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bold-v2.woff2
acrsmartclassroom.com/wp-admin/js/dl/guess/ |
31 KB 31 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
t.dtscout.com/i/ |
2 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
whos.amung.us/pingjs/ |
29 B 183 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tc.js
cdn.tynt.com/ |
17 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
439 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
t.dtscout.com/pv/ |
51 B 319 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p
ic.tynt.com/b/ |
0 227 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v2
de.tynt.com/deb/ |
4 B 260 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p
ic.tynt.com/b/ |
0 227 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p
ic.tynt.com/b/ |
0 227 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p
ic.tynt.com/b/ |
0 227 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p
ic.tynt.com/b/ |
0 227 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p
ic.tynt.com/b/ |
0 227 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
p
ic.tynt.com/b/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- ic.tynt.com
- URL
- https://ic.tynt.com/b/p?id=w!ilmgguie5t&lm=0&ts=1669051514322&dn=TC&iso=0
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UK Government (Government)25 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| _wau function| YJtoPcCe function| gPtVKVTOQS function| JEPcRXrlt2 function| JdinExeDCST3 function| tiplhEfnZeG4 object| WAU_ren function| WAU_small function| WAU_small_request function| WAU_r_s function| WAU_insert function| WAU_legacy_b function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_lrs function| WAU_cps function| docReady object| x string| x1 string| x2 object| Tynt object| _dtspv object| _33Across function| __uspapi4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
acrsmartclassroom.com/ | Name: PHPSESSID Value: 39ch55jl2egng3pmcum5e9lj55 |
|
.dtscout.com/ | Name: m Value: 1 |
|
.dtscout.com/ | Name: oa Value: 1 |
|
.dtscout.com/ | Name: df Value: 1669051514 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
acrsmartclassroom.com
cdn.tynt.com
de.tynt.com
ic.tynt.com
sindio.be
t.dtscout.com
waust.at
whos.amung.us
ic.tynt.com
162.0.238.90
167.114.209.61
172.64.151.83
2606:4700:10::6816:4aab
2606:4700:20::681a:407
51.79.251.183
67.202.105.31
67.202.105.33
0343e17fd722223df88b8c5313333355714ba4f8d12c201deb7c5d24ac26a460
06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47
2052a227c361a7e99ea70f5bdcf54cd9e6c6b493dd4d20b73b376d94ce0dc0d1
2a8cdfc7a0ca34ae559e9ab26415dcd72600f072cec0eeddb4fb960d8075985a
471fe7c33b2ac6fccc2200b7ecbf2db41349a7ae218afe24f204cb84fc5a550f
867e8c0f65910529d214a22ff58f5ad38158e1c104cc1706c94d5f4d3780944c
937458495c30f567aeafe715f0164bfe061ab17aee4a34aabbf191f69a6d32ae
9f8968ee29db013d3ca07ebd96548e3cafc511d6f9ed2614adc889cade87d374
b1d3d6097907be9c4730892b74c227e857dbaedd28c8480d52d51d17dbcb054c
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
c44e570faaa2a506c4c7831ac471a092a9b8c1263366ae094fa15f900c4f5474
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
d379630f9694c5d1b89c52020420a824457ef5fc0e3daae1dd101a226c61ec90
df8e91e89e60f25adb96a11a4d5b8a42da3fa2707da4da009947dc4d092ba3ab
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0
f4b9a6dbfa5227b87174a8cbe05826732c50c88a4f527dc40aa80b8dc867b889
f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac