www.dewsunindia.com
Open in
urlscan Pro
115.124.114.46
Malicious Activity!
Public Scan
Effective URL: https://www.dewsunindia.com/file/me/xlarge/jV6Er7qnp2c4eFLP1IKYavAl9MTdoOD3b5giQXh0RGzHst8WZSxymCBNfwUJk/my_folder.php?clien...
Submission: On March 15 via manual from GB
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 22nd 2018. Valid for: 3 months.
This is the only time www.dewsunindia.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Dropbox (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 160.153.129.219 160.153.129.219 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
3 16 | 115.124.114.46 115.124.114.46 | 45815 (HOSTCOIN-...) (HOSTCOIN-AS-IN-AP ESDS Software Solution Pvt. Ltd.) | |
2 | 104.16.100.29 104.16.100.29 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
17 | 4 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-160-153-129-219.ip.secureserver.net
easypath.info |
ASN45815 (HOSTCOIN-AS-IN-AP ESDS Software Solution Pvt. Ltd., IN)
www.dewsunindia.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cfl.dropboxstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
dewsunindia.com
3 redirects
www.dewsunindia.com |
155 KB |
2 |
dropboxstatic.com
cfl.dropboxstatic.com |
172 KB |
1 |
easypath.info
easypath.info |
383 B |
0 |
aspnetcdn.com
Failed
ajax.aspnetcdn.com Failed |
|
17 | 4 |
Domain | Requested by | |
---|---|---|
16 | www.dewsunindia.com |
3 redirects
www.dewsunindia.com
|
2 | cfl.dropboxstatic.com |
www.dewsunindia.com
|
1 | easypath.info | |
0 | ajax.aspnetcdn.com Failed |
www.dewsunindia.com
|
17 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
dewsunindia.com cPanel, Inc. Certification Authority |
2018-02-22 - 2018-05-23 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.dewsunindia.com/file/me/xlarge/jV6Er7qnp2c4eFLP1IKYavAl9MTdoOD3b5giQXh0RGzHst8WZSxymCBNfwUJk/my_folder.php?client-request-path=submit&wxtc=ea04f5590685592422067f5dac014510&session=ea04f5590685592422067f5dac014510ea04f5590685592422067f5dac014510
Frame ID: 5D2E780A42513E5229AE8B95FCAE2C46
Requests: 18 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://easypath.info/html.php Page URL
-
https://www.dewsunindia.com//file/me/xlarge/
HTTP 302
https://www.dewsunindia.com//file/me/xlarge/jV6Er7qnp2c4eFLP1IKYavAl9MTdoOD3b5giQXh0RGzHst8WZSxymCBNfwUJk HTTP 301
https://www.dewsunindia.com/file/me/xlarge/jV6Er7qnp2c4eFLP1IKYavAl9MTdoOD3b5giQXh0RGzHst8WZSxymCBNfwUJk/ HTTP 302
https://www.dewsunindia.com/file/me/xlarge/jV6Er7qnp2c4eFLP1IKYavAl9MTdoOD3b5giQXh0RGzHst8WZSxymCBNfwUJk... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
React (JavaScript Frameworks) Expand
Detected patterns
- html /<[^>]+data-react/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://easypath.info/html.php Page URL
-
https://www.dewsunindia.com//file/me/xlarge/
HTTP 302
https://www.dewsunindia.com//file/me/xlarge/jV6Er7qnp2c4eFLP1IKYavAl9MTdoOD3b5giQXh0RGzHst8WZSxymCBNfwUJk HTTP 301
https://www.dewsunindia.com/file/me/xlarge/jV6Er7qnp2c4eFLP1IKYavAl9MTdoOD3b5giQXh0RGzHst8WZSxymCBNfwUJk/ HTTP 302
https://www.dewsunindia.com/file/me/xlarge/jV6Er7qnp2c4eFLP1IKYavAl9MTdoOD3b5giQXh0RGzHst8WZSxymCBNfwUJk/my_folder.php?client-request-path=submit&wxtc=ea04f5590685592422067f5dac014510&session=ea04f5590685592422067f5dac014510ea04f5590685592422067f5dac014510 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
html.php
easypath.info/ |
118 B 383 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
my_folder.php
www.dewsunindia.com/file/me/xlarge/jV6Er7qnp2c4eFLP1IKYavAl9MTdoOD3b5giQXh0RGzHst8WZSxymCBNfwUJk/ Redirect Chain
|
4 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
www.dewsunindia.com/file/me/xlarge/jV6Er7qnp2c4eFLP1IKYavAl9MTdoOD3b5giQXh0RGzHst8WZSxymCBNfwUJk/css/ |
2 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mss.js
www.dewsunindia.com/file/me/xlarge/jV6Er7qnp2c4eFLP1IKYavAl9MTdoOD3b5giQXh0RGzHst8WZSxymCBNfwUJk/images/ |
873 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dbdg.js
www.dewsunindia.com/file/me/xlarge/jV6Er7qnp2c4eFLP1IKYavAl9MTdoOD3b5giQXh0RGzHst8WZSxymCBNfwUJk/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header.png
www.dewsunindia.com/file/me/xlarge/jV6Er7qnp2c4eFLP1IKYavAl9MTdoOD3b5giQXh0RGzHst8WZSxymCBNfwUJk/images/ |
67 KB 67 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prf.png
www.dewsunindia.com/file/me/xlarge/jV6Er7qnp2c4eFLP1IKYavAl9MTdoOD3b5giQXh0RGzHst8WZSxymCBNfwUJk/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
select_gif.png
www.dewsunindia.com/file/me/xlarge/jV6Er7qnp2c4eFLP1IKYavAl9MTdoOD3b5giQXh0RGzHst8WZSxymCBNfwUJk/images/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
but2_2.png
www.dewsunindia.com/file/me/xlarge/jV6Er7qnp2c4eFLP1IKYavAl9MTdoOD3b5giQXh0RGzHst8WZSxymCBNfwUJk/images/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.js
www.dewsunindia.com/file/me/xlarge/jV6Er7qnp2c4eFLP1IKYavAl9MTdoOD3b5giQXh0RGzHst8WZSxymCBNfwUJk/js/ |
623 B 877 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ps.js
www.dewsunindia.com/file/me/xlarge/jV6Er7qnp2c4eFLP1IKYavAl9MTdoOD3b5giQXh0RGzHst8WZSxymCBNfwUJk/ |
52 B 305 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vj.js
www.dewsunindia.com/file/me/xlarge/jV6Er7qnp2c4eFLP1IKYavAl9MTdoOD3b5giQXh0RGzHst8WZSxymCBNfwUJk/ |
472 B 726 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2nd.png
www.dewsunindia.com/file/me/xlarge/jV6Er7qnp2c4eFLP1IKYavAl9MTdoOD3b5giQXh0RGzHst8WZSxymCBNfwUJk/images/ |
28 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
create_small_2x-vflRCZOr1.jpg
cfl.dropboxstatic.com/static/images/productivity/ |
24 KB 24 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
3rd.png
www.dewsunindia.com/file/me/xlarge/jV6Er7qnp2c4eFLP1IKYavAl9MTdoOD3b5giQXh0RGzHst8WZSxymCBNfwUJk/images/ |
33 KB 33 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jquery-1.12.2.min.js
ajax.aspnetcdn.com/ajax/jQuery/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
create_large-vflp6JX4C.mp4
cfl.dropboxstatic.com/static/images/productivity/video/ |
147 KB 148 KB |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- ajax.aspnetcdn.com
- URL
- http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.12.2.min.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Dropbox (Consumer)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| PopupCenterDual string| message function| clickIE function| clickNS function| disableCtrlKeyCombination function| unhideBody function| validateForm0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.aspnetcdn.com
cfl.dropboxstatic.com
easypath.info
www.dewsunindia.com
ajax.aspnetcdn.com
104.16.100.29
115.124.114.46
160.153.129.219
06c8967abd3d5cbf1628a5080a8380f1e609c93c4f176353299eeef063cbd0c9
1274e2a204ce01b495bc70f1e22f71355c8c22f7d079e51651c426577ca2a60f
4661dd14224e0564b07c8cafb4302d166983b53d46f5a2bb763fda6c68eff647
48f1352262c68a7cb5dbf37b30cec85bedd8841bad9b8ec6caa3405480b9a83c
513ec0e4ae153ca4cb1c43969bd84fb8e1eb1528478f121ca32f25fdbc77538f
6255aadc9a807417c8701fb0ce1da2d70640a358170a7bb7b54b2209df4bcc9f
6bd60053ce5b93dbaa4d6c2307ac3e67ee0d259a7be9ec79dcf831d56e0dcaf1
71055393218537efb348a66a38c68bfe6e691a8cc17931d29f001030f9f7c11c
85d403e995c5d0e417b80add9bfe8afe6a087eeb0377ad531caa18c8eb4e672d
8f0538245cd10735d3528dc46828580755b1a3525e40216619c00c28c3136457
9bdc316558363addd5876f5695b92da52c4e507aae24336474626132050fb067
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
a9f16760207b5f93a6ca0eee10f5bc7a8a0696d94b580014871efee3bb95d889
aea8b01d83dfd5f2f65c164b0ef1f033a3fb275935bb51e504d7651ebb17d288
b11b0add6ca98cf5224b66d81ea911b5700f3822dad9c497e5960c89487255b7
cbe4833a5e29077f25ea81e2068df23b20bde5b72e2a7028462707cbc012887a
d92af9df111dc685d9d0863e1e554325ed042a59a4c65867417bd549aa741f59