online.razischool.in
Open in
urlscan Pro
2606:4700:3037::ac43:bf2c
Malicious Activity!
Public Scan
Submitted URL: https://online.razischool.in//comment/classes/external/_dir/info/cloud.php?rem=media@tollgroup.com
Effective URL: https://online.razischool.in/comment/classes/external/_dir/info/xrp/user-954748/o3i5glimtxvxkjji1dgpzahgra.php?pg=b&rem=bWVka...
Submission Tags: @jcybersec_
Submission: On June 10 via api from GB
Effective URL: https://online.razischool.in/comment/classes/external/_dir/info/xrp/user-954748/o3i5glimtxvxkjji1dgpzahgra.php?pg=b&rem=bWVka...
Submission Tags: @jcybersec_
Submission: On June 10 via api from GB
Summary
This website contacted 4 IPs
in 2 countries
across 4 domains to perform 8 HTTP transactions.
The main IP is 2606:4700:3037::ac43:bf2c, located in
United States and
belongs to CLOUDFLARENET, US.
The main domain is online.razischool.in.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on February 26th 2020. Valid for: 7 months.
This is the only time online.razischool.in was scanned on urlscan.io!
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on February 26th 2020. Valid for: 7 months.
This is the only time online.razischool.in was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 3 8 | 2606:4700:303... 2606:4700:3037::ac43:bf2c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:81a::200a | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:81f::2003 | 15169 (GOOGLE) (GOOGLE) | |
| 8 | 4 |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 8 |
razischool.in
3 redirects
online.razischool.in |
530 KB |
| 1 |
gstatic.com
fonts.gstatic.com |
13 KB |
| 1 |
googleapis.com
fonts.googleapis.com |
482 B |
| 0 |
Failed
function sub() { [native code] }. Failed |
|
| 8 | 4 |
| Domain | Requested by | |
|---|---|---|
| 8 | online.razischool.in |
3 redirects
online.razischool.in
|
| 1 | fonts.gstatic.com | |
| 1 | fonts.googleapis.com |
online.razischool.in
|
| 0 | favicon.ico Failed |
online.razischool.in
|
| 8 | 4 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2020-02-26 - 2020-10-09 |
7 months | crt.sh |
| upload.video.google.com GTS CA 1O1 |
2020-05-20 - 2020-08-12 |
3 months | crt.sh |
| *.gstatic.com GTS CA 1O1 |
2020-05-20 - 2020-08-12 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://online.razischool.in/comment/classes/external/_dir/info/xrp/user-954748/o3i5glimtxvxkjji1dgpzahgra.php?pg=b&rem=bWVkaWFAdG9sbGdyb3VwLmNvbQ==&guce_referrer=aHR0cHM6Ly&m=&9sb2dpbi55YWhvby5jb20v&guce_referrer_sig=AQAAABA99NmGR9iNQOyU5mI3ASjQfYjcPATD_A8modgjxpNXYNmo8n5zxdi8EZV7GFYPzoSc_RpMz0hYfdCk0OLmxnMB6tpfZnd5ENc
Frame ID: FD34C7AD9F5212E74506F48FF059F9AB
Requests: 12 HTTP requests in this frame
Frame:
https://online.razischool.in/comment/classes/external/_dir/info/xrp/user-954748/o3i5glimtxvxkjji1dgpzahgra.php?pg=c&rem=bWVkaWFAdG9sbGdyb3VwLmNvbQ==&a=0&m=
Frame ID: A11E0892B9B9C7E8F0D71558D55E01DF
Requests: 4 HTTP requests in this frame
Screenshot
Page Title
Sign In to UpdatePage URL History Show full URLs
- https://online.razischool.in//comment/classes/external/_dir/info/cloud.php?rem=media@tollgroup.com Page URL
-
https://online.razischool.in//comment/classes/external/_dir/info/rc.php?rem=media@tollgroup.com&5mc0valjp...
HTTP 302
https://online.razischool.in//comment/classes/external/_dir/info/xrp/user-954748?pg=a&rem=media@tollgroup... HTTP 301
https://online.razischool.in/comment/classes/external/_dir/info/xrp/user-954748/?pg=a&rem=media@tollgroup... HTTP 302
https://online.razischool.in/comment/classes/external/_dir/info/xrp/user-954748/o3i5glimtxvxkjji1dgpzahgr... Page URL
- https://online.razischool.in/comment/classes/external/_dir/info/xrp/user-954748/o3i5glimtxvxkjji1dgpzahgr... Page URL
Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- url /\.php(?:$|\?)/i
CloudFlare
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /^cloudflare$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://online.razischool.in//comment/classes/external/_dir/info/cloud.php?rem=media@tollgroup.com Page URL
-
https://online.razischool.in//comment/classes/external/_dir/info/rc.php?rem=media@tollgroup.com&5mc0valjptki8f1yd9qohe37xuzsr42wgbn6
HTTP 302
https://online.razischool.in//comment/classes/external/_dir/info/xrp/user-954748?pg=a&rem=media@tollgroup.com&sessionid=oULM6HqtaGKw7mcVvOZCWu=IT7oteqk5PzsAJ9B4wVSypK02Gr3ncdmWQClDUaXFgxuLhMf=&r= HTTP 301
https://online.razischool.in/comment/classes/external/_dir/info/xrp/user-954748/?pg=a&rem=media@tollgroup.com&sessionid=oULM6HqtaGKw7mcVvOZCWu=IT7oteqk5PzsAJ9B4wVSypK02Gr3ncdmWQClDUaXFgxuLhMf=&r= HTTP 302
https://online.razischool.in/comment/classes/external/_dir/info/xrp/user-954748/o3i5glimtxvxkjji1dgpzahgra.php?pg=a&rem=bWVkaWFAdG9sbGdyb3VwLmNvbQ==&sessionid=7sUgLPjNOMqkezEuFr56hw=&Country=_vJBOVSpznlLQif2kgwdMxsCThWmKjyUG0XYocPDqEHu6348R=&r=&b= Page URL
- https://online.razischool.in/comment/classes/external/_dir/info/xrp/user-954748/o3i5glimtxvxkjji1dgpzahgra.php?pg=b&rem=bWVkaWFAdG9sbGdyb3VwLmNvbQ==&guce_referrer=aHR0cHM6Ly&m=&9sb2dpbi55YWhvby5jb20v&guce_referrer_sig=AQAAABA99NmGR9iNQOyU5mI3ASjQfYjcPATD_A8modgjxpNXYNmo8n5zxdi8EZV7GFYPzoSc_RpMz0hYfdCk0OLmxnMB6tpfZnd5ENc Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://online.razischool.in//comment/classes/external/_dir/info/rc.php?rem=media@tollgroup.com&5mc0valjptki8f1yd9qohe37xuzsr42wgbn6 HTTP 302
- https://online.razischool.in//comment/classes/external/_dir/info/xrp/user-954748?pg=a&rem=media@tollgroup.com&sessionid=oULM6HqtaGKw7mcVvOZCWu=IT7oteqk5PzsAJ9B4wVSypK02Gr3ncdmWQClDUaXFgxuLhMf=&r= HTTP 301
- https://online.razischool.in/comment/classes/external/_dir/info/xrp/user-954748/?pg=a&rem=media@tollgroup.com&sessionid=oULM6HqtaGKw7mcVvOZCWu=IT7oteqk5PzsAJ9B4wVSypK02Gr3ncdmWQClDUaXFgxuLhMf=&r= HTTP 302
- https://online.razischool.in/comment/classes/external/_dir/info/xrp/user-954748/o3i5glimtxvxkjji1dgpzahgra.php?pg=a&rem=bWVkaWFAdG9sbGdyb3VwLmNvbQ==&sessionid=7sUgLPjNOMqkezEuFr56hw=&Country=_vJBOVSpznlLQif2kgwdMxsCThWmKjyUG0XYocPDqEHu6348R=&r=&b=
8 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
cloud.php
online.razischool.in//comment/classes/external/_dir/info/ |
10 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
o3i5glimtxvxkjji1dgpzahgra.php
online.razischool.in/comment/classes/external/_dir/info/xrp/user-954748/ Redirect Chain
|
509 KB 335 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
783 B 482 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
380 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
474 B 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
280 B 0 |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
244 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
40 KB 40 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
1Ptug8zYS_SKggPNyC0IT4ttDfA.woff2
fonts.gstatic.com/s/raleway/v14/ |
13 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Primary Request
o3i5glimtxvxkjji1dgpzahgra.php
online.razischool.in/comment/classes/external/_dir/info/xrp/user-954748/ |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
1 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
o3i5glimtxvxkjji1dgpzahgra.php
online.razischool.in/comment/classes/external/_dir/info/xrp/user-954748/ Frame A11E |
10 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bg.jpg
online.razischool.in/comment/classes/external/_dir/info/xrp/user-954748/serv/mode/ |
185 KB 186 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
/
favicon.ico/ Frame A11E |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ Frame A11E |
6 KB 0 |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ Frame A11E |
2 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- favicon.ico
- URL
- http://favicon.ico/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .razischool.in/ | Name: __cfduid Value: d38f1634d386eec30bc00934ba99b3f621591832303 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
favicon.ico
fonts.googleapis.com
fonts.gstatic.com
online.razischool.in
favicon.ico
2606:4700:3037::ac43:bf2c
2a00:1450:4001:81a::200a
2a00:1450:4001:81f::2003
1bcbd711541fce74fc4c58fce450956c507db9e1e9d83af8f13ed448e114f9a0
30d7b5575945ca46ad10fcb35134850dc102a945fb49b7839df67a7b28657a5e
924d4fdf8d1e8a1801a1e1a179e06e68344d7a16e88ae9001893f145e3f72828
92fd40762d767ac7711c39b19506d470d901d31c8ac193499b3b673ec1261396
93480ff073d2be70226222836850f5e26b10e30d203b5a7f2be249a2b89a7de4
9ed1e994bade292287d68f312066b6e6369244e751aa07d2d61ea9fc2ecffe06
baa0ab5394bd362caba2a85b0d7c713ba60f58824aea1b080a2d790752812c01
d4fd8fdcc9031c6bd27cb72d17ea6389baa009a3d72d6e5bcb93998df0b196ab
d6fc3d1520a00be1c8c8cb060a85bdb76f8daa6596e58d2b2a977ea67bb0a886
edecc97d12f824eeb7bd13ef2e4cf551c3139f79a63504a7cd0dfc3e5333badc
ff53f750c3e831f83e12476b015a7993316178043257913f1bf32681ce8dc8b5