kidseduworldindia.com Open in urlscan Pro
199.79.63.24 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://kidseduworldindia.com/
Effective URL:
https://kidseduworldindia.com/app/
Submission: On February 27 via api (February 27th 2024, 4:40:50 pm UTC) from US — Scanned from US

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 10 HTTP transactions. The main IP is 199.79.63.24, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is kidseduworldindia.com.
TLS certificate: Issued by R3 on February 6th 2024. Valid for: 3 months.

This is the only time kidseduworldindia.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: M&T Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2 11	199.79.63.24 199.79.63.24	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1	2600:9000:251... 2600:9000:2511:9400:2:8f43:5780:93a1	16509 (AMAZON-02) (AMAZON-02)
10	2

11 199.79.63.24 (United States) 2 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: bh-58.webhostbox.net

kidseduworldindia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2511:9400:2:8f43:5780:93a1 (United States)

ASN16509 (AMAZON-02, US)

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	kidseduworldindia.com 2 redirects kidseduworldindia.com	205 KB
1	ensighten.com nexus.ensighten.com — Cisco Umbrella Rank: 3913	472 B
10	2

	Domain	Requested by
11	kidseduworldindia.com	2 redirects kidseduworldindia.com
1	nexus.ensighten.com	kidseduworldindia.com
10	2

This site contains no links.

Subject Issuer	Validity	Valid
kidseduworldindia.com R3	`2024-02-06` - `2024-05-06`	3 months	crt.sh
nexus.ensighten.com Amazon RSA 2048 M02	`2023-09-29` - `2024-10-27`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://kidseduworldindia.com/app/
Frame ID: 5C5A3C24624783A58BFB8D69A8EFD94C
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Welcome to Online Banking | M&T Bank

Page URL History Show full URLs

https://kidseduworldindia.com/ HTTP 302
https://kidseduworldindia.com/app HTTP 301
https://kidseduworldindia.com/app/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

//nexus\.ensighten\.com/

Page Statistics

10
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

205 kB
Transfer

452 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://kidseduworldindia.com/ HTTP 302
https://kidseduworldindia.com/app HTTP 301
https://kidseduworldindia.com/app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response kidseduworldindia.com/app/ Redirect Chain https://kidseduworldindia.com/ https://kidseduworldindia.com/app https://kidseduworldindia.com/app/	11 KB 3 KB	93ms 92ms	Document text/html	199.79.63.24 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://kidseduworldindia.com/app/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 199.79.63.24 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS bh-58.webhostbox.net Software Apache / Resource Hash `b45c276566dda1b2ddf5abd3593fad2f481d9493148392e83217109c33edc7c9` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 accept-language en-US,en;q=0.9 Response headers content-encoding gzip content-length 3019 content-type text/html; charset=UTF-8 date Tue, 27 Feb 2024 16:40:45 GMT server Apache vary Accept-Encoding Redirect headers content-length 242 content-type text/html; charset=iso-8859-1 date Tue, 27 Feb 2024 16:40:45 GMT location https://kidseduworldindia.com/app/ server Apache
GET H2	200	mtb.css kidseduworldindia.com/libraries/css/	252 KB 45 KB	195ms 192ms	Stylesheet text/css	199.79.63.24 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://kidseduworldindia.com/libraries/css/mtb.css Requested by Host: kidseduworldindia.com URL: https://kidseduworldindia.com/app/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 199.79.63.24 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS bh-58.webhostbox.net Software Apache / Resource Hash `d18b82a04723d0bdf0124a010cdc5c916fa42efd52309d49838255a483f35146` Request headers accept-language en-US,en;q=0.9 Referer https://kidseduworldindia.com/app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Tue, 27 Feb 2024 16:40:45 GMT content-encoding gzip last-modified Tue, 27 Feb 2024 02:34:38 GMT server Apache accept-ranges bytes vary Accept-Encoding content-type text/css
GET H2	200	Bootstrap.js Show response kidseduworldindia.com/libraries/js/	52 KB 19 KB	134ms 132ms	Script application/javascript	199.79.63.24 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://kidseduworldindia.com/libraries/js/Bootstrap.js Requested by Host: kidseduworldindia.com URL: https://kidseduworldindia.com/app/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 199.79.63.24 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS bh-58.webhostbox.net Software Apache / Resource Hash `b080e4b98b9a6a6a8a95a0034c7aa46fd054f5a67873912ff6107f934b7553f4` Request headers accept-language en-US,en;q=0.9 Referer https://kidseduworldindia.com/app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Tue, 27 Feb 2024 16:40:45 GMT content-encoding gzip last-modified Tue, 27 Feb 2024 02:34:38 GMT server Apache accept-ranges bytes vary Accept-Encoding content-type application/javascript
GET H2	200	mtb-logo.svg kidseduworldindia.com/libraries/img/	2 KB 2 KB	80ms 79ms	Image image/svg+xml	199.79.63.24 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://kidseduworldindia.com/libraries/img/mtb-logo.svg Requested by Host: kidseduworldindia.com URL: https://kidseduworldindia.com/app/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 199.79.63.24 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS bh-58.webhostbox.net Software Apache / Resource Hash `5f5b0d9f678fe446631a33a4cbbe891a01b0ed972143702e67ae6617367096ac` Request headers accept-language en-US,en;q=0.9 Referer https://kidseduworldindia.com/app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Tue, 27 Feb 2024 16:40:45 GMT last-modified Tue, 27 Feb 2024 02:34:38 GMT server Apache accept-ranges bytes content-length 2039 content-type image/svg+xml
GET H2	200	mtb-equalhousinglender.svg kidseduworldindia.com/libraries/img/	230 B 259 B	70ms 69ms	Image image/svg+xml	199.79.63.24 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://kidseduworldindia.com/libraries/img/mtb-equalhousinglender.svg Requested by Host: kidseduworldindia.com URL: https://kidseduworldindia.com/app/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 199.79.63.24 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS bh-58.webhostbox.net Software Apache / Resource Hash `d58eb2802f72d0c6b1d944a1335e8fb914af44b51fe16097aad994c15b8cfbad` Request headers accept-language en-US,en;q=0.9 Referer https://kidseduworldindia.com/app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Tue, 27 Feb 2024 16:40:45 GMT last-modified Tue, 27 Feb 2024 02:34:38 GMT server Apache accept-ranges bytes content-length 230 content-type image/svg+xml
GET H2	200	mtb-entrust.svg kidseduworldindia.com/libraries/img/	1 KB 1 KB	68ms 67ms	Image image/svg+xml	199.79.63.24 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://kidseduworldindia.com/libraries/img/mtb-entrust.svg Requested by Host: kidseduworldindia.com URL: https://kidseduworldindia.com/app/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 199.79.63.24 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS bh-58.webhostbox.net Software Apache / Resource Hash `b2ef3bd17aa6bc2daa7b1209f7848b30c64f3068e43162b09a216639ab430ce5` Request headers accept-language en-US,en;q=0.9 Referer https://kidseduworldindia.com/app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Tue, 27 Feb 2024 16:40:45 GMT last-modified Tue, 27 Feb 2024 02:34:38 GMT server Apache accept-ranges bytes content-length 1349 content-type image/svg+xml
GET H2	200	serverComponent.php Show response nexus.ensighten.com/mtbank/OE-Prod/	60 B 472 B	305ms 39ms	Script application/javascript	2600:9000:2511:9400:2:8f43:5780:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://nexus.ensighten.com/mtbank/OE-Prod/serverComponent.php?r=54261.149239961436&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/mtbank/OE-Prod/code/&publishedOn=Wed%20Feb%2003%2022:07:37%20GMT%202021&ClientID=1512&PageID=https%3A%2F%2Fkidseduworldindia.com%2Fapp%2F Requested by Host: kidseduworldindia.com URL: https://kidseduworldindia.com/libraries/js/Bootstrap.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2511:9400:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software CloudFront / Resource Hash `ad68c8c7e80948313b864c7f1f78556234fe7d5fc778337a7bf0db2efd0c7468` Request headers accept-language en-US,en;q=0.9 Referer https://kidseduworldindia.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Tue, 27 Feb 2024 16:40:46 GMT via 1.1 d98647edce17345f3d148190339e9d8c.cloudfront.net (CloudFront) last-modified Thu, 08 Sep 2022 01:40:18 GMT server CloudFront x-amz-cf-pop JFK50-P6 etag "63194802-3c" x-cache Miss from cloudfront content-type application/javascript; charset=utf-8 cache-control no-cache, no-store accept-ranges bytes alt-svc h3=":443"; ma=86400 content-length 60 x-amz-cf-id 1eeSv01WZFEKdi-1cogluXAfalVwYecDs2gZkcQnp8XjWcsQo-j8_Q== expires Tue, 27 Feb 2024 16:40:45 GMT
GET H2	200	mandtbaltoweb-book.woff kidseduworldindia.com/libraries/fonts/	66 KB 66 KB	70ms 69ms	Font font/woff	199.79.63.24 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://kidseduworldindia.com/libraries/fonts/mandtbaltoweb-book.woff Requested by Host: kidseduworldindia.com URL: https://kidseduworldindia.com/libraries/css/mtb.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 199.79.63.24 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS bh-58.webhostbox.net Software Apache / Resource Hash `4029a5a081992259f4e529190b49dbba893931da4e843dd203449f1b9a4509d2` Request headers Referer https://kidseduworldindia.com/libraries/css/mtb.css Origin https://kidseduworldindia.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Tue, 27 Feb 2024 16:40:46 GMT last-modified Tue, 27 Feb 2024 02:34:38 GMT server Apache accept-ranges bytes content-length 67671 content-type font/woff
GET H2	200	mandtpg-iconfont.woff kidseduworldindia.com/libraries/fonts/	5 KB 5 KB	135ms 134ms	Font font/woff	199.79.63.24 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://kidseduworldindia.com/libraries/fonts/mandtpg-iconfont.woff Requested by Host: kidseduworldindia.com URL: https://kidseduworldindia.com/libraries/css/mtb.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 199.79.63.24 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS bh-58.webhostbox.net Software Apache / Resource Hash `108d16421ae2ff7fc5157d507dc5b1bf7f62140ba58cf3c723b1f2b7e74c21df` Request headers Referer https://kidseduworldindia.com/libraries/css/mtb.css Origin https://kidseduworldindia.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Tue, 27 Feb 2024 16:40:46 GMT last-modified Tue, 27 Feb 2024 02:34:38 GMT server Apache accept-ranges bytes content-length 4776 content-type font/woff
GET H2	200	mandtbaltoweb-medium.woff kidseduworldindia.com/libraries/fonts/	63 KB 63 KB	68ms 67ms	Font font/woff	199.79.63.24 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://kidseduworldindia.com/libraries/fonts/mandtbaltoweb-medium.woff Requested by Host: kidseduworldindia.com URL: https://kidseduworldindia.com/libraries/css/mtb.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 199.79.63.24 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS bh-58.webhostbox.net Software Apache / Resource Hash `b391b55f950528937beee7687717a4aef81196817834f1c93b099713ff738fbc` Request headers Referer https://kidseduworldindia.com/libraries/css/mtb.css Origin https://kidseduworldindia.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Tue, 27 Feb 2024 16:40:46 GMT last-modified Tue, 27 Feb 2024 02:34:38 GMT server Apache accept-ranges bytes content-length 64318 content-type font/woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: M&T Bank (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ensBootstraps object| Bootstrapper

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			kidseduworldindia.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 4376a1b8bba6069f72e97036fb04a350

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

kidseduworldindia.com
nexus.ensighten.com
199.79.63.24
2600:9000:2511:9400:2:8f43:5780:93a1
108d16421ae2ff7fc5157d507dc5b1bf7f62140ba58cf3c723b1f2b7e74c21df
4029a5a081992259f4e529190b49dbba893931da4e843dd203449f1b9a4509d2
5f5b0d9f678fe446631a33a4cbbe891a01b0ed972143702e67ae6617367096ac
ad68c8c7e80948313b864c7f1f78556234fe7d5fc778337a7bf0db2efd0c7468
b080e4b98b9a6a6a8a95a0034c7aa46fd054f5a67873912ff6107f934b7553f4
b2ef3bd17aa6bc2daa7b1209f7848b30c64f3068e43162b09a216639ab430ce5
b391b55f950528937beee7687717a4aef81196817834f1c93b099713ff738fbc
b45c276566dda1b2ddf5abd3593fad2f481d9493148392e83217109c33edc7c9
d18b82a04723d0bdf0124a010cdc5c916fa42efd52309d49838255a483f35146
d58eb2802f72d0c6b1d944a1335e8fb914af44b51fe16097aad994c15b8cfbad

kidseduworldindia.com Open in urlscan Pro 199.79.63.24 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

205 kBTransfer

452 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

Indicators

kidseduworldindia.com Open in urlscan Pro
199.79.63.24 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

205 kB
Transfer

452 kB
Size

1
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!