scopeschoolsurveys.com
Open in
urlscan Pro
192.185.14.243
Malicious Activity!
Public Scan
Effective URL: https://scopeschoolsurveys.com/udt/b/c147d831bd1b6ae7ced2ad3f47f3f108/
Submission: On March 29 via manual from NO
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on January 29th 2019. Valid for: 3 months.
This is the only time scopeschoolsurveys.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: TNT (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 195.201.172.53 195.201.172.53 | 24940 (HETZNER-AS) (HETZNER-AS) | |
8 8 | 13.53.112.22 13.53.112.22 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
10 21 | 192.185.14.243 192.185.14.243 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
1 | 184.30.216.69 184.30.216.69 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
12 | 2 |
ASN24940 (HETZNER-AS, DE)
PTR: static.53.172.201.195.clients.your-server.de
ai6.net |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-13-53-112-22.eu-north-1.compute.amazonaws.com
htrtayag.tk |
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
scopeschoolsurveys.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a184-30-216-69.deploy.static.akamaitechnologies.com
www.tnt.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
scopeschoolsurveys.com
10 redirects
scopeschoolsurveys.com |
260 KB |
8 |
htrtayag.tk
8 redirects
htrtayag.tk |
2 KB |
1 |
tnt.com
www.tnt.com |
14 KB |
1 |
ai6.net
1 redirects
ai6.net |
327 B |
12 | 4 |
Domain | Requested by | |
---|---|---|
21 | scopeschoolsurveys.com |
10 redirects
scopeschoolsurveys.com
|
8 | htrtayag.tk | 8 redirects |
1 | www.tnt.com |
scopeschoolsurveys.com
|
1 | ai6.net | 1 redirects |
12 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
scopeschoolsurveys.com Let's Encrypt Authority X3 |
2019-01-29 - 2019-04-29 |
3 months | crt.sh |
www.tnt.com GeoTrust RSA CA 2018 |
2018-05-04 - 2019-08-03 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://scopeschoolsurveys.com/udt/b/c147d831bd1b6ae7ced2ad3f47f3f108/
Frame ID: 251C4FB1F2BD1080910412D0F124FAD3
Requests: 12 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://ai6.net/3F156A?https://fedex.com
HTTP 301
https://htrtayag.tk/dgg HTTP 301
https://htrtayag.tk/dgg/ HTTP 302
https://htrtayag.tk/dgg/1c6c02dbb4cef032217c92a0cf7b6ef8 HTTP 301
https://htrtayag.tk/dgg/1c6c02dbb4cef032217c92a0cf7b6ef8/ HTTP 302
https://htrtayag.tk/dgg/d HTTP 301
https://htrtayag.tk/dgg/d/ HTTP 302
https://htrtayag.tk/dgg/a HTTP 301
https://htrtayag.tk/dgg/a/ HTTP 302
https://scopeschoolsurveys.com/udt/ HTTP 302
https://scopeschoolsurveys.com/udt/55f3eedce6d90b7c529eca2b641e832d HTTP 301
https://scopeschoolsurveys.com/udt/55f3eedce6d90b7c529eca2b641e832d/ HTTP 302
https://scopeschoolsurveys.com/udt/d HTTP 301
https://scopeschoolsurveys.com/udt/d/ HTTP 302
https://scopeschoolsurveys.com/udt/a HTTP 301
https://scopeschoolsurveys.com/udt/a/ HTTP 302
https://scopeschoolsurveys.com/udt/b HTTP 301
https://scopeschoolsurveys.com/udt/b/ HTTP 302
https://scopeschoolsurveys.com/udt/b/c147d831bd1b6ae7ced2ad3f47f3f108 HTTP 301
https://scopeschoolsurveys.com/udt/b/c147d831bd1b6ae7ced2ad3f47f3f108/ Page URL
Detected technologies
RoundCube (Web Mail) ExpandDetected patterns
- env /^(?:rcmail|rcube_|roundcube)/i
PHP (Programming Languages) Expand
Detected patterns
- env /^(?:rcmail|rcube_|roundcube)/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
- script /jquery-ui(?:-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery-ui.*\.js/i
jQuery UI (JavaScript Libraries) Expand
Detected patterns
- script /jquery-ui(?:-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery-ui.*\.js/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://ai6.net/3F156A?https://fedex.com
HTTP 301
https://htrtayag.tk/dgg HTTP 301
https://htrtayag.tk/dgg/ HTTP 302
https://htrtayag.tk/dgg/1c6c02dbb4cef032217c92a0cf7b6ef8 HTTP 301
https://htrtayag.tk/dgg/1c6c02dbb4cef032217c92a0cf7b6ef8/ HTTP 302
https://htrtayag.tk/dgg/d HTTP 301
https://htrtayag.tk/dgg/d/ HTTP 302
https://htrtayag.tk/dgg/a HTTP 301
https://htrtayag.tk/dgg/a/ HTTP 302
https://scopeschoolsurveys.com/udt/ HTTP 302
https://scopeschoolsurveys.com/udt/55f3eedce6d90b7c529eca2b641e832d HTTP 301
https://scopeschoolsurveys.com/udt/55f3eedce6d90b7c529eca2b641e832d/ HTTP 302
https://scopeschoolsurveys.com/udt/d HTTP 301
https://scopeschoolsurveys.com/udt/d/ HTTP 302
https://scopeschoolsurveys.com/udt/a HTTP 301
https://scopeschoolsurveys.com/udt/a/ HTTP 302
https://scopeschoolsurveys.com/udt/b HTTP 301
https://scopeschoolsurveys.com/udt/b/ HTTP 302
https://scopeschoolsurveys.com/udt/b/c147d831bd1b6ae7ced2ad3f47f3f108 HTTP 301
https://scopeschoolsurveys.com/udt/b/c147d831bd1b6ae7ced2ad3f47f3f108/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
scopeschoolsurveys.com/udt/b/c147d831bd1b6ae7ced2ad3f47f3f108/ Redirect Chain
|
6 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
scopeschoolsurveys.com/udt/b/c147d831bd1b6ae7ced2ad3f47f3f108/app_files/ |
53 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-ui-1.css
scopeschoolsurveys.com/udt/b/c147d831bd1b6ae7ced2ad3f47f3f108/app_files/ |
43 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ui.js
scopeschoolsurveys.com/udt/b/c147d831bd1b6ae7ced2ad3f47f3f108/app_files/ |
26 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
scopeschoolsurveys.com/udt/b/c147d831bd1b6ae7ced2ad3f47f3f108/app_files/ |
84 KB 35 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common.js
scopeschoolsurveys.com/udt/b/c147d831bd1b6ae7ced2ad3f47f3f108/app_files/ |
14 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.js
scopeschoolsurveys.com/udt/b/c147d831bd1b6ae7ced2ad3f47f3f108/app_files/ |
150 KB 51 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jstz.js
scopeschoolsurveys.com/udt/b/c147d831bd1b6ae7ced2ad3f47f3f108/app_files/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-ui-1.js
scopeschoolsurveys.com/udt/b/c147d831bd1b6ae7ced2ad3f47f3f108/app_files/ |
231 KB 76 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
twbfeexplu-f_hrz_2c_pos_rgb.png
www.tnt.com/content/dam/tnt_express_media/tnt-local-pages/fr_fr/images/site/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
linen.jpg
scopeschoolsurveys.com/udt/b/c147d831bd1b6ae7ced2ad3f47f3f108/app_files/images/ |
27 KB 27 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
linen_login.jpg
scopeschoolsurveys.com/udt/b/c147d831bd1b6ae7ced2ad3f47f3f108/app_files/images/ |
27 KB 27 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: TNT (Transportation)28 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| rcube_mail_ui function| rcube_scroller function| rcube_splitter function| $ function| jQuery number| CONTROL_KEY number| SHIFT_KEY number| CONTROL_SHIFT_KEY function| roundcube_browser object| rcube_event function| rcube_event_engine function| rcube_check_email function| rcube_clone_object function| urlencode function| rcube_find_object function| rcube_mouse_is_over function| setCookie function| getCookie object| bw object| Base64 function| rcube_parse_query function| rcube_webmail object| jstz object| rcmail object| UI1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
scopeschoolsurveys.com/ | Name: PHPSESSID Value: f55036eb7eee81c90a206f25504f910c |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ai6.net
htrtayag.tk
scopeschoolsurveys.com
www.tnt.com
13.53.112.22
184.30.216.69
192.185.14.243
195.201.172.53
062a58cadef7626875dea1278e5c5cd9d2645d504855ac0f7067d0a08f71fb56
0f8493a32ecc1471ef2d1b686629f2e63a2e1a2bb35ec9c71983bb80fef3ce11
1fb15d5bce0e282e1ea39ef9e82d393ffd9b1328d2071a43f769a530a71814b8
2c149834a46d58db3ffa710c40cc882c7ac953e6eb86d9da737ea9b72b51af81
4274e99a2688df8b39ece1eec00fc62bb6bc97d2a4a333c8ed63ed2a0b18fbf8
5722c210dd5719dd9ea8acc797d19923275f0961fdb6a278c30c0db14f19c5ac
64b0116e455a72defed4d8687389809588bbfc5a986dd66b319b50c5c55fc091
744254c4e60b2a279c9f96f34517c9d66564ff08d6e60421a8b4e084ae8b1e93
82c27281c95e0ae6af6929e73fbe96f5b435e5c534f05afb9860cbb7d2c2c427
8a77772c5b9570e44cb86c6473cf30a7fbb10a711fa438f3d87fd22396bb9fb7
aa75366a3251b7b5b11d12fb7c475ac6cae0393a78910457df4a502581fb7434