urlscan.io logo urlscan.io
SecurityTrails logo

www.gps.edu.in Open in urlscan Pro
139.99.120.147  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://www.gps.edu.in/slider/PDF-view/
Submission: On December 17 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 6 HTTP transactions. The main IP is 139.99.120.147, located in Singapore, Singapore and belongs to OVH, FR. The main domain is www.gps.edu.in.
TLS certificate: Issued by Starfield Secure Certificate Authorit... on October 5th 2018. Valid for: a year.
This is the only time www.gps.edu.in was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 2 139.99.120.147 16276 (OVH)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
2 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
6 5
2    139.99.120.147 (Singapore, Singapore)

ASN16276 (OVH, FR)
PTR: l1.dreamteam.co.in
www.gps.edu.in
1    2a02:26f0:6c00:283::34ef (European Union)

ASN20940 (AKAMAI-ASN1, US)
auth.gfx.ms
1    2a00:1450:4001:821::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
ajax.googleapis.com
1    2a02:26f0:6c00:2bf::35c1 (European Union)

ASN20940 (AKAMAI-ASN1, US)
secure.aadcdn.microsoftonline-p.com
2    2a02:26f0:6c00:283::35c1 (European Union)

ASN20940 (AKAMAI-ASN1, US)
secure.aadcdn.microsoftonline-p.com
Domain Requested by
3 secure.aadcdn.microsoftonline-p.com www.gps.edu.in
2 www.gps.edu.in 1 redirects
1 ajax.googleapis.com www.gps.edu.in
1 auth.gfx.ms www.gps.edu.in
6 4

This site contains no links.

Subject Issuer Validity Valid
gps.edu.in
Starfield Secure Certificate Authority - G2		 2018-10-05 -
2019-10-05		 a year crt.sh
msagfx.live.com
Microsoft IT TLS CA 4		 2017-07-27 -
2019-07-17		 2 years crt.sh
*.googleapis.com
Google Internet Authority G3		 2018-11-27 -
2019-02-19		 3 months crt.sh
secure.aadcdn.microsoftonline-p.com
Microsoft IT TLS CA 1		 2017-08-15 -
2019-08-15		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://www.gps.edu.in/slider/PDF-view/
Frame ID: 9D8C6A76EEAF0A2BA79012472D27A69F
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://www.gps.edu.in/slider/PDF-view HTTP 301
    https://www.gps.edu.in/slider/PDF-view/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Page Statistics

6
Requests

100 %
HTTPS

80 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

345 kB
Transfer

479 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.gps.edu.in/slider/PDF-view HTTP 301
    https://www.gps.edu.in/slider/PDF-view/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.gps.edu.in/slider/PDF-view/
Redirect Chain
  • https://www.gps.edu.in/slider/PDF-view
  • https://www.gps.edu.in/slider/PDF-view/
14 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.gps.edu.in/slider/PDF-view/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.99.120.147 Singapore, Singapore, ASN16276 (OVH, FR),
Reverse DNS
l1.dreamteam.co.in
Software
Apache /
Resource Hash
16e6bc874850da23afc51f34e91caa95b8ca09d796e99595220250d58d5c3586

Request headers

Host
www.gps.edu.in
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 17 Dec 2018 14:57:24 GMT
Server
Apache
Last-Modified
Mon, 17 Dec 2018 10:29:56 GMT
Accept-Ranges
bytes
Content-Length
14400
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Content-Type
text/html

Redirect headers

Date
Mon, 17 Dec 2018 14:57:24 GMT
Server
Apache
Location
https://www.gps.edu.in/slider/PDF-view/
Content-Length
247
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
Converged_v21033.css
auth.gfx.ms/16.000.27991.01/ 		100 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://auth.gfx.ms/16.000.27991.01/Converged_v21033.css
Requested by
Host: www.gps.edu.in
URL: https://www.gps.edu.in/slider/PDF-view/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:283::34ef , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
a68b21292da5623b3d489becaa484854cd6e1623c342875c15d3ab91fbec993a

Request headers

Referer
https://www.gps.edu.in/slider/PDF-view/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 17 Dec 2018 14:57:24 GMT
Content-Encoding
gzip
Last-Modified
Fri, 02 Nov 2018 21:53:02 GMT
PPServer
PPV: 30 H: BL2IDSPRTS1A001 V: 0
ETag
"073306df672d41:0"
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=441685
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
18761
Server
Microsoft-IIS/8.5
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Requested by
Host: www.gps.edu.in
URL: https://www.gps.edu.in/slider/PDF-view/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:821::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.gps.edu.in/slider/PDF-view/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Wed, 12 Dec 2018 06:28:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
462525
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
30399
x-xss-protection
1; mode=block
last-modified
Thu, 25 Jan 2018 15:33:24 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 12 Dec 2019 06:28:39 GMT
microsoft_logo_7zyesnzhfxur7eprws2m2q2.png
secure.aadcdn.microsoftonline-p.com/ests/2.1.8358.18/content/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8358.18/content/images/microsoft_logo_7zyesnzhfxur7eprws2m2q2.png
Requested by
Host: www.gps.edu.in
URL: https://www.gps.edu.in/slider/PDF-view/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:2bf::35c1 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.gps.edu.in/slider/PDF-view/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 17 Dec 2018 14:57:24 GMT
Last-Modified
Mon, 19 Nov 2018 22:01:50 GMT
Content-MD5
7ZyesNzhfXUr7eprWs2m2Q==
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
Cache-Control
public, max-age=604753
Connection
keep-alive
Content-Length
1057
0-small_138bcee624fa04ef9b75e86211a9fe0d.jpg
secure.aadcdn.microsoftonline-p.com/ests/2.1.8358.18/content/images/backgrounds/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8358.18/content/images/backgrounds/0-small_138bcee624fa04ef9b75e86211a9fe0d.jpg
Requested by
Host: www.gps.edu.in
URL: https://www.gps.edu.in/slider/PDF-view/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:283::35c1 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.gps.edu.in/slider/PDF-view/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 17 Dec 2018 14:57:24 GMT
Last-Modified
Mon, 19 Nov 2018 22:02:10 GMT
Content-MD5
E4vO5iT6BO+bdehiEan+DQ==
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
Cache-Control
public, max-age=508992
Connection
keep-alive
Content-Length
3006
0_a5dbd4393ff6a725c7e62b61df7e72f0.jpg
secure.aadcdn.microsoftonline-p.com/ests/2.1.8358.18/content/images/backgrounds/ 		277 KB
277 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8358.18/content/images/backgrounds/0_a5dbd4393ff6a725c7e62b61df7e72f0.jpg
Requested by
Host: www.gps.edu.in
URL: https://www.gps.edu.in/slider/PDF-view/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:283::35c1 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.gps.edu.in/slider/PDF-view/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 17 Dec 2018 14:57:24 GMT
Last-Modified
Mon, 19 Nov 2018 22:02:10 GMT
Content-MD5
pdvUOT/2pyXH5ith335y8A==
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
Cache-Control
public, max-age=508992
Connection
keep-alive
Content-Length
283351

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

92 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask string| link number| f76ca8 function| lI1 function| v63v3z6ur1jna undefined| l1l undefined| ll1 undefined| lll string| l_ll string| l11 number| lII string| zLP object| aaRg3 object| gcS3e string| rjbdcs4fl string| b8l4D string| iQ7Uf8bc2i46 string| ew8RjrIKk8X116 string| gjy9LPxgxOO string| uvM5Ufv9 function| ur1jnav63v3z6 string| j1yIPf3x function| s3bUoDM968l6 string| eH7a55t string| wKVk97o number| ii object| l5 string| l6 number| ll number| _l string| qy7 function| qy6 function| qy9 string| qy8 string| msg function| nem undefined| dl number| oe undefined| da function| ge boolean| ws string| tN boolean| izN undefined| zis undefined| zis8 boolean| zOF boolean| i7f number| ppconf function| IIII function| IllI function| I111 function| lI1l function| I11l function| l1I1 function| I1l1 function| lII1 string| l1II string| Ill1 number| r number| d string| o string| lIIl string| Il1l string| lI1I string| IIIl string| lllI string| l11l function| I1ll string| tKit15hh string| xU58S8mG6F4v function| $ function| jQuery undefined| user function| nextStep function| complete undefined| fail object| Illl object| lIII number| l111 string| u object| l1Il object| Il1I number| t number| m object| I1lI number| ctaL number| j number| x object| Il11 object| III1

0 Cookies