mail.allenkids.co.in
Open in
urlscan Pro
162.241.87.22
Malicious Activity!
Public Scan
Submitted URL: https://mail.allenkids.co.in/p/
Effective URL: https://mail.allenkids.co.in/p/10h.php
Submission: On June 08 via automatic, source openphish — Scanned from DE
Effective URL: https://mail.allenkids.co.in/p/10h.php
Submission: On June 08 via automatic, source openphish — Scanned from DE
Summary
This website contacted 4 IPs
in 2 countries
across 3 domains to perform 23 HTTP transactions.
The main IP is 162.241.87.22, located in
United States and
belongs to UNIFIEDLAYER-AS-1, US.
The main domain is mail.allenkids.co.in.
TLS certificate: Issued by R3 on June 3rd 2022. Valid for: 3 months.
This is the only time mail.allenkids.co.in was scanned on urlscan.io!
TLS certificate: Issued by R3 on June 3rd 2022. Valid for: 3 months.
This is the only time mail.allenkids.co.in was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Citibank (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 20 | 162.241.87.22 162.241.87.22 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
| 2 | 2606:4700::68... 2606:4700::6810:5514 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:800::200a | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:82b::200a | 15169 (GOOGLE) (GOOGLE) | |
| 23 | 4 |
20
162.241.87.22
(United States)
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: server.superhouseeducation.com
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: server.superhouseeducation.com
| mail.allenkids.co.in |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 20 |
allenkids.co.in
1 redirects
mail.allenkids.co.in |
438 KB |
| 2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 52 ajax.googleapis.com — Cisco Umbrella Rank: 281 |
32 KB |
| 2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 427 |
53 KB |
| 23 | 3 |
| Domain | Requested by | |
|---|---|---|
| 20 | mail.allenkids.co.in |
1 redirects
mail.allenkids.co.in
|
| 2 | cdn.jsdelivr.net |
mail.allenkids.co.in
|
| 1 | ajax.googleapis.com |
mail.allenkids.co.in
|
| 1 | fonts.googleapis.com |
mail.allenkids.co.in
|
| 23 | 4 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| citi-managecustostomerservice.com R3 |
2022-06-03 - 2022-09-01 |
3 months | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-06-02 - 2023-06-01 |
a year | crt.sh |
| upload.video.google.com GTS CA 1C3 |
2022-05-09 - 2022-08-01 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://mail.allenkids.co.in/p/10h.php
Frame ID: E28A728C3A5625C81BBF94C955288B47
Requests: 23 HTTP requests in this frame
Screenshot
Page Title
Sign on to Your Citi AccountPage URL History Show full URLs
-
https://mail.allenkids.co.in/p/
HTTP 302
https://mail.allenkids.co.in/p/10h.php Page URL
Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Google Font API
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://mail.allenkids.co.in/p/
HTTP 302
https://mail.allenkids.co.in/p/10h.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
10h.php
mail.allenkids.co.in/p/ Redirect Chain
|
16 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/css/ |
189 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
style.css
mail.allenkids.co.in/p/assets/css/ |
5 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
icon
fonts.googleapis.com/ |
569 B 869 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
lt.png
mail.allenkids.co.in/p/assets/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
loc.svg
mail.allenkids.co.in/p/assets/img/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
world.svg
mail.allenkids.co.in/p/assets/img/ |
3 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
citiqr.PNG
mail.allenkids.co.in/p/assets/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
checkno.png
mail.allenkids.co.in/p/assets/img/ |
460 B 701 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
checkyes.png
mail.allenkids.co.in/p/assets/img/ |
479 B 720 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
eqh.png
mail.allenkids.co.in/p/assets/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
gp.png
mail.allenkids.co.in/p/assets/img/ |
24 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ap.png
mail.allenkids.co.in/p/assets/img/ |
20 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
f.png
mail.allenkids.co.in/p/assets/img/ |
445 B 686 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
t.png
mail.allenkids.co.in/p/assets/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
y.png
mail.allenkids.co.in/p/assets/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bot.png
mail.allenkids.co.in/p/assets/img/ |
27 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/js/ |
78 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bg.jpg
mail.allenkids.co.in/p/assets/img/ |
106 KB 106 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Interstate-Regular.woff
mail.allenkids.co.in/p/assets/fonts/ |
77 KB 77 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Interstate-Light.woff
mail.allenkids.co.in/p/assets/fonts/ |
74 KB 74 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Interstate-Bold.woff
mail.allenkids.co.in/p/assets/fonts/ |
70 KB 70 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Citibank (Banking)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation number| uidEvent object| bootstrap function| $ function| jQuery number| fst1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| mail.allenkids.co.in/ | Name: PHPSESSID Value: eae36540c8f05f75e416a6c4e39c8135 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdn.jsdelivr.net
fonts.googleapis.com
mail.allenkids.co.in
162.241.87.22
2606:4700::6810:5514
2a00:1450:4001:800::200a
2a00:1450:4001:82b::200a
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
12b48b07e600f88b3b8c6bbc29d739ca833d050023648c502d65941530025e49
2515e37eee31f5ef3d659b21dcc84dc6ea732b06872da51078b5b526de34c0c1
45f3c0afc3be4e6b87f7b8e250bb191fe3765cc0e0676df3732393c09d66ed82
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
63ed908a17ad58988e9ff4a92cec9439d9113862557838f8f68541d97a2c4074
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
7107aabf60743d01b5e28d3bcc9f9e285aace410a27567cbb7a8b69f35658c05
87c763c6b05015e55915d0a1e6647e4e5d0b996e78d79e1afe228dd33b68e65b
8fb78703878f5ab173973292e3d0ff22ea209e9101bf1f46bf6af1cc111f297c
a079bb0d5590826bcc664715122004dff51e76c79608bc29f586c9388b623b77
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
aac1a7d29d34b82a0db97b2623938386e77c64091143f3cc64d593d51c7ea8ce
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
dbdebfcc2ed9932006edcfc7f8190ca5c9a04ff737e990645712ccc33e5ce070
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
f23485e8b9c368f28f18a0bb110573df79c00ac3a2ca71d68017db100207639d
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
fb1763b59f9f5764294b5af9fa5250835ae608282fe6f2f2213a5952aacf1fbf
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e