urlscan.io logo urlscan.io
SecurityTrails logo

kasindia.com Open in urlscan Pro
103.209.144.235  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://docsend.com/view/cj862ics6vfq2v6w
Effective URL: http://kasindia.com/eg.gs/owaLLC/auth/
Submission: On January 31 via manual from HK — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 4 HTTP transactions. The main IP is 103.209.144.235, located in India and belongs to MICROHOST-AS Micro Hosting Private Limited, IN. The main domain is kasindia.com.
This is the only time kasindia.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook Web Access (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 3.232.242.170 14618 (AMAZON-AES)
4 103.209.144.235 134926 (MICROHOST...)
4 1
Apex Domain
Subdomains		 Transfer
4 kasindia.com
kasindia.com
59 KB
1 docsend.com
docsend.com — Cisco Umbrella Rank: 78428
5 KB
4 2
Domain Requested by
4 kasindia.com kasindia.com
1 docsend.com 1 redirects
4 2

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://kasindia.com/eg.gs/owaLLC/auth/
Frame ID: 69BC2B52F0306EF65151DA6D937FFB1C
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Document

Page URL History Show full URLs

  1. http://docsend.com/view/cj862ics6vfq2v6w HTTP 307
    https://docsend.com/view/cj862ics6vfq2v6w HTTP 302
    http://kasindia.com/eg.gs/owaLLC/auth/ Page URL

Page Statistics

4
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

59 kB
Transfer

133 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://docsend.com/view/cj862ics6vfq2v6w HTTP 307
    https://docsend.com/view/cj862ics6vfq2v6w HTTP 302
    http://kasindia.com/eg.gs/owaLLC/auth/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
kasindia.com/eg.gs/owaLLC/auth/
Redirect Chain
  • http://docsend.com/view/cj862ics6vfq2v6w
  • https://docsend.com/view/cj862ics6vfq2v6w
  • http://kasindia.com/eg.gs/owaLLC/auth/
466 B
794 B 		Document
General
Check archive.org
Download Go to
Full URL
http://kasindia.com/eg.gs/owaLLC/auth/
Protocol
HTTP/1.1
Server
103.209.144.235 , India, ASN134926 (MICROHOST-AS Micro Hosting Private Limited, IN),
Reverse DNS
235-144-209-103.microhost.com
Software
LiteSpeed /
Resource Hash
c33f1d79ff8a5225bb8136d5dc85c3bd138566184a0345b41301f06ff2bbca66

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
311
content-type
text/html; charset=UTF-8
date
Tue, 31 Jan 2023 06:51:51 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
LiteSpeed
vary
Accept-Encoding

Redirect headers

Cache-Control
no-cache
Connection
keep-alive
Content-Encoding
gzip
Content-Security-Policy
script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' https://d2qvtfnm75xrxf.cloudfront.net https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://*.google-analytics.com https://cdn.segment.com https://scripts.kissmetrics.com https://*.id.opendns.com https://js-agent.newrelic.com https://*.nr-data.net https://www.youtube.com https://*.ytimg.com https://vimeo.com https://www.vimeo.com https://www.googletagmanager.com https://www.googleadservices.com https://tagmanager.google.com https://connect.facebook.net https://*.quora.com https://*.bing.com https://api.autopilothq.com https://*.capterra.com https://*.g.doubleclick.net https://js.hs-analytics.net https://js.hs-scripts.com https://js-na1.hs-scripts.com https://js.hscollectedforms.net https://js.hsleadflows.net https://js.stripe.com https://checkout.stripe.com https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://maps.googleapis.com https://static.filestackapi.com https://zapier.com https://d2wy8f7a9ursnm.cloudfront.net https://polyfill.io/v3/polyfill.min.js 'nonce-3X8sKcRE2xoMiL9U/Y0xLw=='; report-uri https://www.dropbox.com/csp_log?policy_name=docsend; default-src 'self'; base-uri 'self'; child-src 'self' blob:; connect-src 'self' blob: https://d2qvtfnm75xrxf.cloudfront.net https://*.previews.dropboxusercontent.com/*/p.m3u8 https://*.dropboxusercontent.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.intercomcdn.com https://uploads.intercomusercontent.com https://sessions.bugsnag.com https://notify.bugsnag.com https://*.browser-intake-datadoghq.com https://*.kissmetrics.com https://*.kissmetrics.io https://api.segment.io https://cdn.segment.com https://*.id.opendns.com https://www.google-analytics.com https://*.g.doubleclick.net https://www.facebook.com https://api.autopilothq.com https://*.filestackapi.com https://cdn.filestackcontent.com https://s3.amazonaws.com https://*.nr-data.net https://*.dropbox.com https://*.dropboxapi.com https://*.dropboxstatic.com https://browser.pipe.aria.microsoft.com https://checkout.stripe.com https://forms.hubspot.com https://*.pubnub.com https://docsend-prod.s3.amazonaws.com; font-src 'self' https: data: chrome-extension:; form-action 'self' https://docsend.com https://*.docsend.com https://intercom.help https://api-iam.intercom.io https://accounts.google.com https://www.linkedin.com https://*.salesforce.com https://www.dropbox.com https://accounts.logme.in https://secure.join.me https://*.okta.com https://*.oktapreview.com https://*.jumpcloud.com https://*.onelogin.com https://zapier.com https://ifttt.com https://www.facebook.com; frame-src 'self' https://d2qvtfnm75xrxf.cloudfront.net https://js.stripe.com https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com https://*.g.doubleclick.net https://tpc.googlesyndication.com https://www.facebook.com https://telemetryservice.firstpartyapps.oaspapps.com https://consent.dropbox.com https://ifttt.com; img-src 'self' https: data: blob: chrome-extension:; media-src 'self' blob: data: https://d2qvtfnm75xrxf.cloudfront.net https://js.intercomcdn.com https://*.dropboxusercontent.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://d2qvtfnm75xrxf.cloudfront.net https://fonts.googleapis.com https://tagmanager.google.com https://static.filestackapi.com https://use.fontawesome.com https://vjs.zencdn.net; worker-src 'self' blob:
Content-Type
text/html; charset=utf-8
Date
Tue, 31 Jan 2023 06:51:51 GMT
Location
http://kasindia.com/eg.gs/owaLLC/auth/
Server
nginx
Strict-Transport-Security
max-age=31556952; includeSubDomains; preload
Transfer-Encoding
chunked
Vary
Accept-Encoding
Via
1.1 vegur
X-Frame-Options
DENY
X-Request-Id
07b80fd9-8c5c-40c8-b30c-9f41ccff0f1b
X-Runtime
0.078369
captcha.js
kasindia.com/eg.gs/owaLLC/auth/assets/js/ 		118 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://kasindia.com/eg.gs/owaLLC/auth/assets/js/captcha.js
Requested by
Host: kasindia.com
URL: http://kasindia.com/eg.gs/owaLLC/auth/
Protocol
HTTP/1.1
Server
103.209.144.235 , India, ASN134926 (MICROHOST-AS Micro Hosting Private Limited, IN),
Reverse DNS
235-144-209-103.microhost.com
Software
LiteSpeed /
Resource Hash
10565764da9848dc9bb77662d6a8658cc96d1933cf671b2f173f75ca128d2948

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://kasindia.com/eg.gs/owaLLC/auth/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 31 Jan 2023 06:51:51 GMT
content-encoding
gzip
last-modified
Thu, 28 Jan 2021 00:33:44 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800
Connection
Keep-Alive
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
content-length
43239
expires
Tue, 07 Feb 2023 06:51:51 GMT
captcha.png
kasindia.com/eg.gs/owaLLC/auth/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://kasindia.com/eg.gs/owaLLC/auth/captcha.png?_1675147914688
Protocol
HTTP/1.1
Server
103.209.144.235 , India, ASN134926 (MICROHOST-AS Micro Hosting Private Limited, IN),
Reverse DNS
235-144-209-103.microhost.com
Software
LiteSpeed /
Resource Hash
df1b2835683ecb9ea49f05df5fecad5ab323c92618692154be71d71d0969800f

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://kasindia.com/eg.gs/owaLLC/auth/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 Jan 2023 06:51:54 GMT
server
LiteSpeed
content-type
image/png
cache-control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
content-length
5591
expires
Thu, 19 Nov 1981 08:52:00 GMT
2134651.png
kasindia.com/eg.gs/owaLLC/auth/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://kasindia.com/eg.gs/owaLLC/auth/2134651.png
Protocol
HTTP/1.1
Server
103.209.144.235 , India, ASN134926 (MICROHOST-AS Micro Hosting Private Limited, IN),
Reverse DNS
235-144-209-103.microhost.com
Software
LiteSpeed /
Resource Hash
ff2294f85ad59d6d537ba92d2c8054c8f824736f946714688c1f51a6a6577bd3

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://kasindia.com/eg.gs/owaLLC/auth/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 31 Jan 2023 06:51:54 GMT
last-modified
Sun, 31 Jan 2021 00:32:58 GMT
server
LiteSpeed
content-type
image/png
cache-control
public, max-age=604800
Connection
Keep-Alive
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
content-length
9883
expires
Tue, 07 Feb 2023 06:51:54 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook Web Access (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| setImmediate function| clearImmediate function| Vue

4 Cookies

Domain/Path Name / Value
.docsend.com/ Name: _v_
Value: 1YXDRrwOHbU%2BvZqhnSDLnmq75bRckcUPWOCv3V8ICzUSICCdSFd9mPNxaC0MYhiyQIqiEcM1ue7JZibUvmfZM9LybOf7BqXJNBpjwZQ%3D--eKEcHX5QLY4hXx%2BS--LciXRZPewR%2BChKLgPPomkA%3D%3D
.docsend.com/ Name: _us_
Value: BAhJIg92aWV3ZWQgZG9jBjoGRVQ%3D--86064670cbcb81a84182616ff39e8415292b30d1
.docsend.com/ Name: _dss_
Value: 00303b9d30c73e34d0457ac7c15a6420
kasindia.com/ Name: cazanova
Value: 9435aed3c8705429c33a34da84e5cc14c055fb3b