kasindia.com
Open in
urlscan Pro
103.209.144.235
Malicious Activity!
Public Scan
Effective URL: http://kasindia.com/eg.gs/owaLLC/auth/
Submission: On January 31 via manual from HK — Scanned from DE
Summary
This is the only time kasindia.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Outlook Web Access (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 3.232.242.170 3.232.242.170 | 14618 (AMAZON-AES) (AMAZON-AES) | |
4 | 103.209.144.235 103.209.144.235 | 134926 (MICROHOST...) (MICROHOST-AS Micro Hosting Private Limited) | |
4 | 1 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-3-232-242-170.compute-1.amazonaws.com
docsend.com |
ASN134926 (MICROHOST-AS Micro Hosting Private Limited, IN)
PTR: 235-144-209-103.microhost.com
kasindia.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
kasindia.com
kasindia.com |
59 KB |
1 |
docsend.com
1 redirects
docsend.com — Cisco Umbrella Rank: 78428 |
5 KB |
4 | 2 |
Domain | Requested by | |
---|---|---|
4 | kasindia.com |
kasindia.com
|
1 | docsend.com | 1 redirects |
4 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://kasindia.com/eg.gs/owaLLC/auth/
Frame ID: 69BC2B52F0306EF65151DA6D937FFB1C
Requests: 4 HTTP requests in this frame
Screenshot
Page Title
DocumentPage URL History Show full URLs
-
http://docsend.com/view/cj862ics6vfq2v6w
HTTP 307
https://docsend.com/view/cj862ics6vfq2v6w HTTP 302
http://kasindia.com/eg.gs/owaLLC/auth/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://docsend.com/view/cj862ics6vfq2v6w
HTTP 307
https://docsend.com/view/cj862ics6vfq2v6w HTTP 302
http://kasindia.com/eg.gs/owaLLC/auth/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
kasindia.com/eg.gs/owaLLC/auth/ Redirect Chain
|
466 B 794 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
captcha.js
kasindia.com/eg.gs/owaLLC/auth/assets/js/ |
118 KB 43 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
captcha.png
kasindia.com/eg.gs/owaLLC/auth/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2134651.png
kasindia.com/eg.gs/owaLLC/auth/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Outlook Web Access (Online)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| setImmediate function| clearImmediate function| Vue4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.docsend.com/ | Name: _v_ Value: 1YXDRrwOHbU%2BvZqhnSDLnmq75bRckcUPWOCv3V8ICzUSICCdSFd9mPNxaC0MYhiyQIqiEcM1ue7JZibUvmfZM9LybOf7BqXJNBpjwZQ%3D--eKEcHX5QLY4hXx%2BS--LciXRZPewR%2BChKLgPPomkA%3D%3D |
|
.docsend.com/ | Name: _us_ Value: BAhJIg92aWV3ZWQgZG9jBjoGRVQ%3D--86064670cbcb81a84182616ff39e8415292b30d1 |
|
.docsend.com/ | Name: _dss_ Value: 00303b9d30c73e34d0457ac7c15a6420 |
|
kasindia.com/ | Name: cazanova Value: 9435aed3c8705429c33a34da84e5cc14c055fb3b |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
docsend.com
kasindia.com
103.209.144.235
3.232.242.170
10565764da9848dc9bb77662d6a8658cc96d1933cf671b2f173f75ca128d2948
c33f1d79ff8a5225bb8136d5dc85c3bd138566184a0345b41301f06ff2bbca66
df1b2835683ecb9ea49f05df5fecad5ab323c92618692154be71d71d0969800f
ff2294f85ad59d6d537ba92d2c8054c8f824736f946714688c1f51a6a6577bd3