0/100

low Risk

kalyanonlinematkaapp.in.net

https://kalyanonlinematkaapp.in.net/

172.67.139.34 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

11525 days

HTTP

200 · 35.9s

SSL

Valid· E7, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Screenshot of kalyanonlinematkaapp.in.net

Zoom

Title: "Kubet Casino - Link Chính Thức Đăng Nhập Kubet ⚜️ Ku Casino"

Save

Domain Intelligence: in.net

Scanned 2 times since May 16, 2026, 02:35 PM UTC

ℹ Low (15)

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

Kubet Casino

Vendors

30/31

Status

partial

✗ norton✓ sophos✓ brightcloud✓ yandex✓ polyswarm✓ microsoft✓ apple✓ avg✓ avast✓ chainpatrol✓ bitdefender✓ openphish✓ apwg✓ urlscan✓ phishreport✓ urlquery✓ emsisoft✓ isitphish✓ cisa✓ spamhaus✓ netcraft✓ virustotal✓ phishtank✓ urlabuse✓ eset✓ drweb✓ threatyeti✓ kaspersky✓ google✓ mcafee✓ fortiguard

Registered-domain escalation

Submit in.net as the primary IOC, enriched with evidence from hostile subdomains like kalyanonlinematkaapp.in.net.

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Kubet Casino

Unknown

gambling · 6/3/2026

Summary

The page presents Kubet Casino branding (title, logos, images) but is hosted on a suspicious domain kalyanonlinematkaapp.in.net. Visual elements, including Kubet-equivalent branding and a login-like narrative, suggest potential impersonation of Kubet to capture credentials, yet the domain appears not to be an official Kubet domain. The site uses SPA-like behavior with dynamic content and external analytics/scripts, and the page includes Kubet imagery such as logo_KUbet.png and kubet-4.jpg. Given the mismatch between domain and brand, this constitutes impersonation signals; however, there is no static login form detected in the HTML, and credentials capture would rely on JavaScript executed after load.

Evidence Summary

▸Observed 3 capture stage(s); canonical stage is late_render_3s.

▸POST targets observed during capture: https://www.google-analytics.com/g/collect?v=2&tid=G-WFM9XFMSFJ&gtm=45je65d0v9206583288za200zd9206583288&_p=1778942314269&gcd=13l3l3l3l1l1&npa=0&dma=0&are=1&cid=1441174332.1778942315&frm=0&pscdl=noapi&rcb=6&sr=1280x720&uaa=x86&uab=64&uafvl=Not%253AA-Brand%3B99.0.0.0%7CHeadlessChrome%3B145.0.7632.6%7CChromium%3B145.0.7632.6&uam=&uamb=0&uap=Windows&uapv=10.0&uaw=0&ul=en-us&_s=1&tag_exp=0~115938466~115938469&sid=1778942314&sct=1&seg=0&dl=https%3A%2F%2Fkalyanonlinematkaapp.in.net%2F&dt=Kubet%20Casino%20-%20Link%20Ch%C3%ADnh%20Th%E1%BB%A9c%20%C4%90%C4%83ng%20Nh%E1%BA%ADp%20Kubet%20%E2%9A%9C%EF%B8%8F%20Ku%20Casino&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=3662, https://kalyanonlinematkaapp.in.net/cdn-cgi/rum?.

▸Distinctive asset clues: email-decode.min.js, v833ccba57c9e4d2798f2e76cebdd09a11778172276447, server-calcs.css, vietlott.css, kubet-4.jpg, logo_KUbet.png.

Capture

Stages: 3

Canonical: Late Render (+3s)

Changed: No

Credential Signals

Forms: 0

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 189

Hosts: 7

Domains: 7

Attack Techniques (2)

Brand impersonation signals detected: Kubet Casino branding rendered on a non-official domain (kalyanonlinematkaapp.in.net).SPA-like page with dynamic credential collection risk: 0 static forms in HTML but numerous external scripts loaded (potentially credential capture via JS).

Indicators of Compromise (1)

▸No login form present in static HTML; SPA rendering may populate forms via JS (credential UI could be injected at runtime).

Risk AssessmentUsed in abuse reports

The site presents Kubet Casino branding on a non-official domain, with multiple indicators of impersonation risk (brand-focused content on a suspicious domain). The static HTML contains no login form, but SPA behavior means credentials could be collected via JavaScript after load. The presence of Cloudflare protection and a recent Lets Encrypt cert plus a large number of external scripts increases complexity but does not negate impersonation risk. Recommend treating as potential credential phishing and monitor; block or suspend domain as needed based on abuse policy. The scanner note about 0 static forms and heavy JS aligns with SPA credential capture risks observed in impersonation attempts.

Recommended Action

Suspend Domain

Cross-Reference9

URL Intelligence