cdfhf.localdats.com
Open in
urlscan Pro
178.162.199.80
Malicious Activity!
Public Scan
Effective URL: https://cdfhf.localdats.com/s/5ac3bc13e6a33?utm_source=5ac3bc13e6a33&cid=132964712
Submission: On March 23 via api from BE — Scanned from PL
Summary
TLS certificate: Issued by R3 on March 23rd 2023. Valid for: 3 months.
This is the only time cdfhf.localdats.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Porn Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 80.211.254.25 80.211.254.25 | 205727 (ARUBA) (ARUBA) | |
12 | 178.162.199.80 178.162.199.80 | 28753 (LEASEWEB-...) (LEASEWEB-DE-FRA-10) | |
13 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
localdats.com
cdfhf.localdats.com |
414 KB |
1 |
bnbdating.com
www.bnbdating.com |
1 KB |
13 | 2 |
Domain | Requested by | |
---|---|---|
12 | cdfhf.localdats.com |
www.bnbdating.com
cdfhf.localdats.com |
1 | www.bnbdating.com | |
13 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
localdats.com R3 |
2023-03-23 - 2023-06-21 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://cdfhf.localdats.com/s/5ac3bc13e6a33?utm_source=5ac3bc13e6a33&cid=132964712
Frame ID: 6259C39E5390D21CD08D29E31AC472C9
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
Najbardziej popularny serwis randkowy w tym miesiÄ…cuPage URL History Show full URLs
- http://www.bnbdating.com/jXlfUe7mRUIGbZuDFXgsFjHMdZwtS3NIjn009WpeFy7bOg105ffxroGSe9U2ljMUgeKKRjaYbDUj... Page URL
- https://cdfhf.localdats.com/s/5ac3bc13e6a33?utm_source=5ac3bc13e6a33&cid=132964712 Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://www.bnbdating.com/jXlfUe7mRUIGbZuDFXgsFjHMdZwtS3NIjn009WpeFy7bOg105ffxroGSe9U2ljMUgeKKRjaYbDUjLzgSkX10Bh5l5QP52qVWLlEVvSOmQvQ=?csMex7e7kU9-4BJ1ADkw8KAOicKBH1rkAplB7ODweCL_pLyiKuMQhRj8AGpdV3PvJDO8jVacH-JQ5KvCfHBXQixMW1Yn-p7TTyXSPtsiSQk4TaGnxGT0D-2RLajhpjwgNfTxv-i-iWshzNv4Nx8wq-rYSLE9NNictLhf7JUhHCcMw_8nIEtdOa6xx4MX9d351nZXSTj0-ECcfkT1gj7zyMjuXo9ZtNCFrR7ZpTQm2MWivbWEHmpxzTzQE-LfOun-K6u75oNUqyoRoxOfjY5fhw== Page URL
- https://cdfhf.localdats.com/s/5ac3bc13e6a33?utm_source=5ac3bc13e6a33&cid=132964712 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
jXlfUe7mRUIGbZuDFXgsFjHMdZwtS3NIjn009WpeFy7bOg105ffxroGSe9U2ljMUgeKKRjaYbDUjLzgSkX10Bh5l5QP52qVWLlEVvSOmQvQ=
www.bnbdating.com/ |
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
5ac3bc13e6a33
cdfhf.localdats.com/s/ |
4 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css.css
cdfhf.localdats.com/bundle/2/assets/css/ |
71 KB 71 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-2.js
cdfhf.localdats.com/bundle/2/assets/js/ |
84 KB 84 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js.js
cdfhf.localdats.com/bundle/2/assets/js/ |
414 B 694 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
click.js
cdfhf.localdats.com/js/ |
7 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
no.png
cdfhf.localdats.com/bundle/2/assets/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
yes.png
cdfhf.localdats.com/bundle/2/assets/img/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1.jpg
cdfhf.localdats.com/bundle/2/assets/img/ |
88 KB 89 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pattern.png
cdfhf.localdats.com/bundle/2/assets/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Lato-Regular.ttf
cdfhf.localdats.com/bundle/2/assets/css/fonts/ |
117 KB 118 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fp2.min.js
cdfhf.localdats.com/js/ |
30 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
track.php
cdfhf.localdats.com/ |
0 254 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Porn Scam (Online)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery function| fingerprintGo function| sendTrack function| collectTrackParams function| closingConfirm function| handleError function| getParameterByName function| collectParams function| checkRequired function| setLeadInfo function| setCF function| Fingerprint22 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.localdats.com/ | Name: s Value: exJZGTDsDieK8KrTYBOy91L3KloB0LZiU%2Bz%2FwumUr%2B4fqZqwLJp8ma34MX%2BH94IRRBOEhft5BTGgVN9fRcvzYiB%2BNvkRH6NV%2FTdQXhoa1ZpD84S6bBRGjoMEZJi2x6yQe6hKecb52Th3JDvlcsuW0csduHslyPMe%2BbCR1xcLALH8STdgAlWqnta48ub2i0ZvDaehrndRYI6udFR0jHFocPUO9DVcMIrnnY8s%2BWy0hIFwretizGGhPwmlqp8Lni36NMPEcPo%2BB37%2BTmDPKFFbrGMmxUvLLHW2y8i0dsFEto4sEmR7zZSS489nXfSuWGyjM7%2FZyuP3xlKDu5Sc2m%2FgBRFMg4L8L4gUk1p%2BHdlcjUwSC%2FGNQx2Cn0EiPe40kqMoHfWvEuP%2F4x2w2lPhemTOOW9NQ%2BeVLvId234lqOdITlWt3QTbSh0RWwN8LEzbslcZl0S%2BsIxQTw9EWRkMOnYkUQCpblxv91KCbSyjZb0YZXjanZbop3ZJ2jovTc3YJaATF%2FGKsbroDsK%2FRFSGrzkgZqF5YiSpTuH6C0%2FgjWtNuO5de6QXGA%2Fxf2b9P5%2FSPSid8ALcl3lyRIcKjaoyt6f4rmFfjGxYPAuVLQUVU%2Fs0BmAO%2B2k6P9Kt9Lb5PE9Luln380yVz0Hf08oOiVzetaB95C60AyBNqEFbH21bJ55RA58TbEYSNl%2FmgWMK1aQSZJw%2FJZRTFrzvLURm4PBkuWizmXfKvgVGYjz43B7%2BJpXsDqRXhLfrttndJaBFwtnOwMDzv92LL5DBBaV4vAQisheC59dBV%2Fo1QuVyQ85yFtxr7J28PqkuYsf1Cxbr%2FxH1mJ2%2BXdBA5%2BKusG9rliHwxDfJv%2BgMuFUCTi2fk8YXN2ClVDqp4YO%2FAL4uO2XngZbwbpfwrCRWXcB2rZOIUmayr3Pv9TSiBRdK4Wsq%2FavuSfAM%2B%2BgiGVROUEQHfPu54%2BpAjWVzYtJb2nC5xNvsD14Oi%2F%2B4KlDaNRlVf%2B7YxBzoOb4YFQOALXjVHnkH8qdy7jTRreszUM3xNx9JdjwVMrcSLIvMn4e%2FuUzbA9YL%2FtacTI82JsoZOKqzo7QJl7%2BKN%2FkIc8cAO5clX99MuBBsBOt0fuYof3%2ByxzP4le743FhhvPD9UC63y7wjckCNJqgASwFXh0hutsiCP5R3Z8odDGoRhX7jl4WtW8bjYyd9dI3ShKWNMGE11l2eGcud7zhy8TixT51PLsxfsF4W1b3AdamXJ7Av8SeT%2BT6y4MwNTpJR%2FByjyRCm1cHiLV9Ov%2FkXfVHKfcia8ITsYGsIbCsEbOpblEQceC79S7NYbfQZTEP5sQChOROWvWrZw3KzY3zoSFQe0vQ6z8n53Xj3BEYxwanUfhSGTRxpQoalGWz68WfEA6J6U0pn9levwuePUi6Kj%2BguTkoYO3NVg3LnaSBvGEkLBaTfDz%2FrygYM29ajctI8S%2BMh4azg3Ntk2vqck%2FrCFFtFEnOR47bKL2A54E3H61Jtc5R9cDmZh85Ly%2FjNKRfrREC87leYSYawp%2B3UXLHJO6QCrJPzdJVQ%2B3PlE6GJlYStCErIHyAJEDdmnj8nPC2iErF%2FkQW%2FaHB3WP0RJpoL2Y8XKKRhrvCb%2FBlpoik6EO0C0WiA97k8slZdSkI33iEEIwb05ZCCzjXEsrcRwcvU%2Fd8FSRcc1wI%3D |
|
cdfhf.localdats.com/ | Name: CF Value: Vj17k4j4ZW+qjjT3udNTSg__ |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdfhf.localdats.com
www.bnbdating.com
178.162.199.80
80.211.254.25
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
15d4127cd56e1b50b5d57340161ff54d22713da009df6904925833779ab125d0
18505ac7b697920c4bf75c30355001f1c3947d739fc45ba8774de9a793da4d8b
3836b0592b467da4cab99eb40b0fc44f34622144bac13a784ac88848b2890bda
5cbc28ef1cf07ab8956014b581aa2b96baac861237975813702e63c886b0c004
6bfdecff876226c1e233f71e7b0b1a6e0eb238281a52156c39f051691dd88a43
6e1bf43d1d49858aacd5de53b32b551732bca4b2a46b1f808eb6d6d0f2b70c0e
73fd916f93da033550358c1ba1a28e81da907c64ae55374856037e8ecf9cd523
7ae714b63c2c8b940bdd211a0cc678f01168a34eea8aa13c0df25364f29238a7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f92df46462c54bc2ac714a834a336ca1c8c961992495b6f641311ecb587a9a96
fedd7527d1cceee3052bf4bb62e76d56e8200a115d8a2affae23a125578b7ad1