urlscan.io logo urlscan.io
SecurityTrails logo

dacamakt.cf Open in urlscan Pro
198.23.213.235  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://dacamakt.cf/user/mail/mail/contact/index.php
Effective URL: https://dacamakt.cf/user/mail/mail/contact/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=9a3bfa1444cea19790b042098...
Submission: On October 04 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 4 HTTP transactions. The main IP is 198.23.213.235, located in United States and belongs to AS-COLOCROSSING, US. The main domain is dacamakt.cf.
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 27th 2021. Valid for: 3 months.
This is the only time dacamakt.cf was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 3 198.23.213.235 36352 (AS-COLOCR...)
1 104.16.19.94 13335 (CLOUDFLAR...)
1 45.79.77.20 63949 (LINODE-AP...)
4 4
Apex Domain
Subdomains		 Transfer
3 dacamakt.cf
dacamakt.cf
544 KB
1 jsonip.com
jsonip.com
448 B
1 cloudflare.com
cdnjs.cloudflare.com
64 KB
4 3
Domain Requested by
3 dacamakt.cf 1 redirects
1 jsonip.com cdnjs.cloudflare.com
1 cdnjs.cloudflare.com dacamakt.cf
4 3

This site contains no links.

Subject Issuer Validity Valid
dacamakt.cf
cPanel, Inc. Certification Authority		 2021-09-27 -
2021-12-26		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-09-21 -
2022-09-20		 a year crt.sh
jsonip.com
R3		 2021-09-24 -
2021-12-23		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://dacamakt.cf/user/mail/mail/contact/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=9a3bfa1444cea19790b0420984a63edd4ebdda1cadc3feb557f2b43d58cf8b67a0f64b2e
Frame ID: BDB17B7512FDC6CAB4F2E2CD2D7A335F
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in

Page URL History Show full URLs

  1. https://dacamakt.cf/user/mail/mail/contact/index.php HTTP 303
    https://dacamakt.cf/user/mail/mail/contact/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=9a... Page URL
  2. https://dacamakt.cf/user/mail/mail/contact/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=9a3bf... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

608 kB
Transfer

1203 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://dacamakt.cf/user/mail/mail/contact/index.php HTTP 303
    https://dacamakt.cf/user/mail/mail/contact/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=9a3bfa1444cea19790b0420984a63edd4ebdda1cadc3feb557f2b43d58cf8b67a0f64b2e Page URL
  2. https://dacamakt.cf/user/mail/mail/contact/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=9a3bfa1444cea19790b0420984a63edd4ebdda1cadc3feb557f2b43d58cf8b67a0f64b2e Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://dacamakt.cf/user/mail/mail/contact/index.php HTTP 303
  • https://dacamakt.cf/user/mail/mail/contact/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=9a3bfa1444cea19790b0420984a63edd4ebdda1cadc3feb557f2b43d58cf8b67a0f64b2e

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
r.php
dacamakt.cf/user/mail/mail/contact/
Redirect Chain
  • https://dacamakt.cf/user/mail/mail/contact/index.php
  • https://dacamakt.cf/user/mail/mail/contact/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=9a3bfa1444cea19790b0420984a63edd4ebdda1cadc3feb557f2b43d58cf8b67a0f64b2e
222 B
538 B 		Document
General
Check archive.org
Download Go to
Full URL
https://dacamakt.cf/user/mail/mail/contact/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=9a3bfa1444cea19790b0420984a63edd4ebdda1cadc3feb557f2b43d58cf8b67a0f64b2e
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
198.23.213.235 , United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS
198-23-213-235-host.colocrossing.com
Software
Apache /
Resource Hash
a3ae7549628d640466788f278c45af8a82476b3a62459c8b3f2ad5108185454a

Request headers

Host
dacamakt.cf
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Cookie
PHPSESSID=f2ce76b31233278277489ea6053dbcc6
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Mon, 04 Oct 2021 17:37:10 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Mon, 04 Oct 2021 17:37:10 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Set-Cookie
PHPSESSID=f2ce76b31233278277489ea6053dbcc6; path=/
LOCATION
./r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=9a3bfa1444cea19790b0420984a63edd4ebdda1cadc3feb557f2b43d58cf8b67a0f64b2e
Content-Length
0
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Primary Request /
dacamakt.cf/user/mail/mail/contact/s/ 		542 KB
543 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dacamakt.cf/user/mail/mail/contact/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=9a3bfa1444cea19790b0420984a63edd4ebdda1cadc3feb557f2b43d58cf8b67a0f64b2e
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
198.23.213.235 , United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS
198-23-213-235-host.colocrossing.com
Software
Apache /
Resource Hash
8eec96fd1c7d43eeafcadfc5a7406d66a10f3a2bafc65989b4a470fd4dcced57

Request headers

Host
dacamakt.cf
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-origin
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://dacamakt.cf/user/mail/mail/contact/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=9a3bfa1444cea19790b0420984a63edd4ebdda1cadc3feb557f2b43d58cf8b67a0f64b2e
Accept-Encoding
gzip, deflate, br
Cookie
PHPSESSID=f2ce76b31233278277489ea6053dbcc6
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://dacamakt.cf/user/mail/mail/contact/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=9a3bfa1444cea19790b0420984a63edd4ebdda1cadc3feb557f2b43d58cf8b67a0f64b2e

Response headers

Date
Mon, 04 Oct 2021 17:37:10 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Keep-Alive
timeout=5, max=98
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/ 		257 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/jquery.js
Requested by
Host: dacamakt.cf
URL: https://dacamakt.cf/user/mail/mail/contact/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=9a3bfa1444cea19790b0420984a63edd4ebdda1cadc3feb557f2b43d58cf8b67a0f64b2e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.19.94 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8eb3cb67ef2f0f1b76167135cef6570a409c79b23f0bc0ede71c9a4018f1408a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://dacamakt.cf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 17:37:11 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
9394697
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
64997
cf-request-id
0abe02e6650000dfc74d27b000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:48 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec4-40464"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bW3n6Neob6BeqF2xUCm3AXPui174yVIjlBc5Rl4O4YJLxD4Vfmg9C0XTIOLD2Jv%2Bmw25vutzTb3BsO83tnLXEDVj5EpvDNYJmeKOoECW59XDYGSIN6XVQPXSs394C31k%2B2cqug75"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
69902d3ddd244e08-FRA
expires
Sat, 24 Sep 2022 17:37:11 GMT
truncated
/ 		383 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
af4114d6e6529cf86fd31564a84e3c482ce90a4e804e9072c4bb1fd2c63796c4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
/
jsonip.com/ 		147 B
448 B 		Script
General
Check archive.org
Download Go to
Full URL
https://jsonip.com/?callback=jQuery30006774122402432887_1633369031367&_=1633369031368
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/jquery.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.79.77.20 Fremont, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
li1176-20.members.linode.com
Software
nginx/1.20.1 /
Resource Hash
6ae6502f048767664decef102e7434271bfe0430cda56e0a61c307be10e5f751
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://dacamakt.cf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 04 Oct 2021 17:37:11 GMT
Server
nginx/1.20.1
Strict-Transport-Security
max-age=31536000;
Access-Control-Allow-Methods
GET
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Connection
keep-alive
truncated
/ 		7 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fef3f3f4e39556314ae4ab6d3ec73ad0ba8ff0a2a7a767adca9e4b579b4d1c1c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		10 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f27488180e7f6ac0efb145218e45975622ad059d5908f6c44525d42fed938aea

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1efa61969ab396258989a98a1f59b5f64b381346567596e7d754e5030580f551

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery function| getIPAddress string| x

2 Cookies

Domain/Path Name / Value
dacamakt.cf/user/mail/mail/contact/s Name: ip11
Value: 216.131.114.187
dacamakt.cf/ Name: PHPSESSID
Value: f2ce76b31233278277489ea6053dbcc6