dacamakt.cf
Open in
urlscan Pro
198.23.213.235
Malicious Activity!
Public Scan
Effective URL: https://dacamakt.cf/user/mail/mail/contact/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=9a3bfa1444cea19790b042098...
Submission: On October 04 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 27th 2021. Valid for: 3 months.
This is the only time dacamakt.cf was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 3 | 198.23.213.235 198.23.213.235 | 36352 (AS-COLOCR...) (AS-COLOCROSSING) | |
1 | 104.16.19.94 104.16.19.94 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 45.79.77.20 45.79.77.20 | 63949 (LINODE-AP...) (LINODE-AP Linode) | |
4 | 4 |
ASN36352 (AS-COLOCROSSING, US)
PTR: 198-23-213-235-host.colocrossing.com
dacamakt.cf |
ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1176-20.members.linode.com
jsonip.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
dacamakt.cf
1 redirects
dacamakt.cf |
544 KB |
1 |
jsonip.com
jsonip.com |
448 B |
1 |
cloudflare.com
cdnjs.cloudflare.com |
64 KB |
4 | 3 |
Domain | Requested by | |
---|---|---|
3 | dacamakt.cf | 1 redirects |
1 | jsonip.com |
cdnjs.cloudflare.com
|
1 | cdnjs.cloudflare.com |
dacamakt.cf
|
4 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
dacamakt.cf cPanel, Inc. Certification Authority |
2021-09-27 - 2021-12-26 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-09-21 - 2022-09-20 |
a year | crt.sh |
jsonip.com R3 |
2021-09-24 - 2021-12-23 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://dacamakt.cf/user/mail/mail/contact/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=9a3bfa1444cea19790b0420984a63edd4ebdda1cadc3feb557f2b43d58cf8b67a0f64b2e
Frame ID: BDB17B7512FDC6CAB4F2E2CD2D7A335F
Requests: 8 HTTP requests in this frame
Screenshot
Page Title
Sign inPage URL History Show full URLs
-
https://dacamakt.cf/user/mail/mail/contact/index.php
HTTP 303
https://dacamakt.cf/user/mail/mail/contact/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=9a... Page URL
- https://dacamakt.cf/user/mail/mail/contact/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=9a3bf... Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://dacamakt.cf/user/mail/mail/contact/index.php
HTTP 303
https://dacamakt.cf/user/mail/mail/contact/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=9a3bfa1444cea19790b0420984a63edd4ebdda1cadc3feb557f2b43d58cf8b67a0f64b2e Page URL
- https://dacamakt.cf/user/mail/mail/contact/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=9a3bfa1444cea19790b0420984a63edd4ebdda1cadc3feb557f2b43d58cf8b67a0f64b2e Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://dacamakt.cf/user/mail/mail/contact/index.php HTTP 303
- https://dacamakt.cf/user/mail/mail/contact/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=9a3bfa1444cea19790b0420984a63edd4ebdda1cadc3feb557f2b43d58cf8b67a0f64b2e
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
r.php
dacamakt.cf/user/mail/mail/contact/ Redirect Chain
|
222 B 538 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
dacamakt.cf/user/mail/mail/contact/s/ |
542 KB 543 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/ |
257 KB 64 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
383 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
jsonip.com/ |
147 B 448 B |
Script
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
10 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery function| getIPAddress string| x2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
dacamakt.cf/user/mail/mail/contact/s | Name: ip11 Value: 216.131.114.187 |
|
dacamakt.cf/ | Name: PHPSESSID Value: f2ce76b31233278277489ea6053dbcc6 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
dacamakt.cf
jsonip.com
104.16.19.94
198.23.213.235
45.79.77.20
1efa61969ab396258989a98a1f59b5f64b381346567596e7d754e5030580f551
6ae6502f048767664decef102e7434271bfe0430cda56e0a61c307be10e5f751
8eb3cb67ef2f0f1b76167135cef6570a409c79b23f0bc0ede71c9a4018f1408a
8eec96fd1c7d43eeafcadfc5a7406d66a10f3a2bafc65989b4a470fd4dcced57
a3ae7549628d640466788f278c45af8a82476b3a62459c8b3f2ad5108185454a
af4114d6e6529cf86fd31564a84e3c482ce90a4e804e9072c4bb1fd2c63796c4
f27488180e7f6ac0efb145218e45975622ad059d5908f6c44525d42fed938aea
fef3f3f4e39556314ae4ab6d3ec73ad0ba8ff0a2a7a767adca9e4b579b4d1c1c