![](/screenshots/4c08db13-68de-4baf-91eb-608844b595e2.png)
server-193-29-104-49.da.direct
Open in
urlscan Pro
193.29.104.49
Malicious Activity!
Public Scan
Submission: On February 22 via automatic, source openphish — Scanned from FR
Summary
This is the only time server-193-29-104-49.da.direct was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Apple (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 193.29.104.49 193.29.104.49 | 9009 (M247) (M247) | |
1 | 2a04:4e42:600... 2a04:4e42:600::649 | 54113 (FASTLY) (FASTLY) | |
1 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
10 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
da.direct
server-193-29-104-49.da.direct |
840 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 257 |
4 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 940 |
31 KB |
0 |
Failed
function sub() { [native code] }. Failed |
|
10 | 4 |
Domain | Requested by | |
---|---|---|
5 | server-193-29-104-49.da.direct |
server-193-29-104-49.da.direct
|
1 | cdnjs.cloudflare.com |
server-193-29-104-49.da.direct
|
1 | code.jquery.com |
server-193-29-104-49.da.direct
|
0 | 127.0.0.1 Failed |
server-193-29-104-49.da.direct
|
0 | lgmpcpglpngdoalbgeoldeajfclnhafa Failed |
server-193-29-104-49.da.direct
|
10 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.icloud.com |
www.apple.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://server-193-29-104-49.da.direct/process.php
Frame ID: 831E4E2480DAD1F0B9A4FBEC20E8C279
Requests: 11 HTTP requests in this frame
Screenshot
![](/screenshots/4c08db13-68de-4baf-91eb-608844b595e2.png)
Page Title
iCloudDetected technologies
Detected patterns
- \.php(?:$|\?)
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: System Status
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Terms & Conditions
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
process.php
server-193-29-104-49.da.direct/ |
28 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
inpage.js
lgmpcpglpngdoalbgeoldeajfclnhafa/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
server-193-29-104-49.da.direct/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
saved_resource
server-193-29-104-49.da.direct/files/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main-process.css
server-193-29-104-49.da.direct/files/ |
829 KB 829 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
c1.png
server-193-29-104-49.da.direct/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.4.min.js
code.jquery.com/ |
88 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mask.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/ |
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
inpage.js
lgmpcpglpngdoalbgeoldeajfclnhafa/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
798 B 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
HR_gradient_dark.png
127.0.0.1/bin/cb1633718600/dist/assets/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- lgmpcpglpngdoalbgeoldeajfclnhafa
- URL
- chrome-extension://lgmpcpglpngdoalbgeoldeajfclnhafa/inpage.js
- Domain
- lgmpcpglpngdoalbgeoldeajfclnhafa
- URL
- chrome-extension://lgmpcpglpngdoalbgeoldeajfclnhafa/inpage.js
- Domain
- 127.0.0.1
- URL
- http://127.0.0.1/bin/cb1633718600/dist/assets/HR_gradient_dark.png
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Apple (Online)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| $jscomp0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
127.0.0.1
cdnjs.cloudflare.com
code.jquery.com
lgmpcpglpngdoalbgeoldeajfclnhafa
server-193-29-104-49.da.direct
127.0.0.1
lgmpcpglpngdoalbgeoldeajfclnhafa
193.29.104.49
2606:4700::6811:180e
2a04:4e42:600::649
2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995
324b2843254e36a375dafbdcebc53d03275275e61811711cc763091e3df741cc
5332c07bf9add9bd96f07690305c23d6348639e6c74a6fc5027060c1802d5afd
923e10ea8f110f5444829b07607f873313c9a57d9de87cdcfad00647d54fbed4
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
bc30c0f9c31f9f847da3a882534ae3b0a1f66f2de6580f7dac55be9b408d86df