Submitted URL: http://myau.net/login.php
Effective URL: https://log.videocampaign.co/Watch/V5/?campaign_id=SAFeU5c67W_T01A&pubfeed=435616013&cc=DK&baej=1
Submission Tags: phishtake
Submission: On May 13 via api from JP

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 4 HTTP transactions. The main IP is 138.128.241.162, located in New York, United States and belongs to KAMATERA, US. The main domain is log.videocampaign.co.
TLS certificate: Issued by R3 on April 1st 2021. Valid for: 3 months.
This is the only time log.videocampaign.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 47.91.24.26 45102 (CNNIC-ALI...)
1 173.192.101.21 36351 (SOFTLAYER)
2 2 173.192.101.24 36351 (SOFTLAYER)
2 138.128.241.162 36007 (KAMATERA)
4 3
Domain Requested by
2 log.videocampaign.co myau.net
log.videocampaign.co
1 p277439.mybetterdl.com 1 redirects
1 mybetterdl.com 1 redirects
1 clkfeed.com myau.net
1 myau.net
4 5

This site contains no links.

Subject Issuer Validity Valid
log.videocampaign.co
R3
2021-04-01 -
2021-06-30
3 months crt.sh

This page contains 1 frames:

Primary Page: https://log.videocampaign.co/Watch/V5/?campaign_id=SAFeU5c67W_T01A&pubfeed=435616013&cc=DK&baej=1
Frame ID: 1F56EF3417E042A031C6684588BB3C6C
Requests: 4 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://myau.net/login.php Page URL
  2. http://mybetterdl.com/aS/feedclick?s=NnlfnMR-U-qjpylI7Pc24JfSv0CZDKCXTm8iwsbdZbpouem6LYRNW71MrDN7N... HTTP 302
    http://p277439.mybetterdl.com/adServe/domainClick?ai=0ZZYOQncnLLygYaeN_ogCL-S9fSw8cOwGmr2-0-aO2kem23nXI0vG... HTTP 302
    https://log.videocampaign.co/Watch/V5/?campaign_id=SAFeU5c67W_T01A&pubfeed=435616013&cc=DK&baej=1 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

4
Requests

50 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

3
IPs

2
Countries

8 kB
Transfer

18 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://myau.net/login.php Page URL
  2. http://mybetterdl.com/aS/feedclick?s=NnlfnMR-U-qjpylI7Pc24JfSv0CZDKCXTm8iwsbdZbpouem6LYRNW71MrDN7NPIWnIFjje5HrPodK7X5QIc3n04izcTTY_t9GgmEUacevESlBHFgWPS00hk62mhAGgs4gS41QDYTbhAEysjXg8JANJjEIILW_3V7XWOpnxryNlytIQHzV6sa6X1rxykFMeyyFRAwnkvep71dpr5m5uycBd6oH-G09-1oSDjhmHN0RLM0gI5M6a9IJ-F7ei0kFoncocXMTFSiDKP8zRJtqQ4_wc-FLnSd1lGV3mdd-SqJYElRFg-d4lhrMat7TDVTsImBqetvRnCIP0iO31nrzPFgxsKI2l5pHIFIrt4OTWq-RDZGARVyPBSz2WCnHtKZbf_kj2ZhEDcx26oVBXsrq7kNTNk4BZwi7DPgYDV7vNqn2Jy7GSbItxBlMeqQNKMZYcAT1-PqhA7LCTVp7KUktiJMszHjqD80X_9eHS4cKeb7yTIP0nkgPw263NWcfnIHvyxyWs6o2sZ8k-GP_yU4faBQzvpadXXKErbwIFMd8GXUPP91LK9aRnwYJTsl_V_IQAuRjyqf-WFrtxmdiFmyBBYMhEu--QDXdJWg_zP-2uIadPOiN4VLoMF8Z3qT_ebhnV6cm4j3Ppr6rKl3gGxyDTS535li4aCjS3v0sOlehUFKhVKlBgfoU6P8dnmRXohq5SZLvCK_fukUX0Jn_rKdn1KNLE84cOufXUW18TaKarAzDGAduOo2sW24pq-awG76LwdHkM6quWkaG1CLzGF_4VIu0Z04b4ejni_2B6tQL2sefn23EgiyvOXlfkbFs5xToaiJutM9y-TDDt-hIe5zwHdBZOVBgEfJGsAB1LJMFxOl9CoM4ckuuedPYRjbmYjMlxlR5l46goNiNMKgDCsLaIYQI-7px4DxzlJU0IMUmtHJqJr6TbO-vbm_JCQPtXcJTecQHYnF_uGKIhccDtWyxpTrW34XJu6qRLu5YmCM9p55ZeHNh3lw7KU_1P74A3xw4p1pbGKv2ScVxr4h6s0pPikYO6m9jz3k3JaI15j8meyi4Gvss5LeeC9SYiPM9YV_o4drZUBGVM3uuEoOCQefsEKlXXDmApL_E0jfTs-ylLhx7khGz3q-Dq26s7F54JeKebuaylpqcAKMB5XXCJErnCubpEgM8mdIy4RkKh2ir2K0gybwWjZ8pGGb807PspS4ce5I7eFjmohEJKhYp30AvFF-YEhsTCqG4ikDzqO9kw38A_sSFIA7H_M3X9YAnDZOTYHCLpSbigLIAbObGu-iLy6BaJtznh-6ffdKR1FYBPnLmmDGjxNiR1oJEYnqLm9k3V9OyunhlGy4u2BfNYXVYMqGkQgZPs112X8g6WC8gH5nXMyk7VvkBQVja0FixszYHot1oaUHiPUX6HZv8ns1vEgLM_QaTYYMFQxDEwrLEAaOW_hRReqfYBgBJ-_n2J_cr-sZZZJCxAdeOqU HTTP 302
    http://p277439.mybetterdl.com/adServe/domainClick?ai=0ZZYOQncnLLygYaeN_ogCL-S9fSw8cOwGmr2-0-aO2kem23nXI0vG3gHIVVBqbgSPP9s2uLiGfFJgLMTBE83h4f18T9CpHqCT2L9NFyVXF55Q47z-CV1ol2k4XVJzHJX8mFgHSWE3TYhqpKFSQPZXaXMDyJFayDS48zKGrM10Zc3ZpGUKqgW1LP5-F9PRqo5B-Sz8E_3SCu-K1oRdk9X8LvU3oK_9pb3-wNFj18WnwwiWce3KhU61o4XRKiQejY9l5g72F1sPYafqhWZ-YKZz6rRPbGyYnCcF9nxG1Y8QfZKdkAM850vP-n44YFBbd7ECEomdw_Jheywpth3iNEvd_P4BsKUl697UgDHGPx9sdOxxaLzhkg6TSol4S5osn5YR0Ng4Sbb-ez4Kbfkwb3MQhMKyxAGjlv4UUXqn2AYAScUGc4jWhLA5lYy3XW5yq2M&ui=NnlfnMR-U-qjpylI7Pc24FJYVZbN5_3WIaIc3yOo5HI5di0gac_TWM00RN627Uda0FX9fNQSx1Xyzh0oPoO4sehdrBU8Qi8zwnEGm5pedc9N0-8f8PQxsw&si=1&oref=d3c2837da0e02e3a4a67f0afabcb8712&optunit=NVq0TRL880l8q8YxRr-w5Q&rb=-ocgwiGHTRU&rr=1&abtg=500 HTTP 302
    https://log.videocampaign.co/Watch/V5/?campaign_id=SAFeU5c67W_T01A&pubfeed=435616013&cc=DK&baej=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
login.php
myau.net/
910 B
1 KB
Document
General
Full URL
http://myau.net/login.php
Protocol
HTTP/1.1
Server
47.91.24.26 Tokyo, Japan, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN),
Reverse DNS
Software
nginx/1.6.2 /
Resource Hash
65190f22a963fd1d55509d455db587a180a1f502be7f6a1a9e5e3a771930271b

Request headers

Host
myau.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server
nginx/1.6.2
Date
Thu, 13 May 2021 04:35:25 GMT
Content-Type
text/html;charset=UTF-8
Content-Length
910
Connection
keep-alive
cache-control
max-age=5184000
feed
clkfeed.com/adServe/
2 KB
2 KB
Script
General
Full URL
http://clkfeed.com/adServe/feed?pid=277439&cid=62867116420210513123525&ip=37.120.194.188&q=myau.net&ref=http%3A%2F%2Fclick.com.cn&num=1&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&ar=sr&format=jsonp&callback=jCallBack
Requested by
Host: myau.net
URL: http://myau.net/login.php
Protocol
HTTP/1.1
Server
173.192.101.21 Dallas, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
15.65.c0ad.ip4.static.sl-reverse.com
Software
nginx /
Resource Hash
0ac22369787c962e8197d5083eee033fa4a9346a3264a2903f87a2a14640d68a

Request headers

Referer
http://myau.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 13 May 2021 04:35:26 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
Server
nginx
Connection
keep-alive
Vary
Accept-Encoding
Content-Type
application/javascript;charset=UTF-8
Primary Request Cookie set /
log.videocampaign.co/Watch/V5/
Redirect Chain
  • http://mybetterdl.com/aS/feedclick?s=NnlfnMR-U-qjpylI7Pc24JfSv0CZDKCXTm8iwsbdZbpouem6LYRNW71MrDN7NPIWnIFjje5HrPodK7X5QIc3n04izcTTY_t9GgmEUacevESlBHFgWPS00hk62mhAGgs4gS41QDYTbhAEysjXg8JANJjEIILW_3V7...
  • http://p277439.mybetterdl.com/adServe/domainClick?ai=0ZZYOQncnLLygYaeN_ogCL-S9fSw8cOwGmr2-0-aO2kem23nXI0vG3gHIVVBqbgSPP9s2uLiGfFJgLMTBE83h4f18T9CpHqCT2L9NFyVXF55Q47z-CV1ol2k4XVJzHJX8mFgHSWE3TYhqpKF...
  • https://log.videocampaign.co/Watch/V5/?campaign_id=SAFeU5c67W_T01A&pubfeed=435616013&cc=DK&baej=1
15 KB
5 KB
Document
General
Full URL
https://log.videocampaign.co/Watch/V5/?campaign_id=SAFeU5c67W_T01A&pubfeed=435616013&cc=DK&baej=1
Requested by
Host: myau.net
URL: http://myau.net/login.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.128.241.162 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
71us.mailspeedy.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
7f8e52a1b3c35128367fb98ac1e2e9b9b3a25c1878dc858726206cf25aaa6937

Request headers

Host
log.videocampaign.co
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
http://myau.net/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://myau.net/login.php

Response headers

Server
nginx/1.18.0 (Ubuntu)
Date
Thu, 13 May 2021 04:35:19 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Vary
Accept-Encoding
Set-Cookie
SessionToken=P_2ad40089-2037-4985-80f8-9455c45d4101_1620880519; path=/ HASRV=services3_LB; path=/; HttpOnly
Content-Encoding
gzip
Cache-control
private

Redirect headers

Server
nginx
Date
Thu, 13 May 2021 04:35:26 GMT
Content-Length
0
Connection
keep-alive
Set-Cookie
rhid=78023587860; Max-Age=15552000; Expires=Tue, 09-Nov-2021 04:35:26 GMT; Domain=mybetterdl.com; Path=/; SameSite=None; secure; loi=ad_937954_off_408575_aff_12338_cid_277439-62867116420210513123525_ts_1620880526; Max-Age=3600; Expires=Thu, 13-May-2021 05:35:26 GMT; Domain=mybetterdl.com; Path=/; SameSite=None; secure;
Location
https://log.videocampaign.co/Watch/V5/?campaign_id=SAFeU5c67W_T01A&pubfeed=435616013&cc=DK&baej=1
/
log.videocampaign.co/Continue/
57 B
287 B
XHR
General
Full URL
https://log.videocampaign.co/Continue/?exp=1&lv=4&rdtp=0&elog=0&bnvref=1&baat=0&cid=SAFeU5c67W_T01A&pubfeed=435616013&subid=&jsl=1&btp=undefined&ifr=0&plm=0&usm=0&nvm=0&ibv=0&pltf=&sid=P_2ad40089-2037-4985-80f8-9455c45d4101_1620880519&cc=DK&baej=1&atmp=1&v=3
Requested by
Host: log.videocampaign.co
URL: https://log.videocampaign.co/Watch/V5/?campaign_id=SAFeU5c67W_T01A&pubfeed=435616013&cc=DK&baej=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.128.241.162 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
71us.mailspeedy.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
260208dc6d80af27904af5f559b756951d5cbba55c71e955ed1397b01e26afb4

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
log.videocampaign.co
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
empty
Referer
https://log.videocampaign.co/Watch/V5/?campaign_id=SAFeU5c67W_T01A&pubfeed=435616013&cc=DK&baej=1
Cookie
SessionToken=P_2ad40089-2037-4985-80f8-9455c45d4101_1620880519; HASRV=services3_LB
Connection
keep-alive
Referer
https://log.videocampaign.co/Watch/V5/?campaign_id=SAFeU5c67W_T01A&pubfeed=435616013&cc=DK&baej=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 13 May 2021 04:35:19 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated string| campaign_id string| session_id string| pubfeed string| subid string| lv string| rdtp string| elog string| elogV2 string| bnvref string| baat

2 Cookies

Domain/Path Name / Value
log.videocampaign.co/ Name: HASRV
Value: services3_LB
log.videocampaign.co/ Name: SessionToken
Value: P_2ad40089-2037-4985-80f8-9455c45d4101_1620880519