kundecenter-dandomain.is-by.us
Open in
urlscan Pro
166.88.19.142
Malicious Activity!
Public Scan
Effective URL: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/
Submission: On December 17 via manual from DK
Summary
TLS certificate: Issued by R3 on December 14th 2020. Valid for: 3 months.
This is the only time kundecenter-dandomain.is-by.us was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DanDomain (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 35.241.47.235 35.241.47.235 | 15169 (GOOGLE) (GOOGLE) | |
3 12 | 166.88.19.142 166.88.19.142 | 18779 (EGIHOSTING) (EGIHOSTING) | |
3 | 2a00:1450:400... 2a00:1450:4001:81e::2003 | 15169 (GOOGLE) (GOOGLE) | |
14 | 3 |
ASN15169 (GOOGLE, US)
PTR: 235.47.241.35.bc.googleusercontent.com
yethayah.mybigcommerce.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
is-by.us
3 redirects
kundecenter-dandomain.is-by.us |
606 KB |
3 |
gstatic.com
fonts.gstatic.com |
39 KB |
2 |
mybigcommerce.com
yethayah.mybigcommerce.com |
2 KB |
14 | 3 |
Domain | Requested by | |
---|---|---|
12 | kundecenter-dandomain.is-by.us |
3 redirects
kundecenter-dandomain.is-by.us
|
3 | fonts.gstatic.com |
kundecenter-dandomain.is-by.us
|
2 | yethayah.mybigcommerce.com |
yethayah.mybigcommerce.com
|
14 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.mybigcommerce.com DigiCert SHA2 High Assurance Server CA |
2020-09-21 - 2021-10-23 |
a year | crt.sh |
kundecenter-dandomain.is-by.us R3 |
2020-12-14 - 2021-03-14 |
3 months | crt.sh |
*.gstatic.com GTS CA 1O1 |
2020-11-10 - 2021-02-02 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/
Frame ID: 05A6454B69F10DBD1ACB6C852BD54971
Requests: 11 HTTP requests in this frame
Frame:
https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/saved_resource.html
Frame ID: 1CF63618CAD4DED80E7868FD6F16C0B6
Requests: 3 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://yethayah.mybigcommerce.com/w/ Page URL
-
https://kundecenter-dandomain.is-by.us/a
HTTP 301
https://kundecenter-dandomain.is-by.us/a/ HTTP 302
https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf HTTP 301
https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/ Page URL
Detected technologies
Bigcommerce (Ecommerce) ExpandDetected patterns
- url /mybigcommerce\.com/i
Lua (Programming Languages) Expand
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
OpenResty (Web Servers) Expand
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://yethayah.mybigcommerce.com/w/ Page URL
-
https://kundecenter-dandomain.is-by.us/a
HTTP 301
https://kundecenter-dandomain.is-by.us/a/ HTTP 302
https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf HTTP 301
https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
yethayah.mybigcommerce.com/w/ |
687 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
trigger-visit-event
yethayah.mybigcommerce.com/events/ |
0 455 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/ Redirect Chain
|
7 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loginCssBundleDandomain.css
kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/ |
207 KB 208 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.css
kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/ |
9 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
saved_resource.html
kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/ Frame 1CF6 |
808 B 942 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
kundecenter-dandomain.is-by.us/error_docs/ Frame 1CF6 |
3 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dandomain-background.jpg
kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/ |
365 KB 366 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dandomain-logo.svg
kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu3cOWxw.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ |
13 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu3cOWxw.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ |
13 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7lujVj9w.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ |
13 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dandomain-logo-white.svg
kundecenter-dandomain.is-by.us/ |
808 B 808 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
server.svg
kundecenter-dandomain.is-by.us/error_docs/ Frame 1CF6 |
7 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DanDomain (Online)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.gstatic.com
kundecenter-dandomain.is-by.us
yethayah.mybigcommerce.com
166.88.19.142
2a00:1450:4001:81e::2003
35.241.47.235
21caff9a36c2bc2c373c02d54cd9eb81c038aa16ec5f8a9f508fed87dfa1d59b
2fc0ec9f081d890f2810adbc1eef34392448fd833294fc314b58771761b5c156
3c0502da78c1a0829b714598dbdeca7c9320a80c45e91ec8d269cbf0895e2b62
3cafd441b548e40bc2de7d3ad79e6e0450a1700c65f98b92399266f0c59188af
685fa7d387647d2278f9b8b3663a7f2dbe93185c479ee60e5641fbea25e19a82
7ec7f22119da3493aedefd66ffd30f0aaf4cf4aee42d8254638bcca5971c3568
8b31ea58f03894d697a0dfaf7c909bec5aa214066add79f0ac131255f3cce9ec
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
cc500b9e655b466ff86fee996ca368802b65b4035aa554d2e70eed6fc4013add
ecf76895be1cf9e8b3edb254030e9c9c1d8f3c2efc1f9dc7e04ceff29eccae9c
f74b80306280ccf2ddc635eb09f5f36070ee5769365b0a7a53ca3747602eebcb
fc772b0188bc262494be9dc529c50893ae189110dfcad5a286512b737aef93b8