ebcfaf.datelocator24.com
Open in
urlscan Pro
144.76.30.237
Malicious Activity!
Public Scan
Submitted URL: https://topdate.link/
Effective URL: https://ebcfaf.datelocator24.com/?utm_source=5fbd3b8f2017a&track=topdates&click_id=topdates&s=0ngPWix2&r=&fp=JTVCJTdCJTIya2V5JTIy...
Submission: On December 24 via api from CH
Effective URL: https://ebcfaf.datelocator24.com/?utm_source=5fbd3b8f2017a&track=topdates&click_id=topdates&s=0ngPWix2&r=&fp=JTVCJTdCJTIya2V5JTIy...
Submission: On December 24 via api from CH
Summary
This website contacted 1 IPs
in 2 countries
across 2 domains to perform 9 HTTP transactions.
The main IP is 144.76.30.237, located in
Germany and
belongs to HETZNER-AS, DE.
The main domain is ebcfaf.datelocator24.com.
TLS certificate: Issued by R3 on December 15th 2020. Valid for: 3 months.
This is the only time ebcfaf.datelocator24.com was scanned on urlscan.io!
TLS certificate: Issued by R3 on December 15th 2020. Valid for: 3 months.
This is the only time ebcfaf.datelocator24.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 173.236.190.232 173.236.190.232 | 26347 (DREAMHOST-AS) (DREAMHOST-AS) | |
| 9 | 144.76.30.237 144.76.30.237 | 24940 (HETZNER-AS) (HETZNER-AS) | |
| 9 | 1 |
1
173.236.190.232
(Brea, United States)
ASN26347 (DREAMHOST-AS, US)
PTR: apache2-vat.carousel.dreamhost.com
ASN26347 (DREAMHOST-AS, US)
PTR: apache2-vat.carousel.dreamhost.com
| topdate.link |
9
144.76.30.237
(Germany)
ASN24940 (HETZNER-AS, DE)
PTR: static.237.30.76.144.clients.your-server.de
ASN24940 (HETZNER-AS, DE)
PTR: static.237.30.76.144.clients.your-server.de
| ebcfaf.datelocator24.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 9 |
datelocator24.com
ebcfaf.datelocator24.com |
473 KB |
| 1 |
topdate.link
1 redirects
topdate.link |
143 B |
| 9 | 2 |
| Domain | Requested by | |
|---|---|---|
| 9 | ebcfaf.datelocator24.com |
ebcfaf.datelocator24.com
|
| 1 | topdate.link | 1 redirects |
| 9 | 2 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| datelocator24.com R3 |
2020-12-15 - 2021-03-15 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ebcfaf.datelocator24.com/?utm_source=5fbd3b8f2017a&track=topdates&click_id=topdates&s=0ngPWix2&r=&fp=JTVCJTdCJTIya2V5JTIyJTNBJTIyX19oYXNoJTIyJTJDJTIydmFsdWUlMjIlM0ElMjI0MTFiYjRiMjc4MzZhZDdiY2NmMTY2ZTNkZjkxNmQ5ZCUyMiU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMm9zQ3B1JTIyJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIybGFuZ3VhZ2VzJTIyJTJDJTIydmFsdWUlMjIlM0ElNUIlNUIlMjJlbi1VUyUyMiU1RCU1RCU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMmNvbG9yRGVwdGglMjIlMkMlMjJ2YWx1ZSUyMiUzQTI0JTdEJTJDJTdCJTIya2V5JTIyJTNBJTIyZGV2aWNlTWVtb3J5JTIyJTJDJTIydmFsdWUlMjIlM0E4JTdEJTJDJTdCJTIya2V5JTIyJTNBJTIyc2NyZWVuUmVzb2x1dGlvbiUyMiUyQyUyMnZhbHVlJTIyJTNBJTVCMTYwMCUyQzEyMDAlNUQlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJhdmFpbGFibGVTY3JlZW5SZXNvbHV0aW9uJTIyJTJDJTIydmFsdWUlMjIlM0ElNUIxNjAwJTJDMTIwMCU1RCU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMmhhcmR3YXJlQ29uY3VycmVuY3klMjIlMkMlMjJ2YWx1ZSUyMiUzQTE2JTdEJTJDJTdCJTIya2V5JTIyJTNBJTIydGltZXpvbmVPZmZzZXQlMjIlMkMlMjJ2YWx1ZSUyMiUzQS02MCU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMnRpbWV6b25lJTIyJTJDJTIydmFsdWUlMjIlM0ElMjJFdXJvcGUlMkZCZXJsaW4lMjIlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJzZXNzaW9uU3RvcmFnZSUyMiUyQyUyMnZhbHVlJTIyJTNBdHJ1ZSU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMmxvY2FsU3RvcmFnZSUyMiUyQyUyMnZhbHVlJTIyJTNBdHJ1ZSU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMmluZGV4ZWREQiUyMiUyQyUyMnZhbHVlJTIyJTNBdHJ1ZSU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMm9wZW5EYXRhYmFzZSUyMiUyQyUyMnZhbHVlJTIyJTNBdHJ1ZSU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMmNwdUNsYXNzJTIyJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIycGxhdGZvcm0lMjIlMkMlMjJ2YWx1ZSUyMiUzQSUyMkxpbnV4JTIweDg2XzY0JTIyJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIydG91Y2hTdXBwb3J0JTIyJTJDJTIydmFsdWUlMjIlM0ElN0IlMjJtYXhUb3VjaFBvaW50cyUyMiUzQTAlMkMlMjJ0b3VjaEV2ZW50JTIyJTNBZmFsc2UlMkMlMjJ0b3VjaFN0YXJ0JTIyJTNBZmFsc2UlN0QlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJhdWRpbyUyMiUyQyUyMnZhbHVlJTIyJTNBMTI0LjA0MzQ3NzIxNDY0JTdEJTJDJTdCJTIya2V5JTIyJTNBJTIycGx1Z2luc1N1cHBvcnQlMjIlMkMlMjJ2YWx1ZSUyMiUzQXRydWUlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJwcm9kdWN0U3ViJTIyJTJDJTIydmFsdWUlMjIlM0ElMjIyMDAzMDEwNyUyMiU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMmVtcHR5RXZhbExlbmd0aCUyMiUyQyUyMnZhbHVlJTIyJTNBMzMlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJlcnJvckZGJTIyJTJDJTIydmFsdWUlMjIlM0FmYWxzZSU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMnZlbmRvciUyMiUyQyUyMnZhbHVlJTIyJTNBJTIyR29vZ2xlJTIwSW5jLiUyMiU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMmNocm9tZSUyMiUyQyUyMnZhbHVlJTIyJTNBZmFsc2UlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJjb29raWVzRW5hYmxlZCUyMiUyQyUyMnZhbHVlJTIyJTNBdHJ1ZSU3RCU1RA==
Frame ID: 2BD3AF7C68833E6717C887E714E12C22
Requests: 9 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://topdate.link/
HTTP 301
https://ebcfaf.datelocator24.com/?utm_source=5fbd3b8f2017a&track=topdates&click_id=topdates Page URL
- https://ebcfaf.datelocator24.com/?utm_source=5fbd3b8f2017a&track=topdates&click_id=topdates&s=0ngPWix2&r=&fp=... Page URL
Detected technologies
Lua
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Nginx
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
OpenResty
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://topdate.link/
HTTP 301
https://ebcfaf.datelocator24.com/?utm_source=5fbd3b8f2017a&track=topdates&click_id=topdates Page URL
- https://ebcfaf.datelocator24.com/?utm_source=5fbd3b8f2017a&track=topdates&click_id=topdates&s=0ngPWix2&r=&fp=JTVCJTdCJTIya2V5JTIyJTNBJTIyX19oYXNoJTIyJTJDJTIydmFsdWUlMjIlM0ElMjI0MTFiYjRiMjc4MzZhZDdiY2NmMTY2ZTNkZjkxNmQ5ZCUyMiU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMm9zQ3B1JTIyJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIybGFuZ3VhZ2VzJTIyJTJDJTIydmFsdWUlMjIlM0ElNUIlNUIlMjJlbi1VUyUyMiU1RCU1RCU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMmNvbG9yRGVwdGglMjIlMkMlMjJ2YWx1ZSUyMiUzQTI0JTdEJTJDJTdCJTIya2V5JTIyJTNBJTIyZGV2aWNlTWVtb3J5JTIyJTJDJTIydmFsdWUlMjIlM0E4JTdEJTJDJTdCJTIya2V5JTIyJTNBJTIyc2NyZWVuUmVzb2x1dGlvbiUyMiUyQyUyMnZhbHVlJTIyJTNBJTVCMTYwMCUyQzEyMDAlNUQlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJhdmFpbGFibGVTY3JlZW5SZXNvbHV0aW9uJTIyJTJDJTIydmFsdWUlMjIlM0ElNUIxNjAwJTJDMTIwMCU1RCU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMmhhcmR3YXJlQ29uY3VycmVuY3klMjIlMkMlMjJ2YWx1ZSUyMiUzQTE2JTdEJTJDJTdCJTIya2V5JTIyJTNBJTIydGltZXpvbmVPZmZzZXQlMjIlMkMlMjJ2YWx1ZSUyMiUzQS02MCU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMnRpbWV6b25lJTIyJTJDJTIydmFsdWUlMjIlM0ElMjJFdXJvcGUlMkZCZXJsaW4lMjIlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJzZXNzaW9uU3RvcmFnZSUyMiUyQyUyMnZhbHVlJTIyJTNBdHJ1ZSU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMmxvY2FsU3RvcmFnZSUyMiUyQyUyMnZhbHVlJTIyJTNBdHJ1ZSU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMmluZGV4ZWREQiUyMiUyQyUyMnZhbHVlJTIyJTNBdHJ1ZSU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMm9wZW5EYXRhYmFzZSUyMiUyQyUyMnZhbHVlJTIyJTNBdHJ1ZSU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMmNwdUNsYXNzJTIyJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIycGxhdGZvcm0lMjIlMkMlMjJ2YWx1ZSUyMiUzQSUyMkxpbnV4JTIweDg2XzY0JTIyJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIydG91Y2hTdXBwb3J0JTIyJTJDJTIydmFsdWUlMjIlM0ElN0IlMjJtYXhUb3VjaFBvaW50cyUyMiUzQTAlMkMlMjJ0b3VjaEV2ZW50JTIyJTNBZmFsc2UlMkMlMjJ0b3VjaFN0YXJ0JTIyJTNBZmFsc2UlN0QlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJhdWRpbyUyMiUyQyUyMnZhbHVlJTIyJTNBMTI0LjA0MzQ3NzIxNDY0JTdEJTJDJTdCJTIya2V5JTIyJTNBJTIycGx1Z2luc1N1cHBvcnQlMjIlMkMlMjJ2YWx1ZSUyMiUzQXRydWUlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJwcm9kdWN0U3ViJTIyJTJDJTIydmFsdWUlMjIlM0ElMjIyMDAzMDEwNyUyMiU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMmVtcHR5RXZhbExlbmd0aCUyMiUyQyUyMnZhbHVlJTIyJTNBMzMlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJlcnJvckZGJTIyJTJDJTIydmFsdWUlMjIlM0FmYWxzZSU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMnZlbmRvciUyMiUyQyUyMnZhbHVlJTIyJTNBJTIyR29vZ2xlJTIwSW5jLiUyMiU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMmNocm9tZSUyMiUyQyUyMnZhbHVlJTIyJTNBZmFsc2UlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJjb29raWVzRW5hYmxlZCUyMiUyQyUyMnZhbHVlJTIyJTNBdHJ1ZSU3RCU1RA== Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://topdate.link/ HTTP 301
- https://ebcfaf.datelocator24.com/?utm_source=5fbd3b8f2017a&track=topdates&click_id=topdates
9 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
/
ebcfaf.datelocator24.com/ Redirect Chain
|
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
fp.min.js
ebcfaf.datelocator24.com/js/ |
15 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
 Cookie set
/
ebcfaf.datelocator24.com/ |
8 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
font-awesome.css
ebcfaf.datelocator24.com/bundle/4/assets/css/ |
26 KB 26 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
css.css
ebcfaf.datelocator24.com/bundle/4/assets/css/ |
2 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-2.js
ebcfaf.datelocator24.com/bundle/4/assets/js/ |
84 KB 84 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
js.js
ebcfaf.datelocator24.com/bundle/4/assets/js/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
eclick.js
ebcfaf.datelocator24.com/js/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
body.jpg
ebcfaf.datelocator24.com/bundle/4/assets/img/ |
338 KB 338 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| closingConfirm function| handleError1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .datelocator24.com/ | Name: SID Value: edadf186cc0e51ce42327dec5892fe19 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ebcfaf.datelocator24.com
topdate.link
144.76.30.237
173.236.190.232
039ca21cd88aa8a09247247b97b814e3734943bdec5105dba2c8d27ae0a7b0f0
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
150c1ca57f6f6e5e26725950acab9bb6a9dffedeead12dfcd329344a8fd57a5b
552b83194c8de91c93899195a1712a13fef0e7f18e3bfd4a7cc4c2d016fde90a
7d8734231c885928f9b5606d80e8d3ab8bafaf25a7fe9906e0f22db735402903
874c4caed753f9aac0999abd80227f190ce106720436e01ffaa12b7f66ac5193
a97b3a6a51a87af2cf849ac895c62960a6a15e0c41e6b9a4b4316aac4a3f7d24
abcedd8902864fd1a01d8b406429107b3c05b67a160f6bf736a29a90be28717e
d20b06d72585a42c2facc26bf6fb9b15c155c2bd73e466e24405bdf90cab7172