jinguts.cf
Open in
urlscan Pro
2606:4700:3030::ac43:8d3e
Malicious Activity!
Public Scan
Submission: On January 27 via automatic, source phishtank
Summary
This is the only time jinguts.cf was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Adobe (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 2606:4700:303... 2606:4700:3030::ac43:8d3e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 45.60.31.34 45.60.31.34 | 19551 (INCAPSULA) (INCAPSULA) | |
7 | 80.208.227.135 80.208.227.135 | 62282 (RACKRAY U...) (RACKRAY UAB Rakrejus) | |
12 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
digbud.tk
digbud.tk |
196 KB |
4 |
jinguts.cf
jinguts.cf |
79 KB |
1 |
sans.edu
isc.sans.edu |
25 KB |
12 | 3 |
Domain | Requested by | |
---|---|---|
7 | digbud.tk |
jinguts.cf
digbud.tk |
4 | jinguts.cf |
jinguts.cf
|
1 | isc.sans.edu |
jinguts.cf
|
12 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
imperva.com GlobalSign Atlas R3 DV TLS CA 2020 |
2020-09-16 - 2021-03-17 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://jinguts.cf/vision/gunts/?email=a@b.com
Frame ID: ACF38B6E463D6D5CB8C0166F2C89F7C2
Requests: 13 HTTP requests in this frame
Screenshot
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
jinguts.cf/vision/gunts/ |
19 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
blurred.jpg
isc.sans.edu/diaryimages/images/ |
24 KB 25 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SpryValidationTextField.css
digbud.tk/pdf/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
digbud.tk/pdf/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SpryValidationTextField.js
digbud.tk/pdf/ |
73 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
secure.png
digbud.tk/pdf/ |
55 KB 55 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Acrobat_Reader.fw.png
jinguts.cf/vision/gunts/ |
4 KB 4 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pdf-logo.png
jinguts.cf/vision/gunts/ |
33 KB 33 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Acrobat_Reader.fw.png
digbud.tk/pdf/ |
60 KB 60 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pdf-logo.png
digbud.tk/pdf/ |
39 KB 39 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg_form.png
jinguts.cf/vision/gunts/images/ |
33 KB 33 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
adobe_logo_new_1.jpg
digbud.tk/pdf/ |
22 KB 22 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Adobe (Consumer)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated function| MM_goToURL object| Spry function| validateForm object| sprytextfield1 object| sprytextfield21 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.jinguts.cf/ | Name: __cfduid Value: d52dadd976f8c652cf91b4301a464dd351611739172 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
digbud.tk
isc.sans.edu
jinguts.cf
2606:4700:3030::ac43:8d3e
45.60.31.34
80.208.227.135
01f108803383b949820c95cb28ed6d96c3fe953fbbd7273e924ac558ef4c2c5e
3e7530084a6b2f2b7789221582145a4bef4a57ecc1c2931e7745c573674b6220
55f7c313596e3dd498c6a095af8301060491b5aded868f729f655d5b0f3d416f
58761cde7886c796f27c9283c903e296a7de07de05ed447b49ea198feea884ff
6007bf95a0410574c4801866e0cea412af057cd9314315560badca389eb198be
6e355419e3995c313ed04eb763745ddcfb619bed77c4d88da8c4aef15864b139
7555b2cd6c16af7c07bf8f2fc42f98019f2ddd877c3a798e1f65caf689e448b2
7d47cbf9aa74969bc84393dbfc6245f9d7ba2ceb5edee1b28636ff38c75f695b
a4b4bcf914972866a7b57b6439e5ca6896b0eb9d755a09def78c01c7ea63eabe
cd7b1a51243738989a4a05757044d8c6ae370f160796df8b68dfa323e6bce126
e9d799f426b22004c33e534cf0a63f1236f1a3c18a941e899ddcfabdddf8c846
eb99a9a3fc4349ffa77cefbd09d46ac646d3d9645569a2abd0e9f084df127dd1