spookchatx.com Open in urlscan Pro
185.155.186.43 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://goo.gl/rpbqt#6&1acec1
Effective URL:
https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2
Submission: On September 15 via manual (September 15th 2024, 5:06:24 pm UTC) from IN — Scanned from US

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 17 HTTP transactions. The main IP is 185.155.186.43, located in Switzerland and belongs to TEKNOLOGY, CH. The main domain is spookchatx.com.
TLS certificate: Issued by E5 on August 30th 2024. Valid for: 3 months.

This is the only time spookchatx.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Porn Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2607:f8b0:400... 2607:f8b0:4006:80b::200e	15169 (GOOGLE) (GOOGLE)
1 2	93.123.118.245 93.123.118.245	204755 (MAVSTUDIO...) (MAVSTUDIOS-NETWORK)
2	185.155.184.32 185.155.184.32	6898 (AS-6898 C...) (AS-6898 C41.CH SAGL - LUGANO Data Center)
1 2	185.155.184.55 185.155.184.55	6898 (AS-6898 C...) (AS-6898 C41.CH SAGL - LUGANO Data Center)
12	185.155.186.43 185.155.186.43	203639 (TEKNOLOGY) (TEKNOLOGY)
17	5

1 2607:f8b0:4006:80b::200e (United States) 1 redirects

ASN15169 (GOOGLE, US)

goo.gl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 93.123.118.245 (Amsterdam, Netherlands) 1 redirects

ASN204755 (MAVSTUDIOS-NETWORK, GB)

www.liferake.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.155.184.32 (Switzerland)

ASN6898 (AS-6898 C41.CH SAGL - LUGANO Data Center, CH)

ohmyattractwinsmore.life	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.155.184.55 (Switzerland) 1 redirects

ASN6898 (AS-6898 C41.CH SAGL - LUGANO Data Center, CH)

10dpk1g.dipantop.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 185.155.186.43 (Switzerland)

ASN203639 (TEKNOLOGY, CH)

spookchatx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	spookchatx.com spookchatx.com	293 KB
2	dipantop.live 1 redirects 10dpk1g.dipantop.live	743 B
2	ohmyattractwinsmore.life ohmyattractwinsmore.life	62 KB
2	liferake.com 1 redirects www.liferake.com	2 KB
1	goo.gl 1 redirects goo.gl — Cisco Umbrella Rank: 12203	1 KB
17	5

	Domain	Requested by
12	spookchatx.com	10dpk1g.dipantop.live spookchatx.com
2	10dpk1g.dipantop.live	1 redirects ohmyattractwinsmore.life
2	ohmyattractwinsmore.life	www.liferake.com
2	www.liferake.com	1 redirects
1	goo.gl	1 redirects
17	5

This site contains no links.

Subject Issuer	Validity	Valid
liferake.com R10	`2024-08-29` - `2024-11-27`	3 months	crt.sh
ohmyattractwinsmore.life R10	`2024-09-09` - `2024-12-08`	3 months	crt.sh
dipantop.live E5	`2024-09-15` - `2024-12-14`	3 months	crt.sh
spookchatx.com E5	`2024-08-30` - `2024-11-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2
Frame ID: 4849647DB9CD5C19870B70C45ADEEEC3
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Spookchat

Page URL History Show full URLs

https://goo.gl/rpbqt HTTP 302
http://www.liferake.com/clickthru.php?utm_source=twit&utm_medium=twitter&utm_campaign=LivingSocial&c... HTTP 307
https://www.liferake.com/clickthru.php?utm_source=twit&utm_medium=twitter&utm_campaign=LivingSocial&c... Page URL
https://www.liferake.com/0915/6/1acec1 HTTP 302
https://ohmyattractwinsmore.life/?u=g1kpd01&o=56ckph7 Page URL
https://10dpk1g.dipantop.live/eqgsohxr/?u=g1kpd01&o=56ckph7&f=1&sid=t6~v452uiwopxln4j3lqfwa43ni&fp=JBxDoYl... Page URL
https://10dpk1g.dipantop.live/web/ HTTP 302
https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

94 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

357 kB
Transfer

525 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://goo.gl/rpbqt HTTP 302
http://www.liferake.com/clickthru.php?utm_source=twit&utm_medium=twitter&utm_campaign=LivingSocial&city=oklahoma_city&clicklink=http://www.livingsocial.com/cities/33-oklahoma-city/deals/461194-leather-designer-handbag?aff_id%3D543%26offer_id%3D4?offer_id%3D4%26aff_id%3D543 HTTP 307
https://www.liferake.com/clickthru.php?utm_source=twit&utm_medium=twitter&utm_campaign=LivingSocial&city=oklahoma_city&clicklink=http://www.livingsocial.com/cities/33-oklahoma-city/deals/461194-leather-designer-handbag?aff_id%3D543%26offer_id%3D4?offer_id%3D4%26aff_id%3D543 Page URL
https://www.liferake.com/0915/6/1acec1 HTTP 302
https://ohmyattractwinsmore.life/?u=g1kpd01&o=56ckph7 Page URL
https://10dpk1g.dipantop.live/eqgsohxr/?u=g1kpd01&o=56ckph7&f=1&sid=t6~v452uiwopxln4j3lqfwa43ni&fp=JBxDoYlNckny2hY1l6Sa6Q%3D%3D Page URL
https://10dpk1g.dipantop.live/web/ HTTP 302
https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://goo.gl/rpbqt HTTP 302
http://www.liferake.com/clickthru.php?utm_source=twit&utm_medium=twitter&utm_campaign=LivingSocial&city=oklahoma_city&clicklink=http://www.livingsocial.com/cities/33-oklahoma-city/deals/461194-leather-designer-handbag?aff_id%3D543%26offer_id%3D4?offer_id%3D4%26aff_id%3D543 HTTP 307
https://www.liferake.com/clickthru.php?utm_source=twit&utm_medium=twitter&utm_campaign=LivingSocial&city=oklahoma_city&clicklink=http://www.livingsocial.com/cities/33-oklahoma-city/deals/461194-leather-designer-handbag?aff_id%3D543%26offer_id%3D4?offer_id%3D4%26aff_id%3D543

Request Chain 1

https://www.liferake.com/0915/6/1acec1 HTTP 302
https://ohmyattractwinsmore.life/?u=g1kpd01&o=56ckph7

17 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	clickthru.php Show response www.liferake.com/ Redirect Chain https://goo.gl/rpbqt http://www.liferake.com/clickthru.php?utm_source=twit&utm_medium=twitter&utm_campaign=LivingSocial&city=oklahoma_city&clicklink=http://www.livingsocial.com/cities/33-oklahoma-city/deals/461194-leat... https://www.liferake.com/clickthru.php?utm_source=twit&utm_medium=twitter&utm_campaign=LivingSocial&city=oklahoma_city&clicklink=http://www.livingsocial.com/cities/33-oklahoma-city/deals/461194-lea...	2 KB 1 KB	698ms 228ms	Document text/html	93.123.118.245 MAVSTUDIOS-NETWORK
General Check archive.org Show headers Download Go to Full URL https://www.liferake.com/clickthru.php?utm_source=twit&utm_medium=twitter&utm_campaign=LivingSocial&city=oklahoma_city&clicklink=http://www.livingsocial.com/cities/33-oklahoma-city/deals/461194-leather-designer-handbag?aff_id%3D543%26offer_id%3D4?offer_id%3D4%26aff_id%3D543 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 93.123.118.245 Amsterdam, Netherlands, ASN204755 (MAVSTUDIOS-NETWORK, GB), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `4ba2d485a655bec230ca1e2043d422d617a0d749fb7f5464c8fc469c3706f7d4` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Cache-Control no-store, no-cache, must-revalidate post-check=0, pre-check=0 Connection Keep-Alive Content-Encoding gzip Content-Length 876 Content-Type text/html; charset=UTF-8 Date Sun, 15 Sep 2024 17:06:19 GMT Expires Mon, 26 Jul 1997 05:00:00 GMT Keep-Alive timeout=5, max=100 Last-Modified Sun, 15 Sep 2024 17:06:19 GMT Pragma no-cache Server Apache/2.4.41 (Ubuntu) Vary Accept-Encoding Redirect headers Location https://www.liferake.com/clickthru.php?utm_source=twit&utm_medium=twitter&utm_campaign=LivingSocial&city=oklahoma_city&clicklink=http://www.livingsocial.com/cities/33-oklahoma-city/deals/461194-leather-designer-handbag?aff_id%3D543%26offer_id%3D4?offer_id%3D4%26aff_id%3D543#6&1acec1 Non-Authoritative-Reason HttpsUpgrades
GET H/1.1	200 OK	/ Show response ohmyattractwinsmore.life/ Redirect Chain https://www.liferake.com/0915/6/1acec1 https://ohmyattractwinsmore.life/?u=g1kpd01&o=56ckph7	62 KB 62 KB	706ms 236ms	Document text/html	185.155.184.32 LUGANO Data Center
General Check archive.org Show headers Download Go to Full URL https://ohmyattractwinsmore.life/?u=g1kpd01&o=56ckph7 Requested by Host: www.liferake.com URL: https://www.liferake.com/clickthru.php?utm_source=twit&utm_medium=twitter&utm_campaign=LivingSocial&city=oklahoma_city&clicklink=http://www.livingsocial.com/cities/33-oklahoma-city/deals/461194-leather-designer-handbag?aff_id%3D543%26offer_id%3D4?offer_id%3D4%26aff_id%3D543 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 185.155.184.32 , Switzerland, ASN6898 (AS-6898 C41.CH SAGL - LUGANO Data Center, CH), Reverse DNS Software openresty / Resource Hash `ea90e78c08f181346bb3239ef7527011fb10efb4324211b98bfd315171a8043e` Request headers Referer https://www.liferake.com/clickthru.php?utm_source=twit&utm_medium=twitter&utm_campaign=LivingSocial&city=oklahoma_city&clicklink=http://www.livingsocial.com/cities/33-oklahoma-city/deals/461194-leather-designer-handbag?aff_id%3D543%26offer_id%3D4?offer_id%3D4%26aff_id%3D543#6&1acec1 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Cache-Control no-transform Connection keep-alive Content-Length 63137 Content-Type text/html Date Sun, 15 Sep 2024 17:06:20 GMT Server openresty cache-control private Redirect headers Cache-Control no-store, no-cache, must-revalidate post-check=0, pre-check=0 Connection Keep-Alive Content-Length 1 Content-Type text/html; charset=UTF-8 Date Sun, 15 Sep 2024 17:06:19 GMT Expires Mon, 26 Jul 1997 05:00:00 GMT Keep-Alive timeout=5, max=99 Last-Modified Sun, 15 Sep 2024 17:06:19 GMT Location https://ohmyattractwinsmore.life/?u=g1kpd01&o=56ckph7 Pragma no-cache Server Apache/2.4.41 (Ubuntu)
GET H/1.1	204 No Content	favicon.ico ohmyattractwinsmore.life/	0 136 B	227ms 226ms	Other text/plain	185.155.184.32 LUGANO Data Center
General Check archive.org Show headers Download Go to Full URL https://ohmyattractwinsmore.life/favicon.ico Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 185.155.184.32 , Switzerland, ASN6898 (AS-6898 C41.CH SAGL - LUGANO Data Center, CH), Reverse DNS Software openresty / Resource Hash Request headers Referer https://ohmyattractwinsmore.life/?u=g1kpd01&o=56ckph7 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Sun, 15 Sep 2024 17:06:20 GMT Cache-Control no-transform Server openresty Connection keep-alive
GET H/1.1	200 OK	/ 10dpk1g.dipantop.live/eqgsohxr/	253 B 422 B	851ms 234ms	Document text/html	185.155.184.55 LUGANO Data Center
General Check archive.org Show headers Download Go to Full URL https://10dpk1g.dipantop.live/eqgsohxr/?u=g1kpd01&o=56ckph7&f=1&sid=t6~v452uiwopxln4j3lqfwa43ni&fp=JBxDoYlNckny2hY1l6Sa6Q%3D%3D Requested by Host: ohmyattractwinsmore.life URL: https://ohmyattractwinsmore.life/?u=g1kpd01&o=56ckph7 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305 Server 185.155.184.55 , Switzerland, ASN6898 (AS-6898 C41.CH SAGL - LUGANO Data Center, CH), Reverse DNS Software openresty / Resource Hash Request headers Referer https://ohmyattractwinsmore.life/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Connection keep-alive Content-Length 253 Content-Type text/html Date Sun, 15 Sep 2024 17:06:21 GMT Server openresty cache-control private
GET H2	200	Primary Request / Show response spookchatx.com/l/25/snapcheatv2/3-w2m/global/ Redirect Chain https://10dpk1g.dipantop.live/web/ https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2	5 KB 2 KB	696ms 229ms	Document text/html	185.155.186.43 TEKNOLOGY
General Check archive.org Show headers Download Go to Full URL https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 Requested by Host: 10dpk1g.dipantop.live URL: https://10dpk1g.dipantop.live/eqgsohxr/?u=g1kpd01&o=56ckph7&f=1&sid=t6~v452uiwopxln4j3lqfwa43ni&fp=JBxDoYlNckny2hY1l6Sa6Q%3D%3D Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 185.155.186.43 , Switzerland, ASN203639 (TEKNOLOGY, CH), Reverse DNS Software nginx / ASP.NET Resource Hash `1a2fff3e0a05499d6a9ed24b1762e7e61f243bbe0bd9ef28bc4ae7736bd844c0` Request headers Referer https://10dpk1g.dipantop.live/eqgsohxr/?u=g1kpd01&o=56ckph7&f=1&sid=t6~v452uiwopxln4j3lqfwa43ni&fp=JBxDoYlNckny2hY1l6Sa6Q%3D%3D Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers accept-ranges bytes content-encoding gzip content-length 1785 content-type text/html date Sun, 15 Sep 2024 17:06:22 GMT etag "80810ee3949d61:0" last-modified Tue, 23 Jun 2020 08:40:21 GMT server nginx vary Accept-Encoding x-powered-by ASP.NET Redirect headers Connection keep-alive Content-Length 194 Content-Type text/html; charset=utf-8 Date Sun, 15 Sep 2024 17:06:22 GMT Server openresty cache-control private location https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2
GET H2	200	main.css spookchatx.com/l/25/snapcheatv2/3-w2m/global/css/	65 KB 11 KB	226ms 225ms	Stylesheet text/css	185.155.186.43 TEKNOLOGY
General Check archive.org Show headers Download Go to Full URL https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/css/main.css Requested by Host: spookchatx.com URL: https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 185.155.186.43 , Switzerland, ASN203639 (TEKNOLOGY, CH), Reverse DNS Software nginx / ASP.NET Resource Hash `b08ab6e78793ab31a1568c0bdd3a5cb01b4fa922d8ef2c35ff6822da89352c99` Request headers Referer https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Sun, 15 Sep 2024 17:06:22 GMT content-encoding gzip last-modified Tue, 05 Mar 2019 12:59:27 GMT server nginx etag W/"9fcad4353d3d41:0" x-powered-by ASP.NET vary Accept-Encoding content-type text/css cache-control max-age=31536000 expires Mon, 15 Sep 2025 17:06:22 GMT
GET H2	200	logo_land.png spookchatx.com/l/25/snapcheatv2/3-w2m/global/images/	8 KB 8 KB	450ms 449ms	Image image/png	185.155.186.43 TEKNOLOGY
General Check archive.org Show headers Download Go to Show image Full URL https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/images/logo_land.png Requested by Host: spookchatx.com URL: https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 185.155.186.43 , Switzerland, ASN203639 (TEKNOLOGY, CH), Reverse DNS Software nginx / ASP.NET Resource Hash `a028588692ef5567035252584508e7eaa87feddc4e4a8ff7049767f359a66aaf` Request headers Referer https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Sun, 15 Sep 2024 17:06:22 GMT last-modified Fri, 19 Jun 2020 13:23:11 GMT server nginx etag "808951c73c46d61:0" x-powered-by ASP.NET content-type image/png cache-control max-age=31536000 accept-ranges bytes content-length 7956 expires Mon, 15 Sep 2025 17:06:22 GMT
GET H2	200	image.png spookchatx.com/l/25/snapcheatv2/3-w2m/global/images/	208 KB 208 KB	451ms 450ms	Image image/png	185.155.186.43 TEKNOLOGY
General Check archive.org Show headers Download Go to Show image Full URL https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/images/image.png Requested by Host: spookchatx.com URL: https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 185.155.186.43 , Switzerland, ASN203639 (TEKNOLOGY, CH), Reverse DNS Software nginx / ASP.NET Resource Hash `002234b8e1b9b1af3c25b6f08534061fee8b034d75b2bbc0844ebd4c1563fb2d` Request headers Referer https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Sun, 15 Sep 2024 17:06:22 GMT last-modified Fri, 19 Jun 2020 13:23:11 GMT server nginx etag "808951c73c46d61:0" x-powered-by ASP.NET content-type image/png cache-control max-age=31536000 accept-ranges bytes content-length 212851 expires Mon, 15 Sep 2025 17:06:22 GMT
GET H2	200	eye-off.svg spookchatx.com/l/25/snapcheatv2/3-w2m/global/images/	333 B 543 B	662ms 660ms	Image image/svg+xml	185.155.186.43 TEKNOLOGY
General Check archive.org Show headers Download Go to Show image Full URL https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/images/eye-off.svg Requested by Host: spookchatx.com URL: https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 185.155.186.43 , Switzerland, ASN203639 (TEKNOLOGY, CH), Reverse DNS Software nginx / ASP.NET Resource Hash `9f9f6ebaf293f7e3f6de13857b060fcaea66dc387d0010a00a6d601893fa3c9d` Request headers Referer https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Sun, 15 Sep 2024 17:06:22 GMT last-modified Fri, 01 Feb 2019 19:47:10 GMT server nginx etag "fa9c88eb66bad41:0" x-powered-by ASP.NET content-type image/svg+xml cache-control max-age=31536000 accept-ranges bytes content-length 333 expires Mon, 15 Sep 2025 17:06:22 GMT
GET H2	200	eye-on.svg spookchatx.com/l/25/snapcheatv2/3-w2m/global/images/	315 B 525 B	662ms 661ms	Image image/svg+xml	185.155.186.43 TEKNOLOGY
General Check archive.org Show headers Download Go to Show image Full URL https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/images/eye-on.svg Requested by Host: spookchatx.com URL: https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 185.155.186.43 , Switzerland, ASN203639 (TEKNOLOGY, CH), Reverse DNS Software nginx / ASP.NET Resource Hash `716d9649b8acbd0594b5c2d4f927cd1f1eb599305f7ebecd9f4c8d9831d91b7b` Request headers Referer https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Sun, 15 Sep 2024 17:06:22 GMT last-modified Fri, 01 Feb 2019 19:47:10 GMT server nginx etag "1239c4eb66bad41:0" x-powered-by ASP.NET content-type image/svg+xml cache-control max-age=31536000 accept-ranges bytes content-length 315 expires Mon, 15 Sep 2025 17:06:22 GMT
GET H2	200	jquery-2.2.4.min.js Show response spookchatx.com/l/25/snapcheatv2/3-w2m/global/js/	84 KB 30 KB	661ms 660ms	Script application/javascript	185.155.186.43 TEKNOLOGY
General Check archive.org Show headers Download Go to Full URL https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/js/jquery-2.2.4.min.js Requested by Host: spookchatx.com URL: https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 185.155.186.43 , Switzerland, ASN203639 (TEKNOLOGY, CH), Reverse DNS Software nginx / ASP.NET Resource Hash `b409c14a10b4caad6b54844aa63a5faf748b83eecc2dd0d4fb1d913f8de55365` Request headers Referer https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Sun, 15 Sep 2024 17:06:22 GMT content-encoding gzip last-modified Thu, 16 Nov 2023 08:34:37 GMT server nginx etag W/"2ecf3bb6718da1:0" x-powered-by ASP.NET vary Accept-Encoding content-type application/javascript cache-control max-age=31536000 expires Mon, 15 Sep 2025 17:06:22 GMT
GET H2	200	trls.js Show response spookchatx.com/l/25/snapcheatv2/3-w2m/global/js/	38 KB 14 KB	667ms 667ms	Script application/javascript	185.155.186.43 TEKNOLOGY
General Check archive.org Show headers Download Go to Full URL https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/js/trls.js?v=1.1 Requested by Host: spookchatx.com URL: https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 185.155.186.43 , Switzerland, ASN203639 (TEKNOLOGY, CH), Reverse DNS Software nginx / ASP.NET Resource Hash `872d85642efe35c8e4ea474a12fad1f3c0bdef4a55386865bf538422e2f67601` Request headers Referer https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Sun, 15 Sep 2024 17:06:23 GMT content-encoding gzip last-modified Thu, 16 Nov 2023 08:34:37 GMT server nginx etag W/"48e5ebbb6718da1:0" x-powered-by ASP.NET vary Accept-Encoding content-type application/javascript cache-control max-age=31536000 expires Mon, 15 Sep 2025 17:06:23 GMT
GET H2	200	main.js Show response spookchatx.com/l/25/snapcheatv2/3-w2m/global/js/	8 KB 3 KB	438ms 437ms	Script application/javascript	185.155.186.43 TEKNOLOGY
General Check archive.org Show headers Download Go to Full URL https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/js/main.js?v=1.1 Requested by Host: spookchatx.com URL: https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 185.155.186.43 , Switzerland, ASN203639 (TEKNOLOGY, CH), Reverse DNS Software nginx / ASP.NET Resource Hash `f59aa4f89ad59b2b57cf011c603316d7745c325f16b327dbc00717d9d148efe8` Request headers Referer https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Sun, 15 Sep 2024 17:06:23 GMT content-encoding gzip last-modified Thu, 16 Nov 2023 08:34:37 GMT server nginx etag "808ca9bb6718da1:0" x-powered-by ASP.NET vary Accept-Encoding content-type application/javascript cache-control max-age=31536000 accept-ranges bytes content-length 2536 expires Mon, 15 Sep 2025 17:06:23 GMT
GET H2	200	utils.js Show response spookchatx.com/js/	4 KB 2 KB	438ms 438ms	Script application/javascript	185.155.186.43 TEKNOLOGY
General Check archive.org Show headers Download Go to Full URL https://spookchatx.com/js/utils.js Requested by Host: spookchatx.com URL: https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 185.155.186.43 , Switzerland, ASN203639 (TEKNOLOGY, CH), Reverse DNS Software nginx / ASP.NET Resource Hash `386578104461cc74fe40006f4f49d7ad850c8f0fb6649381899dcb271b7fda68` Request headers Referer https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Sun, 15 Sep 2024 17:06:23 GMT content-encoding gzip last-modified Wed, 15 Nov 2023 15:58:54 GMT server nginx etag "033fa2dc17da1:0" x-powered-by ASP.NET vary Accept-Encoding content-type application/javascript cache-control max-age=31536000 accept-ranges bytes content-length 1617 expires Mon, 15 Sep 2025 17:06:23 GMT
GET H2	200	fprint2.min.js Show response spookchatx.com/js/	31 KB 11 KB	229ms 228ms	Script application/javascript	185.155.186.43 TEKNOLOGY
General Check archive.org Show headers Download Go to Full URL https://spookchatx.com/js/fprint2.min.js Requested by Host: spookchatx.com URL: https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 185.155.186.43 , Switzerland, ASN203639 (TEKNOLOGY, CH), Reverse DNS Software nginx / ASP.NET Resource Hash `ff36c38b7102a85424f8f630f053a1c962dd7ccb89062848a6e92f08aa57ae0f` Request headers Referer https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Sun, 15 Sep 2024 17:06:24 GMT content-encoding gzip last-modified Tue, 29 Sep 2020 09:37:35 GMT server nginx etag "80595e294496d61:0" x-powered-by ASP.NET vary Accept-Encoding content-type application/javascript cache-control max-age=31536000 accept-ranges bytes content-length 11408 expires Mon, 15 Sep 2025 17:06:24 GMT
GET H2	200	notification-ext.js Show response spookchatx.com/js/push-ml/	10 KB 4 KB	230ms 229ms	Script application/javascript	185.155.186.43 TEKNOLOGY
General Check archive.org Show headers Download Go to Full URL https://spookchatx.com/js/push-ml/notification-ext.js Requested by Host: spookchatx.com URL: https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 185.155.186.43 , Switzerland, ASN203639 (TEKNOLOGY, CH), Reverse DNS Software nginx / ASP.NET Resource Hash `38dddd4d46264bad06a78a10ac27a74a8c8f307eb1fd6ee61c42dd6f42ce307c` Request headers Referer https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Sun, 15 Sep 2024 17:06:24 GMT content-encoding gzip last-modified Mon, 12 Feb 2024 10:09:24 GMT server nginx etag "0e2ba8d9b5dda1:0" x-powered-by ASP.NET vary Accept-Encoding content-type application/javascript cache-control max-age=31536000 accept-ranges bytes content-length 3375 expires Mon, 15 Sep 2025 17:06:24 GMT
GET		style.css spookchatx.com/js/push-ml/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: spookchatx.com
URL: https://spookchatx.com/js/push-ml/style.css?v=2.6.5

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Porn Scam (Online)

39 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
ohmyattractwinsmore.life/	1969-12-31 23:59:59	Name: sid Value: t6~v452uiwopxln4j3lqfwa43ni
ohmyattractwinsmore.life/	1969-12-31 23:59:59	Name: p1 Value: https://dipantop.live/eqgsohxr/
ohmyattractwinsmore.life/	1969-12-31 23:59:59	Name: s1 Value: dt00dqbiokhhn15p
10dpk1g.dipantop.live/	1969-12-31 23:59:59	Name: sid Value: t2~1lr1ihlvqoezln0q5ss4b0xh
spookchatx.com/	1969-12-31 23:59:59	Name: fph Value: IjEzNjk5ZTNiZWE1NDlmOWQ0OWU5YWVmNTVjYjBkZWVmIg==
spookchatx.com/	1969-12-31 23:59:59	Name: fpd Value: W3sia2V5IjoidXNlckFnZW50IiwidmFsdWUiOiJNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjguMC4wLjAgU2FmYXJpLzUzNy4zNiJ9LHsia2V5Ijoid2ViZHJpdmVyIiwidmFsdWUiOmZhbHNlfSx7ImtleSI6Imxhbmd1YWdlIiwidmFsdWUiOiJlbi1VUyJ9LHsia2V5IjoiY29sb3JEZXB0aCIsInZhbHVlIjoyNH0seyJrZXkiOiJkZXZpY2VNZW1vcnkiLCJ2YWx1ZSI6OH0seyJrZXkiOiJoYXJkd2FyZUNvbmN1cnJlbmN5IiwidmFsdWUiOjE2fSx7ImtleSI6InNjcmVlblJlc29sdXRpb24iLCJ2YWx1ZSI6WzE2MDAsMTIwMF19LHsia2V5IjoiYXZhaWxhYmxlU2NyZWVuUmVzb2x1dGlvbiIsInZhbHVlIjpbMTYwMCwxMjAwXX0seyJrZXkiOiJ0aW1lem9uZU9mZnNldCIsInZhbHVlIjo2MDB9LHsia2V5IjoidGltZXpvbmUiLCJ2YWx1ZSI6IlBhY2lmaWMvSG9ub2x1bHUifSx7ImtleSI6InNlc3Npb25TdG9yYWdlIiwidmFsdWUiOnRydWV9LHsia2V5IjoibG9jYWxTdG9yYWdlIiwidmFsdWUiOnRydWV9LHsia2V5IjoiaW5kZXhlZERiIiwidmFsdWUiOnRydWV9LHsia2V5IjoiYWRkQmVoYXZpb3IiLCJ2YWx1ZSI6ZmFsc2V9LHsia2V5Ijoib3BlbkRhdGFiYXNlIiwidmFsdWUiOmZhbHNlfSx7ImtleSI6ImNwdUNsYXNzIiwidmFsdWUiOiJub3QgYXZhaWxhYmxlIn0seyJrZXkiOiJwbGF0Zm9ybSIsInZhbHVlIjoiTGludXggeDg2XzY0In0seyJrZXkiOiJ3ZWJnbFZlbmRvckFuZFJlbmRlcmVyIiwidmFsdWUiOiJJbnRlbCBJbmMufkludGVsIElyaXMgT3BlbkdMIEVuZ2luZSJ9LHsia2V5IjoiYWRCbG9jayIsInZhbHVlIjpmYWxzZX0seyJrZXkiOiJoYXNMaWVkTGFuZ3VhZ2VzIiwidmFsdWUiOmZhbHNlfSx7ImtleSI6Imhhc0xpZWRSZXNvbHV0aW9uIiwidmFsdWUiOmZhbHNlfSx7ImtleSI6Imhhc0xpZWRPcyIsInZhbHVlIjpmYWxzZX0seyJrZXkiOiJoYXNMaWVkQnJvd3NlciIsInZhbHVlIjpmYWxzZX0seyJrZXkiOiJ0b3VjaFN1cHBvcnQiLCJ2YWx1ZSI6WzAsZmFsc2UsZmFsc2VdfSx7ImtleSI6ImF1ZGlvIiwidmFsdWUiOiIxMjQuMDQzNDc1Mjc1MTYwNzQifV0=

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://spookchatx.com/l/25/snapcheatv2/3-w2m/global/?c=&a=norule&s=2 Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10dpk1g.dipantop.live
goo.gl
ohmyattractwinsmore.life
spookchatx.com
www.liferake.com
spookchatx.com
185.155.184.32
185.155.184.55
185.155.186.43
2607:f8b0:4006:80b::200e
93.123.118.245
002234b8e1b9b1af3c25b6f08534061fee8b034d75b2bbc0844ebd4c1563fb2d
1a2fff3e0a05499d6a9ed24b1762e7e61f243bbe0bd9ef28bc4ae7736bd844c0
386578104461cc74fe40006f4f49d7ad850c8f0fb6649381899dcb271b7fda68
38dddd4d46264bad06a78a10ac27a74a8c8f307eb1fd6ee61c42dd6f42ce307c
4ba2d485a655bec230ca1e2043d422d617a0d749fb7f5464c8fc469c3706f7d4
716d9649b8acbd0594b5c2d4f927cd1f1eb599305f7ebecd9f4c8d9831d91b7b
872d85642efe35c8e4ea474a12fad1f3c0bdef4a55386865bf538422e2f67601
9f9f6ebaf293f7e3f6de13857b060fcaea66dc387d0010a00a6d601893fa3c9d
a028588692ef5567035252584508e7eaa87feddc4e4a8ff7049767f359a66aaf
b08ab6e78793ab31a1568c0bdd3a5cb01b4fa922d8ef2c35ff6822da89352c99
b409c14a10b4caad6b54844aa63a5faf748b83eecc2dd0d4fb1d913f8de55365
ea90e78c08f181346bb3239ef7527011fb10efb4324211b98bfd315171a8043e
f59aa4f89ad59b2b57cf011c603316d7745c325f16b327dbc00717d9d148efe8
ff36c38b7102a85424f8f630f053a1c962dd7ccb89062848a6e92f08aa57ae0f

spookchatx.com Open in urlscan Pro 185.155.186.43 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

94 %HTTPS

20 %IPv6

5 Domains

5 Subdomains

5 IPs

3 Countries

357 kBTransfer

525 kBSize

6 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

39 JavaScript Global Variables

6 Cookies

1 Console Messages

Indicators

spookchatx.com Open in urlscan Pro
185.155.186.43 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

94 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

357 kB
Transfer

525 kB
Size

6
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!