checkout.mydatecentral.com Open in urlscan Pro
216.18.171.193 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://checkout.mydatecentral.com/payment/ey/wljo5NjAyNjY0OCwiYy%7C6%7CmUyNDQ4YjRhMWZhZmViNTU2MW
Submission Tags: @phish_report
Submission: On August 19 via api (August 19th 2023, 11:43:23 pm UTC) from FI — Scanned from FI

Summary HTTP 1 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 1 HTTP transactions. The main IP is 216.18.171.193, located in United States and belongs to REFLECTED, US. The main domain is checkout.mydatecentral.com.
TLS certificate: Issued by R3 on July 11th 2023. Valid for: 3 months.

This is the only time checkout.mydatecentral.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

	IP Address		AS Autonomous System
1	216.18.171.193 216.18.171.193		29789 (REFLECTED) (REFLECTED)
1	1

1 216.18.171.193 (United States)

ASN29789 (REFLECTED, US)

checkout.mydatecentral.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	mydatecentral.com checkout.mydatecentral.com	986 B
1	1

	Domain	Requested by
1	checkout.mydatecentral.com
1	1

This site contains no links.

Subject Issuer	Validity	Valid
mydatecentral.com R3	`2023-07-11` - `2023-10-09`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://checkout.mydatecentral.com/payment/ey/wljo5NjAyNjY0OCwiYy%7C6%7CmUyNDQ4YjRhMWZhZmViNTU2MW
Frame ID: 728C429849150E2E3188289F2A4C6CB6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Page not found

Page Statistics

1
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1 kB
Transfer

1 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 404
Not Found Primary Request wljo5NjAyNjY0OCwiYy%7C6%7CmUyNDQ4YjRhMWZhZmViNTU2MW Show response
checkout.mydatecentral.com/payment/ey/ 580 B
986 B 1752ms
148ms Document
text/html 216.18.171.193
REFLECTED

General

Check archive.org

Show headers Download Go to

Full URL

https://checkout.mydatecentral.com/payment/ey/wljo5NjAyNjY0OCwiYy%7C6%7CmUyNDQ4YjRhMWZhZmViNTU2MW

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

216.18.171.193 , United States, ASN29789 (REFLECTED, US),

Reverse DNS

Software

nginx /

Resource Hash

d4828e0a1cbe1a81a9476481c4334ff63cbb362d8e5b8030b5cf58c7ce447ed2

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

content-language: en
content-length: 580
content-type: text/html; charset=ISO-8859-1
date: Sat, 19 Aug 2023 23:43:17 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
server: nginx
x-frame-options: DENY

Verdicts & Comments Add Verdict or Comment

Malicious page.url
Submitted on August 19th 2023, 11:43:47 pm UTC — From United States

Threats: Malware Unwanted Software Potentially Harmful Application
Comment: MALWARE: https://checkout.mydatecentral.com/payment/ey/wljo5NjAyNjY0OCwiYy|6|mUyNDQ4YjRhMWZhZmViNTU2MW sent by RUSSIAN BOTNET using harvested emails and malicious websites: https://tinyurl.com/2buckpyn https://tinyurl.com/2buckpyn https://s-1692482619.bestdealing.co.uk https://clk-1692482619.linkyor.live https://yachterfold.com https://voluntaryfend.com https://planebale.com https://campaign.datematchclub.com https://spinninghats.world https://checkout.mydatecentral.com https://trackinbee.com

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
checkout.mydatecentral.com/	1969-12-31 23:59:59	Name: _uuid Value: 8779408a-9b42-4058-8481-06da9880abe1
checkout.mydatecentral.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: nejq1ciqn03r1cuylh9fzd7jm
checkout.mydatecentral.com/	1969-12-31 23:59:59	Name: RNLBSERVERID Value: ded464

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://checkout.mydatecentral.com/payment/ey/wljo5NjAyNjY0OCwiYy%7C6%7CmUyNDQ4YjRhMWZhZmViNTU2MW Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

checkout.mydatecentral.com
216.18.171.193
d4828e0a1cbe1a81a9476481c4334ff63cbb362d8e5b8030b5cf58c7ce447ed2

checkout.mydatecentral.com Open in urlscan Pro 216.18.171.193 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

1 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

1 kBTransfer

1 kBSize

3 Cookies

0 Outgoing links

Redirected requests

1 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Malicious page.url Submitted on August 19th 2023, 11:43:47 pm UTC — From United States

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

1 JavaScript Global Variables

3 Cookies

1 Console Messages

Security Headers

Indicators

checkout.mydatecentral.com Open in urlscan Pro
216.18.171.193 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

1
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1 kB
Transfer

1 kB
Size

3
Cookies

1 HTTP transactions
0 data transactions

Malicious page.url
Submitted on August 19th 2023, 11:43:47 pm UTC — From United States

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!