csmomey.xyz Open in urlscan Pro
185.149.120.29 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://csmomey.xyz/login?redirectUrl=https://csmomey.xyz/&callbackUrl=https://csmomey.xyz/login&redirectQuery=%3Fgc...
Submission: On May 17 via manual (May 17th 2023, 7:30:21 pm UTC) from SK — Scanned from DE

Summary HTTP 33 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 33 HTTP transactions. The main IP is 185.149.120.29, located in Russian Federation and belongs to DDOS-GUARD, RU. The main domain is csmomey.xyz.
TLS certificate: Issued by R3 on May 16th 2023. Valid for: 3 months.

This is the only time csmomey.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Steam (Gaming)

Domain & IP information

	IP Address	AS Autonomous System
1	185.149.120.29 185.149.120.29	57724 (DDOS-GUARD) (DDOS-GUARD)
32	2606:4700:303... 2606:4700:3035::6815:3462	13335 (CLOUDFLAR...) (CLOUDFLARENET)
33	3

1 185.149.120.29 (Russian Federation)

ASN57724 (DDOS-GUARD, RU)
PTR: ddos-guard.net

csmomey.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2606:4700:3035::6815:3462 (United States)

ASN13335 (CLOUDFLARENET, US)

ajgnjskandk.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	ajgnjskandk.ru ajgnjskandk.ru	622 KB
1	csmomey.xyz csmomey.xyz	566 B
33	2

	Domain	Requested by
32	ajgnjskandk.ru	csmomey.xyz ajgnjskandk.ru
1	csmomey.xyz
33	2

This site contains no links.

Subject Issuer	Validity	Valid
csmomey.xyz R3	`2023-05-16` - `2023-08-14`	3 months	crt.sh
ajgnjskandk.ru E1	`2023-05-11` - `2023-08-09`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://csmomey.xyz/login?redirectUrl=https://csmomey.xyz/&callbackUrl=https://csmomey.xyz/login&redirectQuery=%3Fgclid%3DEAIaIQobChMI8rf1sIv9_gIVivZ3Ch305AWAEAMYASAAEgIsdfD_BwE%26utm_campaign%3Dsec1kkkLOG
Frame ID: 568BA0566FECD178078E924B5ACF9F11
Requests: 1 HTTP requests in this frame

Frame: https://ajgnjskandk.ru/9c76b26fbf46b79d5
Frame ID: F2834C43F6D57DC9E0AB937EFDF1CC31
Requests: 33 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Steam Community

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

33
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

622 kB
Transfer

1446 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

33 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request login Show response
csmomey.xyz/ 275 B
566 B 1339ms
888ms Document
text/html 185.149.120.29
DDOS-GUARD

General

Source	Level	URL Text
security	error	URL: https://ajgnjskandk.ru/9c76b26fbf46b79d5(Line 7743) Message: Blocked autofocusing on a <input> element in a cross-origin subframe.
security	error	URL: https://ajgnjskandk.ru/9c76b26fbf46b79d5(Line 7857) Message: Blocked autofocusing on a <input> element in a cross-origin subframe.

Header	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

csmomey.xyz Open in urlscan Pro 185.149.120.29 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

33 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

622 kBTransfer

1446 kBSize

1 Cookies

0 Outgoing links

Redirected requests

33 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

csmomey.xyz Open in urlscan Pro
185.149.120.29 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

33
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

622 kB
Transfer

1446 kB
Size

1
Cookies

33 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!