www.kitconcafe.com
Open in
urlscan Pro
20.81.68.24
Malicious Activity!
Public Scan
Effective URL: https://www.kitconcafe.com/cacheold/enterg_d.html?gstr=vPESK4vDXA2dLqgF3mhiairzzXYHAdjK7Y2ui7jgwdVCWyvzDh
Submission: On January 14 via manual from GR — Scanned from DE
Summary
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on October 13th 2021. Valid for: a year.
This is the only time www.kitconcafe.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 66.96.147.109 66.96.147.109 | 29873 (BIZLAND-SD) (BIZLAND-SD) | |
1 | 2607:f1c0:100... 2607:f1c0:100f:f000::2e7 | 8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS) | |
6 | 20.81.68.24 20.81.68.24 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2606:4700:20:... 2606:4700:20::681a:407 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 158.69.139.229 158.69.139.229 | 16276 (OVH) (OVH) | |
1 | 67.202.114.214 67.202.114.214 | 32748 (STEADFAST) (STEADFAST) | |
1 | 104.18.28.199 104.18.28.199 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 67.202.105.31 67.202.105.31 | 32748 (STEADFAST) (STEADFAST) | |
1 | 67.202.105.33 67.202.105.33 | 32748 (STEADFAST) (STEADFAST) | |
21 | 10 |
ASN29873 (BIZLAND-SD, US)
PTR: 109.147.96.66.static.eigbox.net
elitecosmetics.net |
ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
best2care.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.kitconcafe.com |
ASN32748 (STEADFAST, US)
PTR: ip31.67-202-105.static.steadfastdns.net
ic.tynt.com |
ASN32748 (STEADFAST, US)
PTR: ip33.67-202-105.static.steadfastdns.net
de.tynt.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
tynt.com
cdn.tynt.com — Cisco Umbrella Rank: 6692 ic.tynt.com — Cisco Umbrella Rank: 3828 de.tynt.com — Cisco Umbrella Rank: 1127 |
8 KB |
6 |
kitconcafe.com
www.kitconcafe.com |
71 KB |
2 |
dtscout.com
t.dtscout.com — Cisco Umbrella Rank: 13169 |
3 KB |
1 |
amung.us
whos.amung.us — Cisco Umbrella Rank: 14480 |
145 B |
1 |
waust.at
waust.at — Cisco Umbrella Rank: 40332 |
7 KB |
1 |
best2care.com
best2care.com |
284 B |
1 |
elitecosmetics.net
elitecosmetics.net |
1 KB |
21 | 7 |
Domain | Requested by | |
---|---|---|
7 | ic.tynt.com |
www.kitconcafe.com
|
6 | www.kitconcafe.com |
best2care.com
www.kitconcafe.com |
2 | t.dtscout.com |
waust.at
t.dtscout.com |
1 | de.tynt.com |
cdn.tynt.com
|
1 | cdn.tynt.com |
waust.at
|
1 | whos.amung.us |
waust.at
|
1 | waust.at |
www.kitconcafe.com
|
1 | best2care.com |
elitecosmetics.net
|
1 | elitecosmetics.net | |
21 | 9 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.elitecosmetics.net Sectigo RSA Domain Validation Secure Server CA |
2021-07-04 - 2022-07-04 |
a year | crt.sh |
*.best2care.com Encryption Everywhere DV TLS CA - G1 |
2021-06-01 - 2022-05-31 |
a year | crt.sh |
www.mirusdev.com Go Daddy Secure Certificate Authority - G2 |
2021-10-13 - 2022-10-23 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-08-04 - 2022-08-03 |
a year | crt.sh |
*.dtscout.com Sectigo RSA Domain Validation Secure Server CA |
2021-10-28 - 2022-11-27 |
a year | crt.sh |
whos.amung.us Sectigo RSA Domain Validation Secure Server CA |
2020-05-21 - 2022-05-21 |
2 years | crt.sh |
*.tynt.com Sectigo RSA Domain Validation Secure Server CA |
2021-09-23 - 2022-09-30 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.kitconcafe.com/cacheold/enterg_d.html?gstr=vPESK4vDXA2dLqgF3mhiairzzXYHAdjK7Y2ui7jgwdVCWyvzDh
Frame ID: 1C1B908DB4ECF6945DC65878D042CC7A
Requests: 22 HTTP requests in this frame
Screenshot
Page Title
Facebook - Συνδεθείτε ή δημιουργήστε λογαριασμόPage URL History Show full URLs
- https://elitecosmetics.net/livesite/elitenew/wp-includes/pomo/www-videos_play_video_2.php Page URL
- https://best2care.com/xfb-5/h1.php?ml=vPESK4vDXA2dLqgF3mhiairzzXYHAdjK7Y2ui7jgwdVCWyvzDh&l=gr&t=pc Page URL
- https://www.kitconcafe.com/cacheold/enterg_d.html?gstr=vPESK4vDXA2dLqgF3mhiairzzXYHAdjK7Y2ui7jgwdVCWyvzDh Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
Page Statistics
16 Outgoing links
These are links going to different origins than the main page.
Title: 11
Search URL Search Domain Scan URL
Title: News
Search URL Search Domain Scan URL
Title: Editorial
Search URL Search Domain Scan URL
Title: General info
Search URL Search Domain Scan URL
Title: Follow us on Facebook
Search URL Search Domain Scan URL
Title: Contact us
Search URL Search Domain Scan URL
Title: Messenger
Search URL Search Domain Scan URL
Title: Watch
Search URL Search Domain Scan URL
Title: Facebook Pay
Search URL Search Domain Scan URL
Title: Oculus
Search URL Search Domain Scan URL
Title: Portal
Search URL Search Domain Scan URL
Title: Instagram
Search URL Search Domain Scan URL
Title: Bulletin
Search URL Search Domain Scan URL
Title: Πληροφορίες
Search URL Search Domain Scan URL
Title: Προγραμματιστές
Search URL Search Domain Scan URL
Title: Οι διαφημίσεις μου
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://elitecosmetics.net/livesite/elitenew/wp-includes/pomo/www-videos_play_video_2.php Page URL
- https://best2care.com/xfb-5/h1.php?ml=vPESK4vDXA2dLqgF3mhiairzzXYHAdjK7Y2ui7jgwdVCWyvzDh&l=gr&t=pc Page URL
- https://www.kitconcafe.com/cacheold/enterg_d.html?gstr=vPESK4vDXA2dLqgF3mhiairzzXYHAdjK7Y2ui7jgwdVCWyvzDh Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
www-videos_play_video_2.php
elitecosmetics.net/livesite/elitenew/wp-includes/pomo/ |
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
h1.php
best2care.com/xfb-5/ |
226 B 284 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
enterg_d.html
www.kitconcafe.com/cacheold/ |
30 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles2.css
www.kitconcafe.com/cacheold/img/ |
28 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
d.js
waust.at/ |
13 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
www.kitconcafe.com/cacheold/img/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
t.dtscout.com/i/ |
2 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FBWordmark_Hex-RGB-1024.svg
www.kitconcafe.com/cacheold/img/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
whos.amung.us/pingjs/ |
29 B 145 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
HToPuqfx_wC.png
www.kitconcafe.com/rsrc.php/v3/ya/r/ |
18 KB 18 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
YQNfPR9MJfx.png
www.kitconcafe.com/rsrc.php/v3/yO/r/ |
18 KB 18 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
t.dtscout.com/pv/ |
50 B 318 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tc.js
cdn.tynt.com/ |
17 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p
ic.tynt.com/b/ |
0 227 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v2
de.tynt.com/deb/ |
4 B 202 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p
ic.tynt.com/b/ |
0 227 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p
ic.tynt.com/b/ |
0 227 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p
ic.tynt.com/b/ |
0 227 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p
ic.tynt.com/b/ |
0 227 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p
ic.tynt.com/b/ |
0 227 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p
ic.tynt.com/b/ |
0 227 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)29 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onsecuritypolicyviolation object| onslotchange object| _wau object| _0x1b92 function| getparam object| gStr number| sgtru string| sg string| wau_w_col string| wau_w_siz object| WAU_ren function| WAU_dynamic function| WAU_dynamic_request function| WAU_r_d function| WAU_insert function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_lrs function| WAU_cps function| docReady object| _0x493e object| _dtspv object| x string| x1 string| x2 object| Tynt object| _33Across function| __uspapi7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.dtscout.com/ | Name: m Value: 1 |
|
.dtscout.com/ | Name: b Value: 1 |
|
.dtscout.com/ | Name: oa Value: 1 |
|
.dtscout.com/ | Name: df Value: 1642202706 |
|
www.kitconcafe.com/ | Name: wpmp_switcher Value: desktop |
|
www.kitconcafe.com/ | Name: wfvt_22575677 Value: 61e20652e329b |
|
www.kitconcafe.com/ | Name: PHPSESSID Value: 8286shp7j4i738p6f5coa2v2k7 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
best2care.com
cdn.tynt.com
de.tynt.com
elitecosmetics.net
ic.tynt.com
t.dtscout.com
waust.at
whos.amung.us
www.kitconcafe.com
104.18.28.199
158.69.139.229
20.81.68.24
2606:4700:20::681a:407
2607:f1c0:100f:f000::2e7
66.96.147.109
67.202.105.31
67.202.105.33
67.202.114.214
2347066080fea31af55c7112dca5245ea3eea67df5f24f1daae09f0870fbce62
3db54c26b2f7c10914ea89d3fee476197102b13118019d599f055c91c68f2982
4a070d5b96539f0ebad9df7d1865b37bd518cbfcef7ef3f77a9115ff004d0ecc
5268ec0ccb83eec56382f4c256e37263a5b6e6d822bb6075b110855a94d27469
6f4587fb64cd2e7ce26ba21941c80f3ab8d28c257b73d04a87c949b32e4cde2d
74f570e29539b975f49b3b716ba1fd496ea46821233a6fda79a7a78396dee950
867e8c0f65910529d214a22ff58f5ad38158e1c104cc1706c94d5f4d3780944c
8fb1850e00c24b83e04ea4f41fe5774cff1d476a293fa7b35cba97827eb194cd
abea0a3df2615e9fce60e37676176f6ad0a0a190d850c8aff909900ab5bbb32f
babd70c55029432d8fb3dd9ae2c4df2567100f58cada2723883dd084d53c6a93
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
da0a17ced8d27536fb4658f793e777b87a0a7078f6971b10337b9205511d9703
ddaeedc09470a4ca2b18c19d37137b041293ca793671fab35541cd7b1eaf9215
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f033f3863ceadf5bc09a05994fec7cb0ac4d1b68f35a3a30e3c567e31fcfb4ac