dhakalocal.com - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 209.59.187.49, located in Lansing, United States and belongs to LIQUIDWEB - Liquid Web, L.L.C, US. The main domain is dhakalocal.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 14th 2019. Valid for: 3 months.

This is the only time dhakalocal.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
2 2	158.69.225.226 158.69.225.226	16276 (OVH) (OVH)
2 8	209.59.187.49 209.59.187.49	32244 (LIQUIDWEB) (LIQUIDWEB - Liquid Web)
6	2

2 158.69.225.226 (Montreal, Canada) 2 redirects

ASN16276 (OVH, FR)
PTR: smart.mipagina.net

cadcafe.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 209.59.187.49 (Lansing, United States) 2 redirects

ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US)
PTR: cloud.datacraftbd.com

dhakalocal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	dhakalocal.com 2 redirects dhakalocal.com	337 KB
2	cadcafe.co 2 redirects cadcafe.co	528 B
6	2

	Domain	Requested by
8	dhakalocal.com	2 redirects dhakalocal.com
2	cadcafe.co	2 redirects
6	2

This site contains no links.

Subject Issuer	Validity	Valid
dhakalocal.com cPanel, Inc. Certification Authority	`2019-08-14` - `2019-11-12`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://dhakalocal.com//mxxxtty//enterpassword.php?KA74K915677068025867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a5&AP___=janr@senecadata.com&error=
Frame ID: 680A1976B20A1A35FEDCF2F575791555
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://cadcafe.co/kw7?0_0=janr@senecadata.com HTTP 301
https://cadcafe.co/kw7/?0_0=janr@senecadata.com HTTP 302
https://dhakalocal.com//mxxxtty//?AP___=janr@senecadata.com HTTP 302
https://dhakalocal.com//mxxxtty//qgwew1hkkm8z93dg9pdio2eq.php?D0eD6715677068025867b00ab842c998d62b1... HTTP 302
https://dhakalocal.com//mxxxtty//enterpassword.php?KA74K915677068025867b00ab842c998d62b1d6c06ae64a5... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

336 kB
Transfer

400 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cadcafe.co/kw7?0_0=janr@senecadata.com HTTP 301
https://cadcafe.co/kw7/?0_0=janr@senecadata.com HTTP 302
https://dhakalocal.com//mxxxtty//?AP___=janr@senecadata.com HTTP 302
https://dhakalocal.com//mxxxtty//qgwew1hkkm8z93dg9pdio2eq.php?D0eD6715677068025867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a5&AP___=janr@senecadata.com&error= HTTP 302
https://dhakalocal.com//mxxxtty//enterpassword.php?KA74K915677068025867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a5&AP___=janr@senecadata.com&error= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request enterpassword.php Show response
dhakalocal.com//mxxxtty//
Redirect Chain

https://cadcafe.co/kw7?0_0=janr@senecadata.com
https://cadcafe.co/kw7/?0_0=janr@senecadata.com
https://dhakalocal.com//mxxxtty//?AP___=janr@senecadata.com
https://dhakalocal.com//mxxxtty//qgwew1hkkm8z93dg9pdio2eq.php?D0eD6715677068025867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6...
https://dhakalocal.com//mxxxtty//enterpassword.php?KA74K915677068025867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a558...

8 KB
4 KB

176ms
175ms

Document
text/html

209.59.187.49
Liquid Web

General

Check archive.org

Show headers Download Go to

Full URL: https://dhakalocal.com//mxxxtty//enterpassword.php?KA74K915677068025867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a5&AP___=janr@senecadata.com&error=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.59.187.49 Lansing, United States, ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US),
Reverse DNS: cloud.datacraftbd.com
Software: Apache /
Resource Hash: f04b04479551729442e2354240e6f54be04ee25837bc6dbf0fceee33b01e057a

Request headers

Host: dhakalocal.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1

Response headers

Date: Thu, 05 Sep 2019 18:06:42 GMT
Server: Apache
X-Mod-Pagespeed: 1.11.33.2-0
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=0, no-cache
Content-Length: 4013
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Thu, 05 Sep 2019 18:06:42 GMT
Server: Apache
Location: enterpassword.php?KA74K915677068025867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a5&AP___=janr@senecadata.com&error=
Content-Length: 2579
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK style.css
dhakalocal.com//mxxxtty// 6 KB
6 KB 117ms
117ms Stylesheet
text/css 209.59.187.49
Liquid Web

General

Check archive.org

Show headers Download Go to

Full URL

https://dhakalocal.com//mxxxtty//style.css

Requested by

Host: dhakalocal.com
URL: https://dhakalocal.com//mxxxtty//enterpassword.php?KA74K915677068025867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a5&AP___=janr@senecadata.com&error=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.59.187.49 Lansing, United States, ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US),

Reverse DNS

cloud.datacraftbd.com

Software

Apache /

Resource Hash

f3a3435dd1e14ea7ec192be880befce0c60c18a1dd6161f3a66cb82e9b358002

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://dhakalocal.com//mxxxtty//enterpassword.php?KA74K915677068025867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a5&AP___=janr@senecadata.com&error=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 05 Sep 2019 18:06:43 GMT
X-Content-Type-Options: nosniff
X-Original-Content-Length: 6008
Server: Apache
Etag: W/"PSA-bfjer3abdu"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=300
Last-Modified: Sat, 15 Dec 2018 17:09:32 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 6008
Expires: Thu, 05 Sep 2019 18:10:45 GMT

GET
H/1.1 200
OK jquery.js.pagespeed.jm.YSzgc-BSX9.js Show response
dhakalocal.com//mxxxtty//js/ 93 KB
33 KB 239ms
121ms Script
application/javascript 209.59.187.49
Liquid Web

General

Check archive.org

Show headers Download Go to

Full URL: https://dhakalocal.com//mxxxtty//js/jquery.js.pagespeed.jm.YSzgc-BSX9.js
Requested by: Host: dhakalocal.com
URL: https://dhakalocal.com//mxxxtty//enterpassword.php?KA74K915677068025867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a5&AP___=janr@senecadata.com&error=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.59.187.49 Lansing, United States, ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US),
Reverse DNS: cloud.datacraftbd.com
Software: Apache /
Resource Hash: a181a613a6eeab77259b1d6537f82fd28f4cb38fa41e43af8d1677a3542e74bf

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://dhakalocal.com//mxxxtty//enterpassword.php?KA74K915677068025867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a5&AP___=janr@senecadata.com&error=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 05 Sep 2019 18:06:43 GMT
Content-Encoding: gzip
X-Original-Content-Length: 95699
Server: Apache
Etag: W/"0-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=31536000
Last-Modified: Thu, 05 Sep 2019 17:13:55 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 33161
Expires: Fri, 04 Sep 2020 17:13:55 GMT

GET
H/1.1 200
OK ms-logo-v1.svg
dhakalocal.com//mxxxtty//images/ 756 B
1002 B 363ms
121ms Image
image/svg+xml 209.59.187.49
Liquid Web

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dhakalocal.com//mxxxtty//images/ms-logo-v1.svg
Requested by: Host: dhakalocal.com
URL: https://dhakalocal.com//mxxxtty//enterpassword.php?KA74K915677068025867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a5&AP___=janr@senecadata.com&error=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.59.187.49 Lansing, United States, ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US),
Reverse DNS: cloud.datacraftbd.com
Software: Apache /
Resource Hash: 5d3357bd875b7335ace42e8ee3a64578e4253bed1a4e279109de403eedae3a69

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://dhakalocal.com//mxxxtty//enterpassword.php?KA74K915677068025867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a5&AP___=janr@senecadata.com&error=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 05 Sep 2019 18:06:43 GMT
Last-Modified: Sat, 15 Dec 2018 17:09:32 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 756

GET
H/1.1 200
OK 0.jpg
dhakalocal.com//mxxxtty//images/ 291 KB
291 KB 122ms
122ms Image
image/jpeg 209.59.187.49
Liquid Web

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dhakalocal.com//mxxxtty//images/0.jpg

Requested by

Host: dhakalocal.com
URL: https://dhakalocal.com//mxxxtty//js/jquery.js.pagespeed.jm.YSzgc-BSX9.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.59.187.49 Lansing, United States, ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US),

Reverse DNS

cloud.datacraftbd.com

Software

Apache /

Resource Hash

62faab60433070e2ea52c235f0f18db228759f2a08bb6f9e5711630df8321214

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://dhakalocal.com//mxxxtty//style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 05 Sep 2019 18:06:43 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sat, 15 Dec 2018 17:09:32 GMT
Server: Apache
Etag: W/"PSA-9ampUxuPS8"
Content-Type: image/jpeg
Cache-Control: max-age=300
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 298105
Expires: Thu, 05 Sep 2019 18:11:42 GMT

GET
DATA 200
OK truncated
/ 820 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 509bc9ddea3de82d8c02e6f9c6178f8b75ebc8b5a54b0f5574539a44020d9441

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/webp

POST
H/1.1 204
No Content mod_pagespeed_beacon Show response
dhakalocal.com/ 0
171 B 122ms
122ms XHR
text/plain 209.59.187.49
Liquid Web

General

Check archive.org

Show headers Download Go to

Full URL: https://dhakalocal.com/mod_pagespeed_beacon?url=https%3A%2F%2Fdhakalocal.com%2F%2Fmxxxtty%2F%2Fenterpassword.php%3FKA74K915677068025867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a5%26AP___%3Djanr%40senecadata.com%26error%3D
Requested by: Host: dhakalocal.com
URL: https://dhakalocal.com//mxxxtty//enterpassword.php?KA74K915677068025867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a5&AP___=janr@senecadata.com&error=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.59.187.49 Lansing, United States, ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US),
Reverse DNS: cloud.datacraftbd.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: cors
Referer: https://dhakalocal.com//mxxxtty//enterpassword.php?KA74K915677068025867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a55867b00ab842c998d62b1d6c06ae64a5&AP___=janr@senecadata.com&error=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Thu, 05 Sep 2019 18:06:44 GMT
Cache-Control: max-age=0, no-cache
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| pagespeed

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cadcafe.co
dhakalocal.com
158.69.225.226
209.59.187.49
509bc9ddea3de82d8c02e6f9c6178f8b75ebc8b5a54b0f5574539a44020d9441
5d3357bd875b7335ace42e8ee3a64578e4253bed1a4e279109de403eedae3a69
62faab60433070e2ea52c235f0f18db228759f2a08bb6f9e5711630df8321214
a181a613a6eeab77259b1d6537f82fd28f4cb38fa41e43af8d1677a3542e74bf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f04b04479551729442e2354240e6f54be04ee25837bc6dbf0fceee33b01e057a
f3a3435dd1e14ea7ec192be880befce0c60c18a1dd6161f3a66cb82e9b358002

dhakalocal.com Open in urlscan Pro 209.59.187.49 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

6 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

336 kBTransfer

400 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Indicators

dhakalocal.com Open in urlscan Pro
209.59.187.49 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

336 kB
Transfer

400 kB
Size

0
Cookies

6 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!