cbjbdhb.offrsmatcher.com Open in urlscan Pro
5.104.107.248 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://vsmid.nakula.fun/a/MnQ3M1N1MDNHTWhIQkowa0J0b21MNzQxVmh3Z1ZXei9NWVh3cXVxUVhwZlNlUWlQMjZhWFd6UjV1MmplQjNxV2Q5YStmM0...
Effective URL:
https://cbjbdhb.offrsmatcher.com/s/002d12a170722?sub1=CIKGU&track=CIKGU&subsource=Q0lLR1UsRkksODcuOTUuNjguMjUsV0VCLFRSQUZFRQ
Submission Tags: @phish_report
Submission: On December 01 via api (December 1st 2024, 2:03:33 am UTC) from FI — Scanned from FI

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 20 HTTP transactions. The main IP is 5.104.107.248, located in Düsseldorf, Germany and belongs to MYLOC-AS WIIT AG, DE. The main domain is cbjbdhb.offrsmatcher.com.
TLS certificate: Issued by R10 on November 6th 2024. Valid for: 3 months.

This is the only time cbjbdhb.offrsmatcher.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

	IP Address	AS Autonomous System
1	172.67.216.220 172.67.216.220	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 4	68.66.226.114 68.66.226.114	55293 (A2HOSTING) (A2HOSTING)
13	5.104.107.248 5.104.107.248	24961 (MYLOC-AS ...) (MYLOC-AS WIIT AG)
1	142.250.185.74 142.250.185.74	15169 (GOOGLE) (GOOGLE)
1	142.250.185.163 142.250.185.163	15169 (GOOGLE) (GOOGLE)
1	109.236.91.3 109.236.91.3	49981 (WorldStre...) (WorldStream WorldStream B.V.)
20	6

1 172.67.216.220 (United States)

ASN13335 (CLOUDFLARENET, US)

vsmid.nakula.fun	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 68.66.226.114 (United States) 1 redirects

ASN55293 (A2HOSTING, US)
PTR: az1-ss99.a2hosting.com

susankatarina.onlapsnow.buzz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 5.104.107.248 (Düsseldorf, Germany)

ASN24961 (MYLOC-AS WIIT AG, DE)
PTR: srv11409.dus4.dedicated.server-hosting.expert

cbjbdhb.offrsmatcher.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.74 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 109.236.91.3 (Naaldwijk, Netherlands)

ASN49981 (WorldStream WorldStream B.V., NL)
PTR: customer.worldstream.nl

extreme-ip-lookup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	offrsmatcher.com cbjbdhb.offrsmatcher.com	482 KB
4	onlapsnow.buzz 1 redirects susankatarina.onlapsnow.buzz	4 KB
1	extreme-ip-lookup.com extreme-ip-lookup.com — Cisco Umbrella Rank: 25233	627 B
1	gstatic.com fonts.gstatic.com	19 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	1 KB
1	nakula.fun vsmid.nakula.fun	1 KB
20	6

	Domain	Requested by
13	cbjbdhb.offrsmatcher.com	susankatarina.onlapsnow.buzz cbjbdhb.offrsmatcher.com
4	susankatarina.onlapsnow.buzz	1 redirects vsmid.nakula.fun susankatarina.onlapsnow.buzz
1	extreme-ip-lookup.com	cbjbdhb.offrsmatcher.com
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	cbjbdhb.offrsmatcher.com
1	vsmid.nakula.fun
20	6

This site contains no links.

Subject Issuer	Validity	Valid
nakula.fun WE1	`2024-10-14` - `2025-01-12`	3 months	crt.sh
.onlapsnow.buzz .onlapsnow.buzz	`2024-05-30` - `2025-05-30`	a year	crt.sh
offrsmatcher.com R10	`2024-11-06` - `2025-02-04`	3 months	crt.sh
upload.video.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.gstatic.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
t1.extreme-dm.com R11	`2024-10-08` - `2025-01-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://cbjbdhb.offrsmatcher.com/s/002d12a170722?sub1=CIKGU&track=CIKGU&subsource=Q0lLR1UsRkksODcuOTUuNjguMjUsV0VCLFRSQUZFRQ
Frame ID: B1C44919EE520C1F5ADDBEC150DD877F
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Tämän kuun suosituin dating site

Page URL History Show full URLs

https://vsmid.nakula.fun/a/MnQ3M1N1MDNHTWhIQkowa0J0b21MNzQxVmh3Z1ZXei9NWVh3cXVxUVhwZlNlUWlQMjZhWFd6Uj... Page URL
http://susankatarina.onlapsnow.buzz/YVFJQkssQ0lLR1UsMTczMjk0MzY3MywsVFJBRkVFLEhpISBJJ206IEthc2FuZHJhIC0gT24gbGl2... HTTP 307
https://susankatarina.onlapsnow.buzz/YVFJQkssQ0lLR1UsMTczMjk0MzY3MywsVFJBRkVFLEhpISBJJ206IEthc2FuZHJhIC0gT24gbGl2... Page URL
https://susankatarina.onlapsnow.buzz/_meetups/?click_id=CIKGU&country_code=FI&user_agent=WEB&ip_address=87.95.68.... HTTP 302
https://susankatarina.onlapsnow.buzz/_meetups/r.php?click_id=CIKGU&country_code=FI&user_agent=WEB&ip_address=87.9... Page URL
https://cbjbdhb.offrsmatcher.com/s/002d12a170722?sub1=CIKGU&track=CIKGU&subsource=Q0lLR1UsRkksODcuOTUuNjguMjU... Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

20
Requests

85 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

6
IPs

3
Countries

508 kB
Transfer

592 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://vsmid.nakula.fun/a/MnQ3M1N1MDNHTWhIQkowa0J0b21MNzQxVmh3Z1ZXei9NWVh3cXVxUVhwZlNlUWlQMjZhWFd6UjV1MmplQjNxV2Q5YStmM0hXeVVxaExGbDUvaVNGUnB4TmhRMCtmb0dVcnRLYjhnY0src0o2bzFnQklzUTZjWkQwMjg2TGMzYUZkUnE4bS9IbFNQN3JXM2MwM01FUVFvVVZQSTYyUnQxemJ2STRyRHV0b0FtbXRHaVlhVnJCZEQ4WmNiRFZEVHZxY0NkZGx0N3BCTnRSN2w3dndGK1dvbXltaElhSmw5aGdWd0x3ckxjVjBrZW5XdWFjdnRXTnRWZzhQM2xuWU92TDhyZElYVE1MU09saU5qQUlGbEU1a0R3eXUwUDgzTnpaWlFPRGZMcWp4aGxaTjdvWGx4RHNYRmhHVnhpNTUzMzVuTFpXNkpzTXhYK1R3MGpLRXpVRTVBN2RaVUd2Nk5NWUhURXRrclFyWkp0OW1oNms1OUlmY1FNaGdBaXN0bExDOTJIcFZSdEMzaWs4aWg3d3dJR0o4WEF4ci9ZYmFBamkvTWVxR2hWb1hPaytZc21TNVZHOGJERk4vTXFqWkZlbWwxZlV6SUM0Tm5aQVRZWDJZWWp1enc9PQ==?0e5i4fsu65ub Page URL
http://susankatarina.onlapsnow.buzz/YVFJQkssQ0lLR1UsMTczMjk0MzY3MywsVFJBRkVFLEhpISBJJ206IEthc2FuZHJhIC0gT24gbGl2ZSBzaG93cyEs HTTP 307
https://susankatarina.onlapsnow.buzz/YVFJQkssQ0lLR1UsMTczMjk0MzY3MywsVFJBRkVFLEhpISBJJ206IEthc2FuZHJhIC0gT24gbGl2ZSBzaG93cyEs Page URL
https://susankatarina.onlapsnow.buzz/_meetups/?click_id=CIKGU&country_code=FI&user_agent=WEB&ip_address=87.95.68.25&user_lp=TRAFEE HTTP 302
https://susankatarina.onlapsnow.buzz/_meetups/r.php?click_id=CIKGU&country_code=FI&user_agent=WEB&ip_address=87.95.68.25&user_lp=TRAFEE Page URL
https://cbjbdhb.offrsmatcher.com/s/002d12a170722?sub1=CIKGU&track=CIKGU&subsource=Q0lLR1UsRkksODcuOTUuNjguMjUsV0VCLFRSQUZFRQ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

http://susankatarina.onlapsnow.buzz/YVFJQkssQ0lLR1UsMTczMjk0MzY3MywsVFJBRkVFLEhpISBJJ206IEthc2FuZHJhIC0gT24gbGl2ZSBzaG93cyEs HTTP 307
https://susankatarina.onlapsnow.buzz/YVFJQkssQ0lLR1UsMTczMjk0MzY3MywsVFJBRkVFLEhpISBJJ206IEthc2FuZHJhIC0gT24gbGl2ZSBzaG93cyEs

Request Chain 3

https://susankatarina.onlapsnow.buzz/_meetups/?click_id=CIKGU&country_code=FI&user_agent=WEB&ip_address=87.95.68.25&user_lp=TRAFEE HTTP 302
https://susankatarina.onlapsnow.buzz/_meetups/r.php?click_id=CIKGU&country_code=FI&user_agent=WEB&ip_address=87.95.68.25&user_lp=TRAFEE

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 MnQ3M1N1MDNHTWhIQkowa0J0b21MNzQxVmh3Z1ZXei9NWVh3cXVxUVhwZlNlUWlQMjZhWFd6UjV1MmplQjNxV2Q5YStmM0hXeVVxaExGbDUvaVNGUnB4TmhRMCtmb0dVcnRLYjhnY0src0o2bzFnQklzUTZjWkQwMjg2TGMzYUZkUnE4bS9IbFNQN3JXM2MwM01FU...
vsmid.nakula.fun/a/ 2 KB
1 KB 1088ms
302ms Document
text/html 172.67.216.220
CLOUDFLARENET

General

cbjbdhb.offrsmatcher.com Open in urlscan Pro 5.104.107.248 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

85 %HTTPS

0 %IPv6

6 Domains

6 Subdomains

6 IPs

3 Countries

508 kBTransfer

592 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Malicious page.domain Submitted on December 1st 2024, 2:06:32 am UTC — From Spain

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

13 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

cbjbdhb.offrsmatcher.com Open in urlscan Pro
5.104.107.248 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

85 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

6
IPs

3
Countries

508 kB
Transfer

592 kB
Size

1
Cookies

20 HTTP transactions
0 data transactions

Malicious page.domain
Submitted on December 1st 2024, 2:06:32 am UTC — From Spain

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!