kakapdev.com
Open in
urlscan Pro
209.58.165.102
Malicious Activity!
Public Scan
Submitted URL: http://fg.ballpointbanana.com/
Effective URL: https://kakapdev.com/x28zal2am/log_in/?sslchannel=true&sessionid=baBjeUkIEXNFqN1fzCVpqh0OSJ8MkU3v5FOkz82d6QSxDUMdxHDY...
Submission: On September 19 via manual from CA
Effective URL: https://kakapdev.com/x28zal2am/log_in/?sslchannel=true&sessionid=baBjeUkIEXNFqN1fzCVpqh0OSJ8MkU3v5FOkz82d6QSxDUMdxHDY...
Submission: On September 19 via manual from CA
Summary
This website contacted 3 IPs
in 3 countries
across 4 domains to perform 15 HTTP transactions.
The main IP is 209.58.165.102, located in
Singapore, Singapore and
belongs to LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG.
The main domain is kakapdev.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 5th 2019. Valid for: 3 months.
This is the only time kakapdev.com was scanned on urlscan.io!
TLS certificate: Issued by Let's Encrypt Authority X3 on August 5th 2019. Valid for: 3 months.
This is the only time kakapdev.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 149.255.62.88 149.255.62.88 | 34931 (AWARESOFT) (AWARESOFT) | |
| 12 | 209.58.165.102 209.58.165.102 | 59253 (LEASEWEB-...) (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd.) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:815::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 2 | 2a00:1450:400... 2a00:1450:4001:825::2003 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 15 | 3 |
1
149.255.62.88
(United Kingdom)
ASN34931 (AWARESOFT, GB)
PTR: cloud403.unlimitedwebhosting.co.uk
ASN34931 (AWARESOFT, GB)
PTR: cloud403.unlimitedwebhosting.co.uk
| fg.ballpointbanana.com |
12
209.58.165.102
(Singapore, Singapore)
ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG)
PTR: mop103.hostmop.com
ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG)
PTR: mop103.hostmop.com
| kakapdev.com |
1
2a00:1450:4001:815::200a
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE - Google LLC, US)
ASN15169 (GOOGLE - Google LLC, US)
| fonts.googleapis.com |
2
2a00:1450:4001:825::2003
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE - Google LLC, US)
ASN15169 (GOOGLE - Google LLC, US)
| fonts.gstatic.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 12 |
kakapdev.com
kakapdev.com |
556 KB |
| 2 |
gstatic.com
fonts.gstatic.com |
18 KB |
| 1 |
googleapis.com
fonts.googleapis.com |
932 B |
| 1 |
ballpointbanana.com
1 redirects
fg.ballpointbanana.com |
253 B |
| 15 | 4 |
| Domain | Requested by | |
|---|---|---|
| 12 | kakapdev.com |
kakapdev.com
|
| 2 | fonts.gstatic.com |
kakapdev.com
|
| 1 | fonts.googleapis.com |
kakapdev.com
|
| 1 | fg.ballpointbanana.com | 1 redirects |
| 15 | 4 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| docs.microsoft.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| kakapdev.com Let's Encrypt Authority X3 |
2019-08-05 - 2019-11-03 |
3 months | crt.sh |
| *.googleapis.com GTS CA 1O1 |
2019-09-05 - 2019-11-28 |
3 months | crt.sh |
| *.google.com GTS CA 1O1 |
2019-09-05 - 2019-11-28 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://kakapdev.com/x28zal2am/log_in/?sslchannel=true&sessionid=baBjeUkIEXNFqN1fzCVpqh0OSJ8MkU3v5FOkz82d6QSxDUMdxHDYZDMSmUEHPIcVn1fWaiah83OMYAZv
Frame ID: DC94E684DED36C66AF50BEE9329F74AB
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://fg.ballpointbanana.com/
HTTP 301
https://kakapdev.com/x28zal2am/ Page URL
- https://kakapdev.com/x28zal2am/log_in/?sslchannel=true&sessionid=baBjeUkIEXNFqN1fzCVpqh0OSJ8MkU3v... Page URL
Detected technologies
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
URL: https://docs.microsoft.com/
Title:
Title:
Search URL Search Domain Scan URL
URL: https://docs.microsoft.com/en-us/
Title: Get started here.
Title: Get started here.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://fg.ballpointbanana.com/
HTTP 301
https://kakapdev.com/x28zal2am/ Page URL
- https://kakapdev.com/x28zal2am/log_in/?sslchannel=true&sessionid=baBjeUkIEXNFqN1fzCVpqh0OSJ8MkU3v5FOkz82d6QSxDUMdxHDYZDMSmUEHPIcVn1fWaiah83OMYAZv Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://fg.ballpointbanana.com/ HTTP 301
- https://kakapdev.com/x28zal2am/
15 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
/
kakapdev.com/x28zal2am/ Redirect Chain
|
203 B 455 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
 Cookie set
/
kakapdev.com/x28zal2am/log_in/ |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
qbox_login.css
kakapdev.com/x28zal2am/log_in/uij/ |
11 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jqueryui.css
kakapdev.com/x28zal2am/log_in/uij/ |
16 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
s.js
kakapdev.com/x28zal2am/log_in/uij/ |
510 KB 511 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ajax-loader.gif
kakapdev.com/x28zal2am/log_in/uij/ |
8 KB 9 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
microsoft_logo.svg
kakapdev.com/x28zal2am/log_in/uij/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
11 KB 932 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
overlay.png
kakapdev.com/images/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
email_icon.png
kakapdev.com/x28zal2am/log_in/uij/ |
347 B 588 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
password.png
kakapdev.com/x28zal2am/log_in/uij/ |
879 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
lock.png
kakapdev.com/x28zal2am/log_in/uij/ |
409 B 650 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
0.jpg
kakapdev.com/x28zal2am/log_in/uij/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)107 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| DOM function| trim function| checkLen function| onError function| onError2 function| validate function| checkCardNum function| evalForm function| cardExpiry function| isNumberKey function| compare function| rrighttrim function| dotTrim function| matchNames function| matchinChar function| callNanoScroller function| set_branch_code function| open_move_modal function| resize_win function| fixed_header_table function| fixmenuposition function| ajax_finish function| ajax_start function| json_callback function| open_updater function| close_updater function| notice function| notice_fade function| notice_hide function| callAjax function| load_duplicate function| duplicate_root function| send_invite function| displayTeamMember function| display_action_result function| get_change_bill_cycle function| format_decimal function| show_dialog function| pay_associate_commission function| edit_pay_associate_commission function| format_currency function| display_associate_free_folders function| display_associate_class_data function| fetch_associate_class function| check_arr_val function| sync_ad_users function| post_update_users function| update_users function| open_delete_confirmation function| add_changed_id function| add_ad_users function| update_branch function| handle_enter_for_update function| validate_inputs function| enable_inputs function| handle function| update_ldap function| password_validation function| sessPingServer function| sessServerAlive function| initSessionMonitor function| startIdleTime function| stopIdleTime function| checkIdleTimeout function| countdownDisplay function| sessLogOut function| set_password_callback boolean| flg object| emailValidation object| emailreg object| emailregIND object| alphachar object| userName object| alphanum object| phone object| phoneIND object| intnum object| pincodeIND object| pincode object| dt object| zeros object| htmltag object| cvvCC object| atleast_one_digit object| atleast_one_letter object| atleast_one_capital_letter object| atleast_one_special_letter boolean| done boolean| duplicate_query_needed number| sessServerAliveTime number| sessionTimeout undefined| sessLastActivity undefined| idleTimer undefined| remainingTimer boolean| isTimout undefined| sess_intervalID undefined| idleIntervalID undefined| sess_lastActivity undefined| timer boolean| isIdleTimerOn function| $ function| jQuery function| DP_jQuery_1568879140339 object| jQuery18205438550164949343 undefined| ass_class0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fg.ballpointbanana.com
fonts.googleapis.com
fonts.gstatic.com
kakapdev.com
149.255.62.88
209.58.165.102
2a00:1450:4001:815::200a
2a00:1450:4001:825::2003
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
06294e756d86f366ba20be4a20210323334ded1934537cce05a3f1d7cde882fb
0f7363bd5956109f348016886a449f89db2f29f62f38b86c3c092bfd535e2b21
1acd98c2997a38d0024a6e77f7cbb0f71d92ccb53826e29e456af1e75dcb7112
1b98ce3d345c4c32291c2336516046874c9bcf4a4f1dbcf477c1a3e6f0c380b3
1e9055ee42b3ae88d379f715b47ea51bda4e74752eba6e91185a7364f4965667
3d1e0b130d6d03df02555ce3e2ab4f6ee8ec3a2d59deb614b4db114b2d78d5a9
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
6da17873bf3426fe821dd6f2b28759e752ef178dbf322b963e53d73010bb8dc1
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
bff3efd5bba3910c780c89b982ec4d28cb09cdcec825d7a21caf9ebc43bd5274
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
de661b37c7db864e909e09397476a1845183271ec5e8dc9db7379ee8186d2dc6