bgigdga.dateflng.com
Open in
urlscan Pro
178.162.199.80
Malicious Activity!
Public Scan
Submitted URL: http://newdate32.site/neww
Effective URL: https://bgigdga.dateflng.com/s/53a407a00f14b?subsource=gd
Submission: On January 06 via manual — Scanned from NL
Effective URL: https://bgigdga.dateflng.com/s/53a407a00f14b?subsource=gd
Submission: On January 06 via manual — Scanned from NL
Summary
This website contacted 3 IPs
in 2 countries
across 4 domains to perform 7 HTTP transactions.
The main IP is 178.162.199.80, located in
Germany and
belongs to LEASEWEB-DE-FRA-10, DE.
The main domain is bgigdga.dateflng.com.
TLS certificate: Issued by R3 on December 8th 2023. Valid for: 3 months.
This is the only time bgigdga.dateflng.com was scanned on urlscan.io!
TLS certificate: Issued by R3 on December 8th 2023. Valid for: 3 months.
This is the only time bgigdga.dateflng.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Porn Scam (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 5 | 178.162.199.80 178.162.199.80 | 28753 (LEASEWEB-...) (LEASEWEB-DE-FRA-10) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:831::200a | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:813::2003 | 15169 (GOOGLE) (GOOGLE) | |
| 7 | 3 |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 5 |
dateflng.com
bgigdga.dateflng.com |
164 KB |
| 1 |
gstatic.com
fonts.gstatic.com |
48 KB |
| 1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 115 |
2 KB |
| 1 |
newdate32.site
1 redirects
newdate32.site |
1 KB |
| 7 | 4 |
| Domain | Requested by | |
|---|---|---|
| 5 | bgigdga.dateflng.com |
bgigdga.dateflng.com
|
| 1 | fonts.gstatic.com |
fonts.googleapis.com
|
| 1 | fonts.googleapis.com |
bgigdga.dateflng.com
|
| 1 | newdate32.site | 1 redirects |
| 7 | 4 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| dateflng.com R3 |
2023-12-08 - 2024-03-07 |
3 months | crt.sh |
| upload.video.google.com GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
| *.gstatic.com GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://bgigdga.dateflng.com/s/53a407a00f14b?subsource=gd
Frame ID: A0C2C2F1BACC3BCFFFC2C5D80E85F268
Requests: 7 HTTP requests in this frame
Screenshot
Page Title
BEN JE GEIL EN WIL JE NEUKEN?Page URL History Show full URLs
-
http://newdate32.site/neww
HTTP 302
https://bgigdga.dateflng.com/s/53a407a00f14b?subsource=gd Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://newdate32.site/neww
HTTP 302
https://bgigdga.dateflng.com/s/53a407a00f14b?subsource=gd Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
53a407a00f14b
bgigdga.dateflng.com/s/ Redirect Chain
|
48 KB 19 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
style.css
bgigdga.dateflng.com/bundle/566/assets/css/ |
6 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
functions.js
bgigdga.dateflng.com/bundle/566/assets/js/ |
95 KB 96 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
11 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
photo-1.jpg
bgigdga.dateflng.com/bundle/566/assets/images/ |
42 KB 42 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ |
47 KB 48 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
track.php
bgigdga.dateflng.com/ |
0 254 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Porn Scam (Online)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| $ function| jQuery string| sid boolean| exitPopunder string| fpDataEncoded string| cf function| sendTrack function| Fingerprint2 function| fingerprintGo function| collectTrackParams function| closingConfirm function| handleError function| getParameterByName function| collectParams function| checkRequired function| setLeadInfo function| setCF5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| newdate32.site/ | Name: _subid Value: 3qe417a18alhv |
|
| newdate32.site/ | Name: 4ec1c Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjIwNVwiOjE3MDQ1NjQ1MDV9LFwiY2FtcGFpZ25zXCI6e1wiNjZcIjoxNzA0NTY0NTA1fSxcInRpbWVcIjoxNzA0NTY0NTA1fSJ9.30kgWCQrKkobAr9m9ot5CZktIFKoloGmoJqFitT9fH4 |
|
| newdate32.site/ | Name: _token Value: uuid_3qe417a18alhv_3qe417a18alhv6599971938b417.54133509 |
|
| .dateflng.com/ | Name: s Value: XY8yAgMZZYJ7b%2FMezD5%2FVCgUuA1QxGxY5e30sZRLeT4Fm2bG9L38bcGb45ryvZfXi%2B293A30lFsbHrAWsmDsPSB%2BNvmRHuNb%2BRS47yBzDYLGfhojMSnfeuRibPQL9RbuTi1uaIz6E3wLG34J5c43iWJ3wHjRHWJmODlLzGEOD1uBlGQ1krGS7LHQPIO6BtRLw7aGVecz2ZvyaQ%2BIPEl2IysNa4OjITtG9e%2FV0XJU4rNaKZAdHjwuz6B6hqu5ZCn9QSH1msw87w%2BtHYlIs6BBlnpLDQ7qtBj8oK1LakfmAqOOzsh64vx7wWlSj4fj442GMR%2FN64tHKl3fq%2FeHldTQrqVxqTG82UzvORKkcWTaEab13qV1hwqkikPoPqc0JaNhSG798pcDvKzn91QQAxTa0nQrtOP9rSWiw8wTq9lwNUqwotGRJ6N5BvO5dKjfuWv4znVI5KKSR3k4qXfJabHLHUD2b%2FLIme9YWX8Yqgge6JxKzon7nq1RVg%2B0mwxiFZFZQRGyFnZTrfmgKObY%2Fu3T%2F6FAo838HkTrhsMB0QkfHXD%2BIGP6Snq4k1uzuYaolCN4xKV3oghcsDde6%2BcPNYCADZnUvMV9idFnxozU3OV3Kr1Ws5b5XQE%2BT4y%2FR3Tn1cmfhuORQzIkFIpF4dBwJSlZcgtIG1uier955EhO2I9G497SP87Lm92wuUhZvIuy9pYalKUalymJq%2BdpeI%2BBdwAT1gJv3LmdAoffpioRLnXxSCJpzm5tKcASjO8WHo9oCboK4l3C4rC8hPKqV1ObmGKCn7Ej8Mw4FspldKXTtJdGCXg11dcZYoUcetVy1mHCYk8yO1HTsugNG03Z2WZMwb64VO3D8O33tOxI5GqRglfZ7D3JXikXQ%2BgEmMw7j6FgJbKzooZIjchSVasESQ7nkE4TEeBNxOjQW1geBJNYwqdsd0V1LB7s4o51wOp%2F8U4CUk6E8AkVfrmaSuaF5H2UA7PVifxlwXrdYOAPEzcm%2FTTXOtpHNc4eYmeiIpdrfdMSHJ8oM%2F1t39N3lZDV0%2BcfxXD%2B6JEzIkm9M0vexcEIswbwKmJTX1fAb7DlQ%2FT7XXt7R10LljW2nzUY4dKRSoXol1BlY5ZVzZD%2F2PVXkM60WDl5SOzD1PTQgYDefc7J2PnlrCj4Fr0nF9N9tB0TFrL3mqNVqXhnK6kauICHurXNZrDE1B%2Fzk0QnYVgyGKuCa8E85EtEqESXScNtSEAvIYd%2F%2BUDPGNHwRJ3lcThuBAbt%2BpS%2FgQbv8TgGHIBSZljLZsDs1R2SIfHyoFeGBoVnrfopkhajKdhSbox80Sb8x%2FtsJ3cRMPY19zaHIWxg%2F7df9jtXbBHwW3RsoseZ4TZN0uVGoBk7nQ9W0vhHn3TtKccBfa5h8LOCAkBKCtGtFPlg7CuOOrnO0kBJW2TXVa8%2FIvs1k3Oae9C1%2F7iJVpR%2BOg2ebl8ejk4F7PYiH0Rwd27BP9NKOjQ%2FjoNybGy9kvleFk52fnvNryNmpJkHasZa1ti6eaGRr%2BYKffwRvrbZt6hxDTrJqeOVED5bBpOlMwkCSPDbZ%2F8UunOHdRhKQjGIIKEc7Ul8aDHLf0qDdpIDjiii%2FpUIofAjuovdGDKwPK%2BGo%2FujiVDBYJeRz6E5o8vJvkkkgpfRJyUw4L%2F%2B2HeXt9fAXtkT%2BEp9OsehVSJht5t9VXc2oN97HrdSw7yyBIhQrmokiR6FiAEXweQ6lDMA%2BMv%2BHPJauX7x9wP%2Fl0NOnwcttIk7IHda2LhFik18RabN5bFVfjv0Y8ZFUtdhuFUhfXpOvg%3D%3D |
|
| bgigdga.dateflng.com/ | Name: CF Value: Z514dePtBZ3gKR3JvMgoMw__ |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bgigdga.dateflng.com
fonts.googleapis.com
fonts.gstatic.com
newdate32.site
178.162.199.80
2a00:1450:4001:813::2003
2a00:1450:4001:831::200a
2a06:98c1:3121::3
20dcee098175cd68413a4839e353f03ab55ddb65b412b32dad0f9ada2a9a190f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
49922bc81771846f26f0d996f25e9a708a675a7185448a25af7236d2942366e0
cdb4093feed779b67b752174fcc26ea996b0fb28ea8751c438cfcaf522896b34
d8e5911c8610713fea7b0aa11f45c75256c570aa0dd2adef5c8f71c110009a95
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fc82026fffe32a27e0c3069391e714e12ed37e7b637435a2f9eccd696d10e1cd