ddmarket.org Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ddmarket.org/login.html
Submission Tags: @ecarlesi threat phishing Search All
Submission: On November 25 via api (November 25th 2023, 4:29:39 am UTC) from IT — Scanned from NL

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 18 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is ddmarket.org.
TLS certificate: Issued by GTS CA 1P5 on November 24th 2023. Valid for: 3 months.

This is the only time ddmarket.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Steam (Gaming)

Domain & IP information

	IP Address	AS Autonomous System
1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	2606:4700:303... 2606:4700:3035::6815:4152	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	3

1 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

ddmarket.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2606:4700:3035::6815:4152 (United States)

ASN13335 (CLOUDFLARENET, US)

42nfjgkanapi.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	42nfjgkanapi.ru 42nfjgkanapi.ru	1 MB
1	ddmarket.org ddmarket.org	661 B
18	2

	Domain	Requested by
17	42nfjgkanapi.ru	ddmarket.org 42nfjgkanapi.ru
1	ddmarket.org
18	2

This site contains no links.

Subject Issuer	Validity	Valid
ddmarket.org GTS CA 1P5	`2023-11-24` - `2024-02-22`	3 months	crt.sh
42nfjgkanapi.ru GTS CA 1P5	`2023-10-27` - `2024-01-25`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://ddmarket.org/login.html
Frame ID: B563415842C905F525D47006577CECAC
Requests: 1 HTTP requests in this frame

Frame: https://42nfjgkanapi.ru/b8fae
Frame ID: F7CE6115F50FCEEE71825056BE482E7F
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Steam Community

Page Statistics

18
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

1044 kB
Transfer

2125 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request login.html Show response ddmarket.org/	262 B 661 B	546ms 95ms	Document text/html	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ddmarket.org/login.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a16a50cc2de7c5ad1dc6a4403bc761f63d65f4b30698e9907dd1ffb381584563` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 82b726c4a944b8f6-AMS content-encoding br content-type text/html date Sat, 25 Nov 2023 04:29:34 GMT last-modified Fri, 24 Nov 2023 21:30:56 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fz8BA16at94lMQmIr0VwUYfvo4yJc2cmfL2iaNvpMqeUulEHSNzmvQzMJKk%2FqB2Jk6KpIMc5rMpkoZQOMTc86d2BcV6LEH7iocWz436pW6w12DZOWwHxOfAUkDzZ92hrmSv7LSwDXDgAs8A%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding,User-Agent x-turbo-charged-by LiteSpeed
GET H2	200	b8fae Show response 42nfjgkanapi.ru/ Frame F7CE	124 KB 10 KB	463ms 155ms	Document text/html	2606:4700:3035::6815:4152 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://42nfjgkanapi.ru/b8fae Requested by Host: ddmarket.org URL: https://ddmarket.org/login.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6815:4152 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ffea967c88af886af22d590751c3ace86946cf828c85c265b10c85f68e5b6092` Request headers Referer https://ddmarket.org/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 82b726c73d9db8a6-AMS content-encoding br content-type text/html; charset=UTF-8 date Sat, 25 Nov 2023 04:29:35 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ONe2LVVFshmvVt82l2OQrD6irT32%2Fweeo2ZpwgwfzxvySOez8VWErSpw2ONFT0JZqNoRMw8LdqMk45gpJmTzy8vNArfKhA%2BuFxLH2yDRcU3kG5I%2FqEKHnOuHjw%2Fq0yruAQDHQam20%2F8iDgmxDtE%3D"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H2	200	90442b6.css 42nfjgkanapi.ru/2def56801/1a4db/ Frame F7CE	40 KB 13 KB	433ms 430ms	Stylesheet text/css	2606:4700:3035::6815:4152 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://42nfjgkanapi.ru/2def56801/1a4db/90442b6.css?v=ph15UJKV Requested by Host: 42nfjgkanapi.ru URL: https://42nfjgkanapi.ru/b8fae Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6815:4152 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2a9ef076b99b7b36cd8e32044f8715a3f2b2eae2d088dbfee82da26d2209606b` Request headers accept-language nl-NL,nl;q=0.9 Referer https://42nfjgkanapi.ru/b8fae User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sat, 25 Nov 2023 04:29:35 GMT content-encoding br cf-cache-status MISS last-modified Sat, 25 Nov 2023 04:29:35 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R1LEEnXugPUtiSzVr%2FSckIXYZVPgPeR0C1o%2BNhit9sw5RV1ADwJ0mqlLJZz70u%2BHo0%2BvhxOUL5Tn9nxhg6ZNx6vGczJA%2F%2FZx6g%2FFfyCtXjCEN6f9xrJfvsa%2BZsicz%2BABdLCYAJ%2BNd7mL1NQsq9Y%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 82b726c84e07b8a6-AMS alt-svc h3=":443"; ma=86400
GET H2	200	ab2ea1e.js Show response 42nfjgkanapi.ru/2def56801/1a4db/ Frame F7CE	93 KB 34 KB	231ms 229ms	Script text/javascript	2606:4700:3035::6815:4152 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://42nfjgkanapi.ru/2def56801/1a4db/ab2ea1e.js?v=ph15UJKV Requested by Host: 42nfjgkanapi.ru URL: https://42nfjgkanapi.ru/b8fae Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6815:4152 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `225edf54855697e6207ba9bded4d041d824e44c7c842f2803ede51764a9e54ab` Request headers accept-language nl-NL,nl;q=0.9 Referer https://42nfjgkanapi.ru/b8fae User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sat, 25 Nov 2023 04:29:35 GMT content-encoding br cf-cache-status MISS last-modified Sat, 25 Nov 2023 04:29:35 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SOURr2M3n73kpOmpDcvhHl1iMLqiOcYTrW6XQx9BmA0Dd09keaI1vMVVgQNxqOmJcYEXMrElP%2BJbVWgKXSBWqni86ZF7LdK%2B3muf8li4wAIttaI1hedM95Hyhsxgzh%2FiWO6w%2Blra2d8pWRnp8Ro%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript cache-control max-age=14400 cf-ray 82b726c84e08b8a6-AMS alt-svc h3=":443"; ma=86400
GET H2	200	807e51f.js Show response 42nfjgkanapi.ru/2def56801/1a4db/ Frame F7CE	1 MB 459 KB	406ms 404ms	Script text/javascript	2606:4700:3035::6815:4152 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://42nfjgkanapi.ru/2def56801/1a4db/807e51f.js?v=ph15UJKV Requested by Host: 42nfjgkanapi.ru URL: https://42nfjgkanapi.ru/b8fae Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6815:4152 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `59719012c6e90e06cd4aee73550244882149a96e1fef2c69d65c894394b5629c` Request headers accept-language nl-NL,nl;q=0.9 Referer https://42nfjgkanapi.ru/b8fae User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sat, 25 Nov 2023 04:29:35 GMT content-encoding br cf-cache-status MISS last-modified Sat, 25 Nov 2023 04:29:35 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1%2Buljc0RMtWaYKb7oQ1Px0vpCnmkCL30miCpdOLXCQ8Ho6qPHAzgMNGhlKwU0yrHqsMSGp%2BiPQrgIYRcvxERAbKNDsxGgw6xHTo7tkow8Sc2FN4Va03AcL0wOCe%2B%2BaqASzRlnrNEpHbJ8%2B4BoCY%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript cache-control max-age=14400 cf-ray 82b726c84e0bb8a6-AMS alt-svc h3=":443"; ma=86400
GET H2	200	4850204.png 42nfjgkanapi.ru/2def56801/1a4db/ Frame F7CE	976 B 1 KB	363ms 362ms	Image image/png	2606:4700:3035::6815:4152 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://42nfjgkanapi.ru/2def56801/1a4db/4850204.png Requested by Host: 42nfjgkanapi.ru URL: https://42nfjgkanapi.ru/b8fae Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6815:4152 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `941117ee14c4fc130d3efc4bca06c8bdbac3f48bca14faedf4692b2865df4f07` Request headers accept-language nl-NL,nl;q=0.9 Referer https://42nfjgkanapi.ru/b8fae User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sat, 25 Nov 2023 04:29:35 GMT cf-cache-status MISS last-modified Sat, 25 Nov 2023 04:29:35 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BNumxXqwcThZTCjzOOpA%2FPYb%2Ftxd03dc71McYx%2BxFyI%2BAF%2BRDfUsBOYqfjC82c3WFEgLYFYeUXv09OGLM31Ib35Y0Hqklc9aWLy5u8y4%2FeuI%2FkTTu7OEWy%2BPmFRLHVxMPhwY3Q2X2dbfcUQU3Xs%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 82b726c84e0cb8a6-AMS alt-svc h3=":443"; ma=86400
GET H2	200	ab34222.png 42nfjgkanapi.ru/2def56801/1a4db/ Frame F7CE	4 KB 4 KB	350ms 349ms	Image image/png	2606:4700:3035::6815:4152 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://42nfjgkanapi.ru/2def56801/1a4db/ab34222.png Requested by Host: 42nfjgkanapi.ru URL: https://42nfjgkanapi.ru/b8fae Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6815:4152 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `332cfa9c3b48ec4fa72af09b2101fe2020d7eab52259fec7a0a9692930fc5998` Request headers accept-language nl-NL,nl;q=0.9 Referer https://42nfjgkanapi.ru/b8fae User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sat, 25 Nov 2023 04:29:35 GMT cf-cache-status MISS last-modified Sat, 25 Nov 2023 04:29:35 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6xdFoOFzFIFm%2Bqi%2BVJxD0mnJpRk9XT%2BfHdSvw%2BS8S%2BsZOSPIlB54XWy3WzdDN8gkDUSFC0s0hH0LhArzZIk%2F%2BlwHoUmpXDX5%2B1jDIgttyKgeGdNu5DG3sKBfre18X4uJ1OpOKivCaPhnQ7Zqmxw%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 82b726c84e0db8a6-AMS alt-svc h3=":443"; ma=86400
GET H3	200	ace42d1.png 42nfjgkanapi.ru/2def56801/1a4db/ Frame F7CE	8 KB 9 KB	147ms 146ms	Image image/png	2606:4700:3035::6815:4152 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://42nfjgkanapi.ru/2def56801/1a4db/ace42d1.png Requested by Host: 42nfjgkanapi.ru URL: https://42nfjgkanapi.ru/b8fae Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:4152 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4cf7dea803e6fa625b451fc6eee4aab95d4d4fa640b62b924b57a39dae8967e3` Request headers accept-language nl-NL,nl;q=0.9 Referer https://42nfjgkanapi.ru/b8fae User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sat, 25 Nov 2023 04:29:35 GMT cf-cache-status MISS last-modified Sat, 25 Nov 2023 04:29:35 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p4Fc1JoRC1ozxjiMGjYdOHekr8iVA2XNibenNpTYFlNScwmLKoIEcGbqSgyyi%2FtDaoa2pfvCYV0%2FSCtJkomkkhal7vv2UeBUlccXdeElkaOqXRfmtZYfv953mYuM0mLmOBizCdPuUMsgyLxpt4U%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 82b726ca7b4f0a6d-AMS alt-svc h3=":443"; ma=86400
GET H3	200	d78b451.png 42nfjgkanapi.ru/2def56801/1a4db/ Frame F7CE	8 KB 8 KB	146ms 146ms	Image image/png	2606:4700:3035::6815:4152 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://42nfjgkanapi.ru/2def56801/1a4db/d78b451.png Requested by Host: 42nfjgkanapi.ru URL: https://42nfjgkanapi.ru/b8fae Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:4152 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `58cae6e9bece66745307f1016a254d275f4d92c9e97b8e9a273e55cbf2e01409` Request headers accept-language nl-NL,nl;q=0.9 Referer https://42nfjgkanapi.ru/b8fae User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sat, 25 Nov 2023 04:29:36 GMT cf-cache-status MISS last-modified Sat, 25 Nov 2023 04:29:36 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vuysO1cXklVDSgdq9FATmDh3jdcrEv9nTihKxdgHsVJoCbA5bVdm6KHMGZaPpiJrl%2Bhm78dDHwXYcxMcz48rqziCvYhcM22rFL1hkPpaHBPKtLg5ou5yWM8t19fY%2FEfkEWNlenfOArZlvvI7IX0%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 82b726cd8c8e0a6d-AMS alt-svc h3=":443"; ma=86400
GET H3	200	816bc8a.png 42nfjgkanapi.ru/2def56801/1a4db/ Frame F7CE	33 KB 34 KB	185ms 184ms	Image image/png	2606:4700:3035::6815:4152 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://42nfjgkanapi.ru/2def56801/1a4db/816bc8a.png Requested by Host: 42nfjgkanapi.ru URL: https://42nfjgkanapi.ru/b8fae Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:4152 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9c075f4d4b17d401b1a1c3f326ce535be4ceeb32d3585b81861e1d9dc50661c8` Request headers accept-language nl-NL,nl;q=0.9 Referer https://42nfjgkanapi.ru/b8fae User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sat, 25 Nov 2023 04:29:35 GMT cf-cache-status MISS last-modified Sat, 25 Nov 2023 04:29:35 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P2L3vlJfnmzji3Z7qjey5gRHtFJrIK91TpRuHHPTaZgf%2FdFF989IbnUpsy1d2VsmENam8u%2FMpZatZTwLk0F5EYgq12afST6jElV%2F2pt9z%2Be%2FmY73oojMpezrNaqw5u2x37y44b6%2B69wivm9HJRc%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 82b726ca8b540a6d-AMS alt-svc h3=":443"; ma=86400
GET H3	200	0cca1aa.png 42nfjgkanapi.ru/2def56801/1a4db/ Frame F7CE	986 B 1 KB	155ms 154ms	Image image/png	2606:4700:3035::6815:4152 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://42nfjgkanapi.ru/2def56801/1a4db/0cca1aa.png Requested by Host: 42nfjgkanapi.ru URL: https://42nfjgkanapi.ru/b8fae Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:4152 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f0f532187918eb4976881546f42b79eebc5d7253e8c86a0f194a70f6fb1f5d18` Request headers accept-language nl-NL,nl;q=0.9 Referer https://42nfjgkanapi.ru/b8fae User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sat, 25 Nov 2023 04:29:36 GMT cf-cache-status MISS last-modified Sat, 25 Nov 2023 04:29:36 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qYj8ziWMyJfZ9jMgjNKvz03UPsz5YTaaxaNIhunkh2qzZ6KB5yKggeleoakFQRpFeCTxs%2BhOgzzp8CON%2FBOGmN2s3uMRq9SuIhQUpFSB%2BKHPLxyKJuyr2IACc0vbPuHn2FIhDYXhj52G9iaIcPw%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 82b726cd8c910a6d-AMS alt-svc h3=":443"; ma=86400
GET H3	200	64369e3.png 42nfjgkanapi.ru/2def56801/1a4db/ Frame F7CE	296 B 735 B	158ms 158ms	Image image/png	2606:4700:3035::6815:4152 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://42nfjgkanapi.ru/2def56801/1a4db/64369e3.png Requested by Host: 42nfjgkanapi.ru URL: https://42nfjgkanapi.ru/2def56801/1a4db/90442b6.css?v=ph15UJKV Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:4152 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `70270bf664dc816e7e1bbf083faf2f1651e9725d2d416f708299f690f2eabaef` Request headers accept-language nl-NL,nl;q=0.9 Referer https://42nfjgkanapi.ru/2def56801/1a4db/90442b6.css?v=ph15UJKV User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sat, 25 Nov 2023 04:29:36 GMT cf-cache-status MISS last-modified Sat, 25 Nov 2023 04:29:36 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=svapqxm1wljb%2B0uQlw2bKhBjL6pRCls5heBUSrits1q2oKyVfAKi2rKdHCwUqneUIEV3MG7KgUuTd41fmTkHjHoPK5T52B4qY6D2qilSF2yWyOtK%2FaTokffK6Vp%2FzPmyRFKF1COJ0A6AJrFTagw%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 82b726cdac9e0a6d-AMS alt-svc h3=":443"; ma=86400
GET DATA	200 OK	truncated / Frame F7CE	61 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `42c062de8dcd760b409c57fb256a68db9435008f1097d3940131ee0ac9a43d27` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Content-Type image/gif
GET H3	200	1956e5b.jpg 42nfjgkanapi.ru/2def56801/1a4db/ Frame F7CE	95 KB 96 KB	809ms 809ms	Image image/jpeg	2606:4700:3035::6815:4152 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://42nfjgkanapi.ru/2def56801/1a4db/1956e5b.jpg Requested by Host: 42nfjgkanapi.ru URL: https://42nfjgkanapi.ru/2def56801/1a4db/90442b6.css?v=ph15UJKV Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:4152 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e167257b31ff598a4b93694e341090b26f7a7f06498392cdbaf64d69c7758ae3` Request headers accept-language nl-NL,nl;q=0.9 Referer https://42nfjgkanapi.ru/2def56801/1a4db/90442b6.css?v=ph15UJKV User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sat, 25 Nov 2023 04:29:37 GMT cf-cache-status MISS last-modified Sat, 25 Nov 2023 04:29:37 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hxC08XOWDV3KaZ1DNGSxTZ4G5btCelTLLoWX1BASPGVnx%2BmXVDNufHK9fHf6hirO9fmSIIbDnAW6pKQsKq9AgBXH8vYAcF0JiBPk3tHQwCrTGL7P3gTHrKHskiRjOpr3UH8e4QPzczQqoFL%2B1no%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control max-age=14400 cf-ray 82b726cdac9f0a6d-AMS alt-svc h3=":443"; ma=86400
GET H3	200	b5817f1.woff2 42nfjgkanapi.ru/2def56801/1a4db/ Frame F7CE	15 KB 15 KB	597ms 597ms	Font application/octet-stream	2606:4700:3035::6815:4152 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://42nfjgkanapi.ru/2def56801/1a4db/b5817f1.woff2 Requested by Host: 42nfjgkanapi.ru URL: https://42nfjgkanapi.ru/2def56801/1a4db/90442b6.css?v=ph15UJKV Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:4152 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4675a8ce063f9f5885a692f7a273acf7eeb800abca14aac75b6707b689532f04` Request headers Referer https://42nfjgkanapi.ru/2def56801/1a4db/90442b6.css?v=ph15UJKV Origin https://42nfjgkanapi.ru accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sat, 25 Nov 2023 04:29:36 GMT cf-cache-status MISS last-modified Sat, 25 Nov 2023 04:29:36 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pr4DpiUQ6Ba3PBfu0%2BBZ6pbrTiLP78lHOiiZhRIReAki%2BebTUDYNge%2BYpmDlrPGfazlP37NVKrrQFvOKXza36oqYR0hyWd1Ja6mHRnTxL3Nq06uVAf%2FJHfTxjN8wow1XqH%2BQc7Hf9ZKDiCxyEd4%3D"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream cache-control max-age=14400 cf-ray 82b726cdaca00a6d-AMS alt-svc h3=":443"; ma=86400
GET H3	200	b8af9b3.ttf 42nfjgkanapi.ru/2def56801/1a4db/ Frame F7CE	116 KB 116 KB	405ms 404ms	Font application/octet-stream	2606:4700:3035::6815:4152 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://42nfjgkanapi.ru/2def56801/1a4db/b8af9b3.ttf Requested by Host: 42nfjgkanapi.ru URL: https://42nfjgkanapi.ru/2def56801/1a4db/90442b6.css?v=ph15UJKV Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:4152 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6` Request headers Referer https://42nfjgkanapi.ru/2def56801/1a4db/90442b6.css?v=ph15UJKV Origin https://42nfjgkanapi.ru accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sat, 25 Nov 2023 04:29:36 GMT cf-cache-status MISS last-modified Sat, 25 Nov 2023 04:29:36 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=trZhkyjNE8%2FWoLLJTT5%2B4mY35eZW4tStuvaObOsOIXkPoSNRWvAF0ePzWsS%2FoE0OnLN69R%2B%2BvrjxLvMgr0ChXVgpM%2FeJU3lQWQjK%2BlTWJRjhZaKS7rMpX3Ss417F5BBGHhLvVcfY9x3owFG2VVk%3D"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream cache-control max-age=14400 cf-ray 82b726cdbca30a6d-AMS alt-svc h3=":443"; ma=86400
GET H3	200	d0634f8.ttf 42nfjgkanapi.ru/2def56801/1a4db/ Frame F7CE	120 KB 120 KB	392ms 392ms	Font application/octet-stream	2606:4700:3035::6815:4152 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://42nfjgkanapi.ru/2def56801/1a4db/d0634f8.ttf Requested by Host: 42nfjgkanapi.ru URL: https://42nfjgkanapi.ru/2def56801/1a4db/90442b6.css?v=ph15UJKV Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:4152 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14` Request headers Referer https://42nfjgkanapi.ru/2def56801/1a4db/90442b6.css?v=ph15UJKV Origin https://42nfjgkanapi.ru accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sat, 25 Nov 2023 04:29:36 GMT cf-cache-status MISS last-modified Sat, 25 Nov 2023 04:29:36 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dB1PZQVrQsATpg%2FwipnQUtnT%2Fklu4qRVsKmo9rQMhQCvkCyF8iC%2FOak3cmlDR0%2B6WaGk9apUIZIqPkBswrOSGzn1u2RZkvc9B0JzjzR%2FTJt4eAF4UAyUVAL9FnMcxxRjwX5xmYOZJgjKrycRTyQ%3D"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream cache-control max-age=14400 cf-ray 82b726cdbca40a6d-AMS alt-svc h3=":443"; ma=86400
GET H3	200	f5f4ac9.ttf 42nfjgkanapi.ru/2def56801/1a4db/ Frame F7CE	121 KB 122 KB	199ms 199ms	Font application/octet-stream	2606:4700:3035::6815:4152 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://42nfjgkanapi.ru/2def56801/1a4db/f5f4ac9.ttf Requested by Host: 42nfjgkanapi.ru URL: https://42nfjgkanapi.ru/2def56801/1a4db/90442b6.css?v=ph15UJKV Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:4152 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f` Request headers Referer https://42nfjgkanapi.ru/2def56801/1a4db/90442b6.css?v=ph15UJKV Origin https://42nfjgkanapi.ru accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sat, 25 Nov 2023 04:29:36 GMT cf-cache-status MISS last-modified Sat, 25 Nov 2023 04:29:36 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XKbMiEsbS4xQb5ZlssG3N7uHB2XtV%2FWasok%2Bk7P9QN30Tq4W%2BCuvsaeeTCXvdSFNZaZx1uvjOSm3tRK5u%2FiV5Dyf5HmB87gl8FSL9rrJxqZpScDR9luAi2udEi2AFMR%2BJ%2FiEJTZHJZz0vmlWHOs%3D"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream cache-control max-age=14400 cf-ray 82b726cdbca50a6d-AMS alt-svc h3=":443"; ma=86400
POST H3	200	b8fae Show response 42nfjgkanapi.ru/ Frame F7CE	73 B 481 B	1014ms 1014ms	XHR text/html	2606:4700:3035::6815:4152 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://42nfjgkanapi.ru/b8fae Requested by Host: 42nfjgkanapi.ru URL: https://42nfjgkanapi.ru/2def56801/1a4db/ab2ea1e.js?v=ph15UJKV Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:4152 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1d70b13123b63c4a6361d8758314e1e27143bebe62199ae4d44d52e2f996814e` Request headers Accept / Referer https://42nfjgkanapi.ru/b8fae X-Requested-With XMLHttpRequest accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers date Sat, 25 Nov 2023 04:29:37 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tfwxgCPDFtcd1QeU8ovV0xFqCJI0S4k6CtVMCRaB9sjmmA%2FAVfLCfgg7HsOmxhK189SrxnGtVLFp9ZW%2FAbf2rrW%2B1vH1ZSWy691XSf8EJSMeJ100TohQv7T0h2zEbdta%2FnmROtmmbzOHB%2BmsAoQ%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cf-ray 82b726d0be580a6d-AMS alt-svc h3=":443"; ma=86400
GET DATA	200 OK	truncated / Frame F7CE	85 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated / Frame F7CE	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `31d026589147ff3f321c28f764754ab33a2031952b5ccf5820ff728fcf3d412e` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame F7CE	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `af6b24bf882870d43b5db1b98f3f3d5117d8569718f3bf31075e6b921c157e5f` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Content-Type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Steam (Gaming)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

42nfjgkanapi.ru
ddmarket.org
2606:4700:3035::6815:4152
2a06:98c1:3121::3
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14
1d70b13123b63c4a6361d8758314e1e27143bebe62199ae4d44d52e2f996814e
225edf54855697e6207ba9bded4d041d824e44c7c842f2803ede51764a9e54ab
2a9ef076b99b7b36cd8e32044f8715a3f2b2eae2d088dbfee82da26d2209606b
31d026589147ff3f321c28f764754ab33a2031952b5ccf5820ff728fcf3d412e
332cfa9c3b48ec4fa72af09b2101fe2020d7eab52259fec7a0a9692930fc5998
42c062de8dcd760b409c57fb256a68db9435008f1097d3940131ee0ac9a43d27
4675a8ce063f9f5885a692f7a273acf7eeb800abca14aac75b6707b689532f04
4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff
4cf7dea803e6fa625b451fc6eee4aab95d4d4fa640b62b924b57a39dae8967e3
58cae6e9bece66745307f1016a254d275f4d92c9e97b8e9a273e55cbf2e01409
59719012c6e90e06cd4aee73550244882149a96e1fef2c69d65c894394b5629c
70270bf664dc816e7e1bbf083faf2f1651e9725d2d416f708299f690f2eabaef
941117ee14c4fc130d3efc4bca06c8bdbac3f48bca14faedf4692b2865df4f07
9c075f4d4b17d401b1a1c3f326ce535be4ceeb32d3585b81861e1d9dc50661c8
a16a50cc2de7c5ad1dc6a4403bc761f63d65f4b30698e9907dd1ffb381584563
af6b24bf882870d43b5db1b98f3f3d5117d8569718f3bf31075e6b921c157e5f
e167257b31ff598a4b93694e341090b26f7a7f06498392cdbaf64d69c7758ae3
f0f532187918eb4976881546f42b79eebc5d7253e8c86a0f194a70f6fb1f5d18
ffea967c88af886af22d590751c3ace86946cf828c85c265b10c85f68e5b6092

ddmarket.org Open in urlscan Pro 2a06:98c1:3121::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

18 Requests

100 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

1044 kBTransfer

2125 kBSize

0 Cookies

0 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

ddmarket.org Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

1044 kB
Transfer

2125 kB
Size

0
Cookies

18 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!