www.kitconcafe.com Open in urlscan Pro
20.81.68.24 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE
Submission: On January 14 via automatic, source openphish (January 14th 2022, 1:10:24 pm UTC) — Scanned from DE

Summary HTTP 19 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 8 IPs in 3 countries across 5 domains to perform 19 HTTP transactions. The main IP is 20.81.68.24, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.kitconcafe.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on October 13th 2021. Valid for: a year.

This is the only time www.kitconcafe.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
6	20.81.68.24 20.81.68.24	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:4700:20:... 2606:4700:20::ac43:4739	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	158.69.139.229 158.69.139.229	16276 (OVH) (OVH)
1	67.202.114.216 67.202.114.216	32748 (STEADFAST) (STEADFAST)
1	104.18.29.199 104.18.29.199	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	67.202.105.33 67.202.105.33	32748 (STEADFAST) (STEADFAST)
1	67.202.105.32 67.202.105.32	32748 (STEADFAST) (STEADFAST)
19	8

6 20.81.68.24 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.kitconcafe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4739 (United States)

ASN13335 (CLOUDFLARENET, US)

waust.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 158.69.139.229 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: ip229.ip-158-69-139.net

t.dtscout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.114.216 (United States)

ASN32748 (STEADFAST, US)
PTR: amung.us

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.29.199 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 67.202.105.33 (United States)

ASN32748 (STEADFAST, US)
PTR: ip33.67-202-105.static.steadfastdns.net

ic.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.32 (United States)

ASN32748 (STEADFAST, US)
PTR: ip32.67-202-105.static.steadfastdns.net

de.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	tynt.com cdn.tynt.com — Cisco Umbrella Rank: 6692 ic.tynt.com — Cisco Umbrella Rank: 3828 de.tynt.com — Cisco Umbrella Rank: 1127	8 KB
6	kitconcafe.com www.kitconcafe.com	71 KB
2	dtscout.com t.dtscout.com — Cisco Umbrella Rank: 13169	3 KB
1	amung.us whos.amung.us — Cisco Umbrella Rank: 14480	145 B
1	waust.at waust.at — Cisco Umbrella Rank: 40332	7 KB
19	5

	Domain	Requested by
7	ic.tynt.com	www.kitconcafe.com
6	www.kitconcafe.com	www.kitconcafe.com
2	t.dtscout.com	waust.at t.dtscout.com
1	de.tynt.com	cdn.tynt.com
1	cdn.tynt.com	waust.at
1	whos.amung.us	waust.at
1	waust.at	www.kitconcafe.com
19	7

This site contains links to these domains. Also see Links.

Domain
whos.amung.us
www.seychellesnewsagency.com
www.facebook.com
el-gr.messenger.com
el-gr.facebook.com
pay.facebook.com
www.oculus.com
portal.facebook.com
l.facebook.com
www.bulletin.com
about.facebook.com
developers.facebook.com

Subject Issuer	Validity	Valid
www.mirusdev.com Go Daddy Secure Certificate Authority - G2	`2021-10-13` - `2022-10-23`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-08-04` - `2022-08-03`	a year	crt.sh
*.dtscout.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-28` - `2022-11-27`	a year	crt.sh
whos.amung.us Sectigo RSA Domain Validation Secure Server CA	`2020-05-21` - `2022-05-21`	2 years	crt.sh
*.tynt.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE
Frame ID: 88A57964F509BC852DABC239F52F75E4
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Facebook - Συνδεθείτε ή δημιουργήστε λογαριασμό

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Page Statistics

19
Requests

100 %
HTTPS

14 %
IPv6

5
Domains

7
Subdomains

8
IPs

3
Countries

90 kB
Transfer

143 kB
Size

7
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://whos.amung.us/stats/xjjd6l89fr/
Title: 35

Search URL Search Domain Scan URL

URL: http://www.seychellesnewsagency.com/
Title: News

Search URL Search Domain Scan URL

URL: http://www.seychellesnewsagency.com/articles/category/7/Editorial
Title: Editorial

Search URL Search Domain Scan URL

URL: http://www.seychellesnewsagency.com/best_in_sc
Title: General info

Search URL Search Domain Scan URL

URL: https://www.facebook.com/seychellsnewsagency
Title: Follow us on Facebook

Search URL Search Domain Scan URL

URL: http://www.seychellesnewsagency.com/about/contact_us
Title: Contact us

Search URL Search Domain Scan URL

URL: https://el-gr.messenger.com/
Title: Messenger

Search URL Search Domain Scan URL

URL: https://el-gr.facebook.com/watch/
Title: Watch

Search URL Search Domain Scan URL

URL: https://pay.facebook.com/
Title: Facebook Pay

Search URL Search Domain Scan URL

URL: https://www.oculus.com/
Title: Oculus

Search URL Search Domain Scan URL

URL: https://portal.facebook.com/
Title: Portal

Search URL Search Domain Scan URL

URL: https://l.facebook.com/l.php?u=https%3A%2F%2Fwww.instagram.com%2F&h=AT2-_9i8rtC4VxQKzqs5OgKrDEI1C9idG7OuLpsUY30lktOkHBTe3LUfP7AcWKno4wjmuz_dFd-HyMDpEDxY-abOE9stEJoKjsyqNXgDDzHFuoeXv5GXY5KZ5to-0a765Uzi0sKwO164DL51CVxp
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.bulletin.com/
Title: Bulletin

Search URL Search Domain Scan URL

URL: https://about.facebook.com/
Title: Πληροφορίες

Search URL Search Domain Scan URL

URL: https://developers.facebook.com/?ref=pf
Title: Προγραμματιστές

Search URL Search Domain Scan URL

URL: https://el-gr.facebook.com/help/568137493302217
Title: Οι διαφημίσεις μου

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request enterg_d.html Show response www.kitconcafe.com/wp-includes/blocks/spacer/	30 KB 12 KB	302ms 93ms	Document text/html	20.81.68.24 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 20.81.68.24 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash `f0d093989027a166b919ab41b008aa8eab1addbfb4e0155ea926c99f5243a95a` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers content-type text/html content-encoding gzip last-modified Thu, 13 Jan 2022 16:03:58 GMT accept-ranges bytes etag "e4b3602c978d81:0" vary Accept-Encoding server Microsoft-IIS/10.0 x-powered-by ASP.NET date Fri, 14 Jan 2022 13:10:18 GMT content-length 12450
GET H2	200	styles2.css www.kitconcafe.com/wp-includes/blocks/spacer/img/	28 KB 10 KB	128ms 128ms	Stylesheet text/css	20.81.68.24 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.kitconcafe.com/wp-includes/blocks/spacer/img/styles2.css Requested by Host: www.kitconcafe.com URL: https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 20.81.68.24 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash `4a070d5b96539f0ebad9df7d1865b37bd518cbfcef7ef3f77a9115ff004d0ecc` Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 14 Jan 2022 13:10:18 GMT content-encoding gzip last-modified Tue, 21 Dec 2021 23:55:08 GMT server Microsoft-IIS/10.0 x-powered-by ASP.NET etag "71c5242fc6f6d71:0" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 9673
GET H2	200	d.js Show response waust.at/	13 KB 7 KB	81ms 49ms	Script application/x-javascript	2606:4700:20::ac43:4739 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://waust.at/d.js Requested by Host: www.kitconcafe.com URL: https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:4739 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8fb1850e00c24b83e04ea4f41fe5774cff1d476a293fa7b35cba97827eb194cd` Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.kitconcafe.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 14 Jan 2022 13:10:19 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 3216 last-modified Mon, 03 May 2021 17:48:07 GMT server cloudflare etag W/"60903757-3444" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3aS4jFwm5YRBNAZlXrrTub5Pg2YwrdKjyZ2kzP2p0BYeZxOHFJQB4HyZyRy%2FYRXSxCHzXR%2BYT9me5DONED8926Mb3FLfWwPVhSz2hEyS5SZWlLlYIvxjJUSW6CQGMxw7EcgTCeqI"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript access-control-allow-origin * cache-control max-age=86400 cf-ray 6cd71a940ddb6957-FRA expires Sat, 15 Jan 2022 12:16:43 GMT
GET H2	200	logo.png www.kitconcafe.com/wp-includes/blocks/spacer/img/	10 KB 10 KB	91ms 91ms	Image image/png	20.81.68.24 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://www.kitconcafe.com/wp-includes/blocks/spacer/img/logo.png Requested by Host: www.kitconcafe.com URL: https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 20.81.68.24 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash `da0a17ced8d27536fb4658f793e777b87a0a7078f6971b10337b9205511d9703` Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 14 Jan 2022 13:10:18 GMT last-modified Tue, 21 Dec 2021 23:54:55 GMT server Microsoft-IIS/10.0 x-powered-by ASP.NET etag "9de04727c6f6d71:0" content-type image/png accept-ranges bytes content-length 10166
GET H/1.1	200 OK	/ Show response t.dtscout.com/i/	2 KB 3 KB	291ms 94ms	Script application/javascript	158.69.139.229 OVH
General Check archive.org Show headers Download Go to Full URL https://t.dtscout.com/i/?l=https%3A%2F%2Fwww.kitconcafe.com%2Fwp-includes%2Fblocks%2Fspacer%2Fenterg_d.html%3Fgstr%3DtN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE&j= Requested by Host: waust.at URL: https://waust.at/d.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 158.69.139.229 Montreal, Canada, ASN16276 (OVH, FR), Reverse DNS ip229.ip-158-69-139.net Software nginx/1.14.0 (Ubuntu) / Resource Hash `867e8c0f65910529d214a22ff58f5ad38158e1c104cc1706c94d5f4d3780944c` Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.kitconcafe.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Fri, 14 Jan 2022 13:10:19 GMT X-T 0.781 Server nginx/1.14.0 (Ubuntu) Transfer-Encoding chunked Content-Type application/javascript Cache-Control no-cache Connection close X-S mtl3 Expires Fri, 14 Jan 2022 13:10:18 GMT
GET H2	200	FBWordmark_Hex-RGB-1024.svg www.kitconcafe.com/wp-includes/blocks/spacer/img/	2 KB 2 KB	96ms 96ms	Image image/svg+xml	20.81.68.24 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://www.kitconcafe.com/wp-includes/blocks/spacer/img/FBWordmark_Hex-RGB-1024.svg Requested by Host: www.kitconcafe.com URL: https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 20.81.68.24 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash `74f570e29539b975f49b3b716ba1fd496ea46821233a6fda79a7a78396dee950` Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 14 Jan 2022 13:10:18 GMT last-modified Tue, 21 Dec 2021 23:54:31 GMT server Microsoft-IIS/10.0 x-powered-by ASP.NET etag "c2b8ca18c6f6d71:0" content-type image/svg+xml accept-ranges bytes content-length 2384
GET H2	200	/ Show response whos.amung.us/pingjs/	29 B 145 B	326ms 108ms	Script text/javascript	67.202.114.216 STEADFAST
General Check archive.org Show headers Download Go to Full URL https://whos.amung.us/pingjs/?k=xjjd6l89fr&t=Facebook%20-%20%CE%A3%CF%85%CE%BD%CE%B4%CE%B5%CE%B8%CE%B5%CE%AF%CF%84%CE%B5%20%CE%AE%20%CE%B4%CE%B7%CE%BC%CE%B9%CE%BF%CF%85%CF%81%CE%B3%CE%AE%CF%83%CF%84%CE%B5%20%CE%BB%CE%BF%CE%B3%CE%B1%CF%81%CE%B9%CE%B1%CF%83%CE%BC%CF%8C&c=d&x=https%3A%2F%2Fwww.kitconcafe.com%2Fwp-includes%2Fblocks%2Fspacer%2Fenterg_d.html%3Fgstr%3DtN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE&y=&a=0&v=27&r=8716 Requested by Host: waust.at URL: https://waust.at/d.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 67.202.114.216 , United States, ASN32748 (STEADFAST, US), Reverse DNS amung.us Software / Resource Hash `d4302e30e4a43df2877987aec5088fca593db91d522b905a91965d9dca868c1a` Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.kitconcafe.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 14 Jan 2022 13:10:19 GMT content-encoding gzip content-type text/javascript;charset=UTF-8
GET H2	404	HToPuqfx_wC.png www.kitconcafe.com/rsrc.php/v3/ya/r/	18 KB 18 KB	457ms 457ms	Image text/html	20.81.68.24 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://www.kitconcafe.com/rsrc.php/v3/ya/r/HToPuqfx_wC.png Requested by Host: www.kitconcafe.com URL: https://www.kitconcafe.com/wp-includes/blocks/spacer/img/styles2.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 20.81.68.24 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / PHP/7.4.13, ASP.NET Resource Hash `a8e04594a5b77aa2a828e9211a798655811840815d8cefe867459b8b9bcaa8f4` Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.kitconcafe.com/wp-includes/blocks/spacer/img/styles2.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Fri, 14 Jan 2022 13:10:20 GMT server Microsoft-IIS/10.0 x-powered-by PHP/7.4.13, ASP.NET content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 link <https://www.kitconcafe.com/wp-json/>; rel="https://api.w.org/" content-length 18785 x-mobilized-by WordPress Mobile Pack 1.2.5 expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	404	YQNfPR9MJfx.png www.kitconcafe.com/rsrc.php/v3/yO/r/	18 KB 18 KB	512ms 512ms	Image text/html	20.81.68.24 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://www.kitconcafe.com/rsrc.php/v3/yO/r/YQNfPR9MJfx.png Requested by Host: www.kitconcafe.com URL: https://www.kitconcafe.com/wp-includes/blocks/spacer/img/styles2.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 20.81.68.24 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / PHP/7.4.13, ASP.NET Resource Hash `3ffbb94c73fd311bbb8a9da538d8649d714a39330e7bbf0ec6c342b457daa1d2` Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.kitconcafe.com/wp-includes/blocks/spacer/img/styles2.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Fri, 14 Jan 2022 13:10:20 GMT server Microsoft-IIS/10.0 x-powered-by PHP/7.4.13, ASP.NET content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 link <https://www.kitconcafe.com/wp-json/>; rel="https://api.w.org/" content-length 18785 x-mobilized-by WordPress Mobile Pack 1.2.5 expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	200 OK	/ Show response t.dtscout.com/pv/	50 B 318 B	271ms 91ms	Script application/javascript	158.69.139.229 OVH
General Check archive.org Show headers Download Go to Full URL https://t.dtscout.com/pv/?_a=v&_h=kitconcafe.com&_ss=415i6ludqm&_pv=1&_ls=0&_u1=1&_u3=1&_cc=de&_pl=d&_cbid=5h6z&_cb=_dtspv.c Requested by Host: t.dtscout.com URL: https://t.dtscout.com/i/?l=https%3A%2F%2Fwww.kitconcafe.com%2Fwp-includes%2Fblocks%2Fspacer%2Fenterg_d.html%3Fgstr%3DtN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE&j= Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 158.69.139.229 Montreal, Canada, ASN16276 (OVH, FR), Reverse DNS ip229.ip-158-69-139.net Software nginx/1.14.0 (Ubuntu) / Resource Hash `0eec14bca2fd068c67243ed0ffdfa40b7945f8f7821bdbda88c9bb5f0cdadb8c` Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.kitconcafe.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Fri, 14 Jan 2022 13:10:20 GMT X-T 0.205 Server nginx/1.14.0 (Ubuntu) Transfer-Encoding chunked X-C 0 Content-Type application/javascript Cache-Control no-cache Connection close Expires Fri, 14 Jan 2022 13:10:19 GMT
GET H2	200	tc.js Show response cdn.tynt.com/	17 KB 7 KB	92ms 41ms	Script application/javascript	104.18.29.199 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.tynt.com/tc.js Requested by Host: waust.at URL: https://waust.at/d.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.29.199 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2347066080fea31af55c7112dca5245ea3eea67df5f24f1daae09f0870fbce62` Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.kitconcafe.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 14 Jan 2022 13:10:20 GMT content-encoding gzip cf-cache-status HIT last-modified Fri, 27 Aug 2021 20:58:37 GMT server cloudflare age 204305 etag W/"612951fd-431d" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript cache-control public, max-age=259200 cf-ray 6cd71a9738c15b50-FRA expires Mon, 17 Jan 2022 13:10:20 GMT
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6f4587fb64cd2e7ce26ba21941c80f3ab8d28c257b73d04a87c949b32e4cde2d` Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type image/png
GET H2	204	p ic.tynt.com/b/	0 227 B	333ms 110ms	Image text/plain	67.202.105.33 STEADFAST
General Check archive.org Show headers Download Go to Show image Full URL https://ic.tynt.com/b/p?id=w!xjjd6l89fr&lm=0&ts=1642165820077&dn=TC&iso=0&t=Facebook%20-%20%CE%A3%CF%85%CE%BD%CE%B4%CE%B5%CE%B8%CE%B5%CE%AF%CF%84%CE%B5%20%CE%AE%20%CE%B4%CE%B7%CE%BC%CE%B9%CE%BF%CF%85%CF%81%CE%B3%CE%AE%CF%83%CF%84%CE%B5%20%CE%BB%CE%BF%CE%B3%CE%B1%CF%81%CE%B9%CE%B1%CF%83%CE%BC%CF%8C Requested by Host: www.kitconcafe.com URL: https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE Protocol H2 Security TLS 1.3, , AES_256_GCM Server 67.202.105.33 , United States, ASN32748 (STEADFAST, US), Reverse DNS ip33.67-202-105.static.steadfastdns.net Software nginx/1.16.1 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 14 Jan 2022 13:10:20 GMT cache-control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false" expires "Sat, 26 Jul 1997 05:00:00 GMT" server nginx/1.16.1 p3p CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
GET H2	200	v2 Show response de.tynt.com/deb/	4 B 202 B	330ms 107ms	Script application/javascript	67.202.105.32 STEADFAST
General Check archive.org Show headers Download Go to Full URL https://de.tynt.com/deb/v2?id=w!xjjd6l89fr&dn=TC&cc=1&r= Requested by Host: cdn.tynt.com URL: https://cdn.tynt.com/tc.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 67.202.105.32 , United States, ASN32748 (STEADFAST, US), Reverse DNS ip32.67-202-105.static.steadfastdns.net Software / Resource Hash `d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179` Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 14 Jan 2022 13:10:20 GMT cache-control max-age=86400 content-type application/javascript p3p CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA" content-length 4 expires Sat, 15 Jan 2022 13:10:20 GMT
GET H2	204	p ic.tynt.com/b/	0 227 B	106ms 106ms	Image text/plain	67.202.105.33 STEADFAST
General Check archive.org Show headers Download Go to Show image Full URL https://ic.tynt.com/b/p?id=w!xjjd6l89fr&lm=0&ts=1642165820077&dn=TC&iso=0&t=Facebook%20-%20%CE%A3%CF%85%CE%BD%CE%B4%CE%B5%CE%B8%CE%B5%CE%AF%CF%84%CE%B5%20%CE%AE%20%CE%B4%CE%B7%CE%BC%CE%B9%CE%BF%CF%85%CF%81%CE%B3%CE%AE%CF%83%CF%84%CE%B5%20%CE%BB%CE%BF%CE%B3%CE%B1%CF%81%CE%B9%CE%B1%CF%83%CE%BC%CF%8C Requested by Host: www.kitconcafe.com URL: https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE Protocol H2 Security TLS 1.3, , AES_256_GCM Server 67.202.105.33 , United States, ASN32748 (STEADFAST, US), Reverse DNS ip33.67-202-105.static.steadfastdns.net Software nginx/1.16.1 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 14 Jan 2022 13:10:20 GMT cache-control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false" expires "Sat, 26 Jul 1997 05:00:00 GMT" server nginx/1.16.1 p3p CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
GET H2	204	p ic.tynt.com/b/	0 227 B	107ms 107ms	Image text/plain	67.202.105.33 STEADFAST
General Check archive.org Show headers Download Go to Show image Full URL https://ic.tynt.com/b/p?id=w!xjjd6l89fr&lm=0&ts=1642165820077&dn=TC&iso=0&t=Facebook%20-%20%CE%A3%CF%85%CE%BD%CE%B4%CE%B5%CE%B8%CE%B5%CE%AF%CF%84%CE%B5%20%CE%AE%20%CE%B4%CE%B7%CE%BC%CE%B9%CE%BF%CF%85%CF%81%CE%B3%CE%AE%CF%83%CF%84%CE%B5%20%CE%BB%CE%BF%CE%B3%CE%B1%CF%81%CE%B9%CE%B1%CF%83%CE%BC%CF%8C Requested by Host: www.kitconcafe.com URL: https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE Protocol H2 Security TLS 1.3, , AES_256_GCM Server 67.202.105.33 , United States, ASN32748 (STEADFAST, US), Reverse DNS ip33.67-202-105.static.steadfastdns.net Software nginx/1.16.1 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 14 Jan 2022 13:10:20 GMT cache-control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false" expires "Sat, 26 Jul 1997 05:00:00 GMT" server nginx/1.16.1 p3p CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
GET H2	204	p ic.tynt.com/b/	0 227 B	107ms 107ms	Image text/plain	67.202.105.33 STEADFAST
General Check archive.org Show headers Download Go to Show image Full URL https://ic.tynt.com/b/p?id=w!xjjd6l89fr&lm=0&ts=1642165820077&dn=TC&iso=0 Requested by Host: www.kitconcafe.com URL: https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE Protocol H2 Security TLS 1.3, , AES_256_GCM Server 67.202.105.33 , United States, ASN32748 (STEADFAST, US), Reverse DNS ip33.67-202-105.static.steadfastdns.net Software nginx/1.16.1 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 14 Jan 2022 13:10:20 GMT cache-control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false" expires "Sat, 26 Jul 1997 05:00:00 GMT" server nginx/1.16.1 p3p CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
GET H2	204	p ic.tynt.com/b/	0 227 B	108ms 107ms	Image text/plain	67.202.105.33 STEADFAST
General Check archive.org Show headers Download Go to Show image Full URL https://ic.tynt.com/b/p?id=w!xjjd6l89fr&lm=0&ts=1642165820077&dn=TC&iso=0 Requested by Host: www.kitconcafe.com URL: https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE Protocol H2 Security TLS 1.3, , AES_256_GCM Server 67.202.105.33 , United States, ASN32748 (STEADFAST, US), Reverse DNS ip33.67-202-105.static.steadfastdns.net Software nginx/1.16.1 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 14 Jan 2022 13:10:21 GMT cache-control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false" expires "Sat, 26 Jul 1997 05:00:00 GMT" server nginx/1.16.1 p3p CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
GET H2	204	p ic.tynt.com/b/	0 227 B	107ms 107ms	Image text/plain	67.202.105.33 STEADFAST
General Check archive.org Show headers Download Go to Show image Full URL https://ic.tynt.com/b/p?id=w!xjjd6l89fr&lm=0&ts=1642165820077&dn=TC&iso=0 Requested by Host: www.kitconcafe.com URL: https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE Protocol H2 Security TLS 1.3, , AES_256_GCM Server 67.202.105.33 , United States, ASN32748 (STEADFAST, US), Reverse DNS ip33.67-202-105.static.steadfastdns.net Software nginx/1.16.1 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 14 Jan 2022 13:10:20 GMT cache-control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false" expires "Sat, 26 Jul 1997 05:00:00 GMT" server nginx/1.16.1 p3p CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
GET H2	204	p ic.tynt.com/b/	0 227 B	106ms 106ms	Image text/plain	67.202.105.33 STEADFAST
General Check archive.org Show headers Download Go to Show image Full URL https://ic.tynt.com/b/p?id=w!xjjd6l89fr&lm=0&ts=1642165820077&dn=TC&iso=0 Requested by Host: www.kitconcafe.com URL: https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE Protocol H2 Security TLS 1.3, , AES_256_GCM Server 67.202.105.33 , United States, ASN32748 (STEADFAST, US), Reverse DNS ip33.67-202-105.static.steadfastdns.net Software nginx/1.16.1 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 14 Jan 2022 13:10:21 GMT cache-control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false" expires "Sat, 26 Jul 1997 05:00:00 GMT" server nginx/1.16.1 p3p CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.dtscout.com/	1970-01-20 00:09:30	Name: m Value: 1
.dtscout.com/	1970-01-20 00:09:43	Name: b Value: 1
.dtscout.com/	1970-01-20 00:09:40	Name: oa Value: 1
.dtscout.com/	1970-01-20 02:33:25	Name: df Value: 1642165819
www.kitconcafe.com/	1970-01-20 08:55:01	Name: wpmp_switcher Value: desktop
www.kitconcafe.com/	1970-01-20 00:09:27	Name: wfvt_22575677 Value: 61e1763c4d48d
www.kitconcafe.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 3o1mnu3769jrqj8tqfme7ho55n

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.kitconcafe.com/rsrc.php/v3/ya/r/HToPuqfx_wC.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.kitconcafe.com/rsrc.php/v3/yO/r/YQNfPR9MJfx.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.tynt.com
de.tynt.com
ic.tynt.com
t.dtscout.com
waust.at
whos.amung.us
www.kitconcafe.com
104.18.29.199
158.69.139.229
20.81.68.24
2606:4700:20::ac43:4739
67.202.105.32
67.202.105.33
67.202.114.216
0eec14bca2fd068c67243ed0ffdfa40b7945f8f7821bdbda88c9bb5f0cdadb8c
2347066080fea31af55c7112dca5245ea3eea67df5f24f1daae09f0870fbce62
3ffbb94c73fd311bbb8a9da538d8649d714a39330e7bbf0ec6c342b457daa1d2
4a070d5b96539f0ebad9df7d1865b37bd518cbfcef7ef3f77a9115ff004d0ecc
6f4587fb64cd2e7ce26ba21941c80f3ab8d28c257b73d04a87c949b32e4cde2d
74f570e29539b975f49b3b716ba1fd496ea46821233a6fda79a7a78396dee950
867e8c0f65910529d214a22ff58f5ad38158e1c104cc1706c94d5f4d3780944c
8fb1850e00c24b83e04ea4f41fe5774cff1d476a293fa7b35cba97827eb194cd
a8e04594a5b77aa2a828e9211a798655811840815d8cefe867459b8b9bcaa8f4
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
d4302e30e4a43df2877987aec5088fca593db91d522b905a91965d9dca868c1a
da0a17ced8d27536fb4658f793e777b87a0a7078f6971b10337b9205511d9703
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f0d093989027a166b919ab41b008aa8eab1addbfb4e0155ea926c99f5243a95a

www.kitconcafe.com Open in urlscan Pro 20.81.68.24 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

19 Requests

100 %HTTPS

14 %IPv6

5 Domains

7 Subdomains

8 IPs

3 Countries

90 kBTransfer

143 kBSize

7 Cookies

16 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

29 JavaScript Global Variables

7 Cookies

2 Console Messages

Indicators

www.kitconcafe.com Open in urlscan Pro
20.81.68.24 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

14 %
IPv6

5
Domains

7
Subdomains

8
IPs

3
Countries

90 kB
Transfer

143 kB
Size

7
Cookies

19 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!