www.kitconcafe.com
Open in
urlscan Pro
20.81.68.24
Malicious Activity!
Public Scan
Submission: On January 14 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on October 13th 2021. Valid for: a year.
This is the only time www.kitconcafe.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 20.81.68.24 20.81.68.24 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2606:4700:20:... 2606:4700:20::ac43:4739 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 158.69.139.229 158.69.139.229 | 16276 (OVH) (OVH) | |
1 | 67.202.114.216 67.202.114.216 | 32748 (STEADFAST) (STEADFAST) | |
1 | 104.18.29.199 104.18.29.199 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 67.202.105.33 67.202.105.33 | 32748 (STEADFAST) (STEADFAST) | |
1 | 67.202.105.32 67.202.105.32 | 32748 (STEADFAST) (STEADFAST) | |
19 | 8 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.kitconcafe.com |
ASN32748 (STEADFAST, US)
PTR: ip33.67-202-105.static.steadfastdns.net
ic.tynt.com |
ASN32748 (STEADFAST, US)
PTR: ip32.67-202-105.static.steadfastdns.net
de.tynt.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
tynt.com
cdn.tynt.com — Cisco Umbrella Rank: 6692 ic.tynt.com — Cisco Umbrella Rank: 3828 de.tynt.com — Cisco Umbrella Rank: 1127 |
8 KB |
6 |
kitconcafe.com
www.kitconcafe.com |
71 KB |
2 |
dtscout.com
t.dtscout.com — Cisco Umbrella Rank: 13169 |
3 KB |
1 |
amung.us
whos.amung.us — Cisco Umbrella Rank: 14480 |
145 B |
1 |
waust.at
waust.at — Cisco Umbrella Rank: 40332 |
7 KB |
19 | 5 |
Domain | Requested by | |
---|---|---|
7 | ic.tynt.com |
www.kitconcafe.com
|
6 | www.kitconcafe.com |
www.kitconcafe.com
|
2 | t.dtscout.com |
waust.at
t.dtscout.com |
1 | de.tynt.com |
cdn.tynt.com
|
1 | cdn.tynt.com |
waust.at
|
1 | whos.amung.us |
waust.at
|
1 | waust.at |
www.kitconcafe.com
|
19 | 7 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.mirusdev.com Go Daddy Secure Certificate Authority - G2 |
2021-10-13 - 2022-10-23 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-08-04 - 2022-08-03 |
a year | crt.sh |
*.dtscout.com Sectigo RSA Domain Validation Secure Server CA |
2021-10-28 - 2022-11-27 |
a year | crt.sh |
whos.amung.us Sectigo RSA Domain Validation Secure Server CA |
2020-05-21 - 2022-05-21 |
2 years | crt.sh |
*.tynt.com Sectigo RSA Domain Validation Secure Server CA |
2021-09-23 - 2022-09-30 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.kitconcafe.com/wp-includes/blocks/spacer/enterg_d.html?gstr=tN6gJdULZmMhRMET4BS3niihLKwS6GJdFn5N4wwSfuigZTrgJE
Frame ID: 88A57964F509BC852DABC239F52F75E4
Requests: 20 HTTP requests in this frame
16 Outgoing links
These are links going to different origins than the main page.
Title: 35
Search URL Search Domain Scan URL
Title: News
Search URL Search Domain Scan URL
Title: Editorial
Search URL Search Domain Scan URL
Title: General info
Search URL Search Domain Scan URL
Title: Follow us on Facebook
Search URL Search Domain Scan URL
Title: Contact us
Search URL Search Domain Scan URL
Title: Messenger
Search URL Search Domain Scan URL
Title: Watch
Search URL Search Domain Scan URL
Title: Facebook Pay
Search URL Search Domain Scan URL
Title: Oculus
Search URL Search Domain Scan URL
Title: Portal
Search URL Search Domain Scan URL
Title: Instagram
Search URL Search Domain Scan URL
Title: Bulletin
Search URL Search Domain Scan URL
Title: Πληροφορίες
Search URL Search Domain Scan URL
Title: Προγραμματιστές
Search URL Search Domain Scan URL
Title: Οι διαφημίσεις μου
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
enterg_d.html
www.kitconcafe.com/wp-includes/blocks/spacer/ |
30 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles2.css
www.kitconcafe.com/wp-includes/blocks/spacer/img/ |
28 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
d.js
waust.at/ |
13 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
www.kitconcafe.com/wp-includes/blocks/spacer/img/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
t.dtscout.com/i/ |
2 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FBWordmark_Hex-RGB-1024.svg
www.kitconcafe.com/wp-includes/blocks/spacer/img/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
whos.amung.us/pingjs/ |
29 B 145 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
HToPuqfx_wC.png
www.kitconcafe.com/rsrc.php/v3/ya/r/ |
18 KB 18 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
YQNfPR9MJfx.png
www.kitconcafe.com/rsrc.php/v3/yO/r/ |
18 KB 18 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
t.dtscout.com/pv/ |
50 B 318 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tc.js
cdn.tynt.com/ |
17 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p
ic.tynt.com/b/ |
0 227 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v2
de.tynt.com/deb/ |
4 B 202 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p
ic.tynt.com/b/ |
0 227 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p
ic.tynt.com/b/ |
0 227 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p
ic.tynt.com/b/ |
0 227 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p
ic.tynt.com/b/ |
0 227 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p
ic.tynt.com/b/ |
0 227 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p
ic.tynt.com/b/ |
0 227 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)29 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onsecuritypolicyviolation object| onslotchange object| _wau object| _0xca5d function| getparam object| gStr number| sgtru string| sg string| wau_w_col string| wau_w_siz object| WAU_ren function| WAU_dynamic function| WAU_dynamic_request function| WAU_r_d function| WAU_insert function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_lrs function| WAU_cps function| docReady object| _0x74f7 object| _dtspv object| x string| x1 string| x2 object| Tynt object| _33Across function| __uspapi7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.dtscout.com/ | Name: m Value: 1 |
|
.dtscout.com/ | Name: b Value: 1 |
|
.dtscout.com/ | Name: oa Value: 1 |
|
.dtscout.com/ | Name: df Value: 1642165819 |
|
www.kitconcafe.com/ | Name: wpmp_switcher Value: desktop |
|
www.kitconcafe.com/ | Name: wfvt_22575677 Value: 61e1763c4d48d |
|
www.kitconcafe.com/ | Name: PHPSESSID Value: 3o1mnu3769jrqj8tqfme7ho55n |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.tynt.com
de.tynt.com
ic.tynt.com
t.dtscout.com
waust.at
whos.amung.us
www.kitconcafe.com
104.18.29.199
158.69.139.229
20.81.68.24
2606:4700:20::ac43:4739
67.202.105.32
67.202.105.33
67.202.114.216
0eec14bca2fd068c67243ed0ffdfa40b7945f8f7821bdbda88c9bb5f0cdadb8c
2347066080fea31af55c7112dca5245ea3eea67df5f24f1daae09f0870fbce62
3ffbb94c73fd311bbb8a9da538d8649d714a39330e7bbf0ec6c342b457daa1d2
4a070d5b96539f0ebad9df7d1865b37bd518cbfcef7ef3f77a9115ff004d0ecc
6f4587fb64cd2e7ce26ba21941c80f3ab8d28c257b73d04a87c949b32e4cde2d
74f570e29539b975f49b3b716ba1fd496ea46821233a6fda79a7a78396dee950
867e8c0f65910529d214a22ff58f5ad38158e1c104cc1706c94d5f4d3780944c
8fb1850e00c24b83e04ea4f41fe5774cff1d476a293fa7b35cba97827eb194cd
a8e04594a5b77aa2a828e9211a798655811840815d8cefe867459b8b9bcaa8f4
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
d4302e30e4a43df2877987aec5088fca593db91d522b905a91965d9dca868c1a
da0a17ced8d27536fb4658f793e777b87a0a7078f6971b10337b9205511d9703
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f0d093989027a166b919ab41b008aa8eab1addbfb4e0155ea926c99f5243a95a