abuzadama.cf
Open in
urlscan Pro
159.203.24.160
Malicious Activity!
Public Scan
Effective URL: https://abuzadama.cf/console/?email=test@test.com
Submission: On June 10 via manual from IE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on June 8th 2019. Valid for: 3 months.
This is the only time abuzadama.cf was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 69.167.179.79 69.167.179.79 | 32244 (LIQUIDWEB) (LIQUIDWEB - Liquid Web) | |
10 | 159.203.24.160 159.203.24.160 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean) | |
2 | 23.111.9.35 23.111.9.35 | 33438 (HIGHWINDS2) (HIGHWINDS2 - Highwinds Network Group) | |
12 | 2 |
ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US)
PTR: host.web-hosting-bolivia.com
www.volcansa.com |
ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
abuzadama.cf |
ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US)
use.fontawesome.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
abuzadama.cf
abuzadama.cf |
888 KB |
2 |
fontawesome.com
use.fontawesome.com |
87 KB |
1 |
volcansa.com
1 redirects
www.volcansa.com |
156 B |
12 | 3 |
Domain | Requested by | |
---|---|---|
10 | abuzadama.cf |
abuzadama.cf
|
2 | use.fontawesome.com |
abuzadama.cf
|
1 | www.volcansa.com | 1 redirects |
12 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
abuzadama.cf cPanel, Inc. Certification Authority |
2019-06-08 - 2019-09-06 |
3 months | crt.sh |
*.fontawesome.com DigiCert SHA2 Secure Server CA |
2018-09-17 - 2019-11-21 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://abuzadama.cf/console/?email=test@test.com
Frame ID: F5FA9911FF2C3F88829C8F3097D97BC1
Requests: 12 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://www.volcansa.com/wp-includes/ms-footer.php?email=test@test.com
HTTP 302
https://abuzadama.cf/console/?email=test@test.com Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
Twitter Bootstrap () Expand
Detected patterns
- script /(?:twitter\.github\.com\/bootstrap|bootstrap(?:\.js|\.min\.js))/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.volcansa.com/wp-includes/ms-footer.php?email=test@test.com
HTTP 302
https://abuzadama.cf/console/?email=test@test.com Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
abuzadama.cf/console/ Redirect Chain
|
7 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
all.min.css
abuzadama.cf/console/vendor/fontawesome-free/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
abuzadama.cf/console/js/ |
85 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
abuzadama.cf/console/js/ |
37 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.css
use.fontawesome.com/releases/v5.8.1/css/ |
54 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
blue.css
abuzadama.cf/console/css/ |
237 KB 238 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dhl-logo.svg
abuzadama.cf/console/img/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
earnig.js
abuzadama.cf/console/js/ |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
yinwo.png
abuzadama.cf/console/img/ |
54 KB 54 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wilac.png
abuzadama.cf/console/img/ |
50 KB 50 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
allsise.png
abuzadama.cf/console/img/ |
413 KB 413 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.woff2
use.fontawesome.com/releases/v5.8.1/webfonts/ |
73 KB 73 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery function| formatAMPM0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
abuzadama.cf
use.fontawesome.com
www.volcansa.com
159.203.24.160
23.111.9.35
69.167.179.79
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
362bcaa42090e36611031bec6bdaa0600375ef847092cca195c58d3bae9b4419
5aaaa0b0386a5bee9acd40cefa6f8825117d2726d78bc4788e686f080337da42
6e7d6826010c47f64438945a78cec8f26c51ab8981451c0fae14edd66b0b746a
8cf7e5f43d5ede083177998ab770d0936481616d3f3f82226ec99741f01636d5
909ae563eb34f7e4285a3a643ab5d7c21c5e6a80f3f455b949ac45f08d0389b4
972128a1bf7a7dea1f211ceca37fa66437d4d2f1aa08e92546a6a4aed9067d5a
9f5c09759dcf644371e40d550ec43bde42d073dab9a42ee6b712b2d88c38408e
ac2bdf15e0039551887e7d4254e8f1aabb38fbeca4da0a8e06f2318a39824c50
eeb17a45a48aca1d7adbcf04de155dcd0b47cb36ad036310446bb471fea9aaa3
f18c486a80175cf02fee0e05c2b4acd86c04cdbaecec61c1ef91f920509b5efe