server-193-29-104-49.da.direct Open in urlscan Pro
193.29.104.49  Malicious Activity! Public Scan

4 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request process.php Show response server-193-29-104-49.da.direct/	28 KB 7 KB	89ms 32ms	Document text/html	193.29.104.49 M247
General Check archive.org Show headers Download Go to Full URL http://server-193-29-104-49.da.direct/process.php Protocol HTTP/1.1 Server 193.29.104.49 Paris, France, ASN9009 (M247, RO), Reverse DNS Software nginx/1.14.0 (Ubuntu) / Resource Hash bc30c0f9c31f9f847da3a882534ae3b0a1f66f2de6580f7dac55be9b408d86df Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Thu, 22 Feb 2024 01:34:08 GMT Server nginx/1.14.0 (Ubuntu) Transfer-Encoding chunked
GET		inpage.js lgmpcpglpngdoalbgeoldeajfclnhafa/	0 0
GET H/1.1	404 Not Found	main.css server-193-29-104-49.da.direct/	0 0	31ms 30ms	Stylesheet text/html	193.29.104.49 M247
General Check archive.org Show headers Download Go to Full URL http://server-193-29-104-49.da.direct/main.css Requested by Host: server-193-29-104-49.da.direct URL: http://server-193-29-104-49.da.direct/process.php Protocol HTTP/1.1 Server 193.29.104.49 Paris, France, ASN9009 (M247, RO), Reverse DNS Software nginx/1.14.0 (Ubuntu) / Resource Hash Request headers accept-language fr-FR,fr;q=0.9 Referer http://server-193-29-104-49.da.direct/process.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Date Thu, 22 Feb 2024 01:34:08 GMT Content-Encoding gzip Server nginx/1.14.0 (Ubuntu) Connection keep-alive Transfer-Encoding chunked Content-Type text/html
GET H/1.1	404 Not Found	saved_resource server-193-29-104-49.da.direct/files/	0 0	54ms 27ms	Stylesheet text/html	193.29.104.49 M247
General Check archive.org Show headers Download Go to Full URL http://server-193-29-104-49.da.direct/files/saved_resource Requested by Host: server-193-29-104-49.da.direct URL: http://server-193-29-104-49.da.direct/process.php Protocol HTTP/1.1 Server 193.29.104.49 Paris, France, ASN9009 (M247, RO), Reverse DNS Software nginx/1.14.0 (Ubuntu) / Resource Hash Request headers accept-language fr-FR,fr;q=0.9 Referer http://server-193-29-104-49.da.direct/process.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Date Thu, 22 Feb 2024 01:34:09 GMT Content-Encoding gzip Server nginx/1.14.0 (Ubuntu) Connection keep-alive Transfer-Encoding chunked Content-Type text/html
GET H/1.1	200 OK	main-process.css server-193-29-104-49.da.direct/files/	829 KB 829 KB	55ms 29ms	Stylesheet text/css	193.29.104.49 M247
General Check archive.org Show headers Download Go to Full URL http://server-193-29-104-49.da.direct/files/main-process.css Requested by Host: server-193-29-104-49.da.direct URL: http://server-193-29-104-49.da.direct/process.php Protocol HTTP/1.1 Server 193.29.104.49 Paris, France, ASN9009 (M247, RO), Reverse DNS Software nginx/1.14.0 (Ubuntu) / Resource Hash 923e10ea8f110f5444829b07607f873313c9a57d9de87cdcfad00647d54fbed4 Request headers accept-language fr-FR,fr;q=0.9 Referer http://server-193-29-104-49.da.direct/process.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Date Thu, 22 Feb 2024 01:34:09 GMT Last-Modified Fri, 26 Jan 2024 21:17:50 GMT Server nginx/1.14.0 (Ubuntu) ETag "65b4217e-cf2ba" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 848570
GET H/1.1	200 OK	c1.png server-193-29-104-49.da.direct/	5 KB 5 KB	59ms 30ms	Image image/png	193.29.104.49 M247
General Check archive.org Show headers Download Go to Show image Full URL http://server-193-29-104-49.da.direct/c1.png Requested by Host: server-193-29-104-49.da.direct URL: http://server-193-29-104-49.da.direct/process.php Protocol HTTP/1.1 Server 193.29.104.49 Paris, France, ASN9009 (M247, RO), Reverse DNS Software nginx/1.14.0 (Ubuntu) / Resource Hash 5332c07bf9add9bd96f07690305c23d6348639e6c74a6fc5027060c1802d5afd Request headers accept-language fr-FR,fr;q=0.9 Referer http://server-193-29-104-49.da.direct/process.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Date Thu, 22 Feb 2024 01:34:09 GMT Last-Modified Fri, 26 Jan 2024 21:17:50 GMT Server nginx/1.14.0 (Ubuntu) ETag "65b4217e-1213" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 4627
GET H2	200	jquery-3.6.4.min.js Show response code.jquery.com/	88 KB 31 KB	56ms 19ms	Script application/javascript	2a04:4e42:600::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.6.4.min.js Requested by Host: server-193-29-104-49.da.direct URL: http://server-193-29-104-49.da.direct/process.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af Request headers accept-language fr-FR,fr;q=0.9 Referer http://server-193-29-104-49.da.direct/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Thu, 22 Feb 2024 01:34:09 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 13763450 x-cache HIT, HIT content-length 31011 x-served-by cache-lga21953-LGA, cache-lcy-eglc8600069-LCY last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1708565649.009285,VS0,VE0 etag W/"28feccc0-15ec3" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 180, 101482
GET H2	200	jquery.mask.min.js Show response cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/	8 KB 4 KB	62ms 24ms	Script application/javascript	2606:4700::6811:180e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js Requested by Host: server-193-29-104-49.da.direct URL: http://server-193-29-104-49.da.direct/process.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers accept-language fr-FR,fr;q=0.9 Referer http://server-193-29-104-49.da.direct/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Thu, 22 Feb 2024 01:34:09 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 706 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 3074 last-modified Mon, 04 May 2020 16:11:47 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ec3-2087" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lOdvLrg97uzpuJbnmXoFF3kXaTo9mTfxCAZTLyKFB7UQZgxYa7W4ue3QA8TMNJ13EgoSozKLNNsqf4d3hHCMkRcMu2q6j0ZH5okaFKHtOeDpFqPrUZ%2F1C1dkcBmFWyi5em6aE%2FP%2FQlcy91O9E4Vf3CG0"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 85937c2a6c596f76-CDG expires Tue, 11 Feb 2025 01:34:09 GMT
GET		inpage.js lgmpcpglpngdoalbgeoldeajfclnhafa/	0 0
GET DATA	200 OK	truncated /	798 B 0		Stylesheet text/css
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 324b2843254e36a375dafbdcebc53d03275275e61811711cc763091e3df741cc Request headers accept-language fr-FR,fr;q=0.9 Referer http://server-193-29-104-49.da.direct/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Type text/css
GET		HR_gradient_dark.png 127.0.0.1/bin/cb1633718600/dist/assets/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

lgmpcpglpngdoalbgeoldeajfclnhafa

URL

chrome-extension://lgmpcpglpngdoalbgeoldeajfclnhafa/inpage.js

Domain

lgmpcpglpngdoalbgeoldeajfclnhafa

URL

chrome-extension://lgmpcpglpngdoalbgeoldeajfclnhafa/inpage.js

Domain

127.0.0.1

URL

http://127.0.0.1/bin/cb1633718600/dist/assets/HR_gradient_dark.png

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Apple (Online)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| $jscomp

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: chrome-extension://lgmpcpglpngdoalbgeoldeajfclnhafa/inpage.js Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: chrome-extension://lgmpcpglpngdoalbgeoldeajfclnhafa/inpage.js Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: http://server-193-29-104-49.da.direct/main.css Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://server-193-29-104-49.da.direct/files/saved_resource Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

127.0.0.1
cdnjs.cloudflare.com
code.jquery.com
lgmpcpglpngdoalbgeoldeajfclnhafa
server-193-29-104-49.da.direct
127.0.0.1
lgmpcpglpngdoalbgeoldeajfclnhafa
193.29.104.49
2606:4700::6811:180e
2a04:4e42:600::649
2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995
324b2843254e36a375dafbdcebc53d03275275e61811711cc763091e3df741cc
5332c07bf9add9bd96f07690305c23d6348639e6c74a6fc5027060c1802d5afd
923e10ea8f110f5444829b07607f873313c9a57d9de87cdcfad00647d54fbed4
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
bc30c0f9c31f9f847da3a882534ae3b0a1f66f2de6580f7dac55be9b408d86df