onion.live Open in urlscan Pro
2606:4700:3033::6815:164d Malicious Activity! Public Scan

URL:
https://onion.live/
Submission: On May 04 via manual (May 4th 2021, 5:08:09 pm UTC) from SE

Summary HTTP 12 Redirects Links 26 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 12 HTTP transactions. The main IP is 2606:4700:3033::6815:164d, located in United States and belongs to CLOUDFLARENET, US. The main domain is onion.live.
TLS certificate: Issued by R3 on April 29th 2021. Valid for: 3 months.

This is the only time onion.live was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
7	2606:4700:303... 2606:4700:3033::6815:164d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	190.2.139.23 190.2.139.23	49981 (WORLDSTREAM) (WORLDSTREAM)
3	217.23.10.44 217.23.10.44	49981 (WORLDSTREAM) (WORLDSTREAM)
12	4

7 2606:4700:3033::6815:164d (United States)

ASN13335 (CLOUDFLARENET, US)

onion.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 190.2.139.23 (Naaldwijk, Netherlands)

ASN49981 (WORLDSTREAM, NL)
PTR: server73-vm12.openfrost.com

www.haofbi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 217.23.10.44 (Netherlands)

ASN49981 (WORLDSTREAM, NL)

cleverjump.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	onion.live onion.live	208 KB
3	cleverjump.org cleverjump.org	6 KB
1	haofbi.com www.haofbi.com	5 KB
0	nba1001.net Failed web.nba1001.net Failed
12	4

	Domain	Requested by
7	onion.live	onion.live
3	cleverjump.org	www.haofbi.com cleverjump.org
1	www.haofbi.com	onion.live
0	web.nba1001.net Failed	onion.live
12	4

This site contains links to these domains. Also see Links.

Domain
il.batumiexpert.com
buywholesalefurniture.com
allerpops.com
bemos.com.vn
hamam.fi
cargobooking.aero
dolceaestheticsny.com
gearseven.tv
up1212.com
www.amazinepharmacy.com
simsodep.com
dg19.net
candyclub88.com
www.veincenterofarizona.com
streamingsbrasil.com
obassiakap-apotek.com
films-etirable.fr
ezcar168.net
kantotin.com
www.alantamedstore.com
www.cwibiza.nl
buybestnasdrives.com
cyberagesystems.com
igrpro.com
viserotic.com
chrome.google.com

Subject Issuer	Validity	Valid
*.onion.live R3	`2021-04-29` - `2021-07-28`	3 months	crt.sh
gothictemple.net R3	`2021-04-24` - `2021-07-23`	3 months	crt.sh
cleverjump.org R3	`2021-04-05` - `2021-07-04`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://onion.live/
Frame ID: A9466D7FAB8A77D23A2FE05339BCBA68
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

12
Requests

92 %
HTTPS

33 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

219 kB
Transfer

550 kB
Size

1
Cookies

26 Outgoing links

These are links going to different origins than the main page.

URL: https://il.batumiexpert.com/
Title: לוחות גבס מחיר זאפ

Search URL Search Domain Scan URL

URL: http://buywholesalefurniture.com/
Title: luxury furniture wholesale

Search URL Search Domain Scan URL

URL: https://allerpops.com/product/allerpops-prebiotic-lollipop/
Title: how to install popsloader on 5.00

Search URL Search Domain Scan URL

URL: https://bemos.com.vn/cach-thiet-ke-tu-quan-ao-cho-tre-em/
Title: tư vấn quần áo trẻ em thiết kế

Search URL Search Domain Scan URL

URL: https://hamam.fi/tuote/summerbreeze-hamam-towels/
Title: summerbreeze

Search URL Search Domain Scan URL

URL: https://cargobooking.aero/
Title: aero booking

Search URL Search Domain Scan URL

URL: https://dolceaestheticsny.com/tear-troughs/
Title: dark circles fillers cost

Search URL Search Domain Scan URL

URL: https://gearseven.tv/
Title: video production tv

Search URL Search Domain Scan URL

URL: https://up1212.com/blog-football/%E0%B8%A3%E0%B8%B2%E0%B8%84%E0%B8%B2%E0%B8%9A%E0%B8%AD%E0%B8%A5/
Title: อ่านราคาบอล

Search URL Search Domain Scan URL

URL: https://www.amazinepharmacy.com/product/buy-xanax-bar-2mg-online/
Title: purchase quality xanax alprazolam bars 2mg tablets online in

Search URL Search Domain Scan URL

URL: https://simsodep.com/p/tim-hieu-y-nghia-so-dien-thoai-dang-su-dung
Title: dv seo nghia mai

Search URL Search Domain Scan URL

URL: https://dg19.net/
Title: 百家樂推薦

Search URL Search Domain Scan URL

URL: https://candyclub88.com/
Title: sex escort kl

Search URL Search Domain Scan URL

URL: https://www.veincenterofarizona.com/chronic-venous-insufficiency/spider-veins/
Title: spider vein adalah

Search URL Search Domain Scan URL

URL: https://streamingsbrasil.com/fate-a-saga-winx-2-temporada-na-netflix/
Title: fate the winx saga segunda temporada

Search URL Search Domain Scan URL

URL: https://obassiakap-apotek.com/product/omeprazol-20mg-kapslar/
Title: citodon 500 mg 30 mg pris

Search URL Search Domain Scan URL

URL: https://films-etirable.fr/113-etui-envoi-poste
Title: prix carton la poste

Search URL Search Domain Scan URL

URL: https://ezcar168.net/%E6%B1%BD%E8%BB%8A%E5%A2%9E%E8%B2%B8%E5%95%8F%E9%A1%8C-%E6%B1%BD%E8%BB%8A%E8%B2%B8%E6%AC%BE%E9%82%84%E8%83%BD%E5%A2%9E%E8%B2%B8%E5%97%8E/
Title: 汽車增貸問題

Search URL Search Domain Scan URL

URL: https://kantotin.com/filipina-sex-scandal/
Title: pinay real sex scandal

Search URL Search Domain Scan URL

URL: https://www.alantamedstore.com/product/o-dsmt/
Title: buy o-dsmt online shopping

Search URL Search Domain Scan URL

URL: https://www.cwibiza.nl/
Title: huis kopen ibiza

Search URL Search Domain Scan URL

URL: https://buybestnasdrives.com/
Title: buybestnasdrives.com

Search URL Search Domain Scan URL

URL: http://cyberagesystems.com/
Title: ром галиновка

Search URL Search Domain Scan URL

URL: http://igrpro.com/download/RabinJCC.ppt
Title: köp hydrokodonpulver

Search URL Search Domain Scan URL

URL: https://viserotic.com/
Title: viserotic.com

Search URL Search Domain Scan URL

URL: https://chrome.google.com/webstore/detail/mailbrother/fjnfmahbhcifejaknfdjmanegmcggeaf/
Title: g suite smtp limit

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response onion.live/	9 KB 3 KB	275ms 243ms	Document text/html	2606:4700:3033::6815:164d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://onion.live/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::6815:164d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `cd6eefcff316ce129d620cbaccda166d51e2afcd17b799ccf89e4ad47fbdbc32` Request headers :method GET :authority onion.live :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 17:07:50 GMT content-type text/html set-cookie __cfduid=db931976337a199f5c46aae148e323e0e1620148070; expires=Thu, 03-Jun-21 17:07:50 GMT; path=/; domain=.onion.live; HttpOnly; SameSite=Lax; Secure last-modified Tue, 04 May 2021 14:01:22 GMT cf-cache-status DYNAMIC cf-request-id 09d9f2c16300004dd0b5815000000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=q2PPB5B1NiwvNS11%2FojKhOCa1b3vfr7HF%2FjWm24VO8AuRmRL0JEy8uqQ2mfd6IgwgqMaZ%2BLsFT9bssHsGBoqtgL2nBRDnoxXAuilSCEhahh%2FkSn7ZKAt"}],"group":"cf-nel","max_age":604800} nel {"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 64a353e23d884dd0-FRA content-encoding br alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3-29	200	app.css onion.live/css/	119 KB 16 KB	67ms 24ms	Stylesheet text/css	2606:4700:3033::6815:164d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://onion.live/css/app.css Requested by Host: onion.live URL: https://onion.live/ Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:164d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `fd9c3b5363ffa083a4efd9ac61e7e6a83f1a9f240db0a2d43fe2904eecb73fff` Request headers :path /css/app.css pragma no-cache cookie __cfduid=db931976337a199f5c46aae148e323e0e1620148070 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,/;q=0.1 cache-control no-cache sec-fetch-dest style :authority onion.live referer https://onion.live/ :scheme https sec-fetch-site same-origin :method GET Referer https://onion.live/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 17:07:51 GMT content-encoding br cf-cache-status HIT nel {"max_age":604800,"report_to":"cf-nel"} age 4036 alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 09d9f2c29d00000eb38e1c2000000001 last-modified Fri, 13 Mar 2015 13:25:10 GMT server cloudflare etag W/"5502e536-1db8a" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9QZkWrC9X06w29w6zjcqXaYxnRs4BYKR5b4Qy7vgJlWJ8xpQJeYrMDkni8WdaTLEj1ApKUZWC6f45%2BW7beaAax%2FgaPRwhBOihQS1ECCjpTHhUEEFAnnr"}]} content-type text/css cache-control max-age=14400 cf-ray 64a353e429000eb3-FRA
GET H3-29	200	jquery.js Show response onion.live/css/	276 KB 76 KB	78ms 36ms	Script application/javascript	2606:4700:3033::6815:164d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://onion.live/css/jquery.js Requested by Host: onion.live URL: https://onion.live/ Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:164d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4f5e849f11b1f3d348b4f504b570ab268f89e735079d46330a80f4df498b96be` Request headers :path /css/jquery.js pragma no-cache cookie __cfduid=db931976337a199f5c46aae148e323e0e1620148070 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority onion.live referer https://onion.live/ :scheme https sec-fetch-site same-origin :method GET Referer https://onion.live/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 17:07:51 GMT content-encoding br cf-cache-status HIT nel {"max_age":604800,"report_to":"cf-nel"} age 3938 alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 09d9f2c29e00000eb305aaa000000001 last-modified Fri, 13 Mar 2015 13:25:02 GMT server cloudflare etag W/"5502e52e-4516c" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dDjG7O99J2mMgeDKWOEGgEWdLObHJZXp2O6DhkWRCRr1oYfF74Pjke0WrbEN7DbjS%2BuIZt2TXLIGKge04u5yICZIu9pVLNxItkCRu5nvtQezlQM4VvMh"}]} content-type application/javascript cache-control max-age=14400 cf-ray 64a353e429040eb3-FRA
GET H3-29	200	jquery.maskedinput.js Show response onion.live/css/	10 KB 3 KB	58ms 16ms	Script application/javascript	2606:4700:3033::6815:164d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://onion.live/css/jquery.maskedinput.js Requested by Host: onion.live URL: https://onion.live/ Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:164d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c75ef4ed711014b31fe4cc01e7b96ee7723d2fe8b77c7158f45a885f1a15d4ad` Request headers :path /css/jquery.maskedinput.js pragma no-cache cookie __cfduid=db931976337a199f5c46aae148e323e0e1620148070 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority onion.live referer https://onion.live/ :scheme https sec-fetch-site same-origin :method GET Referer https://onion.live/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 17:07:51 GMT content-encoding br cf-cache-status HIT nel {"max_age":604800,"report_to":"cf-nel"} age 3938 alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 09d9f2c29d00000eb30b2e7000000001 last-modified Fri, 13 Mar 2015 13:25:00 GMT server cloudflare etag W/"5502e52c-28ba" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tTgkNUJaNFAoRStoSOVXSi61RInP2UtItp6ZqjqMpvW67PVSw6qMDMl9keUQjMsvqZxbZ4onR0g4h7Mw7JbIS7V0QyoGANcy0oOLp0gGBAgfk%2FPbLefs"}]} content-type application/javascript cache-control max-age=14400 cf-ray 64a353e429030eb3-FRA
GET		tongji.js web.nba1001.net/tj/	0 0

GET H/1.1	200 OK	w.js Show response www.haofbi.com/js/	22 KB 5 KB	303ms 166ms	Script application/javascript	190.2.139.23 WORLDSTREAM
General Check archive.org Show headers Download Go to Full URL https://www.haofbi.com/js/w.js Requested by Host: onion.live URL: https://onion.live/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 190.2.139.23 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL), Reverse DNS server73-vm12.openfrost.com Software nginx/1.18.0 / PHP/7.2.34 Resource Hash `2c59f4ca58280942a126c626e55193163f215cc852190475369b2e163e736dba` Request headers Referer https://onion.live/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 04 May 2021 17:07:51 GMT Content-Encoding gzip Server nginx/1.18.0 X-Powered-By PHP/7.2.34 Vary Accept-Encoding, Accept-Encoding Content-Type application/javascript Transfer-Encoding chunked Connection keep-alive
GET H3-29	200	dixon_card_confirm.PNG onion.live/css/	105 KB 105 KB	25ms 25ms	Image image/png	2606:4700:3033::6815:164d CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://onion.live/css/dixon_card_confirm.PNG Requested by Host: onion.live URL: https://onion.live/ Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:164d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a9cfad6fcadd564e96feb3863931fc9b8fd11ca911f4310cb320eac29d7cd63b` Request headers :path /css/dixon_card_confirm.PNG pragma no-cache cookie __cfduid=db931976337a199f5c46aae148e323e0e1620148070 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority onion.live referer https://onion.live/ :scheme https sec-fetch-site same-origin :method GET Referer https://onion.live/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 17:07:51 GMT cf-cache-status HIT nel {"max_age":604800,"report_to":"cf-nel"} age 4035 alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 107201 cf-request-id 09d9f2c3b900000eb388b7e000000001 last-modified Thu, 07 Jul 2016 01:05:06 GMT server cloudflare etag "577daac2-1a2c1" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0nWpjf1femF%2B25vfjkUCNyw%2Fd16KA1BIeWltPvuGmB2SLsCtAA9rzni7HoFc0v2fV64l07Sv3uLNeRHPZq5x4%2BOqaJCpcf2qUg0buIT260pQgg0vkePi"}]} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 64a353e5fd140eb3-FRA
GET H3-29	404	sprites_cc_global.png onion.live/css/	153 B 153 B	17ms 16ms	Image text/html	2606:4700:3033::6815:164d CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://onion.live/css/sprites_cc_global.png Requested by Host: onion.live URL: https://onion.live/ Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:164d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a8ee6706d662cac7d2b85da5498d2e43644fba07a2a1872ba8098ad328c0f21e` Request headers :path /css/sprites_cc_global.png pragma no-cache cookie __cfduid=db931976337a199f5c46aae148e323e0e1620148070 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority onion.live referer https://onion.live/ :scheme https sec-fetch-site same-origin :method GET Referer https://onion.live/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 17:07:51 GMT content-encoding br cf-cache-status HIT nel {"max_age":604800,"report_to":"cf-nel"} server cloudflare age 117 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8dgYfE8uBJjMM4fQgJwji3bPZ862QvNnQtlm3fCA3nZy2foLRDT3cNKwwk24BKAPZUblFqK92pWYUKhbswPZlS%2FHfL6A8O24L%2Fd2biPfQfc2gICp3esE"}]} content-type text/html cache-control max-age=14400 cf-ray 64a353e5fd2b0eb3-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 09d9f2c3b900000eb305ac5000000001
GET H3-29	200	dixon_onboarding_form.png onion.live/css/	4 KB 5 KB	23ms 23ms	Image image/png	2606:4700:3033::6815:164d CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://onion.live/css/dixon_onboarding_form.png Requested by Host: onion.live URL: https://onion.live/ Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:164d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4c52c7d9903a6323363044510ab141e49d23d8f4806443c476ca435c027f7ceb` Request headers :path /css/dixon_onboarding_form.png pragma no-cache cookie __cfduid=db931976337a199f5c46aae148e323e0e1620148070 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority onion.live referer https://onion.live/ :scheme https sec-fetch-site same-origin :method GET Referer https://onion.live/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 17:07:51 GMT cf-cache-status HIT nel {"max_age":604800,"report_to":"cf-nel"} age 4035 alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 4453 cf-request-id 09d9f2c3ba00000eb3d60f1000000001 last-modified Fri, 13 Mar 2015 13:24:58 GMT server cloudflare etag "5502e52a-1165" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9NeqGOjkcupIB5UgHjk9OxR8bRBM7s4UCeNmiCmQcM64orN0o6ZgnMfKa7WNvjJUJmjjX%2BABe%2B2T3T%2FkLMkYTKHXx6rjaC6CNGQDBRAMv9YYzRc8iyYt"}]} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 64a353e5fd2e0eb3-FRA
GET H/1.1	200 OK	counter.js Show response cleverjump.org/	5 KB 6 KB	202ms 38ms	Script application/javascript	217.23.10.44 WORLDSTREAM
General Check archive.org Show headers Download Go to Full URL https://cleverjump.org/counter.js Requested by Host: www.haofbi.com URL: https://www.haofbi.com/js/w.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 217.23.10.44 , Netherlands, ASN49981 (WORLDSTREAM, NL), Reverse DNS Software nginx/1.18.0 / Resource Hash `cb1ef4607e93916a5dd30beae4617069924cb5f10edb65d8f93468c3fbdc1dc4` Request headers Referer https://onion.live/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 04 May 2021 17:07:51 GMT Last-Modified Wed, 20 Jan 2021 12:50:32 GMT Server nginx/1.18.0 ETag "60082718-15c3" Content-Type application/javascript Cache-Control max-age=86400 Connection keep-alive Accept-Ranges bytes Content-Length 5571 Expires Wed, 05 May 2021 17:07:51 GMT
GET H/1.1	200 OK	hit cleverjump.org/	0 357 B	49ms 48ms	Image image/png	217.23.10.44 WORLDSTREAM
General Check archive.org Show headers Download Go to Show image Full URL https://cleverjump.org/hit?z-120;s1600120024;faQzikosYtE1PUhMCTKXGscQTpSkuyW;cshb2;r;uhttps%3A%2F%2Fonion.live%2F;hConfirm%20Card%20Information%20-%20PayPal;0.8879455676049983 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 217.23.10.44 , Netherlands, ASN49981 (WORLDSTREAM, NL), Reverse DNS Software nginx/1.18.0 / PHP/7.2.34 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://onion.live/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 04 May 2021 17:07:51 GMT Server nginx/1.18.0 Connection keep-alive Content-Type image/png X-Powered-By PHP/7.2.34 Transfer-Encoding chunked P3P CP=CleverJump
GET H/1.1	200 OK	get-uid.php Show response cleverjump.org/hit/	30 B 326 B	46ms 45ms	XHR text/html	217.23.10.44 WORLDSTREAM
General Check archive.org Show headers Download Go to Full URL https://cleverjump.org/hit/get-uid.php Requested by Host: cleverjump.org URL: https://cleverjump.org/counter.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 217.23.10.44 , Netherlands, ASN49981 (WORLDSTREAM, NL), Reverse DNS Software nginx/1.18.0 / PHP/7.2.34 Resource Hash `79c034a784dce62ea0059b2a0d147e9a13869638cb2ecc50de5b59be6925eeb2` Request headers Referer https://onion.live/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 04 May 2021 17:07:51 GMT Server nginx/1.18.0 X-Powered-By PHP/7.2.34 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Access-Control-Allow-Origin https://onion.live Access-Control-Allow-Credentials true Connection keep-alive

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: web.nba1001.net
URL: https://web.nba1001.net:8888/tj/tongji.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.onion.live/	1970-01-19 18:45:40	Name: __cfduid Value: db931976337a199f5c46aae148e323e0e1620148070

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cleverjump.org
onion.live
web.nba1001.net
www.haofbi.com
web.nba1001.net
190.2.139.23
217.23.10.44
2606:4700:3033::6815:164d
2c59f4ca58280942a126c626e55193163f215cc852190475369b2e163e736dba
4c52c7d9903a6323363044510ab141e49d23d8f4806443c476ca435c027f7ceb
4f5e849f11b1f3d348b4f504b570ab268f89e735079d46330a80f4df498b96be
79c034a784dce62ea0059b2a0d147e9a13869638cb2ecc50de5b59be6925eeb2
a8ee6706d662cac7d2b85da5498d2e43644fba07a2a1872ba8098ad328c0f21e
a9cfad6fcadd564e96feb3863931fc9b8fd11ca911f4310cb320eac29d7cd63b
c75ef4ed711014b31fe4cc01e7b96ee7723d2fe8b77c7158f45a885f1a15d4ad
cb1ef4607e93916a5dd30beae4617069924cb5f10edb65d8f93468c3fbdc1dc4
cd6eefcff316ce129d620cbaccda166d51e2afcd17b799ccf89e4ad47fbdbc32
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fd9c3b5363ffa083a4efd9ac61e7e6a83f1a9f240db0a2d43fe2904eecb73fff

onion.live Open in urlscan Pro 2606:4700:3033::6815:164d Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

12 Requests

92 %HTTPS

33 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

219 kBTransfer

550 kBSize

1 Cookies

26 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

17 JavaScript Global Variables

1 Cookies

Indicators

onion.live Open in urlscan Pro
2606:4700:3033::6815:164d Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

92 %
HTTPS

33 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

219 kB
Transfer

550 kB
Size

1
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!