mta92.bentonsplace.net Open in urlscan Pro
193.143.1.171  Malicious Activity! Public Scan

2 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request start.php Show response mta92.bentonsplace.net/views/choice/tang/	45 KB 10 KB	351ms 119ms	Document text/html	193.143.1.171 PROTON66
General Check archive.org Show headers Download Go to Full URL https://mta92.bentonsplace.net/views/choice/tang/start.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.143.1.171 Moscow, Russian Federation, ASN198953 (PROTON66, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash 58ec99087fee6f0d610bfa9b177e6a7e80ce716515da52143b2839cd83a7131c Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Sat, 27 Apr 2024 23:07:51 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Pragma no-cache Server nginx/1.18.0 (Ubuntu) Transfer-Encoding chunked
GET H/1.1	200 OK	vendor.css mta92.bentonsplace.net/views/choice/tang/assets/css/	8 KB 9 KB	93ms 93ms	Stylesheet text/css	193.143.1.171 PROTON66
General Check archive.org Show headers Download Go to Full URL https://mta92.bentonsplace.net/views/choice/tang/assets/css/vendor.css Requested by Host: mta92.bentonsplace.net URL: https://mta92.bentonsplace.net/views/choice/tang/start.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.143.1.171 Moscow, Russian Federation, ASN198953 (PROTON66, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash bc128faf58e994f35c97843fef26e145f1fbd0de8f1ea8d805519741b56bf06b Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://mta92.bentonsplace.net/views/choice/tang/start.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sat, 27 Apr 2024 23:07:52 GMT Last-Modified Sat, 27 Apr 2024 10:40:28 GMT Server nginx/1.18.0 (Ubuntu) ETag "662cd61c-2145" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 8517
GET H/1.1	200 OK	global.css mta92.bentonsplace.net/views/choice/tang/assets/css/	198 KB 198 KB	188ms 93ms	Stylesheet text/css	193.143.1.171 PROTON66
General Check archive.org Show headers Download Go to Full URL https://mta92.bentonsplace.net/views/choice/tang/assets/css/global.css Requested by Host: mta92.bentonsplace.net URL: https://mta92.bentonsplace.net/views/choice/tang/start.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.143.1.171 Moscow, Russian Federation, ASN198953 (PROTON66, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash f18faea2b8326805410ad9abb95f111c81903f47733cfab9c20fc151c285037a Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://mta92.bentonsplace.net/views/choice/tang/start.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sat, 27 Apr 2024 23:07:52 GMT Last-Modified Sat, 27 Apr 2024 10:40:28 GMT Server nginx/1.18.0 (Ubuntu) ETag "662cd61c-31641" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 202305
GET H/1.1	200 OK	app.css mta92.bentonsplace.net/views/choice/tang/assets/css/	210 KB 211 KB	339ms 170ms	Stylesheet text/css	193.143.1.171 PROTON66
General Check archive.org Show headers Download Go to Full URL https://mta92.bentonsplace.net/views/choice/tang/assets/css/app.css Requested by Host: mta92.bentonsplace.net URL: https://mta92.bentonsplace.net/views/choice/tang/start.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.143.1.171 Moscow, Russian Federation, ASN198953 (PROTON66, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash 9c2223316e20edb06d750c9e8e94c760033bec8d6f552f6fe8785b6e2d35890a Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://mta92.bentonsplace.net/views/choice/tang/start.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sat, 27 Apr 2024 23:07:52 GMT Last-Modified Sat, 27 Apr 2024 10:40:28 GMT Server nginx/1.18.0 (Ubuntu) ETag "662cd61c-34987" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 215431
GET H/1.1	200 OK	icomoon.ttf mta92.bentonsplace.net/views/choice/tang/assets/fonts/	119 KB 119 KB	368ms 183ms	Font application/octet-stream	193.143.1.171 PROTON66
General Check archive.org Show headers Download Go to Full URL https://mta92.bentonsplace.net/views/choice/tang/assets/fonts/icomoon.ttf Requested by Host: mta92.bentonsplace.net URL: https://mta92.bentonsplace.net/views/choice/tang/start.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.143.1.171 Moscow, Russian Federation, ASN198953 (PROTON66, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash aedb9f7b494d182050df14a76ad3c13172f934031499c16e4c741f2a994a1c16 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://mta92.bentonsplace.net/views/choice/tang/start.php Origin https://mta92.bentonsplace.net Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sat, 27 Apr 2024 23:07:52 GMT Last-Modified Sat, 27 Apr 2024 10:40:28 GMT Server nginx/1.18.0 (Ubuntu) ETag "662cd61c-1dc94" Content-Type application/octet-stream Connection keep-alive Accept-Ranges bytes Content-Length 122004
GET H/1.1	200 OK	tangerine-logo-white.svg mta92.bentonsplace.net/views/choice/tang/assets/img/	3 KB 3 KB	287ms 96ms	Image image/svg+xml	193.143.1.171 PROTON66
General Check archive.org Show headers Download Go to Show image Full URL https://mta92.bentonsplace.net/views/choice/tang/assets/img/tangerine-logo-white.svg Requested by Host: mta92.bentonsplace.net URL: https://mta92.bentonsplace.net/views/choice/tang/start.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.143.1.171 Moscow, Russian Federation, ASN198953 (PROTON66, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash 0dc7a682c15073da65e89ead9adb16b5877e3b78b09a81c2e4d36e7b7c3322a5 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://mta92.bentonsplace.net/views/choice/tang/start.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sat, 27 Apr 2024 23:07:52 GMT Last-Modified Sat, 27 Apr 2024 10:40:28 GMT Server nginx/1.18.0 (Ubuntu) ETag "662cd61c-bb1" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 2993
GET H/1.1	200 OK	icon_DownArrow-white.svg mta92.bentonsplace.net/views/choice/tang/assets/fonts/	813 B 1 KB	91ms 91ms	Image image/svg+xml	193.143.1.171 PROTON66
General Check archive.org Show headers Download Go to Show image Full URL https://mta92.bentonsplace.net/views/choice/tang/assets/fonts/icon_DownArrow-white.svg Requested by Host: mta92.bentonsplace.net URL: https://mta92.bentonsplace.net/views/choice/tang/start.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.143.1.171 Moscow, Russian Federation, ASN198953 (PROTON66, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash c0faef666af1a9e984c6d7ab4823de034ca9dacc8c1f9f637af91cf8c9e49346 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://mta92.bentonsplace.net/views/choice/tang/start.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sat, 27 Apr 2024 23:07:52 GMT Last-Modified Sat, 27 Apr 2024 10:40:28 GMT Server nginx/1.18.0 (Ubuntu) ETag "662cd61c-32d" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 813
GET H2	200	css2 fonts.googleapis.com/	569 B 775 B	144ms 50ms	Stylesheet text/css	2a00:1450:4001:81c::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Material+Icons Requested by Host: mta92.bentonsplace.net URL: https://mta92.bentonsplace.net/views/choice/tang/start.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 36b2057eb5eef261a2cbb8c149dcf3a11edaa15ccd8e3d462eb34999f5ff8f2a Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://mta92.bentonsplace.net/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Sat, 27 Apr 2024 23:07:52 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Sat, 27 Apr 2024 23:07:52 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Sat, 27 Apr 2024 23:07:52 GMT
GET H/1.1	200 OK	login.css mta92.bentonsplace.net/views/choice/tang/assets/	162 KB 162 KB	352ms 176ms	Stylesheet text/css	193.143.1.171 PROTON66
General Check archive.org Show headers Download Go to Full URL https://mta92.bentonsplace.net/views/choice/tang/assets/login.css Requested by Host: mta92.bentonsplace.net URL: https://mta92.bentonsplace.net/views/choice/tang/start.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.143.1.171 Moscow, Russian Federation, ASN198953 (PROTON66, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash 65eb9690f13a6bf70c947b9bd8ad5673ec1cee2285e667cfa754cc2b307a00f9 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://mta92.bentonsplace.net/views/choice/tang/start.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sat, 27 Apr 2024 23:07:52 GMT Last-Modified Sat, 27 Apr 2024 10:40:28 GMT Server nginx/1.18.0 (Ubuntu) ETag "662cd61c-2873c" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 165692
GET H2	200	jquery-3.6.0.min.js Show response code.jquery.com/	87 KB 30 KB	125ms 38ms	Script application/javascript	2a04:4e42:600::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.6.0.min.js Requested by Host: mta92.bentonsplace.net URL: https://mta92.bentonsplace.net/views/choice/tang/start.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://mta92.bentonsplace.net/ Origin https://mta92.bentonsplace.net Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 27 Apr 2024 23:07:52 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 115452 x-cache HIT, HIT content-length 30875 x-served-by cache-lga21931-LGA, cache-cph2320032-CPH last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1714259272.095032,VS0,VE0 etag W/"28feccc0-15d9d" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 60, 17855
GET H/1.1	200 OK	brand-white.png mta92.bentonsplace.net/views/choice/tang/assets/files/	2 KB 3 KB	188ms 94ms	Image image/png	193.143.1.171 PROTON66
General Check archive.org Show headers Download Go to Show image Full URL https://mta92.bentonsplace.net/views/choice/tang/assets/files/brand-white.png Requested by Host: mta92.bentonsplace.net URL: https://mta92.bentonsplace.net/views/choice/tang/start.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.143.1.171 Moscow, Russian Federation, ASN198953 (PROTON66, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash a900806f01bb127b471228bf4598a6c907fd1b26eae4f2c7c95cefd3adb5f9ec Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://mta92.bentonsplace.net/views/choice/tang/start.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sat, 27 Apr 2024 23:07:52 GMT Last-Modified Sat, 27 Apr 2024 10:40:28 GMT Server nginx/1.18.0 (Ubuntu) ETag "662cd61c-99a" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 2458
GET H/1.1	200 OK	brand-orange.png mta92.bentonsplace.net/views/choice/tang/assets/files/	2 KB 3 KB	93ms 93ms	Image image/png	193.143.1.171 PROTON66
General Check archive.org Show headers Download Go to Show image Full URL https://mta92.bentonsplace.net/views/choice/tang/assets/files/brand-orange.png Requested by Host: mta92.bentonsplace.net URL: https://mta92.bentonsplace.net/views/choice/tang/start.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.143.1.171 Moscow, Russian Federation, ASN198953 (PROTON66, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash b0c0092ef63e49ce2ca0c56290809c62cbd0f6c6fbf8fc5824fc183f5b49a3b8 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://mta92.bentonsplace.net/views/choice/tang/start.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sat, 27 Apr 2024 23:07:52 GMT Last-Modified Sat, 27 Apr 2024 10:40:28 GMT Server nginx/1.18.0 (Ubuntu) ETag "662cd61c-99e" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 2462
GET H/1.1	200 OK	loading.gif mta92.bentonsplace.net/views/choice/tang/assets/	163 KB 163 KB	190ms 189ms	Image image/gif	193.143.1.171 PROTON66
General Check archive.org Show headers Download Go to Show image Full URL https://mta92.bentonsplace.net/views/choice/tang/assets/loading.gif Requested by Host: mta92.bentonsplace.net URL: https://mta92.bentonsplace.net/views/choice/tang/start.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.143.1.171 Moscow, Russian Federation, ASN198953 (PROTON66, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash e07efed33aec4356ba72efae1eea9fbe1e922bd270ddbd0dd1a028b5a6db4140 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://mta92.bentonsplace.net/views/choice/tang/start.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sat, 27 Apr 2024 23:07:52 GMT Last-Modified Sat, 27 Apr 2024 10:40:28 GMT Server nginx/1.18.0 (Ubuntu) ETag "662cd61c-28a42" Content-Type image/gif Connection keep-alive Accept-Ranges bytes Content-Length 166466
GET H/1.1	200 OK	global.css mta92.bentonsplace.net/views/choice/tang/assets/css/	198 KB 198 KB	92ms 92ms	Stylesheet text/css	193.143.1.171 PROTON66
General Check archive.org Show headers Download Go to Full URL https://mta92.bentonsplace.net/views/choice/tang/assets/css/global.css Requested by Host: mta92.bentonsplace.net URL: https://mta92.bentonsplace.net/views/choice/tang/start.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.143.1.171 Moscow, Russian Federation, ASN198953 (PROTON66, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash f18faea2b8326805410ad9abb95f111c81903f47733cfab9c20fc151c285037a Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://mta92.bentonsplace.net/views/choice/tang/start.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sat, 27 Apr 2024 23:07:52 GMT Last-Modified Sat, 27 Apr 2024 10:40:28 GMT Server nginx/1.18.0 (Ubuntu) ETag "662cd61c-31641" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 202305
GET H/1.1	200 OK	app.css mta92.bentonsplace.net/views/choice/tang/assets/css/	210 KB 211 KB	84ms 84ms	Stylesheet text/css	193.143.1.171 PROTON66
General Check archive.org Show headers Download Go to Full URL https://mta92.bentonsplace.net/views/choice/tang/assets/css/app.css Requested by Host: mta92.bentonsplace.net URL: https://mta92.bentonsplace.net/views/choice/tang/start.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.143.1.171 Moscow, Russian Federation, ASN198953 (PROTON66, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash 9c2223316e20edb06d750c9e8e94c760033bec8d6f552f6fe8785b6e2d35890a Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://mta92.bentonsplace.net/views/choice/tang/start.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sat, 27 Apr 2024 23:07:52 GMT Last-Modified Sat, 27 Apr 2024 10:40:28 GMT Server nginx/1.18.0 (Ubuntu) ETag "662cd61c-34987" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 215431
POST H/1.1	200 OK	updateVisitor.php Show response mta92.bentonsplace.net/app/php/	349 B 676 B	708ms 708ms	XHR text/html	193.143.1.171 PROTON66
General Check archive.org Show headers Download Go to Full URL https://mta92.bentonsplace.net/app/php/updateVisitor.php Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-3.6.0.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.143.1.171 Moscow, Russian Federation, ASN198953 (PROTON66, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash 88c2ac66c367ed11c6046e293141951b5de0ba487dc82aa9b0be14f21b730caf Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Content-Type application/json Accept */* Referer https://mta92.bentonsplace.net/views/choice/tang/start.php X-Requested-With XMLHttpRequest sec-ch-ua-platform "Win32" Response headers Pragma no-cache Date Sat, 27 Apr 2024 23:07:53 GMT Content-Encoding gzip Server nginx/1.18.0 (Ubuntu) Transfer-Encoding chunked Access-Control-Allow-Methods GET, POST, OPTIONS, PUT, PATCH, DELETE Content-Type text/html; charset=UTF-8 Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate Access-Control-Allow-Credentials true Connection keep-alive Access-Control-Allow-Headers X-Requested-With, Content-Type Expires Thu, 19 Nov 1981 08:52:00 GMT
GET H/1.1	200 OK	tangerine-logo-white.svg mta92.bentonsplace.net/views/choice/tang/assets/img/	3 KB 3 KB	93ms 93ms	Image image/svg+xml	193.143.1.171 PROTON66
General Check archive.org Show headers Download Go to Show image Full URL https://mta92.bentonsplace.net/views/choice/tang/assets/img/tangerine-logo-white.svg Requested by Host: mta92.bentonsplace.net URL: https://mta92.bentonsplace.net/views/choice/tang/start.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.143.1.171 Moscow, Russian Federation, ASN198953 (PROTON66, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash 0dc7a682c15073da65e89ead9adb16b5877e3b78b09a81c2e4d36e7b7c3322a5 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://mta92.bentonsplace.net/views/choice/tang/start.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sat, 27 Apr 2024 23:07:52 GMT Last-Modified Sat, 27 Apr 2024 10:40:28 GMT Server nginx/1.18.0 (Ubuntu) ETag "662cd61c-bb1" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 2993
POST H/1.1	200 OK	check_activity.php Show response mta92.bentonsplace.net/app/php/	349 B 676 B	1343ms 1303ms	XHR text/html	193.143.1.171 PROTON66
General Check archive.org Show headers Download Go to Full URL https://mta92.bentonsplace.net/app/php/check_activity.php Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-3.6.0.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.143.1.171 Moscow, Russian Federation, ASN198953 (PROTON66, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash 88c2ac66c367ed11c6046e293141951b5de0ba487dc82aa9b0be14f21b730caf Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Content-Type application/json Accept */* Referer https://mta92.bentonsplace.net/views/choice/tang/start.php X-Requested-With XMLHttpRequest sec-ch-ua-platform "Win32" Response headers Pragma no-cache Date Sat, 27 Apr 2024 23:07:53 GMT Content-Encoding gzip Server nginx/1.18.0 (Ubuntu) Transfer-Encoding chunked Access-Control-Allow-Methods GET, POST, OPTIONS, PUT, PATCH, DELETE Content-Type text/html; charset=UTF-8 Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate Access-Control-Allow-Credentials true Connection keep-alive Access-Control-Allow-Headers X-Requested-With, Content-Type Expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 fonts.gstatic.com/s/materialicons/v142/	125 KB 126 KB	130ms 41ms	Font font/woff2	2a00:1450:4001:812::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Material+Icons Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://fonts.googleapis.com/ Origin https://mta92.bentonsplace.net Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 22 Apr 2024 19:45:43 GMT x-content-type-options nosniff age 444129 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 128352 x-xss-protection 0 last-modified Mon, 08 Apr 2024 19:04:47 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 22 Apr 2025 19:45:43 GMT
GET H/1.1	200 OK	favicon.ico mta92.bentonsplace.net/views/choice/tang/	4 KB 2 KB	1090ms 1090ms	Other text/html	193.143.1.171 PROTON66
General Check archive.org Show headers Download Go to Full URL https://mta92.bentonsplace.net/views/choice/tang/favicon.ico Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 193.143.1.171 Moscow, Russian Federation, ASN198953 (PROTON66, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash f86a5ed1f426b9fcd3db4827a62a0a798f691946698aa5df64d8f1ff280d41ae Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://mta92.bentonsplace.net/views/choice/tang/start.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Pragma no-cache Date Sat, 27 Apr 2024 23:07:53 GMT Content-Encoding gzip Server nginx/1.18.0 (Ubuntu) Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Expires Thu, 19 Nov 1981 08:52:00 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Tangerine Bank (Banking)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| config object| data function| setCustomMessage function| sendActivityToServer object| inputs function| resetTimer

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			mta92.bentonsplace.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: 50nvubvdtgb0uslml8qdmgctms
			mta92.bentonsplace.net/	1970-01-20 20:54:11	Name: has_questions Value: 1

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://mta92.bentonsplace.net/views/choice/tang/start.php Message: The resource https://mta92.bentonsplace.net/views/choice/tang/assets/fonts/icomoon.ttf was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://mta92.bentonsplace.net/views/choice/tang/start.php Message: The resource https://mta92.bentonsplace.net/views/choice/tang/assets/fonts/icon_DownArrow-white.svg was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
mta92.bentonsplace.net
193.143.1.171
2a00:1450:4001:812::2003
2a00:1450:4001:81c::200a
2a04:4e42:600::649
0dc7a682c15073da65e89ead9adb16b5877e3b78b09a81c2e4d36e7b7c3322a5
36b2057eb5eef261a2cbb8c149dcf3a11edaa15ccd8e3d462eb34999f5ff8f2a
58ec99087fee6f0d610bfa9b177e6a7e80ce716515da52143b2839cd83a7131c
65eb9690f13a6bf70c947b9bd8ad5673ec1cee2285e667cfa754cc2b307a00f9
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
88c2ac66c367ed11c6046e293141951b5de0ba487dc82aa9b0be14f21b730caf
9c2223316e20edb06d750c9e8e94c760033bec8d6f552f6fe8785b6e2d35890a
a900806f01bb127b471228bf4598a6c907fd1b26eae4f2c7c95cefd3adb5f9ec
aedb9f7b494d182050df14a76ad3c13172f934031499c16e4c741f2a994a1c16
b0c0092ef63e49ce2ca0c56290809c62cbd0f6c6fbf8fc5824fc183f5b49a3b8
bc128faf58e994f35c97843fef26e145f1fbd0de8f1ea8d805519741b56bf06b
c0faef666af1a9e984c6d7ab4823de034ca9dacc8c1f9f637af91cf8c9e49346
e07efed33aec4356ba72efae1eea9fbe1e922bd270ddbd0dd1a028b5a6db4140
f18faea2b8326805410ad9abb95f111c81903f47733cfab9c20fc151c285037a
f86a5ed1f426b9fcd3db4827a62a0a798f691946698aa5df64d8f1ff280d41ae
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e