cndjeopxqf.emplexes.tech
Open in
urlscan Pro
162.0.213.15
Malicious Activity!
Public Scan
Effective URL: https://cndjeopxqf.emplexes.tech/m/419263b72a8bcfcaf02f0b1195448491.html
Submission: On August 17 via manual — Scanned from DE
Summary
TLS certificate: Issued by R3 on August 17th 2023. Valid for: 3 months.
This is the only time cndjeopxqf.emplexes.tech was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 34.203.61.228 34.203.61.228 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 185.61.154.193 185.61.154.193 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 6 | 162.0.213.15 162.0.213.15 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
2 | 2606:4700::68... 2606:4700::6812:691 | () () | |
1 | 2a00:1450:400... 2a00:1450:4001:809::200a | () () | |
13 | 6 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-203-61-228.compute-1.amazonaws.com
email.cloud2.secureclick.net |
ASN22612 (NAMECHEAP-NET, US)
PTR: premium82-2.web-hosting.com
cndjeopxqf.talktotonia.com |
ASN22612 (NAMECHEAP-NET, US)
PTR: svr4.dkshostpage.host
cndjeopxqf.emplexes.tech |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
emplexes.tech
1 redirects
cndjeopxqf.emplexes.tech |
26 KB |
2 |
fleek.co
falling-mud-0653.on.fleek.co |
75 KB |
1 |
googleapis.com
ajax.googleapis.com |
31 KB |
1 |
talktotonia.com
cndjeopxqf.talktotonia.com Failed |
429 B |
1 |
everworkinc.com
iueuieuieireokd.everworkinc.com |
2 KB |
1 |
secureclick.net
1 redirects
email.cloud2.secureclick.net — Cisco Umbrella Rank: 100938 |
77 B |
13 | 6 |
Domain | Requested by | |
---|---|---|
6 | cndjeopxqf.emplexes.tech |
1 redirects
cndjeopxqf.talktotonia.com
cndjeopxqf.emplexes.tech |
2 | falling-mud-0653.on.fleek.co |
cndjeopxqf.emplexes.tech
|
1 | ajax.googleapis.com |
cndjeopxqf.emplexes.tech
|
1 | cndjeopxqf.talktotonia.com |
iueuieuieireokd.everworkinc.com
|
1 | iueuieuieireokd.everworkinc.com | |
1 | email.cloud2.secureclick.net | 1 redirects |
13 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
everworkinc.com GTS CA 1P5 |
2023-08-10 - 2023-11-08 |
3 months | crt.sh |
www.cndjeopxqf.emplexes.tech R3 |
2023-08-17 - 2023-11-15 |
3 months | crt.sh |
fleek.co Cloudflare Inc ECC CA-3 |
2023-04-08 - 2024-04-07 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-07-31 - 2023-10-23 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://cndjeopxqf.emplexes.tech/m/419263b72a8bcfcaf02f0b1195448491.html
Frame ID: 0FD2189B90C57611126CC0A6C531C207
Requests: 13 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://email.cloud2.secureclick.net/c/15040?id=5.4.1.236e0d49f7cad2f0f9b58eeee9c5e479
HTTP 302
https://iueuieuieireokd.everworkinc.com/.0ff./ Page URL
- http://cndjeopxqf.talktotonia.com/ Page URL
-
https://cndjeopxqf.emplexes.tech/?email=steve.kane@smith-nephew.com
HTTP 302
https://cndjeopxqf.emplexes.tech/m/419263b72a8bcfcaf02f0b1195448491.html Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://email.cloud2.secureclick.net/c/15040?id=5.4.1.236e0d49f7cad2f0f9b58eeee9c5e479
HTTP 302
https://iueuieuieireokd.everworkinc.com/.0ff./ Page URL
- http://cndjeopxqf.talktotonia.com/ Page URL
-
https://cndjeopxqf.emplexes.tech/?email=steve.kane@smith-nephew.com
HTTP 302
https://cndjeopxqf.emplexes.tech/m/419263b72a8bcfcaf02f0b1195448491.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://email.cloud2.secureclick.net/c/15040?id=5.4.1.236e0d49f7cad2f0f9b58eeee9c5e479 HTTP 302
- https://iueuieuieireokd.everworkinc.com/.0ff./
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
iueuieuieireokd.everworkinc.com/.0ff./ Redirect Chain
|
7 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
cndjeopxqf.talktotonia.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
cndjeopxqf.talktotonia.com/ |
208 B 429 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
419263b72a8bcfcaf02f0b1195448491.html
cndjeopxqf.emplexes.tech/m/ Redirect Chain
|
11 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
E72T4MDK1HGDYW507XGDO1B9R
cndjeopxqf.emplexes.tech/m/sm/ |
106 KB 18 KB |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
falling-mud-0653.on.fleek.co/ |
9 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Wd.png
cndjeopxqf.emplexes.tech/m/mxl/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mlg.svg
cndjeopxqf.emplexes.tech/m/mxl/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sig_op.svg
cndjeopxqf.emplexes.tech/m/mxl/ |
2 KB 990 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
authy.js
falling-mud-0653.on.fleek.co/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
encrytCode.js
falling-mud-0653.on.fleek.co/ |
195 KB 73 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
VLL7401RFBW4YBFO6IHQ84JQ7
cndjeopxqf.emplexes.tech/m/bxg/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- cndjeopxqf.talktotonia.com
- URL
- http://cndjeopxqf.talktotonia.com/
- Domain
- falling-mud-0653.on.fleek.co
- URL
- https://falling-mud-0653.on.fleek.co/authy.js?40IG89ZVECU60TX3TT9Z2E0CL
- Domain
- cndjeopxqf.emplexes.tech
- URL
- https://cndjeopxqf.emplexes.tech/m/bxg/VLL7401RFBW4YBFO6IHQ84JQ7
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cndjeopxqf.emplexes.tech/ | Name: PHPSESSID Value: 1be27cb198f4f9e95ef8c23cb42c2e8e |
|
cndjeopxqf.emplexes.tech/ | Name: rt Value: 419263b72a8bcfcaf02f0b1195448491.html |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cndjeopxqf.emplexes.tech
cndjeopxqf.talktotonia.com
email.cloud2.secureclick.net
falling-mud-0653.on.fleek.co
iueuieuieireokd.everworkinc.com
cndjeopxqf.emplexes.tech
cndjeopxqf.talktotonia.com
falling-mud-0653.on.fleek.co
162.0.213.15
185.61.154.193
2606:4700::6812:691
2a00:1450:4001:809::200a
2a06:98c1:3121::3
34.203.61.228
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
911438496edb20b19964ddbeb402975a3d70aa99c1437e6b479a350ccaf21343
932974a2d9966e2e6e45882d3d4b8e81293c79934a0ab235e112bffcea506ce9
b51da51dd021309909e81ba36a46c3025db898061430b7ea48656cf9d1458ad7
c8581833f73ba00ca1e67ed18ec883626b183db2a3f24eb55842743e7b279218
d043aa4f6eef2d8949cc3e2c7046bd139858fc4cc76a239d97a9dc8c4109c47a
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d