cndjeopxqf.emplexes.tech Open in urlscan Pro
162.0.213.15 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://email.cloud2.secureclick.net/c/15040?id=5.4.1.236e0d49f7cad2f0f9b58eeee9c5e479#%20%20c3RldmUua2FuZUBzbWl0aC1uZXBoZXcuY29t
Effective URL:
https://cndjeopxqf.emplexes.tech/m/419263b72a8bcfcaf02f0b1195448491.html
Submission: On August 17 via manual (August 17th 2023, 6:25:54 am UTC) — Scanned from DE

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 13 HTTP transactions. The main IP is 162.0.213.15, located in United States and belongs to NAMECHEAP-NET, US. The main domain is cndjeopxqf.emplexes.tech.
TLS certificate: Issued by R3 on August 17th 2023. Valid for: 3 months.

This is the only time cndjeopxqf.emplexes.tech was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	34.203.61.228 34.203.61.228	14618 (AMAZON-AES) (AMAZON-AES)
1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	185.61.154.193 185.61.154.193	22612 (NAMECHEAP...) (NAMECHEAP-NET)
1 6	162.0.213.15 162.0.213.15	22612 (NAMECHEAP...) (NAMECHEAP-NET)
2	2606:4700::68... 2606:4700::6812:691	() ()
1	2a00:1450:400... 2a00:1450:4001:809::200a	() ()
13	6

1 34.203.61.228 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-203-61-228.compute-1.amazonaws.com

email.cloud2.secureclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

iueuieuieireokd.everworkinc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.61.154.193 (United Kingdom)

ASN22612 (NAMECHEAP-NET, US)
PTR: premium82-2.web-hosting.com

cndjeopxqf.talktotonia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 162.0.213.15 (United States) 1 redirects

ASN22612 (NAMECHEAP-NET, US)
PTR: svr4.dkshostpage.host

cndjeopxqf.emplexes.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:691 (None, )

ASN- ()

falling-mud-0653.on.fleek.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200a (None, )

ASN- ()

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	emplexes.tech 1 redirects cndjeopxqf.emplexes.tech	26 KB
2	fleek.co falling-mud-0653.on.fleek.co	75 KB
1	googleapis.com ajax.googleapis.com	31 KB
1	talktotonia.com cndjeopxqf.talktotonia.com Failed	429 B
1	everworkinc.com iueuieuieireokd.everworkinc.com	2 KB
1	secureclick.net 1 redirects email.cloud2.secureclick.net — Cisco Umbrella Rank: 100938	77 B
13	6

	Domain	Requested by
6	cndjeopxqf.emplexes.tech	1 redirects cndjeopxqf.talktotonia.com cndjeopxqf.emplexes.tech
2	falling-mud-0653.on.fleek.co	cndjeopxqf.emplexes.tech
1	ajax.googleapis.com	cndjeopxqf.emplexes.tech
1	cndjeopxqf.talktotonia.com	iueuieuieireokd.everworkinc.com
1	iueuieuieireokd.everworkinc.com
1	email.cloud2.secureclick.net	1 redirects
13	6

This site contains no links.

Subject Issuer	Validity	Valid
everworkinc.com GTS CA 1P5	`2023-08-10` - `2023-11-08`	3 months	crt.sh
www.cndjeopxqf.emplexes.tech R3	`2023-08-17` - `2023-11-15`	3 months	crt.sh
fleek.co Cloudflare Inc ECC CA-3	`2023-04-08` - `2024-04-07`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://cndjeopxqf.emplexes.tech/m/419263b72a8bcfcaf02f0b1195448491.html
Frame ID: 0FD2189B90C57611126CC0A6C531C207
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://email.cloud2.secureclick.net/c/15040?id=5.4.1.236e0d49f7cad2f0f9b58eeee9c5e479 HTTP 302
https://iueuieuieireokd.everworkinc.com/.0ff./ Page URL
http://cndjeopxqf.talktotonia.com/ Page URL
https://cndjeopxqf.emplexes.tech/?email=steve.kane@smith-nephew.com HTTP 302
https://cndjeopxqf.emplexes.tech/m/419263b72a8bcfcaf02f0b1195448491.html Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

69 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

134 kB
Transfer

422 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://email.cloud2.secureclick.net/c/15040?id=5.4.1.236e0d49f7cad2f0f9b58eeee9c5e479 HTTP 302
https://iueuieuieireokd.everworkinc.com/.0ff./ Page URL
http://cndjeopxqf.talktotonia.com/ Page URL
https://cndjeopxqf.emplexes.tech/?email=steve.kane@smith-nephew.com HTTP 302
https://cndjeopxqf.emplexes.tech/m/419263b72a8bcfcaf02f0b1195448491.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://email.cloud2.secureclick.net/c/15040?id=5.4.1.236e0d49f7cad2f0f9b58eeee9c5e479 HTTP 302
https://iueuieuieireokd.everworkinc.com/.0ff./

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
iueuieuieireokd.everworkinc.com/.0ff./
Redirect Chain

https://email.cloud2.secureclick.net/c/15040?id=5.4.1.236e0d49f7cad2f0f9b58eeee9c5e479
https://iueuieuieireokd.everworkinc.com/.0ff./

7 KB
2 KB

269ms
217ms

Document
text/html

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://iueuieuieireokd.everworkinc.com/.0ff./
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: 911438496edb20b19964ddbeb402975a3d70aa99c1437e6b479a350ccaf21343

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7f7fd77def14364f-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 17 Aug 2023 06:25:47 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wWn3%2Br5wPtJ%2F87FO8RMKFhqisyEMvmwibFBrrA4JW1It3xXVxnuFujNrLbOKtD57XQbENFwze4WofKMl%2FEYO6%2FAow9y8TDpPsS6EOVLJ0B8R06xdZIkmW22Tlw6IcAPeCpX2njARgl%2F62oIJSrR1L9CUaJ2AKV9OUPwkTd4e"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33

Redirect headers

content-length: 0
date: Thu, 17 Aug 2023 06:25:47 GMT
location: https://iueuieuieireokd.everworkinc.com/.0ff./

GET /
cndjeopxqf.talktotonia.com/ 0
0

GET
H/1.1 200
OK /
cndjeopxqf.talktotonia.com/ 208 B
429 B 541ms
112ms Document
text/html 185.61.154.193
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: http://cndjeopxqf.talktotonia.com/
Requested by: Host: iueuieuieireokd.everworkinc.com
URL: https://iueuieuieireokd.everworkinc.com/.0ff./
Protocol: HTTP/1.1
Server: 185.61.154.193 , United Kingdom, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium82-2.web-hosting.com
Software: LiteSpeed / PHP/8.0.29
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-length: 157
content-type: text/html; charset=UTF-8
date: Thu, 17 Aug 2023 06:25:47 GMT
keep-alive: timeout=5, max=100
server: LiteSpeed
vary: Accept-Encoding
x-powered-by: PHP/8.0.29
x-turbo-charged-by: LiteSpeed

GET
H/1.1

200
OK

Primary Request 419263b72a8bcfcaf02f0b1195448491.html Show response
cndjeopxqf.emplexes.tech/m/
Redirect Chain

https://cndjeopxqf.emplexes.tech/?email=steve.kane@smith-nephew.com
https://cndjeopxqf.emplexes.tech/m/419263b72a8bcfcaf02f0b1195448491.html

11 KB
3 KB

3477ms
3477ms

Document
text/html

162.0.213.15
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://cndjeopxqf.emplexes.tech/m/419263b72a8bcfcaf02f0b1195448491.html
Requested by: Host: cndjeopxqf.talktotonia.com
URL: http://cndjeopxqf.talktotonia.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 162.0.213.15 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: svr4.dkshostpage.host
Software: Apache/2.4.56 (Unix) OpenSSL/1.0.2k-fips / PHP/7.4.1
Resource Hash: c8581833f73ba00ca1e67ed18ec883626b183db2a3f24eb55842743e7b279218

Request headers

Referer: http://cndjeopxqf.talktotonia.com/#steve.kane@smith-nephew.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 2502
Content-Type: text/html; charset=UTF-8
Date: Thu, 17 Aug 2023 06:25:50 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache/2.4.56 (Unix) OpenSSL/1.0.2k-fips
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/7.4.1

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Thu, 17 Aug 2023 06:25:49 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=100
Location: m/419263b72a8bcfcaf02f0b1195448491.html
Pragma: no-cache
Server: Apache/2.4.56 (Unix) OpenSSL/1.0.2k-fips
Transfer-Encoding: chunked
Vary: User-Agent
X-Powered-By: PHP/7.4.1

GET
H/1.1 200
OK E72T4MDK1HGDYW507XGDO1B9R
cndjeopxqf.emplexes.tech/m/sm/ 106 KB
18 KB 237ms
236ms Stylesheet
text/html 162.0.213.15
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://cndjeopxqf.emplexes.tech/m/sm/E72T4MDK1HGDYW507XGDO1B9R
Requested by: Host: cndjeopxqf.emplexes.tech
URL: https://cndjeopxqf.emplexes.tech/m/419263b72a8bcfcaf02f0b1195448491.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 162.0.213.15 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: svr4.dkshostpage.host
Software: Apache/2.4.56 (Unix) OpenSSL/1.0.2k-fips / PHP/7.4.1
Resource Hash: 932974a2d9966e2e6e45882d3d4b8e81293c79934a0ab235e112bffcea506ce9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cndjeopxqf.emplexes.tech/m/419263b72a8bcfcaf02f0b1195448491.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date: Thu, 17 Aug 2023 06:25:53 GMT
Content-Encoding: gzip
Server: Apache/2.4.56 (Unix) OpenSSL/1.0.2k-fips
X-Powered-By: PHP/7.4.1
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 17683

GET
H2 200 style.css
falling-mud-0653.on.fleek.co/ 9 KB
2 KB 445ms
413ms Stylesheet
text/css 2606:4700::6812:691

General

Check archive.org

Show headers Download Go to

Full URL

https://falling-mud-0653.on.fleek.co/style.css

Requested by

Host: cndjeopxqf.emplexes.tech
URL: https://cndjeopxqf.emplexes.tech/m/419263b72a8bcfcaf02f0b1195448491.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:691 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

b51da51dd021309909e81ba36a46c3025db898061430b7ea48656cf9d1458ad7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cndjeopxqf.emplexes.tech/
Origin: https://cndjeopxqf.emplexes.tech
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Thu, 17 Aug 2023 06:25:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
x-cache-status: MISS
x-xss-protection: 0
x-request-id: f5ee3929a79d8cded103132dc2dd6866
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-ipfs-roots: bafybeicma56mrvxa3z6nxwhkuxg2e3yu36bb5m5ualz37ny7um2f52nc6e,QmP8eWpyEeLuwPPLhnU2yhxqcggUjggxsdg5APPQPt3x8Z
etag: W/"QmP8eWpyEeLuwPPLhnU2yhxqcggUjggxsdg5APPQPt3x8Z"
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: max-age=10, stale-while-revalidate=600
x-ipfs-path: /ipfs/bafybeicma56mrvxa3z6nxwhkuxg2e3yu36bb5m5ualz37ny7um2f52nc6e/style.css
access-control-max-age: 86400
cf-ray: 7f7fd7a72d552d04-FRA
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
expires: Thu, 17 Aug 2023 10:25:54 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
31 KB 51ms
19ms Script
text/javascript 2a00:1450:4001:809::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js?14S67UFICZQ7XMIGI5QCMIPHS

Requested by

Host: cndjeopxqf.emplexes.tech
URL: https://cndjeopxqf.emplexes.tech/m/419263b72a8bcfcaf02f0b1195448491.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cndjeopxqf.emplexes.tech/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Thu, 17 Aug 2023 06:25:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 16 Aug 2024 06:25:53 GMT

GET
H/1.1 200
OK Wd.png
cndjeopxqf.emplexes.tech/m/mxl/ 2 KB
3 KB 159ms
158ms Image
image/png 162.0.213.15
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cndjeopxqf.emplexes.tech/m/mxl/Wd.png
Requested by: Host: cndjeopxqf.emplexes.tech
URL: https://cndjeopxqf.emplexes.tech/m/419263b72a8bcfcaf02f0b1195448491.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 162.0.213.15 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: svr4.dkshostpage.host
Software: Apache/2.4.56 (Unix) OpenSSL/1.0.2k-fips /
Resource Hash: d043aa4f6eef2d8949cc3e2c7046bd139858fc4cc76a239d97a9dc8c4109c47a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cndjeopxqf.emplexes.tech/m/419263b72a8bcfcaf02f0b1195448491.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date: Thu, 17 Aug 2023 06:25:54 GMT
Last-Modified: Thu, 17 Aug 2023 01:18:58 GMT
Server: Apache/2.4.56 (Unix) OpenSSL/1.0.2k-fips
ETag: "8fc-60314324e8bac"
Vary: User-Agent
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 2300

GET
H/1.1 200
OK mlg.svg
cndjeopxqf.emplexes.tech/m/mxl/ 4 KB
2 KB 159ms
158ms Image
image/svg+xml 162.0.213.15
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cndjeopxqf.emplexes.tech/m/mxl/mlg.svg?XJ0Z2X8EMD0G7Y3EOO1HUXLA1
Requested by: Host: cndjeopxqf.emplexes.tech
URL: https://cndjeopxqf.emplexes.tech/m/419263b72a8bcfcaf02f0b1195448491.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 162.0.213.15 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: svr4.dkshostpage.host
Software: Apache/2.4.56 (Unix) OpenSSL/1.0.2k-fips /
Resource Hash: 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cndjeopxqf.emplexes.tech/m/419263b72a8bcfcaf02f0b1195448491.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date: Thu, 17 Aug 2023 06:25:54 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Aug 2023 01:18:58 GMT
Server: Apache/2.4.56 (Unix) OpenSSL/1.0.2k-fips
ETag: "e43-60314324e87c4-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1435

GET
H/1.1 200
OK sig_op.svg
cndjeopxqf.emplexes.tech/m/mxl/ 2 KB
990 B 317ms
158ms Image
image/svg+xml 162.0.213.15
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cndjeopxqf.emplexes.tech/m/mxl/sig_op.svg
Requested by: Host: cndjeopxqf.emplexes.tech
URL: https://cndjeopxqf.emplexes.tech/m/419263b72a8bcfcaf02f0b1195448491.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 162.0.213.15 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: svr4.dkshostpage.host
Software: Apache/2.4.56 (Unix) OpenSSL/1.0.2k-fips /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cndjeopxqf.emplexes.tech/m/419263b72a8bcfcaf02f0b1195448491.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date: Thu, 17 Aug 2023 06:25:54 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Aug 2023 01:18:58 GMT
Server: Apache/2.4.56 (Unix) OpenSSL/1.0.2k-fips
ETag: "638-60314324e8bac-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 621

GET authy.js
falling-mud-0653.on.fleek.co/ 0
0

GET
H2 200 encrytCode.js
falling-mud-0653.on.fleek.co/ 195 KB
73 KB 257ms
257ms Script
text/javascript 2606:4700::6812:691

General

Check archive.org

Show headers Download Go to

Full URL

https://falling-mud-0653.on.fleek.co/encrytCode.js?LUG8JG17WRAJ229BLZ32ZOZD3

Requested by

Host: cndjeopxqf.emplexes.tech
URL: https://cndjeopxqf.emplexes.tech/m/419263b72a8bcfcaf02f0b1195448491.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:691 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cndjeopxqf.emplexes.tech/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Thu, 17 Aug 2023 06:25:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
x-cache-status: MISS
x-xss-protection: 0
x-request-id: 228f0719cec7e75ed04e3ef18ab883f1
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-ipfs-roots: bafybeicma56mrvxa3z6nxwhkuxg2e3yu36bb5m5ualz37ny7um2f52nc6e,QmSKGgG2sDRWa8EacJe3hWZPKUAtprLepR6kLmzm4dfGpn
etag: W/"QmSKGgG2sDRWa8EacJe3hWZPKUAtprLepR6kLmzm4dfGpn"
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: max-age=10, stale-while-revalidate=600
x-ipfs-path: /ipfs/bafybeicma56mrvxa3z6nxwhkuxg2e3yu36bb5m5ualz37ny7um2f52nc6e/encrytCode.js
access-control-max-age: 86400
cf-ray: 7f7fd7a9bc589128-FRA
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
expires: Thu, 17 Aug 2023 10:25:54 GMT

GET VLL7401RFBW4YBFO6IHQ84JQ7
cndjeopxqf.emplexes.tech/m/bxg/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cndjeopxqf.talktotonia.com
URL: http://cndjeopxqf.talktotonia.com/

Domain: falling-mud-0653.on.fleek.co
URL: https://falling-mud-0653.on.fleek.co/authy.js?40IG89ZVECU60TX3TT9Z2E0CL

Domain: cndjeopxqf.emplexes.tech
URL: https://cndjeopxqf.emplexes.tech/m/bxg/VLL7401RFBW4YBFO6IHQ84JQ7

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			cndjeopxqf.emplexes.tech/	1969-12-31 23:59:59	Name: PHPSESSID Value: 1be27cb198f4f9e95ef8c23cb42c2e8e
			cndjeopxqf.emplexes.tech/	1970-01-20 14:04:13	Name: rt Value: 419263b72a8bcfcaf02f0b1195448491.html

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cndjeopxqf.emplexes.tech
cndjeopxqf.talktotonia.com
email.cloud2.secureclick.net
falling-mud-0653.on.fleek.co
iueuieuieireokd.everworkinc.com
cndjeopxqf.emplexes.tech
cndjeopxqf.talktotonia.com
falling-mud-0653.on.fleek.co
162.0.213.15
185.61.154.193
2606:4700::6812:691
2a00:1450:4001:809::200a
2a06:98c1:3121::3
34.203.61.228
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
911438496edb20b19964ddbeb402975a3d70aa99c1437e6b479a350ccaf21343
932974a2d9966e2e6e45882d3d4b8e81293c79934a0ab235e112bffcea506ce9
b51da51dd021309909e81ba36a46c3025db898061430b7ea48656cf9d1458ad7
c8581833f73ba00ca1e67ed18ec883626b183db2a3f24eb55842743e7b279218
d043aa4f6eef2d8949cc3e2c7046bd139858fc4cc76a239d97a9dc8c4109c47a
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

cndjeopxqf.emplexes.tech Open in urlscan Pro 162.0.213.15 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

69 %HTTPS

50 %IPv6

6 Domains

6 Subdomains

6 IPs

2 Countries

134 kBTransfer

422 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

2 Cookies

Indicators

cndjeopxqf.emplexes.tech Open in urlscan Pro
162.0.213.15 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

69 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

134 kB
Transfer

422 kB
Size

2
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!