accesspoint-cnt-ce21.cloudjet.ninja Open in urlscan Pro
2606:4700:3032::ac43:93e5 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://lynxshort.com/rlekp
Effective URL:
https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/application/index.php?locale=en-us&authID=b584539532ccc1168dbb4...
Submission: On May 23 via manual (May 23rd 2022, 2:33:27 pm UTC) from US — Scanned from CA

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 2606:4700:3032::ac43:93e5, located in United States and belongs to CLOUDFLARENET, US. The main domain is accesspoint-cnt-ce21.cloudjet.ninja.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 18th 2022. Valid for: a year.

This is the only time accesspoint-cnt-ce21.cloudjet.ninja was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Truist Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	192.53.120.112 192.53.120.112	63949 (LINODE-AP...) (LINODE-AP Linode)
3 12	2606:4700:303... 2606:4700:3032::ac43:93e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	1

1 192.53.120.112 (Toronto, Canada) 1 redirects

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li2216-112.members.linode.com

lynxshort.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700:3032::ac43:93e5 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

accesspoint-cnt-ce21.cloudjet.ninja	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	cloudjet.ninja 3 redirects accesspoint-cnt-ce21.cloudjet.ninja	245 KB
1	lynxshort.com 1 redirects lynxshort.com	1 KB
9	2

	Domain	Requested by
12	accesspoint-cnt-ce21.cloudjet.ninja	3 redirects accesspoint-cnt-ce21.cloudjet.ninja
1	lynxshort.com	1 redirects
9	2

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-01-18` - `2023-01-17`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/application/index.php?locale=en-us&authID=b584539532ccc1168dbb458835bfdedfd7965541&start=1653316396&end=192743658
Frame ID: 2833C4CF2CABC9017778FA2CDB991005
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Authentication

Page URL History Show full URLs

https://lynxshort.com/rlekp HTTP 301
https://accesspoint-cnt-ce21.cloudjet.ninja/ HTTP 302
https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe HTTP 301
https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/ HTTP 302
https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/application/index.php?locale=en-us&authID=b... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

244 kB
Transfer

872 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://lynxshort.com/rlekp HTTP 301
https://accesspoint-cnt-ce21.cloudjet.ninja/ HTTP 302
https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe HTTP 301
https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/ HTTP 302
https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/application/index.php?locale=en-us&authID=b584539532ccc1168dbb458835bfdedfd7965541&start=1653316396&end=192743658 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request index.php Show response accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/application/ Redirect Chain https://lynxshort.com/rlekp https://accesspoint-cnt-ce21.cloudjet.ninja/ https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/ https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/application/index.php?locale=en-us&authID=b584539532ccc1168dbb458835bfdedfd7965541&start=1653316396&end=192743658	29 KB 7 KB	2092ms 2091ms	Document text/html	2606:4700:3032::ac43:93e5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/application/index.php?locale=en-us&authID=b584539532ccc1168dbb458835bfdedfd7965541&start=1653316396&end=192743658 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:93e5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.1.1 Resource Hash `364b337ee76c82a447313aa0329ef66aae80ae1184545b8aa82bdec935354f01` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 70fe81852880ca6f-YUL content-encoding br content-type text/html; charset=UTF-8 date Mon, 23 May 2022 14:33:20 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c%2Bo9HifmO%2FvTgzcPmgaKIugQ0ymPqz5F60mBGr3iMZTpk3rXEU%2BbNKKLGs0WAd0CfhOx1iuSQz%2FSwueR9iA7xjNk0oJKRX0MJ9%2BzP5dablFcdcyJW8JVseADkmAz9AlA6xFOj25BQHk6aQZkiEsYxvz232RuYErNha7YuFIjD5zkig%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.1.1 Redirect headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 70fe817c1ec0ca6f-YUL content-type text/html; charset=UTF-8 date Mon, 23 May 2022 14:33:18 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" expires Thu, 19 Nov 1981 08:52:00 GMT location ./application/index.php?locale=en-us&authID=b584539532ccc1168dbb458835bfdedfd7965541&start=1653316396&end=192743658 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wxWocObFB5yh7pzcguhUKDBkTgTdIdnZVga3O04W7bJQis32%2FLLzhIo5xmrIpI7B9dS3laoMI7lK1I39cIT46S9qsrYgLBcJlzoBPcZ5P6ge3JLmNJZ3Xjn2%2Fb0aNBPt27Crt%2Bup6zWoruaKWpcsuQS75eKj2JY6zWIhd1hzjrAeHg%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.1.1
GET H3	200	min.css accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/libraries/css/	27 KB 3 KB	315ms 315ms	Stylesheet text/css	2606:4700:3032::ac43:93e5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/libraries/css/min.css Requested by Host: accesspoint-cnt-ce21.cloudjet.ninja URL: https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/application/index.php?locale=en-us&authID=b584539532ccc1168dbb458835bfdedfd7965541&start=1653316396&end=192743658 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:93e5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a54c9a7baa37d4d34dc55264e763481f7fed319122ae442016d4e5e3bd28e1e5` Request headers accept-language en-CA,en;q=0.9 Referer https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/application/index.php?locale=en-us&authID=b584539532ccc1168dbb458835bfdedfd7965541&start=1653316396&end=192743658 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Mon, 23 May 2022 14:33:21 GMT content-encoding br cf-cache-status MISS last-modified Mon, 23 May 2022 14:33:15 GMT server cloudflare etag W/"6b93-5dfaeb8751484" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8ZzsZ%2BUsQcEyQlxT2zlF5wOIkodxOeyfgXFlIWMQ6UV5L7WwdiRt3%2FrzQcyrX00BDc9ov2F01jVe1%2BLuqmKVYW48N7jFb39yTMc66KcXi%2BNz9S9Y2EKuxawLqPamQ6%2FYoI%2FIhaisztt6kCc9sr7hnv768GftDokDSBN5Uaz%2FjyP7Ow%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 70fe81925fc6ca6f-YUL alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	style.css accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/libraries/css/	266 KB 30 KB	416ms 415ms	Stylesheet text/css	2606:4700:3032::ac43:93e5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/libraries/css/style.css Requested by Host: accesspoint-cnt-ce21.cloudjet.ninja URL: https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/application/index.php?locale=en-us&authID=b584539532ccc1168dbb458835bfdedfd7965541&start=1653316396&end=192743658 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:93e5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6a100aa3e70210b43c020d9df1c17bab722a8d764cc0600076df9452f9e73086` Request headers accept-language en-CA,en;q=0.9 Referer https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/application/index.php?locale=en-us&authID=b584539532ccc1168dbb458835bfdedfd7965541&start=1653316396&end=192743658 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Mon, 23 May 2022 14:33:21 GMT content-encoding br cf-cache-status MISS last-modified Mon, 23 May 2022 14:33:15 GMT server cloudflare etag W/"42816-5dfaeb8751484" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m8uIKibWs8zkrhmdWM8CgIZale2qCVnaosCApBEfV54e4MnxTjvXYihIVCPwfZvvCRVVz8VoVDvZ0KdYadnB5W34ZaDU%2B2h29WzQuw7yrOh2WaL6xBfCQrccwWchFumdhy%2FBoe1z8c9CH%2B6yaWwIBfGvf%2FRZCgXcul%2BlHpS9UaHI%2BA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 70fe81925fc7ca6f-YUL alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	tru-core-icon-sprite.svg accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/libraries/img/	230 KB 13 KB	860ms 860ms	Other image/svg+xml	2606:4700:3032::ac43:93e5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/libraries/img/tru-core-icon-sprite.svg Requested by Host: accesspoint-cnt-ce21.cloudjet.ninja URL: https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/application/index.php?locale=en-us&authID=b584539532ccc1168dbb458835bfdedfd7965541&start=1653316396&end=192743658 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:93e5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e0d87c790dbb39563e9487c1df643d678732cc6d3121a4835ff2e1e17edab69f` Request headers accept-language en-CA,en;q=0.9 Referer https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/application/index.php?locale=en-us&authID=b584539532ccc1168dbb458835bfdedfd7965541&start=1653316396&end=192743658 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Mon, 23 May 2022 14:33:22 GMT content-encoding br cf-cache-status MISS last-modified Mon, 23 May 2022 14:33:15 GMT server cloudflare etag W/"3999f-5dfaeb875518e" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zdRdkiT6r%2BTEmZ8qpgNeyWBM8mXGzvDX%2BEe9jg9w83KbqK7hs6ZQp5G0Hx%2BfEzzgeJ71b022NHUpWmCBqaLpQPoRDH88hrEjStk3pO%2FKsgmgLlqE7UvZJe7x4hmWSUPQO%2FIOfp0yBRaE4uABIVcycfVVPxhCCEAUhrp3QtZ9fLHcwQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 70fe819398ffca6f-YUL alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	trulogo_horz-trupurple.png accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/libraries/img/	4 KB 5 KB	303ms 303ms	Image image/png	2606:4700:3032::ac43:93e5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/libraries/img/trulogo_horz-trupurple.png Requested by Host: accesspoint-cnt-ce21.cloudjet.ninja URL: https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/application/index.php?locale=en-us&authID=b584539532ccc1168dbb458835bfdedfd7965541&start=1653316396&end=192743658 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:93e5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d2e2e20fc9729fb0389392bde5a8fd1b4cb390dd8689ce7a1c3fe83cc91b0d52` Request headers accept-language en-CA,en;q=0.9 Referer https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/application/index.php?locale=en-us&authID=b584539532ccc1168dbb458835bfdedfd7965541&start=1653316396&end=192743658 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Mon, 23 May 2022 14:33:21 GMT cf-cache-status MISS last-modified Mon, 23 May 2022 14:33:15 GMT server cloudflare etag "1118-5dfaeb875518e" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d7hMiAWAig74EaIUiGwqrWgLhkWeb%2B4JQnMeiTjTyXsyJGivsqyNKBUx6ksva8xCu6QmKPD1hUgC1%2BR%2B3FZSuV7a4CxCH4kxUqRi4boWT2GQY2ScMJRkJMVGSiGfMDIWvXUpqYqQIw2mZ6%2FZk4UmJNCG0kgQyJG5WLRFrER4pu6xvg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 70fe81939900ca6f-YUL alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 4376
GET H3	200	jquery.min.js Show response accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/libraries/js/	156 KB 41 KB	332ms 331ms	Script application/javascript	2606:4700:3032::ac43:93e5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/libraries/js/jquery.min.js Requested by Host: accesspoint-cnt-ce21.cloudjet.ninja URL: https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/application/index.php?locale=en-us&authID=b584539532ccc1168dbb458835bfdedfd7965541&start=1653316396&end=192743658 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:93e5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6e1297448cf350be58ab05a6c413fa4d4b97440a0a3ab97fb03c09ff49af5ad4` Request headers accept-language en-CA,en;q=0.9 Referer https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/application/index.php?locale=en-us&authID=b584539532ccc1168dbb458835bfdedfd7965541&start=1653316396&end=192743658 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Mon, 23 May 2022 14:33:21 GMT content-encoding br cf-cache-status MISS last-modified Mon, 23 May 2022 14:33:15 GMT server cloudflare etag W/"26f32-5dfaeb875518e" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pmdUYJnisRAQiDlWajpjepEwvH3sAjiBfW%2FsBiOTlES3OUnb1i9VPslt%2FhAutB%2Bn8q%2BIBSU3cflPsXeiTU9jj%2FiNNNZd11UlXZYEIFQftQTVgAz0OR6Nktov5YHIdB3joXclIb3IFMHF8L0qyKqP5DbIbWEmF3Uzhc8PEKTEozvJTw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 70fe8194ea53ca6f-YUL alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	jquery.mask.js Show response accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/libraries/js/	20 KB 6 KB	316ms 316ms	Script application/javascript	2606:4700:3032::ac43:93e5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/libraries/js/jquery.mask.js Requested by Host: accesspoint-cnt-ce21.cloudjet.ninja URL: https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/application/index.php?locale=en-us&authID=b584539532ccc1168dbb458835bfdedfd7965541&start=1653316396&end=192743658 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:93e5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44` Request headers accept-language en-CA,en;q=0.9 Referer https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/application/index.php?locale=en-us&authID=b584539532ccc1168dbb458835bfdedfd7965541&start=1653316396&end=192743658 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Mon, 23 May 2022 14:33:21 GMT content-encoding br cf-cache-status MISS last-modified Mon, 23 May 2022 14:33:15 GMT server cloudflare etag W/"4e98-5dfaeb875518e" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0rSuporqXDnO24JEVTYluZTvBu%2FkI74u2vWQa0cZLfpXTym7MAkxK4lG0O1kjLSYl%2Fv9rzaoQkG8NSLcnSfBfbGPHgj9%2Fhb9vjgoQLJWEc7TkfSHr3BfMGKgReJqVoZFy5L2yaq3FIfPaoPYbsGDCVbY%2BnpPV9jvxZYD1s8V8IZUnQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 70fe8194ea55ca6f-YUL alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	functions.js Show response accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/libraries/js/	3 KB 1 KB	302ms 301ms	Script application/javascript	2606:4700:3032::ac43:93e5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/libraries/js/functions.js Requested by Host: accesspoint-cnt-ce21.cloudjet.ninja URL: https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/application/index.php?locale=en-us&authID=b584539532ccc1168dbb458835bfdedfd7965541&start=1653316396&end=192743658 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:93e5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `73118786e481f5867c38abf9d643724db9232a9f20331ca964a80f4b3f23bdc1` Request headers accept-language en-CA,en;q=0.9 Referer https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/application/index.php?locale=en-us&authID=b584539532ccc1168dbb458835bfdedfd7965541&start=1653316396&end=192743658 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Mon, 23 May 2022 14:33:21 GMT content-encoding br cf-cache-status MISS last-modified Mon, 23 May 2022 14:33:15 GMT server cloudflare etag W/"af0-5dfaeb875518e" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4ePtEQFjOcJcuwVH8R%2FMF5QjN%2Bv5AfhpcsjuH3SXGiLnOpmQflp%2Be2A8K7ORqk7BbihTGMtmhe%2BSaFJXdaEwVeaUCJkHHjnvxpnHUiyxqTnlHD1pyj%2F55x7pzZ1UV56KofRfW273FW0nlyvkJ%2BNQlLACQMoi2ppDOOcvtVR7%2B8Us7w%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 70fe8194ea56ca6f-YUL alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	father-son.09ab23b1a8413f101f8b.png accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/libraries/img/	137 KB 138 KB	316ms 315ms	Image image/png	2606:4700:3032::ac43:93e5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/libraries/img/father-son.09ab23b1a8413f101f8b.png Requested by Host: accesspoint-cnt-ce21.cloudjet.ninja URL: https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/libraries/css/style.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:93e5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2fb0edc4309fcb422b5a0a0649b316449435e6a4f9ae2f3dc294d4c207028d25` Request headers accept-language en-CA,en;q=0.9 Referer https://accesspoint-cnt-ce21.cloudjet.ninja/a783084facb7e182d443d640bf8e2ffe/libraries/css/style.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Mon, 23 May 2022 14:33:21 GMT cf-cache-status MISS last-modified Mon, 23 May 2022 14:33:15 GMT server cloudflare etag "223cd-5dfaeb8751484" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zhoijQz60QCzU4HF7Ya9WAspIKDG5MeaqKuxEdsGayZWFXBWeBZSv3FKXP8oD5S4tU9%2BdWihHsU7EdpBGthTxWn8Z%2FfgKR9x1l%2B8tb91QjztUP5IrZPaXMLMGA1NfEz3IostgRCvtxEEo8WbbNFunovjFdcaKpnt9cA%2BUxUQXn%2Bthg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 70fe81953adaca6f-YUL alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 140237

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Truist Bank (Banking)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
lynxshort.com/	1970-01-20 03:15:23	Name: XSRF-TOKEN Value: eyJpdiI6IjhKNERmbnhGS2lGb1hveXpsNW5YVVE9PSIsInZhbHVlIjoic2xqeGQwcTZjVHI1YVlJcDlRR1RONXVraEtvUnZkajBjMFlFZ01NamwyeWduMG5jb3ZhTHJPXC9keGl0ZmNyUjFGRUNJWnJRNkdxcWozdW9jNGk0QWd5dUl2Z1lBQlwvREg1bXZaSHVwZ2lXTllSaHJNeEpmSnpRT1pxXC9WQ3EyZDgiLCJtYWMiOiJkM2U3NjY3MWRjMTQ2M2ZlNDRjNjQzODRkZmNlODk5ODgzOWM3N2M2NjBmMmRjYTA2NzU0OGFhM2ZmNDhjZmM4In0%3D
lynxshort.com/	1970-01-20 03:15:23	Name: phpshort_session Value: eyJpdiI6IkFGR3J1blpuanV1b3QwYkI1aytBeWc9PSIsInZhbHVlIjoiMTJBMVJNejRnZ1RJS1QzNmxDcklscEx5OElnNVFIcDZabndiMlo3clhrb2l1cWdDSFBvV0xoOXBSNElEMENwK0xnSjNOM3l2VFcxNXpqWGdvMCtnNGZ4eVBUT3JiTzlnMEw0Z1dJUm5QWSt6R0d2NlhvUjBWQnhmb2U2bXBYZjkiLCJtYWMiOiJiZDUwODJhNWMxNDhjMWU1MTU5YWM5MDhlMmVjMjc2NDBjM2Y0NTk0MDY5MzQwODUzNTJlOWU2ZWZhZjdlMzM2In0%3D
lynxshort.com/	1970-01-23 18:51:16	Name: dark_mode Value: 0
accesspoint-cnt-ce21.cloudjet.ninja/	1969-12-31 23:59:59	Name: PHPSESSID Value: gv7gals0vd489o69rs8o555pm1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accesspoint-cnt-ce21.cloudjet.ninja
lynxshort.com
192.53.120.112
2606:4700:3032::ac43:93e5
2fb0edc4309fcb422b5a0a0649b316449435e6a4f9ae2f3dc294d4c207028d25
364b337ee76c82a447313aa0329ef66aae80ae1184545b8aa82bdec935354f01
6a100aa3e70210b43c020d9df1c17bab722a8d764cc0600076df9452f9e73086
6e1297448cf350be58ab05a6c413fa4d4b97440a0a3ab97fb03c09ff49af5ad4
73118786e481f5867c38abf9d643724db9232a9f20331ca964a80f4b3f23bdc1
a54c9a7baa37d4d34dc55264e763481f7fed319122ae442016d4e5e3bd28e1e5
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
d2e2e20fc9729fb0389392bde5a8fd1b4cb390dd8689ce7a1c3fe83cc91b0d52
e0d87c790dbb39563e9487c1df643d678732cc6d3121a4835ff2e1e17edab69f

accesspoint-cnt-ce21.cloudjet.ninja Open in urlscan Pro 2606:4700:3032::ac43:93e5 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

1 IPs

2 Countries

244 kBTransfer

872 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

4 Cookies

Indicators

accesspoint-cnt-ce21.cloudjet.ninja Open in urlscan Pro
2606:4700:3032::ac43:93e5 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

244 kB
Transfer

872 kB
Size

4
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!