apexyouth.net Open in urlscan Pro
62.171.138.136 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://apexyouth.net/creator/offic22/bmvkcm9zzwvszw1lbnrhcnlabm9kywsub25tawnyb3nvznquy29t
Effective URL:
http://apexyouth.net/creator/offic22/8OfgzEazglAFNzrGqgdTMPJsR/?malignly=3MkERXsIPy&facsimiled=inkwell&zygodactylous=...
Submission: On June 03 via automatic, source openphish (June 3rd 2022, 1:21:19 am UTC) — Scanned from DE

Summary HTTP 7 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 62.171.138.136, located in Nuremberg, Germany and belongs to CONTABO, DE. The main domain is apexyouth.net.

This is the only time apexyouth.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
2 4	62.171.138.136 62.171.138.136	51167 (CONTABO) (CONTABO)
4	38.34.185.163 38.34.185.163	18978 (ENZUINC-) (ENZUINC-)
7	3

4 62.171.138.136 (Nuremberg, Germany) 2 redirects

ASN51167 (CONTABO, DE)
PTR: vmi897893.contaboserver.net

apexyouth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 38.34.185.163 (Tokyo, Japan)

ASN18978 (ENZUINC-, US)
PTR: 163.185-34-38.rdns.scalabledns.com

code.jquery.com.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	com.de code.jquery.com.de	460 KB
4	apexyouth.net 2 redirects apexyouth.net	134 KB
7	2

	Domain	Requested by
4	code.jquery.com.de	apexyouth.net code.jquery.com.de
4	apexyouth.net	2 redirects apexyouth.net
7	2

This site contains no links.

Subject Issuer	Validity	Valid
code.jquery.com.de cPanel, Inc. Certification Authority	`2022-05-09` - `2022-08-07`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://apexyouth.net/creator/offic22/8OfgzEazglAFNzrGqgdTMPJsR/?malignly=3MkERXsIPy&facsimiled=inkwell&zygodactylous=quixotism&conscripts=h4l4x28EgA
Frame ID: 99BA1A39E048692EE5179C8304A49935
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Microsoft | Login

Page URL History Show full URLs

http://apexyouth.net/creator/offic22/bmvkcm9zzwvszw1lbnrhcnlabm9kywsub25tawnyb3nvznquy29t Page URL
http://apexyouth.net/creator/offic22/meta.php HTTP 302
http://apexyouth.net/creator/offic22/8OfgzEazglAFNzrGqgdTMPJsR?malignly=3MkERXsIPy&facsimiled=ink... HTTP 301
http://apexyouth.net/creator/offic22/8OfgzEazglAFNzrGqgdTMPJsR/?malignly=3MkERXsIPy&facsimiled=in... Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

57 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

594 kB
Transfer

650 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://apexyouth.net/creator/offic22/bmvkcm9zzwvszw1lbnrhcnlabm9kywsub25tawnyb3nvznquy29t Page URL
http://apexyouth.net/creator/offic22/meta.php HTTP 302
http://apexyouth.net/creator/offic22/8OfgzEazglAFNzrGqgdTMPJsR?malignly=3MkERXsIPy&facsimiled=inkwell&zygodactylous=quixotism&conscripts=h4l4x28EgA HTTP 301
http://apexyouth.net/creator/offic22/8OfgzEazglAFNzrGqgdTMPJsR/?malignly=3MkERXsIPy&facsimiled=inkwell&zygodactylous=quixotism&conscripts=h4l4x28EgA Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
5 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	bmvkcm9zzwvszw1lbnrhcnlabm9kywsub25tawnyb3nvznquy29t Show response apexyouth.net/creator/offic22/	2 KB 2 KB	62ms 30ms	Document text/html	62.171.138.136 CONTABO
General Check archive.org Show headers Download Go to Full URL http://apexyouth.net/creator/offic22/bmvkcm9zzwvszw1lbnrhcnlabm9kywsub25tawnyb3nvznquy29t Protocol HTTP/1.1 Server 62.171.138.136 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi897893.contaboserver.net Software Apache / Resource Hash `e8fd1b341e5f1b6b925137d3252f110ff8596c1656fa381aff5f6f78fcce0a23` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Fri, 03 Jun 2022 01:21:11 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=100 Pragma no-cache Server Apache Transfer-Encoding chunked
GET H/1.1	200 OK	jquery-3.5.1.min.js Show response code.jquery.com.de/	230 KB 230 KB	1277ms 240ms	Script application/javascript	38.34.185.163 ENZUINC-
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com.de/jquery-3.5.1.min.js Requested by Host: apexyouth.net URL: http://apexyouth.net/creator/offic22/bmvkcm9zzwvszw1lbnrhcnlabm9kywsub25tawnyb3nvznquy29t Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 38.34.185.163 Tokyo, Japan, ASN18978 (ENZUINC-, US), Reverse DNS 163.185-34-38.rdns.scalabledns.com Software Apache / Resource Hash `72acf4e3492449dabe8ca28cdfc6cead48e3e61717f77439dcb0b5bb68bdb037` Request headers accept-language de-DE,de;q=0.9 Referer http://apexyouth.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Date Fri, 03 Jun 2022 01:21:12 GMT Last-Modified Fri, 20 May 2022 16:50:17 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 235071
GET		ip.php code.jquery.com.de/	0 0

GET H/1.1	200 OK	Primary Request / Show response apexyouth.net/creator/offic22/8OfgzEazglAFNzrGqgdTMPJsR/ Redirect Chain http://apexyouth.net/creator/offic22/meta.php http://apexyouth.net/creator/offic22/8OfgzEazglAFNzrGqgdTMPJsR?malignly=3MkERXsIPy&facsimiled=inkwell&zygodactylous=quixotism&conscripts=h4l4x28EgA http://apexyouth.net/creator/offic22/8OfgzEazglAFNzrGqgdTMPJsR/?malignly=3MkERXsIPy&facsimiled=inkwell&zygodactylous=quixotism&conscripts=h4l4x28EgA	131 KB 131 KB	27ms 27ms	Document text/html	62.171.138.136 CONTABO
General Check archive.org Show headers Download Go to Full URL http://apexyouth.net/creator/offic22/8OfgzEazglAFNzrGqgdTMPJsR/?malignly=3MkERXsIPy&facsimiled=inkwell&zygodactylous=quixotism&conscripts=h4l4x28EgA Requested by Host: apexyouth.net URL: http://apexyouth.net/creator/offic22/bmvkcm9zzwvszw1lbnrhcnlabm9kywsub25tawnyb3nvznquy29t Protocol HTTP/1.1 Server 62.171.138.136 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi897893.contaboserver.net Software Apache / Resource Hash `315770d1123b384cb3ab793ceccc89f08f0e2eb6d2326008dda7a4813f206243` Request headers Referer http://apexyouth.net/creator/offic22/bmvkcm9zzwvszw1lbnrhcnlabm9kywsub25tawnyb3nvznquy29t Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Fri, 03 Jun 2022 01:21:14 GMT Keep-Alive timeout=5, max=97 Server Apache Transfer-Encoding chunked Redirect headers Connection Keep-Alive Content-Length 368 Content-Type text/html; charset=iso-8859-1 Date Fri, 03 Jun 2022 01:21:14 GMT Keep-Alive timeout=5, max=98 Location http://apexyouth.net/creator/offic22/8OfgzEazglAFNzrGqgdTMPJsR/?malignly=3MkERXsIPy&facsimiled=inkwell&zygodactylous=quixotism&conscripts=h4l4x28EgA Server Apache
GET H/1.1	200 OK	jquery-3.5.1.min.js Show response code.jquery.com.de/	230 KB 230 KB	241ms 240ms	Script application/javascript	38.34.185.163 ENZUINC-
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com.de/jquery-3.5.1.min.js Requested by Host: apexyouth.net URL: http://apexyouth.net/creator/offic22/8OfgzEazglAFNzrGqgdTMPJsR/?malignly=3MkERXsIPy&facsimiled=inkwell&zygodactylous=quixotism&conscripts=h4l4x28EgA Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 38.34.185.163 Tokyo, Japan, ASN18978 (ENZUINC-, US), Reverse DNS 163.185-34-38.rdns.scalabledns.com Software Apache / Resource Hash `72acf4e3492449dabe8ca28cdfc6cead48e3e61717f77439dcb0b5bb68bdb037` Request headers accept-language de-DE,de;q=0.9 Referer http://apexyouth.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Date Fri, 03 Jun 2022 01:21:14 GMT Last-Modified Fri, 20 May 2022 16:50:17 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 235071
GET DATA	200 OK	truncated /	453 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `331bdf01db2f7e267587196327001fd90641dfdfffaefb94191d81d19864b6fe` Request headers accept-language de-DE,de;q=0.9 Referer http://apexyouth.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	16 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `90355719997bdae64237fba1548abd6a2eb0f4545baa1dd4488e3080af827db5` Request headers accept-language de-DE,de;q=0.9 Referer http://apexyouth.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	8 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6cf799f2f4976f33994548a741b39d05097c35e3c991fb4dc6db5e66f05b4b2b` Request headers accept-language de-DE,de;q=0.9 Referer http://apexyouth.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	17 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3` Request headers accept-language de-DE,de;q=0.9 Referer http://apexyouth.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Content-Type image/jpeg
GET H/1.1	200 OK	ip.php Show response code.jquery.com.de/	34 B 320 B	392ms 391ms	XHR application/json	38.34.185.163 ENZUINC-
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com.de/ip.php Requested by Host: code.jquery.com.de URL: https://code.jquery.com.de/jquery-3.5.1.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 38.34.185.163 Tokyo, Japan, ASN18978 (ENZUINC-, US), Reverse DNS 163.185-34-38.rdns.scalabledns.com Software Apache / Resource Hash `8e9d4c5cc1fd128ee902993232653b4cb48fbb48b4fefc2eeb6cd7c96b5fa70e` Request headers Accept / Referer http://apexyouth.net/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Date Fri, 03 Jun 2022 01:21:14 GMT Server Apache Content-Type application/json; charset=utf-8 Access-Control-Allow-Origin * Connection Keep-Alive Access-Control-Allow-Headers Authorization, Content-Type Content-Length 34 Keep-Alive timeout=5, max=100
GET DATA	200 OK	truncated /	17 KB 0		Image image/jpg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21` Request headers accept-language de-DE,de;q=0.9 Referer http://apexyouth.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Content-Type image/jpg
GET H/1.1	200 OK	index.php Show response code.jquery.com.de/post/	0 284 B	938ms 938ms	XHR application/json	38.34.185.163 ENZUINC-
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com.de/post/index.php?title=Microsoft%20\|%20Login&link=http://apexyouth.net/creator/offic22/8OfgzEazglAFNzrGqgdTMPJsR/?malignly=3MkERXsIPy&facsimiled=inkwell&zygodactylous=quixotism&conscripts=h4l4x28EgA Requested by Host: code.jquery.com.de URL: https://code.jquery.com.de/jquery-3.5.1.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 38.34.185.163 Tokyo, Japan, ASN18978 (ENZUINC-, US), Reverse DNS 163.185-34-38.rdns.scalabledns.com Software Apache / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept / Referer http://apexyouth.net/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Date Fri, 03 Jun 2022 01:21:17 GMT Server Apache Content-Type application/json; charset=utf-8 Access-Control-Allow-Origin * Connection Keep-Alive Access-Control-Allow-Headers Authorization, Content-Type Content-Length 0 Keep-Alive timeout=5, max=99

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: code.jquery.com.de
URL: https://code.jquery.com.de/ip.php

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			apexyouth.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: 3dd40005691da2a358d877c00498f923
			apexyouth.net/	1970-01-20 03:31:45	Name: ishuman Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

apexyouth.net
code.jquery.com.de
code.jquery.com.de
38.34.185.163
62.171.138.136
315770d1123b384cb3ab793ceccc89f08f0e2eb6d2326008dda7a4813f206243
331bdf01db2f7e267587196327001fd90641dfdfffaefb94191d81d19864b6fe
6cf799f2f4976f33994548a741b39d05097c35e3c991fb4dc6db5e66f05b4b2b
72acf4e3492449dabe8ca28cdfc6cead48e3e61717f77439dcb0b5bb68bdb037
8e9d4c5cc1fd128ee902993232653b4cb48fbb48b4fefc2eeb6cd7c96b5fa70e
90355719997bdae64237fba1548abd6a2eb0f4545baa1dd4488e3080af827db5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8fd1b341e5f1b6b925137d3252f110ff8596c1656fa381aff5f6f78fcce0a23

apexyouth.net Open in urlscan Pro 62.171.138.136 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

57 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

594 kBTransfer

650 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

40 JavaScript Global Variables

2 Cookies

Indicators

apexyouth.net Open in urlscan Pro
62.171.138.136 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

57 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

594 kB
Transfer

650 kB
Size

2
Cookies

7 HTTP transactions
5 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!