sea-shared-16.hostwindsdns.com Open in urlscan Pro
104.168.248.146 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/
Effective URL:
https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/signin.php
Submission: On July 08 via manual (July 8th 2024, 1:31:17 am UTC) from MA — Scanned from DE

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 5 domains to perform 15 HTTP transactions. The main IP is 104.168.248.146, located in United States and belongs to HOSTWINDS, US. The main domain is sea-shared-16.hostwindsdns.com.
TLS certificate: Issued by R11 on July 7th 2024. Valid for: 3 months.

This is the only time sea-shared-16.hostwindsdns.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
4 11	104.168.248.146 104.168.248.146	54290 (HOSTWINDS) (HOSTWINDS)
2	2606:4700:10:... 2606:4700:10::6816:455f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.22.83 172.67.22.83	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:20:... 2606:4700:20::681a:4f7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
15	7

11 104.168.248.146 (United States) 4 redirects

ASN54290 (HOSTWINDS, US)
PTR: sea-shared-16.hostwindsdns.com

sea-shared-16.hostwindsdns.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:455f (United States)

ASN13335 (CLOUDFLARENET, US)

static.elfsight.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.22.83 (United States)

ASN13335 (CLOUDFLARENET, US)

core.service.elfsight.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:4f7 (United States)

ASN13335 (CLOUDFLARENET, US)

files.elfsightcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	hostwindsdns.com 4 redirects sea-shared-16.hostwindsdns.com	132 KB
3	youtube.com www.youtube.com — Cisco Umbrella Rank: 94	12 KB
3	elfsight.com static.elfsight.com — Cisco Umbrella Rank: 16272 core.service.elfsight.com — Cisco Umbrella Rank: 17251	275 KB
1	elfsightcdn.com files.elfsightcdn.com — Cisco Umbrella Rank: 67050	80 KB
0	js-codes.com Failed js-codes.com Failed
15	5

	Domain	Requested by
11	sea-shared-16.hostwindsdns.com	4 redirects sea-shared-16.hostwindsdns.com
3	www.youtube.com	static.elfsight.com www.youtube.com
2	static.elfsight.com	sea-shared-16.hostwindsdns.com static.elfsight.com
1	files.elfsightcdn.com	sea-shared-16.hostwindsdns.com
1	core.service.elfsight.com	static.elfsight.com
0	js-codes.com Failed	sea-shared-16.hostwindsdns.com
15	6

This site contains no links.

Subject Issuer	Validity	Valid
sea-shared-16.hostwindsdns.com R11	`2024-07-07` - `2024-10-05`	3 months	crt.sh
static.elfsight.com GTS CA 1P5	`2024-05-25` - `2024-08-23`	3 months	crt.sh
elfsight.com Cloudflare Inc ECC CA-3	`2023-09-08` - `2024-09-07`	a year	crt.sh
files.elfsightcdn.com GTS CA 1P5	`2024-05-25` - `2024-08-23`	3 months	crt.sh
*.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/signin.php
Frame ID: A2D997E3ACE988899074BE7A2D521304
Requests: 14 HTTP requests in this frame

Frame: https://www.youtube.com/embed/Ssw_0s2G0dM?autoplay=1&mute=0&controls=1&origin=https%3A%2F%2Fsea-shared-16.hostwindsdns.com&playsinline=1&showinfo=1&rel=0&iv_load_policy=3&modestbranding=1&enablejsapi=1&widgetid=1
Frame ID: 3DADF428582892D3F2722DB60093FF36
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Loggen Sie sich bei PayPal ein

Page URL History Show full URLs

https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/ HTTP 302
https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/ HTTP 302
https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/signin.php HTTP 302
https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/index.php HTTP 302
https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/signin.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

93 %
HTTPS

67 %
IPv6

5
Domains

6
Subdomains

7
IPs

2
Countries

500 kB
Transfer

1206 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/ HTTP 302
https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/ HTTP 302
https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/signin.php HTTP 302
https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/index.php HTTP 302
https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/signin.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request signin.php Show response
sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/
Redirect Chain

https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/
https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/
https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/signin.php
https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/index.php
https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/signin.php

16 KB
5 KB

181ms
180ms

Document
text/html

104.168.248.146
HOSTWINDS

General

Check archive.org

Show headers Download Go to

Full URL: https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/signin.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.168.248.146 , United States, ASN54290 (HOSTWINDS, US),
Reverse DNS: sea-shared-16.hostwindsdns.com
Software: Apache / PHP/7.4.33
Resource Hash: 8c16a917ff563b054749ca2aac65fb55f1341e5dac5c35cff45878f263c5de74

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: br
content-length: 4953
content-type: text/html; charset=UTF-8
date: Mon, 08 Jul 2024 01:31:11 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache
vary: Accept-Encoding
x-powered-by: PHP/7.4.33

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: br
content-length: 1
content-type: text/html; charset=UTF-8
date: Mon, 08 Jul 2024 01:31:10 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: signin.php
pragma: no-cache
server: Apache
vary: Accept-Encoding
x-powered-by: PHP/7.4.33

GET
H2 200 signin.css
sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/lib/styles/ 15 KB
3 KB 170ms
169ms Stylesheet
text/css 104.168.248.146
HOSTWINDS

General

Check archive.org

Show headers Download Go to

Full URL: https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/lib/styles/signin.css
Requested by: Host: sea-shared-16.hostwindsdns.com
URL: https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/signin.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.168.248.146 , United States, ASN54290 (HOSTWINDS, US),
Reverse DNS: sea-shared-16.hostwindsdns.com
Software: Apache /
Resource Hash: 44334e15099fb14b56b78e0fa275cf5a74469c83dee771388b0df6fd1777d6f7

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/signin.php
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Jul 2024 01:31:12 GMT
content-encoding: br
last-modified: Mon, 01 Apr 2019 16:39:50 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 2677

GET
H2 200 jquery-3.3.1.min.js Show response
sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/lib/js/ 85 KB
29 KB 335ms
335ms Script
text/javascript 104.168.248.146
HOSTWINDS

General

Check archive.org

Show headers Download Go to

Full URL: https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/lib/js/jquery-3.3.1.min.js
Requested by: Host: sea-shared-16.hostwindsdns.com
URL: https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/signin.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.168.248.146 , United States, ASN54290 (HOSTWINDS, US),
Reverse DNS: sea-shared-16.hostwindsdns.com
Software: Apache /
Resource Hash: 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/signin.php
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Jul 2024 01:31:12 GMT
content-encoding: br
last-modified: Mon, 01 Apr 2019 16:39:50 GMT
server: Apache
vary: Accept-Encoding
content-type: text/javascript
accept-ranges: bytes
content-length: 29708

GET modernizr.min.js
js-codes.com/modernizr/2.9.0/ 0
0

GET
H2 200 platform.js Show response
static.elfsight.com/platform/ 48 KB
17 KB 185ms
49ms Script
application/javascript 2606:4700:10::6816:455f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.elfsight.com/platform/platform.js

Requested by

Host: sea-shared-16.hostwindsdns.com
URL: https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/signin.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:455f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cec24a06e2e9c6dbe79ac537c1c0906c2896eb331ebe94fc3077075d78dc5a6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sea-shared-16.hostwindsdns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Jul 2024 01:31:12 GMT
strict-transport-security: max-age=0
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: tx000005ce1cef2e62d911c-0066850a00-5cc45812-sfo2a
age: 3061
x-envoy-upstream-healthchecked-cluster
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 11 Jun 2024 05:32:12 GMT
server: cloudflare
etag: W/"9cb6cdfa853ae05f7abcff41c1cfd0af"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
content-type: application/javascript
x-do-cdn-uuid: e32c40dc-02c3-4408-a6ec-51bfedff6dd9
x-rgw-object-type: Normal
cache-control: max-age=3600
cf-ray: 89fc503b3909199b-FRA

GET
H2 200 logo_official.svg
sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/lib/pics/ 5 KB
2 KB 183ms
182ms Image
image/svg+xml 104.168.248.146
HOSTWINDS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/lib/pics/logo_official.svg
Requested by: Host: sea-shared-16.hostwindsdns.com
URL: https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/lib/styles/signin.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.168.248.146 , United States, ASN54290 (HOSTWINDS, US),
Reverse DNS: sea-shared-16.hostwindsdns.com
Software: Apache /
Resource Hash: b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/lib/styles/signin.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Jul 2024 01:31:12 GMT
content-encoding: br
last-modified: Mon, 01 Apr 2019 16:39:50 GMT
server: Apache
vary: Accept-Encoding
content-type: image/svg+xml
accept-ranges: bytes
content-length: 1800

GET
H2 200 p_small_regular.woff
sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/lib/fonts/ 46 KB
46 KB 177ms
176ms Font
font/woff 104.168.248.146
HOSTWINDS

General

Check archive.org

Show headers Download Go to

Full URL: https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/lib/fonts/p_small_regular.woff
Requested by: Host: sea-shared-16.hostwindsdns.com
URL: https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/lib/styles/signin.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.168.248.146 , United States, ASN54290 (HOSTWINDS, US),
Reverse DNS: sea-shared-16.hostwindsdns.com
Software: Apache /
Resource Hash: ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/lib/styles/signin.css
Origin: https://sea-shared-16.hostwindsdns.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Jul 2024 01:31:12 GMT
content-encoding: br
last-modified: Mon, 01 Apr 2019 16:39:48 GMT
server: Apache
vary: Accept-Encoding
content-type: font/woff
accept-ranges: bytes
content-length: 47343

GET
H2 200 p_small_light.woff
sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/lib/fonts/ 46 KB
46 KB 177ms
177ms Font
font/woff 104.168.248.146
HOSTWINDS

General

Check archive.org

Show headers Download Go to

Full URL: https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/lib/fonts/p_small_light.woff
Requested by: Host: sea-shared-16.hostwindsdns.com
URL: https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/lib/styles/signin.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.168.248.146 , United States, ASN54290 (HOSTWINDS, US),
Reverse DNS: sea-shared-16.hostwindsdns.com
Software: Apache /
Resource Hash: 843e67ad522a908162007f4b7601819a5bbfef00e38ac7aec778766da8b7b2ab

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/lib/styles/signin.css
Origin: https://sea-shared-16.hostwindsdns.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Jul 2024 01:31:12 GMT
content-encoding: br
last-modified: Mon, 01 Apr 2019 16:39:48 GMT
server: Apache
vary: Accept-Encoding
content-type: font/woff
accept-ranges: bytes
content-length: 46707

GET
H3 200 / Show response
core.service.elfsight.com/p/boot/ 9 KB
4 KB 273ms
221ms XHR
application/json 172.67.22.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://core.service.elfsight.com/p/boot/?page=https%3A%2F%2Fsea-shared-16.hostwindsdns.com%2F~jjftndem%2Falerte%2Fppl%2Fverification%2Fapp%2Fsignin.php&w=f5cf8956-7b85-4887-ae11-dc505c24e809

Requested by

Host: static.elfsight.com
URL: https://static.elfsight.com/platform/platform.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.22.83 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f757cad02adb9957838f1612f3cab5c35b2bf8e377fd216d6da3f379e4349360

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sea-shared-16.hostwindsdns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Jul 2024 01:31:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=0
x-dns-prefetch-control: on
cross-origin-resource-policy: same-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0, 1; mode=block
referrer-policy: no-referrer
server: cloudflare
cross-origin-opener-policy: unsafe-none
etag: W/"223d-A4PIVUCydkVsOjn/LSD+AL+WQQw"
x-download-options: noopen
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://sea-shared-16.hostwindsdns.com
origin-agent-cluster: ?1
access-control-allow-credentials: true
cf-apo-via: origin,host
cf-ray: 89fc503d6d3b2c1e-FRA

GET
H2 200 popup.js Show response
static.elfsight.com/apps/popup/stable/5078c93d241700df9124bcfc4fbfa1552f237e56/app/ 821 KB
255 KB 54ms
54ms Script
application/javascript 2606:4700:10::6816:455f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.elfsight.com/apps/popup/stable/5078c93d241700df9124bcfc4fbfa1552f237e56/app/popup.js

Requested by

Host: static.elfsight.com
URL: https://static.elfsight.com/platform/platform.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:455f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3a7f22d50be0450973b488fe1872538d6aa7761a4da57591938d06b6fd181ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sea-shared-16.hostwindsdns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Jul 2024 01:31:13 GMT
strict-transport-security: max-age=0
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: tx00000f1fdd79458b518c8-006686922e-5ad18af0-sfo2a
age: 2378
x-envoy-upstream-healthchecked-cluster
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 04 Jul 2024 12:13:36 GMT
server: cloudflare
etag: W/"25da9e0e1914b8912f96444ac9a82091"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
content-type: application/javascript; charset=utf-8
x-do-cdn-uuid: e32c40dc-02c3-4408-a6ec-51bfedff6dd9
x-rgw-object-type: Normal
cache-control: max-age=3600
cf-ray: 89fc503ecb10199b-FRA

GET
H2 200 ppp.jpg
files.elfsightcdn.com/eafe4a4d-3436-495d-b748-5bdce62d911d/58b04a75-015c-48a7-9234-22392affe746/ 79 KB
80 KB 186ms
50ms Image
image/jpeg 2606:4700:20::681a:4f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://files.elfsightcdn.com/eafe4a4d-3436-495d-b748-5bdce62d911d/58b04a75-015c-48a7-9234-22392affe746/ppp.jpg

Requested by

Host: sea-shared-16.hostwindsdns.com
URL: https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/signin.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:4f7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4653a3c27240c3e2d5d47fd13eeacbfe18069acb4f4f690537f7cf54f94e3f9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sea-shared-16.hostwindsdns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Jul 2024 01:31:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: tx0000000000000103adc5a-0066898a8b-46bec22d-nyc3a
age: 35834
cf-polished: status=not_needed
x-envoy-upstream-healthchecked-cluster
alt-svc: h3=":443"; ma=86400
content-length: 81309
cf-bgj: imgq:100,h2pri
last-modified: Sun, 16 Apr 2023 01:28:49 GMT
server: cloudflare
etag: "617de44cfebc80eddcca2ae4f8218f9d"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cVynUD55w5ruLjdU1UCeUMcOaEogAvm%2F0Ofv1CAixn6gLx2u0XkQFz2b0%2F25rJMwLGfbyOPUQv%2F5KQJ%2FrYWRpFJRq0e8l7dsKuto4CmSH%2BE5k3s7h3zT2cFyKEQZhBS0cbZN0ZBVJWQqywU3YoJLpxKppA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
x-do-cdn-uuid: 09fc71af-b58f-4172-b955-d9e3a4bdd076
cache-control: max-age=604800
x-rgw-object-type: Normal
accept-ranges: bytes
cf-ray: 89fc50413a4d085a-FRA

GET
H2 200 iframe_api Show response
www.youtube.com/ 993 B
2 KB 152ms
62ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: static.elfsight.com
URL: https://static.elfsight.com/apps/popup/stable/5078c93d241700df9124bcfc4fbfa1552f237e56/app/popup.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

96e567e55058088bf057ebeb964b202435a2c745a55f49df106fe22f2a9a8e11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sea-shared-16.hostwindsdns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Jul 2024 01:31:13 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: text/javascript; charset=utf-8
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Mon, 08 Jul 2024 01:31:13 GMT

GET
H2 200 www-widgetapi.js Show response
www.youtube.com/s/player/5352eb4f/www-widgetapi.vflset/ 31 KB
10 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/5352eb4f/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7a4d3c6bbb813b80afb47a45e75320ff14b02e65ad1ca740d62bcbfb646f2ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sea-shared-16.hostwindsdns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Jul 2024 00:35:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3360
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10362
x-xss-protection: 0
last-modified: Tue, 02 Jul 2024 04:25:50 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 08 Jul 2025 00:35:13 GMT

GET
H2 200 Ssw_0s2G0dM
www.youtube.com/embed/ Frame 3DAD 0
0 199ms
113ms Document
text/html 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/Ssw_0s2G0dM?autoplay=1&mute=0&controls=1&origin=https%3A%2F%2Fsea-shared-16.hostwindsdns.com&playsinline=1&showinfo=1&rel=0&iv_load_policy=3&modestbranding=1&enablejsapi=1&widgetid=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/5352eb4f/www-widgetapi.vflset/www-widgetapi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://sea-shared-16.hostwindsdns.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jul 2024 01:31:13 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 favi.ico
sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/lib/pics/ 5 KB
1 KB 175ms
174ms Other
image/x-icon 104.168.248.146
HOSTWINDS

General

Check archive.org

Show headers Download Go to

Full URL: https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/lib/pics/favi.ico
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.168.248.146 , United States, ASN54290 (HOSTWINDS, US),
Reverse DNS: sea-shared-16.hostwindsdns.com
Software: Apache /
Resource Hash: 1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/signin.php
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Jul 2024 01:31:14 GMT
content-encoding: br
last-modified: Mon, 01 Apr 2019 16:39:50 GMT
server: Apache
vary: Accept-Encoding
content-type: image/x-icon
accept-ranges: bytes
content-length: 1308

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: js-codes.com
URL: https://js-codes.com/modernizr/2.9.0/modernizr.min.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
sea-shared-16.hostwindsdns.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 71188f6d5772900dec31cbcec7bd9dc1
core.service.elfsight.com/	1970-01-20 21:53:22	Name: elfsight_viewed_recently Value: 1
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: fTk8qyjeQtg
.youtube.com/	1970-01-21 02:12:34	Name: VISITOR_INFO1_LIVE Value: y8eMvQGB3Vs
.youtube.com/	1970-01-21 02:12:34	Name: VISITOR_PRIVACY_METADATA Value: CgJERRIEEgAgLQ%3D%3D

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/signin.php Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
other	warning	URL: https://www.youtube.com/s/player/5352eb4f/www-widgetapi.vflset/www-widgetapi.js(Line 200) Message: Unrecognized feature: 'web-share'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

core.service.elfsight.com
files.elfsightcdn.com
js-codes.com
sea-shared-16.hostwindsdns.com
static.elfsight.com
www.youtube.com
js-codes.com
104.168.248.146
172.67.22.83
2606:4700:10::6816:455f
2606:4700:20::681a:4f7
2a00:1450:4001:80f::200e
2a00:1450:4001:810::200e
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
44334e15099fb14b56b78e0fa275cf5a74469c83dee771388b0df6fd1777d6f7
4653a3c27240c3e2d5d47fd13eeacbfe18069acb4f4f690537f7cf54f94e3f9f
843e67ad522a908162007f4b7601819a5bbfef00e38ac7aec778766da8b7b2ab
8c16a917ff563b054749ca2aac65fb55f1341e5dac5c35cff45878f263c5de74
96e567e55058088bf057ebeb964b202435a2c745a55f49df106fe22f2a9a8e11
ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
cec24a06e2e9c6dbe79ac537c1c0906c2896eb331ebe94fc3077075d78dc5a6f
d7a4d3c6bbb813b80afb47a45e75320ff14b02e65ad1ca740d62bcbfb646f2ad
f3a7f22d50be0450973b488fe1872538d6aa7761a4da57591938d06b6fd181ab
f757cad02adb9957838f1612f3cab5c35b2bf8e377fd216d6da3f379e4349360

sea-shared-16.hostwindsdns.com Open in urlscan Pro 104.168.248.146 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

93 %HTTPS

67 %IPv6

5 Domains

6 Subdomains

7 IPs

2 Countries

500 kBTransfer

1206 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

17 JavaScript Global Variables

5 Cookies

2 Console Messages

Indicators

sea-shared-16.hostwindsdns.com Open in urlscan Pro
104.168.248.146 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

93 %
HTTPS

67 %
IPv6

5
Domains

6
Subdomains

7
IPs

2
Countries

500 kB
Transfer

1206 kB
Size

5
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!