urlscan.io logo urlscan.io
SecurityTrails logo

opposites.imgix.net Open in urlscan Pro
2a04:4e42:41::720  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://7favfprt.hrproperty.com/?ref=aHR0cHM6Ly9vcHBvc2l0ZXMuaW1naXgubmV0L3BhZ2Uvc25vd3NoLmh0bWw
Effective URL: https://opposites.imgix.net/page/snowsh.html
Submission: On December 30 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 4 countries across 5 domains to perform 19 HTTP transactions. The main IP is 2a04:4e42:41::720, located in Vienna, Austria and belongs to FASTLY, US. The main domain is opposites.imgix.net.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2022 Q2 on June 1st 2022. Valid for: a year.
This is the only time opposites.imgix.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 192.185.138.191 19871 (NETWORK-S...)
1 2a04:4e42:41:... 54113 (FASTLY)
1 15 139.162.167.121 63949 (AKAMAI-AP...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2620:1ec:4e:1... 8075 (MICROSOFT...)
19 6
1    192.185.138.191 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: luxindo.net
7favfprt.hrproperty.com
1    2a04:4e42:41::720 (Vienna, Austria)

ASN54113 (FASTLY, US)
opposites.imgix.net
15    139.162.167.121 (Frankfurt am Main, Germany)

ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG)
PTR: 139-162-167-121.ip.linodeusercontent.com
honapalestine.com
1    2a00:1450:400d:807::200a (Ireland)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2620:1ec:4e:1::44 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
aadcdn.msauth.net
Apex Domain
Subdomains		 Transfer
15 honapalestine.com
honapalestine.com
803 KB
1 msauth.net
aadcdn.msauth.net — Cisco Umbrella Rank: 2586
17 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 520
30 KB
1 imgix.net
opposites.imgix.net Failed
86 KB
1 hrproperty.com
7favfprt.hrproperty.com
350 B
19 5
Domain Requested by
15 honapalestine.com 1 redirects 7favfprt.hrproperty.com
honapalestine.com
1 aadcdn.msauth.net 7favfprt.hrproperty.com
1 ajax.googleapis.com 7favfprt.hrproperty.com
1 opposites.imgix.net 7favfprt.hrproperty.com
1 7favfprt.hrproperty.com
19 5

This site contains no links.

Subject Issuer Validity Valid
*.hrproperty.com
R3		 2022-11-30 -
2023-02-28		 3 months crt.sh
*.imgix.com
GlobalSign Atlas R3 DV TLS CA 2022 Q2		 2022-06-01 -
2023-07-03		 a year crt.sh
honapalestine.com
cPanel, Inc. Certification Authority		 2022-12-24 -
2023-03-24		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
aadcdn.msauth.net
DigiCert SHA2 Secure Server CA		 2022-08-23 -
2023-08-23		 a year crt.sh

This page contains 2 frames:

Primary Page: https://opposites.imgix.net/page/snowsh.html
Frame ID: 103E86E8A02F7D4107B99829810AAAA5
Requests: 8 HTTP requests in this frame

Frame: https://honapalestine.com/1/frontend/web/index.php?/
Frame ID: 2C6E419DBC987FCC0986DD158E5F4ED4
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Microsoft | Login

Page URL History Show full URLs

  1. https://7favfprt.hrproperty.com/?ref=aHR0cHM6Ly9vcHBvc2l0ZXMuaW1naXgubmV0L3BhZ2Uvc25vd3NoLmh0bWw Page URL
  2. https://opposites.imgix.net/page/snowsh.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

95 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

6
IPs

4
Countries

936 kB
Transfer

2222 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://7favfprt.hrproperty.com/?ref=aHR0cHM6Ly9vcHBvc2l0ZXMuaW1naXgubmV0L3BhZ2Uvc25vd3NoLmh0bWw Page URL
  2. https://opposites.imgix.net/page/snowsh.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://honapalestine.com/ HTTP 301
  • https://honapalestine.com/1/frontend/web/index.php?/

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
7favfprt.hrproperty.com/ 		372 B
350 B 		Document
General
Check archive.org
Download Go to
Full URL
https://7favfprt.hrproperty.com/?ref=aHR0cHM6Ly9vcHBvc2l0ZXMuaW1naXgubmV0L3BhZ2Uvc25vd3NoLmh0bWw
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.138.191 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
luxindo.net
Software
Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-length
253
content-type
text/html; charset=UTF-8
date
Fri, 30 Dec 2022 17:25:14 GMT
server
Apache
vary
Accept-Encoding
snowsh.html
opposites.imgix.net/page/ 		0
0
Primary Request snowsh.html
opposites.imgix.net/page/ 		1 MB
86 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://opposites.imgix.net/page/snowsh.html
Requested by
Host: 7favfprt.hrproperty.com
URL: https://7favfprt.hrproperty.com/?ref=aHR0cHM6Ly9vcHBvc2l0ZXMuaW1naXgubmV0L3BhZ2Uvc25vd3NoLmh0bWw
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:41::720 Vienna, Austria, ASN54113 (FASTLY, US),
Reverse DNS
Software
imgix /
Resource Hash
6c83b7aac6251bfdbc97fa2229d4aa5955723f857a9f8a6ea917da6fd4108dd3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://7favfprt.hrproperty.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
760833
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
87405
content-type
text/html
cross-origin-resource-policy
cross-origin
date
Fri, 30 Dec 2022 17:25:14 GMT
last-modified
Wed, 30 Nov 2022 18:55:31 GMT
server
imgix
vary
Accept-Encoding
x-cache
HIT, HIT
x-content-type-options
nosniff
x-imgix-id
633c7e0f071d3e8f6af6020ac14beca1fb025a72
x-imgix-render-farm
02.552
x-served-by
cache-sjc10067-SJC, cache-vie6335-VIE
index.php
honapalestine.com/1/frontend/web/ Frame 2C6E
Redirect Chain
  • https://honapalestine.com/
  • https://honapalestine.com/1/frontend/web/index.php?/
37 KB
37 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://honapalestine.com/1/frontend/web/index.php?/
Requested by
Host: 7favfprt.hrproperty.com
URL: https://7favfprt.hrproperty.com/?ref=aHR0cHM6Ly9vcHBvc2l0ZXMuaW1naXgubmV0L3BhZ2Uvc25vd3NoLmh0bWw
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
139.162.167.121 Frankfurt am Main, Germany, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG),
Reverse DNS
139-162-167-121.ip.linodeusercontent.com
Software
Apache /
Resource Hash
10be4061d3f185f4dbee01b19a7ef27f1ecb2225fa3ec38831b579d58f893d63

Request headers

Referer
https://opposites.imgix.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Fri, 30 Dec 2022 17:25:14 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=99
Pragma
no-cache
Server
Apache
Transfer-Encoding
chunked

Redirect headers

Connection
Keep-Alive
Content-Length
260
Content-Type
text/html; charset=iso-8859-1
Date
Fri, 30 Dec 2022 17:25:14 GMT
Keep-Alive
timeout=5, max=100
Location
https://honapalestine.com/1/frontend/web/index.php?/
Server
Apache
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 		84 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Requested by
Host: 7favfprt.hrproperty.com
URL: https://7favfprt.hrproperty.com/?ref=aHR0cHM6Ly9vcHBvc2l0ZXMuaW1naXgubmV0L3BhZ2Uvc25vd3NoLmh0bWw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:807::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://opposites.imgix.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Fri, 30 Dec 2022 14:22:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
10959
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30028
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 30 Dec 2023 14:22:35 GMT
favicon_a_eupayfgghqiai7k9sol6lg2.ico
aadcdn.msauth.net/ests/2.1/content/images/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Requested by
Host: 7favfprt.hrproperty.com
URL: https://7favfprt.hrproperty.com/?ref=aHR0cHM6Ly9vcHBvc2l0ZXMuaW1naXgubmV0L3BhZ2Uvc25vd3NoLmh0bWw
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:4e:1::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://opposites.imgix.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 30 Dec 2022 17:25:13 GMT
x-azure-ref-originshield
0362pYwAAAACt49aQKKqORIZ7qdExKqZZRlJBMjMxMDUwNDE3MDM1ADM5YTEyZjdlLTg5OWYtNDZjZi1hNmQwLTI0YmJiYTI3ZDk1Ng==
content-md5
EuPayFgGHQiAI7K9SOL6lg==
x-cache
TCP_HIT
content-length
17174
x-ms-lease-status
unlocked
last-modified
Fri, 02 Nov 2018 20:25:25 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D6410152A9D7E1
x-azure-ref
0+h6vYwAAAACVrB4C2KMKSY6noJv92sEnRlJBMzFFREdFMDkwOQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
content-type
image/x-icon
access-control-allow-origin
*
x-ms-request-id
3da1d6e8-401e-0053-780f-192946000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
truncated
/ 		16 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
90355719997bdae64237fba1548abd6a2eb0f4545baa1dd4488e3080af827db5

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ 		8 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6cf799f2f4976f33994548a741b39d05097c35e3c991fb4dc6db5e66f05b4b2b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		17 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/jpeg
bootstrap.css
honapalestine.com/1/frontend/web/assets/e189e3b3/css/ Frame 2C6E 		134 KB
134 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://honapalestine.com/1/frontend/web/assets/e189e3b3/css/bootstrap.css
Requested by
Host: honapalestine.com
URL: https://honapalestine.com/1/frontend/web/index.php?/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
139.162.167.121 Frankfurt am Main, Germany, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG),
Reverse DNS
139-162-167-121.ip.linodeusercontent.com
Software
Apache /
Resource Hash
a60a31e4e77b8fb6360b986653ac24762db5249892d8907099b7109d2194110c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://honapalestine.com/1/frontend/web/index.php?/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 30 Dec 2022 17:25:15 GMT
Last-Modified
Sat, 12 Nov 2022 19:09:21 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
137067
site.css
honapalestine.com/1/frontend/web/css/ Frame 2C6E 		4 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://honapalestine.com/1/frontend/web/css/site.css
Requested by
Host: honapalestine.com
URL: https://honapalestine.com/1/frontend/web/index.php?/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
139.162.167.121 Frankfurt am Main, Germany, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG),
Reverse DNS
139-162-167-121.ip.linodeusercontent.com
Software
Apache /
Resource Hash
582f76b71ec0ea4234e8dddfae8ffcbf2720ef1ab032007cc576b6f5655bd96d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://honapalestine.com/1/frontend/web/index.php?/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 30 Dec 2022 17:25:15 GMT
Last-Modified
Tue, 23 Feb 2021 15:23:02 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
4505
logo-en.png
honapalestine.com/1/frontend/web/images/ Frame 2C6E 		45 KB
45 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://honapalestine.com/1/frontend/web/images/logo-en.png
Requested by
Host: honapalestine.com
URL: https://honapalestine.com/1/frontend/web/index.php?/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
139.162.167.121 Frankfurt am Main, Germany, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG),
Reverse DNS
139-162-167-121.ip.linodeusercontent.com
Software
Apache /
Resource Hash
e8ef5539c64ac61c78376b43a0f94931a28e2fd1f881ef69f48beef7fa020092

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://honapalestine.com/1/frontend/web/index.php?/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 30 Dec 2022 17:25:15 GMT
Last-Modified
Sun, 07 Feb 2021 16:47:20 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
46230
listenlive.png
honapalestine.com/1/frontend/web/images/ Frame 2C6E 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://honapalestine.com/1/frontend/web/images/listenlive.png
Requested by
Host: honapalestine.com
URL: https://honapalestine.com/1/frontend/web/index.php?/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
139.162.167.121 Frankfurt am Main, Germany, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG),
Reverse DNS
139-162-167-121.ip.linodeusercontent.com
Software
Apache /
Resource Hash
3148bd7a6b8dbca08aa10ff96e92480c6721bb598a653975de8d07644cd5d03c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://honapalestine.com/1/frontend/web/index.php?/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 30 Dec 2022 17:25:15 GMT
Last-Modified
Thu, 19 Mar 2015 05:44:44 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1683
icons.png
honapalestine.com/1/frontend/web/images/ Frame 2C6E 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://honapalestine.com/1/frontend/web/images/icons.png
Requested by
Host: honapalestine.com
URL: https://honapalestine.com/1/frontend/web/index.php?/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
139.162.167.121 Frankfurt am Main, Germany, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG),
Reverse DNS
139-162-167-121.ip.linodeusercontent.com
Software
Apache /
Resource Hash
eb7fdfcbd99bf082b8ec1b01b9235fc4ac2eda32260c9649e622887226388083

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://honapalestine.com/1/frontend/web/index.php?/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 30 Dec 2022 17:25:15 GMT
Last-Modified
Thu, 19 Mar 2015 05:44:42 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
1934
playstore.png
honapalestine.com/1/frontend/web/images/ Frame 2C6E 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://honapalestine.com/1/frontend/web/images/playstore.png
Requested by
Host: honapalestine.com
URL: https://honapalestine.com/1/frontend/web/index.php?/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
139.162.167.121 Frankfurt am Main, Germany, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG),
Reverse DNS
139-162-167-121.ip.linodeusercontent.com
Software
Apache /
Resource Hash
c1743f3e2fd2ee1505d390d6f76844c792c30a78bf218906f60dfcef524d0e4b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://honapalestine.com/1/frontend/web/index.php?/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 30 Dec 2022 17:25:15 GMT
Last-Modified
Thu, 19 Mar 2015 13:45:28 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
1932
appstore.png
honapalestine.com/1/frontend/web/images/ Frame 2C6E 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://honapalestine.com/1/frontend/web/images/appstore.png
Requested by
Host: honapalestine.com
URL: https://honapalestine.com/1/frontend/web/index.php?/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
139.162.167.121 Frankfurt am Main, Germany, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG),
Reverse DNS
139-162-167-121.ip.linodeusercontent.com
Software
Apache /
Resource Hash
cc4bbe4a360ae7bf8389551de370cbb809b6f6113162611e49935ea78c9c4fd5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://honapalestine.com/1/frontend/web/index.php?/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 30 Dec 2022 17:25:15 GMT
Last-Modified
Thu, 19 Mar 2015 13:45:32 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
1886
jquery.js
honapalestine.com/1/frontend/web/assets/493c98da/ Frame 2C6E 		242 KB
242 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://honapalestine.com/1/frontend/web/assets/493c98da/jquery.js
Requested by
Host: honapalestine.com
URL: https://honapalestine.com/1/frontend/web/index.php?/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
139.162.167.121 Frankfurt am Main, Germany, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG),
Reverse DNS
139-162-167-121.ip.linodeusercontent.com
Software
Apache /
Resource Hash
140ff438eaaede046f1ceba27579d16dc980595709391873fa9bf74d7dbe53ac

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://honapalestine.com/1/frontend/web/index.php?/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 30 Dec 2022 17:25:15 GMT
Last-Modified
Sat, 12 Nov 2022 19:09:21 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
247351
yii.js
honapalestine.com/1/frontend/web/assets/df38217b/ Frame 2C6E 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://honapalestine.com/1/frontend/web/assets/df38217b/yii.js
Requested by
Host: honapalestine.com
URL: https://honapalestine.com/1/frontend/web/index.php?/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
139.162.167.121 Frankfurt am Main, Germany, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG),
Reverse DNS
139-162-167-121.ip.linodeusercontent.com
Software
Apache /
Resource Hash
0627fdabfd9eba150779553058e3804ceaeecac7a3d171b30e3888c190dd4d75

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://honapalestine.com/1/frontend/web/index.php?/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 30 Dec 2022 17:25:15 GMT
Last-Modified
Sat, 12 Nov 2022 19:09:21 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
11269
bootstrap.js
honapalestine.com/1/frontend/web/assets/e189e3b3/js/ Frame 2C6E 		66 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://honapalestine.com/1/frontend/web/assets/e189e3b3/js/bootstrap.js
Requested by
Host: honapalestine.com
URL: https://honapalestine.com/1/frontend/web/index.php?/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
139.162.167.121 Frankfurt am Main, Germany, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG),
Reverse DNS
139-162-167-121.ip.linodeusercontent.com
Software
Apache /
Resource Hash
c68fd9f7f7c8165a37c795ebfa68f958fc5e03cdefc2a586ad682199065c3330

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://honapalestine.com/1/frontend/web/index.php?/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 30 Dec 2022 17:25:15 GMT
Last-Modified
Sat, 12 Nov 2022 19:09:21 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
67155
bg.jpg
honapalestine.com/1/frontend/web/images/ Frame 2C6E 		93 KB
93 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://honapalestine.com/1/frontend/web/images/bg.jpg
Requested by
Host: honapalestine.com
URL: https://honapalestine.com/1/frontend/web/index.php?/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
139.162.167.121 Frankfurt am Main, Germany, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG),
Reverse DNS
139-162-167-121.ip.linodeusercontent.com
Software
Apache /
Resource Hash
bf2efe4f3d31a2b32eebef2a558e932c8e2af5af65655ec47b3faaf5cb5bf6b9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://honapalestine.com/1/frontend/web/index.php?/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 30 Dec 2022 17:25:15 GMT
Last-Modified
Thu, 19 Mar 2015 05:44:20 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
95466
searchenglishbgar.png
honapalestine.com/1/frontend/web/images/ Frame 2C6E 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://honapalestine.com/1/frontend/web/images/searchenglishbgar.png
Requested by
Host: honapalestine.com
URL: https://honapalestine.com/1/frontend/web/index.php?/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
139.162.167.121 Frankfurt am Main, Germany, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG),
Reverse DNS
139-162-167-121.ip.linodeusercontent.com
Software
Apache /
Resource Hash
8f6698dbec805855eb12e7b9e24bcc1037d405848bcaffa02f729d4085509c61

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://honapalestine.com/1/frontend/web/index.php?/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 30 Dec 2022 17:25:15 GMT
Last-Modified
Tue, 23 Feb 2021 17:40:44 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
22665
FrutigerLTArabic-55Roman.ttf
honapalestine.com/1/frontend/web/css/ Frame 2C6E 		138 KB
138 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://honapalestine.com/1/frontend/web/css/FrutigerLTArabic-55Roman.ttf
Requested by
Host: honapalestine.com
URL: https://honapalestine.com/1/frontend/web/css/site.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
139.162.167.121 Frankfurt am Main, Germany, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG),
Reverse DNS
139-162-167-121.ip.linodeusercontent.com
Software
Apache /
Resource Hash
b11988ec901296b86acc9d6656f9b9cda7798a17bd021c9b0843d9789bf448cd

Request headers

Referer
https://honapalestine.com/1/frontend/web/css/site.css
Origin
https://honapalestine.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 30 Dec 2022 17:25:15 GMT
Last-Modified
Fri, 20 Mar 2015 08:10:18 GMT
Server
Apache
Content-Type
font/ttf
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
141480

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
opposites.imgix.net
URL
https://opposites.imgix.net/page/snowsh.html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontentvisibilityautostatechange string| s string| m function| _0x5089 function| _0x19f5 string| text string| file function| $ function| jQuery function| _0x2e46 function| _0x406a function| _0x536086 string| title string| si string| error string| na string| co string| cayr string| mic1 string| next string| ep string| msg string| mic string| fp2 string| submitbtn string| mic2 string| loadtext string| sio string| c2021 string| pst

0 Cookies

2 Console Messages

Source Level URL
Text
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

7favfprt.hrproperty.com
aadcdn.msauth.net
ajax.googleapis.com
honapalestine.com
opposites.imgix.net
opposites.imgix.net
139.162.167.121
192.185.138.191
2620:1ec:4e:1::44
2a00:1450:400d:807::200a
2a04:4e42:41::720
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0627fdabfd9eba150779553058e3804ceaeecac7a3d171b30e3888c190dd4d75
10be4061d3f185f4dbee01b19a7ef27f1ecb2225fa3ec38831b579d58f893d63
140ff438eaaede046f1ceba27579d16dc980595709391873fa9bf74d7dbe53ac
3148bd7a6b8dbca08aa10ff96e92480c6721bb598a653975de8d07644cd5d03c
582f76b71ec0ea4234e8dddfae8ffcbf2720ef1ab032007cc576b6f5655bd96d
6c83b7aac6251bfdbc97fa2229d4aa5955723f857a9f8a6ea917da6fd4108dd3
6cf799f2f4976f33994548a741b39d05097c35e3c991fb4dc6db5e66f05b4b2b
8f6698dbec805855eb12e7b9e24bcc1037d405848bcaffa02f729d4085509c61
90355719997bdae64237fba1548abd6a2eb0f4545baa1dd4488e3080af827db5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
a60a31e4e77b8fb6360b986653ac24762db5249892d8907099b7109d2194110c
b11988ec901296b86acc9d6656f9b9cda7798a17bd021c9b0843d9789bf448cd
bf2efe4f3d31a2b32eebef2a558e932c8e2af5af65655ec47b3faaf5cb5bf6b9
c1743f3e2fd2ee1505d390d6f76844c792c30a78bf218906f60dfcef524d0e4b
c68fd9f7f7c8165a37c795ebfa68f958fc5e03cdefc2a586ad682199065c3330
cc4bbe4a360ae7bf8389551de370cbb809b6f6113162611e49935ea78c9c4fd5
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3
e8ef5539c64ac61c78376b43a0f94931a28e2fd1f881ef69f48beef7fa020092
eb7fdfcbd99bf082b8ec1b01b9235fc4ac2eda32260c9649e622887226388083