cndjeopxqf.emplexes.tech Open in urlscan Pro
162.0.213.15 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://email.cloud2.secureclick.net/c/15040?id=5.4.1.236e0d49f7cad2f0f9b58eeee9c5e479#%20%20amJsQGdlbm1hYi5jb20=
Effective URL:
https://cndjeopxqf.emplexes.tech/m/38ab03482ba443b507becb2d81f7f2bc.html
Submission: On August 17 via manual (August 17th 2023, 11:51:29 am UTC) from IN — Scanned from DE

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 8 domains to perform 15 HTTP transactions. The main IP is 162.0.213.15, located in United States and belongs to NAMECHEAP-NET, US. The main domain is cndjeopxqf.emplexes.tech.
TLS certificate: Issued by R3 on August 17th 2023. Valid for: 3 months.

This is the only time cndjeopxqf.emplexes.tech was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	34.194.130.131 34.194.130.131	14618 (AMAZON-AES) (AMAZON-AES)
1	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	185.61.154.193 185.61.154.193	22612 (NAMECHEAP...) (NAMECHEAP-NET)
1 7	162.0.213.15 162.0.213.15	22612 (NAMECHEAP...) (NAMECHEAP-NET)
3	2606:4700::68... 2606:4700::6812:791	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
1	64.185.227.156 64.185.227.156	18450 (WEBNX) (WEBNX)
15	7

1 34.194.130.131 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-194-130-131.compute-1.amazonaws.com

email.cloud2.secureclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

iueuieuieireokd.everworkinc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.61.154.193 (United Kingdom)

ASN22612 (NAMECHEAP-NET, US)
PTR: premium82-2.web-hosting.com

cndjeopxqf.talktotonia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 162.0.213.15 (United States) 1 redirects

ASN22612 (NAMECHEAP-NET, US)
PTR: svr4.dkshostpage.host

cndjeopxqf.emplexes.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:791 (United States)

ASN13335 (CLOUDFLARENET, US)

falling-mud-0653.on.fleek.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.185.227.156 (Los Angeles, United States)

ASN18450 (WEBNX, US)
PTR: 64-185-227-156.static.webnx.com

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	emplexes.tech 1 redirects cndjeopxqf.emplexes.tech	28 KB
3	fleek.co falling-mud-0653.on.fleek.co	189 KB
1	ipify.org api.ipify.org — Cisco Umbrella Rank: 2820	221 B
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 424	31 KB
1	talktotonia.com cndjeopxqf.talktotonia.com Failed	429 B
1	everworkinc.com iueuieuieireokd.everworkinc.com	2 KB
1	secureclick.net 1 redirects email.cloud2.secureclick.net — Cisco Umbrella Rank: 100938	77 B
0	opeller.tech Failed mwuulhqsti.opeller.tech Failed
15	8

	Domain	Requested by
7	cndjeopxqf.emplexes.tech	1 redirects cndjeopxqf.talktotonia.com cndjeopxqf.emplexes.tech
3	falling-mud-0653.on.fleek.co	cndjeopxqf.emplexes.tech
1	api.ipify.org	ajax.googleapis.com
1	ajax.googleapis.com	cndjeopxqf.emplexes.tech
1	cndjeopxqf.talktotonia.com	iueuieuieireokd.everworkinc.com
1	iueuieuieireokd.everworkinc.com
1	email.cloud2.secureclick.net	1 redirects
0	mwuulhqsti.opeller.tech Failed	ajax.googleapis.com
15	8

This site contains no links.

Subject Issuer	Validity	Valid
everworkinc.com GTS CA 1P5	`2023-08-10` - `2023-11-08`	3 months	crt.sh
www.cndjeopxqf.emplexes.tech R3	`2023-08-17` - `2023-11-15`	3 months	crt.sh
fleek.co Cloudflare Inc ECC CA-3	`2023-04-08` - `2024-04-07`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
*.ipify.org Sectigo RSA Domain Validation Secure Server CA	`2023-02-07` - `2024-02-18`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://cndjeopxqf.emplexes.tech/m/38ab03482ba443b507becb2d81f7f2bc.html
Frame ID: ED5C5B964A95001C32C1DFA29A5D2DAA
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

J5CK51RE86HPYF7LCVJV

Page URL History Show full URLs

https://email.cloud2.secureclick.net/c/15040?id=5.4.1.236e0d49f7cad2f0f9b58eeee9c5e479 HTTP 302
https://iueuieuieireokd.everworkinc.com/.0ff./ Page URL
http://cndjeopxqf.talktotonia.com/ Page URL
https://cndjeopxqf.emplexes.tech/?email=jbl@genmab.com HTTP 302
https://cndjeopxqf.emplexes.tech/m/38ab03482ba443b507becb2d81f7f2bc.html Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

80 %
HTTPS

43 %
IPv6

8
Domains

8
Subdomains

7
IPs

3
Countries

251 kB
Transfer

699 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://email.cloud2.secureclick.net/c/15040?id=5.4.1.236e0d49f7cad2f0f9b58eeee9c5e479 HTTP 302
https://iueuieuieireokd.everworkinc.com/.0ff./ Page URL
http://cndjeopxqf.talktotonia.com/ Page URL
https://cndjeopxqf.emplexes.tech/?email=jbl@genmab.com HTTP 302
https://cndjeopxqf.emplexes.tech/m/38ab03482ba443b507becb2d81f7f2bc.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://email.cloud2.secureclick.net/c/15040?id=5.4.1.236e0d49f7cad2f0f9b58eeee9c5e479 HTTP 302
https://iueuieuieireokd.everworkinc.com/.0ff./

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
iueuieuieireokd.everworkinc.com/.0ff./
Redirect Chain

https://email.cloud2.secureclick.net/c/15040?id=5.4.1.236e0d49f7cad2f0f9b58eeee9c5e479
https://iueuieuieireokd.everworkinc.com/.0ff./

7 KB
2 KB

359ms
245ms

Document
text/html

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://iueuieuieireokd.everworkinc.com/.0ff./
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: 911438496edb20b19964ddbeb402975a3d70aa99c1437e6b479a350ccaf21343

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7f81b455fab39b6e-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 17 Aug 2023 11:51:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QNfIngn8dDvn%2FjWgjXktcYaHg%2FScLtJJG1qBvSj2koscaRUuQEZuB2QTHQ3hug8TZE2MaQUlhkuHytJZzHGI1YdJ5lQACoJzYFVBkAHpYl01faGmPaBDdFe%2FZl9cx0XvZpd2JlvKxzX4Zi7znE9dC%2FMW40uj4zQPX6tNKD2m"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33

Redirect headers

content-length: 0
date: Thu, 17 Aug 2023 11:51:18 GMT
location: https://iueuieuieireokd.everworkinc.com/.0ff./

GET /
cndjeopxqf.talktotonia.com/ 0
0

GET
H/1.1 200
OK /
cndjeopxqf.talktotonia.com/ 208 B
429 B 303ms
139ms Document
text/html 185.61.154.193
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: http://cndjeopxqf.talktotonia.com/
Requested by: Host: iueuieuieireokd.everworkinc.com
URL: https://iueuieuieireokd.everworkinc.com/.0ff./
Protocol: HTTP/1.1
Server: 185.61.154.193 , United Kingdom, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium82-2.web-hosting.com
Software: LiteSpeed / PHP/8.0.29
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-length: 157
content-type: text/html; charset=UTF-8
date: Thu, 17 Aug 2023 11:51:19 GMT
keep-alive: timeout=5, max=100
server: LiteSpeed
vary: Accept-Encoding
x-powered-by: PHP/8.0.29
x-turbo-charged-by: LiteSpeed

GET
H/1.1

200
OK

Primary Request 38ab03482ba443b507becb2d81f7f2bc.html Show response
cndjeopxqf.emplexes.tech/m/
Redirect Chain

https://cndjeopxqf.emplexes.tech/?email=jbl@genmab.com
https://cndjeopxqf.emplexes.tech/m/38ab03482ba443b507becb2d81f7f2bc.html

11 KB
3 KB

515ms
512ms

Document
text/html

162.0.213.15
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://cndjeopxqf.emplexes.tech/m/38ab03482ba443b507becb2d81f7f2bc.html
Requested by: Host: cndjeopxqf.talktotonia.com
URL: http://cndjeopxqf.talktotonia.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 162.0.213.15 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: svr4.dkshostpage.host
Software: Apache/2.4.56 (Unix) OpenSSL/1.0.2k-fips / PHP/7.4.1
Resource Hash: 3e819f78a64bffe9496751a183c8beda72c60100b33a358feb43ac02d821fbcf

Request headers

Referer: http://cndjeopxqf.talktotonia.com/#jbl@genmab.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 2493
Content-Type: text/html; charset=UTF-8
Date: Thu, 17 Aug 2023 11:51:23 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=99
Pragma: no-cache
Server: Apache/2.4.56 (Unix) OpenSSL/1.0.2k-fips
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/7.4.1

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Thu, 17 Aug 2023 11:51:22 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=100
Location: m/38ab03482ba443b507becb2d81f7f2bc.html
Pragma: no-cache
Server: Apache/2.4.56 (Unix) OpenSSL/1.0.2k-fips
Transfer-Encoding: chunked
Vary: User-Agent
X-Powered-By: PHP/7.4.1

GET
H/1.1 200
OK S4XTQTV7KCKGM8IUT18FMYO15
cndjeopxqf.emplexes.tech/m/sm/ 106 KB
18 KB 261ms
260ms Stylesheet
text/html 162.0.213.15
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://cndjeopxqf.emplexes.tech/m/sm/S4XTQTV7KCKGM8IUT18FMYO15
Requested by: Host: cndjeopxqf.emplexes.tech
URL: https://cndjeopxqf.emplexes.tech/m/38ab03482ba443b507becb2d81f7f2bc.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 162.0.213.15 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: svr4.dkshostpage.host
Software: Apache/2.4.56 (Unix) OpenSSL/1.0.2k-fips / PHP/7.4.1
Resource Hash: 932974a2d9966e2e6e45882d3d4b8e81293c79934a0ab235e112bffcea506ce9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cndjeopxqf.emplexes.tech/m/38ab03482ba443b507becb2d81f7f2bc.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date: Thu, 17 Aug 2023 11:51:23 GMT
Content-Encoding: gzip
Server: Apache/2.4.56 (Unix) OpenSSL/1.0.2k-fips
X-Powered-By: PHP/7.4.1
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 17683

GET
H2 200 style.css
falling-mud-0653.on.fleek.co/ 9 KB
3 KB 875ms
772ms Stylesheet
text/css 2606:4700::6812:791
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://falling-mud-0653.on.fleek.co/style.css

Requested by

Host: cndjeopxqf.emplexes.tech
URL: https://cndjeopxqf.emplexes.tech/m/38ab03482ba443b507becb2d81f7f2bc.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:791 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b51da51dd021309909e81ba36a46c3025db898061430b7ea48656cf9d1458ad7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cndjeopxqf.emplexes.tech/
Origin: https://cndjeopxqf.emplexes.tech
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Thu, 17 Aug 2023 11:51:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
age: 79455
x-cache-status: HIT
x-xss-protection: 0
x-request-id: bf698d314e3cf6316d41d3c49a7cf813
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-ipfs-roots: bafybeicma56mrvxa3z6nxwhkuxg2e3yu36bb5m5ualz37ny7um2f52nc6e,QmP8eWpyEeLuwPPLhnU2yhxqcggUjggxsdg5APPQPt3x8Z
etag: W/"QmP8eWpyEeLuwPPLhnU2yhxqcggUjggxsdg5APPQPt3x8Z"
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: max-age=10, stale-while-revalidate=600
x-ipfs-path: /ipfs/bafybeicma56mrvxa3z6nxwhkuxg2e3yu36bb5m5ualz37ny7um2f52nc6e/style.css
access-control-max-age: 86400
cf-ray: 7f81b4762a474d22-FRA
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
expires: Thu, 17 Aug 2023 15:51:24 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
31 KB 140ms
48ms Script
text/javascript 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js?Q3RJS4R7PWUR3B9I5JIZWPXEA

Requested by

Host: cndjeopxqf.emplexes.tech
URL: https://cndjeopxqf.emplexes.tech/m/38ab03482ba443b507becb2d81f7f2bc.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cndjeopxqf.emplexes.tech/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Thu, 17 Aug 2023 11:51:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 16 Aug 2024 11:51:23 GMT

GET
H/1.1 200
OK Wd.png
cndjeopxqf.emplexes.tech/m/mxl/ 2 KB
3 KB 186ms
185ms Image
image/png 162.0.213.15
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cndjeopxqf.emplexes.tech/m/mxl/Wd.png
Requested by: Host: cndjeopxqf.emplexes.tech
URL: https://cndjeopxqf.emplexes.tech/m/38ab03482ba443b507becb2d81f7f2bc.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 162.0.213.15 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: svr4.dkshostpage.host
Software: Apache/2.4.56 (Unix) OpenSSL/1.0.2k-fips /
Resource Hash: d043aa4f6eef2d8949cc3e2c7046bd139858fc4cc76a239d97a9dc8c4109c47a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cndjeopxqf.emplexes.tech/m/38ab03482ba443b507becb2d81f7f2bc.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date: Thu, 17 Aug 2023 11:51:24 GMT
Last-Modified: Thu, 17 Aug 2023 01:18:58 GMT
Server: Apache/2.4.56 (Unix) OpenSSL/1.0.2k-fips
ETag: "8fc-60314324e8bac"
Vary: User-Agent
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 2300

GET
H/1.1 200
OK mlg.svg
cndjeopxqf.emplexes.tech/m/mxl/ 4 KB
2 KB 188ms
187ms Image
image/svg+xml 162.0.213.15
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cndjeopxqf.emplexes.tech/m/mxl/mlg.svg?V3KMG5MB17U1M7UUYKF3GX4W3
Requested by: Host: cndjeopxqf.emplexes.tech
URL: https://cndjeopxqf.emplexes.tech/m/38ab03482ba443b507becb2d81f7f2bc.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 162.0.213.15 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: svr4.dkshostpage.host
Software: Apache/2.4.56 (Unix) OpenSSL/1.0.2k-fips /
Resource Hash: 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cndjeopxqf.emplexes.tech/m/38ab03482ba443b507becb2d81f7f2bc.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date: Thu, 17 Aug 2023 11:51:24 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Aug 2023 01:18:58 GMT
Server: Apache/2.4.56 (Unix) OpenSSL/1.0.2k-fips
ETag: "e43-60314324e87c4-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1435

GET
H/1.1 200
OK sig_op.svg
cndjeopxqf.emplexes.tech/m/mxl/ 2 KB
990 B 371ms
185ms Image
image/svg+xml 162.0.213.15
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cndjeopxqf.emplexes.tech/m/mxl/sig_op.svg
Requested by: Host: cndjeopxqf.emplexes.tech
URL: https://cndjeopxqf.emplexes.tech/m/38ab03482ba443b507becb2d81f7f2bc.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 162.0.213.15 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: svr4.dkshostpage.host
Software: Apache/2.4.56 (Unix) OpenSSL/1.0.2k-fips /
Resource Hash: 8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cndjeopxqf.emplexes.tech/m/38ab03482ba443b507becb2d81f7f2bc.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date: Thu, 17 Aug 2023 11:51:24 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Aug 2023 01:18:58 GMT
Server: Apache/2.4.56 (Unix) OpenSSL/1.0.2k-fips
ETag: "638-60314324e8bac-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 621

GET
H2 200 authy.js Show response
falling-mud-0653.on.fleek.co/ 275 KB
115 KB 663ms
582ms Script
text/javascript 2606:4700::6812:791
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://falling-mud-0653.on.fleek.co/authy.js?4YU7FWLZ6B8YH1REO0L7A92M7

Requested by

Host: cndjeopxqf.emplexes.tech
URL: https://cndjeopxqf.emplexes.tech/m/38ab03482ba443b507becb2d81f7f2bc.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:791 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6304a8a73696be287eabbfd8354c2a939bac877d340420ae538187c463726a98

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cndjeopxqf.emplexes.tech/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Thu, 17 Aug 2023 11:51:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
x-cache-status: MISS
x-xss-protection: 0
x-request-id: a3499711153407677c439536147211f7
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-ipfs-roots: bafybeicma56mrvxa3z6nxwhkuxg2e3yu36bb5m5ualz37ny7um2f52nc6e,QmNLmN2AoNFCJsgRoThyjHNuxdDjC1iTAvNx1qnnFnXRUj
etag: W/"QmNLmN2AoNFCJsgRoThyjHNuxdDjC1iTAvNx1qnnFnXRUj"
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: max-age=10, stale-while-revalidate=600
x-ipfs-path: /ipfs/bafybeicma56mrvxa3z6nxwhkuxg2e3yu36bb5m5ualz37ny7um2f52nc6e/authy.js
access-control-max-age: 86400
cf-ray: 7f81b478ca9d3a80-FRA
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
expires: Thu, 17 Aug 2023 15:51:24 GMT

GET
H2 200 encrytCode.js Show response
falling-mud-0653.on.fleek.co/ 195 KB
72 KB 578ms
577ms Script
text/javascript 2606:4700::6812:791
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://falling-mud-0653.on.fleek.co/encrytCode.js?1UM5GGFFG4O43E63MUDOEKQLH

Requested by

Host: cndjeopxqf.emplexes.tech
URL: https://cndjeopxqf.emplexes.tech/m/38ab03482ba443b507becb2d81f7f2bc.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:791 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b294d339f709a0620968800517ed512f5ea76a8d06959ff59f6f2ec6f3fdcdb7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cndjeopxqf.emplexes.tech/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Thu, 17 Aug 2023 11:51:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
x-cache-status: MISS
x-xss-protection: 0
x-request-id: 41dd058f72611af056d3ab8cb25e57ae
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-ipfs-roots: bafybeicma56mrvxa3z6nxwhkuxg2e3yu36bb5m5ualz37ny7um2f52nc6e,QmSKGgG2sDRWa8EacJe3hWZPKUAtprLepR6kLmzm4dfGpn
etag: W/"QmSKGgG2sDRWa8EacJe3hWZPKUAtprLepR6kLmzm4dfGpn"
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: max-age=10, stale-while-revalidate=600
x-ipfs-path: /ipfs/bafybeicma56mrvxa3z6nxwhkuxg2e3yu36bb5m5ualz37ny7um2f52nc6e/encrytCode.js
access-control-max-age: 86400
cf-ray: 7f81b47afe1f3a80-FRA
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
expires: Thu, 17 Aug 2023 15:51:25 GMT

GET
H/1.1 200
OK KCF5C12836HB01O7F7JDP4BHH
cndjeopxqf.emplexes.tech/m/bxg/ 2 KB
2 KB 436ms
249ms Image
text/html 162.0.213.15
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cndjeopxqf.emplexes.tech/m/bxg/KCF5C12836HB01O7F7JDP4BHH
Requested by: Host: cndjeopxqf.emplexes.tech
URL: https://cndjeopxqf.emplexes.tech/m/38ab03482ba443b507becb2d81f7f2bc.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 162.0.213.15 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: svr4.dkshostpage.host
Software: Apache/2.4.56 (Unix) OpenSSL/1.0.2k-fips / PHP/7.4.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cndjeopxqf.emplexes.tech/m/38ab03482ba443b507becb2d81f7f2bc.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date: Thu, 17 Aug 2023 11:51:24 GMT
Content-Encoding: gzip
Server: Apache/2.4.56 (Unix) OpenSSL/1.0.2k-fips
X-Powered-By: PHP/7.4.1
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 673

GET
H/1.1 200
OK / Show response
api.ipify.org/ 21 B
221 B 358ms
111ms XHR
application/json 64.185.227.156
WEBNX

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js?Q3RJS4R7PWUR3B9I5JIZWPXEA
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 64.185.227.156 Los Angeles, United States, ASN18450 (WEBNX, US),
Reverse DNS: 64-185-227-156.static.webnx.com
Software: nginx/1.25.1 /
Resource Hash: 022e8f3d4025683154125cfbaa3f875010c3608dbc95787f7acf421c6cadfe1e

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://cndjeopxqf.emplexes.tech/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Aug 2023 11:51:25 GMT
Server: nginx/1.25.1
Connection: keep-alive
Content-Length: 21
Vary: Origin
Content-Type: application/json

POST /
mwuulhqsti.opeller.tech/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cndjeopxqf.talktotonia.com
URL: http://cndjeopxqf.talktotonia.com/

Domain: mwuulhqsti.opeller.tech
URL: https://mwuulhqsti.opeller.tech/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

102 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			cndjeopxqf.emplexes.tech/	1969-12-31 23:59:59	Name: PHPSESSID Value: f5221f98572a67358095180aadc2e355
			cndjeopxqf.emplexes.tech/	1970-01-20 14:04:33	Name: rt Value: 38ab03482ba443b507becb2d81f7f2bc.html

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
api.ipify.org
cndjeopxqf.emplexes.tech
cndjeopxqf.talktotonia.com
email.cloud2.secureclick.net
falling-mud-0653.on.fleek.co
iueuieuieireokd.everworkinc.com
mwuulhqsti.opeller.tech
cndjeopxqf.talktotonia.com
mwuulhqsti.opeller.tech
162.0.213.15
185.61.154.193
2606:4700::6812:791
2a00:1450:4001:80f::200a
2a06:98c1:3120::3
34.194.130.131
64.185.227.156
022e8f3d4025683154125cfbaa3f875010c3608dbc95787f7acf421c6cadfe1e
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
3e819f78a64bffe9496751a183c8beda72c60100b33a358feb43ac02d821fbcf
6304a8a73696be287eabbfd8354c2a939bac877d340420ae538187c463726a98
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
911438496edb20b19964ddbeb402975a3d70aa99c1437e6b479a350ccaf21343
932974a2d9966e2e6e45882d3d4b8e81293c79934a0ab235e112bffcea506ce9
b294d339f709a0620968800517ed512f5ea76a8d06959ff59f6f2ec6f3fdcdb7
b51da51dd021309909e81ba36a46c3025db898061430b7ea48656cf9d1458ad7
d043aa4f6eef2d8949cc3e2c7046bd139858fc4cc76a239d97a9dc8c4109c47a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

cndjeopxqf.emplexes.tech Open in urlscan Pro 162.0.213.15 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

80 %HTTPS

43 %IPv6

8 Domains

8 Subdomains

7 IPs

3 Countries

251 kBTransfer

699 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

102 JavaScript Global Variables

2 Cookies

Indicators

cndjeopxqf.emplexes.tech Open in urlscan Pro
162.0.213.15 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

80 %
HTTPS

43 %
IPv6

8
Domains

8
Subdomains

7
IPs

3
Countries

251 kB
Transfer

699 kB
Size

2
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!