architecturalprojects.net.au Open in urlscan Pro
122.201.118.157  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request envis.html Show response architecturalprojects.net.au/	7 KB 2 KB	19ms 3ms	Document text/html	122.201.118.157 DREAMSCAPE-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://architecturalprojects.net.au/envis.html?colors=zyoqkioqkioqlmgqkioqkipayyoqkiouyyoqkioqkioqkioqkiouzni= Protocol H2 Security TLS 1.3, , AES_256_GCM Server 122.201.118.157 , Australia, ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU), Reverse DNS wc-nl04.syd02.ds.network Software Apache / Resource Hash d49cccc9c87875f73e567a72c080eccfb3092e809e608be8ca28dace8e051d68 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers accept-ranges bytes content-encoding gzip content-length 2050 content-type text/html date Wed, 23 Oct 2024 11:27:18 GMT last-modified Fri, 13 Sep 2024 16:09:17 GMT server Apache vary Accept-Encoding
GET H2	200	xmlrpc.js Show response architecturalprojects.net.au/	408 KB 180 KB	6ms 5ms	Script application/javascript	122.201.118.157 DREAMSCAPE-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://architecturalprojects.net.au/xmlrpc.js Requested by Host: architecturalprojects.net.au URL: https://architecturalprojects.net.au/envis.html?colors=zyoqkioqkioqlmgqkioqkipayyoqkiouyyoqkioqkioqkioqkiouzni= Protocol H2 Security TLS 1.3, , AES_256_GCM Server 122.201.118.157 , Australia, ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU), Reverse DNS wc-nl04.syd02.ds.network Software Apache / Resource Hash dc64f7d94e1d0749ce212bf9b5c77ad099f955b2ba653e7b98c357a151cc4c60 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://architecturalprojects.net.au/envis.html?colors=zyoqkioqkioqlmgqkioqkipayyoqkiouyyoqkioqkioqkioqkiouzni= Response headers accept-ranges bytes content-encoding gzip date Wed, 23 Oct 2024 11:27:18 GMT last-modified Sun, 13 Oct 2024 02:38:42 GMT vary Accept-Encoding server Apache content-type application/javascript
GET H3	200	ua-parser.min.js Show response cdnjs.cloudflare.com/ajax/libs/UAParser.js/0.7.31/	15 KB 7 KB	21ms 11ms	Script application/javascript	104.17.25.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/UAParser.js/0.7.31/ua-parser.min.js Requested by Host: architecturalprojects.net.au URL: https://architecturalprojects.net.au/envis.html?colors=zyoqkioqkioqlmgqkioqkipayyoqkiouyyoqkioqkioqkioqkiouzni= Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 02ea3dec8a4dd3072385528e010e2231083736143c4eb1c6741dc103ade99bf4 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://architecturalprojects.net.au/ Response headers cf-cdnjs-via cfworker/kv content-encoding br cf-cache-status HIT etag "6179331d-186c" age 556285 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lVBOnicYW4u%2BRbu0qGhbbVQsVY7VK2A%2FEuSzcYXh3YlHefQ0m%2FCvzUN3sa0MZ7pK2DKhsOvLnp92zTNrOpjtP69l2EKzjLq2Ka0e9Dx5Pa9RtQp%2BO9gnmyG9tQWE%2FhLGIWsCdVmq"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff expires Mon, 13 Oct 2025 11:27:18 GMT alt-svc h3=":443"; ma=86400 date Wed, 23 Oct 2024 11:27:18 GMT content-type application/javascript; charset=utf-8 last-modified Wed, 27 Oct 2021 11:08:13 GMT vary Accept-Encoding strict-transport-security max-age=15780000 cache-control public, max-age=30672000 timing-allow-origin * nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} cross-origin-resource-policy cross-origin cf-ray 8d71608a9a8a5d36-SYD accept-ranges bytes access-control-allow-origin * content-length 6252 server cloudflare
GET H2	200	v1 Show response openfpcdn.io/botd/	15 KB 5 KB	17ms 3ms	Script text/javascript	108.158.20.36 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://openfpcdn.io/botd/v1 Requested by Host: architecturalprojects.net.au URL: https://architecturalprojects.net.au/envis.html?colors=zyoqkioqkioqlmgqkioqkipayyoqkiouyyoqkioqkioqkioqkiouzni= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.158.20.36 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-158-20-36.syd62.r.cloudfront.net Software CloudFront / Resource Hash 29cb26e06f2a4a877f1134a46480d9b78f8b6e0e6f9b0fe67e34307c312b5a89 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://architecturalprojects.net.au Referer https://architecturalprojects.net.au/ Response headers content-encoding gzip etag W/"5co2cnhGrt59+8B+iLKwJesMrpA" age 6909 x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id x1RQkIw7PY32fSZH6H4eocawceGf9fRidAP1uhrbMapsDkqqGgjvFg== date Wed, 23 Oct 2024 09:32:09 GMT content-type text/javascript; charset=utf-8 vary Accept-Encoding strict-transport-security max-age=63072000; includeSubDomains; preload cache-control public, max-age=603118, s-maxage=10416 cross-origin-resource-policy cross-origin via 1.1 721ef19e45939954cd82c5c6b7f5854e.cloudfront.net (CloudFront) access-control-allow-origin * x-amz-cf-pop SYD62-P3 server CloudFront
GET H2	200	/ Show response api.ipify.org/	23 B 156 B	257ms 235ms	Fetch application/json	172.67.74.152 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.ipify.org/?format=json Requested by Host: architecturalprojects.net.au URL: https://architecturalprojects.net.au/xmlrpc.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.74.152 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 26073a34debdcbcd8f54d45ad7b3a9edb5ee16473bfb420d4819505da82f557e Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://architecturalprojects.net.au/ Response headers cf-cache-status DYNAMIC cf-ray 8d71608b8aeaaae1-SYD access-control-allow-origin * content-length 23 date Wed, 23 Oct 2024 11:27:18 GMT content-type application/json vary Origin server cloudflare
GET H2	200	/ Show response api.ipify.org/	23 B 75 B	452ms 235ms	Fetch application/json	172.67.74.152 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.ipify.org/?format=json Requested by Host: architecturalprojects.net.au URL: https://architecturalprojects.net.au/xmlrpc.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.74.152 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 26073a34debdcbcd8f54d45ad7b3a9edb5ee16473bfb420d4819505da82f557e Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://architecturalprojects.net.au/ Response headers cf-cache-status DYNAMIC cf-ray 8d71608d0c71aae1-SYD access-control-allow-origin * content-length 23 date Wed, 23 Oct 2024 11:27:18 GMT content-type application/json vary Origin server cloudflare
GET H2	200	microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg aadcdn.msftauth.net/shared/1.0/content/images/	4 KB 2 KB	319ms 4ms	Image image/svg+xml	152.199.39.108 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg Requested by Host: architecturalprojects.net.au URL: https://architecturalprojects.net.au/envis.html?colors=zyoqkioqkioqlmgqkioqkipayyoqkiouyyoqkioqkioqkioqkiouzni= Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.39.108 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (nwa/E794) / Resource Hash 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://architecturalprojects.net.au/ Response headers content-md5 nzaLxFgP7ZB3dfMcaybWzw== access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding content-encoding gzip x-ms-lease-status unlocked etag 0x8D79A1B9F5E121A age 18292631 x-ms-version 2009-09-19 x-cache HIT date Wed, 23 Oct 2024 11:27:18 GMT content-type image/svg+xml last-modified Thu, 16 Jan 2020 00:32:52 GMT vary Accept-Encoding cache-control public, max-age=31536000 x-ms-request-id 705e5c53-901e-00ce-6cdf-7e7c7f000000 accept-ranges bytes access-control-allow-origin * content-length 1435 x-ms-blob-type BlockBlob server ECAcc (nwa/E794)
GET H2	200	favicon.ico architecturalprojects.net.au/	894 B 957 B	3ms 3ms	Other image/x-icon	122.201.118.157 DREAMSCAPE-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://architecturalprojects.net.au/favicon.ico Protocol H2 Security TLS 1.3, , AES_256_GCM Server 122.201.118.157 , Australia, ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU), Reverse DNS wc-nl04.syd02.ds.network Software Apache / Resource Hash d19bdf0a7b845ff583114835c06a772c73ace52572ca2798e6fd988c09901525 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://architecturalprojects.net.au/envis.html?colors=zyoqkioqkioqlmgqkioqkipayyoqkiouyyoqkioqkioqkioqkiouzni= Response headers accept-ranges bytes content-length 894 date Wed, 23 Oct 2024 11:27:18 GMT last-modified Sun, 10 Mar 2019 09:51:14 GMT content-type image/x-icon server Apache
GET H2	200	/ Show response api.ipify.org/	23 B 99 B	234ms 234ms	Fetch application/json	172.67.74.152 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.ipify.org/?format=json Requested by Host: architecturalprojects.net.au URL: https://architecturalprojects.net.au/xmlrpc.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.74.152 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 26073a34debdcbcd8f54d45ad7b3a9edb5ee16473bfb420d4819505da82f557e Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://architecturalprojects.net.au/ Response headers cf-cache-status DYNAMIC cf-ray 8d71608edea0aae1-SYD access-control-allow-origin * content-length 23 date Wed, 23 Oct 2024 11:27:19 GMT content-type application/json vary Origin server cloudflare
POST H2	200	sendMessage Show response api.telegram.org/bot7107686937:AAGoqXlr31lmLR7qgVo_FFgSjoOSDhGFxSU/	986 B 1 KB	373ms 372ms	Fetch application/json	149.154.167.220 TELEGRAM
General Check archive.org Show headers Download Go to Full URL https://api.telegram.org/bot7107686937:AAGoqXlr31lmLR7qgVo_FFgSjoOSDhGFxSU/sendMessage Requested by Host: architecturalprojects.net.au URL: https://architecturalprojects.net.au/xmlrpc.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 149.154.167.220 London, United Kingdom, ASN62041 (TELEGRAM, VG), Reverse DNS Software nginx/1.18.0 / Resource Hash 01543a5e8e310f9fdf8b37d4e5a42296e321f03976c1db3b3751431e3b9ec0f0 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Content-Type application/json Referer https://architecturalprojects.net.au/ Response headers strict-transport-security max-age=31536000; includeSubDomains; preload access-control-expose-headers Content-Length,Content-Type,Date,Server,Connection access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * content-length 986 date Wed, 23 Oct 2024 11:27:20 GMT content-type application/json server nginx/1.18.0
OPTIONS H2	204	sendMessage api.telegram.org/bot7107686937:AAGoqXlr31lmLR7qgVo_FFgSjoOSDhGFxSU/	0 0	1056ms 248ms	Preflight	149.154.167.220 TELEGRAM
General Check archive.org Show headers Download Go to Full URL https://api.telegram.org/bot7107686937:AAGoqXlr31lmLR7qgVo_FFgSjoOSDhGFxSU/sendMessage Protocol H2 Security TLS 1.3, , AES_256_GCM Server 149.154.167.220 London, United Kingdom, ASN62041 (TELEGRAM, VG), Reverse DNS Software nginx/1.18.0 / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://architecturalprojects.net.au Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers access-control-allow-headers content-type access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * access-control-expose-headers Content-Length,Content-Type,Date,Server,Connection access-control-max-age 86400 date Wed, 23 Oct 2024 11:27:19 GMT server nginx/1.18.0
GET H2	200	favicon.ico architecturalprojects.net.au/	894 B 0	0ms 0ms	Other image/x-icon	122.201.118.157 DREAMSCAPE-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://architecturalprojects.net.au/favicon.ico Protocol H2 Security TLS 1.3, , AES_256_GCM Server 122.201.118.157 , Australia, ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU), Reverse DNS wc-nl04.syd02.ds.network Software Apache / Resource Hash d19bdf0a7b845ff583114835c06a772c73ace52572ca2798e6fd988c09901525 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://architecturalprojects.net.au/open-to-review-Microsoft2024-5440299 Response headers accept-ranges bytes content-length 894 date Wed, 23 Oct 2024 11:27:18 GMT last-modified Sun, 10 Mar 2019 09:51:14 GMT content-type image/x-icon server Apache

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| Mybooks object| BlockedRedirect object| blockedIps function| _0x1db7 function| _0x4712 function| _0x23cfc0 function| getRandomElement function| generateRandomNumber function| generateRandomUrl function| updateUrl function| handleClick function| getVisitorIP function| checkAndRedirect function| _0x20f8f4 object| BOOKS function| isBotUserAgent function| fetchUserIp function| sendMessageToTelegram function| logActivity function| getFormattedDateAndTime function| _0xcb0298 function| _0x4d9049 function| generateCaptcha function| getIconSVG function| lightenColor function| _0x1cadf3 function| checkColor function| startCountdown function| _0x7c64e9 function| UAParser function| checkers function| redirectToshop function| botdLoad

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msftauth.net
api.ipify.org
api.telegram.org
architecturalprojects.net.au
cdnjs.cloudflare.com
openfpcdn.io
104.17.25.14
108.158.20.36
122.201.118.157
149.154.167.220
152.199.39.108
172.67.74.152
01543a5e8e310f9fdf8b37d4e5a42296e321f03976c1db3b3751431e3b9ec0f0
02ea3dec8a4dd3072385528e010e2231083736143c4eb1c6741dc103ade99bf4
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
26073a34debdcbcd8f54d45ad7b3a9edb5ee16473bfb420d4819505da82f557e
29cb26e06f2a4a877f1134a46480d9b78f8b6e0e6f9b0fe67e34307c312b5a89
d19bdf0a7b845ff583114835c06a772c73ace52572ca2798e6fd988c09901525
d49cccc9c87875f73e567a72c080eccfb3092e809e608be8ca28dace8e051d68
dc64f7d94e1d0749ce212bf9b5c77ad099f955b2ba653e7b98c357a151cc4c60