post-ch-b5c6d2.ingress-baronn.ewp.live

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 7 HTTP transactions. The main IP is 63.250.43.10, located in United States and belongs to NAMECHEAP-NET, US. The main domain is post-ch-b5c6d2.ingress-baronn.ewp.live.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 24th 2022. Valid for: a year.

This is the only time post-ch-b5c6d2.ingress-baronn.ewp.live was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 1	119.18.54.95 119.18.54.95	394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY)
1 3	63.250.43.10 63.250.43.10	22612 (NAMECHEAP...) (NAMECHEAP-NET)
3	2600:9000:219... 2600:9000:2190:9200:15:285b:5440:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:303... 2606:4700:3033::6815:3f36	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	3

1 119.18.54.95 (India) 1 redirects

ASN394695 (PUBLIC-DOMAIN-REGISTRY, US)

pravaas.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 63.250.43.10 (United States) 1 redirects

ASN22612 (NAMECHEAP-NET, US)
PTR: ingress-baronn.easywp.com

post-ch-b5c6d2.ingress-baronn.ewp.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2190:9200:15:285b:5440:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.pay2.secured-by-ingenico.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3033::6815:3f36 (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	secured-by-ingenico.com assets.pay2.secured-by-ingenico.com — Cisco Umbrella Rank: 743242	33 KB
3	ewp.live 1 redirects post-ch-b5c6d2.ingress-baronn.ewp.live	213 KB
2	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1112	84 KB
1	pravaas.com 1 redirects pravaas.com	115 B
7	4

	Domain	Requested by
3	assets.pay2.secured-by-ingenico.com	post-ch-b5c6d2.ingress-baronn.ewp.live assets.pay2.secured-by-ingenico.com
3	post-ch-b5c6d2.ingress-baronn.ewp.live	1 redirects post-ch-b5c6d2.ingress-baronn.ewp.live
2	use.fontawesome.com	post-ch-b5c6d2.ingress-baronn.ewp.live use.fontawesome.com
1	pravaas.com	1 redirects
7	4

This site contains links to these domains. Also see Links.

Domain
www.dhl.ch
payment.pay2.secured-by-ingenico.com

Subject Issuer	Validity	Valid
*.ingress-baronn.ewp.live Sectigo RSA Domain Validation Secure Server CA	`2022-05-24` - `2023-05-24`	a year	crt.sh
assets.secured-by-ingenico.com Amazon	`2021-10-19` - `2022-11-16`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-06` - `2023-06-05`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/
Frame ID: D7DF8C996E18D27959E83D645F14833E
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

MasterCard - Zusätzliche Informationen

Page URL History Show full URLs

https://pravaas.com/ch/ HTTP 302
https://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj HTTP 301
http://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/ HTTP 307
https://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/ Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

7
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

330 kB
Transfer

472 kB
Size

0
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: http://www.dhl.ch/de.html
Title: Startseite

Search URL Search Domain Scan URL

URL: http://www.dhl.ch/de/rechtliche_hinweise.html#t_c
Title: Nutzungsbedingungen

Search URL Search Domain Scan URL

URL: https://payment.pay2.secured-by-ingenico.com/checkout/6742-3c6ca89d905040d3ae7e1a5d4871fa92:64be154f-0626-4068-993f-cb3ec16ebe73:3063e5608e0e4797938d333e66912794/privacy.html
Title: Datenschutzrichtlinie

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://pravaas.com/ch/ HTTP 302
https://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj HTTP 301
http://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/ HTTP 307
https://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/
Redirect Chain

https://pravaas.com/ch/
https://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj
http://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/
https://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/

39 KB
7 KB

161ms
160ms

Document
text/html

63.250.43.10
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.10 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-baronn.easywp.com

Software

nginx /

Resource Hash

7ac28ced4ffec739ff3ac227e4814d7003012cf2a2178a3e30186fe9d4b8f8d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 746
cache-control: public
content-encoding: gzip
content-length: 6461
content-type: text/html; charset=UTF-8
date: Mon, 18 Jul 2022 10:18:28 GMT
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=15768000
vary: Accept-Encoding
x-cache: HIT
x-cacheable: YES
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/
Non-Authoritative-Reason: HSTS

GET
H2 200 ruxitagentjs_ICA2SVfqrux_10219210719121502.js.download Show response
post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/files/ 206 KB
206 KB 162ms
161ms Script
application/octet-stream 63.250.43.10
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/files/ruxitagentjs_ICA2SVfqrux_10219210719121502.js.download

Requested by

Host: post-ch-b5c6d2.ingress-baronn.ewp.live
URL: https://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.10 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-baronn.easywp.com

Software

nginx /

Resource Hash

4e1ee10a401c38e620a515a306d9ee7279e0b65ac2cd21e428bc1cb0cd1fa29e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 18 Jul 2022 10:18:28 GMT
x-content-type-options: nosniff
x-cacheable: YES
age: 746
x-cache: HIT
content-length: 210450
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 18 Jul 2022 08:21:26 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: "62d51806-33612"
strict-transport-security: max-age=15768000
content-type: application/octet-stream
cache-control: public
accept-ranges: bytes

GET
H2 200 html-header.css
assets.pay2.secured-by-ingenico.com/templates/generic/responsive/wro/ 90 KB
17 KB 134ms
26ms Stylesheet
text/css 2600:9000:2190:9200:15:285b:5440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.pay2.secured-by-ingenico.com/templates/generic/responsive/wro/html-header.css?hash=798bdc858747c8c656e8e9cd5897f58615b99ac5
Requested by: Host: post-ch-b5c6d2.ingress-baronn.ewp.live
URL: https://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:9200:15:285b:5440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.54 (Unix) OpenSSL/1.1.1o /
Resource Hash: 57e41c14852c136c48b507239b72d17dc9259dbf1f4828b7c7d83b3820b5a364

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://post-ch-b5c6d2.ingress-baronn.ewp.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 13:10:05 GMT
content-encoding: gzip
last-modified: Wed, 06 Jul 2022 10:29:43 GMT
server: Apache/2.4.54 (Unix) OpenSSL/1.1.1o
age: 1027250
etag: "19c3ac971dffef16b28fb6391abc7c3782eaeefd"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css;charset=UTF-8
via: 1.1 e1532b3ffd3d84bfecb9972a863a75ee.cloudfront.net (CloudFront)
cache-control: public, max-age=315360000
x-amz-cf-pop: ZRH50-C1
content-length: 16595
x-amz-cf-id: -9wi8opENCn3_kMhAVA0i9JNNB93M4R2f1GkiaPxU2wOIHSxZRb3_w==
expires: Thu, 06 Jul 2023 10:29:43 GMT

GET
H2 200 all.css
use.fontawesome.com/releases/v5.5.0/css/ 50 KB
12 KB 172ms
129ms Stylesheet
text/css 2606:4700:3033::6815:3f36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.5.0/css/all.css
Requested by: Host: post-ch-b5c6d2.ingress-baronn.ewp.live
URL: https://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e4cac65c7a5ee0bd0743afefcabdd3e73854e1284ac9ac433813d6231f550f2

Request headers

Referer: https://post-ch-b5c6d2.ingress-baronn.ewp.live/
Origin: https://post-ch-b5c6d2.ingress-baronn.ewp.live
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 18 Jul 2022 10:30:55 GMT
content-encoding: br
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 5EGWEEBNKXXW9ZY0
access-control-allow-methods: GET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: TxWBrNqGowFXSTeqwgbhcPmG3uTIOuS/stkyZUQHap2Ew0/ygiv9EV1ieO+kpYrH9fDpfRXaBtg=
last-modified: Wed, 30 Jun 2021 15:43:32 GMT
server: cloudflare
etag: W/"1cc6c92172d124fbd305ba3d8e263333"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FJaP1ZIgIISIp64djulfOCF40%2FCgqG%2BTJ0Ybiqg2b7jYOCNUNA3J4jM%2B4kfmDnhcdV6kshBeCKfQKjU3BFOEVtVytmcd89Nj4XRBcYLsD2yCvWu5kcrq5mDfKiLBdpsV%2FbD4wE9YEz2Idz4i8NDP38Ms"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
cf-ray: 72ca8b76acf89b95-FRA

GET
H2 200 DHL_rgb_300x66.png
assets.pay2.secured-by-ingenico.com/assets/6742/1e0d56b535f2690df49197fbde5a60b5d3c7c4e0/ 7 KB
8 KB 26ms
25ms Image
image/png 2600:9000:2190:9200:15:285b:5440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.pay2.secured-by-ingenico.com/assets/6742/1e0d56b535f2690df49197fbde5a60b5d3c7c4e0/DHL_rgb_300x66.png?size=300x66
Requested by: Host: post-ch-b5c6d2.ingress-baronn.ewp.live
URL: https://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:9200:15:285b:5440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.54 (Unix) OpenSSL/1.1.1o /
Resource Hash: 3762059e0b188a72b2873a5758701799ab8000390207406500ae68ca25b2e2ff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://post-ch-b5c6d2.ingress-baronn.ewp.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 13:03:48 GMT
via: 1.1 e1532b3ffd3d84bfecb9972a863a75ee.cloudfront.net (CloudFront)
last-modified: Wed, 07 Apr 2021 14:52:14 GMT
server: Apache/2.4.54 (Unix) OpenSSL/1.1.1o
age: 1027628
etag: 1e0d56b535f2690df49197fbde5a60b5d3c7c4e0
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=31536000000
x-amz-cf-pop: ZRH50-C1
content-length: 7338
x-amz-cf-id: xfVf021_Sv8Sk55-XT_o_2uGlo02C6bzfgX_qJAMA4_D2woOuNZQ1A==
expires: Thu, 06 Jul 2023 13:03:48 GMT

GET
H2 200 icons.woff
assets.pay2.secured-by-ingenico.com/templates/generic/responsive/global/fonts/icons/ 9 KB
9 KB 80ms
26ms Font
application/font-woff 2600:9000:2190:9200:15:285b:5440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.pay2.secured-by-ingenico.com/templates/generic/responsive/global/fonts/icons/icons.woff?mn9aw4
Requested by: Host: assets.pay2.secured-by-ingenico.com
URL: https://assets.pay2.secured-by-ingenico.com/templates/generic/responsive/wro/html-header.css?hash=798bdc858747c8c656e8e9cd5897f58615b99ac5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:9200:15:285b:5440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.54 (Unix) OpenSSL/1.1.1p /
Resource Hash: 97fbe33023fe314b0f76128757e5cb818dee430cd0985e4c418b6bb4b93df78b

Request headers

Referer: https://assets.pay2.secured-by-ingenico.com/templates/generic/responsive/wro/html-header.css?hash=798bdc858747c8c656e8e9cd5897f58615b99ac5
Origin: https://post-ch-b5c6d2.ingress-baronn.ewp.live
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 18 Jul 2022 10:22:25 GMT
via: 1.1 8c175d0adc08dac3750e9201b76886e8.cloudfront.net (CloudFront)
last-modified: Tue, 21 Jun 2022 08:48:38 GMT
server: Apache/2.4.54 (Unix) OpenSSL/1.1.1p
age: 511
etag: W/"+1yoEtZ+vAQBZ5CUhtM0LA=="
vary: Origin
x-cache: Hit from cloudfront
content-type: application/font-woff
access-control-allow-origin: https://post-ch-b5c6d2.ingress-baronn.ewp.live
cache-control: public, max-age=31536000000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: 8_XVFil4gsEPU6j600Ab-wA2VUx2KFD_bNTs8xsY__JwbRF0SzM8Ig==
expires: Tue, 18 Jul 2023 10:22:25 GMT

GET
H2 200 fa-solid-900.woff2
use.fontawesome.com/releases/v5.5.0/webfonts/ 72 KB
73 KB 405ms
405ms Font
font/woff2 2606:4700:3033::6815:3f36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.5.0/webfonts/fa-solid-900.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.5.0/css/all.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7798165ee5a3c6809310d8261dcbe7c8d0c12d795b7b09a71af3eb86ec8f33f2

Request headers

Referer: https://use.fontawesome.com/releases/v5.5.0/css/all.css
Origin: https://post-ch-b5c6d2.ingress-baronn.ewp.live
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 18 Jul 2022 10:30:56 GMT
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: J2133SXH2TNWWGR9
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 73852
x-amz-id-2: 0UFI/DMQgsilUXEKB6tjSz1DjLEtFKHaF07vNKT/1z6eCpWglRtAsmopwOrygI7vx3Z03+DaPMU=
last-modified: Wed, 30 Jun 2021 15:43:51 GMT
server: cloudflare
etag: "fb493903265cad425ccdf8e04fc2de61"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kzUl9Ypp85Hr3BGFnJxxeZaRDxsbzJC9eC%2B46Haq1w5Gg%2B5v6qUFOlkDafu1mz32oAzRXy8%2BgdZXwvW3xtXseNBOB5YmY775mUNfhOpj7PuE3BZ4pREuTn5csdj3Ta%2Fh86q0axnHg08u0msQbhqg8bUR"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 72ca8b7aab509b95-FRA

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/ Message: Refused to execute script from 'https://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/files/ruxitagentjs_ICA2SVfqrux_10219210719121502.js.download' because its MIME type ('application/octet-stream') is not executable, and strict MIME type checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.pay2.secured-by-ingenico.com
post-ch-b5c6d2.ingress-baronn.ewp.live
pravaas.com
use.fontawesome.com
119.18.54.95
2600:9000:2190:9200:15:285b:5440:93a1
2606:4700:3033::6815:3f36
63.250.43.10
3762059e0b188a72b2873a5758701799ab8000390207406500ae68ca25b2e2ff
4e1ee10a401c38e620a515a306d9ee7279e0b65ac2cd21e428bc1cb0cd1fa29e
57e41c14852c136c48b507239b72d17dc9259dbf1f4828b7c7d83b3820b5a364
7798165ee5a3c6809310d8261dcbe7c8d0c12d795b7b09a71af3eb86ec8f33f2
7ac28ced4ffec739ff3ac227e4814d7003012cf2a2178a3e30186fe9d4b8f8d7
97fbe33023fe314b0f76128757e5cb818dee430cd0985e4c418b6bb4b93df78b
9e4cac65c7a5ee0bd0743afefcabdd3e73854e1284ac9ac433813d6231f550f2

post-ch-b5c6d2.ingress-baronn.ewp.live Open in urlscan Pro 63.250.43.10 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

3 IPs

2 Countries

330 kBTransfer

472 kBSize

0 Cookies

3 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

0 Cookies

1 Console Messages

Security Headers

Indicators

post-ch-b5c6d2.ingress-baronn.ewp.live Open in urlscan Pro
63.250.43.10 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

330 kB
Transfer

472 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!