ehsanta.com Open in urlscan Pro
2606:4700:30::6818:7d8d  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response ehsanta.com/Support/juan/	2 KB 1 KB	92ms 48ms	Document text/html	2606:4700:30::6818:7d8d Cloudflare
General Check archive.org Show headers Download Go to Full URL https://ehsanta.com/Support/juan/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::6818:7d8d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / PHP/5.4.45 Resource Hash 36dbe36e62082ff81bfd6af7fe712013da107cbc6d38e83028b0135aa5b1b938 Request headers :method GET :authority ehsanta.com :scheme https :path /Support/juan/ pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers status 200 date Tue, 16 Apr 2019 13:44:41 GMT content-type text/html; charset=UTF-8 set-cookie __cfduid=d5026553cd8006be2f91305353e2be27d1555422281; expires=Wed, 15-Apr-20 13:44:41 GMT; path=/; domain=.ehsanta.com; HttpOnly x-powered-by PHP/5.4.45 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 4c86986add1f6355-FRA content-encoding br
GET H2	200	log.css ehsanta.com/Support/juan/cs/xBanana/lib/css/	76 KB 13 KB	14ms 13ms	Stylesheet text/css	2606:4700:30::6818:7d8d Cloudflare
General Check archive.org Show headers Download Go to Full URL https://ehsanta.com/Support/juan/cs/xBanana/lib/css/log.css Requested by Host: ehsanta.com URL: https://ehsanta.com/Support/juan/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::6818:7d8d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 182717d4e386cc3da173cad4562b61bd2cd9ef8bdcc19d7c7ca4c89254c1c340 Request headers :path /Support/juan/cs/xBanana/lib/css/log.css pragma no-cache cookie __cfduid=d5026553cd8006be2f91305353e2be27d1555422281 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,*/*;q=0.1 cache-control no-cache :authority ehsanta.com referer https://ehsanta.com/Support/juan/ :scheme https :method GET Referer https://ehsanta.com/Support/juan/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 16 Apr 2019 13:44:41 GMT content-encoding br cf-cache-status HIT last-modified Fri, 28 Dec 2018 06:23:42 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=14400 cf-ray 4c86986b3d6f6355-FRA expires Tue, 16 Apr 2019 17:44:41 GMT
GET H2	200	api.js Show response www.google.com/recaptcha/	762 B 546 B	18ms 17ms	Script text/javascript	2a00:1450:4001:824::2004 Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js Requested by Host: ehsanta.com URL: https://ehsanta.com/Support/juan/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a00:1450:4001:824::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software GSE / Resource Hash b9b8ef6b88b16d3b65955c4209e539f0f75deb19b77c24787e7266b706f679a1 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://ehsanta.com/Support/juan/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 16 Apr 2019 13:44:41 GMT content-encoding gzip x-content-type-options nosniff server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 status 200 cache-control private, max-age=300 alt-svc quic=":443"; ma=2592000; v="46,44,43,39" content-length 448 x-xss-protection 1; mode=block expires Tue, 16 Apr 2019 13:44:41 GMT
GET H2	200	pp.svg ehsanta.com/Support/juan/cs/xBanana/lib/img/	4 KB 2 KB	12ms 11ms	Image image/svg+xml	2606:4700:30::6818:7d8d Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://ehsanta.com/Support/juan/cs/xBanana/lib/img/pp.svg Requested by Host: ehsanta.com URL: https://ehsanta.com/Support/juan/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::6818:7d8d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 85816cdb3190281e1d4ce7ef9bb5688a68ed4e1d43fa366ba2197680e528e490 Request headers :path /Support/juan/cs/xBanana/lib/img/pp.svg pragma no-cache cookie __cfduid=d5026553cd8006be2f91305353e2be27d1555422281 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority ehsanta.com referer https://ehsanta.com/Support/juan/ :scheme https :method GET Referer https://ehsanta.com/Support/juan/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 16 Apr 2019 13:44:41 GMT content-encoding br cf-cache-status HIT last-modified Sat, 29 Dec 2018 02:02:38 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/svg+xml status 200 cache-control public, max-age=14400 cf-ray 4c86986b3d706355-FRA expires Tue, 16 Apr 2019 17:44:41 GMT
GET H2	200	recaptcha__en.js Show response www.gstatic.com/recaptcha/api2/v1554100419869/	261 KB 91 KB	7ms 6ms	Script text/javascript	2a00:1450:4001:820::2003 Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/api2/v1554100419869/recaptcha__en.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a00:1450:4001:820::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 07a045bd0b098c8ca4b92ec31d5247281c8db4ea451d53db155b50bd2e388a70 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://ehsanta.com/Support/juan/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 02 Apr 2019 21:39:51 GMT content-encoding gzip x-content-type-options nosniff last-modified Mon, 01 Apr 2019 21:15:00 GMT server sffe age 1181090 vary Accept-Encoding content-type text/javascript status 200 cache-control public, max-age=31536000 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="46,44,43,39" content-length 93196 x-xss-protection 0 expires Wed, 01 Apr 2020 21:39:51 GMT
GET H2	200	bck.jpeg ehsanta.com/Support/juan/cs/xBanana/lib/img/	156 KB 156 KB	10ms 10ms	Image image/jpeg	2606:4700:30::6818:7d8d Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://ehsanta.com/Support/juan/cs/xBanana/lib/img/bck.jpeg Requested by Host: ehsanta.com URL: https://ehsanta.com/Support/juan/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::6818:7d8d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 19455abeb5d16262ebc0ad8c9d07c8e7832510dabc6bc821937b7e22b51c5004 Request headers :path /Support/juan/cs/xBanana/lib/img/bck.jpeg pragma no-cache cookie __cfduid=d5026553cd8006be2f91305353e2be27d1555422281 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority ehsanta.com referer https://ehsanta.com/Support/juan/ :scheme https :method GET Referer https://ehsanta.com/Support/juan/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 16 Apr 2019 13:44:41 GMT cf-cache-status HIT last-modified Fri, 28 Dec 2018 02:06:28 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4c86986b5db06355-FRA content-length 159976 expires Tue, 16 Apr 2019 17:44:41 GMT
GET H2	200	anchor www.google.com/recaptcha/api2/ Frame 9096	0 0	43ms 41ms	Document text/html	2a00:1450:4001:824::2004 Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf1BJsUAAAAADg5nPjJCXIDCPwKzRX4OEPQjWYE&co=aHR0cHM6Ly9laHNhbnRhLmNvbTo0NDM.&hl=en&v=v1554100419869&size=normal&cb=pm3o94ai219q Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/api2/v1554100419869/recaptcha__en.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a00:1450:4001:824::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software GSE / Resource Hash Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-4kymRja5QQgCvuZEOslOiA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :method GET :authority www.google.com :scheme https :path /recaptcha/api2/anchor?ar=1&k=6Lf1BJsUAAAAADg5nPjJCXIDCPwKzRX4OEPQjWYE&co=aHR0cHM6Ly9laHNhbnRhLmNvbTo0NDM.&hl=en&v=v1554100419869&size=normal&cb=pm3o94ai219q pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 referer https://ehsanta.com/Support/juan/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://ehsanta.com/Support/juan/ Response headers status 200 content-type text/html; charset=utf-8 cache-control no-cache, no-store, max-age=0, must-revalidate pragma no-cache expires Mon, 01 Jan 1990 00:00:00 GMT date Tue, 16 Apr 2019 13:44:41 GMT content-security-policy script-src 'report-sample' 'nonce-4kymRja5QQgCvuZEOslOiA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-encoding gzip x-content-type-options nosniff x-xss-protection 1; mode=block content-length 11343 server GSE alt-svc quic=":443"; ma=2592000; v="46,44,43,39"
GET H2	200	bframe www.google.com/recaptcha/api2/ Frame ADA6	0 0	32ms 30ms	Document text/html	2a00:1450:4001:824::2004 Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/bframe?hl=en&v=v1554100419869&k=6Lf1BJsUAAAAADg5nPjJCXIDCPwKzRX4OEPQjWYE&cb=ufyzmt78s6su Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/api2/v1554100419869/recaptcha__en.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a00:1450:4001:824::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software GSE / Resource Hash Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-ZK1MeBDPFmogpVNAbEaDuQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :method GET :authority www.google.com :scheme https :path /recaptcha/api2/bframe?hl=en&v=v1554100419869&k=6Lf1BJsUAAAAADg5nPjJCXIDCPwKzRX4OEPQjWYE&cb=ufyzmt78s6su pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 referer https://ehsanta.com/Support/juan/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://ehsanta.com/Support/juan/ Response headers status 200 content-type text/html; charset=utf-8 cache-control no-cache, no-store, max-age=0, must-revalidate pragma no-cache expires Mon, 01 Jan 1990 00:00:00 GMT date Tue, 16 Apr 2019 13:44:41 GMT content-security-policy script-src 'report-sample' 'nonce-ZK1MeBDPFmogpVNAbEaDuQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-encoding gzip x-content-type-options nosniff x-xss-protection 1; mode=block content-length 1118 server GSE alt-svc quic=":443"; ma=2592000; v="46,44,43,39"

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| ___grecaptcha_cfg object| grecaptcha boolean| __google_recaptcha_client function| correctCaptcha object| recaptcha object| closure_lm_863160

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.ehsanta.com/	1970-01-19 08:49:18	Name: __cfduid Value: d5026553cd8006be2f91305353e2be27d1555422281

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ehsanta.com
www.google.com
www.gstatic.com
2606:4700:30::6818:7d8d
2a00:1450:4001:820::2003
2a00:1450:4001:824::2004
07a045bd0b098c8ca4b92ec31d5247281c8db4ea451d53db155b50bd2e388a70
182717d4e386cc3da173cad4562b61bd2cd9ef8bdcc19d7c7ca4c89254c1c340
19455abeb5d16262ebc0ad8c9d07c8e7832510dabc6bc821937b7e22b51c5004
36dbe36e62082ff81bfd6af7fe712013da107cbc6d38e83028b0135aa5b1b938
85816cdb3190281e1d4ce7ef9bb5688a68ed4e1d43fa366ba2197680e528e490
b9b8ef6b88b16d3b65955c4209e539f0f75deb19b77c24787e7266b706f679a1