urlscan.io logo urlscan.io
SecurityTrails logo

feedback.sixflags.com Open in urlscan Pro
2606:4700::6811:88f9  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://newsletter.sixflags.com/ga/click/2-rQdkVmL19GQuFWby9GZusGAFp_g-16-12148-23862-44441-9e6932fea3-339abe4929
Effective URL: https://feedback.sixflags.com/AdvisoryPanel/unsubscribe.aspx
Submission Tags: phishing malicious Search All
Submission: On December 15 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 2606:4700::6811:88f9, located in United States and belongs to CLOUDFLARENET, US. The main domain is feedback.sixflags.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 30th 2020. Valid for: a year.
This is the only time feedback.sixflags.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 174.143.221.28 33070 (RMH-14)
1 7 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
7 2
Apex Domain
Subdomains		 Transfer
8 sixflags.com
newsletter.sixflags.com
feedback.sixflags.com
27 KB
1 googleapis.com
ajax.googleapis.com
51 KB
7 2
Domain Requested by
7 feedback.sixflags.com 1 redirects feedback.sixflags.com
1 ajax.googleapis.com feedback.sixflags.com
1 newsletter.sixflags.com 1 redirects
7 3

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-07-30 -
2021-07-30		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://feedback.sixflags.com/AdvisoryPanel/unsubscribe.aspx
Frame ID: B977469ACC750FD2547BC27FDF01FF9C
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://newsletter.sixflags.com/ga/click/2-rQdkVmL19GQuFWby9GZusGAFp_g-16-12148-23862-44441-9e6932fea3-339ab... HTTP 302
    https://feedback.sixflags.com/bye?e=k.dorman%40ou.edu HTTP 302
    https://feedback.sixflags.com/AdvisoryPanel/unsubscribe.aspx Page URL

Detected technologies

Overall confidence: 50%
Detected patterns
  • html /<input[^>]+name="__VIEWSTATE/i
Overall confidence: 100%
Detected patterns
  • html /<input[^>]+name="__VIEWSTATE/i
Overall confidence: 50%
Detected patterns
  • html /<input[^>]+name="__VIEWSTATE/i
Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

7
Requests

100 %
HTTPS

67 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

76 kB
Transfer

234 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://newsletter.sixflags.com/ga/click/2-rQdkVmL19GQuFWby9GZusGAFp_g-16-12148-23862-44441-9e6932fea3-339abe4929 HTTP 302
    https://feedback.sixflags.com/bye?e=k.dorman%40ou.edu HTTP 302
    https://feedback.sixflags.com/AdvisoryPanel/unsubscribe.aspx Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request unsubscribe.aspx
feedback.sixflags.com/AdvisoryPanel/
Redirect Chain
  • http://newsletter.sixflags.com/ga/click/2-rQdkVmL19GQuFWby9GZusGAFp_g-16-12148-23862-44441-9e6932fea3-339abe4929
  • https://feedback.sixflags.com/bye?e=k.dorman%40ou.edu
  • https://feedback.sixflags.com/AdvisoryPanel/unsubscribe.aspx
4 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://feedback.sixflags.com/AdvisoryPanel/unsubscribe.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:88f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
ef31710f01b17c7668a0a80b9dd7e9a6d475431b659e916e565ac1c4b07716f7

Request headers

:method
GET
:authority
feedback.sixflags.com
:scheme
https
:path
/AdvisoryPanel/unsubscribe.aspx
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cfduid=d6cd1c15640b8b7756e1d8a10798e1e7e1607996567; AWSALB=p8ZBpAVHHEXIl/XIrVcmPTGSrWh0KGqALvcxSA+AyfUmxycqGPX5OQ26cvuJGg+iEdMIEkK3jhrAZ4yhCfoTZRUP1rq0FpFwa3dQ4oNdGjbEPYLdO0Cx8Sky1KUX; AWSALBCORS=p8ZBpAVHHEXIl/XIrVcmPTGSrWh0KGqALvcxSA+AyfUmxycqGPX5OQ26cvuJGg+iEdMIEkK3jhrAZ4yhCfoTZRUP1rq0FpFwa3dQ4oNdGjbEPYLdO0Cx8Sky1KUX; __cfruid=a16e2ce5414397cbd1d5cab9ad50ded28aded012-1607996567
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 15 Dec 2020 01:42:47 GMT
content-type
text/html; charset=utf-8
cf-ray
601c785389c9dff3-FRA
cache-control
private
set-cookie
AWSALB=tMRm/l9QzY5pErfsnk9OPPYVflxKViUR8StCTYOmtN8hpigSCn5KjNWwxhdG0LNhETOkSl0kdz5wA2FZo9cPpafNRHzp5RgOEzOnGqxYCNKlYyYAoF4uzDdBqEos; Expires=Tue, 22 Dec 2020 01:42:47 GMT; Path=/ AWSALBCORS=tMRm/l9QzY5pErfsnk9OPPYVflxKViUR8StCTYOmtN8hpigSCn5KjNWwxhdG0LNhETOkSl0kdz5wA2FZo9cPpafNRHzp5RgOEzOnGqxYCNKlYyYAoF4uzDdBqEos; Expires=Tue, 22 Dec 2020 01:42:47 GMT; Path=/; SameSite=None; Secure
cf-cache-status
BYPASS
cf-apo-via
origin,host
cf-request-id
0705a988370000dff393991000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
vary
Accept-Encoding
server
cloudflare
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date
Tue, 15 Dec 2020 01:42:47 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d6cd1c15640b8b7756e1d8a10798e1e7e1607996567; expires=Thu, 14-Jan-21 01:42:47 GMT; path=/; domain=.sixflags.com; HttpOnly; SameSite=Lax; Secure AWSALB=p8ZBpAVHHEXIl/XIrVcmPTGSrWh0KGqALvcxSA+AyfUmxycqGPX5OQ26cvuJGg+iEdMIEkK3jhrAZ4yhCfoTZRUP1rq0FpFwa3dQ4oNdGjbEPYLdO0Cx8Sky1KUX; Expires=Tue, 22 Dec 2020 01:42:47 GMT; Path=/ AWSALBCORS=p8ZBpAVHHEXIl/XIrVcmPTGSrWh0KGqALvcxSA+AyfUmxycqGPX5OQ26cvuJGg+iEdMIEkK3jhrAZ4yhCfoTZRUP1rq0FpFwa3dQ4oNdGjbEPYLdO0Cx8Sky1KUX; Expires=Tue, 22 Dec 2020 01:42:47 GMT; Path=/; SameSite=None; Secure __cfruid=a16e2ce5414397cbd1d5cab9ad50ded28aded012-1607996567; path=/; domain=.sixflags.com; HttpOnly; Secure; SameSite=None
location
https://feedback.sixflags.com/AdvisoryPanel/unsubscribe.aspx
cf-ray
601c78529902dff3-FRA
cf-cache-status
BYPASS
cf-apo-via
origin,host
cf-request-id
0705a9879f0000dff38d052000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-powered-by
ASP.NET
vary
Accept-Encoding
server
cloudflare
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
advisory.css
feedback.sixflags.com/AdvisoryPanel/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://feedback.sixflags.com/AdvisoryPanel/advisory.css
Requested by
Host: feedback.sixflags.com
URL: https://feedback.sixflags.com/AdvisoryPanel/unsubscribe.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:88f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
5674ae55370b1a5813069f5cbcf34bab76b582691f20b14dc160dc889f8a2599

Request headers

Referer
https://feedback.sixflags.com/AdvisoryPanel/unsubscribe.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 15 Dec 2020 01:42:47 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Thu, 04 Jun 2020 20:07:38 GMT
server
cloudflare
x-powered-by
ASP.NET
etag
W/"0a161cbab3ad61:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
cf-ray
601c78548aaadff3-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0705a988d80000dff3963a4000000001
jquery.js
ajax.googleapis.com/ajax/libs/jquery/1.4.4/ 		179 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.js
Requested by
Host: feedback.sixflags.com
URL: https://feedback.sixflags.com/AdvisoryPanel/unsubscribe.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b31cd094af7950b3a461dc78161fd2faf01faa9d0ed8c1c072790f83ab26d482
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://feedback.sixflags.com/AdvisoryPanel/unsubscribe.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 14 Dec 2020 15:57:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
35088
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
51880
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 14 Dec 2021 15:57:59 GMT
api.js
feedback.sixflags.com/cdn-cgi/bm/cv/669835187/ 		35 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://feedback.sixflags.com/cdn-cgi/bm/cv/669835187/api.js
Requested by
Host: feedback.sixflags.com
URL: https://feedback.sixflags.com/AdvisoryPanel/unsubscribe.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:88f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d3118e306c6a26f1d2efcb698984e6922c5e7e155c94a84760e36e5592a3c11
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://feedback.sixflags.com/AdvisoryPanel/unsubscribe.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 15 Dec 2020 01:42:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=604800, public
cf-ray
601c7854cae4dff3-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0705a988fe0000dff357158000000001
Corp150x110.png
feedback.sixflags.com/resources/images/Logos/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://feedback.sixflags.com/resources/images/Logos/Corp150x110.png
Requested by
Host: feedback.sixflags.com
URL: https://feedback.sixflags.com/AdvisoryPanel/unsubscribe.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:88f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
03db3834e10a97f8fcdf1eaad033ca76dad1454a5388ac314da6a5b22498156f

Request headers

Referer
https://feedback.sixflags.com/AdvisoryPanel/unsubscribe.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 15 Dec 2020 01:42:47 GMT
cf-cache-status
DYNAMIC
last-modified
Wed, 12 Sep 2018 08:17:57 GMT
server
cloudflare
x-powered-by
ASP.NET
etag
"4955fc1c714ad41:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/png
accept-ranges
bytes
cf-ray
601c7854daf8dff3-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
10183
cf-request-id
0705a9890a0000dff3a60f1000000001
SixFlagsSurveyBackground.png
feedback.sixflags.com/resources/images/ 		359 B
881 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://feedback.sixflags.com/resources/images/SixFlagsSurveyBackground.png
Requested by
Host: feedback.sixflags.com
URL: https://feedback.sixflags.com/AdvisoryPanel/advisory.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:88f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
3e59ceaa0fe4b2589a24e7d0950d4b5268718f5740a92bc5ea3986f37d4bd63b

Request headers

Referer
https://feedback.sixflags.com/AdvisoryPanel/advisory.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 15 Dec 2020 01:42:48 GMT
cf-cache-status
DYNAMIC
last-modified
Wed, 12 Sep 2018 08:17:32 GMT
server
cloudflare
x-powered-by
ASP.NET
etag
"7a72bfd714ad41:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/png
accept-ranges
bytes
cf-ray
601c78556b6cdff3-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
359
cf-request-id
0705a989600000dff3669f6000000001
result
feedback.sixflags.com/cdn-cgi/bm/cv/ 		0
409 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://feedback.sixflags.com/cdn-cgi/bm/cv/result?req_id=601c785389c9dff3
Requested by
Host: feedback.sixflags.com
URL: https://feedback.sixflags.com/cdn-cgi/bm/cv/669835187/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:88f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://feedback.sixflags.com/AdvisoryPanel/unsubscribe.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 15 Dec 2020 01:42:48 GMT
vary
Accept-Encoding
server
cloudflare
cf-ray
601c7855fbd9dff3-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-request-id
0705a989bd0000dff3871da000000001

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| theForm function| __doPostBack object| a0_0x433e function| a0_0x3d7e object| __CF$cv$params

5 Cookies

Domain/Path Name / Value
feedback.sixflags.com/ Name: AWSALB
Value: XzJKnCqpRYK+Rlc7I6zavJapq3cFz/tI7JPE6OC4ytdqg67jDflwiwsXIscTy4G+jGTbLzcij7CBVblndD+2voTrHC8yWAvtc9ZKLQMkKxgCogBcr16CtLrb2nph
feedback.sixflags.com/ Name: AWSALBCORS
Value: XzJKnCqpRYK+Rlc7I6zavJapq3cFz/tI7JPE6OC4ytdqg67jDflwiwsXIscTy4G+jGTbLzcij7CBVblndD+2voTrHC8yWAvtc9ZKLQMkKxgCogBcr16CtLrb2nph
.sixflags.com/ Name: __cf_bm
Value: 8261072f14ded5a160fb9aed7300b82f9ccfb5ba-1607996567-1800-ATxnEo/2DeT7GyYuQD0A1LkqDUBMt+Yflc3HzmvYLYXUm6tIwQ2BBDHfuLtzYZQHP2+oC/amfVK/MiWHunDAoN59cfB3BVt6a1VRDXcT3OoPtuazlt0eot7roE1HjMVwIlWK6LtK6ehH/34c3J4ihP4=
.sixflags.com/ Name: __cfruid
Value: a16e2ce5414397cbd1d5cab9ad50ded28aded012-1607996567
.sixflags.com/ Name: __cfduid
Value: d6cd1c15640b8b7756e1d8a10798e1e7e1607996567