windistrimo-sa.preview-domain.com Open in urlscan Pro
2606:4700::6812:1878 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://uo.ms/GykP?/kzxhkhzxc
Effective URL:
https://windistrimo-sa.preview-domain.com/q1L26OB67ALB8wKzz3MYs96217e3d81ad/WindstreamLab
Submission: On August 02 via manual (August 2nd 2022, 5:33:22 pm UTC) from US — Scanned from DE

Summary HTTP 16 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 16 HTTP transactions. The main IP is 2606:4700::6812:1878, located in United States and belongs to CLOUDFLARENET, US. The main domain is windistrimo-sa.preview-domain.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 3rd 2022. Valid for: a year.

This is the only time windistrimo-sa.preview-domain.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	137.184.181.140 137.184.181.140	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
8	2606:4700::68... 2606:4700::6812:1878	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	3

7 137.184.181.140 (Santa Clara, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

uo.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.uo.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

windzzz.page.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700::6812:1878 (United States)

ASN13335 (CLOUDFLARENET, US)

windistrimo-sa.preview-domain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	preview-domain.com windistrimo-sa.preview-domain.com	100 KB
7	uo.ms uo.ms api.uo.ms	2 MB
1	page.link 1 redirects windzzz.page.link	1 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 73	925 B
16	4

	Domain	Requested by
8	windistrimo-sa.preview-domain.com	uo.ms windistrimo-sa.preview-domain.com
5	uo.ms	uo.ms
2	api.uo.ms	uo.ms
1	windzzz.page.link	1 redirects
1	fonts.googleapis.com	uo.ms
16	5

This site contains links to these domains. Also see Links.

Domain
www.cloudflare.com

Subject Issuer	Validity	Valid
uo.ms R3	`2022-06-24` - `2022-09-22`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-07-11` - `2022-10-03`	3 months	crt.sh
api.uo.ms R3	`2022-06-24` - `2022-09-22`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-03` - `2023-06-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://windistrimo-sa.preview-domain.com/q1L26OB67ALB8wKzz3MYs96217e3d81ad/WindstreamLab
Frame ID: 3D2AB94BDA418C6CAC285C26037F32CD
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Just a moment...

Page URL History Show full URLs

https://uo.ms/GykP?/kzxhkhzxc Page URL
https://windzzz.page.link/naxz?/ksahdkjhsda HTTP 302
https://windistrimo-sa.preview-domain.com/q1L26OB67ALB8wKzz3MYs96217e3d81ad/WindstreamLab Page URL

Page Statistics

16
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

5
Subdomains

3
IPs

2
Countries

1680 kB
Transfer

1772 kB
Size

3
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cloudflare.com/5xx-error-landing/
Title: Cloudflare

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://uo.ms/GykP?/kzxhkhzxc Page URL
https://windzzz.page.link/naxz?/ksahdkjhsda HTTP 302
https://windistrimo-sa.preview-domain.com/q1L26OB67ALB8wKzz3MYs96217e3d81ad/WindstreamLab Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK GykP Show response
uo.ms/ 2 KB
1 KB 621ms
187ms Document
text/html 137.184.181.140
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://uo.ms/GykP?/kzxhkhzxc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 137.184.181.140 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 265e97e821c8d7701ca8dad77fc9f0d4667da627cae87586f9c7c9d6d8a0e7fd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Tue, 02 Aug 2022 17:33:16 GMT
ETag: W/"6227c751-84d"
Last-Modified: Tue, 08 Mar 2022 21:14:57 GMT
Server: nginx/1.18.0 (Ubuntu)
Transfer-Encoding: chunked

GET
H/1.1 200
OK 2.456ad17d.chunk.css
uo.ms/static/css/ 234 KB
235 KB 371ms
370ms Stylesheet
text/css 137.184.181.140
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://uo.ms/static/css/2.456ad17d.chunk.css
Requested by: Host: uo.ms
URL: https://uo.ms/GykP?/kzxhkhzxc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 137.184.181.140 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 597343ad23e2f9363c2926e0d19189e1681ffc7068f33cee872d148cf43ccc1e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uo.ms/GykP?/kzxhkhzxc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 02 Aug 2022 17:33:16 GMT
Last-Modified: Tue, 08 Mar 2022 21:15:04 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6227c758-3a96d"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 239981

GET
H/1.1 200
OK main.c954869c.chunk.css
uo.ms/static/css/ 42 KB
42 KB 708ms
354ms Stylesheet
text/css 137.184.181.140
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://uo.ms/static/css/main.c954869c.chunk.css
Requested by: Host: uo.ms
URL: https://uo.ms/GykP?/kzxhkhzxc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 137.184.181.140 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 0cc7f5b00ab3e93ee1ad73dde8612610269659c84e7769101b9980111d88f0f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uo.ms/GykP?/kzxhkhzxc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 02 Aug 2022 17:33:17 GMT
Last-Modified: Tue, 08 Mar 2022 21:15:04 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6227c758-a6ac"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 42668

GET
H/1.1 200
OK 2.9574a46e.chunk.js Show response
uo.ms/static/js/ 1 MB
1 MB 741ms
369ms Script
application/javascript 137.184.181.140
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://uo.ms/static/js/2.9574a46e.chunk.js
Requested by: Host: uo.ms
URL: https://uo.ms/GykP?/kzxhkhzxc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 137.184.181.140 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 003241b079e4cdefc536af1d0afedb05a1d906469eeb2037c47d738d16fa60da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uo.ms/GykP?/kzxhkhzxc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 02 Aug 2022 17:33:17 GMT
Last-Modified: Tue, 08 Mar 2022 21:15:10 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6227c75e-10530d"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1069837

GET
H/1.1 200
OK main.fd9521f3.chunk.js Show response
uo.ms/static/js/ 254 KB
254 KB 751ms
377ms Script
application/javascript 137.184.181.140
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://uo.ms/static/js/main.fd9521f3.chunk.js
Requested by: Host: uo.ms
URL: https://uo.ms/GykP?/kzxhkhzxc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 137.184.181.140 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 9f36ab42eddf4fb5beda377cbcc37e85a62b1a667d005e71156da48ae96fd91d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uo.ms/GykP?/kzxhkhzxc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 02 Aug 2022 17:33:17 GMT
Last-Modified: Tue, 08 Mar 2022 21:15:10 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6227c75e-3f77f"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 259967

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
925 B 81ms
30ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Sen:wght@400;700;800&display=swap

Requested by

Host: uo.ms
URL: https://uo.ms/static/css/main.c954869c.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

18dbe0add9e35198130df60e854d40fde3e66198f2871e70fa076755161b6a53

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://uo.ms/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 02 Aug 2022 17:27:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 02 Aug 2022 17:33:17 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 02 Aug 2022 17:33:17 GMT

GET
H/1.1 200 GykP
api.uo.ms/api/items/ 1 KB
2 KB 290ms
290ms XHR
application/json 137.184.181.140
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://api.uo.ms/api/items/GykP

Requested by

Host: uo.ms
URL: https://uo.ms/static/js/2.9574a46e.chunk.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

137.184.181.140 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://uo.ms/
Authorization: undefined
Referrer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 02 Aug 2022 17:33:19 GMT
X-Content-Type-Options: nosniff
Server: nginx/1.18.0 (Ubuntu)
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
X-XSS-Protection: 1; mode=block
Expires: 0

OPTIONS
H/1.1 200 GykP
api.uo.ms/api/items/ 0
0 823ms
177ms Preflight 137.184.181.140
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://api.uo.ms/api/items/GykP

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

137.184.181.140 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,referrer
Access-Control-Request-Method: GET
Origin: https://uo.ms
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Access-Control-Allow-Headers: authorization, referrer
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3600
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: keep-alive
Content-Length: 0
Date: Tue, 02 Aug 2022 17:33:19 GMT
Expires: 0
Pragma: no-cache
Server: nginx/1.18.0 (Ubuntu)
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block

GET
H2

503

Primary Request WindstreamLab Show response
windistrimo-sa.preview-domain.com/q1L26OB67ALB8wKzz3MYs96217e3d81ad/
Redirect Chain

https://windzzz.page.link/naxz?/ksahdkjhsda
https://windistrimo-sa.preview-domain.com/q1L26OB67ALB8wKzz3MYs96217e3d81ad/WindstreamLab

10 KB
11 KB

85ms
28ms

Document
text/html

2606:4700::6812:1878
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://windistrimo-sa.preview-domain.com/q1L26OB67ALB8wKzz3MYs96217e3d81ad/WindstreamLab

Requested by

Host: uo.ms
URL: https://uo.ms/static/js/main.fd9521f3.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1878 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0388ad9ebd59b87e59563618b9e1bdfd82171d1865d7a168e4a3c5d42986923

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://uo.ms/GykP?/kzxhkhzxc
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 73488ed72a259bb6-FRA
content-type: text/html; charset=UTF-8
date: Tue, 02 Aug 2022 17:33:19 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Thu, 01 Jan 1970 00:00:01 GMT
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

Redirect headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
content-security-policy: require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport script-src 'report-sample' 'nonce-MTu615bY4gnALsBIWFSdnA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self' script-src 'nonce-MTu615bY4gnALsBIWFSdnA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport
content-type: application/binary
cross-origin-opener-policy: unsafe-none; report-to="DurableDeepLinkUi"
cross-origin-resource-policy: same-site
date: Tue, 02 Aug 2022 17:33:19 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
location: https://windistrimo-sa.preview-domain.com/q1L26OB67ALB8wKzz3MYs96217e3d81ad/WindstreamLab
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"DurableDeepLinkUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DurableDeepLinkUi/external"}]}
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H2 200 v1 Show response
windistrimo-sa.preview-domain.com/cdn-cgi/challenge-platform/h/b/orchestrate/jsch/ 56 KB
20 KB 33ms
32ms Script
application/javascript 2606:4700::6812:1878
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://windistrimo-sa.preview-domain.com/cdn-cgi/challenge-platform/h/b/orchestrate/jsch/v1?ray=73488ed72a259bb6
Requested by: Host: windistrimo-sa.preview-domain.com
URL: https://windistrimo-sa.preview-domain.com/q1L26OB67ALB8wKzz3MYs96217e3d81ad/WindstreamLab
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1878 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0a8039bb06a29d0a3c7991d2a5150189cada57f14f12190e22b8db7cfee2a322

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://windistrimo-sa.preview-domain.com/q1L26OB67ALB8wKzz3MYs96217e3d81ad/WindstreamLab?__cf_chl_rt_tk=zWwQtBPnsxS3_GqEphyd3FqUky8hp9Ve7mG7.EjmhsQ-1659461599-0-gaNycGzNCH0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 02 Aug 2022 17:33:19 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
cf-ray: 73488ed76aa29bb6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 transparent.gif
windistrimo-sa.preview-domain.com/cdn-cgi/images/trace/jschal/js/ 42 B
220 B 23ms
22ms Image
image/gif 2606:4700::6812:1878
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://windistrimo-sa.preview-domain.com/cdn-cgi/images/trace/jschal/js/transparent.gif?ray=73488ed72a259bb6

Requested by

Host: windistrimo-sa.preview-domain.com
URL: https://windistrimo-sa.preview-domain.com/q1L26OB67ALB8wKzz3MYs96217e3d81ad/WindstreamLab?__cf_chl_rt_tk=zWwQtBPnsxS3_GqEphyd3FqUky8hp9Ve7mG7.EjmhsQ-1659461599-0-gaNycGzNCH0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1878 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://windistrimo-sa.preview-domain.com/q1L26OB67ALB8wKzz3MYs96217e3d81ad/WindstreamLab?__cf_chl_rt_tk=zWwQtBPnsxS3_GqEphyd3FqUky8hp9Ve7mG7.EjmhsQ-1659461599-0-gaNycGzNCH0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 02 Aug 2022 17:33:19 GMT
x-content-type-options: nosniff
last-modified: Fri, 29 Jul 2022 16:49:25 GMT
server: cloudflare
etag: "62e40f95-2a"
x-frame-options: DENY
content-type: image/gif
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 73488ed77aa49bb6-FRA
vary: Accept-Encoding
content-length: 42
expires: Tue, 02 Aug 2022 19:33:19 GMT

GET
H2 200 transparent.gif
windistrimo-sa.preview-domain.com/cdn-cgi/images/trace/jschal/nojs/ 42 B
101 B 27ms
26ms Image
image/gif 2606:4700::6812:1878
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://windistrimo-sa.preview-domain.com/cdn-cgi/images/trace/jschal/nojs/transparent.gif?ray=73488ed72a259bb6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1878 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://windistrimo-sa.preview-domain.com/q1L26OB67ALB8wKzz3MYs96217e3d81ad/WindstreamLab?__cf_chl_rt_tk=zWwQtBPnsxS3_GqEphyd3FqUky8hp9Ve7mG7.EjmhsQ-1659461599-0-gaNycGzNCH0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 02 Aug 2022 17:33:19 GMT
x-content-type-options: nosniff
last-modified: Fri, 29 Jul 2022 16:49:25 GMT
server: cloudflare
etag: "62e40f95-2a"
x-frame-options: DENY
content-type: image/gif
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 73488ed77aa69bb6-FRA
vary: Accept-Encoding
content-length: 42
expires: Tue, 02 Aug 2022 19:33:19 GMT

POST
H3 200 302a55892a541fa Show response
windistrimo-sa.preview-domain.com/cdn-cgi/challenge-platform/h/b/flow/ov1/0.7239319066385881:1659460087:08aGuYWQogYora0nlgoIEW-oOGlygGfcRdI7PHLGQ24/73488ed72a259bb6/ 125 KB
67 KB 82ms
82ms XHR
text/plain 2606:4700::6812:1878
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://windistrimo-sa.preview-domain.com/cdn-cgi/challenge-platform/h/b/flow/ov1/0.7239319066385881:1659460087:08aGuYWQogYora0nlgoIEW-oOGlygGfcRdI7PHLGQ24/73488ed72a259bb6/302a55892a541fa
Requested by: Host: windistrimo-sa.preview-domain.com
URL: https://windistrimo-sa.preview-domain.com/cdn-cgi/challenge-platform/h/b/orchestrate/jsch/v1?ray=73488ed72a259bb6
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:1878 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f2b1b7200e606df6b359bcaeecedfb21b59b92126afda649f7df7b7aaf647db4

Request headers

Referer: https://windistrimo-sa.preview-domain.com/q1L26OB67ALB8wKzz3MYs96217e3d81ad/WindstreamLab
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
CF-Challenge: 302a55892a541fa
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 02 Aug 2022 17:33:20 GMT
content-encoding: gzip
cf_chl_gen: A7cK4T7hJE1WRXqw8/NngxdR4zx0lssjdxEIbpSKyBfNVtHMbkXIyo8lJROJmavh/s/0kEvQsmZYiF3KZWgpeUBqInAgLVQj1Wah1ZXqZL4Zg/Nnfzpt/BuR/xDPbKPM/Hlh4Nup7nIX5KNsi9xOx0dOlGs3mvV7dpFJB7msF6EyulDgsjbR4UILFRr/F9h24WCZHHJ3t5qJ5gw8xQFMWGcXFwbBQbGWRHr11QO4fyCdM3otEfTQez+if5WGBJ6ZYR7tgzAzUKYl9LHt1oyayza63XgZGpf5/RrSZxqZaRnJhAeyIQjf7FmevBTje3DbvOWom8nqisOByPwXclq5cZXL3Rc4OOJUJxfmeF0n9N7ny5ZwtOalT9clN5hHy43LeCk1iTzvYGET+aTLFqVclVv+LArXcQG/EPmidcIip8tsUyt+fscU5Mjt9JcTaAtA$rFTp8HTuHPkvGKhGheGSyQ==
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: text/plain; charset=UTF-8
cf-ray: 73488ed8594a694c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 401 tJIvux1G4vOgCnO Show response
windistrimo-sa.preview-domain.com/cdn-cgi/challenge-platform/h/b/pat/73488ed72a259bb6/1659461600073/fa44d82c807ab0e91d079b4f44429e6826d1e9726abdcd9916a062a0817d1dcf/ 1 B
720 B 34ms
34ms Fetch
text/plain 2606:4700::6812:1878
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://windistrimo-sa.preview-domain.com/cdn-cgi/challenge-platform/h/b/pat/73488ed72a259bb6/1659461600073/fa44d82c807ab0e91d079b4f44429e6826d1e9726abdcd9916a062a0817d1dcf/tJIvux1G4vOgCnO
Requested by: Host: uo.ms
URL: https://uo.ms/GykP?/kzxhkhzxc
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:1878 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://windistrimo-sa.preview-domain.com/q1L26OB67ALB8wKzz3MYs96217e3d81ad/WindstreamLab
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 02 Aug 2022 17:33:20 GMT
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20g-kTYLIB6sOkdB5tPREKeaCbR6XJqvc2ZFqBioIF9Hc8AIXdpbmRpc3RyaW1vLXNhLnByZXZpZXctZG9tYWluLmNvbQ==, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA5LwsExIrfNXkeC9phDzRB1V7hMQrdw__2IShOiyncd-BCDC2Xis9S9msSNyeQaejWtWrgi_7q4kxuADxqLRZO7zZ0ikiiKgBWe9NJurDQ6LGtnKV5wQ3GrDeRo3oai04gvyYwGCeWoh2jaskE7rl4_lkGNUVMP_-B8ZeDh9JG6_hzdBdTD2cfYaD5uOrW4solqjpr1jMapKj7HUcOU-GmyokpRWvxgM34jq4vI5OJzapptxmh2eQxuUghQ-695cDa42D3l-SDD3-WVklLjNFlA2mO2j-dK-skuseU4tfoj-lj3tg-aTb9KdqO9vuqq6S26aTNusRq6C0VKWKy6Bw8wIDAQAB, max-age=15
server: cloudflare
cf-ray: 73488eda5c05694c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: text/plain; charset=UTF-8

GET
H3 200 rp80_O8GeiZ4NGx
windistrimo-sa.preview-domain.com/cdn-cgi/challenge-platform/h/b/img/73488ed72a259bb6/1659461600078/ 61 B
232 B 36ms
36ms Image
image/png 2606:4700::6812:1878
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://windistrimo-sa.preview-domain.com/cdn-cgi/challenge-platform/h/b/img/73488ed72a259bb6/1659461600078/rp80_O8GeiZ4NGx
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:1878 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de4617972592094e9ac7c4d914d33408d3eac804d27a945c93a74b6a08e8c6a9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://windistrimo-sa.preview-domain.com/q1L26OB67ALB8wKzz3MYs96217e3d81ad/WindstreamLab
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 02 Aug 2022 17:33:21 GMT
server: cloudflare
cf-ray: 73488edfbc45694c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/png

POST
H3 200 302a55892a541fa Show response
windistrimo-sa.preview-domain.com/cdn-cgi/challenge-platform/h/b/flow/ov1/0.7239319066385881:1659460087:08aGuYWQogYora0nlgoIEW-oOGlygGfcRdI7PHLGQ24/73488ed72a259bb6/ 1 KB
2 KB 60ms
58ms XHR
text/html 2606:4700::6812:1878
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://windistrimo-sa.preview-domain.com/cdn-cgi/challenge-platform/h/b/flow/ov1/0.7239319066385881:1659460087:08aGuYWQogYora0nlgoIEW-oOGlygGfcRdI7PHLGQ24/73488ed72a259bb6/302a55892a541fa
Requested by: Host: windistrimo-sa.preview-domain.com
URL: https://windistrimo-sa.preview-domain.com/cdn-cgi/challenge-platform/h/b/orchestrate/jsch/v1?ray=73488ed72a259bb6
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:1878 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 63c1023b9bfb17c647c9f91c3336106e602676f2e147e814f641e42659d59341

Request headers

Referer: https://windistrimo-sa.preview-domain.com/q1L26OB67ALB8wKzz3MYs96217e3d81ad/WindstreamLab
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
CF-Challenge: 302a55892a541fa
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 02 Aug 2022 17:33:21 GMT
content-encoding: gzip
server: cloudflare
cf_chl_out: +gMdvqHvbiyN5cMXTbKJZnkj/YO5eAU0yQnnqFb78bCh4QEPIybDqUnOPvCcHqnd+Zps+vmIh4EHIouZPzmfpA==$0kQNUHC1phdN+OZq5YrP9A==
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: text/html; charset=UTF-8
cf_chl_out_s: JJkQseeFTPMl6J+fBzFGQ0BBIND+ekTEGyvh8DJ24s4RcwZRgUVVBv1ypqy/05qzUy+APlSLFuPtQsMIxv3w2QYwj3lZqo9cGlHnZIW2R83FeqIrzflrlPM5YSQNuy5fzQt4iFBt49+pZHw85A59TAfFVsryuA0pZuZZOUXIntlrGdEdJKYb0kf2Dp/kyENcW+q25UNgbpo03XAjsl05SOVk138Si5e1MiOC9DrnMH5G1OGRJ2hml+tAJGBf9eBpzdf1TJXCihkXquc4S/RGudamVUgYclzSHwh3SVip+Sovdee8kjowicwbwyPCO4paKxb1lXBmBuDfUXGNEfv0rPheVM4Rz9vmb2bmYQzkuXI=$Cvhhm1IO59AoIYW4gaPLrQ==
cf-ray: 73488ee05d22694c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
windistrimo-sa.preview-domain.com/	1970-01-20 04:57:45	Name: cf_chl_2 Value: 302a55892a541fa
windistrimo-sa.preview-domain.com/	1970-01-20 04:57:45	Name: cf_chl_prog Value: F16
windistrimo-sa.preview-domain.com/	1970-01-20 04:57:45	Name: cf_chl_rc_ni Value: 1

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: https://windistrimo-sa.preview-domain.com/q1L26OB67ALB8wKzz3MYs96217e3d81ad/WindstreamLab Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://windistrimo-sa.preview-domain.com/cdn-cgi/challenge-platform/h/b/pat/73488ed72a259bb6/1659461600073/fa44d82c807ab0e91d079b4f44429e6826d1e9726abdcd9916a062a0817d1dcf/tJIvux1G4vOgCnO Message: Failed to load resource: the server responded with a status of 401 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.uo.ms
fonts.googleapis.com
uo.ms
windistrimo-sa.preview-domain.com
windzzz.page.link
137.184.181.140
2606:4700::6812:1878
2a00:1450:4001:813::200a
2a00:1450:4001:82f::200e
003241b079e4cdefc536af1d0afedb05a1d906469eeb2037c47d738d16fa60da
0a8039bb06a29d0a3c7991d2a5150189cada57f14f12190e22b8db7cfee2a322
0cc7f5b00ab3e93ee1ad73dde8612610269659c84e7769101b9980111d88f0f2
18dbe0add9e35198130df60e854d40fde3e66198f2871e70fa076755161b6a53
265e97e821c8d7701ca8dad77fc9f0d4667da627cae87586f9c7c9d6d8a0e7fd
597343ad23e2f9363c2926e0d19189e1681ffc7068f33cee872d148cf43ccc1e
63c1023b9bfb17c647c9f91c3336106e602676f2e147e814f641e42659d59341
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
9f36ab42eddf4fb5beda377cbcc37e85a62b1a667d005e71156da48ae96fd91d
de4617972592094e9ac7c4d914d33408d3eac804d27a945c93a74b6a08e8c6a9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0388ad9ebd59b87e59563618b9e1bdfd82171d1865d7a168e4a3c5d42986923
f2b1b7200e606df6b359bcaeecedfb21b59b92126afda649f7df7b7aaf647db4

windistrimo-sa.preview-domain.com Open in urlscan Pro 2606:4700::6812:1878 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

16 Requests

100 %HTTPS

75 %IPv6

4 Domains

5 Subdomains

3 IPs

2 Countries

1680 kBTransfer

1772 kBSize

3 Cookies

1 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

3 Cookies

3 Console Messages

Indicators

windistrimo-sa.preview-domain.com Open in urlscan Pro
2606:4700::6812:1878 Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

5
Subdomains

3
IPs

2
Countries

1680 kB
Transfer

1772 kB
Size

3
Cookies

16 HTTP transactions
0 data transactions