skifgroup.com - urlscan.io

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 5 HTTP transactions. The main IP is 95.216.42.246, located in Helsinki, Finland and belongs to HETZNER-AS, DE. The main domain is skifgroup.com.
TLS certificate: Issued by R10 on July 5th 2024. Valid for: 3 months.

This is the only time skifgroup.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	95.216.42.246 95.216.42.246	24940 (HETZNER-AS) (HETZNER-AS)
1 2	104.18.95.41 104.18.95.41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.94.41 104.18.94.41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	172.217.16.193 172.217.16.193	15169 (GOOGLE) (GOOGLE)
1	142.250.186.164 142.250.186.164	15169 (GOOGLE) (GOOGLE)
5	4

2 95.216.42.246 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: lin80.itlinks.com

skifgroup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.95.41 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

challenges.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.94.41 (None, )

ASN13335 (CLOUDFLARENET, US)

challenges.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.193 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s65-in-f1.1e100.net

s2.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.164 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f4.1e100.net

t2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	cloudflare.com 1 redirects challenges.cloudflare.com — Cisco Umbrella Rank: 3877	15 KB
2	skifgroup.com skifgroup.com	3 KB
1	gstatic.com t2.gstatic.com	758 B
1	googleusercontent.com 1 redirects s2.googleusercontent.com — Cisco Umbrella Rank: 40687	626 B
5	4

	Domain	Requested by
3	challenges.cloudflare.com	1 redirects skifgroup.com challenges.cloudflare.com
2	skifgroup.com	skifgroup.com
1	t2.gstatic.com
1	s2.googleusercontent.com	1 redirects
5	4

This site contains no links.

Subject Issuer	Validity	Valid
*.skifgroup.com R10	`2024-07-05` - `2024-10-03`	3 months	crt.sh
challenges.cloudflare.com E5	`2024-07-17` - `2024-10-15`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://skifgroup.com/addons/?classic=y2CzVK50jZIcyq9gJYQ0y0FwyewwJZIcV29z
Frame ID: C9C2A7A2F6A9B5CC8764EE505581CFCF
Requests: 4 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zje17/0x4AAAAAAAgwGAR2hfHjt0iH/auto/fbE/normal/auto/
Frame ID: 11780056583130C45264C08468038285
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Arxada VPN

Page Statistics

5
Requests

60 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

18 kB
Transfer

46 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://challenges.cloudflare.com/turnstile/v0/api.js HTTP 302
https://challenges.cloudflare.com/turnstile/v0/b/cc21665cd7b9/api.js

Request Chain 3

https://s2.googleusercontent.com/s2/favicons?domain=arxada.com HTTP 301
https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://arxada.com&size=16

5 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
skifgroup.com/addons/ 1 KB
1 KB 297ms
59ms Document
text/html 95.216.42.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://skifgroup.com/addons/?classic=y2CzVK50jZIcyq9gJYQ0y0FwyewwJZIcV29z
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 95.216.42.246 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: lin80.itlinks.com
Software: Apache /
Resource Hash: 806c3235cc538b0d7a97d09668ac560d7e7c7b47ffdf1e6e29eab9384c7ab6f8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 14 Aug 2024 09:14:49 GMT
Keep-Alive: timeout=5, max=100
Server: Apache
Transfer-Encoding: chunked

GET
H2

200

api.js Show response
challenges.cloudflare.com/turnstile/v0/b/cc21665cd7b9/
Redirect Chain

https://challenges.cloudflare.com/turnstile/v0/api.js
https://challenges.cloudflare.com/turnstile/v0/b/cc21665cd7b9/api.js

44 KB
15 KB

94ms
93ms

Script
application/javascript

104.18.95.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/b/cc21665cd7b9/api.js
Requested by: Host: skifgroup.com
URL: https://skifgroup.com/addons/?classic=y2CzVK50jZIcyq9gJYQ0y0FwyewwJZIcV29z
Protocol: H2
Server: 104.18.95.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 09969ff98103700563d510b68eb73e8fc668f2d4005b58cd5f06dcb21817e140

Request headers

Referer: https://skifgroup.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 09:14:50 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 15:21:28 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
cross-origin-resource-policy: cross-origin
cf-ray: 8b2fd63fe907d98d-HEL
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Wed, 14 Aug 2024 09:14:50 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-origin: *
location: /turnstile/v0/b/cc21665cd7b9/api.js
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
cf-ray: 8b2fd63effa2d98d-HEL
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H/1.1 200
OK style.css
skifgroup.com/addons/ 1 KB
1 KB 116ms
115ms Stylesheet
text/css 95.216.42.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://skifgroup.com/addons/style.css
Requested by: Host: skifgroup.com
URL: https://skifgroup.com/addons/?classic=y2CzVK50jZIcyq9gJYQ0y0FwyewwJZIcV29z
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 95.216.42.246 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: lin80.itlinks.com
Software: Apache /
Resource Hash: c43fc6fa3c17c86dee38871c90cb2e4cf4a37f56084524b9383156f5e7aab932

Request headers

Referer: https://skifgroup.com/addons/?classic=y2CzVK50jZIcyq9gJYQ0y0FwyewwJZIcV29z
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Wed, 14 Aug 2024 09:14:49 GMT
Last-Modified: Tue, 13 Aug 2024 11:50:29 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1048

GET
H2 200 /
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zje17/0x4AAAAAAAgwGAR2hfHjt0iH/auto/fbE/normal/auto/ Frame 1178 0
0 732ms
68ms Document
text/html 104.18.94.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zje17/0x4AAAAAAAgwGAR2hfHjt0iH/auto/fbE/normal/auto/

Requested by

Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/api.js

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

104.18.94.41 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-src https://challenges.cloudflare.com/; base-uri 'self'

Request headers

Referer: https://skifgroup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 8b2fd6448e6ed90e-HEL
content-encoding: br
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
content-type: text/html; charset=UTF-8
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Wed, 14 Aug 2024 09:14:50 GMT
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare

GET
H2

200

faviconV2
t2.gstatic.com/
Redirect Chain

https://s2.googleusercontent.com/s2/favicons?domain=arxada.com
https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://arxada.com&size=16

187 B
758 B

613ms
98ms

Other
image/png

142.250.186.164
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://arxada.com&size=16

Protocol

H2

Server

142.250.186.164 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f4.1e100.net

Software

sffe /

Resource Hash

e5b6f20863f13971c31839278d22244c5dcf4c904e45bb14840e86f4b13e47fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://skifgroup.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 09:14:52 GMT
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 187
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 18:32:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-location: https://arxada.com/etc.clientlibs/arxada/clientlibs/clientlib-react/resources/favicon.ico
expires: Wed, 21 Aug 2024 09:14:52 GMT

Redirect headers

date: Wed, 14 Aug 2024 09:14:51 GMT
x-content-type-options: nosniff
server: sffe
content-type: text/html; charset=UTF-8
location: https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://arxada.com&size=16
cache-control: public, max-age=1800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 330
x-xss-protection: 0
expires: Wed, 14 Aug 2024 09:44:51 GMT

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| TurnstileSuccess object| turnstile

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			skifgroup.com/addons	1969-12-31 23:59:59	Name: omni Value: y2CzVK50jZIcyq9gJYQ0y0FwyewwJZIcV29z

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

challenges.cloudflare.com
s2.googleusercontent.com
skifgroup.com
t2.gstatic.com
104.18.94.41
104.18.95.41
142.250.186.164
172.217.16.193
95.216.42.246
09969ff98103700563d510b68eb73e8fc668f2d4005b58cd5f06dcb21817e140
806c3235cc538b0d7a97d09668ac560d7e7c7b47ffdf1e6e29eab9384c7ab6f8
c43fc6fa3c17c86dee38871c90cb2e4cf4a37f56084524b9383156f5e7aab932
e5b6f20863f13971c31839278d22244c5dcf4c904e45bb14840e86f4b13e47fe

skifgroup.com Open in urlscan Pro 95.216.42.246 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

5 Requests

60 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

18 kBTransfer

46 kBSize

1 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

1 Cookies

Indicators

skifgroup.com Open in urlscan Pro
95.216.42.246 Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

60 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

18 kB
Transfer

46 kB
Size

1
Cookies

5 HTTP transactions
0 data transactions