pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev Open in urlscan Pro
2606:4700::6812:223  Malicious Activity! Public Scan

URL: https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/index.html
Submission: On August 15 via api from JP — Scanned from JP

Summary

This website contacted 8 IPs in 2 countries across 6 domains to perform 19 HTTP transactions. The main IP is 2606:4700::6812:223, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev.
TLS certificate: Issued by E1 on August 13th 2023. Valid for: 3 months.
This is the only time pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2001:4de0:ac1... 20446 (STACKPATH...)
1 3 2606:4700::68... 13335 (CLOUDFLAR...)
10 2606:4700:303... 13335 (CLOUDFLAR...)
2 2606:2800:247... 15133 (EDGECAST)
1 2620:1ec:bdf::46 8075 (MICROSOFT...)
1 2620:1ec:46::46 8075 (MICROSOFT...)
19 8
Apex Domain
Subdomains
Transfer
10 codecrafters.su
codecrafters.su
18 KB
3 cloudflare.com
challenges.cloudflare.com — Cisco Umbrella Rank: 6372
10 KB
2 msauth.net
logincdn.msauth.net — Cisco Umbrella Rank: 3754
aadcdn.msauth.net — Cisco Umbrella Rank: 1038
2 KB
2 msftauth.net
aadcdn.msftauth.net — Cisco Umbrella Rank: 1064
4 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 752
30 KB
1 r2.dev
pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev
3 KB
19 6
Domain Requested by
10 codecrafters.su pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev
codecrafters.su
code.jquery.com
3 challenges.cloudflare.com 1 redirects pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev
challenges.cloudflare.com
2 aadcdn.msftauth.net pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev
1 aadcdn.msauth.net codecrafters.su
1 logincdn.msauth.net pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev
1 code.jquery.com pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev
1 pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev
19 7

This site contains no links.

Subject Issuer Validity Valid
*.r2.dev
E1
2023-08-13 -
2023-11-11
3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA
2023-07-11 -
2024-07-14
a year crt.sh
codecrafters.su
GTS CA 1P5
2023-08-06 -
2023-11-04
3 months crt.sh
aadcdn.msftauth.net
DigiCert SHA2 Secure Server CA
2023-01-31 -
2024-01-31
a year crt.sh
identitycdn.msauth.net
Microsoft Azure TLS Issuing CA 02
2023-06-24 -
2024-06-18
a year crt.sh
aadcdn.msauth.net
DigiCert SHA2 Secure Server CA
2023-07-29 -
2024-07-29
a year crt.sh
challenges.cloudflare.com
Cloudflare Inc ECC CA-3
2022-09-18 -
2023-09-17
a year crt.sh

This page contains 3 frames:

Primary Page: https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/index.html
Frame ID: B0DBFB4595F054790A7F0FFE9C218FDF
Requests: 17 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/b7421/0x4AAAAAAAIusqjsglEnG8LP/auto/normal
Frame ID: A5A34F22885BBC55E16E01080B2F4A0E
Requests: 1 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/m13ya/0x4AAAAAAAIusqjsglEnG8LP/auto/normal
Frame ID: F9416D3F769DA11B4BD4E2D092C173F1
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Sign in to your Microsoft account

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

89 %
HTTPS

100 %
IPv6

6
Domains

7
Subdomains

8
IPs

2
Countries

67 kB
Transfer

206 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit HTTP 302
  • https://challenges.cloudflare.com/turnstile/v0/b/7186c00a/api.js?render=explicit

19 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request index.html
pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/
19 KB
3 KB
Document
General
Full URL
https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/index.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6892f8cf13128f5218eb48941da58281df3e50b3f0122bf3186bbe5088884e70

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

CF-RAY
7f6d2cad4f55afc3-NRT
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Tue, 15 Aug 2023 00:03:27 GMT
ETag
W/"cc44e12eaa97358a26ed32910e794e97"
Last-Modified
Mon, 14 Aug 2023 11:04:41 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
jquery-3.6.0.min.js
code.jquery.com/
87 KB
30 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.6.0.min.js
Requested by
Host: pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev
URL: https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:1b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Tue, 15 Aug 2023 00:03:27 GMT
content-encoding
gzip
last-modified
Fri, 20 Aug 2021 17:47:53 GMT
server
nginx
etag
W/"611feac9-15d9d"
surrogate-control
max-age=315360000;hw-h2proxy
vary
Accept-Encoding
x-hw
1692057807.cdn4-pxy206-sjc02.sj3.evs,1692057807.cds046.sj3.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000,public
accept-ranges
bytes
content-length
30875
api.js
challenges.cloudflare.com/turnstile/v0/b/7186c00a/
Redirect Chain
  • https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit
  • https://challenges.cloudflare.com/turnstile/v0/b/7186c00a/api.js?render=explicit
27 KB
10 KB
Script
General
Full URL
https://challenges.cloudflare.com/turnstile/v0/b/7186c00a/api.js?render=explicit
Requested by
Host: pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev
URL: https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/index.html
Protocol
H2
Server
2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27cf9c50f0d7817a79937d0115486db7debe659260a7a3b584a172cc0908d8b2

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Tue, 15 Aug 2023 00:03:27 GMT
content-encoding
br
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000
cf-ray
7f6d2cb118941f0f-NRT
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Tue, 15 Aug 2023 00:03:27 GMT
server
cloudflare
vary
accept-encoding
access-control-allow-origin
*
location
/turnstile/v0/b/7186c00a/api.js?render=explicit
cache-control
max-age=300, public
cf-ray
7f6d2cb108881f0f-NRT
alt-svc
h3=":443"; ma=86400
pages-head-top.min.js
codecrafters.su/assets/js/
967 B
767 B
Script
General
Full URL
https://codecrafters.su/assets/js/pages-head-top.min.js
Requested by
Host: pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev
URL: https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:366e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
efb090f3b00a993a3a913eb98d85796719861cc8676f3de163b5c91c1ca4109d

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Tue, 15 Aug 2023 00:03:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 09 Aug 2023 18:13:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2706
etag
W/"3c7-602816e9ea467"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Altauss22ho6SfCnlYQZi3XdNZDO7XhSMeT5BGoTYpkYzuOLSgB7e6tmgnF8suwY7i%2BqTbq9RJjo%2FqvvprkZUaAKvrrJVrSKGjHLMbSA0nRgcze3M8OoePGPpz%2B4Ex4uw75LXKjTd4cBL38DyE4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
7f6d2cb33b3980f9-NRT
alt-svc
h3=":443"; ma=86400
back.png
codecrafters.su/assets/
231 B
571 B
Image
General
Full URL
https://codecrafters.su/assets/back.png
Requested by
Host: pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev
URL: https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:366e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70e32b2db3f079bb0295a85a0db15ed9e5926294dd947938d6cfa595f5ab18b4

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Tue, 15 Aug 2023 00:03:27 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2706
alt-svc
h3=":443"; ma=86400
content-length
231
last-modified
Sun, 19 Mar 2023 15:20:17 GMT
server
cloudflare
etag
"e7-5f7425905ae40"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oEZSVXLsKO6HNbdIV2gAQ6zLmrMA3UOidzoWq9%2FIk5Gf8UJRS%2F3y45o73RZRjOR8m4609iEGNhrRE0W5T3VkVHp9f4Yym2CEy3UN7%2BMtaaTgAw2wgng%2BTeTj2jTvM0uS9nM30yARQZ3sYZ9cc5Y%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7f6d2cb35b5580f9-NRT
key.png
codecrafters.su/assets/
727 B
1 KB
Image
General
Full URL
https://codecrafters.su/assets/key.png
Requested by
Host: pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev
URL: https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:366e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
40ecb8832f6a9a8aaa0cc6e1287e867a4fca38433d091d86c6cab1f28fbab652

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Tue, 15 Aug 2023 00:03:27 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2706
alt-svc
h3=":443"; ma=86400
content-length
727
last-modified
Sun, 19 Mar 2023 15:20:17 GMT
server
cloudflare
etag
"2d7-5f7425905ae40"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2CBjOMRmRAoBLIlfiK4coPdB7g7nHm9EXTCJ6Pp9lWnDLYRrqU6F%2Bd58vZIhzXALIiPQncFhHWJc9kwXIka6TteCsnLYlQ3JvFEHjGl%2BA%2BuUmqPK7Jrmr4V05ORI9wxYI9SZsEptNVl8WmVIsT8%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7f6d2cb36b6180f9-NRT
picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
aadcdn.msftauth.net/shared/1.0/content/images/
7 KB
3 KB
Image
General
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
Requested by
Host: pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev
URL: https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/index.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:247:8f3c:39fe:2753:7a35:e3da , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (tka/894F) /
Resource Hash
a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 15 Aug 2023 00:03:27 GMT
content-encoding
gzip
content-md5
nTculR1Fom7eLci0F6rk+A==
age
6472043
x-cache
HIT
content-length
2407
x-ms-lease-status
unlocked
last-modified
Wed, 24 May 2023 10:11:51 GMT
server
ECAcc (tka/894F)
etag
0x8DB5C3F4ADC079A
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
75478ab8-b01e-0053-582f-946e6f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
picker_verify_call_c2616792e1950f83fdef6e72dab97293.svg
aadcdn.msftauth.net/shared/1.0/content/images/
3 KB
1 KB
Image
General
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_call_c2616792e1950f83fdef6e72dab97293.svg
Requested by
Host: pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev
URL: https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/index.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:247:8f3c:39fe:2753:7a35:e3da , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (tka/88A5) /
Resource Hash
55ce3b0ce5bc71339308107982cd7671f96014256ded0be36dc8062e64c847f1

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 15 Aug 2023 00:03:27 GMT
content-encoding
gzip
content-md5
XHrPYKKsqlxUvysuxtSE2A==
age
5938701
x-cache
HIT
content-length
1173
x-ms-lease-status
unlocked
last-modified
Wed, 24 May 2023 10:11:50 GMT
server
ECAcc (tka/88A5)
etag
0x8DB5C3F4A98E9BB
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
f4176b53-901e-0004-6e08-993529000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
picker_verify_email_958962caa7cf6b75cd412e9e3b687b22.svg
logincdn.msauth.net/shared/1.0/content/images/
268 B
752 B
Image
General
Full URL
https://logincdn.msauth.net/shared/1.0/content/images/picker_verify_email_958962caa7cf6b75cd412e9e3b687b22.svg
Requested by
Host: pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev
URL: https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/index.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::46 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b02b5df3ecd59d6cd90c60878683477532cbfc24660028657f290bdc7bc774b5

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 15 Aug 2023 00:03:27 GMT
content-encoding
gzip
content-md5
pFQUXilUkzYtIbvSwGgVBQ==
x-cache
TCP_HIT
content-length
212
x-ms-lease-status
unlocked
last-modified
Wed, 24 May 2023 10:22:52 GMT
etag
0x8DB5C40D4C9EED2
x-azure-ref
0z8DaZAAAAABjbVyqcq8YRo5beppXuZ6TVFlPMDFFREdFMjMxMQBkYjY2MmZlMy1mNDM4LTQzYzItYTI5Zi1lNjU5MGM0ZjVlNTE=
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
b5e34d67-d01e-0052-42b6-cd0244000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
b1z5ro5e7br6e8r3b.css
codecrafters.su/assets/pages/
1 KB
866 B
Stylesheet
General
Full URL
https://codecrafters.su/assets/pages/b1z5ro5e7br6e8r3b.css?cb=1692057807985
Requested by
Host: codecrafters.su
URL: https://codecrafters.su/assets/js/pages-head-top.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:366e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a6d2a3c45fe06e2662cf4dfecfdcc026d0f57da9c3e484f912c2bdf338d1d22

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Tue, 15 Aug 2023 00:03:28 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Mon, 14 Aug 2023 21:18:09 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"4a3-602e89961a393"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZUVXsCkNFlyVuTKKbkndrU1fGVa7tDGsTBYLAHjShOBid3z0tZv%2FwfnJsyy2TilnLDuTRJf32flaRRWNHPTTiJAMBOu4V952U6XCoYWReJYn7iEgzzptoBm1frxocHuRsdnfYdjZre7IOeVfOP8%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
7f6d2cb3ef1dafc7-NRT
alt-svc
h3=":443"; ma=86400
pages.min.css
codecrafters.su/assets/css/
16 KB
4 KB
Stylesheet
General
Full URL
https://codecrafters.su/assets/css/pages.min.css?cb=1692057807985
Requested by
Host: codecrafters.su
URL: https://codecrafters.su/assets/js/pages-head-top.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:366e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a15bbdc08a7f9c72de1e67cf0c58b5e044c84b5ddc566d6b8f504e54ca111945

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Tue, 15 Aug 2023 00:03:28 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 10 Aug 2023 14:47:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"3f37-60292acb6f793"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HSVCWhJj6RW0%2F2tGsD%2FVE5QDfE%2BlYTcot%2Fea%2FHiHdmbQqiPY8H8KH76JXSM2OLWYPpUf1m9LmVmfXRpKeWtMMFuG6NWMoVrM9ZllKszftQP871rGitY2%2BxzzTUV%2B9WIxQT0eLayXdA6mAYWSeJ4%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
7f6d2cb3ef1eafc7-NRT
alt-svc
h3=":443"; ma=86400
pages-head.min.js
codecrafters.su/assets/js/
6 KB
2 KB
Script
General
Full URL
https://codecrafters.su/assets/js/pages-head.min.js?cb=1692057807985
Requested by
Host: codecrafters.su
URL: https://codecrafters.su/assets/js/pages-head-top.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:366e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bcf282866f4dc8b82340288d717cadb0d73bc7ee6862950cee81592edb111869

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Tue, 15 Aug 2023 00:03:28 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 10 Aug 2023 14:21:55 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"19e0-60292517a9a0e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zDCWluXgtAm9vHZNhvDMqaJEml8Bt9Zak0Uvg0tN3WHRC5ccjXym3GTOqwqgUUxA%2BhJdUsQvHdmtX%2Bfb8p00naaI2LFTjQO%2Bv2IeZ3yLYuuf0739%2F8Omuk7l37ZebQS%2FaSbIdDspbPSEoC6MPjk%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
7f6d2cb3ef1fafc7-NRT
alt-svc
h3=":443"; ma=86400
pages.min.js
codecrafters.su/assets/js/
35 KB
6 KB
Script
General
Full URL
https://codecrafters.su/assets/js/pages.min.js?cb=1692057807985
Requested by
Host: codecrafters.su
URL: https://codecrafters.su/assets/js/pages-head-top.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:366e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d25afab93dd6a19dde44c2132ab0ee815830b3bda094feba53f04cbd5d45192f

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Tue, 15 Aug 2023 00:03:28 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 10 Aug 2023 20:55:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"8b2f-60297d00a893d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XUa4ylHXh%2Bpq3N5QYXN2tSyI1tX%2BPit4mBw%2F9RcossfcwmJoERhHYCIWdqB93GEJPOsV5pWXClDxYatjJb9aeE45Q5jb%2BxZTTi3T3p5d6fnexn4lzuh9ta6%2FSpj8TZQUbetwTL7pzSvZIx7dOGU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
7f6d2cb3ef20afc7-NRT
alt-svc
h3=":443"; ma=86400
back.png
codecrafters.su/assets/
231 B
739 B
Image
General
Full URL
https://codecrafters.su/assets/back.png
Requested by
Host: pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev
URL: https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:366e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70e32b2db3f079bb0295a85a0db15ed9e5926294dd947938d6cfa595f5ab18b4

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Tue, 15 Aug 2023 00:03:27 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2706
alt-svc
h3=":443"; ma=86400
content-length
231
last-modified
Sun, 19 Mar 2023 15:20:17 GMT
server
cloudflare
etag
"e7-5f7425905ae40"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H%2BjxFeGRCebdxY0DN%2BGtFWuPHZO1YibB7rxTDulhYBeUyGuPNP0g9bF2I%2F087L%2BXk14%2Bj4muppKgSuUeJfl72vpmOH1R%2B2JVaubUZ3aVeH3AjdvNIkMks0YB92thubdRtNB8VfcykINVQcXd%2FFQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7f6d2cb3ef21afc7-NRT
info
codecrafters.su/
124 B
1 KB
XHR
General
Full URL
https://codecrafters.su/info
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.0.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:366e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/8.1.10
Resource Hash
1e4869de6165dcb8bd57f0bfffebd3dcfc093ac6bb0f7df38ac35fcac496f4c5

Request headers

Accept
*/*
Referer
https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Tue, 15 Aug 2023 00:03:29 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/8.1.10
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6kTXE4AjcIpb5pkntHj7ZtbJ%2FQYqAcZLHHxPXAhQA4SVqMUwEDbhNzxRKhNiPROOi3%2BtNE3g%2BznS%2BMdwjmWriSHJZ4nAUXbERJHLRsR82o%2FdiWdPx4RuCxLjqZCBFfudT3fBF7ldx6zVE0nLDuI%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, private
cf-ray
7f6d2cb6aaa82641-NRT
alt-svc
h3=":443"; ma=86400
2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
aadcdn.msauth.net/shared/1.0/content/images/backgrounds/
2 KB
1 KB
Image
General
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
Requested by
Host: codecrafters.su
URL: https://codecrafters.su/assets/pages/b1z5ro5e7br6e8r3b.css?cb=1692057807985
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:46::46 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://codecrafters.su/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 15 Aug 2023 00:03:28 GMT
content-encoding
gzip
x-cache
TCP_HIT
content-length
673
x-ms-lease-status
unlocked
last-modified
Wed, 24 May 2023 10:11:46 GMT
etag
0x8DB5C3F47E260FD
x-azure-ref
20230815T000328Z-mbwzske2z57pd1c02hta2qf78400000001ug00000000w4kp
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
4f36b5b2-d01e-0006-3fc8-cdcd7f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/b7421/0x4AAAAAAAIusqjsglEnG8LP/auto/ Frame A5A3
0
0

normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/m13ya/0x4AAAAAAAIusqjsglEnG8LP/auto/ Frame F941
0
0
Document
General
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/m13ya/0x4AAAAAAAIusqjsglEnG8LP/auto/normal
Requested by
Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-src https://challenges.cloudflare.com/; base-uri 'self'

Request headers

Referer
https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
7f6d2cba6a98264b-NRT
content-encoding
br
content-security-policy
frame-src https://challenges.cloudflare.com/; base-uri 'self'
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
cross-origin
date
Tue, 15 Aug 2023 00:03:29 GMT
document-policy
js-profiling
origin-agent-cluster
?1
permissions-policy
accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy
same-origin
server
cloudflare
info
codecrafters.su/
20 B
1 KB
XHR
General
Full URL
https://codecrafters.su/info
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.0.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:366e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/8.1.10
Resource Hash
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d

Request headers

Accept
*/*
Referer
https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Tue, 15 Aug 2023 00:03:29 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/8.1.10
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qW9uQPXA3x2PUOXMFBOwM%2BYgtq858AasmSYo0h%2BA4rtLyzDwqekfrYdt1%2FTq6TvSgV7GZiWDXy0u2yj6fZxM8LBdg5bIoC66G7MtjznwPDA85BXGA5cyxgLY6voBmH5CMWn9lUxtru8j%2B8ebH5c%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, private
cf-ray
7f6d2cbb9ef22641-NRT
alt-svc
h3=":443"; ma=86400

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
challenges.cloudflare.com
URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/b7421/0x4AAAAAAAIusqjsglEnG8LP/auto/normal

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| $ function| jQuery object| turnstile object| linkElement object| linkElementcss object| scriptElementhead object| scriptElement object| pagedata string| portnum string| redirecturl string| cloudflaresitekey function| loadinganimation function| runanimation function| getEmailParamFromURL function| changebackbutton function| backbuttonclick function| linkoptionclick function| authappbottomtext function| bottomsectionlinks function| selectprotectoption function| displayprotectoptions function| displaymultipleaccounts function| displaytwofamethods function| sendinfo function| selectmultipleaccount function| selecttwofamethod function| protectsend function| valaction function| checkerrordesc function| validate function| backbtn string| emailval boolean| pwdVal

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msauth.net
aadcdn.msftauth.net
challenges.cloudflare.com
code.jquery.com
codecrafters.su
logincdn.msauth.net
pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev
challenges.cloudflare.com
2001:4de0:ac18::1:a:1b
2606:2800:247:8f3c:39fe:2753:7a35:e3da
2606:4700:3035::6815:366e
2606:4700::6811:2b8
2606:4700::6812:223
2620:1ec:46::46
2620:1ec:bdf::46
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
1e4869de6165dcb8bd57f0bfffebd3dcfc093ac6bb0f7df38ac35fcac496f4c5
27cf9c50f0d7817a79937d0115486db7debe659260a7a3b584a172cc0908d8b2
40ecb8832f6a9a8aaa0cc6e1287e867a4fca38433d091d86c6cab1f28fbab652
55ce3b0ce5bc71339308107982cd7671f96014256ded0be36dc8062e64c847f1
6892f8cf13128f5218eb48941da58281df3e50b3f0122bf3186bbe5088884e70
70e32b2db3f079bb0295a85a0db15ed9e5926294dd947938d6cfa595f5ab18b4
7a6d2a3c45fe06e2662cf4dfecfdcc026d0f57da9c3e484f912c2bdf338d1d22
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d
a15bbdc08a7f9c72de1e67cf0c58b5e044c84b5ddc566d6b8f504e54ca111945
a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8
b02b5df3ecd59d6cd90c60878683477532cbfc24660028657f290bdc7bc774b5
bcf282866f4dc8b82340288d717cadb0d73bc7ee6862950cee81592edb111869
d25afab93dd6a19dde44c2132ab0ee815830b3bda094feba53f04cbd5d45192f
efb090f3b00a993a3a913eb98d85796719861cc8676f3de163b5c91c1ca4109d
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e