event.skinspubgm.com Open in urlscan Pro
2606:4700:3035::6815:558d Public Scan

Go To Rescan
Add Verdict Report

URL:
https://event.skinspubgm.com/
Submission Tags: phishingrod
Submission: On January 04 via api (January 4th 2024, 1:33:54 am UTC) from DE — Scanned from DE

Summary HTTP 13 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 13 HTTP transactions. The main IP is 2606:4700:3035::6815:558d, located in United States and belongs to CLOUDFLARENET, US. The main domain is event.skinspubgm.com.
TLS certificate: Issued by GTS CA 1P5 on December 8th 2023. Valid for: 3 months.

This is the only time event.skinspubgm.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	2606:4700:303... 2606:4700:3035::6815:558d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 6	2606:4700:303... 2606:4700:3036::6815:27b7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:81c::200a	15169 (GOOGLE) (GOOGLE)
2 4	2606:4700::68... 2606:4700::6811:9e0d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	6

4 2606:4700:3035::6815:558d (United States)

ASN13335 (CLOUDFLARENET, US)

event.skinspubgm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:3036::6815:27b7 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cathorpl.aweeh.works	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:9e0d (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

badge.hardenize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	aweeh.works 1 redirects cathorpl.aweeh.works	10 KB
4	hardenize.com 2 redirects badge.hardenize.com — Cisco Umbrella Rank: 782243	5 KB
4	skinspubgm.com event.skinspubgm.com	9 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 708	31 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 438	22 KB
13	5

	Domain	Requested by
6	cathorpl.aweeh.works	1 redirects event.skinspubgm.com cathorpl.aweeh.works
4	badge.hardenize.com	2 redirects cathorpl.aweeh.works
4	event.skinspubgm.com	event.skinspubgm.com
1	ajax.googleapis.com	event.skinspubgm.com
1	cdn.jsdelivr.net	event.skinspubgm.com
13	5

This site contains links to these domains. Also see Links.

Domain
www.hardenize.com

Subject Issuer	Validity	Valid
skinspubgm.com GTS CA 1P5	`2023-12-08` - `2024-03-07`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
aweeh.works GTS CA 1P5	`2023-11-15` - `2024-02-13`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://event.skinspubgm.com/
Frame ID: 68E567AE41A0C7CB7A1A0FFDABEE642C
Requests: 8 HTTP requests in this frame

Frame: https://cathorpl.aweeh.works/ORPrImba
Frame ID: 7983F0B2342AA1D482DB8854AF807E34
Requests: 5 HTTP requests in this frame

Frame: https://cathorpl.aweeh.works/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js
Frame ID: DFD593515DEC22F3DFE7BA350121D5F2
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

www.midasbuy.com

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

13
Requests

77 %
HTTPS

100 %
IPv6

5
Domains

5
Subdomains

6
IPs

2
Countries

77 kB
Transfer

269 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.hardenize.com/report/event.skinspubgm.com?summary

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9

https://cathorpl.aweeh.works/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://cathorpl.aweeh.works/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js

Request Chain 11

https://badge.hardenize.com/v2/images/hardenize-badge-cathorpl.aweeh.works.png HTTP 301
https://badge.hardenize.com/v2/images/hardenize-template-standard.png

Request Chain 13

https://badge.hardenize.com/v2/images/hardenize-badge-event.skinspubgm.com.png HTTP 301
https://badge.hardenize.com/v2/images/hardenize-template-standard.png

13 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
event.skinspubgm.com/ 1 KB
1 KB 1110ms
1026ms Document
text/html 2606:4700:3035::6815:558d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://event.skinspubgm.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:558d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1e9f1eebd957d08f00673725529d70d701d1942aed83d12b196e15becb527df7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 83ffbc4d8d060498-CDG
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 04 Jan 2024 01:33:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oDKgQ3xnvM43Y5KwK7Q%2FBW5z6FoRaDeurd%2B7OKoIR9HbvGPTxYT74%2Bt0iCmyeMHAMHBIxSso0WQ0SnXffBH273KjiiALck80DIgw%2F7lEjfRgZBUv5KMyoLWQ%2F6tC0BA8EvkCm3oYgOfSe%2FMhYPbwpVZhLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed

GET
H2 200 pkDSqsn3JE6bnYbhN8ZSf3m2uUU.js Show response
event.skinspubgm.com/cdn-cgi/apps/head/ 5 KB
2 KB 24ms
23ms Script
application/javascript 2606:4700:3035::6815:558d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://event.skinspubgm.com/cdn-cgi/apps/head/pkDSqsn3JE6bnYbhN8ZSf3m2uUU.js
Requested by: Host: event.skinspubgm.com
URL: https://event.skinspubgm.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:558d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b01b55ce26a9a7dd85e2f6594eca62bdaa3e23e75858264d095a42b9b987b0b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://event.skinspubgm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 01:33:50 GMT
x-amz-version-id: BTN2qTcKwSNnc_LL3JsEOF_XhWfWNIWc
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 9Y4V82WRZB8PM6AC
age: 196460
alt-svc: h3=":443"; ma=86400
x-amz-id-2: ewFz9fRlOkR2/beBfs1s+vW4HGU/ZmhzmIeFryRC/QuZUmr28cttj+i/aEDhp93i56Axk/Yu5W0=
last-modified: Tue, 05 Sep 2023 16:23:35 GMT
server: cloudflare
etag: W/"907e84b0445ba0486210a1f08a68cbda"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AVIrvyBUlQ11fq1tG45XOgWzyktoIGU4xLVZL5%2FBULMKKrF64M%2BsQ87SMdDq7pPxJLuQtFbqFvudvHTU%2F9xLIPk1AUiA3i6kODRusmCd1E7ItHYcjH7cBpNcTKOgfw1%2F9cxV%2FXj3kpWBpCTsZHo32pVkCw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 83ffbc53fa9d0498-CDG

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.1.3/dist/css/ 138 KB
22 KB 32ms
18ms Stylesheet
text/css 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.1.3/dist/css/bootstrap.min.css

Requested by

Host: event.skinspubgm.com
URL: https://event.skinspubgm.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://event.skinspubgm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 01:33:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3185872
x-jsd-version: 4.1.3
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230020-FRA
x-jsd-version-type: version
server: cloudflare
etag: W/"22688-Z1/PKPn783E507LAtnb5b2AaQgM"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lB9JMsNMinhGK1nJ6b1%2Fla6hY0F49E%2F3a%2FNjL2uv%2FPjbj0sP2EFUaNH3k1aMRIgfK2yt5qLgHewOfriuXEF7%2FNM7IrKkyCRVXbbbGoGNA674KhHUCQnH8GAeNICRm7svWV5JjoAiZdGrpaxk9h4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 83ffbc5408ac4dc6-FRA

GET
H2 200 rocket-loader.min.js Show response
event.skinspubgm.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 17ms
17ms Script
application/javascript 2606:4700:3035::6815:558d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://event.skinspubgm.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: event.skinspubgm.com
URL: https://event.skinspubgm.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::6815:558d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://event.skinspubgm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 01:33:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 19 Dec 2023 14:09:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6581a422-302c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IRbdSrQftBA9yuOLaclL2Gt%2BdbLcl1H3nuSJAPdfLLZJbp83gwKiKSDo32kMrIuAa4GScXKH8JPpM5p66FtnW5cpVNawUiX0q5fNNLFOX0vNPn5WDxmDVlbT3MPKQiSzccC%2FAvvAA4F0uKGH%2Fts7Pc7Jnw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 83ffbc542acd0498-CDG
expires: Sat, 06 Jan 2024 01:33:50 GMT

GET
H2 200 z2RtA2QzuH-rzNKkQD2N46zwUSs.js Show response
event.skinspubgm.com/cdn-cgi/apps/body/ 3 KB
2 KB 24ms
24ms Script
application/javascript 2606:4700:3035::6815:558d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://event.skinspubgm.com/cdn-cgi/apps/body/z2RtA2QzuH-rzNKkQD2N46zwUSs.js
Requested by: Host: event.skinspubgm.com
URL: https://event.skinspubgm.com/cdn-cgi/apps/head/pkDSqsn3JE6bnYbhN8ZSf3m2uUU.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:558d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 067cd669a2d5981e0288e557e47606bf43dfe1caf9db076d96271db5a4e570d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://event.skinspubgm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 01:33:50 GMT
x-amz-version-id: bGsXdulBsuUtylvm0lcR4d2D6zDYyiYz
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 9Y4G06KBPMQ1246X
age: 196460
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 06C9ztnrX/mriCu/ueSumdVAo77uulaHmUZsLfl2ed8LwKMZUJ/9112XCYwqwwYQWJjcZonbI5Y=
last-modified: Tue, 05 Sep 2023 16:23:35 GMT
server: cloudflare
etag: W/"6f8234c3f71106e25e75ee69265b62c4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IIrVONzkDgZAWjwKRW6PNYkI7QOHvtGN00HDXbZE5ZDm409gfujD%2B6rLwHR%2BoaRU4754DqZDKHrWq01DtVs5UlLswqzauF0vgdXLDGoTpKIuWKo3j5l%2Bi7rNK%2BHIVQlly%2Fc%2F7B58uN3fgDiYI8WGWKSc9w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 83ffbc542ace0498-CDG

GET
H2 404 ORPrImba Show response
cathorpl.aweeh.works/ Frame 7983 2 KB
2 KB 847ms
778ms Document
text/html 2606:4700:3036::6815:27b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cathorpl.aweeh.works/ORPrImba
Requested by: Host: event.skinspubgm.com
URL: https://event.skinspubgm.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:27b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cc27047764f9ced260ea36a330a4bdd6028c7c16493667bcdd0b59186684f14d

Request headers

Referer: https://event.skinspubgm.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 83ffbc54894e917a-FRA
content-encoding: br
content-type: text/html
date: Thu, 04 Jan 2024 01:33:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a%2F%2FLwYZxA4jUOHmzgIkBkpc75qctIhnHfROPph3c83pHYxMYxFH26LlJPcW53t4eKxuwOLDpsssXE1HcfqF3Dk0BZX7nInlWOrns%2Fpl1vGUxUcA3OULG6gaRH1ls%2BjJD7JhG2suRvCCLo6ztvmxpfG7KGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-turbo-charged-by: LiteSpeed

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
31 KB 31ms
11ms Script
text/javascript 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: event.skinspubgm.com
URL: https://event.skinspubgm.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://event.skinspubgm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 14:16:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 127030
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jan 2025 14:16:40 GMT

GET
DATA 200
OK truncated
/ 237 B
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d2c89721e745c0efd9000e9b67a56371589568bdca99c6fefc4714f9e1509d28

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: text/css;charset=utf-8

GET
H2 200 Hm2FY5wQTdZS3ZPQJh5tLjKLA3M.js Show response
cathorpl.aweeh.works/cdn-cgi/apps/head/ Frame 7983 7 KB
3 KB 14ms
14ms Script
application/javascript 2606:4700:3036::6815:27b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cathorpl.aweeh.works/cdn-cgi/apps/head/Hm2FY5wQTdZS3ZPQJh5tLjKLA3M.js
Requested by: Host: cathorpl.aweeh.works
URL: https://cathorpl.aweeh.works/ORPrImba
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:27b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 888c6a625903f44837cc6bb42bbbb8ebdbf8f668d55e3d8124447202d26a3f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cathorpl.aweeh.works/ORPrImba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 01:33:50 GMT
x-amz-version-id: .9ASEwq_9SL4hQie_eNzb_QrYor3UKxG
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: NAPHSMG1ATK755DM
age: 408125
alt-svc: h3=":443"; ma=86400
x-amz-id-2: dyF18MV6GmA5r6SfQPuGW+LZBrVTalOEpvgK2hfzoawlF6zW4uFO9rnuJKAxYyNX0In9DLWM4s4=
last-modified: Fri, 29 Sep 2023 11:25:42 GMT
server: cloudflare
etag: W/"1a1c7dd75629431f6ef9734a53ab7bf6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BsK%2B3OJaoSV17mfdWWPZCbde2P6Okb5CJ1dgBcO8e7MFcvQ9OV%2BaCJRnq3My5C0qVvpXDLJnWOVDHMrJ3z4QZ3CVe24fC2ADEqTMFvtdEX8fIVW0LhCMK7eBIfVI5V1g1a7d3QdIJ57oPRaaoozr3acNTA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 83ffbc597b01917a-FRA

GET
H2 200 qVyNJpEwZHdQjTtqA-CaNI2CyUQ.js Show response
cathorpl.aweeh.works/cdn-cgi/apps/body/ Frame 7983 3 KB
2 KB 13ms
13ms Script
application/javascript 2606:4700:3036::6815:27b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cathorpl.aweeh.works/cdn-cgi/apps/body/qVyNJpEwZHdQjTtqA-CaNI2CyUQ.js
Requested by: Host: cathorpl.aweeh.works
URL: https://cathorpl.aweeh.works/cdn-cgi/apps/head/Hm2FY5wQTdZS3ZPQJh5tLjKLA3M.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:27b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 68863caca8e386be9898fbef3d797dbf7074d4db1af44f9ca26d7e74d5129505

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cathorpl.aweeh.works/ORPrImba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 01:33:50 GMT
x-amz-version-id: _1POrPfRu6zwt.KMiQVe9k4Hy0CAM1Yt
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: BV0EKYVSPP5FJDWH
age: 408119
alt-svc: h3=":443"; ma=86400
x-amz-id-2: PnR0QCBnxyHQ1RsDfxYSqMTYXSETm35Y5Cu7n05kLJj6MjWKgEiAX7Y3txMAaiHp91ZA2S5qimk=
last-modified: Fri, 29 Sep 2023 11:25:42 GMT
server: cloudflare
etag: W/"bd9402e5cdd386a3cc002ba92a8ec373"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=czY7m1v8TmqHvunU1p6XNHCaRcG6RsltY84Tk3M5fweswdp3NAqVlHtx7%2B7aQRmsNuVfXIPA03SC9%2FCS0f2ziOzOPtbP9tCgXmtnpGVnGwzRvf2gpND5ii3tP25oiDDcn%2Be9s8iRD2PSX0EZwEff6F111w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 83ffbc598b05917a-FRA

GET
H3

200

main.js Show response
cathorpl.aweeh.works/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/ Frame DFD5
Redirect Chain

https://cathorpl.aweeh.works/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://cathorpl.aweeh.works/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js

7 KB
4 KB

19ms
19ms

Script
application/javascript

2606:4700:3036::6815:27b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cathorpl.aweeh.works/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js

Requested by

Host: cathorpl.aweeh.works
URL: https://cathorpl.aweeh.works/ORPrImba

Protocol

Server

2606:4700:3036::6815:27b7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a34932ee4969d3d61c69faa6391455b7270db021b7d7c9c11cf6ca2df1ea66c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 01:33:50 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BrFb4xPfTrLmLpzEZFTIg4c0zjqvYwHpNAK%2BqxHXqX8c70RS09fGwUVsVcPzChrmxF430gjccr8Vnjj5x5Nf0Rz7NuUq2owK%2FekLGnrensDsBulGEH1GH%2BWT5yhPtV0XBHdFE%2BwJNrTPEnP69kWjOQ1bJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 83ffbc59aa4d0a64-AMS
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Thu, 04 Jan 2024 01:33:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DeTEbm3Z3ltbZmXsbakaCM5QAvC%2FT28WqapZivPLo%2BVsG9VHQXELSCxuZ1UZpcdfhIxMSbgCyblrjcY6uRBOgcILaGzmlXyYRixjubcs5z0MDzTgz1e3q%2BynWWdGtWY3wAGQPD1bD%2FjPxcGC5LptkScZzg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js
cache-control: max-age=300, public
cf-ray: 83ffbc599b0a917a-FRA
alt-svc: h3=":443"; ma=86400

GET
DATA 200
OK truncated
/ Frame 7983 237 B
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d2c89721e745c0efd9000e9b67a56371589568bdca99c6fefc4714f9e1509d28

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: text/css;charset=utf-8

GET
H2

200

hardenize-template-standard.png
badge.hardenize.com/v2/images/ Frame 7983
Redirect Chain

https://badge.hardenize.com/v2/images/hardenize-badge-cathorpl.aweeh.works.png
https://badge.hardenize.com/v2/images/hardenize-template-standard.png

2 KB
2 KB

12ms
12ms

Image
image/png

2606:4700::6811:9e0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://badge.hardenize.com/v2/images/hardenize-template-standard.png
Requested by: Host: cathorpl.aweeh.works
URL: https://cathorpl.aweeh.works/ORPrImba
Protocol: H2
Server: 2606:4700::6811:9e0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27a19af3f569e67750083a0464673a91b9eaf00e132c0610e899bed498959df8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cathorpl.aweeh.works/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 01:33:51 GMT
x-amz-version-id: VeZNPhLI3u_qeL2SZ8efpH4VZ5OEpZPz
cf-cache-status: HIT
last-modified: Wed, 23 Jun 2021 13:27:52 GMT
server: cloudflare
x-amz-request-id: WCBPTYRQ4PH0CH6S
age: 660
etag: "64b33e1812b83cdce190fed989401de8"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=3600, public
accept-ranges: bytes
cf-ray: 83ffbc5a5cdf8fd7-FRA
content-length: 2190
x-amz-id-2: 10NJkfiiTb1xlguBAtbh8DMHYdX+yncSvbMyfIJxh7t2zd8QoT16H1tgSYT8BY2Bv2g7fQClFOo=

Redirect headers

date: Thu, 04 Jan 2024 01:33:51 GMT
cf-cache-status: MISS
server: cloudflare
x-amz-request-id: J7P1K1DYVP0H2C2E
vary: Accept-Encoding
location: https://badge.hardenize.com/v2/images/hardenize-template-standard.png
cf-ray: 83ffbc59dcba8fd7-FRA
content-length: 0
x-amz-id-2: AmnATAvOzwzhub/P4PyOsVWCjOc+cMPcdd8cBo/KY6wlYRST35foYE26Ipn5hRFWtfdtc8NJJBo=

POST
H3 200 83ffbc54894e917a Show response
cathorpl.aweeh.works/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame DFD5 0
561 B 35ms
35ms XHR
text/plain 2606:4700:3036::6815:27b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cathorpl.aweeh.works/cdn-cgi/challenge-platform/h/g/jsd/r/83ffbc54894e917a
Requested by: Host: cathorpl.aweeh.works
URL: https://cathorpl.aweeh.works/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:27b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 04 Jan 2024 01:33:51 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=59F73HyO9SYvcgcLUXjnsR%2BERy4X8AHhXLY6FaunbGJY2HcrPFKFz6WPtmabm63S%2B40pcI5YW1pLIUsSMLSf92dGpW14pkZHQlZru2NxMav726bEXjiC19hH6otbvu1KRHFVsvQQ6LThl3orcqYxbk2f8A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 83ffbc5a2acb0a64-AMS
alt-svc: h3=":443"; ma=86400

GET
H2

200

hardenize-template-standard.png
badge.hardenize.com/v2/images/
Redirect Chain

https://badge.hardenize.com/v2/images/hardenize-badge-event.skinspubgm.com.png
https://badge.hardenize.com/v2/images/hardenize-template-standard.png

2 KB
2 KB

12ms
12ms

Image
image/png

2606:4700::6811:9e0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://badge.hardenize.com/v2/images/hardenize-template-standard.png
Protocol: H2
Server: 2606:4700::6811:9e0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27a19af3f569e67750083a0464673a91b9eaf00e132c0610e899bed498959df8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://event.skinspubgm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 01:33:51 GMT
x-amz-version-id: VeZNPhLI3u_qeL2SZ8efpH4VZ5OEpZPz
cf-cache-status: HIT
last-modified: Wed, 23 Jun 2021 13:27:52 GMT
server: cloudflare
x-amz-request-id: WCBPTYRQ4PH0CH6S
age: 660
etag: "64b33e1812b83cdce190fed989401de8"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=3600, public
accept-ranges: bytes
cf-ray: 83ffbc5afd098fd7-FRA
content-length: 2190
x-amz-id-2: 10NJkfiiTb1xlguBAtbh8DMHYdX+yncSvbMyfIJxh7t2zd8QoT16H1tgSYT8BY2Bv2g7fQClFOo=

Redirect headers

date: Thu, 04 Jan 2024 01:33:51 GMT
cf-cache-status: MISS
server: cloudflare
x-amz-request-id: J7P1T3TFRX8AZA9G
vary: Accept-Encoding
location: https://badge.hardenize.com/v2/images/hardenize-template-standard.png
cf-ray: 83ffbc5a7ce78fd7-FRA
content-length: 0
x-amz-id-2: cfkeA1dv6xftwrV1/HuEeB+CCGoxRm+K8bBYQ3ppfAWcpNsR1ryZ99kaSW1z/w1Au6Ab7NPUmoc=

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.aweeh.works/	1970-01-21 02:11:08	Name: cf_clearance Value: dJ330rI_NusKzBLySpbUkCxnYVng7bONcd7GQOezMxY-1704332031-0-2-a648592d.5e77db27.8ee33238-0.2.1704332031

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cathorpl.aweeh.works/ORPrImba Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
badge.hardenize.com
cathorpl.aweeh.works
cdn.jsdelivr.net
event.skinspubgm.com
2606:4700:3035::6815:558d
2606:4700:3036::6815:27b7
2606:4700::6810:5714
2606:4700::6811:9e0d
2a00:1450:4001:81c::200a
067cd669a2d5981e0288e557e47606bf43dfe1caf9db076d96271db5a4e570d9
1e9f1eebd957d08f00673725529d70d701d1942aed83d12b196e15becb527df7
27a19af3f569e67750083a0464673a91b9eaf00e132c0610e899bed498959df8
68863caca8e386be9898fbef3d797dbf7074d4db1af44f9ca26d7e74d5129505
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11
7a34932ee4969d3d61c69faa6391455b7270db021b7d7c9c11cf6ca2df1ea66c
888c6a625903f44837cc6bb42bbbb8ebdbf8f668d55e3d8124447202d26a3f98
b01b55ce26a9a7dd85e2f6594eca62bdaa3e23e75858264d095a42b9b987b0b2
cc27047764f9ced260ea36a330a4bdd6028c7c16493667bcdd0b59186684f14d
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d2c89721e745c0efd9000e9b67a56371589568bdca99c6fefc4714f9e1509d28
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

event.skinspubgm.com Open in urlscan Pro 2606:4700:3035::6815:558d Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

13 Requests

77 %HTTPS

100 %IPv6

5 Domains

5 Subdomains

6 IPs

2 Countries

77 kBTransfer

269 kBSize

1 Cookies

1 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

event.skinspubgm.com Open in urlscan Pro
2606:4700:3035::6815:558d Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

77 %
HTTPS

100 %
IPv6

5
Domains

5
Subdomains

6
IPs

2
Countries

77 kB
Transfer

269 kB
Size

1
Cookies

13 HTTP transactions
2 data transactions