bonusaf.icu Open in urlscan Pro
2606:4700:3033::ac43:ad46 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://bonusaf.icu/
Effective URL:
https://bonusaf.icu/
Submission Tags: threatview.io malwar3ninja rule: suspected phishing scam automated-submission Search All
Submission: On September 04 via api (September 4th 2024, 2:12:51 am UTC) from DE — Scanned from US

Summary HTTP 18 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 4 domains to perform 18 HTTP transactions. The main IP is 2606:4700:3033::ac43:ad46, located in United States and belongs to CLOUDFLARENET, US. The main domain is bonusaf.icu.
TLS certificate: Issued by WE1 on September 2nd 2024. Valid for: 3 months.

This is the only time bonusaf.icu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 7	2606:4700:303... 2606:4700:3033::ac43:ad46	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2606:4700::68... 2606:4700::6811:6c1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:4006:80f::200a	15169 (GOOGLE) (GOOGLE)
18	4

7 2606:4700:3033::ac43:ad46 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

bonusaf.icu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6811:6c1 (United States)

ASN13335 (CLOUDFLARENET, US)

static.geetest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
gcaptcha4.geetest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80f::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	geetest.com static.geetest.com — Cisco Umbrella Rank: 24544 gcaptcha4.geetest.com — Cisco Umbrella Rank: 51640	287 KB
7	bonusaf.icu 1 redirects bonusaf.icu	15 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 110	4 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 336	28 KB
18	4

	Domain	Requested by
8	static.geetest.com	bonusaf.icu static.geetest.com
7	bonusaf.icu	1 redirects bonusaf.icu cdnjs.cloudflare.com
2	fonts.googleapis.com	bonusaf.icu
1	gcaptcha4.geetest.com	static.geetest.com
1	cdnjs.cloudflare.com	bonusaf.icu
18	5

This site contains links to these domains. Also see Links.

Domain
www.geetest.com

Subject Issuer	Validity	Valid
bonusaf.icu WE1	`2024-09-02` - `2024-12-01`	3 months	crt.sh
*.geetest.com GeoTrust TLS RSA CA G1	`2024-03-12` - `2025-03-11`	a year	crt.sh
cdnjs.cloudflare.com WE1	`2024-07-31` - `2024-10-29`	3 months	crt.sh
upload.video.google.com WR2	`2024-08-05` - `2024-10-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://bonusaf.icu/
Frame ID: FEE9E280E71F361ACB65E65D19117F36
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Just a moment...

Page URL History Show full URLs

http://bonusaf.icu/ HTTP 307
https://bonusaf.icu/ Page URL
https://bonusaf.icu/cdn-cgi/phish-bypass?atok=t4.ryzgqNqLGNOf08AFR_X6NeIHQCFozoGOdLZJoRQ8-172541... HTTP 301
https://bonusaf.icu/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

5
Subdomains

4
IPs

1
Countries

334 kB
Transfer

1062 kB
Size

2
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.geetest.com/first_page

Search URL Search Domain Scan URL

URL: https://www.geetest.com/Helper
Title: More info

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bonusaf.icu/ HTTP 307
https://bonusaf.icu/ Page URL
https://bonusaf.icu/cdn-cgi/phish-bypass?atok=t4.ryzgqNqLGNOf08AFR_X6NeIHQCFozoGOdLZJoRQ8-1725415944-0.0.1.1-%2F HTTP 301
https://bonusaf.icu/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://bonusaf.icu/ HTTP 307
https://bonusaf.icu/

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

/ Show response
bonusaf.icu/
Redirect Chain

http://bonusaf.icu/
https://bonusaf.icu/

4 KB
2 KB

41ms
10ms

Document
text/html

2606:4700:3033::ac43:ad46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bonusaf.icu/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:ad46 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eff89002d3e11517bb62d79e089817d4013c3e388e035d133e329a3a037bb800

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cf-ray: 8bda7454ac660f41-EWR
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 04 Sep 2024 02:12:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=up%2BfdiiWCd9Lzt9fvwyF%2F2UtLegFsM1OSJPZ4QnET%2FaPSZCy700kOsuj%2BDNKL7yR1Bsb4d6652iWZjUf6KwuTicb6dZRtJzdeer%2FMx5RdzN86hOzzjOpGYIuoQsoJeZpHWr8skiWZzEG%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

Redirect headers

Location: https://bonusaf.icu/
Non-Authoritative-Reason: HttpsUpgrades

GET
H3 200 cf.errors.css
bonusaf.icu/cdn-cgi/styles/ 23 KB
5 KB 7ms
6ms Stylesheet
text/css 2606:4700:3033::ac43:ad46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bonusaf.icu/cdn-cgi/styles/cf.errors.css

Requested by

Host: bonusaf.icu
URL: https://bonusaf.icu/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:ad46 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://bonusaf.icu/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Wed, 04 Sep 2024 02:12:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 30 Aug 2024 14:26:36 GMT
server: cloudflare
etag: W/"66d1d69c-5df3"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 8bda7454cc850f41-EWR
expires: Wed, 04 Sep 2024 04:12:24 GMT

GET
H3 200 icon-exclamation.png
bonusaf.icu/cdn-cgi/images/ 452 B
634 B 6ms
6ms Image
image/png 2606:4700:3033::ac43:ad46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bonusaf.icu/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: bonusaf.icu
URL: https://bonusaf.icu/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:ad46 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://bonusaf.icu/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Wed, 04 Sep 2024 02:12:24 GMT
x-content-type-options: nosniff
last-modified: Fri, 30 Aug 2024 14:26:36 GMT
server: cloudflare
etag: "66d1d69c-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 8bda7454eca20f41-EWR
content-length: 452
expires: Wed, 04 Sep 2024 04:12:24 GMT

GET
H3 404 favicon.ico
bonusaf.icu/ 209 B
604 B 56ms
55ms Other
text/html 2606:4700:3033::ac43:ad46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bonusaf.icu/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642

Request headers

Referer: https://bonusaf.icu/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Wed, 04 Sep 2024 02:12:24 GMT
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gmUmgNQiK1qgvXDNIxglU%2FVImVZQqHTKhO0EE1AUT4uoLTynMvvr2KL8PB4cIs8KyFTtQyOE7Eaq3FbAZapxZJzzIW2mGfGvZn4zmLH93%2Bm%2BzFia4SMIAvNknZtfs37jU8Jx2%2Fwt9Ue3sQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-ray: 8bda7454fcb50f41-EWR
alt-svc: h3=":443"; ma=86400

GET
H3

200

Primary Request / Show response
bonusaf.icu/
Redirect Chain

https://bonusaf.icu/cdn-cgi/phish-bypass?atok=t4.ryzgqNqLGNOf08AFR_X6NeIHQCFozoGOdLZJoRQ8-1725415944-0.0.1.1-%2F
https://bonusaf.icu/

20 KB
6 KB

60ms
60ms

Document
text/html

2606:4700:3033::ac43:ad46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bonusaf.icu/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: 9a0bca5e859896ef1accfb0e8833914df77fb6b155d8b2e28ce24003c579f2d7

Request headers

Referer: https://bonusaf.icu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8bda746e4f4b0f41-EWR
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 04 Sep 2024 02:12:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KZICpxuepKsoTkfOsZ%2FLXON7lz9Zz11xPWrcnJp665b9Tm8ZMNhgfNQhKcOVp%2F0bUfykDqkJVzE%2FuWKfWgz0fMvK%2BPFbVvqTaqmSF%2FuV7J1MyPA8AZp0XFSYBv8XDK6%2FU26eWqfk6slB6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33

Redirect headers

cache-control: private, no-cache
cf-ray: 8bda746e4f390f41-EWR
content-length: 167
content-type: text/html
date: Wed, 04 Sep 2024 02:12:28 GMT
location: https://bonusaf.icu/
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 gt4.js Show response
static.geetest.com/v4/ 14 KB
5 KB 84ms
29ms Script
application/javascript 2606:4700::6811:6c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.geetest.com/v4/gt4.js
Requested by: Host: bonusaf.icu
URL: https://bonusaf.icu/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:6c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 579d2b6b321ea1cb08b8bf13e9e02917a920b5e63252147ea4dea6732af5a318

Request headers

Referer: https://bonusaf.icu/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Wed, 04 Sep 2024 02:12:28 GMT
content-encoding: gzip
cf-cache-status: HIT
x-goog-meta-goog-reserved-file-mtime: 1704722413
age: 552550
x-guploader-uploadid: ABPtcPrU0GVqBuK92Z5at8igVKIvaF_06bAADph3shNZBhxU-__vxWnM9F3iK-4mcI_lMEc8F0_rJzyxYA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
last-modified: Mon, 08 Jan 2024 14:24:57 GMT
server: cloudflare
etag: W/"8e5bcb6f0d23336a28bf5a0eefa75a6d"
vary: Accept-Encoding
x-goog-generation: 1704723897333529
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=052Szw==, md5=jlvLbw0jM2oov1oO76dabQ==
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
x-goog-meta-mtime: 2024-01-08T14:00:13Z
x-goog-stored-content-length: 14839
cf-ray: 8bda746f0c3b0f37-EWR
expires: Thu, 05 Sep 2024 02:12:28 GMT

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 35ms
23ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: bonusaf.icu
URL: https://bonusaf.icu/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://bonusaf.icu/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Wed, 04 Sep 2024 02:12:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1051753
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27938
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "603e8adc-15d9d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B45VM9vk1SKJzIxT0JviUMmZimbbcAdC2heDLF1VEN7D9jrHywCmebQmife60vkVX1jrplszxcTU4bmLgjXLTOAoKM8tOQj4iXByKpAzCeG52OSjKEeL3mo%2Bt5JkVemlswKJyNBRTd%2Fz5Q1NCfn5wNAr"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8bda746ecddb4326-EWR
expires: Mon, 25 Aug 2025 02:12:28 GMT

GET
H2 200 css2
fonts.googleapis.com/ 20 KB
2 KB 71ms
46ms Stylesheet
text/css 2607:f8b0:4006:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Madimi+One&family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&family=Work+Sans:ital,wght@0,100..900;1,100..900&display=swap

Requested by

Host: bonusaf.icu
URL: https://bonusaf.icu/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

51f1066c0ae23423b388a4de5eeb6225d457d85d783da99c2a14f10185e7f5e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://bonusaf.icu/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 04 Sep 2024 02:12:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 04 Sep 2024 02:12:28 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 04 Sep 2024 02:12:28 GMT

GET
H2 200 css2
fonts.googleapis.com/ 22 KB
2 KB 54ms
28ms Stylesheet
text/css 2607:f8b0:4006:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Inter:wght@100..900&family=Madimi+One&family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&family=Work+Sans:ital,wght@0,100..900;1,100..900&display=swap

Requested by

Host: bonusaf.icu
URL: https://bonusaf.icu/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9925fb2bf1de998836669a7dff227a1b9c4e394e3aacba4545213aea98fda5e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://bonusaf.icu/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 04 Sep 2024 02:12:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 04 Sep 2024 02:12:28 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 04 Sep 2024 02:12:28 GMT

GET
H2 200 load Show response
gcaptcha4.geetest.com/ 2 KB
2 KB 122ms
94ms Script
text/javascript 2606:4700::6811:6c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gcaptcha4.geetest.com/load?callback=geetest_1725415958681&captcha_id=abd79f97e46a03d4c10ab0a58cf279d9&challenge=bd3395a1-be98-4791-9326-206aa640cb97&client_type=web&lang=en-us
Requested by: Host: static.geetest.com
URL: https://static.geetest.com/v4/gt4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:6c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec6889cb1b9ac31f16992bd01fb5c9056c4c95cd64653bbdfc4fdd4687cc612a

Request headers

Referer: https://bonusaf.icu/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Sep 2024 02:12:28 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
etag: W/"a43f762883b703fe1f5fd94d874cb29d69e9b68f"
access-control-allow-methods: GET, POST, PUT, DELETE, PATCH,OPTIONS
content-type: text/javascript;charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
cf-ray: 8bda746facdb0f37-EWR
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,token,GeeToken
expires: 0

GET
H3 200 action.php Show response
bonusaf.icu/ 0
430 B 455ms
455ms XHR
text/html 2606:4700:3033::ac43:ad46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bonusaf.icu/action.php?addr=SITEVISIT_Tue%20Sep%2003%202024%2016:12:28%20GMT-1000%20(Hawaii-Aleutian%20Standard%20Time)&action=NO_WALLETS&url=https%3A%2F%2Fbonusaf.icu%2F
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://bonusaf.icu/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Wed, 04 Sep 2024 02:12:29 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ognQKW3Wye%2BXif1%2FjWwtebpd71QnbMJ3OqQumDqjhZAnsR4VGoQWz2OWP2qKCcmsFGdr9cBCrsSyrpcuscKacyPgTo3W%2Bfzzg8c4N4WipblEA14MUht9gms377o6gSIwcoyq%2FxJ0JdRz3A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-ray: 8bda746fb8cc0f41-EWR
alt-svc: h3=":443"; ma=86400

GET
H2 200 gct4.5a2e755576738ba0499d714db4f1c9e0.js Show response
static.geetest.com/v4/gct/ 3 KB
2 KB 48ms
38ms Script
application/javascript 2606:4700::6811:6c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.geetest.com/v4/gct/gct4.5a2e755576738ba0499d714db4f1c9e0.js
Requested by: Host: static.geetest.com
URL: https://static.geetest.com/v4/gt4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:6c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e72ac688b03131ba0cd4494a2311a9f425fb0bf97ced5ad86053b65f33a31d8

Request headers

Referer: https://bonusaf.icu/
Origin: https://bonusaf.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Wed, 04 Sep 2024 02:12:28 GMT
content-encoding: gzip
cf-cache-status: HIT
x-goog-meta-goog-reserved-file-mtime: 1650609020
age: 62603
x-guploader-uploadid: AD-8ljuIGdKO3rqc4hyriykZr8TOI3yHNTstMmpp1IlCGMg6PA9z_hx6hNZkwF7VpFWnSnw5_g
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
last-modified: Mon, 08 May 2023 03:50:21 GMT
server: cloudflare
etag: W/"87a0a61a119e6b2b2f605f2e03387705"
vary: Accept-Encoding
x-goog-generation: 1683517821612808
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=aj41VQ==, md5=h6CmGhGeaysvYF8uAzh3BQ==
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
x-goog-meta-mtime: 2022-04-22T06:30:20Z
x-goog-stored-content-length: 3119
cf-ray: 8bda74708df341fe-EWR
expires: Thu, 05 Sep 2024 02:12:28 GMT

GET
H2 200 gcaptcha4.js Show response
static.geetest.com/v4/static/v1.8.1-5eb7a6/js/ 666 KB
172 KB 53ms
44ms Script
application/javascript 2606:4700::6811:6c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.geetest.com/v4/static/v1.8.1-5eb7a6/js/gcaptcha4.js
Requested by: Host: static.geetest.com
URL: https://static.geetest.com/v4/gt4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:6c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0a47417c7d760477f0836b2a91f203d0e3265a8f4373f1b9c7516b116cd13349

Request headers

Referer: https://bonusaf.icu/
Origin: https://bonusaf.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Wed, 04 Sep 2024 02:12:28 GMT
content-encoding: gzip
cf-cache-status: HIT
x-goog-meta-goog-reserved-file-mtime: 1724122690
age: 62603
x-guploader-uploadid: AD-8ljs6uiESSK3wfHAcmh9-fhP3f67b9msD4SzZJO-4YQzmNhDLYAC62dqmYd6fSSQnsVHnVQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
last-modified: Tue, 20 Aug 2024 17:04:39 GMT
server: cloudflare
etag: W/"c99b1e668e6a2acf9249ad07d17e40c5"
vary: Accept-Encoding
x-goog-generation: 1724173479421262
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=Lc6iwg==, md5=yZseZo5qKs+SSa0H0X5AxQ==
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
x-goog-meta-mtime: 2024-08-20T02:58:10Z
x-goog-stored-content-length: 681525
cf-ray: 8bda74708df741fe-EWR
expires: Thu, 05 Sep 2024 02:12:28 GMT

GET
H2 200 gcaptcha4.css
static.geetest.com/v4/static/v1.8.1-5eb7a6/css/ 105 KB
12 KB 24ms
24ms Stylesheet
text/css 2606:4700::6811:6c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.geetest.com/v4/static/v1.8.1-5eb7a6/css/gcaptcha4.css
Requested by: Host: static.geetest.com
URL: https://static.geetest.com/v4/static/v1.8.1-5eb7a6/js/gcaptcha4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:6c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 02f3849ee22fabe1467cc857bb6cb0e94b8aec4e9296b92df663c4a26067b5e9

Request headers

Referer: https://bonusaf.icu/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Wed, 04 Sep 2024 02:12:29 GMT
content-encoding: gzip
cf-cache-status: HIT
x-goog-meta-goog-reserved-file-mtime: 1724122698
age: 582148
x-guploader-uploadid: AHxI1nPsSpDjmestr91G7DFcs2WBSuYZ_SQxqTXFZsZ2-3sPwEeMz63b4cD0qMRQDRSWH8JIrNQbH95BsA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
last-modified: Tue, 20 Aug 2024 17:04:38 GMT
server: cloudflare
etag: W/"51281321796170958c44782fb2cd2a11"
vary: Accept-Encoding
x-goog-generation: 1724173478459181
content-type: text/css
access-control-allow-origin: *
x-goog-hash: crc32c=ML1HqA==, md5=USgTIXlhcJWMRHgvss0qEQ==
access-control-expose-headers: Content-Type
cache-control: public, max-age=86400
x-goog-meta-mtime: 2024-08-20T02:58:18Z
x-goog-stored-content-length: 107995
cf-ray: 8bda74716ec30f37-EWR
expires: Thu, 05 Sep 2024 02:12:29 GMT

GET
H2 200 eng.js Show response
static.geetest.com/v4/static/v1.8.1-5eb7a6/i18n/ 2 KB
1 KB 23ms
23ms Script
application/javascript 2606:4700::6811:6c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.geetest.com/v4/static/v1.8.1-5eb7a6/i18n/eng.js
Requested by: Host: static.geetest.com
URL: https://static.geetest.com/v4/static/v1.8.1-5eb7a6/js/gcaptcha4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:6c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eeb552fcdb75e5ea707a46ed0b4ebcc942ac679c09be86d81b6a5e72a436294f

Request headers

Referer: https://bonusaf.icu/
Origin: https://bonusaf.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Wed, 04 Sep 2024 02:12:29 GMT
content-encoding: gzip
cf-cache-status: HIT
x-goog-meta-goog-reserved-file-mtime: 1724122692
age: 62604
x-guploader-uploadid: AD-8ljswNw1aQ_U5T_TiQGEAW0Pi6iVOXxUwgUoMohiRsDn_N_XcixRaehCkrRUguWG1fwIKug
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
last-modified: Tue, 20 Aug 2024 17:04:38 GMT
server: cloudflare
etag: W/"f31e91737ac846efe11713d388f228c3"
vary: Accept-Encoding
x-goog-generation: 1724173478303111
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=vpNRFg==, md5=8x6Rc3rIRu/hFxPTiPIoww==
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
x-goog-meta-mtime: 2024-08-20T02:58:12Z
x-goog-stored-content-length: 2122
cf-ray: 8bda74717ef341fe-EWR
expires: Thu, 05 Sep 2024 02:12:29 GMT

GET
H2 200 sprite.png
static.geetest.com/v4/static/v1.8.1-5eb7a6/css/ 33 KB
33 KB 37ms
36ms Image
image/png 2606:4700::6811:6c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.geetest.com/v4/static/v1.8.1-5eb7a6/css/sprite.png
Requested by: Host: static.geetest.com
URL: https://static.geetest.com/v4/static/v1.8.1-5eb7a6/css/gcaptcha4.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:6c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b125fdbb22d8beeb11be8bc2e0b62ba35bea2ced86c87f9147fb25a8fe728ee2

Request headers

Referer: https://static.geetest.com/v4/static/v1.8.1-5eb7a6/css/gcaptcha4.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Wed, 04 Sep 2024 02:12:29 GMT
cf-cache-status: HIT
x-goog-meta-goog-reserved-file-mtime: 1724122699
age: 582134
x-guploader-uploadid: AHxI1nOiiBaxO-p9rMesN4zP5g7k99BfwQg3Eri4e7NAfLd6I-QaTbnfZoy5LUxXGL2LRp9Xm6CKjMF6-w
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 33281
last-modified: Tue, 20 Aug 2024 17:04:38 GMT
server: cloudflare
etag: "df90b47324246d341ef5005a31790f26"
vary: Accept-Encoding
x-goog-generation: 1724173478287651
content-type: image/png
access-control-allow-origin: *
x-goog-hash: crc32c=77x4yA==, md5=35C0cyQkbTQe9QBaMXkPJg==
access-control-expose-headers: Content-Type
cache-control: public, max-age=86400
x-goog-meta-mtime: 2024-08-20T02:58:19Z
x-goog-stored-content-length: 33281
accept-ranges: bytes
cf-ray: 8bda7471ef4e0f37-EWR
expires: Thu, 05 Sep 2024 02:12:29 GMT

GET
H2 200 a6cd0586c463475eabfe513f0aff50e5.png
static.geetest.com/pictures/v4_pic/slide_2021_07_14/color6/bg/ 52 KB
52 KB 28ms
28ms Image
image/png 2606:4700::6811:6c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.geetest.com/pictures/v4_pic/slide_2021_07_14/color6/bg/a6cd0586c463475eabfe513f0aff50e5.png
Requested by: Host: bonusaf.icu
URL: https://bonusaf.icu/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:6c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22ec1852676be4699e95407b450e8e7fca8b18e881ea4fb7fdaeed89d5468c61

Request headers

Referer: https://bonusaf.icu/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Wed, 04 Sep 2024 02:12:29 GMT
cf-cache-status: HIT
x-goog-meta-goog-reserved-file-mtime: 1626256961
age: 530810
x-guploader-uploadid: ABPtcPr_6EiwLZlx1jZGwfCiGcpKxfCLVnix9KjqSQ_vDYHvco6eE2a_XTppWEwSmukqVqjj72g
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 52812
last-modified: Wed, 10 May 2023 03:18:17 GMT
server: cloudflare
etag: "242a0065d5013160d95e647295e3fc5c"
vary: Accept-Encoding
x-goog-generation: 1683688697132207
content-type: image/png
access-control-allow-origin: *
x-goog-hash: crc32c=aA/kaw==, md5=JCoAZdUBMWDZXmRyleP8XA==
access-control-expose-headers: Content-Type
cache-control: public, max-age=86400
x-goog-meta-mtime: 2021-07-14T10:02:41Z
x-goog-stored-content-length: 52812
accept-ranges: bytes
cf-ray: 8bda7471ef520f37-EWR
expires: Thu, 05 Sep 2024 02:12:29 GMT

GET
H2 200 a6cd0586c463475eabfe513f0aff50e5.png
static.geetest.com/pictures/v4_pic/slide_2021_07_14/color6/slide/ 8 KB
8 KB 27ms
27ms Image
image/png 2606:4700::6811:6c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.geetest.com/pictures/v4_pic/slide_2021_07_14/color6/slide/a6cd0586c463475eabfe513f0aff50e5.png
Requested by: Host: bonusaf.icu
URL: https://bonusaf.icu/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:6c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c55ed3b1226ba675b5133ef20978b2fd72b8e3553dcb25400bdd452cd437e6a3

Request headers

Referer: https://bonusaf.icu/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Wed, 04 Sep 2024 02:12:29 GMT
cf-cache-status: HIT
x-goog-meta-goog-reserved-file-mtime: 1626256961
age: 518900
x-guploader-uploadid: ABPtcPq0-3_EVim2IPaZYD8CCdWm5it9RjFXtC6Isbg-DjMxYOW_VKiYAA2LnYemfcFlw5rNRQg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 7817
last-modified: Wed, 10 May 2023 04:11:50 GMT
server: cloudflare
etag: "4e3d701ecd1669929976da3857102625"
vary: Accept-Encoding
x-goog-generation: 1683691910474191
content-type: image/png
access-control-allow-origin: *
x-goog-hash: crc32c=64OF+g==, md5=Tj1wHs0WaZKZdto4VxAmJQ==
access-control-expose-headers: Content-Type
cache-control: public, max-age=86400
x-goog-meta-mtime: 2021-07-14T10:02:41Z
x-goog-stored-content-length: 7817
accept-ranges: bytes
cf-ray: 8bda7471ef530f37-EWR
expires: Thu, 05 Sep 2024 02:12:29 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.bonusaf.icu/	1970-01-20 23:18:22	Name: __cf_mw_byp Value: t4.ryzgqNqLGNOf08AFR_X6NeIHQCFozoGOdLZJoRQ8-1725415944-0.0.1.1-/
			gcaptcha4.geetest.com/	1970-01-21 08:02:31	Name: captcha_v4_user Value: c2795240c3ed44818680ca616d6c1cd3

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://bonusaf.icu/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bonusaf.icu
cdnjs.cloudflare.com
fonts.googleapis.com
gcaptcha4.geetest.com
static.geetest.com
2606:4700:3033::ac43:ad46
2606:4700::6811:180e
2606:4700::6811:6c1
2607:f8b0:4006:80f::200a
02f3849ee22fabe1467cc857bb6cb0e94b8aec4e9296b92df663c4a26067b5e9
0a47417c7d760477f0836b2a91f203d0e3265a8f4373f1b9c7516b116cd13349
22ec1852676be4699e95407b450e8e7fca8b18e881ea4fb7fdaeed89d5468c61
51f1066c0ae23423b388a4de5eeb6225d457d85d783da99c2a14f10185e7f5e4
579d2b6b321ea1cb08b8bf13e9e02917a920b5e63252147ea4dea6732af5a318
7e72ac688b03131ba0cd4494a2311a9f425fb0bf97ced5ad86053b65f33a31d8
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
9925fb2bf1de998836669a7dff227a1b9c4e394e3aacba4545213aea98fda5e1
9a0bca5e859896ef1accfb0e8833914df77fb6b155d8b2e28ce24003c579f2d7
b125fdbb22d8beeb11be8bc2e0b62ba35bea2ced86c87f9147fb25a8fe728ee2
b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642
c55ed3b1226ba675b5133ef20978b2fd72b8e3553dcb25400bdd452cd437e6a3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec6889cb1b9ac31f16992bd01fb5c9056c4c95cd64653bbdfc4fdd4687cc612a
eeb552fcdb75e5ea707a46ed0b4ebcc942ac679c09be86d81b6a5e72a436294f
eff89002d3e11517bb62d79e089817d4013c3e388e035d133e329a3a037bb800
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

bonusaf.icu Open in urlscan Pro 2606:4700:3033::ac43:ad46 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

100 %HTTPS

100 %IPv6

4 Domains

5 Subdomains

4 IPs

1 Countries

334 kBTransfer

1062 kBSize

2 Cookies

2 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

17 JavaScript Global Variables

2 Cookies

1 Console Messages

Security Headers

Indicators

bonusaf.icu Open in urlscan Pro
2606:4700:3033::ac43:ad46 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

5
Subdomains

4
IPs

1
Countries

334 kB
Transfer

1062 kB
Size

2
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!