urlscan.io logo urlscan.io
SecurityTrails logo

baltazar-gabka.pl Open in urlscan Pro
2606:4700:30::681b:bbd0  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://cloud.degoo.com/e/drive-3xnwvzvboc7q
Effective URL: https://baltazar-gabka.pl/mn/
Submission: On October 08 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 6 domains to perform 10 HTTP transactions. The main IP is 2606:4700:30::681b:bbd0, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is baltazar-gabka.pl.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on April 18th 2019. Valid for: a year.
This is the only time baltazar-gabka.pl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 13.57.82.57 16509 (AMAZON-02)
1 1 2600:9000:20e... 16509 (AMAZON-02)
1 2 2606:4700:21:... 13335 (CLOUDFLAR...)
1 203.119.112.228 56088 (PANDI-ID ...)
6 2606:4700:30:... 13335 (CLOUDFLAR...)
1 2620:1ec:bdf::10 8068 (MICROSOFT...)
10 5
1    13.57.82.57 (San Jose, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-13-57-82-57.us-west-1.compute.amazonaws.com
cloud.degoo.com
1    2600:9000:20eb:c600:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
s82i.app.link
2    2606:4700:21::8d65:780a (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
degoo-production-large-file-us-east1.degoo.me
1    203.119.112.228 (Indonesia)

ASN56088 (PANDI-ID PANDI - Pengelola Nama Domain Internet Indonesia, ID)
PTR: s.id.112.119.203.in-addr.arpa
s.id
6    2606:4700:30::681b:bbd0 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
baltazar-gabka.pl
1    2620:1ec:bdf::10 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
aadcdn.msauth.net
Apex Domain
Subdomains		 Transfer
6 baltazar-gabka.pl
baltazar-gabka.pl
122 KB
2 degoo.me
degoo-production-large-file-us-east1.degoo.me
1 KB
1 msauth.net
aadcdn.msauth.net
19 KB
1 s.id
s.id
analytics.s.id Failed
2 KB
1 app.link
s82i.app.link
829 B
1 degoo.com
cloud.degoo.com
390 B
10 6
Domain Requested by
6 baltazar-gabka.pl s.id
baltazar-gabka.pl
2 degoo-production-large-file-us-east1.degoo.me 1 redirects
1 aadcdn.msauth.net baltazar-gabka.pl
1 s.id
1 s82i.app.link 1 redirects
1 cloud.degoo.com 1 redirects
0 analytics.s.id Failed s.id
10 7

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2019-06-02 -
2020-06-01		 a year crt.sh
*.s.id
COMODO RSA Domain Validation Secure Server CA		 2018-12-03 -
2020-12-02		 2 years crt.sh
aadcdn.msauth.net
Microsoft IT TLS CA 4		 2018-11-07 -
2020-11-07		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://baltazar-gabka.pl/mn/
Frame ID: 1E447B77C62AB4D5E0CE1747D49519A5
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://cloud.degoo.com/e/drive-3xnwvzvboc7q HTTP 307
    https://s82i.app.link/mCYsffhgB0?_p=c11335dc9a027af3ea038cf8ec HTTP 307
    http://degoo-production-large-file-us-east1.degoo.me/QCkr81/h4qICw/html/ChR7vWtjrt32SgpGzMbOdX2GisRwshAA.html?GoogleAccessId=GOOG... HTTP 301
    https://degoo-production-large-file-us-east1.degoo.me/QCkr81/h4qICw/html/ChR7vWtjrt32SgpGzMbOdX2GisRwshAA.html?GoogleAccessId=GOOG... Page URL
  2. https://s.id/73HAY Page URL
  3. https://baltazar-gabka.pl/mn/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

10
Requests

90 %
HTTPS

67 %
IPv6

6
Domains

7
Subdomains

5
IPs

2
Countries

144 kB
Transfer

239 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://cloud.degoo.com/e/drive-3xnwvzvboc7q HTTP 307
    https://s82i.app.link/mCYsffhgB0?_p=c11335dc9a027af3ea038cf8ec HTTP 307
    http://degoo-production-large-file-us-east1.degoo.me/QCkr81/h4qICw/html/ChR7vWtjrt32SgpGzMbOdX2GisRwshAA.html?GoogleAccessId=GOOGFMVLH4WIQJU6BJFH&Expires=2201197843&Signature=0blnrI82s619o26CaXuDoVdPyj4%3D&_branch_match_id=710194212518328202 HTTP 301
    https://degoo-production-large-file-us-east1.degoo.me/QCkr81/h4qICw/html/ChR7vWtjrt32SgpGzMbOdX2GisRwshAA.html?GoogleAccessId=GOOGFMVLH4WIQJU6BJFH&Expires=2201197843&Signature=0blnrI82s619o26CaXuDoVdPyj4%3D&_branch_match_id=710194212518328202 Page URL
  2. https://s.id/73HAY Page URL
  3. https://baltazar-gabka.pl/mn/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://cloud.degoo.com/e/drive-3xnwvzvboc7q HTTP 307
  • https://s82i.app.link/mCYsffhgB0?_p=c11335dc9a027af3ea038cf8ec HTTP 307
  • http://degoo-production-large-file-us-east1.degoo.me/QCkr81/h4qICw/html/ChR7vWtjrt32SgpGzMbOdX2GisRwshAA.html?GoogleAccessId=GOOGFMVLH4WIQJU6BJFH&Expires=2201197843&Signature=0blnrI82s619o26CaXuDoVdPyj4%3D&_branch_match_id=710194212518328202 HTTP 301
  • https://degoo-production-large-file-us-east1.degoo.me/QCkr81/h4qICw/html/ChR7vWtjrt32SgpGzMbOdX2GisRwshAA.html?GoogleAccessId=GOOGFMVLH4WIQJU6BJFH&Expires=2201197843&Signature=0blnrI82s619o26CaXuDoVdPyj4%3D&_branch_match_id=710194212518328202

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
ChR7vWtjrt32SgpGzMbOdX2GisRwshAA.html
degoo-production-large-file-us-east1.degoo.me/QCkr81/h4qICw/html/
Redirect Chain
  • http://cloud.degoo.com/e/drive-3xnwvzvboc7q
  • https://s82i.app.link/mCYsffhgB0?_p=c11335dc9a027af3ea038cf8ec
  • http://degoo-production-large-file-us-east1.degoo.me/QCkr81/h4qICw/html/ChR7vWtjrt32SgpGzMbOdX2GisRwshAA.html?GoogleAccessId=GOOGFMVLH4WIQJU6BJFH&Expires=2201197843&Signature=0blnrI82s619o26CaXuDoV...
  • https://degoo-production-large-file-us-east1.degoo.me/QCkr81/h4qICw/html/ChR7vWtjrt32SgpGzMbOdX2GisRwshAA.html?GoogleAccessId=GOOGFMVLH4WIQJU6BJFH&Expires=2201197843&Signature=0blnrI82s619o26CaXuDo...
67 B
793 B 		Document
General
Check archive.org
Download Go to
Full URL
https://degoo-production-large-file-us-east1.degoo.me/QCkr81/h4qICw/html/ChR7vWtjrt32SgpGzMbOdX2GisRwshAA.html?GoogleAccessId=GOOGFMVLH4WIQJU6BJFH&Expires=2201197843&Signature=0blnrI82s619o26CaXuDoVdPyj4%3D&_branch_match_id=710194212518328202
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:21::8d65:780a , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6434cbacbce8e7851db523153035a6ed919055e3f75819e6e69e81a6df2cf109
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
degoo-production-large-file-us-east1.degoo.me
:scheme
https
:path
/QCkr81/h4qICw/html/ChR7vWtjrt32SgpGzMbOdX2GisRwshAA.html?GoogleAccessId=GOOGFMVLH4WIQJU6BJFH&Expires=2201197843&Signature=0blnrI82s619o26CaXuDoVdPyj4%3D&_branch_match_id=710194212518328202
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Tue, 08 Oct 2019 19:08:41 GMT
content-type
text/html
set-cookie
__cfduid=d9f67ab0dbf8ec302967fb0ef07dddbac1570561721; expires=Wed, 07-Oct-20 19:08:41 GMT; path=/; domain=.degoo.me; HttpOnly; Secure
cf-cache-status
HIT
cache-control
public, max-age=8674000
cf-ray
522a67a97b70595e-VIE
age
67448
etag
W/"65fa83570712163a33d8b2dd7316a9de"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Fri, 17 Jan 2020 04:35:21 GMT
last-modified
Mon, 07 Oct 2019 19:50:40 GMT
strict-transport-security
max-age=2592000; includeSubDomains
vary
Origin, Accept-Encoding
x-content-type-options
nosniff
x-goog-generation
1570477840295904
x-goog-hash
crc32c=7sLoGw== md5=ZfqDVwcSFjoz2LLdcxap3g==
x-goog-metageneration
1
x-goog-storage-class
REGIONAL
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
67
x-guploader-uploadid
AEnB2UoX5WN0oigj2AzBmjq77MeWV3QMbRh_PM2fgRjLGJvJjInmsBrZwka7iBKYAZ7a6tTWSQIR8i-lLFIUrHJlAmANc8TkoA
server
cloudflare
content-encoding
br

Redirect headers

Date
Tue, 08 Oct 2019 19:08:41 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
max-age=3600
Expires
Tue, 08 Oct 2019 20:08:41 GMT
Location
https://degoo-production-large-file-us-east1.degoo.me/QCkr81/h4qICw/html/ChR7vWtjrt32SgpGzMbOdX2GisRwshAA.html?GoogleAccessId=GOOGFMVLH4WIQJU6BJFH&Expires=2201197843&Signature=0blnrI82s619o26CaXuDoVdPyj4%3D&_branch_match_id=710194212518328202
X-Content-Type-Options
nosniff
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
522a67a908715a12-VIE
Cookie set 73HAY
s.id/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.id/73HAY
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.119.112.228 , Indonesia, ASN56088 (PANDI-ID PANDI - Pengelola Nama Domain Internet Indonesia, ID),
Reverse DNS
s.id.112.119.203.in-addr.arpa
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
87aa83782ef1b675e881dcd3f7e4cefe5cccef178c5a836fd1efac63d78c8475

Request headers

Host
s.id
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Referer
https://degoo-production-large-file-us-east1.degoo.me/QCkr81/h4qICw/html/ChR7vWtjrt32SgpGzMbOdX2GisRwshAA.html?GoogleAccessId=GOOGFMVLH4WIQJU6BJFH&Expires=2201197843&Signature=0blnrI82s619o26CaXuDoVdPyj4%3D&_branch_match_id=710194212518328202
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Referer
https://degoo-production-large-file-us-east1.degoo.me/QCkr81/h4qICw/html/ChR7vWtjrt32SgpGzMbOdX2GisRwshAA.html?GoogleAccessId=GOOGFMVLH4WIQJU6BJFH&Expires=2201197843&Signature=0blnrI82s619o26CaXuDoVdPyj4%3D&_branch_match_id=710194212518328202

Response headers

Server
nginx/1.10.3 (Ubuntu)
Date
Tue, 08 Oct 2019 19:08:42 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Cache-Control
private, must-revalidate
pragma
no-cache
expires
-1
Set-Cookie
XSRF-TOKEN=eyJpdiI6Im9xYk5rbGdBK29aRE9peTFVOWpPeHc9PSIsInZhbHVlIjoiUUhsNDBTR2RxSmNTeHpqY0xKeTlHaU5XeE5SVktOK2t6XC93bTlXTVZhWVBZT2pPZmdyRlVnWmtRdjhsaEFwdDBBdjBNZUdITmk4M0hlMzZFS1JWWlwvQT09IiwibWFjIjoiN2QyMWJlOTA4NjUxZmUxNTEzMTA0Y2NjNmM3ZjNkNzkxODBjZGI3ZGIzNWNjODY4N2IyNDU2YjdhYmE3MDFkZCJ9; expires=Tue, 08-Oct-2019 21:08:42 GMT; Max-Age=7200; path=/ major_tom=eyJpdiI6ImtBNTRvb3FqZTdzelQ2c0E1M05TR2c9PSIsInZhbHVlIjoiaVRvVFwvSEFEOGN0VlFtSHZFdnFYNEZyUzloVGNnK1N2WXBcLzFocG90UVdHeGs3M1A5SXJpbm1jbDNTRnFCQ3NGa0hPWVwvYXlJZTZkdXgwMFdYTGU5UVE9PSIsIm1hYyI6IjdkZTc5ZTEyZWM2YTk1NTU4MDczYTFhYWUwNTg0NzZkNWU0YTBmZGRlOTkxOWQ3MDg1NzQ0NmEzZGU1OGE4OTAifQ%3D%3D; expires=Tue, 08-Oct-2019 21:08:42 GMT; Max-Age=7200; path=/; httponly
Content-Encoding
gzip
Primary Request /
baltazar-gabka.pl/mn/ 		17 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://baltazar-gabka.pl/mn/
Requested by
Host: s.id
URL: https://s.id/73HAY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681b:bbd0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / PHP/7.2.21
Resource Hash
1c364a1e51a6ed3dca5ae68adc8b1ad800d43d49e3b833047c00ea4abbdd7572

Request headers

:method
GET
:authority
baltazar-gabka.pl
:scheme
https
:path
/mn/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
referer
https://s.id/73HAY
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Referer
https://s.id/73HAY

Response headers

status
200
date
Tue, 08 Oct 2019 19:08:43 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=dfb2e2e0ee8a71920be91a5b8def8b4a51570561723; expires=Wed, 07-Oct-20 19:08:43 GMT; path=/; domain=.baltazar-gabka.pl; HttpOnly
x-powered-by
PHP/7.2.21
vary
Accept-Encoding
x-turbo-charged-by
LiteSpeed
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
522a67b14e135952-VIE
content-encoding
br
piwik.js
analytics.s.id/ 		0
0
converged.v2.login.min_ia88a1prlwdqyj0b-dw4zw2.css
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ 		100 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_ia88a1prlwdqyj0b-dw4zw2.css
Requested by
Host: baltazar-gabka.pl
URL: https://baltazar-gabka.pl/mn/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
d91ab164f7f64967f34c727db7715d1f65bef2c3f10b76b02c7b1a8ba9c2ddec

Request headers

Sec-Fetch-Mode
cors
Referer
https://baltazar-gabka.pl/mn/
Origin
https://baltazar-gabka.pl
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 08 Oct 2019 19:08:42 GMT
content-encoding
gzip
x-azure-ref-originshield
05miaXQAAAABj4ePBGxirSZ23xUuFbvEeQU1TRURHRTA0MTkAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-md5
sh+WcSBilpQeE1SmF0PW6w==
x-cache
TCP_HIT
status
200
content-length
18743
x-ms-lease-status
unlocked
last-modified
Wed, 13 Mar 2019 06:30:55 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D6A77D72E37AB9
x-azure-ref
0u96cXQAAAACzkLDxoIh4RbX6oZcBTcxVVklFRURHRTAyMjEAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
6911ddef-201e-0055-6a94-7cd34a000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
37_533e293f0c8947ada653b47c00e394e2.png
baltazar-gabka.pl/mn/find/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://baltazar-gabka.pl/mn/find/37_533e293f0c8947ada653b47c00e394e2.png
Requested by
Host: baltazar-gabka.pl
URL: https://baltazar-gabka.pl/mn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681b:bbd0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b5d587f6c48a9b22bbe97150249e0c0655ac1780bd273431480a22f8a5bfef6c

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://baltazar-gabka.pl/mn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 08 Oct 2019 19:08:43 GMT
cf-cache-status
HIT
age
67449
status
200
content-length
1750
last-modified
Mon, 07 Oct 2019 23:20:52 GMT
server
cloudflare
etag
"6d6-5d9bc854-3b41881ddc62ce57;;;"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
cf-ray
522a67b1fe9e5952-VIE
expires
Tue, 15 Oct 2019 19:08:43 GMT
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
baltazar-gabka.pl/mn/find/ 		4 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://baltazar-gabka.pl/mn/find/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Requested by
Host: baltazar-gabka.pl
URL: https://baltazar-gabka.pl/mn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681b:bbd0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://baltazar-gabka.pl/mn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 08 Oct 2019 19:08:43 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 07 Oct 2019 23:20:52 GMT
server
cloudflare
age
67449
etag
W/"e43-5d9bc854-ffcd35bb7f8d2e24;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
522a67b1fe9f5952-VIE
expires
Tue, 15 Oct 2019 19:08:43 GMT
ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
baltazar-gabka.pl/mn/find/ 		915 B
309 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://baltazar-gabka.pl/mn/find/ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
Requested by
Host: baltazar-gabka.pl
URL: https://baltazar-gabka.pl/mn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681b:bbd0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://baltazar-gabka.pl/mn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 08 Oct 2019 19:08:43 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 07 Oct 2019 23:20:52 GMT
server
cloudflare
age
67449
etag
W/"393-5d9bc854-3d20b2e86dcd7395;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
522a67b1fea05952-VIE
expires
Tue, 15 Oct 2019 19:08:43 GMT
ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
baltazar-gabka.pl/mn/find/ 		915 B
325 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://baltazar-gabka.pl/mn/find/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
Requested by
Host: baltazar-gabka.pl
URL: https://baltazar-gabka.pl/mn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681b:bbd0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://baltazar-gabka.pl/mn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 08 Oct 2019 19:08:43 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 07 Oct 2019 23:20:52 GMT
server
cloudflare
age
67449
etag
W/"393-5d9bc854-6a39880d5fab52a5;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
522a67b1fea15952-VIE
expires
Tue, 15 Oct 2019 19:08:43 GMT
gvfRnh.jpg
baltazar-gabka.pl/mn/find/ 		114 KB
114 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://baltazar-gabka.pl/mn/find/gvfRnh.jpg
Requested by
Host: baltazar-gabka.pl
URL: https://baltazar-gabka.pl/mn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681b:bbd0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6cf9dada0d0cfd144034f31f050154491436ad59f1eaa7ba128c5f2eec41cc4a

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://baltazar-gabka.pl/mn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 08 Oct 2019 19:08:43 GMT
cf-cache-status
HIT
age
67449
status
200
content-length
116389
last-modified
Mon, 07 Oct 2019 23:20:52 GMT
server
cloudflare
etag
"1c6a5-5d9bc854-afb67f4b78f867b3;;;"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
cf-ray
522a67b1fea35952-VIE
expires
Tue, 15 Oct 2019 19:08:43 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
analytics.s.id
URL
https://analytics.s.id/piwik.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

1 Cookies

Domain/Path Name / Value
.baltazar-gabka.pl/ Name: __cfduid
Value: dfb2e2e0ee8a71920be91a5b8def8b4a51570561723

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff