urlscan.io logo urlscan.io
SecurityTrails logo

client-ssastatement-invoice07.su Open in urlscan Pro
188.114.96.3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://redssainvoice309.s3.amazonaws.com/secolverif654.html
Effective URL: https://client-ssastatement-invoice07.su/ch/index.php?secure
Submission: On August 26 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 188.114.96.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is client-ssastatement-invoice07.su.
TLS certificate: Issued by WE1 on August 7th 2024. Valid for: 3 months.
This is the only time client-ssastatement-invoice07.su was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

IP Address AS Autonomous System
2 52.217.134.217 16509 (AMAZON-02)
2 13 188.114.96.3 13335 (CLOUDFLAR...)
13 2
Domain Requested by
13 client-ssastatement-invoice07.su 2 redirects client-ssastatement-invoice07.su
redssainvoice309.s3.amazonaws.com
2 redssainvoice309.s3.amazonaws.com
13 2

This site contains no links.

Subject Issuer Validity Valid
*.s3.amazonaws.com
Amazon RSA 2048 M01		 2024-04-22 -
2025-04-07		 a year crt.sh
client-ssastatement-invoice07.su
WE1		 2024-08-07 -
2024-11-05		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://client-ssastatement-invoice07.su/ch/index.php?secure
Frame ID: 3F49F15B73978F9819331772DF7BDA72
Requests: 11 HTTP requests in this frame

Frame: https://client-ssastatement-invoice07.su/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js
Frame ID: F430DA835D05E090F17ADD8ECC3C58C7
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

403 Forbidden

Page URL History Show full URLs

  1. https://redssainvoice309.s3.amazonaws.com/secolverif654.html Page URL
  2. https://client-ssastatement-invoice07.su/ch/index.php?secure Page URL
  3. https://client-ssastatement-invoice07.su/cdn-cgi/phish-bypass?atok=I20O6CJfpMnAz6orBGHAQDydwGYowWkm4H2RGkeJFNs-172467... HTTP 301
    https://client-ssastatement-invoice07.su/ch/index.php?secure Page URL
  4. https://client-ssastatement-invoice07.su/ch/index.php?secure Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

13
Requests

92 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

60 kB
Transfer

80 kB
Size

16
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://redssainvoice309.s3.amazonaws.com/secolverif654.html Page URL
  2. https://client-ssastatement-invoice07.su/ch/index.php?secure Page URL
  3. https://client-ssastatement-invoice07.su/cdn-cgi/phish-bypass?atok=I20O6CJfpMnAz6orBGHAQDydwGYowWkm4H2RGkeJFNs-1724678090-0.0.1.1-%2Fch%2Findex.php%3Fsecure HTTP 301
    https://client-ssastatement-invoice07.su/ch/index.php?secure Page URL
  4. https://client-ssastatement-invoice07.su/ch/index.php?secure Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://client-ssastatement-invoice07.su/cdn-cgi/phish-bypass?atok=I20O6CJfpMnAz6orBGHAQDydwGYowWkm4H2RGkeJFNs-1724678090-0.0.1.1-%2Fch%2Findex.php%3Fsecure HTTP 301
  • https://client-ssastatement-invoice07.su/ch/index.php?secure
Request Chain 8
  • https://client-ssastatement-invoice07.su/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://client-ssastatement-invoice07.su/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
secolverif654.html
redssainvoice309.s3.amazonaws.com/ 		109 B
503 B 		Document
General
Check archive.org
Download Go to
Full URL
https://redssainvoice309.s3.amazonaws.com/secolverif654.html
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
52.217.134.217 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
a54230b7ac0b158f49ba1807506c3c2aa4e83b78095aab98a6ad908d311559b2

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Content-Length
109
Content-Type
text/html
Date
Mon, 26 Aug 2024 13:14:50 GMT
ETag
"810192f92a68d1f18caed30e10d33c27"
Last-Modified
Sun, 25 Aug 2024 20:05:07 GMT
Server
AmazonS3
x-amz-id-2
QVJs0SQbs8sDi2t8B9pO9bprW/5tPPpaTxTyrM4E7rL+y/0wM/1q+iYiUW8yEZjjfYnGmwcI8o8=
x-amz-request-id
ABNZWSY932XFAJ97
x-amz-server-side-encryption
AES256
index.php
client-ssastatement-invoice07.su/ch/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://client-ssastatement-invoice07.su/ch/index.php?secure
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
11557efb19a9c0f676a021cfb4dea849867c97eb9df03d1c0ab873cc13efbd93
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://redssainvoice309.s3.amazonaws.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cf-ray
8b94164eb88f6ae6-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 26 Aug 2024 13:14:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LkjPsaVS6%2F1zl3GXBPJO0f40jGvqOBEuAtwJns8XAr5jWKuJC4VybjibBudURh0odJzPap7ddtoRt3aJ9kZ4BH8SlfSursgtvZWUi92e%2B3IL7IqPndnExQh7gRNUbtatzasPVQBmVDTQ90i3Ujv2OUKsKw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
favicon.ico
redssainvoice309.s3.amazonaws.com/ 		243 B
520 B 		Other
General
Check archive.org
Download Go to
Full URL
https://redssainvoice309.s3.amazonaws.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
52.217.134.217 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://redssainvoice309.s3.amazonaws.com/secolverif654.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 26 Aug 2024 13:14:49 GMT
Server
AmazonS3
x-amz-request-id
ABNRAKQFV0BA4TKJ
x-amz-id-2
bk+oL3mIFzOV+ETEJYSIOakd2mz1NWXRfo7eMxfL03OVdj+BWR1BHd8ksE5v68Kac6ugondZTNs=
Transfer-Encoding
chunked
Content-Type
application/xml
cf.errors.css
client-ssastatement-invoice07.su/cdn-cgi/styles/ 		23 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://client-ssastatement-invoice07.su/cdn-cgi/styles/cf.errors.css
Requested by
Host: client-ssastatement-invoice07.su
URL: https://client-ssastatement-invoice07.su/ch/index.php?secure
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://client-ssastatement-invoice07.su/ch/index.php?secure
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 26 Aug 2024 13:14:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 21 Aug 2024 12:07:35 GMT
server
cloudflare
etag
W/"66c5d887-5df3"
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=7200, public
cf-ray
8b94164f18f76ae6-FRA
expires
Mon, 26 Aug 2024 15:14:50 GMT
icon-exclamation.png
client-ssastatement-invoice07.su/cdn-cgi/images/ 		452 B
635 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://client-ssastatement-invoice07.su/cdn-cgi/images/icon-exclamation.png?1376755637
Requested by
Host: client-ssastatement-invoice07.su
URL: https://client-ssastatement-invoice07.su/cdn-cgi/styles/cf.errors.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://client-ssastatement-invoice07.su/cdn-cgi/styles/cf.errors.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 26 Aug 2024 13:14:50 GMT
x-content-type-options
nosniff
last-modified
Wed, 21 Aug 2024 12:07:35 GMT
server
cloudflare
etag
"66c5d887-1c4"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=7200, public
accept-ranges
bytes
cf-ray
8b94164f693b6ae6-FRA
content-length
452
expires
Mon, 26 Aug 2024 15:14:50 GMT
favicon.ico
client-ssastatement-invoice07.su/ 		6 KB
7 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://client-ssastatement-invoice07.su/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41a78184a22ebafc3e6e16cfd3ab7cefc4d05125e1aef56b5b20b5877ba91837
Security Headers
Name Value
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Referer
https://client-ssastatement-invoice07.su/ch/index.php?secure
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 26 Aug 2024 13:14:50 GMT
x-content-type-options
nosniff, nosniff
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H8Cvcw%2FaBiJARhWpUFPxEC%2FzF79YrHUxv%2F4Ix8E%2Far%2BDFe3e9%2BLA67MUn7uliYshcHMxO5Hk1J9R%2BJe8QxOr29cbxaSsbqMLMl8bsYK%2BECDizTQGgcSKva88PEjI7iAi77qqbhe%2FTQGa0AVROwsvyoj%2BZA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
8b94164fc99e6ae6-FRA
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block, 1; mode=block
expires
0
index.php
client-ssastatement-invoice07.su/ch/
Redirect Chain
  • https://client-ssastatement-invoice07.su/cdn-cgi/phish-bypass?atok=I20O6CJfpMnAz6orBGHAQDydwGYowWkm4H2RGkeJFNs-1724678090-0.0.1.1-%2Fch%2Findex.php%3Fsecure
  • https://client-ssastatement-invoice07.su/ch/index.php?secure
19 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://client-ssastatement-invoice07.su/ch/index.php?secure
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
15e1f491c3bf46ac014a7f86322b3c3cbb9e6466fa54b29959aa62968217a0a7
Security Headers
Name Value
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Referer
https://client-ssastatement-invoice07.su/ch/index.php?secure
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status
DYNAMIC
cf-ray
8b94166a3ddc6ae6-FRA
content-type
text/html; charset=utf-8
date
Mon, 26 Aug 2024 13:14:54 GMT
expires
0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wG1htmes%2FY%2FODjOSpYC3C9ZggqFvQk%2F7vbyiBFdK3ShAcoDqjre08I28EtyXfaMp%2B%2Fyu9SsuVbQv5y9sTkDldVDtGDUJOt2gg7qx%2Fznkngwbie%2BPiht2TdxpRDOS4Vvn9KWsgryKMIw9phwVip9CUBjk3A%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-content-type-options
nosniff nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block 1; mode=block

Redirect headers

cache-control
private, no-cache
cf-ray
8b941669fd896ae6-FRA
content-length
167
content-type
text/html
date
Mon, 26 Aug 2024 13:14:54 GMT
location
https://client-ssastatement-invoice07.su/ch/index.php?secure
server
cloudflare
x-content-type-options
nosniff
x-frame-options
DENY
index.php
client-ssastatement-invoice07.su/ch/ 		0
922 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://client-ssastatement-invoice07.su/ch/index.php?secure
Requested by
Host: redssainvoice309.s3.amazonaws.com
URL: https://redssainvoice309.s3.amazonaws.com/secolverif654.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

X-Requested-TimeStamp-Expire
X-Requested-TimeStamp-Combination
X-Requested-Type-Combination
GET
Content-type
application/x-www-form-urlencoded
X-Requested-Type
GET
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Referer
https://client-ssastatement-invoice07.su/ch/index.php?secure
m6HqnRO6rDLr6CRMXphpOe7BnYY
QejrYBOrMBXTH8mKjlfrMtQlzA
df9LqExLP661F3bpaeuAKd6y08U
45322849
X-Requested-TimeStamp
X-Requested-with
XMLHttpRequest

Response headers

pragma
no-cache
date
Mon, 26 Aug 2024 13:14:55 GMT
x-content-type-options
nosniff, nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JpCekyZAoLAJc8%2FadqSsRDqW26HcFKqcd81tWYCjSuInC34HsEPpNP78fVa9bxsMvYHN5PQOs%2FP8GrarXV0Ll6EiJZLhjbIvsv61hxrF1a0mab0Td0IscrmJ9eb4Rrc3sx37ECZhOKWuLgVzt814nKkj5A%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
8b94166c886c6ae6-FRA
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block, 1; mode=block
expires
0
main.js
client-ssastatement-invoice07.su/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/ Frame F430
Redirect Chain
  • https://client-ssastatement-invoice07.su/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://client-ssastatement-invoice07.su/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js?
8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://client-ssastatement-invoice07.su/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js?
Protocol
H3
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9be60c0fd7e0d7b41a742bc6d312d8d5a3424aad48732a751acfd1d3cf72af46
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 26 Aug 2024 13:14:54 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x6hF9j7rw1zEAyowGS4WlQAj0bHOXgughQ5Hr8b8sQp8U5%2BQQbtUCQONBlosh3x4iNTiqpJ2AxRQKgwm7O0MudQ8nYU0YsvcmpGz7D3Tsrl5L72HLer%2FYL3zgqdSmCLa1ek8a8sjZBFiAsSoqcyHJA04ew%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray
8b94166ce8c76ae6-FRA
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Mon, 26 Aug 2024 13:14:54 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4VoBV%2FXIcabxxZd9NBGYO3jc8AziNtfX1Agsb%2BIkcATg5aRRK%2FDoLmEdeMfEn3Vq5%2BaHPrRPWQQV3GPxn%2B38aG4F%2F22gWrvudW3ZXmk4lzrFZ%2BWh1ugtNMfC9E9ktMNmPSbHNud910JKXbFviuiJ2jwAXg%3D%3D"}],"group":"cf-nel","max_age":604800}
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js?
access-control-allow-origin
*
cache-control
max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray
8b94166c886f6ae6-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
favicon.ico
client-ssastatement-invoice07.su/ 		18 KB
18 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://client-ssastatement-invoice07.su/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7328cbf16ffb2402162a605443df5d0226bcf4e254280ec26fe34696ff33727b
Security Headers
Name Value
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Referer
https://client-ssastatement-invoice07.su/ch/index.php?secure
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 26 Aug 2024 13:14:54 GMT
x-content-type-options
nosniff, nosniff
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yKRjO8fSmhQs4tgIVmUkhY%2Bw7Tk9%2BonBjQibxMkloxwsNywhncW9haZES24Y6NokkDe9qPAFxhrZn4ZFnA2mhJleZbqGlMrcllgyCBEiJAFaE9d%2Bv5sBJbL3kq%2FYgUMwzFsuXvwGbEfi%2FQavTL1UWqzNvA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
8b94166c88716ae6-FRA
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block, 1; mode=block
expires
0
8b94166a3ddc6ae6
client-ssastatement-invoice07.su/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame F430 		0
965 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://client-ssastatement-invoice07.su/cdn-cgi/challenge-platform/h/b/jsd/r/8b94166a3ddc6ae6
Requested by
Host: client-ssastatement-invoice07.su
URL: https://client-ssastatement-invoice07.su/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 26 Aug 2024 13:14:55 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZQpwF6xHBa3H99FNmKhlF1vMsAHvOr%2B6lcUfAO9axFbz%2BKKoP1WZVh4xGMfX7eJ%2B05T4qhsWYdtGNr2U7MoNchyI8BqGij9KbpCUXVVLxd0cJvdleu1%2BGSBRegd5jIBfuGKAB76xiRRLsCXxFZ1DBAqZgA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
8b94166da9906ae6-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
Primary Request index.php
client-ssastatement-invoice07.su/ch/ 		548 B
566 B 		Document
General
Check archive.org
Download Go to
Full URL
https://client-ssastatement-invoice07.su/ch/index.php?secure
Requested by
Host: redssainvoice309.s3.amazonaws.com
URL: https://redssainvoice309.s3.amazonaws.com/secolverif654.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393
Security Headers
Name Value
X-Content-Type-Options nosniff nosniff
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Referer
https://client-ssastatement-invoice07.su/ch/index.php?secure
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8b9416705c3b6ae6-FRA
content-encoding
br
content-type
text/html
date
Mon, 26 Aug 2024 13:14:55 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iGM8B1Hl9xwV3lKFxnVnpKSHbSY43Hz44VBiBCe3brLvGzGrYNKyr1zoEcvFMVTbHuwKxQTSmQLzsVfx%2BHn2A4vq8mw3CaLnlUhkIiz3MvD0U1AZIJyPwfenNYTQO3yOD6Wxemx1lUdp9BHR%2ByenV7e9Cg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff nosniff
x-xss-protection
1; mode=block 1; mode=block
favicon.ico
client-ssastatement-invoice07.su/ 		548 B
647 B 		Other
General
Check archive.org
Download Go to
Full URL
https://client-ssastatement-invoice07.su/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393
Security Headers
Name Value
X-Content-Type-Options nosniff, nosniff
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Referer
https://client-ssastatement-invoice07.su/ch/index.php?secure
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
public
date
Mon, 26 Aug 2024 13:14:56 GMT
content-encoding
br
x-content-type-options
nosniff, nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kBmP3lAStGrD%2BCMGMbsDEzm1oerhuVsigJxC203EpQ39HIqTrtNsUIymk7oeWtjOVT9xKGd1TYIemU60cpgQLkUCmJgudU5TJP4CzsTwXLJyfnx4Q9V5mDpBW3kHVqMr%2BRqCRpcj1k1NiCjgsM5JKox%2FNg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutable
cf-ray
8b9416714d176ae6-FRA
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block, 1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Domain/Path Name / Value
client-ssastatement-invoice07.su/ Name: WKQnAFxDK7DzhLDB533p2P397rM
Value: COjg2Wj_vUV31UJCDLJiSDMzcP8
client-ssastatement-invoice07.su/ Name: 88nYCjTOayEjzrfDYtbIpjSu3o4
Value: 1724678076
client-ssastatement-invoice07.su/ Name: fgc_0aj1iU7qjdL84rzp_emL0eM
Value: 1724764476
client-ssastatement-invoice07.su/ Name: hmBeyOxTdNM3TOth_-ObXJqhvP8
Value: UXQTEpz5oqNG0GYcLzN4QCMDfHg
.client-ssastatement-invoice07.su/ Name: __cf_mw_byp
Value: I20O6CJfpMnAz6orBGHAQDydwGYowWkm4H2RGkeJFNs-1724678090-0.0.1.1-/ch/index.php?secure
client-ssastatement-invoice07.su/ Name: DdzH0DYeFu12ZZMwOjk6Q_AlbMg
Value: yhuYJSlBQzE1z4ucWRzFmnNEyKU
client-ssastatement-invoice07.su/ Name: ok3XyIp4xKJaqlIwaERbA8wm9gg
Value: 1724678094
client-ssastatement-invoice07.su/ Name: djnOdr9-CCkHqVIb8hS_KR3cwyc
Value: 1724764494
client-ssastatement-invoice07.su/ Name: PqT8O5eMGfhEkQFCuX-KicBnUMo
Value: uN1GBBj5ssjGg7CAERoqkaBoo0o
client-ssastatement-invoice07.su/ Name: Fdm_8ec3hIjSH2xFXcdaNO0RfQo
Value: 12f3ELOPn0e0PsKPjPfmUJ02BrE
.client-ssastatement-invoice07.su/ Name: cf_clearance
Value: 5DHpUq550g0X2ZeBpBG_xPUJOgp4a43tlnBKwZWBYuM-1724678095-1.2.1.1-23IZzMN1ZL2iK85BSeS5e9DOTJss38WHEKTh0yZg5Z64zvxtms5I1v6M6hcMdckp7Y0WmqYE3iaTkpX9rXE.EIpzMJPUow5GMQQqHNy_Tpvoq0uiSnq5PYzGP6xM1zg0_M2fLF5g_qYJeDog.5hUZZj0BGXn2zORwB8itrtyQm7vM.CnneRuqGWtxhBf4O33giORfC.q5IRgH4dZ3PSQDbDvhjmT25Qn9_fc2iWLeecSxxua7pLTc0nhjPlLQO8d6t7BPcPTEVhsHQmIciUuBu.jmdFx6x9DpnV2LBxW_vN9PkSIgk8WNP5C6EpNwS8lJM5VPE8k76j6RtVoZxBo5DrYdMKGjucz9Mi7mDW2EW_Qn51ja2lInKDkGjPOoWgu
client-ssastatement-invoice07.su/ Name: vVQxAPVOuR5jPrJXt_jP5TKitms
Value: W-vmQRw2kwR9O4rAC0o3TEEqnPw
client-ssastatement-invoice07.su/ Name: PnfeqIIEHtiVK2uovinGayBusAs
Value: 1724678095
client-ssastatement-invoice07.su/ Name: N4P0oMq27u6WP1YJv3EPi8qUp0I
Value: 1724764495
client-ssastatement-invoice07.su/ Name: LMH6RN6JPQ8ZfSEOhzIO8Zwh69c
Value: _qL__52-j2CMOvC709uNjsOU5Qg
client-ssastatement-invoice07.su/ Name: AomVd7BytDrJjKmLYQ7f2g3tMZg
Value: t6F9CuoGmSYYZLkBahdtKalbvaU

6 Console Messages

Source Level URL
Text
network error URL: https://redssainvoice309.s3.amazonaws.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
network error URL: https://client-ssastatement-invoice07.su/favicon.ico
Message:
Failed to load resource: the server responded with a status of 503 ()
network error URL: https://client-ssastatement-invoice07.su/ch/index.php?secure
Message:
Failed to load resource: the server responded with a status of 503 ()
network error URL: https://client-ssastatement-invoice07.su/favicon.ico
Message:
Failed to load resource: the server responded with a status of 503 ()
network error URL: https://client-ssastatement-invoice07.su/ch/index.php?secure
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://client-ssastatement-invoice07.su/favicon.ico
Message:
Failed to load resource: the server responded with a status of 403 ()