sf1c0alxeb6409c856ebbdd.newfiles.ru Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://sf1c0alxeb6409c856ebbdd.newfiles.ru/
Submission: On May 04 via manual (May 4th 2023, 2:33:08 pm UTC) from ES — Scanned from NL

Summary HTTP 20 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 20 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is sf1c0alxeb6409c856ebbdd.newfiles.ru.
TLS certificate: Issued by GTS CA 1P5 on April 23rd 2023. Valid for: 3 months.

This is the only time sf1c0alxeb6409c856ebbdd.newfiles.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 13	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700::68... 2606:4700::6812:6b9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
20	3

13 2a06:98c1:3121::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

sf1c0alxeb6409c856ebbdd.newfiles.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:6b9 (United States)

ASN13335 (CLOUDFLARENET, US)

challenges.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	newfiles.ru 1 redirects sf1c0alxeb6409c856ebbdd.newfiles.ru	221 KB
5	cloudflare.com challenges.cloudflare.com — Cisco Umbrella Rank: 6491	101 KB
20	2

	Domain	Requested by
13	sf1c0alxeb6409c856ebbdd.newfiles.ru	1 redirects sf1c0alxeb6409c856ebbdd.newfiles.ru
5	challenges.cloudflare.com	sf1c0alxeb6409c856ebbdd.newfiles.ru challenges.cloudflare.com
20	2

This site contains links to these domains. Also see Links.

Domain
www.cloudflare.com

Subject Issuer	Validity	Valid
newfiles.ru GTS CA 1P5	`2023-04-23` - `2023-07-22`	3 months	crt.sh
challenges.cloudflare.com Cloudflare Inc ECC CA-3	`2022-09-18` - `2023-09-17`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/
Frame ID: E711053783EAF23A387FD472E50774BE
Requests: 16 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3kuvt/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Frame ID: B52814E5AE909126FF65DA5FBE82F101
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Just a moment...

Page URL History Show full URLs

https://sf1c0alxeb6409c856ebbdd.newfiles.ru/ Page URL
https://sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/phish-bypass?atok=W9pEMMuTKvgmb2W1UnbhcBVuNgrl8JK5mCyA669Ct.w-168321... HTTP 301
https://sf1c0alxeb6409c856ebbdd.newfiles.ru/ Page URL

Page Statistics

20
Requests

85 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

322 kB
Transfer

630 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cloudflare.com/?utm_source=challenge&utm_campaign=m
Title: Cloudflare

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://sf1c0alxeb6409c856ebbdd.newfiles.ru/ Page URL
https://sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/phish-bypass?atok=W9pEMMuTKvgmb2W1UnbhcBVuNgrl8JK5mCyA669Ct.w-1683210778-0-%2F HTTP 301
https://sf1c0alxeb6409c856ebbdd.newfiles.ru/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
sf1c0alxeb6409c856ebbdd.newfiles.ru/ 4 KB
2 KB 100ms
25ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sf1c0alxeb6409c856ebbdd.newfiles.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

61890c37306f0a34204f518aa74f2ff6bd4aa13097c966f814ec77e580a47ec0

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

cf-ray: 7c2174c89c4c9067-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 04 May 2023 14:32:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p83Z%2BD5Dm38sUOsBiyhPHjpvmLJFZkbH9PlKM2W38wtNgauswNcCuYGKaCMqcE%2BZxlpLiHJrs%2BNRk%2FdIvhjPz2Vke9%2FMHFnBhARV6qS4M1Tjrx52OJFKSsuxmvAox7Lohdylzg3iG2g0sSWP7qKw6GB8xJYe0NW6kTiBekZtmTlS3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 cf.errors.css
sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/styles/ 24 KB
5 KB 22ms
22ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/styles/cf.errors.css

Requested by

Host: sf1c0alxeb6409c856ebbdd.newfiles.ru
URL: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 04 May 2023 14:32:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 28 Apr 2023 14:11:18 GMT
server: cloudflare
etag: W/"644bd406-5e44"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 7c2174c8cc7f9067-FRA
expires: Thu, 04 May 2023 16:32:59 GMT

GET
H2 200 icon-exclamation.png
sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/images/ 452 B
541 B 24ms
24ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: sf1c0alxeb6409c856ebbdd.newfiles.ru
URL: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/styles/cf.errors.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 04 May 2023 14:32:59 GMT
x-content-type-options: nosniff
last-modified: Fri, 28 Apr 2023 14:11:18 GMT
server: cloudflare
etag: "644bd406-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 7c2174c91cd09067-FRA
content-length: 452
expires: Thu, 04 May 2023 16:32:59 GMT

GET
H2

403

Primary Request / Show response
sf1c0alxeb6409c856ebbdd.newfiles.ru/
Redirect Chain

https://sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/phish-bypass?atok=W9pEMMuTKvgmb2W1UnbhcBVuNgrl8JK5mCyA669Ct.w-1683210778-0-%2F
https://sf1c0alxeb6409c856ebbdd.newfiles.ru/

7 KB
5 KB

35ms
35ms

Document
text/html

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sf1c0alxeb6409c856ebbdd.newfiles.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84ad8203f0bc84ee474a05578695f3f264ababaf701d36114c874f3acdd90f4c

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-mitigated: challenge
cf-ray: 7c2174e75ca89067-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
date: Thu, 04 May 2023 14:33:03 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9jel2oSXQz126%2FDK%2F3p1CTjT4%2FQTv9ufjakxlduXYF6cZFr7ERVp8iUpXp45p7h9CjcTe5vu62uUofehrcUNUH44cRTs%2FKJPQo0EWiXJWPBsDlMA%2FUeT8yRUUVWu5K3d5lT8Fx2o9PIu%2B5qoKcwitxt6QJE5jxwRCTle5wUgORSC%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

Redirect headers

cache-control: private, no-cache
cf-ray: 7c2174e73c8d9067-FRA
content-length: 167
content-type: text/html
date: Thu, 04 May 2023 14:33:03 GMT
location: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 challenges.css
sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/styles/ 6 KB
3 KB 22ms
21ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/styles/challenges.css

Requested by

Host: sf1c0alxeb6409c856ebbdd.newfiles.ru
URL: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b0bd09c1cc7119d27e45353a59bf6c2721563e1689853ff704057a7439508d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 04 May 2023 14:33:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 28 Apr 2023 14:11:18 GMT
server: cloudflare
etag: W/"644bd406-19c8"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 7c2174e7bd1b9067-FRA
expires: Thu, 04 May 2023 16:33:03 GMT

GET
H2 200 v1 Show response
sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/ 154 KB
56 KB 29ms
28ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7c2174e75ca89067
Requested by: Host: sf1c0alxeb6409c856ebbdd.newfiles.ru
URL: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0cec9cfdb1e09227527b08aee0e0078a6b4b72c3df6f1d373360d12f762e1d8e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/?__cf_chl_rt_tk=cASBe21xBvCVDd6SfH.4ka47c5zXPnbTnE_jsSr6MlQ-1683210783-0-gaNycGzNClA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 04 May 2023 14:33:03 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Otkg3axz%2B0Pmv9JiPzYEYxAz6L0yvFf8ylRv29Zvm%2BzGf%2BrTrBw3d3ch9k%2F0Egzazh1QOaUKykA7XyPZHHxfc191ZxOhy9yS%2FYKXv8HH3MZ8dTPn9%2F44DzuITf1vh2FjGXiZhWFS306kpO3UEAjSGRTHaU03tC7VNZ7VjcX74wsuMg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
cf-ray: 7c2174e7ed3e9067-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 transparent.gif
sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/images/trace/managed/js/ 42 B
124 B 23ms
23ms Image
image/gif 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c2174e75ca89067

Requested by

Host: sf1c0alxeb6409c856ebbdd.newfiles.ru
URL: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/?__cf_chl_rt_tk=cASBe21xBvCVDd6SfH.4ka47c5zXPnbTnE_jsSr6MlQ-1683210783-0-gaNycGzNClA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/?__cf_chl_rt_tk=cASBe21xBvCVDd6SfH.4ka47c5zXPnbTnE_jsSr6MlQ-1683210783-0-gaNycGzNClA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 04 May 2023 14:33:03 GMT
x-content-type-options: nosniff
last-modified: Fri, 28 Apr 2023 14:11:18 GMT
server: cloudflare
etag: "644bd406-2a"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 7c2174e7ed3f9067-FRA
content-length: 42
expires: Thu, 04 May 2023 16:33:03 GMT

GET
H2 200 api.js Show response
challenges.cloudflare.com/turnstile/v0/g/b5e45436/ 15 KB
5 KB 95ms
49ms Script
application/javascript 2606:4700::6812:6b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/g/b5e45436/api.js?onload=_cf_chl_turnstile_l&render=explicit
Requested by: Host: sf1c0alxeb6409c856ebbdd.newfiles.ru
URL: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7c2174e75ca89067
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5205e201bbd649a3a4af0ecb9b1e8a80f73aa8ea4aee1740302b1b8f7435b27f

Request headers

Referer
Origin: https://sf1c0alxeb6409c856ebbdd.newfiles.ru
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 04 May 2023 14:33:04 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cf-ray: 7c2174e89f8e1c11-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 403 favicon.ico
sf1c0alxeb6409c856ebbdd.newfiles.ru/ 7 KB
7 KB 27ms
26ms Image
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sf1c0alxeb6409c856ebbdd.newfiles.ru/favicon.ico

Requested by

Host: sf1c0alxeb6409c856ebbdd.newfiles.ru
URL: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d26cf05b742b4445099533cd69b081c40fb5703220d61f4eddbb4aeca87a4ec5

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 04 May 2023 14:33:04 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: same-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: same-origin
server: cloudflare
cross-origin-opener-policy: same-origin
cf-mitigated: challenge
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yIZCKLduKLfb0LRzParAOoAVq9bMTD9YM68vwmvFWFJ4e0o4YzYdw1QwP4aNZIaBJPDZgTJQGjxFvLX18UjPFjY5t9YcUTF77T4tkaou%2FGc2plCXBDcOUtNDSN003gFudkMkmCY8SXBSAbAH%2FGpy455sTXv0q0ix42%2F9ryYOtBA6tQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cf-ray: 7c2174e85c8418fd-FRA
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
DATA 200
OK truncated
/ 586 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 b1fdc2d0156260c Show response
sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/1318843708:1683209208:K48jdn7ME2MckZ2iWeg79YeqxaKXcrTO5CYSInG2L3g/7c2174e75ca89067/ 180 KB
136 KB 113ms
113ms XHR
text/plain 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/1318843708:1683209208:K48jdn7ME2MckZ2iWeg79YeqxaKXcrTO5CYSInG2L3g/7c2174e75ca89067/b1fdc2d0156260c
Requested by: Host: sf1c0alxeb6409c856ebbdd.newfiles.ru
URL: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7c2174e75ca89067
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ff124f2185bd62bedae5eed1521679f5de493c0e2ed0dfa9c854317528d87d4

Request headers

Referer: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
CF-Challenge: b1fdc2d0156260c
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 04 May 2023 14:33:04 GMT
content-encoding: br
cf_chl_gen: 43Xql4R0lnNc+MCfRuzj39cXYykNj06bYNH7l+JQMCjh+SKvb6yFC/tzhGLGVZxBUDjerRFyi/AhwJ0m3+m1eIFk+IB9V0JQld2TE/TXU5LKIfUUTw3nX2Wbe5SmYz2ANjIxYpmoBMfN/lWiUuLXx7I7iaI5w83HTUNDNJGUgHy86ajWq0/UWby4W591UF6Aerc87lXl1U9SUipwEhwjAvrEeumTUChGQyyPtOCWc+q4LaSUKPsI1TKTKJJTNJAFKD3DDi5/0VAAwh+npwQIrRooal7AgsuKYTSC37kA75aSDOB9aUSfE0JbAtv0dHFRnKA64zfnJHQrWnih8HnhJIqfAa5Mkq71NA08gKDI6rqAsLsurAJ517OZnilT96t7UCy31IXKaXWSSaxtEEYPXVxqOn4M0LkH+3KMf6u2OrqPoDoUbqOn4m8eiR8sHbXL09xGlyBm4Kx9qICJUPfjPxs/w93V4ZtbReHaOHLtR5Q=$RSsq3cyJRqFvSDfnUgVx7w==
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=thgrECyk3xxaKDCfIoG0eEsxA%2FiBzGAR7husapWOka9y35YTpxp9fprQPlcWH7Keoh%2Feq3vpKr9rNa65mZfkFENi%2B9siyGiwt0zWzJhLvMn5M6nNkgTecMldubpiIhPJK0Z1hIUoCpQ9kJEyH95FRJqZ79awoK6cwnF20AjhPp%2B6Ww%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 7c2174e8fd1e18fd-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 401 XUbF-OpUMtZD_NG Show response
sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/challenge-platform/h/g/pat/7c2174e75ca89067/1683210784168/1d70e258668a87c88ecbed77cd996cbb790a513a77bb36a54501c2699e40d314/ 1 B
971 B 29ms
28ms Fetch
text/plain 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/challenge-platform/h/g/pat/7c2174e75ca89067/1683210784168/1d70e258668a87c88ecbed77cd996cbb790a513a77bb36a54501c2699e40d314/XUbF-OpUMtZD_NG
Requested by: Host: sf1c0alxeb6409c856ebbdd.newfiles.ru
URL: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7c2174e75ca89067
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 04 May 2023 14:33:05 GMT
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gHXDiWGaKh8iOy-13zZlsu3kKUTp3uzalRQHCaZ5A0xQAI3NmMWMwYWx4ZWI2NDA5Yzg1NmViYmRkLm5ld2ZpbGVzLnJ1, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAn23qyGdHVs28an7XXJsPKj7kVCaC9GVfIA_hqz7TYAdgPPPWwl9HHr2M2TPFejyc6bFISKBkmpvDiLNyAvKEm13RN65hHys38F97m-W3nV3CX88cMDzDhHNeSKqQo1MoCrKUVRA-HzoI7whFpb6oZatrsiQfT6e0EDSrkJ6AGKwW_hqtTq7Q8oQ8NMvLvQL4MtSLPzPcvwFOz2xb4cnOAAux7Xqj_X9nqx6jEU9gIxdjYa3s0NPyqM-bXlYDhp2Sss_2cyjfmadXK8iNYTmz68Ee9rJbH-kOjl28L1MjBPE6_7T93xkwiDUx1oIe6PkSyh1uv2wJROfbRBP3WttzJwIDAQAB, max-age=20
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PEbVGd%2FrL1jQcMaKNllzOeQ7oY3xyvRh1XeP%2F%2BeQ%2B7qnuMOlrhmXe7utUNPF6iAD236tzMpC4GWOEuPz2DwbpXiWDhaPhV%2BZNvcvj1220mE7OLZotq%2B9XWBQlFTfg7D7r6F7DsvlG86TEHT5Aj73F2yB1GkQh2c37Ri8iWilj2jIWw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 7c2174ef5d1918fd-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 khz8VhCRstP5qB4
sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/challenge-platform/h/g/img/7c2174e75ca89067/1683210784169/ 61 B
477 B 29ms
29ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/challenge-platform/h/g/img/7c2174e75ca89067/1683210784169/khz8VhCRstP5qB4
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de681e717ae4ffd90166442a9d3bebb136aeaf5d6f35a7455d15502e7de40ef6

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 04 May 2023 14:33:05 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c2174f14f5a18fd-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yheq2H5kRcg1S4G5OAOVHx2MTY6wAdHy2G7%2FYcXx4y9A7JexpXq5vrHrfFoyeYvb8h4hMe21bBkRtsx2wkzKytUhNI9tobxyXkHN9Yb74sDQastv4hMNcb%2FvjAf%2FgBHp2AGcooWgiOnku7DXUE7nxYQ2aqL%2Bw5l1oy%2FG0AZuy2MBmw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png

GET
BLOB 200
OK 5f1b9359-17fd-4966-9251-783386c74703
https://sf1c0alxeb6409c856ebbdd.newfiles.ru/ 656 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://sf1c0alxeb6409c856ebbdd.newfiles.ru/5f1b9359-17fd-4966-9251-783386c74703
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e41277bd48cc271455c85a90d1458c60265604cb04fcd58fc06436741d3d8c7c

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Length: 656
Content-Type: text/javascript

POST
H3 200 b1fdc2d0156260c Show response
sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/1318843708:1683209208:K48jdn7ME2MckZ2iWeg79YeqxaKXcrTO5CYSInG2L3g/7c2174e75ca89067/ 7 KB
6 KB 54ms
51ms XHR
text/plain 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/1318843708:1683209208:K48jdn7ME2MckZ2iWeg79YeqxaKXcrTO5CYSInG2L3g/7c2174e75ca89067/b1fdc2d0156260c
Requested by: Host: sf1c0alxeb6409c856ebbdd.newfiles.ru
URL: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7c2174e75ca89067
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41eb20a8971883ec4e14261a01d3c86e000e33726f6cd5aefaf017a9621c2da9

Request headers

Referer: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
CF-Challenge: b1fdc2d0156260c
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 04 May 2023 14:33:06 GMT
content-encoding: br
cf_chl_gen: F3cmyQQoPed2KmTXIgG069/N0Nei8Puc9q0OBXR3ZjeDsQthoBisgqRaV8Ra3LTR$zP+uuNZWmlGCdKcFEuCfHA==
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q%2FpxC7u%2BT5SYH61GcBYXhAJ7%2F1TfsdfjN6iRIjhJsZi%2Fqw4cwLhiEfqdXvuyMX%2FKKNxf8jPxpFmN4ty1Jo5l7gLv3YJyyA8t1wgoTBF9QFVnYQk%2FfNiSyWDXUftFsU7ywC0CoiFv5xloD%2BAQF39b9jwSUIga%2FCslwN1YD%2BACzCHOwA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 7c2174f4fbeb18fd-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 normal Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3kuvt/0x4AAAAAAAAjq6WYeRDKmebM/light/ Frame B528 22 KB
7 KB 61ms
37ms Document
text/html 2606:4700::6812:6b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3kuvt/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/g/b5e45436/api.js?onload=_cf_chl_turnstile_l&render=explicit
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 336920b2514a2ff43a57b8cb83907dfca7cdb8290b26efb9941b6063ea685ba3

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=0, must-revalidate
cf-ray: 7c2174f589241cb5-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Thu, 04 May 2023 14:33:06 GMT
document-policy: js-profiling
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare

GET
DATA 200
OK truncated
/ 187 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ddc1e33de02a96249bf85fc7b16e669317a81d8e2fc403ddb1ded6c465dd578

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 v1 Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/ Frame B528 149 KB
53 KB 33ms
32ms Script
application/javascript 2606:4700::6812:6b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7c2174f589241cb5
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3kuvt/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6409dbd05bc7fb12a5a69d1706f994b0320c26a9332537a6d0c368dc3bd8bee1

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3kuvt/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 04 May 2023 14:33:07 GMT
cache-control: max-age=0, must-revalidate
content-encoding: br
server: cloudflare
cf-ray: 7c2174fc5ae01cb5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type: application/javascript; charset=UTF-8

POST
H3 200 59981b922116e73 Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1200575926:1683209130:59yAjfDtn4JvVTLPhLuKaDULx08INmw_cCuUrzcOw0o/7c2174f589241cb5/ Frame B528 50 KB
34 KB 65ms
65ms XHR
text/plain 2606:4700::6812:6b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1200575926:1683209130:59yAjfDtn4JvVTLPhLuKaDULx08INmw_cCuUrzcOw0o/7c2174f589241cb5/59981b922116e73
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7c2174f589241cb5
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ccd2f65c0d4dc0ef307d5eb2fb5238034e815666c6eb6a868c2002c3497d7b9

Request headers

Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3kuvt/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
CF-Challenge: 59981b922116e73
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 04 May 2023 14:33:07 GMT
content-encoding: br
cf_chl_gen: sN6xQxQpm6O5P0DO10JTmdUkwxhVszObABv9a4DNG+b0ojCJGSOYBKf2Dz1YhCtnnMMmh4OdQcC8uPAtM6XJp2BQjShaLREzeEPiwaKiM2Dw12+5jNN6Du4QIyakjg7B1H199te8Loph9e74aQSgQvzEPHg61SNfUM1fMeZM2BRHjr1WRsV14nloNJuvRHUYp9i7oLXdw1w8jffy4SenIxF5DZkyxS2bEz55xotV0C72hXyhoOPGd1ZVJ9bAmJiO7rhdqJUkNgv3mVYHan2SAyWkslmgQZHwf8JZNVSmz38Yn2Bkv0Gkl8Qb4Ky28gEFAZW63tkojyR/DoCNACQl9Zu2ueHP0h4Bi6ifbXgeknljDj+pEdDziyQTxXF1SoLh$bZGdLaEDn18xAaoBbDXClg==
server: cloudflare
cf-ray: 7c2174fd9cb71cb5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type: text/plain; charset=UTF-8

GET
H3 200 gktrXXlrY2nb2H3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7c2174f589241cb5/1683210787473/ Frame B528 61 B
167 B 29ms
29ms Image
image/png 2606:4700::6812:6b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7c2174f589241cb5/1683210787473/gktrXXlrY2nb2H3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 143315f8df2851ee50e4024fe84902f4067d99e3e7fe38a4c154a3c176db9d28

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3kuvt/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 04 May 2023 14:33:07 GMT
server: cloudflare
cf-ray: 7c2174ff7f471cb5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type: image/png

GET
BLOB 200
OK 465ab397-6556-4efd-a6f8-1dec4a62efdd
https://challenges.cloudflare.com/ Frame B528 656 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://challenges.cloudflare.com/465ab397-6556-4efd-a6f8-1dec4a62efdd
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e41277bd48cc271455c85a90d1458c60265604cb04fcd58fc06436741d3d8c7c

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3kuvt/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Length: 656
Content-Type: text/javascript

GET
BLOB 200
OK 7820ee9e-774e-4a48-a730-9bed5653d081
https://challenges.cloudflare.com/ Frame B528 539 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://challenges.cloudflare.com/7820ee9e-774e-4a48-a730-9bed5653d081
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 08c91791d18c8b35509f8951ba53b3868ebc91a142f78fb1294aadad03f537c8

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3kuvt/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Length: 539
Content-Type: text/javascript

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.sf1c0alxeb6409c856ebbdd.newfiles.ru/	1970-01-20 11:34:57	Name: __cf_mw_byp Value: W9pEMMuTKvgmb2W1UnbhcBVuNgrl8JK5mCyA669Ct.w-1683210778-0-/

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/ Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://sf1c0alxeb6409c856ebbdd.newfiles.ru/cdn-cgi/challenge-platform/h/g/pat/7c2174e75ca89067/1683210784168/1d70e258668a87c88ecbed77cd996cbb790a513a77bb36a54501c2699e40d314/XUbF-OpUMtZD_NG Message: Failed to load resource: the server responded with a status of 401 ()
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

challenges.cloudflare.com
sf1c0alxeb6409c856ebbdd.newfiles.ru
2606:4700::6812:6b9
2a06:98c1:3121::3
08c91791d18c8b35509f8951ba53b3868ebc91a142f78fb1294aadad03f537c8
0cec9cfdb1e09227527b08aee0e0078a6b4b72c3df6f1d373360d12f762e1d8e
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
143315f8df2851ee50e4024fe84902f4067d99e3e7fe38a4c154a3c176db9d28
2b0bd09c1cc7119d27e45353a59bf6c2721563e1689853ff704057a7439508d2
2ff124f2185bd62bedae5eed1521679f5de493c0e2ed0dfa9c854317528d87d4
336920b2514a2ff43a57b8cb83907dfca7cdb8290b26efb9941b6063ea685ba3
41eb20a8971883ec4e14261a01d3c86e000e33726f6cd5aefaf017a9621c2da9
4ddc1e33de02a96249bf85fc7b16e669317a81d8e2fc403ddb1ded6c465dd578
5205e201bbd649a3a4af0ecb9b1e8a80f73aa8ea4aee1740302b1b8f7435b27f
61890c37306f0a34204f518aa74f2ff6bd4aa13097c966f814ec77e580a47ec0
6409dbd05bc7fb12a5a69d1706f994b0320c26a9332537a6d0c368dc3bd8bee1
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
7ccd2f65c0d4dc0ef307d5eb2fb5238034e815666c6eb6a868c2002c3497d7b9
84ad8203f0bc84ee474a05578695f3f264ababaf701d36114c874f3acdd90f4c
d26cf05b742b4445099533cd69b081c40fb5703220d61f4eddbb4aeca87a4ec5
de681e717ae4ffd90166442a9d3bebb136aeaf5d6f35a7455d15502e7de40ef6
e41277bd48cc271455c85a90d1458c60265604cb04fcd58fc06436741d3d8c7c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa

sf1c0alxeb6409c856ebbdd.newfiles.ru Open in urlscan Pro 2a06:98c1:3121::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

20 Requests

85 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

322 kBTransfer

630 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

1 Cookies

5 Console Messages

Security Headers

Indicators

sf1c0alxeb6409c856ebbdd.newfiles.ru Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

85 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

322 kB
Transfer

630 kB
Size

1
Cookies

20 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!