one.winshould.link
Open in
urlscan Pro
2606:4700:3034::6815:1d79
Public Scan
Effective URL: https://one.winshould.link/
Submission Tags: @phish_report
Submission: On February 26 via api from FI — Scanned from NZ
Summary
TLS certificate: Issued by GTS CA 1P5 on February 9th 2024. Valid for: 3 months.
This is the only time one.winshould.link was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 9 | 2606:4700:303... 2606:4700:3034::6815:1d79 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2409:8c20:8ab... 2409:8c20:8ab1:22:1::f4 | 56046 (CMNET-JIA...) (CMNET-JIANGSU-AP China Mobile communications corporation) | |
2 | 2404:2280:1e2... 2404:2280:1e2:0:3::3f7 | 24429 (TAOBAO Zh...) (TAOBAO Zhejiang Taobao Network Co.) | |
10 | 3 |
ASN56046 (CMNET-JIANGSU-AP China Mobile communications corporation, CN)
lf6-cdn-tos.bytecdntp.com |
ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)
lf3-cdn-tos.bytecdntp.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
winshould.link
3 redirects
one.winshould.link |
17 KB |
4 |
bytecdntp.com
lf6-cdn-tos.bytecdntp.com — Cisco Umbrella Rank: 239095 lf3-cdn-tos.bytecdntp.com — Cisco Umbrella Rank: 193638 |
86 KB |
10 | 2 |
Domain | Requested by | |
---|---|---|
9 | one.winshould.link |
3 redirects
one.winshould.link
|
2 | lf3-cdn-tos.bytecdntp.com |
one.winshould.link
|
2 | lf6-cdn-tos.bytecdntp.com |
one.winshould.link
|
10 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
xyun.cloud |
Subject Issuer | Validity | Valid | |
---|---|---|---|
winshould.link GTS CA 1P5 |
2024-02-09 - 2024-05-09 |
3 months | crt.sh |
*.bytecdntp.com RapidSSL TLS RSA CA G1 |
2023-06-30 - 2024-06-28 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://one.winshould.link/
Frame ID: 04AFC99926133C526C1B273CC13D9FEB
Requests: 6 HTTP requests in this frame
Frame:
https://one.winshould.link/cdn-cgi/challenge-platform/h/b/scripts/jsd/0f752fefe334/main.js
Frame ID: FA29DBF0608A29F70070F6E657A67BAB
Requests: 4 HTTP requests in this frame
Screenshot
Page Title
200 OKPage URL History Show full URLs
-
http://one.winshould.link/
HTTP 301
https://one.winshould.link/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: XyunCloud
Search URL Search Domain Scan URL
Title: 违规举报
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://one.winshould.link/
HTTP 301
https://one.winshould.link/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 5- https://one.winshould.link/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- https://one.winshould.link/cdn-cgi/challenge-platform/h/b/scripts/jsd/0f752fefe334/main.js
- https://one.winshould.link/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- https://one.winshould.link/cdn-cgi/challenge-platform/h/b/scripts/jsd/0f752fefe334/main.js
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
one.winshould.link/ Redirect Chain
|
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
lf6-cdn-tos.bytecdntp.com/cdn/expire-1-M/bootstrap/4.6.0/css/ |
158 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rocket-loader.min.js
one.winshould.link/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
typed.min.js
lf6-cdn-tos.bytecdntp.com/cdn/expire-1-M/typed.js/2.0.12/ |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
lf3-cdn-tos.bytecdntp.com/cdn/expire-1-M/jquery/3.6.0/ |
87 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.js
lf3-cdn-tos.bytecdntp.com/cdn/expire-1-M/bootstrap/4.6.0/js/ |
141 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
one.winshould.link/cdn-cgi/challenge-platform/h/b/scripts/jsd/0f752fefe334/ Frame FA29 Redirect Chain
|
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
85b9f3f449c91c5d
one.winshould.link/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame FA29 |
0 607 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
one.winshould.link/cdn-cgi/challenge-platform/h/b/scripts/jsd/0f752fefe334/ Frame FA29 Redirect Chain
|
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
85b9f3f449c91c5d
one.winshould.link/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame FA29 |
0 607 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| __cfQR object| bootstrap function| $ function| jQuery function| Typed function| showPageReason boolean| __cfRLUnblockHandlers1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.winshould.link/ | Name: cf_clearance Value: 4KtTDoINLJug5kXeR1gdCxWiu5eOhaYRQFA0emp6Nq4-1708969022-1.0-AT1+pAHwoZ4/XZ9PEFbdWTWw/kWDgFmE36l+A/fkdgme31CkPyuBE7yavEvvDbot6+wSj/B/FoXwjAC1vokcj2Y= |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
lf3-cdn-tos.bytecdntp.com
lf6-cdn-tos.bytecdntp.com
one.winshould.link
2404:2280:1e2:0:3::3f7
2409:8c20:8ab1:22:1::f4
2606:4700:3034::6815:1d79
26fafff1c5bfbc1ae6680180ba7a03e3c649e2373d05a5f76cf4ef4814a133a3
2a2dc2196454057b3ea0ab39aae9a70888b329a3e5aad23455277b70541b6600
4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601
5154391ed1d39ada814f7298e5c77802f238ee9a74809c0833eab8e470fda0b9
b5de8fd50518000158e7e3fae41b48cfe58582ecfccb1b53b9ade9e7224c2237
c3efcc7acb0f97ffbc136421e3172aaef6212b3545890bfa17ea72ff1be76392
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e