rem6a0.calasavacj.com Open in urlscan Pro
2a06:98c1:3120::3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.competitionline.com/de/autologin?ref=http://floriu.com%2F%2F%2F%2F%2F%2F%2F%2F/hidcofirc/%2F%2F%2F%2F/5valby%2F%2F%2...
Effective URL:
https://rem6a0.calasavacj.com/Mefishman@hess.com
Submission: On May 18 via manual (May 18th 2023, 11:39:01 pm UTC) from IN — Scanned from DE

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 4 domains to perform 15 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is rem6a0.calasavacj.com.
TLS certificate: Issued by E1 on May 18th 2023. Valid for: 3 months.

This is the only time rem6a0.calasavacj.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	52.222.214.110 52.222.214.110	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:303... 2606:4700:3038::6815:eb1b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700::68... 2606:4700::6812:7b9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	4

1 52.222.214.110 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-110.fra56.r.cloudfront.net

www.competitionline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3038::6815:eb1b (United States)

ASN13335 (CLOUDFLARENET, US)

floriu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

rem6a0.calasavacj.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6812:7b9 (United States)

ASN13335 (CLOUDFLARENET, US)

challenges.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	calasavacj.com rem6a0.calasavacj.com	190 KB
6	cloudflare.com challenges.cloudflare.com — Cisco Umbrella Rank: 6358	169 KB
1	floriu.com floriu.com	753 B
1	competitionline.com 1 redirects www.competitionline.com	791 B
15	4

	Domain	Requested by
7	rem6a0.calasavacj.com	rem6a0.calasavacj.com
6	challenges.cloudflare.com	rem6a0.calasavacj.com challenges.cloudflare.com
1	floriu.com
1	www.competitionline.com	1 redirects
15	4

This site contains no links.

Subject Issuer	Validity	Valid
calasavacj.com E1	`2023-05-18` - `2023-08-16`	3 months	crt.sh
challenges.cloudflare.com Cloudflare Inc ECC CA-3	`2022-09-18` - `2023-09-17`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://rem6a0.calasavacj.com/Mefishman@hess.com
Frame ID: 46C0B28BEA38767B536DAB69E70527DA
Requests: 10 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3ui23/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Frame ID: 2DA3D6F3FC0CC20D95A5B13364036D3B
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Loading...

Page Statistics

15
Requests

87 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

1
Countries

360 kB
Transfer

654 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://www.competitionline.com/de/autologin?ref=http://floriu.com%2F%2F%2F%2F%2F%2F%2F%2F/hidcofirc/%2F%2F%2F%2F/5valby%2F%2F%2F%2FZWZpc2htYW5AaGVzcy5jb20= HTTP 303
http://floriu.com/////////hidcofirc//////5valby////ZWZpc2htYW5AaGVzcy5jb20=

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

ZWZpc2htYW5AaGVzcy5jb20= Show response
floriu.com/////////hidcofirc//////5valby////
Redirect Chain

https://www.competitionline.com/de/autologin?ref=http://floriu.com%2F%2F%2F%2F%2F%2F%2F%2F/hidcofirc/%2F%2F%2F%2F/5valby%2F%2F%2F%2FZWZpc2htYW5AaGVzcy5jb20=
http://floriu.com/////////hidcofirc//////5valby////ZWZpc2htYW5AaGVzcy5jb20=

0
753 B

459ms
443ms

Document
text/html

2606:4700:3038::6815:eb1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://floriu.com/////////hidcofirc//////5valby////ZWZpc2htYW5AaGVzcy5jb20=
Protocol: HTTP/1.1
Server: 2606:4700:3038::6815:eb1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

CF-Cache-Status: DYNAMIC
CF-RAY: 7c97efcb18282c4a-FRA
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Thu, 18 May 2023 23:38:57 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LkwEOCbVXz7jbWj96olY21znKCmQZM5evTofrOXJn%2Bc610KfR5XipT%2Ffr79RfzTdlubXPaZkWs6V9X2bDubynJhsksshi0Oyr8x08zAsil2h2T4C8HlOZhLQ1mK4m11PaFzyLXu9ITl1"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
X-Powered-By: PHP/5.6.40
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
refresh: 0;url=https://rem6a0.calasavacj.com/Mefishman@hess.com

Redirect headers

alt-svc: h3=":443"; ma=86400
content-length: 0
date: Thu, 18 May 2023 23:38:57 GMT
location: http://floriu.com/////////hidcofirc//////5valby////ZWZpc2htYW5AaGVzcy5jb20=
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
x-amz-cf-id: OyKD_S5GStKwoxry71qikhLC0Ct-mITf8mWvFYqhnEHaAfotFjGgbA==
x-amz-cf-pop: FRA56-P3
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: DENY SAMEORIGIN
x-permitted-cross-domain-policies: master-only
x-xss-protection: 1; mode=block

GET
H2 403 Primary Request Mefishman@hess.com Show response
rem6a0.calasavacj.com/ 8 KB
5 KB 52ms
16ms Document
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://rem6a0.calasavacj.com/Mefishman@hess.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd7adad77fa9fee8b4c2f75a788cf64406ddb8977ee736db7deb42c9b41ffd27

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: http://floriu.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-mitigated: challenge
cf-ray: 7c97efce38ba1bdb-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
date: Thu, 18 May 2023 23:38:57 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IrYDaP%2BveVstav5FospzVNWSAs9dwPq4HkaF9hM%2B6%2FU3CdWAvfQ%2Bh49lnwkcGg04onThFNYlpDdrCUPgquflqOjJi%2FH%2B63t4Fhha%2BbDUziNYATKv2P13hYH%2BQaEYe6jRSGbP6Voa09iOhl%2B72gHudTnPuRM%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 v1 Show response
rem6a0.calasavacj.com/cdn-cgi/challenge-platform/h/g/orchestrate/managed/ 142 KB
51 KB 18ms
17ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rem6a0.calasavacj.com/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7c97efce38ba1bdb
Requested by: Host: rem6a0.calasavacj.com
URL: https://rem6a0.calasavacj.com/Mefishman@hess.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c6fd20a251a45f5df63a5bd8a33def9e02c340a2062a600f7e02c58a0a2a4f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rem6a0.calasavacj.com/Mefishman@hess.com?__cf_chl_rt_tk=pxh9MleWGbgzSn0Z0GZbtrIsyqsjoHMQh.t2qbNJXl8-1684453137-0-gaNycGzNC6U
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 23:38:57 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BU9byA1OTpv9XfC1bVq3M%2BJKXjNo7JMLNRQbvpsg5GD9BwNrr%2FyHTTPiZfn6%2BxLALC1oll2Uix1IhnpkkKGUcOJ98fq%2F%2B3skljXGoJ8YkhIg%2FGsVHavqFc9jB8BOdoJPJIGpeJ%2FJ%2Fb8zI%2B9v9CFRSlwZSjU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
cf-ray: 7c97efce88f21bdb-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 transparent.gif
rem6a0.calasavacj.com/cdn-cgi/images/trace/managed/js/ 42 B
220 B 8ms
8ms Image
image/gif 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rem6a0.calasavacj.com/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c97efce38ba1bdb

Requested by

Host: rem6a0.calasavacj.com
URL: https://rem6a0.calasavacj.com/Mefishman@hess.com?__cf_chl_rt_tk=pxh9MleWGbgzSn0Z0GZbtrIsyqsjoHMQh.t2qbNJXl8-1684453137-0-gaNycGzNC6U

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rem6a0.calasavacj.com/Mefishman@hess.com?__cf_chl_rt_tk=pxh9MleWGbgzSn0Z0GZbtrIsyqsjoHMQh.t2qbNJXl8-1684453137-0-gaNycGzNC6U
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 23:38:57 GMT
x-content-type-options: nosniff
last-modified: Thu, 18 May 2023 10:15:18 GMT
server: cloudflare
etag: "6465fab6-2a"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 7c97efce88f31bdb-FRA
content-length: 42
expires: Fri, 19 May 2023 01:38:57 GMT

GET
H2 200 api.js Show response
challenges.cloudflare.com/turnstile/v0/g/7fe8adc8/ 15 KB
5 KB 56ms
27ms Script
application/javascript 2606:4700::6812:7b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/g/7fe8adc8/api.js?onload=_cf_chl_turnstile_l&render=explicit
Requested by: Host: rem6a0.calasavacj.com
URL: https://rem6a0.calasavacj.com/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7c97efce38ba1bdb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:7b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 51957b7f445f96a4f027db0a264c33904aaa9cd1ef944148008e41d54d4f8f0c

Request headers

Referer
Origin: https://rem6a0.calasavacj.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 23:38:57 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cf-ray: 7c97efcf0f469076-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H3 200 757a72d47ba7318 Show response
rem6a0.calasavacj.com/cdn-cgi/challenge-platform/h/g/flow/ov1/626430820:1684452224:Zg5FEjTntBbJeBIqHzahNqdrZcRVbuBXlzRbtGagQS8/7c97efce38ba1bdb/ 168 KB
126 KB 75ms
74ms XHR
text/plain 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rem6a0.calasavacj.com/cdn-cgi/challenge-platform/h/g/flow/ov1/626430820:1684452224:Zg5FEjTntBbJeBIqHzahNqdrZcRVbuBXlzRbtGagQS8/7c97efce38ba1bdb/757a72d47ba7318
Requested by: Host: rem6a0.calasavacj.com
URL: https://rem6a0.calasavacj.com/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7c97efce38ba1bdb
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45e96bb891f97a5d58ddee8459a5f97df7901811a6d793da08d31ae3e4bc3045

Request headers

Referer: https://rem6a0.calasavacj.com/Mefishman@hess.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
CF-Challenge: 757a72d47ba7318
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 18 May 2023 23:38:57 GMT
content-encoding: br
cf_chl_gen: ZUNFio8x/M8gcMXRW8jZQI9cNM2xnkrAOGN35k+PH0gnWwzJE/DL4fbLUj/yxZsoqzMkOyt9znnrvUNQbtlApdAFGvxbCt1f8cEzUQXo68ydKDn3Rk6TEw6gaHG5eFFEy166yGQRVWVVFGOeRKIdETkqrc8TJczkYNgDTgDeI+/33I/jVNwe18q6FjBS3a2VjoX1QJX4IX8aUz2ksQ0k+xDi0DrqbEQlmyztG7VW7TejKcm2h9o21uXtqh99jMluBV5F06oRy/wR49lQvUPonQsofTJtcqnIb2Dst7aOWJqLEN0lbf7hO8nxKuVAcfHwjl4VxRNufNMP1VjgC8YTV1bLlzB4zasXoWBK8RUWa4AYXVC/0+jSQRd9ZFBVgFJ1rqJMsqytf/96d0kTn6NpXJy7IUPyzETz/j+IGSkHZWZ1HJd5jNkJJkI3QwMxuKY2GbJoK4tpf8lBl73yunGfQQ==$be/fMjy2/DGqsleofTYucQ==
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C8KTl52AoUY9U0rTC7HcjkgZOPth6GMzGr5iJFzvqn649cHOmIRtq4El27c6ezNT0GzRLFmMxh8Oazsaf02w7szBG4QPoaalrV%2FMbgnfCZcBCJqir9JkEjL7HV4QEzntPhvxT%2FPc6d27HoZPN4Lm0H5o4kg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 7c97efcf8c782bcd-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 401 XiVea6zZCBCzlgZ Show response
rem6a0.calasavacj.com/cdn-cgi/challenge-platform/h/g/pat/7c97efce38ba1bdb/1684453137851/ad1089391e5a0861563742f7879f3f58e3125da53f3f10400f66ca33f25be449/ 1 B
938 B 13ms
13ms Fetch
text/plain 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rem6a0.calasavacj.com/cdn-cgi/challenge-platform/h/g/pat/7c97efce38ba1bdb/1684453137851/ad1089391e5a0861563742f7879f3f58e3125da53f3f10400f66ca33f25be449/XiVea6zZCBCzlgZ
Requested by: Host: rem6a0.calasavacj.com
URL: https://rem6a0.calasavacj.com/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7c97efce38ba1bdb
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rem6a0.calasavacj.com/Mefishman@hess.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 23:38:58 GMT
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20grRCJOR5aCGFWN0L3h58_WOMSXaU_PxBAD2bKM_Jb5EkAFXJlbTZhMC5jYWxhc2F2YWNqLmNvbQ==, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAySgKXvR721O-HwSCp6BF8TeuHicxXGVHXJN4EB8npTqPvHY_3JsFIv19McA1L_Hls3UzYxU0XpOgHKAk34hMPkndSXxOerIbkadB_CcGCGM3mS-MrXbJiPIuFgBG1c4mu9avO3K1PWqsKlOpNbqr3V0u4BiLmYsxv7KoBsqjvx76B8USG1V2-VBOhuDmcIwSxzaawL3Rm_dqQHqe805K_T89EWQFXwEL50CjRQCJvBgvj77mAuVESaB4GPQeDcPqKSlZ4wfa6jcuT9Va-g7stXB7YRLo2TZxdG5n_1yP6-jhXLmQ7q5ijd4DKvWX_BNTIc_g3efHdgEFkfHiizu1qwIDAQAB, max-age=20
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QmnE3Sm2W9nWgAGomPLFGzniO4KnhrXea83ZNUdT61qzmvizYTjGjIrQRfu4EYnEVipaJjmJY1JyFvQRO5GXX11cZN%2B5lKLvN1nV57CgcgmfbqPPpIimDSV2zb8WhDi6asHsuNzoidlucNFWrRhiFD3G%2FG0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 7c97efd5ba4c2bcd-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
BLOB 200
OK a951f31b-5dcd-4a29-9a0e-2bce359cb010
https://rem6a0.calasavacj.com/ 656 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://rem6a0.calasavacj.com/a951f31b-5dcd-4a29-9a0e-2bce359cb010
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e41277bd48cc271455c85a90d1458c60265604cb04fcd58fc06436741d3d8c7c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rem6a0.calasavacj.com/Mefishman@hess.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Length: 656
Content-Type: text/javascript

GET
H3 200 Lc4Q0d1ttc3ocav
rem6a0.calasavacj.com/cdn-cgi/challenge-platform/h/g/img/7c97efce38ba1bdb/1684453137854/ 61 B
459 B 14ms
14ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rem6a0.calasavacj.com/cdn-cgi/challenge-platform/h/g/img/7c97efce38ba1bdb/1684453137854/Lc4Q0d1ttc3ocav
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 59de0fc5199fd335c1f9f5e37e048e0005b6b96cfce75f1e3b3140d86f08667a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rem6a0.calasavacj.com/Mefishman@hess.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 23:38:59 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c97efdc89542bcd-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mRg2ZgtkPjMOc8rgmQ5%2FlTWRZHqVzPpa7PAYxjWEUT8ms94JbJngN97UF4vTn1Q6g3ggXplYllOzsKEuQAK30%2FZGhIbsWV1xNqsNztsjwAwO5VYYMcoCxDJL8As8jTSWKo7PH0v6Mm%2B3M2EEnDqiRgbCsSg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png

POST
H3 200 757a72d47ba7318 Show response
rem6a0.calasavacj.com/cdn-cgi/challenge-platform/h/g/flow/ov1/626430820:1684452224:Zg5FEjTntBbJeBIqHzahNqdrZcRVbuBXlzRbtGagQS8/7c97efce38ba1bdb/ 8 KB
6 KB 28ms
28ms XHR
text/plain 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rem6a0.calasavacj.com/cdn-cgi/challenge-platform/h/g/flow/ov1/626430820:1684452224:Zg5FEjTntBbJeBIqHzahNqdrZcRVbuBXlzRbtGagQS8/7c97efce38ba1bdb/757a72d47ba7318
Requested by: Host: rem6a0.calasavacj.com
URL: https://rem6a0.calasavacj.com/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7c97efce38ba1bdb
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52eba2f8ac0f86e9140b18d294155f11b73f1866ab3cbfcf0c024e9645190195

Request headers

Referer: https://rem6a0.calasavacj.com/Mefishman@hess.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
CF-Challenge: 757a72d47ba7318
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 18 May 2023 23:39:00 GMT
content-encoding: br
cf_chl_gen: 7ET2bX+NudaXX9nrfjHmqfKu2pHi23UM/WxnZHKsPgr/NiC2KCvWtn0xtC3dfV8U$ZjQauPHs2t7CTbYAOnayTw==
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SvoX2KW%2BPKR86ulymVJuYSgl40kj52elxKyQZ47e3r5ASliryIAtPM%2BeQnofCq5qPmMQ2DJ%2FwOJ1crEhkCPxcB36yHSyf19npmUDtop3ciTNFooAlYL8AkmnShEGDiKv7lh%2B9ifHIBQylURE31Hf5ti29CU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 7c97efdd39fc2bcd-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 normal Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3ui23/0x4AAAAAAAAjq6WYeRDKmebM/light/ Frame 2DA3 22 KB
7 KB 27ms
16ms Document
text/html 2606:4700::6812:7b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3ui23/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/g/7fe8adc8/api.js?onload=_cf_chl_turnstile_l&render=explicit
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:7b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45131b73818d9c0233841a2bbfb1f4ec9eadbc20a4ec65db5d78bd15f8b816a1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=0, must-revalidate
cf-ray: 7c97efdd8f47920e-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Thu, 18 May 2023 23:39:00 GMT
document-policy: js-profiling
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare

GET
H3 200 v1 Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/ Frame 2DA3 152 KB
54 KB 16ms
15ms Script
application/javascript 2606:4700::6812:7b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7c97efdd8f47920e
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3ui23/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:7b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 12fd92c87a050ceea78f70989b17dad4c60b157f18e5eb7f508d9aa4934742be

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3ui23/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 23:39:00 GMT
cache-control: max-age=0, must-revalidate
content-encoding: br
server: cloudflare
cf-ray: 7c97efddff96920e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type: application/javascript; charset=UTF-8

POST
H3 200 fd359446fbece9e Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/785653084:1684452128:YPMtyW0X0Ss3pImV98kCfvnU-SFHq45Oinr3q-j6C_I/7c97efdd8f47920e/ Frame 2DA3 139 KB
102 KB 77ms
76ms XHR
text/plain 2606:4700::6812:7b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/785653084:1684452128:YPMtyW0X0Ss3pImV98kCfvnU-SFHq45Oinr3q-j6C_I/7c97efdd8f47920e/fd359446fbece9e
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7c97efdd8f47920e
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:7b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 93ddd4e9177f15dc9b81f28eda45164a9b6500098b168cf89728edd3d6fbb397

Request headers

Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3ui23/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
CF-Challenge: fd359446fbece9e
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 18 May 2023 23:39:00 GMT
content-encoding: br
cf_chl_gen: 3akWhJ+vndiS5CHVdZtXSYczhDKpStg2EVtJAOm2sh6WlF8pg9zgkzq4Gx/vYfW1vEt4TrdVRsVtUwXGJu7zuWv32Qvp2WT59QKPkntN+e+/Y9a4j5aas81kM7a0jpaIz5EQu4feoIPdV8vymL4GhbHURZmDorfP/kGwmyGiZJ2deEKylwmt+vRGxBtTE/aHBSbbZHWF+dJv81fK4SmZBAwyjd8zZa/cFzMJYid3S2LTV3/38ixB12A0wyWq9biRLDiF0v0nd3sJUSkmT2sSI6R3ffyJwokADIvP4S97hMVyyCX0tNNFLlTfOtgkoDbPk0RqrDqG+9I2ZHZzDLT0fuiyZIRx0eS801mU9rGiM5Xcsx18GXTqULIpMraIGm50h8+18Lu65f0JrEp3JtdaYD1ZZBW41DltbuwHB8g5vDI=$jG+Abn6YmUc2E8JtRo7rTA==
server: cloudflare
cf-ray: 7c97efdf0860920e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type: text/plain; charset=UTF-8

GET
H3 401 4UeRgf_AAV-PQnr Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/7c97efdd8f47920e/1684453140331/b53f03ef5e1a77584e30bf477b48d07d43c87ea3b48be36a5d0547b684b00eb5/ Frame 2DA3 1 B
649 B 14ms
14ms Fetch
text/plain 2606:4700::6812:7b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/7c97efdd8f47920e/1684453140331/b53f03ef5e1a77584e30bf477b48d07d43c87ea3b48be36a5d0547b684b00eb5/4UeRgf_AAV-PQnr
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7c97efdd8f47920e
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:7b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3ui23/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 23:39:00 GMT
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gtT8D714ad1hOML9He0jQfUPIfqO0i-NqXQVHtoSwDrUAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAySgKXvR721O-HwSCp6BF8TeuHicxXGVHXJN4EB8npTqPvHY_3JsFIv19McA1L_Hls3UzYxU0XpOgHKAk34hMPkndSXxOerIbkadB_CcGCGM3mS-MrXbJiPIuFgBG1c4mu9avO3K1PWqsKlOpNbqr3V0u4BiLmYsxv7KoBsqjvx76B8USG1V2-VBOhuDmcIwSxzaawL3Rm_dqQHqe805K_T89EWQFXwEL50CjRQCJvBgvj77mAuVESaB4GPQeDcPqKSlZ4wfa6jcuT9Va-g7stXB7YRLo2TZxdG5n_1yP6-jhXLmQ7q5ijd4DKvWX_BNTIc_g3efHdgEFkfHiizu1qwIDAQAB, max-age=20
server: cloudflare
cf-ray: 7c97efe02937920e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type: text/plain; charset=UTF-8

GET
H3 200 6h2-gR1YtdlUf46
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7c97efdd8f47920e/1684453140333/ Frame 2DA3 61 B
165 B 13ms
13ms Image
image/png 2606:4700::6812:7b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7c97efdd8f47920e/1684453140333/6h2-gR1YtdlUf46
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:7b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6c9e6edb4583314c67ce13ebc1947faa9b92463b1712b5b3cb8e808be73991e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3ui23/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 23:39:00 GMT
server: cloudflare
cf-ray: 7c97efe14a0c920e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type: image/png

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.competitionline.com/	1970-01-20 16:13:25	Name: PLAY_SESSION Value: eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7ImNzcmZUb2tlbiI6ImVmMTJmMmQ0Y2M1NzM0ZjFlYTNkMzJlNzlhMGI2ZDJlNjQ2N2UwNGQtMTY4NDQ1MzEzNzEwOS1lMjE0ZTE3ZDI1Y2Y0NmNmMTAyYzFkM2UifSwiZXhwIjoxNzAwMDA1MTM3LCJuYmYiOjE2ODQ0NTMxMzcsImlhdCI6MTY4NDQ1MzEzN30.S-twKU_0fbFRTcYxXm9iZ_wiOQX8_0YyvxQpgFX3hUU

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: https://rem6a0.calasavacj.com/Mefishman@hess.com Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://rem6a0.calasavacj.com/cdn-cgi/challenge-platform/h/g/pat/7c97efce38ba1bdb/1684453137851/ad1089391e5a0861563742f7879f3f58e3125da53f3f10400f66ca33f25be449/XiVea6zZCBCzlgZ Message: Failed to load resource: the server responded with a status of 401 ()
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/7c97efdd8f47920e/1684453140331/b53f03ef5e1a77584e30bf477b48d07d43c87ea3b48be36a5d0547b684b00eb5/4UeRgf_AAV-PQnr Message: Failed to load resource: the server responded with a status of 401 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

challenges.cloudflare.com
floriu.com
rem6a0.calasavacj.com
www.competitionline.com
2606:4700:3038::6815:eb1b
2606:4700::6812:7b9
2a06:98c1:3120::3
52.222.214.110
12fd92c87a050ceea78f70989b17dad4c60b157f18e5eb7f508d9aa4934742be
2c6fd20a251a45f5df63a5bd8a33def9e02c340a2062a600f7e02c58a0a2a4f0
45131b73818d9c0233841a2bbfb1f4ec9eadbc20a4ec65db5d78bd15f8b816a1
45e96bb891f97a5d58ddee8459a5f97df7901811a6d793da08d31ae3e4bc3045
51957b7f445f96a4f027db0a264c33904aaa9cd1ef944148008e41d54d4f8f0c
52eba2f8ac0f86e9140b18d294155f11b73f1866ab3cbfcf0c024e9645190195
59de0fc5199fd335c1f9f5e37e048e0005b6b96cfce75f1e3b3140d86f08667a
6c9e6edb4583314c67ce13ebc1947faa9b92463b1712b5b3cb8e808be73991e7
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
93ddd4e9177f15dc9b81f28eda45164a9b6500098b168cf89728edd3d6fbb397
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41277bd48cc271455c85a90d1458c60265604cb04fcd58fc06436741d3d8c7c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fd7adad77fa9fee8b4c2f75a788cf64406ddb8977ee736db7deb42c9b41ffd27

rem6a0.calasavacj.com Open in urlscan Pro 2a06:98c1:3120::3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

15 Requests

87 %HTTPS

75 %IPv6

4 Domains

4 Subdomains

4 IPs

1 Countries

360 kBTransfer

654 kBSize

1 Cookies

0 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

1 Cookies

5 Console Messages

Indicators

rem6a0.calasavacj.com Open in urlscan Pro
2a06:98c1:3120::3 Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

87 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

1
Countries

360 kB
Transfer

654 kB
Size

1
Cookies

15 HTTP transactions
0 data transactions