l39904856tpp880002d.auc.edu.ps Open in urlscan Pro
162.144.15.141 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://portal.mercedes-benz.ru/sap/public/bc/icf/logoff?redirecturl=https://l39904856tpp880002d.auc.edu.ps/
Effective URL:
https://l39904856tpp880002d.auc.edu.ps/
Submission: On July 21 via manual (July 21st 2023, 12:26:03 pm UTC) from CH — Scanned from DE

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 5 domains to perform 12 HTTP transactions. The main IP is 162.144.15.141, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is l39904856tpp880002d.auc.edu.ps.
TLS certificate: Issued by R3 on June 3rd 2023. Valid for: 3 months.

This is the only time l39904856tpp880002d.auc.edu.ps was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	89.175.23.150 89.175.23.150	8359 (MTS) (MTS)
1 1	81.222.120.22 81.222.120.22	3216 (SOVAM-AS) (SOVAM-AS)
1	162.144.15.141 162.144.15.141	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1 9	2606:4700::68... 2606:4700::6811:2b8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2620:1ec:46::45 2620:1ec:46::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
12	4

1 89.175.23.150 (Russian Federation) 1 redirects

ASN8359 (MTS, RU)
PTR: smtp04.mashimpeks.ru

portal.mercedes-benz.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 81.222.120.22 (Russian Federation) 1 redirects

ASN3216 (SOVAM-AS, RU)

portal.mbrus.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.144.15.141 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-144-15-141.unifiedlayer.com

l39904856tpp880002d.auc.edu.ps	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6811:2b8 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

challenges.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:46::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

images.ecomm.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	cloudflare.com 1 redirects challenges.cloudflare.com — Cisco Umbrella Rank: 6195	204 KB
1	microsoft.com images.ecomm.microsoft.com — Cisco Umbrella Rank: 22638	3 KB
1	auc.edu.ps l39904856tpp880002d.auc.edu.ps	966 B
1	mbrus.ru 1 redirects portal.mbrus.ru	461 B
1	mercedes-benz.ru 1 redirects portal.mercedes-benz.ru	125 B
12	5

	Domain	Requested by
9	challenges.cloudflare.com	1 redirects l39904856tpp880002d.auc.edu.ps challenges.cloudflare.com
1	images.ecomm.microsoft.com	l39904856tpp880002d.auc.edu.ps
1	l39904856tpp880002d.auc.edu.ps
1	portal.mbrus.ru	1 redirects
1	portal.mercedes-benz.ru	1 redirects
12	5

This site contains no links.

Subject Issuer	Validity	Valid
www.test.auc.edu.ps R3	`2023-06-03` - `2023-09-01`	3 months	crt.sh
images.ecomm.microsoft.com Microsoft Azure TLS Issuing CA 06	`2023-06-28` - `2024-06-22`	a year	crt.sh
challenges.cloudflare.com Cloudflare Inc ECC CA-3	`2022-09-18` - `2023-09-17`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://l39904856tpp880002d.auc.edu.ps/
Frame ID: 2F69623C4E71EC465967924BF403B7A9
Requests: 3 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9c09j/0x4AAAAAAAHibeggNxbLL0cV/auto/normal
Frame ID: 8F5BAED87FCA56468CCDFB4C9D19FEF9
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Outlook Web App - Please hold

Page URL History Show full URLs

https://portal.mercedes-benz.ru/sap/public/bc/icf/logoff?redirecturl=https://l39904856tpp880002d.auc.edu.ps/ HTTP 307
https://portal.mbrus.ru/sap/public/bc/icf/logoff?redirecturl=https://l39904856tpp880002d.auc.edu.ps/ HTTP 302
https://l39904856tpp880002d.auc.edu.ps/ Page URL

Page Statistics

12
Requests

75 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

208 kB
Transfer

390 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://portal.mercedes-benz.ru/sap/public/bc/icf/logoff?redirecturl=https://l39904856tpp880002d.auc.edu.ps/ HTTP 307
https://portal.mbrus.ru/sap/public/bc/icf/logoff?redirecturl=https://l39904856tpp880002d.auc.edu.ps/ HTTP 302
https://l39904856tpp880002d.auc.edu.ps/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://challenges.cloudflare.com/turnstile/v0/api.js HTTP 302
https://challenges.cloudflare.com/turnstile/v0/b/e6489737/api.js

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
l39904856tpp880002d.auc.edu.ps/
Redirect Chain

https://portal.mercedes-benz.ru/sap/public/bc/icf/logoff?redirecturl=https://l39904856tpp880002d.auc.edu.ps/
https://portal.mbrus.ru/sap/public/bc/icf/logoff?redirecturl=https://l39904856tpp880002d.auc.edu.ps/
https://l39904856tpp880002d.auc.edu.ps/

2 KB
966 B

1019ms
200ms

Document
text/html

162.144.15.141
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://l39904856tpp880002d.auc.edu.ps/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.144.15.141 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 162-144-15-141.unifiedlayer.com
Software: Apache /
Resource Hash: b4ac5c4c450b1af2c550bd98acb9c8f912894eab1055cff115364b14b623a271

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
content-encoding: gzip
content-length: 842
content-type: text/html
date: Fri, 21 Jul 2023 12:25:58 GMT
last-modified: Thu, 20 Jul 2023 15:03:49 GMT
server: Apache
vary: Accept-Encoding,User-Agent

Redirect headers

cache-control: no-cache
content-length: 17
content-type: text/html; charset=utf-8
date: Fri, 21 Jul 2023 12:25:57 GMT
expires: 0
location: https://l39904856tpp880002d.auc.edu.ps/
pragma: no-cache
sap-server: true
server: nginx

GET
H2

200

api.js Show response
challenges.cloudflare.com/turnstile/v0/b/e6489737/
Redirect Chain

https://challenges.cloudflare.com/turnstile/v0/api.js
https://challenges.cloudflare.com/turnstile/v0/b/e6489737/api.js

23 KB
8 KB

41ms
40ms

Script
application/javascript

2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/b/e6489737/api.js
Requested by: Host: l39904856tpp880002d.auc.edu.ps
URL: https://l39904856tpp880002d.auc.edu.ps/
Protocol: H2
Server: 2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36ceba7b5f9c16d9df8f530ff55e234f1b6ca7e8d1bc32d4810581dc605e9d30

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://l39904856tpp880002d.auc.edu.ps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 12:25:58 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cf-ray: 7ea36dfc4d00383d-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Fri, 21 Jul 2023 12:25:58 GMT
server: cloudflare
vary: accept-encoding
location: /turnstile/v0/b/e6489737/api.js
access-control-allow-origin: *
cache-control: max-age=300, public
cf-ray: 7ea36dfc2cb6383d-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 microsoft-2x.png
images.ecomm.microsoft.com/cdn/mediahandler/azure-emails-templates/production/shared/images/templates/shared/ 3 KB
3 KB 228ms
124ms Image
image/png 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.ecomm.microsoft.com/cdn/mediahandler/azure-emails-templates/production/shared/images/templates/shared/microsoft-2x.png

Requested by

Host: l39904856tpp880002d.auc.edu.ps
URL: https://l39904856tpp880002d.auc.edu.ps/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

b2de0a72b086dc480e990a04470b7b674330945705fc37a7733a833fda971dcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://l39904856tpp880002d.auc.edu.ps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 12:25:58 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-powered-by: ASP.NET
x-cache: TCP_MISS
arr-disable-session-affinity: true
content-length: 3025
last-modified: Fri, 18 Nov 2022 22:33:46 GMT
etag: "0x8DAC9B4F4F9A3A3"
vary: *
x-azure-ref: 20230721T122558Z-4p0ehdvmm53uhdffutuq95xzy0000000083g0000000135x4
content-type: image/png
cache-control: public, max-age=563098
accept-ranges: bytes
x-robots-tag: noindex
expires: Fri, 28 Jul 2023 00:50:57 GMT

GET
H3 200 normal Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9c09j/0x4AAAAAAAHibeggNxbLL0cV/auto/ Frame 8F5B 24 KB
8 KB 37ms
37ms Document
text/html 2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9c09j/0x4AAAAAAAHibeggNxbLL0cV/auto/normal

Requested by

Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/api.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b14832427ab127d6fd2bc1934291a2b134a5b6a2a00f46ab3d645833dad13964

Security Headers

Name	Value
Content-Security-Policy	frame-src https://challenges.cloudflare.com/; base-uri 'self'

Request headers

Referer: https://l39904856tpp880002d.auc.edu.ps/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=0, must-revalidate
cf-ray: 7ea36dfc9f5318f1-FRA
content-encoding: br
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Fri, 21 Jul 2023 12:25:58 GMT
document-policy: js-profiling
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare

GET
H3 200 v1 Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/ Frame 8F5B 167 KB
58 KB 31ms
31ms Script
application/javascript 2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7ea36dfc9f5318f1
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9c09j/0x4AAAAAAAHibeggNxbLL0cV/auto/normal
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff5e763157ce3e6a1b946afacd08530181a16b7931c5ee3e5e6020c73ac92d49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9c09j/0x4AAAAAAAHibeggNxbLL0cV/auto/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 12:25:58 GMT
cache-control: max-age=0, must-revalidate
content-encoding: br
server: cloudflare
cf-ray: 7ea36dfcffd518f1-FRA
alt-svc: h3=":443"; ma=86400
content-type: application/javascript; charset=UTF-8

GET
BLOB 200
OK 1a22212a-28d6-49e4-8d75-07cdf76f83d7
https://challenges.cloudflare.com/ Frame 8F5B 13 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://challenges.cloudflare.com/1a22212a-28d6-49e4-8d75-07cdf76f83d7
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8860e7fef89219a219cb11d18bd8e4a322f32072613f86e935e7fe162ab69c04

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9c09j/0x4AAAAAAAHibeggNxbLL0cV/auto/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Content-Length: 13
Content-Type: text/javascript

POST
H3 200 dda4459988dfbcd Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/627035463:1689941585:Iq7y9vjJ5ywSI_MEngXfX6hGVV9Exj-S0aEZB5EqW6g/7ea36dfc9f5318f1/ Frame 8F5B 157 KB
117 KB 124ms
123ms XHR
text/plain 2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/627035463:1689941585:Iq7y9vjJ5ywSI_MEngXfX6hGVV9Exj-S0aEZB5EqW6g/7ea36dfc9f5318f1/dda4459988dfbcd
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7ea36dfc9f5318f1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2cb497b34cff80a0c7aa0d410454ffcc8fe5702d12d29c188a261757a6d8483a

Request headers

Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9c09j/0x4AAAAAAAHibeggNxbLL0cV/auto/normal
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
CF-Challenge: dda4459988dfbcd
Content-type: application/x-www-form-urlencoded

Response headers

cf-chl-gen: mPI5LXcqUcHkXiKPj+cD1WVZIN96+np1Os1vcYop7JblQKnsjUvmRq4n2zeEeUKJj78uVm/4edZp39F9I1Vt71vBle7Lo//pbz6Ecq49SZRk5ZNKIrlaeg9yW3e1gFPP2EhpqqwWaQv9IK+AeFCeBq0BLo1uxXuP3rZPHZaEXh6dDTHDlGI5jSvW2by4BLV0ecCi6vg2WAFay5mvGWVhz7t8BdL71J/lNTyO9nHJdJ/jwFwkf1VBGE0wVwiDm0LEcLwhScdW0JA6Di79i0nNE+jDg8gdcb+paE6Uj/gbHIo3wYHPzKtKUodAm6nyB6myK3j0EQ5cU0AH949Q4euESPRUYfBv+xsBNP3SsT0Lq0r+D8MFs7RIUZ890WVuRKLzpcHIXLBzx/W7tDFUwpMzAIcfi1Zo6tCzwKS5ehTAQgM=$DRKaAErobr7PVR+7DnrJ6w==
date: Fri, 21 Jul 2023 12:25:58 GMT
content-encoding: br
server: cloudflare
cf-ray: 7ea36dfe3a2118f1-FRA
alt-svc: h3=":443"; ma=86400
content-type: text/plain; charset=UTF-8

GET
H3 401 5u3zKFDa20dWaHW Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/7ea36dfc9f5318f1/1689942358766/8ebd0aa73d1e4c8635ed759563d888c096828b343c8adddaeca520d0d7f05370/ Frame 8F5B 1 B
629 B 32ms
31ms Fetch
text/plain 2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/7ea36dfc9f5318f1/1689942358766/8ebd0aa73d1e4c8635ed759563d888c096828b343c8adddaeca520d0d7f05370/5u3zKFDa20dWaHW
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7ea36dfc9f5318f1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9c09j/0x4AAAAAAAHibeggNxbLL0cV/auto/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 12:25:59 GMT
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gjr0Kpz0eTIY17XWVY9iIwJaCizQ8it3a7KUg0NfwU3AAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAxZ1YkzjljZnBl4EjkGkgLJYi23wb8Jswf8zKYPPM85j0nCkawqlMc5VrTdrv4Ev9OgTSZDsnT9h0xeCjJl8r1IvPorSYVOtpPkXAsJsF4qkWsiagHZldCP60SsllIjwYpp-ozS6T3x0Xzp8Zy27QcRTpyS9wckHYYnAkeGtLnO09ejgTgwt_Gth7PN-AdmzzyIoSrERMNsfJ8ICLm-qv36xCXUZqt9MSYNwwxQi2q7gbwvHGVzisaNQ0ejzDDXKS5PBETsG1Q6L_rhvjZcrGWFMm16XU6dbCWo4CkdJXSEO49qpLYrFlSBVp3Vlps82PxWSEfli_2FtKe3JpGSibuQIDAQAB, max-age=20
server: cloudflare
cf-ray: 7ea36e01d9ba18f1-FRA
alt-svc: h3=":443"; ma=86400
content-type: text/plain; charset=UTF-8

GET
H3 401 SbygpVPG7IEe1gX Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/7ea36dfc9f5318f1/1689942358766/7022674eb6de64b318813a7fe2043dd27fbeebd1e040bb5b920c8fae6fe92a25/ Frame 8F5B 1 B
629 B 28ms
28ms Fetch
text/plain 2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/7ea36dfc9f5318f1/1689942358766/7022674eb6de64b318813a7fe2043dd27fbeebd1e040bb5b920c8fae6fe92a25/SbygpVPG7IEe1gX
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7ea36dfc9f5318f1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9c09j/0x4AAAAAAAHibeggNxbLL0cV/auto/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 12:25:59 GMT
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gcCJnTrbeZLMYgTp_4gQ90n--69HgQLtbkgyPrm_pKiUAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAxZ1YkzjljZnBl4EjkGkgLJYi23wb8Jswf8zKYPPM85j0nCkawqlMc5VrTdrv4Ev9OgTSZDsnT9h0xeCjJl8r1IvPorSYVOtpPkXAsJsF4qkWsiagHZldCP60SsllIjwYpp-ozS6T3x0Xzp8Zy27QcRTpyS9wckHYYnAkeGtLnO09ejgTgwt_Gth7PN-AdmzzyIoSrERMNsfJ8ICLm-qv36xCXUZqt9MSYNwwxQi2q7gbwvHGVzisaNQ0ejzDDXKS5PBETsG1Q6L_rhvjZcrGWFMm16XU6dbCWo4CkdJXSEO49qpLYrFlSBVp3Vlps82PxWSEfli_2FtKe3JpGSibuQIDAQAB, max-age=20
server: cloudflare
cf-ray: 7ea36e021a1f18f1-FRA
alt-svc: h3=":443"; ma=86400
content-type: text/plain; charset=UTF-8

GET
BLOB 200
OK 80628ecf-b18d-4b05-a3e6-cdb6afb086df
https://challenges.cloudflare.com/ Frame 8F5B 80 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://challenges.cloudflare.com/80628ecf-b18d-4b05-a3e6-cdb6afb086df
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1d5d7571ddb9876d6bdb02c3291e62d788f660b71e6eb9d9032234a691db4680

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9c09j/0x4AAAAAAAHibeggNxbLL0cV/auto/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Content-Length: 80
Content-Type: text/javascript

GET
H3 200 Pe5XUQ7Eh9-SB7e
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/7ea36dfc9f5318f1/1689942358770/ Frame 8F5B 61 B
147 B 32ms
31ms Image
image/png 2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/7ea36dfc9f5318f1/1689942358770/Pe5XUQ7Eh9-SB7e
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 731cfa2dbcd1ee6ab230b4131c9a9edd9def3e5fc0717555211da44f49c95c8b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9c09j/0x4AAAAAAAHibeggNxbLL0cV/auto/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 12:25:59 GMT
server: cloudflare
cf-ray: 7ea36e04cf3518f1-FRA
alt-svc: h3=":443"; ma=86400
content-type: image/png

POST
H3 200 dda4459988dfbcd Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/627035463:1689941585:Iq7y9vjJ5ywSI_MEngXfX6hGVV9Exj-S0aEZB5EqW6g/7ea36dfc9f5318f1/ Frame 8F5B 15 KB
11 KB 62ms
57ms XHR
text/plain 2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/627035463:1689941585:Iq7y9vjJ5ywSI_MEngXfX6hGVV9Exj-S0aEZB5EqW6g/7ea36dfc9f5318f1/dda4459988dfbcd
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7ea36dfc9f5318f1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4aa4d1e3fe9de34048e28a070a5ece446f55718fb6463700448272e352f81111

Request headers

Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9c09j/0x4AAAAAAAHibeggNxbLL0cV/auto/normal
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
CF-Challenge: dda4459988dfbcd
Content-type: application/x-www-form-urlencoded

Response headers

cf-chl-gen: 5SnSwrrYzVSa0Q1CpH0cgHK87TNGthAaqUUYc6yMOyo2U60RcGa0eMkSmrXZn5za$cg00kUIol9rHwki8nFssCA==
date: Fri, 21 Jul 2023 12:25:59 GMT
content-encoding: br
server: cloudflare
cf-ray: 7ea36e05a8ac18f1-FRA
alt-svc: h3=":443"; ma=86400
content-type: text/plain; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| recaptchaCallback object| turnstile

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://challenges.cloudflare.com/turnstile/v0/api.js Message: Unrecognized origin: 'fullscreen'.
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/7ea36dfc9f5318f1/1689942358766/8ebd0aa73d1e4c8635ed759563d888c096828b343c8adddaeca520d0d7f05370/5u3zKFDa20dWaHW Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/7ea36dfc9f5318f1/1689942358766/7022674eb6de64b318813a7fe2043dd27fbeebd1e040bb5b920c8fae6fe92a25/SbygpVPG7IEe1gX Message: Failed to load resource: the server responded with a status of 401 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

challenges.cloudflare.com
images.ecomm.microsoft.com
l39904856tpp880002d.auc.edu.ps
portal.mbrus.ru
portal.mercedes-benz.ru
162.144.15.141
2606:4700::6811:2b8
2620:1ec:46::45
81.222.120.22
89.175.23.150
1d5d7571ddb9876d6bdb02c3291e62d788f660b71e6eb9d9032234a691db4680
2cb497b34cff80a0c7aa0d410454ffcc8fe5702d12d29c188a261757a6d8483a
36ceba7b5f9c16d9df8f530ff55e234f1b6ca7e8d1bc32d4810581dc605e9d30
4aa4d1e3fe9de34048e28a070a5ece446f55718fb6463700448272e352f81111
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
731cfa2dbcd1ee6ab230b4131c9a9edd9def3e5fc0717555211da44f49c95c8b
8860e7fef89219a219cb11d18bd8e4a322f32072613f86e935e7fe162ab69c04
b14832427ab127d6fd2bc1934291a2b134a5b6a2a00f46ab3d645833dad13964
b2de0a72b086dc480e990a04470b7b674330945705fc37a7733a833fda971dcd
b4ac5c4c450b1af2c550bd98acb9c8f912894eab1055cff115364b14b623a271
ff5e763157ce3e6a1b946afacd08530181a16b7931c5ee3e5e6020c73ac92d49

l39904856tpp880002d.auc.edu.ps Open in urlscan Pro 162.144.15.141 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

12 Requests

75 %HTTPS

40 %IPv6

5 Domains

5 Subdomains

4 IPs

2 Countries

208 kBTransfer

390 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

4 Console Messages

Indicators

l39904856tpp880002d.auc.edu.ps Open in urlscan Pro
162.144.15.141 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

75 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

208 kB
Transfer

390 kB
Size

0
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!