urlscan.io logo urlscan.io
SecurityTrails logo

mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click Open in urlscan Pro
2606:4700:3033::ac43:955f  Public Scan

Go To Rescan Add Verdict Report
URL: https://mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click/
Submission: On September 18 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 7 HTTP transactions. The main IP is 2606:4700:3033::ac43:955f, located in United States and belongs to CLOUDFLARENET, US. The main domain is mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click.
TLS certificate: Issued by WE1 on September 18th 2024. Valid for: 3 months.
This is the only time mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2606:4700:303... 13335 (CLOUDFLAR...)
2 2 140.82.121.3 36459 (GITHUB)
1 2606:50c0:800... 54113 (FASTLY)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 172.67.149.95 13335 (CLOUDFLAR...)
7 5
2    2606:4700:3033::ac43:955f (United States)

ASN13335 (CLOUDFLARENET, US)
mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click
2    140.82.121.3 (Frankfurt am Main, Germany)

ASN36459 (GITHUB, US)
PTR: lb-140-82-121-3-fra.github.com
github.com
1    2606:50c0:8001::154 (United States)

ASN54113 (FASTLY, US)
raw.githubusercontent.com
1    2606:4700::6810:4f49 (United States)

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
2    172.67.149.95 (United States)

ASN13335 (CLOUDFLARENET, US)
mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click
Apex Domain
Subdomains		 Transfer
4 expreset.click
mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click
7 KB
2 github.com
github.com — Cisco Umbrella Rank: 2616
8 KB
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 670
7 KB
1 githubusercontent.com
raw.githubusercontent.com — Cisco Umbrella Rank: 4597
40 KB
7 4
Domain Requested by
4 mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click static.cloudflareinsights.com
2 github.com 2 redirects mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click
1 static.cloudflareinsights.com mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click
1 raw.githubusercontent.com mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click
7 4

This site contains links to these domains. Also see Links.

Domain
list-users.50e8ca667aa2b4ff1224fecc70164782.workers.dev
Subject Issuer Validity Valid
expreset.click
WE1		 2024-09-18 -
2024-12-17		 3 months crt.sh
cloudflareinsights.com
WE1		 2024-09-03 -
2024-12-02		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click/
Frame ID: 677CD7F84FFE5F1B7AE3FAE2912D3DF4
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Mardin VPN Panel

Detected technologies

Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Page Statistics

7
Requests

71 %
HTTPS

60 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

53 kB
Transfer

75 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://github.com/emdarx/expreset-site/blob/main/files/express_icon.jpg?raw=true HTTP 302
  • https://github.com/emdarx/expreset-site/raw/refs/heads/main/files/express_icon.jpg HTTP 302
  • https://raw.githubusercontent.com/emdarx/expreset-site/refs/heads/main/files/express_icon.jpg

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click/ 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:955f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c31c56bceb7dfe5ef5b0680f4ca0abc91b84e31bce104510bea4479e95940324

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-ray
8c549df95bb8bb3b-FRA
content-encoding
br
content-type
text/html
date
Wed, 18 Sep 2024 22:01:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bm9lVLOtnlAFbyXXX%2B9R34j300Lcyk8ltf4UXHlW8PQVbW2JDNFelXNY4rhpIebqZ%2FouO6a6t9eWarlPNbdI6NZ%2BM11f3uof3KlSMltGyinY2lLF5H7jM93aw2fmJSVKuoVsGw3V%2BZ%2BL5kzNGWV6P48uTcqrGr97oB0JX%2FEYrhK%2Fz4kBMJE5atmUNiQ0wdarK0y2qVM%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
speculation-rules
"/cdn-cgi/speculation"
vary
Accept-Encoding
speculation
mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click/cdn-cgi/ 		128 B
544 B 		Other
General
Check archive.org
Download Go to
Full URL
https://mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click/cdn-cgi/speculation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:955f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click
Referer
https://mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q%2BFWWsc1NX16IgpcjtK80f10LP8Ub%2FZ1yzC1zOgJExy91a3LoHUrmvaa%2BqqT1YfKBunzh6YiYEAaNjl04dn%2FWgd373%2BtDurKD7QhYl4SNJoDBLXBANAFsvODJzKCjrAq%2F3tkynO6zmjxPVckO5X9fhGgf913WsYqJrBE0GJO5DON7VY1HknMQaeMEMgHCJpU4UBgDQQ%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8c549df9cbe8bb3b-FRA
access-control-allow-origin
https://mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click
alt-svc
h3=":443"; ma=86400
content-length
128
date
Wed, 18 Sep 2024 22:01:52 GMT
content-type
application/speculationrules+json
vary
Origin, Accept-Encoding
server
cloudflare
express_icon.jpg
raw.githubusercontent.com/emdarx/expreset-site/refs/heads/main/files/
Redirect Chain
  • https://github.com/emdarx/expreset-site/blob/main/files/express_icon.jpg?raw=true
  • https://github.com/emdarx/expreset-site/raw/refs/heads/main/files/express_icon.jpg
  • https://raw.githubusercontent.com/emdarx/expreset-site/refs/heads/main/files/express_icon.jpg
39 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://raw.githubusercontent.com/emdarx/expreset-site/refs/heads/main/files/express_icon.jpg
Requested by
Host: mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click
URL: https://mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click/
Protocol
H2
Server
2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
23b5d15a3b48f103179be3d617f598812ba195ca1b6c05ab4b8f2db95e001b6f
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click/

Response headers

x-fastly-request-id
96225b1bf500f759845f268c0207a5ebd5977669
etag
W/"658860bf92c8aa488b80ffa1eb441e87262bf86f6ebfc8cc70ccca0d73e0c4ab"
x-content-type-options
nosniff
x-github-request-id
88DF:3150F9:401019:428010:66EB4DD1
expires
Wed, 18 Sep 2024 22:06:53 GMT
x-cache
MISS
date
Wed, 18 Sep 2024 22:01:53 GMT
content-type
image/jpeg
x-served-by
cache-fra-eddf8230027-FRA
x-cache-hits
0
source-age
0
x-frame-options
deny
strict-transport-security
max-age=31536000
vary
Authorization,Accept-Encoding,Origin
content-security-policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
cache-control
max-age=300
x-timer
S1726696914.624642,VS0,VE174
cross-origin-resource-policy
cross-origin
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
39988
x-xss-protection
1; mode=block

Redirect headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions copilot-proxy.githubusercontent.com/v1/engines/copilot-ppe-centralus-4o-mini/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/copilot-ppe-centralus-4o-mini/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
cache-control
no-cache
location
https://raw.githubusercontent.com/emdarx/expreset-site/refs/heads/main/files/express_icon.jpg
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
x-github-request-id
8A0A:20D22C:DE8558:E313A6:66EB4DD1
access-control-allow-origin
content-length
0
date
Wed, 18 Sep 2024 22:01:53 GMT
x-xss-protection
0
content-type
text/html; charset=utf-8
vary
X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
server
GitHub.com
x-frame-options
deny
vcd15cbe7772f49c399c6a5babf22c1241717689176015
static.cloudflareinsights.com/beacon.min.js/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by
Host: mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click
URL: https://mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4f49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click
Referer
https://mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click/

Response headers

cache-control
public, max-age=86400
content-encoding
gzip
etag
W/"2024.6.1"
cross-origin-resource-policy
cross-origin
cf-ray
8c549dfc4e27368b-FRA
access-control-allow-origin
*
date
Wed, 18 Sep 2024 22:01:53 GMT
content-type
text/javascript;charset=UTF-8
last-modified
Thu, 06 Jun 2024 15:52:56 GMT
vary
Accept-Encoding
server
cloudflare
IRANSans-web.woff
github.com/hamid80386/iran-sans/raw/master/fonts/ 		0
0
rum
mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click/cdn-cgi/ 		0
204 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.149.95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type
application/json
Referer
https://mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click/

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-methods
POST,OPTIONS
x-content-type-options
nosniff
cf-ray
8c549e026f615f9d-SIN
access-control-allow-origin
https://mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click
date
Wed, 18 Sep 2024 22:01:54 GMT
vary
Origin
server
cloudflare
x-frame-options
DENY
favicon.ico
mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click/ 		8 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.149.95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a8f99cc04110333e2558224c47d2a3d36b5a3c27d3c6e0210103a1c238626c1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6nN1dGn%2Bvshp9Od9kfPONbus5M8iri0TAnQlLWkX%2BIzA8Gc8gXyAKBF%2BzaeQI2FEP8mSK2QkMlPDS%2FWL4o0z3EYI%2FiY8VpiI%2FvFMr62K8JiSpJBGrhnUA5BYRv4jcBsq8nflpilseuGYRGjN8EH36%2FKsFCwRSCgufwYJmlCPmg2cUl1%2BO5rJkiI%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8c549e028f6f5f9d-SIN
alt-svc
h3=":443"; ma=86400
date
Wed, 18 Sep 2024 22:01:54 GMT
content-type
text/html
vary
Accept-Encoding
server
cloudflare
priority
u=1,i

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
github.com
URL
https://github.com/hamid80386/iran-sans/raw/master/fonts/IRANSans-web.woff

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| validateCreateForm function| generateRandomString function| fillRandomString function| openDateOptions function| closeDateOptions object| __cfBeacon

0 Cookies

2 Console Messages

Source Level URL
Text
javascript error URL: https://mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click/
Message:
Access to font at 'https://github.com/hamid80386/iran-sans/raw/master/fonts/IRANSans-web.woff' from origin 'https://mardin-1f60fe745c97d35f567f0300ba4bed52.expreset.click' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains the invalid value ''.
network error URL: https://github.com/hamid80386/iran-sans/raw/master/fonts/IRANSans-web.woff
Message:
Failed to load resource: net::ERR_FAILED