myvystaraccess.es Open in urlscan Pro
188.114.97.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://zanchetchapeco.com/wp-wp/redir.php
Effective URL:
https://myvystaraccess.es/wp-wp/jayVystarCU/
Submission: On October 22 via manual (October 22nd 2024, 8:45:35 am UTC) from IN — Scanned from IT

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 15 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is myvystaraccess.es.
TLS certificate: Issued by WE1 on October 15th 2024. Valid for: 3 months.

This is the only time myvystaraccess.es was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
2	162.241.203.236 162.241.203.236	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
2 13	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	3

2 162.241.203.236 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 162-241-203-236.unifiedlayer.com

zanchetchapeco.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 188.114.97.3 (Amsterdam, Netherlands) 2 redirects

ASN13335 (CLOUDFLARENET, US)

myvystaraccess.es	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	myvystaraccess.es 2 redirects myvystaraccess.es	42 KB
2	zanchetchapeco.com zanchetchapeco.com	2 KB
15	2

	Domain	Requested by
13	myvystaraccess.es	2 redirects myvystaraccess.es zanchetchapeco.com
2	zanchetchapeco.com
15	2

This site contains no links.

Subject Issuer	Validity	Valid
zanchetchapeco.com R10	`2024-09-18` - `2024-12-17`	3 months	crt.sh
myvystaraccess.es WE1	`2024-10-15` - `2025-01-13`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://myvystaraccess.es/wp-wp/jayVystarCU/
Frame ID: 906043D9F35971E93CE7650EA8776E92
Requests: 11 HTTP requests in this frame

Frame: https://myvystaraccess.es/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js
Frame ID: 5BEE967B013C39CDAFB40D6956021B46
Requests: 2 HTTP requests in this frame

Frame: https://myvystaraccess.es/cdn-cgi/challenge-platform/scripts/jsd/main.js
Frame ID: 00CA6769A90729BE38CAD22AE311B570
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

403 Forbidden

Page URL History Show full URLs

http://zanchetchapeco.com/wp-wp/redir.php HTTP 307
https://zanchetchapeco.com/wp-wp/redir.php Page URL
https://myvystaraccess.es/wp-wp/jayVystarCU/ Page URL
https://myvystaraccess.es/cdn-cgi/phish-bypass?atok=fubKhU.9bpxr0i6kSbY8liKjrfiQW_ieF3elVoxbsfA-172958... HTTP 301
https://myvystaraccess.es/wp-wp/jayVystarCU/ Page URL
https://myvystaraccess.es/wp-wp/jayVystarCU/ Page URL

Page Statistics

15
Requests

73 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

43 kB
Transfer

75 kB
Size

12
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://zanchetchapeco.com/wp-wp/redir.php HTTP 307
https://zanchetchapeco.com/wp-wp/redir.php Page URL
https://myvystaraccess.es/wp-wp/jayVystarCU/ Page URL
https://myvystaraccess.es/cdn-cgi/phish-bypass?atok=fubKhU.9bpxr0i6kSbY8liKjrfiQW_ieF3elVoxbsfA-1729586727-0.0.1.1-%2Fwp-wp%2FjayVystarCU%2F HTTP 301
https://myvystaraccess.es/wp-wp/jayVystarCU/ Page URL
https://myvystaraccess.es/wp-wp/jayVystarCU/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://zanchetchapeco.com/wp-wp/redir.php HTTP 307
https://zanchetchapeco.com/wp-wp/redir.php

Request Chain 6

https://myvystaraccess.es/cdn-cgi/phish-bypass?atok=fubKhU.9bpxr0i6kSbY8liKjrfiQW_ieF3elVoxbsfA-1729586727-0.0.1.1-%2Fwp-wp%2FjayVystarCU%2F HTTP 301
https://myvystaraccess.es/wp-wp/jayVystarCU/

Request Chain 8

https://myvystaraccess.es/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://myvystaraccess.es/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

redir.php Show response
zanchetchapeco.com/wp-wp/
Redirect Chain

http://zanchetchapeco.com/wp-wp/redir.php
https://zanchetchapeco.com/wp-wp/redir.php

123 B
225 B

1714ms
199ms

Document
text/html

162.241.203.236
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://zanchetchapeco.com/wp-wp/redir.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.203.236 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 162-241-203-236.unifiedlayer.com
Software: Apache /
Resource Hash: d6ffef3eaa309f28abf13d23b48cfff4388630181e6091bca426d0260f074a2c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-length: 129
content-type: text/html; charset=UTF-8
date: Tue, 22 Oct 2024 08:45:24 GMT
server: Apache
vary: Accept-Encoding

Redirect headers

Location: https://zanchetchapeco.com/wp-wp/redir.php
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 favicon.ico
zanchetchapeco.com/ 4 KB
2 KB 140ms
139ms Other
text/html 162.241.203.236
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://zanchetchapeco.com/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.203.236 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 162-241-203-236.unifiedlayer.com
Software: Apache /
Resource Hash: fd5a7aa8cb340c45f9969aabc8cd52f3162ef1e4a1dd1bfa6675109148386b0c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://zanchetchapeco.com/wp-wp/redir.php

Response headers

content-encoding: gzip
accept-ranges: bytes
content-length: 2173
date: Tue, 22 Oct 2024 08:45:24 GMT
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
vary: Accept-Encoding
server: Apache
content-type: text/html

GET
H2 403 / Show response
myvystaraccess.es/wp-wp/jayVystarCU/ 4 KB
2 KB 614ms
57ms Document
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://myvystaraccess.es/wp-wp/jayVystarCU/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b093848f0d872c59eb705ca2a790101096004bd88db2bed1ff63542501ffa20b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://zanchetchapeco.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-ray: 8d683616c9ba5231-MXP
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 22 Oct 2024 08:45:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qwfQwzybNn3DonlpHyagimtdvNnKyz6goMTCWwDgFfQnqc1z7XPlnv5ycCAmN1vdIN5ZX5mbg%2BIr6QM2DDzxKXhuu%2BIuXDWwy3RthpKwaCQhIYCqXw70Hq29m4oS4J6FK9qQAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 cf.errors.css
myvystaraccess.es/cdn-cgi/styles/ 23 KB
5 KB 55ms
54ms Stylesheet
text/css 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://myvystaraccess.es/cdn-cgi/styles/cf.errors.css

Requested by

Host: myvystaraccess.es
URL: https://myvystaraccess.es/wp-wp/jayVystarCU/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://myvystaraccess.es/wp-wp/jayVystarCU/

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
content-encoding: gzip
etag: W/"670fb473-5df3"
x-content-type-options: nosniff
cf-ray: 8d6836175a905231-MXP
expires: Tue, 22 Oct 2024 10:45:27 GMT
date: Tue, 22 Oct 2024 08:45:27 GMT
content-type: text/css
last-modified: Wed, 16 Oct 2024 12:41:23 GMT
server: cloudflare
x-frame-options: DENY

GET
H2 200 icon-exclamation.png
myvystaraccess.es/cdn-cgi/images/ 452 B
541 B 46ms
45ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://myvystaraccess.es/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: myvystaraccess.es
URL: https://myvystaraccess.es/cdn-cgi/styles/cf.errors.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://myvystaraccess.es/cdn-cgi/styles/cf.errors.css

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
etag: "670fb473-1c4"
x-content-type-options: nosniff
cf-ray: 8d683617cb315231-MXP
expires: Tue, 22 Oct 2024 10:45:27 GMT
accept-ranges: bytes
content-length: 452
date: Tue, 22 Oct 2024 08:45:27 GMT
content-type: image/png
last-modified: Wed, 16 Oct 2024 12:41:23 GMT
server: cloudflare
x-frame-options: DENY

GET
H2 503 favicon.ico
myvystaraccess.es/ 6 KB
7 KB 198ms
198ms Other
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://myvystaraccess.es/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

867d4889a129af54d8fc486fe37039275f445e584c120387ab592871630eda10

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://myvystaraccess.es/wp-wp/jayVystarCU/

Response headers

cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rd0eF1B4%2BKKAXmLVnc%2FIUuWbRXDim0B%2B%2BTKluanoRLKVnR1C3Jh9%2FD%2FgGozBwDV%2FpC49h4bVW8rIeiM6wNEodXoK22GaFG31EeXDz0HhgHs%2FfMubRqmnb4hqxQg5JXqXZvhwCw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff, nosniff
expires: 0
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=22847&sent=23&recv=21&lost=0&retrans=0&sent_bytes=11690&recv_bytes=2710&delivery_rate=478484&cwnd=257&unsent_bytes=0&cid=a20735be989de0f2&ts=477&x=0"
date: Tue, 22 Oct 2024 08:45:27 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
cf-ray: 8d6836184c095231-MXP
x-xss-protection: 1; mode=block, 1; mode=block
server: cloudflare

GET
H2

503

/
myvystaraccess.es/wp-wp/jayVystarCU/
Redirect Chain

https://myvystaraccess.es/cdn-cgi/phish-bypass?atok=fubKhU.9bpxr0i6kSbY8liKjrfiQW_ieF3elVoxbsfA-1729586727-0.0.1.1-%2Fwp-wp%2FjayVystarCU%2F
https://myvystaraccess.es/wp-wp/jayVystarCU/

19 KB
19 KB

368ms
226ms

Document
text/html

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://myvystaraccess.es/wp-wp/jayVystarCU/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Referer: https://myvystaraccess.es/wp-wp/jayVystarCU/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 8d6836279c8f5231-MXP
content-type: text/html; charset=utf-8
date: Tue, 22 Oct 2024 08:45:30 GMT
expires: 0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ND7W8eW4g25aVA1vuyoFpUu%2BAGif%2BWgKn3As6zYq5mb30Y8T2hBJXUfbHFnuJtYhFSo%2BcO0MZcHmnVI%2BRipfAASYjWwmeanQwScCeIzcblAlan6%2FqwfulBoSpfRLJzSOoXW%2FOw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=TCP&rtt=18659&sent=38&recv=31&lost=0&retrans=0&sent_bytes=19758&recv_bytes=3145&delivery_rate=807321&cwnd=257&unsent_bytes=0&cid=a20735be989de0f2&ts=2931&x=0"
x-content-type-options: nosniff nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block 1; mode=block

Redirect headers

cache-control: private, no-cache
cf-ray: 8d683625890f5231-MXP
content-length: 167
content-type: text/html
date: Tue, 22 Oct 2024 08:45:29 GMT
location: https://myvystaraccess.es/wp-wp/jayVystarCU/
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

POST
H2 204 /
myvystaraccess.es/wp-wp/jayVystarCU/ 0
970 B 159ms
158ms XHR
text/plain 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://myvystaraccess.es/wp-wp/jayVystarCU/

Requested by

Host: zanchetchapeco.com
URL: https://zanchetchapeco.com/wp-wp/redir.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
X-Requested-TimeStamp-Combination
Referer: https://myvystaraccess.es/wp-wp/jayVystarCU/
X-Requested-TimeStamp
X-Requested-Type-Combination: GET
X-Requested-with: XMLHttpRequest
ZK3fE3Nle1qFpHNFeMTllS6-dA: 41343045
X-Requested-Type: GET
cyuxesgL0J3i94-sdUvv7AGxRks: 0hyi8H0W4rGuwjPex1tcsesX8c
Content-type: application/x-www-form-urlencoded
X-Requested-TimeStamp-Expire

Response headers

cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SPXyJMZvy85zXqrXT1w024EvgZsQPDXxPRe94mhb3FG4R0HduJ18jEthVrTL%2FzQC3Lmpk%2F6V8sgTa09%2BMHHw0xkt0I2%2BGUi4H%2BI7V811Miq2h0Zx1cMAjyp7m4RzvZhPiUEJvg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff, nosniff
cf-ray: 8d68362a38f15231-MXP
expires: 0
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=14647&sent=67&recv=47&lost=0&retrans=0&sent_bytes=40254&recv_bytes=3688&delivery_rate=1248341&cwnd=257&unsent_bytes=0&cid=a20735be989de0f2&ts=3306&x=0"
date: Tue, 22 Oct 2024 08:45:30 GMT
x-xss-protection: 1; mode=block, 1; mode=block
server: cloudflare
x-frame-options: SAMEORIGIN

GET
H2

200

main.js
myvystaraccess.es/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/ Frame 5BEE
Redirect Chain

https://myvystaraccess.es/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://myvystaraccess.es/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js?

8 KB
4 KB

77ms
69ms

Script
application/javascript

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://myvystaraccess.es/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js?

Protocol

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6y5LVGsRKUCHrVyHpmoR9KhevHv0s2PS%2BidIgo6XOD%2F9yXVwrjzpL72TBzkV3gEh10jQDFfFgR6klaHhCELMLQdoUFHyQg%2FaN1FwRmDlgNABP4zbYBmjqD%2FalO4E8fF8hRN2lA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-ray: 8d68362d4dcb5231-MXP
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16012&sent=69&recv=51&lost=0&retrans=0&sent_bytes=41246&recv_bytes=4139&delivery_rate=1248341&cwnd=257&unsent_bytes=0&cid=a20735be989de0f2&ts=3704&x=0"
date: Tue, 22 Oct 2024 08:45:31 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

Redirect headers

cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js?
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ECfDdBmKTaOQZQrzjWId2vWSYbLKM%2FoVlTj8qfz92lBD144di8wpEycbhIGsZkiSyDBnpKfgmR%2B9LvEK88RfRk%2BEcICuJ5iHK%2BwtMiVJUqrmbmtpo04T2M3rRpsDl3Fezdt1aw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d68362a59305231-MXP
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 0
server-timing: cfL4;desc="?proto=TCP&rtt=14386&sent=66&recv=46&lost=0&retrans=0&sent_bytes=39662&recv_bytes=3688&delivery_rate=1248341&cwnd=257&unsent_bytes=0&cid=a20735be989de0f2&ts=3228&x=0"
date: Tue, 22 Oct 2024 08:45:30 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 403 Primary Request / Show response
myvystaraccess.es/wp-wp/jayVystarCU/ 1 KB
1 KB 168ms
89ms Document
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://myvystaraccess.es/wp-wp/jayVystarCU/

Requested by

Host: zanchetchapeco.com
URL: https://zanchetchapeco.com/wp-wp/redir.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f2c7657983469e2b27e902e207a6f1ba26e0ab20fe5c420ae3f6923145c0a09

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Referer: https://myvystaraccess.es/wp-wp/jayVystarCU/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8d68362cfd605231-MXP
content-encoding: zstd
content-type: text/html
date: Tue, 22 Oct 2024 08:45:31 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mBpPi1%2BTKmnpsfajVm2fVLMtzl050FcPeSSVgstYP9IQjKzg%2FpDFvQ0zclrNJSJM%2Bzn6YJ7Gmc4gu3r5fs%2B2fdKVj4WKCM8S2KLsdOcRfCZnKe5jodouB0yB6JiTLwUkyPoFKw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=TCP&rtt=16012&sent=74&recv=51&lost=0&retrans=0&sent_bytes=45658&recv_bytes=4139&delivery_rate=1248341&cwnd=257&unsent_bytes=0&cid=a20735be989de0f2&ts=3713&x=0"
vary: Accept-Encoding
x-content-type-options: nosniff nosniff
x-xss-protection: 1; mode=block 1; mode=block

GET favicon.ico
myvystaraccess.es/ 0
0

POST 8d6836279c8f5231
myvystaraccess.es/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 5BEE 0
0

GET
H2 200 main.js Show response
myvystaraccess.es/cdn-cgi/challenge-platform/scripts/jsd/ Frame 00CA 8 KB
0 77ms
69ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://myvystaraccess.es/cdn-cgi/challenge-platform/scripts/jsd/main.js

Requested by

Host: zanchetchapeco.com
URL: https://zanchetchapeco.com/wp-wp/redir.php

Protocol

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20bd354a12ef74e4df4ecf6cf8482ab067e21af0682de37cbb9145a1df24520d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6y5LVGsRKUCHrVyHpmoR9KhevHv0s2PS%2BidIgo6XOD%2F9yXVwrjzpL72TBzkV3gEh10jQDFfFgR6klaHhCELMLQdoUFHyQg%2FaN1FwRmDlgNABP4zbYBmjqD%2FalO4E8fF8hRN2lA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-ray: 8d68362d4dcb5231-MXP
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16012&sent=69&recv=51&lost=0&retrans=0&sent_bytes=41246&recv_bytes=4139&delivery_rate=1248341&cwnd=257&unsent_bytes=0&cid=a20735be989de0f2&ts=3704&x=0"
date: Tue, 22 Oct 2024 08:45:31 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

POST
H2 200 8d68362cfd605231 Show response
myvystaraccess.es/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 00CA 0
1022 B 506ms
502ms XHR
text/plain 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://myvystaraccess.es/cdn-cgi/challenge-platform/h/b/jsd/r/8d68362cfd605231
Requested by: Host: myvystaraccess.es
URL: https://myvystaraccess.es/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json
Referer

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=07TAgP0Rz0i1R1ohWSXCFZKy7%2BoJGjtk6u1rYQgBCZHpYaFzRE7RNT%2B0T0kIFzwRRpRFW1PNWxryoS6bF6eIMp1Ck69JM86vpcSjetDBxL9EdHCu2onOUkyx09iJ2dV2mz0MxA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d683631ad4c5231-MXP
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20513&sent=93&recv=75&lost=0&retrans=0&sent_bytes=47604&recv_bytes=20646&delivery_rate=1248341&cwnd=257&unsent_bytes=0&cid=a20735be989de0f2&ts=4745&x=0"
content-length: 0
date: Tue, 22 Oct 2024 08:45:32 GMT
content-type: text/plain; charset=UTF-8
server: cloudflare

GET
H2 403 favicon.ico
myvystaraccess.es/ 548 B
0 0ms
0ms Other
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://myvystaraccess.es/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://myvystaraccess.es/wp-wp/jayVystarCU/

Response headers

cache-control: public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: MISS
pragma: public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n647LDs%2FpxZ%2Fs3t%2BdeVRk%2B%2Fdx2efrFasaVD7kWdRHwAAE4NTZrwbBm%2F%2Fndc8D%2F271eY8EFImAvVoGUMKdmYQ%2Flt8zpkHP9YfX8Zx9wnbneUqS6Lf8oqjk0Tbzw7wAFNWrQCScw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff, nosniff
cf-ray: 8d68362d3db65231-MXP
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=15833&sent=77&recv=57&lost=0&retrans=0&sent_bytes=46819&recv_bytes=4139&delivery_rate=1248341&cwnd=257&unsent_bytes=0&cid=a20735be989de0f2&ts=3756&x=0"
date: Tue, 22 Oct 2024 08:45:31 GMT
x-xss-protection: 1; mode=block, 1; mode=block
content-type: text/html
vary: Accept-Encoding
server: cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: myvystaraccess.es
URL: https://myvystaraccess.es/favicon.ico

Domain: myvystaraccess.es
URL: https://myvystaraccess.es/cdn-cgi/challenge-platform/h/b/jsd/r/8d6836279c8f5231

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
myvystaraccess.es/	1970-01-21 00:27:53	Name: mUjXlZy-Qnhq5pCJz28esRXEdek Value: sX1kH9s6G01bosqTHbWrp9AWrYE
myvystaraccess.es/	1970-01-21 00:27:53	Name: isQNXbuVvfyAYxmxeXCx1E7XiG0 Value: 1729586713
myvystaraccess.es/	1970-01-21 00:27:53	Name: sjfH6kexWvi43r9j4Tq0UBBHcAc Value: 1729673113
myvystaraccess.es/	1970-01-21 00:27:53	Name: qZb-f9klnp8_Mt3tKED9clYqonM Value: pmfa6u7GCWyGDupxVeMFuYjtRB0
.myvystaraccess.es/	1970-01-21 00:27:53	Name: __cf_mw_byp Value: fubKhU.9bpxr0i6kSbY8liKjrfiQW_ieF3elVoxbsfA-1729586727-0.0.1.1-/wp-wp/jayVystarCU/
myvystaraccess.es/	1970-01-21 00:27:53	Name: eQoaURyKNab5HaZmAcW2pNkK-qA Value: XaK7OKBmulakCM7jZz5-O8Jffy4
myvystaraccess.es/	1970-01-21 00:27:53	Name: i1Ey64X34KaCrVJLAuCXyC4m0eY Value: cHtpQMiy4f2v1WctU8IOVvooiBI
myvystaraccess.es/	1970-01-21 00:27:53	Name: 4AkdJhQPYbU7_FrWHjfzAP8bptg Value: 1729586730
myvystaraccess.es/	1970-01-21 00:27:53	Name: AnLoYMC4RWt9qvdVhegYlFQG72k Value: 1729673130
myvystaraccess.es/	1970-01-21 00:27:53	Name: NFsZmvfOTmlhe2jQjbFbMC_IXUw Value: xHOD7pcEC4mzBMTDXCazyu-Y7T4
myvystaraccess.es/	1970-01-21 00:27:53	Name: zt4MVI9oMbtPQD7wdkxnkC-knz4 Value: b-l4Yjj1-_gn46W3oWsDOaUb9Vo
.myvystaraccess.es/	1970-01-21 09:12:02	Name: cf_clearance Value: N8EejVSVD0cEK2Mtzdxdfh9ERirs89FdcUKG_VycrLc-1729586732-1.2.1.1-gq2YrKZeiX1dzP7lELGhm._WE8CkzCW.sGDB6SGKP3TzAYuhsMhgBHyfCZiAXHP4FC1n5GrbRvc5i2hEVMEIrxXzkIt9Ti7TL8nozG0Kd9Jd2lPSstQvPuk9FGcZrb6yaxdHUsULFcYyr_ZlumQzuIz_uZhfwLDoJULdIhu1aYj2DAold88odUZ3IA7rqK.EZaFoiFMCI6P_ePrlmqqtPlfmozn7UUgry2U0.GXtNPrMIUCJdgIr.LncgfnddoeqzzjCTpxYQGLHOyZGmSMce03mmeaZq7jhQjLYvjPgdbLSEcuh_HHF_yIGPxRqm9qF4g0ujzeA05hMd.yEpJJXZarl5ygS5P85SWgisBOfAGJfktH7GHRj3wZH1vcXjjCL

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://myvystaraccess.es/wp-wp/jayVystarCU/ Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://myvystaraccess.es/favicon.ico Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://myvystaraccess.es/wp-wp/jayVystarCU/ Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://myvystaraccess.es/wp-wp/jayVystarCU/ Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://myvystaraccess.es/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

myvystaraccess.es
zanchetchapeco.com
myvystaraccess.es
162.241.203.236
188.114.97.3
20bd354a12ef74e4df4ecf6cf8482ab067e21af0682de37cbb9145a1df24520d
25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
867d4889a129af54d8fc486fe37039275f445e584c120387ab592871630eda10
8f2c7657983469e2b27e902e207a6f1ba26e0ab20fe5c420ae3f6923145c0a09
b093848f0d872c59eb705ca2a790101096004bd88db2bed1ff63542501ffa20b
d6ffef3eaa309f28abf13d23b48cfff4388630181e6091bca426d0260f074a2c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
fd5a7aa8cb340c45f9969aabc8cd52f3162ef1e4a1dd1bfa6675109148386b0c

myvystaraccess.es Open in urlscan Pro 188.114.97.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

15 Requests

73 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

43 kBTransfer

75 kBSize

12 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

12 Cookies

5 Console Messages

Indicators

myvystaraccess.es Open in urlscan Pro
188.114.97.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

73 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

43 kB
Transfer

75 kB
Size

12
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!