fsbmcpherson.site Open in urlscan Pro
2606:4700:3034::ac43:aa8d Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://yourfeelings.co/WGB
Effective URL:
https://fsbmcpherson.site/WGB/
Submission: On September 20 via manual (September 20th 2024, 6:52:50 pm UTC) from US — Scanned from US

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 14 HTTP transactions. The main IP is 2606:4700:3034::ac43:aa8d, located in United States and belongs to CLOUDFLARENET, US. The main domain is fsbmcpherson.site.
TLS certificate: Issued by WE1 on September 17th 2024. Valid for: 3 months.

This is the only time fsbmcpherson.site was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	162.241.120.231 162.241.120.231	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
2 16	2606:4700:303... 2606:4700:3034::ac43:aa8d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	1

1 162.241.120.231 (United States) 1 redirects

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 162-241-120-231.webhostbox.net

yourfeelings.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2606:4700:3034::ac43:aa8d (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

fsbmcpherson.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	fsbmcpherson.site 2 redirects fsbmcpherson.site	51 KB
1	yourfeelings.co 1 redirects yourfeelings.co	251 B
14	2

	Domain	Requested by
16	fsbmcpherson.site	2 redirects fsbmcpherson.site
1	yourfeelings.co	1 redirects
14	2

This site contains no links.

Subject Issuer	Validity	Valid
fsbmcpherson.site WE1	`2024-09-17` - `2024-12-16`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://fsbmcpherson.site/WGB/
Frame ID: 749944A39F2B78BFA1ECA24635F649E4
Requests: 12 HTTP requests in this frame

Frame: https://fsbmcpherson.site/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js
Frame ID: 03E11D015A0CFFC657FB3814D9B10493
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

403 Forbidden

Page URL History Show full URLs

http://yourfeelings.co/WGB HTTP 307
https://yourfeelings.co/WGB HTTP 301
https://fsbmcpherson.site/WGB/ Page URL
https://fsbmcpherson.site/cdn-cgi/phish-bypass?atok=f3X5icZx08aRX1rLqhEYc3Z5GvbDE6vwlvR19AvM2OQ-172685... HTTP 301
https://fsbmcpherson.site/WGB/ Page URL
https://fsbmcpherson.site/WGB/ Page URL

Page Statistics

14
Requests

93 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

50 kB
Transfer

69 kB
Size

21
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://yourfeelings.co/WGB HTTP 307
https://yourfeelings.co/WGB HTTP 301
https://fsbmcpherson.site/WGB/ Page URL
https://fsbmcpherson.site/cdn-cgi/phish-bypass?atok=f3X5icZx08aRX1rLqhEYc3Z5GvbDE6vwlvR19AvM2OQ-1726858359-0.0.1.1-%2FWGB%2F HTTP 301
https://fsbmcpherson.site/WGB/ Page URL
https://fsbmcpherson.site/WGB/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://yourfeelings.co/WGB HTTP 307
https://yourfeelings.co/WGB HTTP 301
https://fsbmcpherson.site/WGB/

Request Chain 5

https://fsbmcpherson.site/cdn-cgi/phish-bypass?atok=f3X5icZx08aRX1rLqhEYc3Z5GvbDE6vwlvR19AvM2OQ-1726858359-0.0.1.1-%2FWGB%2F HTTP 301
https://fsbmcpherson.site/WGB/

Request Chain 8

https://fsbmcpherson.site/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://fsbmcpherson.site/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

/ Show response
fsbmcpherson.site/WGB/
Redirect Chain

http://yourfeelings.co/WGB
https://yourfeelings.co/WGB
https://fsbmcpherson.site/WGB/

4 KB
2 KB

224ms
89ms

Document
text/html

2606:4700:3034::ac43:aa8d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fsbmcpherson.site/WGB/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:aa8d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7591b1ad2da84f0d5a88c65d12b6f87dc9b61084b119b77b905b66d5a64716e2

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-ray: 8c64038d7dbb8c87-EWR
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 20 Sep 2024 18:52:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JkgHPb%2FkILa3Udv6ReFwAI0YJKH09jHsAqf4KBc9E0Wea3Ah3mqWXyy8zqOc9ouwPwucCNXSj2mSTDeN5zLF7R4ljKNj74axPv8eL8DWRHwbyRtZN13CG5%2BGrnou9E%2B6cvucgdu7p7jMOqevtLJFcg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

Redirect headers

Connection: Keep-Alive
Content-Length: 238
Content-Type: text/html; charset=iso-8859-1
Date: Fri, 20 Sep 2024 18:52:39 GMT
Keep-Alive: timeout=5, max=100
Location: https://fsbmcpherson.site/WGB/
Server: Apache

GET
H3 200 speculation
fsbmcpherson.site/cdn-cgi/ 128 B
559 B 31ms
30ms Other
application/speculationrules+json 2606:4700:3034::ac43:aa8d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fsbmcpherson.site/cdn-cgi/speculation
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:aa8d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://fsbmcpherson.site
Referer: https://fsbmcpherson.site/WGB/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G5LGSM7fhwwpZEqJicjFsKF8OqIw6i2yOyjwZU8%2BK9%2FrvNCTbWVCgdFyApnKo8VBO6JfHx973kVMhYFTCKPJWYKey4xE9XHIcXXw2Dc2lXmUGr0LTsQ%2BVbufO8un06QFP2dbsEVdEPgeBnx7Ncl5CA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c64038e3e6a8c87-EWR
access-control-allow-origin: https://fsbmcpherson.site
content-length: 128
date: Fri, 20 Sep 2024 18:52:40 GMT
content-type: application/speculationrules+json
vary: Origin, Accept-Encoding
server: cloudflare

GET
H3 200 cf.errors.css
fsbmcpherson.site/cdn-cgi/styles/ 23 KB
5 KB 27ms
26ms Stylesheet
text/css 2606:4700:3034::ac43:aa8d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fsbmcpherson.site/cdn-cgi/styles/cf.errors.css

Requested by

Host: fsbmcpherson.site
URL: https://fsbmcpherson.site/WGB/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:aa8d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://fsbmcpherson.site/WGB/

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
content-encoding: gzip
etag: W/"66e7fafc-5df3"
x-content-type-options: nosniff
cf-ray: 8c64038e3e6b8c87-EWR
expires: Fri, 20 Sep 2024 20:52:40 GMT
date: Fri, 20 Sep 2024 18:52:40 GMT
content-type: text/css
last-modified: Mon, 16 Sep 2024 09:31:40 GMT
server: cloudflare
x-frame-options: DENY

GET
H3 200 icon-exclamation.png
fsbmcpherson.site/cdn-cgi/images/ 452 B
634 B 34ms
33ms Image
image/png 2606:4700:3034::ac43:aa8d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fsbmcpherson.site/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: fsbmcpherson.site
URL: https://fsbmcpherson.site/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:aa8d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://fsbmcpherson.site/cdn-cgi/styles/cf.errors.css

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
etag: "66e7fafc-1c4"
x-content-type-options: nosniff
cf-ray: 8c64038e6e9b8c87-EWR
expires: Fri, 20 Sep 2024 20:52:40 GMT
accept-ranges: bytes
content-length: 452
date: Fri, 20 Sep 2024 18:52:40 GMT
content-type: image/png
last-modified: Mon, 16 Sep 2024 09:31:40 GMT
server: cloudflare
x-frame-options: DENY

GET
H3 503 favicon.ico
fsbmcpherson.site/ 18 KB
19 KB 479ms
478ms Other
text/html 2606:4700:3034::ac43:aa8d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fsbmcpherson.site/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:aa8d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a08be987c82deeaf3cdfb59ad5dbc1c0b84c9a1951c0d31e2807d95c45538ab0

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://fsbmcpherson.site/WGB/

Response headers

cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: BYPASS
pragma: no-cache
speculation-rules: "/cdn-cgi/speculation"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IKVTf18qruNYqvaWkv8xY2jUwbI5XVUbnpGb6TpAN6lRnVTJYszmglcYF6jh7ETo%2FKwW393rK4R7YUbDDM1RNOAWKjdHEI91gpFKgPi5miHogvGKteo6hNoYutcO50AXfGcCa0ed8LG8wanC3P4X%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff, nosniff
cf-ray: 8c64038ebef98c87-EWR
expires: 0
date: Fri, 20 Sep 2024 18:52:40 GMT
x-xss-protection: 1; mode=block, 1; mode=block
content-type: text/html; charset=utf-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

GET
H3

503

/ Show response
fsbmcpherson.site/WGB/
Redirect Chain

https://fsbmcpherson.site/cdn-cgi/phish-bypass?atok=f3X5icZx08aRX1rLqhEYc3Z5GvbDE6vwlvR19AvM2OQ-1726858359-0.0.1.1-%2FWGB%2F
https://fsbmcpherson.site/WGB/

7 KB
8 KB

380ms
380ms

Document
text/html

2606:4700:3034::ac43:aa8d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fsbmcpherson.site/WGB/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:aa8d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33d28399b987e0942bc6ea09c5d6a911d3e679031647478534e842a18b69b257

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Referer: https://fsbmcpherson.site/WGB/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 8c6403a509c98c87-EWR
content-type: text/html; charset=utf-8
date: Fri, 20 Sep 2024 18:52:44 GMT
expires: 0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ezaUYUQGLqvMJ622A6UGpwae0H11ugD0E9wooDNyPI%2F1rGoc6io6eqBaDyqhHlhD3iBFL6ujcPRqsGrua9ZzO5laKeViwCgBg7pAp8D40TZJ3MRUUUuDuxUJTDIRWgYG2YakLQ8YJpwLcc1rHeCDqw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
x-content-type-options: nosniff nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block 1; mode=block

Redirect headers

cache-control: private, no-cache
cf-ray: 8c6403a488fe8c87-EWR
content-length: 167
content-type: text/html
date: Fri, 20 Sep 2024 18:52:43 GMT
location: https://fsbmcpherson.site/WGB/
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H3 200 speculation
fsbmcpherson.site/cdn-cgi/ 128 B
558 B 71ms
71ms Other
application/speculationrules+json 2606:4700:3034::ac43:aa8d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fsbmcpherson.site/cdn-cgi/speculation
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:aa8d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://fsbmcpherson.site
Referer: https://fsbmcpherson.site/WGB/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QtA6XG5pz1h3TNMqi9eTqAwVqovPEp9RxxLT1cOpSVsYg8Mt1cQX8Xg8%2Fd38r3cPbRCJOYnMGEOhJt8gsGq%2FoHH9h0Iq%2Fp9sA3U%2F2B1pUOxEi4AxyNUclYoUP35yhBK4bIbVWFH6GHtdSGrlVjFVhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c6403a78cdf8c87-EWR
access-control-allow-origin: https://fsbmcpherson.site
content-length: 128
date: Fri, 20 Sep 2024 18:52:44 GMT
content-type: application/speculationrules+json
vary: Origin, Accept-Encoding
server: cloudflare

POST
H3 204 /
fsbmcpherson.site/WGB/ 0
909 B 287ms
285ms XHR
text/plain 2606:4700:3034::ac43:aa8d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fsbmcpherson.site/WGB/

Requested by

Host: fsbmcpherson.site
URL: https://fsbmcpherson.site/WGB/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:aa8d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

X-Requested-TimeStamp-Combination
Referer: https://fsbmcpherson.site/WGB/
X-Requested-TimeStamp
X-Requested-Type-Combination: GET
0hL1tfpOlHRCAvq4yS6YcNMt23w: 39332943
qf33Y3LTlbdlyXvYGUS-zDVkYBo: wGk7nSGO6nCnQ78N6o0vcrMKO34
X-Requested-with: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
X-Requested-Type: GET
Content-type: application/x-www-form-urlencoded
X-Requested-TimeStamp-Expire

Response headers

cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DoFp6RmRHZw3G561Koj0JkzI1Pbp5Th3c%2F%2BT%2BLMAv6%2F3tfa15E56EbI%2BkY4JfOMQjIYgFU4lRSvOMnY%2BVrU5J4b81f2nkaN8MDfR2mAzxLXHOC9Oi7IR31irBB1xSptKUWb0GiIMqQ7Cfc38GF1Xbg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff, nosniff
cf-ray: 8c6403a7bd158c87-EWR
expires: 0
date: Fri, 20 Sep 2024 18:52:44 GMT
x-xss-protection: 1; mode=block, 1; mode=block
server: cloudflare
x-frame-options: SAMEORIGIN

GET
H3

200

main.js Show response
fsbmcpherson.site/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/ Frame 03E1
Redirect Chain

https://fsbmcpherson.site/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://fsbmcpherson.site/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?

8 KB
4 KB

37ms
36ms

Script
application/javascript

2606:4700:3034::ac43:aa8d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fsbmcpherson.site/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?

Protocol

Server

2606:4700:3034::ac43:aa8d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f4b7f88ca10e486f56d23c1a3949baa41d037aa06db0573b636eb2e7e759120

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h7m%2Fft5rMRKCHQvQFfozce1SBepGmO8XA93GmYAU0sDVIGr5rB50yGngNHVcuaWBDI6RKWtFozieY5jgG%2B5Hh08OTNdfxz9bcj0cyUjUca65Oo7yjeSlRUvfs6KIsIxzFo53%2BAfEsg5qbKzY27pObA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-ray: 8c6403a80d778c87-EWR
date: Fri, 20 Sep 2024 18:52:44 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

Redirect headers

cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RcKt4CVs3560jD6uR8z8q%2BonmB6V3BnbV7tQjGdkxGi4i%2FRNicYssd1tmVV%2BmZjRdDIswF2N9%2FAJRuqshbRXoKwqJgc64e3m83Ipxv2xuquWuST0AmmC8EDKqc5ISzP%2F5GO7Av6dsIImePdIoF83LQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c6403a7bd218c87-EWR
access-control-allow-origin: *
content-length: 0
date: Fri, 20 Sep 2024 18:52:44 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 503 favicon.ico
fsbmcpherson.site/ 6 KB
7 KB 180ms
179ms Other
text/html 2606:4700:3034::ac43:aa8d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fsbmcpherson.site/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:aa8d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

990588dca4924508dfa599cea392fc2c8b28fb97a2425909b9528e9b759b02fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://fsbmcpherson.site/WGB/

Response headers

cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: BYPASS
pragma: no-cache
speculation-rules: "/cdn-cgi/speculation"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8T7DIlXO181A37lLI%2FRnm%2B69ExKGkoiZmr2iPPesiy127NdvXYNDTtlCv3bX0mQjeZL2pGFw7RE0CQasAfEromVVBcaaZAUH1oRAa6U7FzsC0Z10tG5dewFOJSqEA2fA6PwiEH9ISUdus5Ywd2uW9g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff, nosniff
cf-ray: 8c6403a7cd338c87-EWR
expires: 0
date: Fri, 20 Sep 2024 18:52:44 GMT
x-xss-protection: 1; mode=block, 1; mode=block
content-type: text/html; charset=utf-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

POST
H3 200 8c6403a509c98c87 Show response
fsbmcpherson.site/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 03E1 0
924 B 39ms
32ms XHR
text/plain 2606:4700:3034::ac43:aa8d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fsbmcpherson.site/cdn-cgi/challenge-platform/h/g/jsd/r/8c6403a509c98c87
Requested by: Host: fsbmcpherson.site
URL: https://fsbmcpherson.site/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:aa8d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json
Referer

Response headers

cf-ray: 8c6403a8ee718c87-EWR
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-length: 0
date: Fri, 20 Sep 2024 18:52:44 GMT
content-type: text/plain; charset=UTF-8
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OTAJ4ox7Gfp3cEZhCBjCeLK7XBN5cc%2F5%2BiPSNVoFVT1axmknokf9TKfiIe1M7j1%2FTeUK2OI14H4fy6Yhajvib9fpzlXpvt6Q4evGpF%2BjwjIgzpWLJqHE8n5%2BG8ukSXN3CjM3SlnkZMXOG87IFCpFNw%3D%3D"}],"group":"cf-nel","max_age":604800}

GET
H3 403 Primary Request / Show response
fsbmcpherson.site/WGB/ 548 B
577 B 184ms
182ms Document
text/html 2606:4700:3034::ac43:aa8d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fsbmcpherson.site/WGB/

Requested by

Host: fsbmcpherson.site
URL: https://fsbmcpherson.site/WGB/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:aa8d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Referer: https://fsbmcpherson.site/WGB/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8c6403a99f318c87-EWR
content-encoding: br
content-type: text/html
date: Fri, 20 Sep 2024 18:52:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W3ZbuaGbwcVnNblfK8MS%2FamyO1It3Fkf9FNQh0XK8k6GussKbdg2F2tGWLawJDQqlrKu8%2BlaTrKooSoisIWjQqfuM%2FJkDXwCxHGIeFvYxPCTv4JbV8kOKtvuIXvif7%2F9QReWdHa9dwhb1Zo2NWbbLw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
vary: Accept-Encoding
x-content-type-options: nosniff nosniff
x-xss-protection: 1; mode=block 1; mode=block

GET
H3 200 speculation
fsbmcpherson.site/cdn-cgi/ 128 B
581 B 30ms
30ms Other
application/speculationrules+json 2606:4700:3034::ac43:aa8d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fsbmcpherson.site/cdn-cgi/speculation
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:aa8d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://fsbmcpherson.site
Referer: https://fsbmcpherson.site/WGB/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TMkraatjRQ6hScTB%2BcQr308lSiuZB%2B9w6J9q%2FdriJQu3X6wopEODBdoNXOLbItSsplu8ksTd9%2FwuP%2F14w8YanVeqnDGbBZeUCYfkd5EDDN8nnYN93WHnXXmRw%2FFZCe3rNRLtYyGfsMGqdyesiEw4Sw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c6403aab8b78c87-EWR
access-control-allow-origin: https://fsbmcpherson.site
alt-svc: h3=":443"; ma=86400
content-length: 128
date: Fri, 20 Sep 2024 18:52:44 GMT
content-type: application/speculationrules+json
vary: Origin, Accept-Encoding
server: cloudflare

GET
H3 403 favicon.ico
fsbmcpherson.site/ 548 B
653 B 279ms
278ms Other
text/html 2606:4700:3034::ac43:aa8d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fsbmcpherson.site/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:aa8d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://fsbmcpherson.site/WGB/

Response headers

cache-control: public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: MISS
pragma: public
speculation-rules: "/cdn-cgi/speculation"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ok6nH8FLmkxMoBUfKgWJfGNZOrsxUf1OhTLDTwLWCufPAREommmY9jWbeh36JnmHT0r9I0EpoubCpG13SJ7OsvdOi73R9t1pCRjW4sKNoPcdj5FrdOk%2FqgHxOVdvefv9ruAaNBAz320phMbeCPUHuA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff, nosniff
cf-ray: 8c6403aac8c68c87-EWR
date: Fri, 20 Sep 2024 18:52:44 GMT
x-xss-protection: 1; mode=block, 1; mode=block
content-type: text/html
vary: Accept-Encoding
server: cloudflare

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
fsbmcpherson.site/	1970-01-20 23:42:24	Name: 3f9aI4hv-y5HvGyqxbkrkL3rV1g Value: nifX9nincUd5BuNE6gAOU-QQJCA
fsbmcpherson.site/	1970-01-20 23:42:24	Name: U_fHAP2SN10-jetAcJVTkk2mKVk Value: 1726858359
fsbmcpherson.site/	1970-01-20 23:42:24	Name: n3kZWuQm0cMKCUTozX6jWobLsKY Value: 1726944759
fsbmcpherson.site/	1970-01-20 23:42:24	Name: bTXxLvkqHemm9FToX9qKx_Fsv-0 Value: KlSzEYsRBDsjHouEkgcxcNQT5v4
fsbmcpherson.site/	1970-01-20 23:42:24	Name: Lny_aBnfR70iADqEK9pcqad1bXo Value: bFeGPfbUxf11fJGMah8C5fE3X7U
.fsbmcpherson.site/	1970-01-20 23:42:24	Name: __cf_mw_byp Value: f3X5icZx08aRX1rLqhEYc3Z5GvbDE6vwlvR19AvM2OQ-1726858359-0.0.1.1-/WGB/
fsbmcpherson.site/	1970-01-20 23:42:24	Name: vh9cQGqgMxM9mB3MSYFagsCmRQ4 Value: XVkj5flgsSOLXazU7_6FQblGvk4
fsbmcpherson.site/	1970-01-20 23:42:24	Name: KO6-kyBjQW4RmCNrM8YULU5VoBc Value: 1726858350
fsbmcpherson.site/	1970-01-20 23:42:24	Name: 5rctOCM5gJx0cEEohBC3HEH-FWc Value: 1726944750
fsbmcpherson.site/	1970-01-20 23:42:24	Name: rvaZsND8QHiHBgrpqmUTsHKoj8k Value: H936cdcXqLmQ2bDSSpR-o0rYiH0
fsbmcpherson.site/	1970-01-20 23:42:24	Name: g-x1IF0eg7Q9np7OsSKSoieIjME Value: z0YXQOlAZKh57FFMlsgbxhdP23I
fsbmcpherson.site/	1970-01-20 23:42:24	Name: fDVVY2RdUq3CHqHvgpmqeDy8VOU Value: HSjjfPGTyOtuSTvWB0gCJCd3uEM
fsbmcpherson.site/	1970-01-20 23:42:24	Name: hEo73g5BCu4hwC8D-ZDVqMuZivU Value: 1726858361
fsbmcpherson.site/	1970-01-20 23:42:24	Name: 8SvSvj17McxvgZSIKgvea-3madk Value: 1726944761
fsbmcpherson.site/	1970-01-20 23:42:24	Name: OsFEc7V88Xm1be5NePVcOlIYOkw Value: 9rvbczJkVXivwwDjEf6WbeyxbGI
.fsbmcpherson.site/	1970-01-21 08:26:34	Name: cf_clearance Value: mYKvkt07fxRaFSM_0JrrM0skdjtxQF1Q92KqR7s1OOw-1726858364-1.2.1.1-wxVSFVGmDa.zv6cjK3.TkbbXY2r7gsg5oUFVbbdGiDfK5pfupSRYtX.Jo2wdMn4ks2UsZuiPSx_bYHdqa1WhzEABj5aSQJ9PhQlUADS6q8f5Tx5ctpzN3YpjhYSS4SkBOW3ce9uvQUP7iUZKXlubn3kF9EIAdRsXK_zwUr59PAmmejNBCURfkRnEMmjs5cF8WZEJsQYaGbxJM4dgs9Ayw4XJgu7CHVKaQF7Fl7UrnVddpu7kJibQuLkQ_H1WxCaelj1B5zcwQO8LB8WHpMC9rN6cHhdDST_Ok3hVaApvF4BlI0ygY3QsBScKNZxkA3UphQfrDgodc4rtTE6Z6GHuefJSLDKMI6spbcahoHwfaA0YpS8u3UghnNkiMN4FlZyS
fsbmcpherson.site/	1970-01-20 23:42:24	Name: G46iC-ParqdjVlXNEEHZkvD044M Value: cHtpQMiy4f2v1WctU8IOVvooiBI
fsbmcpherson.site/	1970-01-20 23:42:24	Name: XxLe6QC8C3B4ij-hR6UUGygEpPM Value: 1726858364
fsbmcpherson.site/	1970-01-20 23:42:24	Name: YppDVJnE7fiY2HFGr5dAyQlo4dM Value: 1726944764
fsbmcpherson.site/	1970-01-20 23:42:24	Name: 9vYgNYMvvnEYTTiVusYZq30L4HA Value: OQr4nJ_vXl-yh7rA-iXbRTlzzTk
fsbmcpherson.site/	1970-01-20 23:42:24	Name: ukIPzMiz3au9VhFB3tQozfScPOw Value: wMQ8UQG7xeF7IzAq8oOQ0KqSvFQ

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://fsbmcpherson.site/favicon.ico Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://fsbmcpherson.site/WGB/ Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://fsbmcpherson.site/favicon.ico Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://fsbmcpherson.site/WGB/ Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://fsbmcpherson.site/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fsbmcpherson.site
yourfeelings.co
162.241.120.231
2606:4700:3034::ac43:aa8d
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d
25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393
33d28399b987e0942bc6ea09c5d6a911d3e679031647478534e842a18b69b257
6f4b7f88ca10e486f56d23c1a3949baa41d037aa06db0573b636eb2e7e759120
7591b1ad2da84f0d5a88c65d12b6f87dc9b61084b119b77b905b66d5a64716e2
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
990588dca4924508dfa599cea392fc2c8b28fb97a2425909b9528e9b759b02fa
a08be987c82deeaf3cdfb59ad5dbc1c0b84c9a1951c0d31e2807d95c45538ab0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

fsbmcpherson.site Open in urlscan Pro 2606:4700:3034::ac43:aa8d Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

14 Requests

93 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

1 IPs

1 Countries

50 kBTransfer

69 kBSize

21 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

21 Cookies

5 Console Messages

Security Headers

Indicators

fsbmcpherson.site Open in urlscan Pro
2606:4700:3034::ac43:aa8d Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

93 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

50 kB
Transfer

69 kB
Size

21
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!