sedo.com Open in urlscan Pro
2606:4700::6810:8c72 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz/
Effective URL:
https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&ori...
Submission: On October 16 via api (October 16th 2023, 9:25:32 pm UTC) from JP — Scanned from JP

Summary HTTP 18 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 18 HTTP transactions. The main IP is 2606:4700::6810:8c72, located in United States and belongs to CLOUDFLARENET, US. The main domain is sedo.com. The Cisco Umbrella rank of the primary domain is 135415.
TLS certificate: Issued by GeoTrust TLS RSA CA G1 on May 11th 2023. Valid for: a year.

This is the only time sedo.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	91.195.241.232 91.195.241.232	47846 (SEDO-AS) (SEDO-AS)
12	2606:4700::68... 2606:4700::6810:8c72	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6811:2b8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	3

1 91.195.241.232 (Germany) 1 redirects

ASN47846 (SEDO-AS, DE)

sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700::6810:8c72 (United States)

ASN13335 (CLOUDFLARENET, US)

sedo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:2b8 (United States)

ASN13335 (CLOUDFLARENET, US)

challenges.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	sedo.com sedo.com — Cisco Umbrella Rank: 135415	152 KB
4	cloudflare.com challenges.cloudflare.com — Cisco Umbrella Rank: 6285	23 KB
1	farid2.xyz 1 redirects sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz	189 B
18	3

	Domain	Requested by
12	sedo.com	sedo.com
4	challenges.cloudflare.com	sedo.com challenges.cloudflare.com
1	sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz	1 redirects
18	3

This site contains links to these domains. Also see Links.

Domain
www.cloudflare.com

Subject Issuer	Validity	Valid
*.sedo.com GeoTrust TLS RSA CA G1	`2023-05-11` - `2024-05-31`	a year	crt.sh
challenges.cloudflare.com Cloudflare Inc ECC CA-3	`2023-08-18` - `2024-08-17`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15
Frame ID: B205CC0705BD0EEF92BC425FE5E118B3
Requests: 18 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/3pyfs/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Frame ID: 60F344EAB05CE7CD25198A3900DDBE2F
Requests: 1 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/cgcyc/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Frame ID: 08BBC17F1CC3FAB851694DF09BECF6A6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Just a moment...

Page URL History Show full URLs

https://sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz/ HTTP 301
https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&c... Page URL
https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&c... Page URL

Page Statistics

18
Requests

89 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

175 kB
Transfer

462 kB
Size

3
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cloudflare.com/?utm_source=challenge&utm_campaign=m
Title: Cloudflare

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz/ HTTP 301
https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15 Page URL
https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz/ HTTP 301
https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15

18 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

403

/ Show response
sedo.com/search/details/
Redirect Chain

https://sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz/
https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15

7 KB
5 KB

25ms
11ms

Document
text/html

2606:4700::6810:8c72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8c72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e27d48bbc7338e39d230a64001ea37cf338f7751f1d3013d63bec315b51bd54f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-mitigated: challenge
cf-ray: 81735fe44ef28090-NRT
content-encoding: br
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
date: Mon, 16 Oct 2023 21:25:28 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

Redirect headers

content-length: 166
content-type: text/html
date: Mon, 16 Oct 2023 21:25:28 GMT
location: https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15
x-sedo-request-id: b8662a95d60156f934742bde8e941671

GET
H2 200 challenges.css
sedo.com/cdn-cgi/styles/ 6 KB
3 KB 4ms
3ms Stylesheet
text/css 2606:4700::6810:8c72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sedo.com/cdn-cgi/styles/challenges.css

Requested by

Host: sedo.com
URL: https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8c72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b0bd09c1cc7119d27e45353a59bf6c2721563e1689853ff704057a7439508d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 21:25:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 09 Oct 2023 07:45:52 GMT
server: cloudflare
etag: W/"6523afb0-19c8"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 81735fe47efd8090-NRT
expires: Mon, 16 Oct 2023 23:25:28 GMT

GET
H2 200 v1 Show response
sedo.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/ 168 KB
58 KB 10ms
10ms Script
application/javascript 2606:4700::6810:8c72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sedo.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=81735fe44ef28090
Requested by: Host: sedo.com
URL: https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8c72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df8fa3fc7b240aff0ec555a48a824c75e3dd0b9118dc52d3b4b9cf65ccfab632

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15&__cf_chl_rt_tk=qt9EtsxrP7A7E51dh3k9OzUy4e1DkSvtuD.aieKPTks-1697491528-0-gaNycGzNDLs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 21:25:28 GMT
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding: br
server: cloudflare
cf-ray: 81735fe48f058090-NRT
content-type: application/javascript; charset=UTF-8

GET
H2 200 api.js Show response
challenges.cloudflare.com/turnstile/v0/b/7ff8d35b/ 33 KB
11 KB 31ms
24ms Script
application/javascript 2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/b/7ff8d35b/api.js?onload=CeHd9&render=explicit
Requested by: Host: sedo.com
URL: https://sedo.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=81735fe44ef28090
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e0b26f08c9a0d0a70e887541e8165472579233b92950835dd2bdde9963d1b8a

Request headers

Referer
Origin: https://sedo.com
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 21:25:28 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cf-ray: 81735fe4cd77264d-NRT
alt-svc: h3=":443"; ma=86400

GET
H2 200 favicon.ico
sedo.com/ 1 KB
515 B 14ms
14ms Image
image/x-icon 2606:4700::6810:8c72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sedo.com/favicon.ico

Requested by

Host: sedo.com
URL: https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8c72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bfe5e4dd874ed7a044e961c8fa2c293376113f84d5645f5a2ee902f56c29eb85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 21:25:28 GMT
x-sedo-request-id: ID-669655d478-v9j48-93fa6d81f74adb2ba964e9215527414d
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 10 Oct 2023 13:40:38 GMT
server: cloudflare
age: 17
vary: Accept-Encoding, Origin
x-frame-options: sameorigin
content-type: image/x-icon
access-control-allow-origin: *
content-encoding: br
cf-ray: 81735fe4bf118090-NRT

GET
DATA 200
OK truncated
/ 586 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa

Request headers

accept-language: jp-JP,jp;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Type: image/png

GET
BLOB 200
OK a1cd2dc8-5a21-413d-b7c7-233cdf51eddb
https://sedo.com/ 13 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://sedo.com/a1cd2dc8-5a21-413d-b7c7-233cdf51eddb
Requested by: Host: sedo.com
URL: https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8860e7fef89219a219cb11d18bd8e4a322f32072613f86e935e7fe162ab69c04

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Length: 13
Content-Type: text/javascript

POST
H2 200 10e3512a98534e3 Show response
sedo.com/cdn-cgi/challenge-platform/h/b/flow/ov1/477607499:1697487132:qo-_JxBh2WMc4mdMneplrmlfQWHRl3ZQYQwqKbc6g3g/81735fe44ef28090/ 11 KB
8 KB 20ms
19ms XHR
text/plain 2606:4700::6810:8c72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sedo.com/cdn-cgi/challenge-platform/h/b/flow/ov1/477607499:1697487132:qo-_JxBh2WMc4mdMneplrmlfQWHRl3ZQYQwqKbc6g3g/81735fe44ef28090/10e3512a98534e3
Requested by: Host: sedo.com
URL: https://sedo.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=81735fe44ef28090
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8c72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0791687c6905f9a7995f94b240188d339e9f5692195292b6db5c3603f880957

Request headers

Referer: https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
CF-Challenge: 10e3512a98534e3
Content-type: application/x-www-form-urlencoded

Response headers

cf-chl-gen: ZWu+MbFRTicR9f9kPsPT/9WWB26n3l2TKmyBMalV6AEgW2rJSJ8oDOMnRz+6yKDZ$khmNsRlJVa1zsSFsR0XX8w==
date: Mon, 16 Oct 2023 21:25:28 GMT
content-encoding: br
server: cloudflare
cf-ray: 81735fe57f4c8090-NRT
content-type: text/plain; charset=UTF-8

GET
H3 200 normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/3pyfs/0x4AAAAAAADnPIDROrmt1Wwj/light/ Frame 60F3 0
0 18ms
13ms Document
text/html 2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/3pyfs/0x4AAAAAAADnPIDROrmt1Wwj/light/normal

Requested by

Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/b/7ff8d35b/api.js?onload=CeHd9&render=explicit

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-src https://challenges.cloudflare.com/; base-uri 'self'

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 81735fe5fbc7261a-NRT
content-encoding: br
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Mon, 16 Oct 2023 21:25:28 GMT
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare

POST
H2 200 10e3512a98534e3 Show response
sedo.com/cdn-cgi/challenge-platform/h/b/flow/ov1/477607499:1697487132:qo-_JxBh2WMc4mdMneplrmlfQWHRl3ZQYQwqKbc6g3g/81735fe44ef28090/ 2 KB
2 KB 13ms
13ms XHR
text/html 2606:4700::6810:8c72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sedo.com/cdn-cgi/challenge-platform/h/b/flow/ov1/477607499:1697487132:qo-_JxBh2WMc4mdMneplrmlfQWHRl3ZQYQwqKbc6g3g/81735fe44ef28090/10e3512a98534e3
Requested by: Host: sedo.com
URL: https://sedo.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=81735fe44ef28090
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8c72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ea540b7e1534fefc0a7b3065bbc7552eb69fe7e0148897fe5e174c87d99477c8

Request headers

Referer: https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
CF-Challenge: 10e3512a98534e3
Content-type: application/x-www-form-urlencoded

Response headers

cf-chl-out: +9rvSLdwA47A/jvDwzK/LkCnzeLnj4uS7If3yDRM9CAm1aPjMzRRtIzCoXDyIZEtsSo4l3GyuDaspl+vyDzQcopzmnme53aZVL077t6JOZ4=$3td2XOUdQD9ZQvl5O+dOXA==
cf-chl-out-s: UW5OPQBYfIS+2EhAbXihcO7RBnNP02K5tygBpBrFmtcABRFrhXLOccHnGQuibwHex7HLS7ssTyF6J97l+xpzgg==$UyOovJlOJHBFbi6LNb8OzA==
date: Mon, 16 Oct 2023 21:25:28 GMT
content-encoding: br
server: cloudflare
cf-ray: 81735fe74fa48090-NRT
content-type: text/html; charset=UTF-8

GET
H2 403 Primary Request / Show response
sedo.com/search/details/ 7 KB
4 KB 9ms
7ms Document
text/html 2606:4700::6810:8c72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15

Requested by

Host: sedo.com
URL: https://sedo.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=81735fe44ef28090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8c72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50c9bcf48785ae87514741d0b64915f085ec9d392861aa85c8cb7661188547e2

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-mitigated: challenge
cf-ray: 81735ff78a638090-NRT
content-encoding: br
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
date: Mon, 16 Oct 2023 21:25:31 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 challenges.css
sedo.com/cdn-cgi/styles/ 6 KB
3 KB 4ms
3ms Stylesheet
text/css 2606:4700::6810:8c72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sedo.com/cdn-cgi/styles/challenges.css

Requested by

Host: sedo.com
URL: https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8c72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b0bd09c1cc7119d27e45353a59bf6c2721563e1689853ff704057a7439508d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 21:25:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 09 Oct 2023 07:45:52 GMT
server: cloudflare
etag: W/"6523afb0-19c8"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 81735ff7aa678090-NRT
expires: Mon, 16 Oct 2023 23:25:31 GMT

GET
H2 200 v1 Show response
sedo.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/ 171 KB
58 KB 11ms
11ms Script
application/javascript 2606:4700::6810:8c72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sedo.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=81735ff78a638090
Requested by: Host: sedo.com
URL: https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8c72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b79ef263b34d8596dbbce594dd0f87f58b325c2aa0019a69309228337fe91a7

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15&__cf_chl_rt_tk=yPsIJfIQfdZz2uTVkvjMcpf2QxMDc30VKKIzSC9qKhY-1697491531-0-gaNycGzNDKU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 21:25:31 GMT
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding: br
server: cloudflare
cf-ray: 81735ff7ea758090-NRT
content-type: application/javascript; charset=UTF-8

GET
H2 200 api.js Show response
challenges.cloudflare.com/turnstile/v0/b/7ff8d35b/ 33 KB
11 KB 22ms
21ms Script
application/javascript 2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/b/7ff8d35b/api.js?onload=CeHd9&render=explicit
Requested by: Host: sedo.com
URL: https://sedo.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=81735ff78a638090
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e0b26f08c9a0d0a70e887541e8165472579233b92950835dd2bdde9963d1b8a

Request headers

Referer
Origin: https://sedo.com
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 21:25:31 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cf-ray: 81735ff81a66264d-NRT
alt-svc: h3=":443"; ma=86400

GET
H2 200 favicon.ico
sedo.com/ 1 KB
397 B 15ms
15ms Image
image/x-icon 2606:4700::6810:8c72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sedo.com/favicon.ico

Requested by

Host: sedo.com
URL: https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8c72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bfe5e4dd874ed7a044e961c8fa2c293376113f84d5645f5a2ee902f56c29eb85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 21:25:31 GMT
x-sedo-request-id: ID-669655d478-v9j48-93fa6d81f74adb2ba964e9215527414d
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 10 Oct 2023 13:40:38 GMT
server: cloudflare
age: 20
vary: Accept-Encoding, Origin
x-frame-options: sameorigin
content-type: image/x-icon
access-control-allow-origin: *
content-encoding: br
cf-ray: 81735ff81a7c8090-NRT

GET
DATA 200
OK truncated
/ 586 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa

Request headers

accept-language: jp-JP,jp;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Type: image/png

GET
BLOB 200
OK ec686e69-776a-412e-a9fa-ed4caf599d35
https://sedo.com/ 13 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://sedo.com/ec686e69-776a-412e-a9fa-ed4caf599d35
Requested by: Host: sedo.com
URL: https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8860e7fef89219a219cb11d18bd8e4a322f32072613f86e935e7fe162ab69c04

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Length: 13
Content-Type: text/javascript

POST
H2 200 51e0e0250640a71 Show response
sedo.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1837243467:1697490513:dQiPuKWgE9HdHDAuZj0Gjouy_NqcCgwFHBo5TWhIZpI/81735ff78a638090/ 11 KB
8 KB 20ms
19ms XHR
text/plain 2606:4700::6810:8c72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sedo.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1837243467:1697490513:dQiPuKWgE9HdHDAuZj0Gjouy_NqcCgwFHBo5TWhIZpI/81735ff78a638090/51e0e0250640a71
Requested by: Host: sedo.com
URL: https://sedo.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=81735ff78a638090
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8c72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 77554c50bf2b644a007616a4092fc8b75da858e27ffd37cf18bd8e96f93226fb

Request headers

Referer: https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
CF-Challenge: 51e0e0250640a71
Content-type: application/x-www-form-urlencoded

Response headers

cf-chl-gen: slgBKsBgOAQeRVdCgRluUtBc96kuxpY0XN3JJdm5MGUhmu6ISxoLAKlimq+4z7DG$UVj/mY3KdnLDg0KziNuHUA==
date: Mon, 16 Oct 2023 21:25:31 GMT
content-encoding: br
server: cloudflare
cf-ray: 81735ff8daa98090-NRT
content-type: text/plain; charset=UTF-8

GET
H3 200 normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/cgcyc/0x4AAAAAAADnPIDROrmt1Wwj/light/ Frame 08BB 0
0 12ms
12ms Document
text/html 2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/cgcyc/0x4AAAAAAADnPIDROrmt1Wwj/light/normal

Requested by

Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/b/7ff8d35b/api.js?onload=CeHd9&render=explicit

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-src https://challenges.cloudflare.com/; base-uri 'self'

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 81735ff9497e261a-NRT
content-encoding: br
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Mon, 16 Oct 2023 21:25:31 GMT
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare

POST
H2 200 51e0e0250640a71 Show response
sedo.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1837243467:1697490513:dQiPuKWgE9HdHDAuZj0Gjouy_NqcCgwFHBo5TWhIZpI/81735ff78a638090/ 2 KB
2 KB 15ms
15ms XHR
text/html 2606:4700::6810:8c72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sedo.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1837243467:1697490513:dQiPuKWgE9HdHDAuZj0Gjouy_NqcCgwFHBo5TWhIZpI/81735ff78a638090/51e0e0250640a71
Requested by: Host: sedo.com
URL: https://sedo.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=81735ff78a638090
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8c72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e04eb59c0c2279d3699ca64a57e9ab581fd4aef44ac17e5b871680946344ea57

Request headers

Referer: https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
CF-Challenge: 51e0e0250640a71
Content-type: application/x-www-form-urlencoded

Response headers

cf-chl-out: L5lvfULY6mhj8v3Tu2AEqgPC6bIxrcl5mq1EhT0R1KDvDkrL7QBeeDtSzd3357+THsc5S9Ll941dLabP7IWk++P93qkolZ3d/r9UQQ+Y6eI=$x/CjtwPj2hGFNgd/Kw9q4w==
cf-chl-out-s: j1ZUAansUC+xK0bY2Y9GhJjgwxR+gYFHUOaJ7JNn2bZQXYVPj0XCFlUQThgVhuOG/4OYx22Rh8O1LbgTYlsqyFfVyCp9VSYVM/3ymMS5NZ/ipynM9OFoiQX2InPsN7xpNrjrhexqXI2fL4n7Svi2wgfLb3GdE7Ks5J3zw3g9s5eL3NdG+BoESqTLCBc6x203$JibT1QqfUDtGL1vrkP3FVg==
date: Mon, 16 Oct 2023 21:25:31 GMT
content-encoding: br
server: cloudflare
cf-ray: 81735ffa9ae98090-NRT
content-type: text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.sedo.com/	1970-01-20 15:31:33	Name: __cf_bm Value: pcywkGE9qiYhNTnf93hoV9L5I84OSpOiixXlOb7.QtY-1697491528-0-AWOhNH78+pi8XVYXIVs5Jq1FcSC0xT8dt4GQ6rh1As0lNR886B+vZzIiP9rssI/YdcS4zPF4GuuN9FLhiG6o8pY=
sedo.com/	1970-01-20 15:31:35	Name: cf_chl_rc_m Value: 1
sedo.com/	1970-01-20 15:31:35	Name: cf_chl_2 Value: 51e0e0250640a71

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'browsing-topics'.
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15 Message: Failed to load resource: the server responded with a status of 403 ()
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'browsing-topics'.
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: https://sedo.com/search/details/?domain=sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz&campaignId=329145&origin=sales_lander_15 Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

challenges.cloudflare.com
sber.sberbank.pay.sber.yandex.avito.sber.farid2.xyz
sedo.com
2606:4700::6810:8c72
2606:4700::6811:2b8
91.195.241.232
2b0bd09c1cc7119d27e45353a59bf6c2721563e1689853ff704057a7439508d2
4b79ef263b34d8596dbbce594dd0f87f58b325c2aa0019a69309228337fe91a7
50c9bcf48785ae87514741d0b64915f085ec9d392861aa85c8cb7661188547e2
77554c50bf2b644a007616a4092fc8b75da858e27ffd37cf18bd8e96f93226fb
7e0b26f08c9a0d0a70e887541e8165472579233b92950835dd2bdde9963d1b8a
8860e7fef89219a219cb11d18bd8e4a322f32072613f86e935e7fe162ab69c04
bfe5e4dd874ed7a044e961c8fa2c293376113f84d5645f5a2ee902f56c29eb85
df8fa3fc7b240aff0ec555a48a824c75e3dd0b9118dc52d3b4b9cf65ccfab632
e04eb59c0c2279d3699ca64a57e9ab581fd4aef44ac17e5b871680946344ea57
e27d48bbc7338e39d230a64001ea37cf338f7751f1d3013d63bec315b51bd54f
ea540b7e1534fefc0a7b3065bbc7552eb69fe7e0148897fe5e174c87d99477c8
f0791687c6905f9a7995f94b240188d339e9f5692195292b6db5c3603f880957
fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa

sedo.com Open in urlscan Pro 2606:4700::6810:8c72 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

18 Requests

89 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

175 kBTransfer

462 kBSize

3 Cookies

1 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

3 Cookies

6 Console Messages

Security Headers

Indicators

sedo.com Open in urlscan Pro
2606:4700::6810:8c72 Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

89 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

175 kB
Transfer

462 kB
Size

3
Cookies

18 HTTP transactions
2 data transactions