venues-operators-portrait-versus.trycloudflare.com Open in urlscan Pro
104.16.230.132 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://venues-operators-portrait-versus.trycloudflare.com/
Submission: On August 23 via manual (August 23rd 2024, 10:12:55 am UTC) from IN — Scanned from CA

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 5 domains to perform 18 HTTP transactions. The main IP is 104.16.230.132, located in and belongs to CLOUDFLARENET, US. The main domain is venues-operators-portrait-versus.trycloudflare.com.
TLS certificate: Issued by WE1 on July 1st 2024. Valid for: 3 months.

This is the only time venues-operators-portrait-versus.trycloudflare.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Instagram (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
1 15	104.16.230.132 104.16.230.132	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	151.101.65.229 151.101.65.229	54113 (FASTLY) (FASTLY)
1	142.250.65.202 142.250.65.202	15169 (GOOGLE) (GOOGLE)
1 1	142.250.80.36 142.250.80.36	15169 (GOOGLE) (GOOGLE)
1	142.250.81.228 142.250.81.228	15169 (GOOGLE) (GOOGLE)
18	4

15 104.16.230.132 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

venues-operators-portrait-versus.trycloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.65.229 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.65.202 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s72-in-f10.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.80.36 (Plainview, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s34-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.81.228 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s74-in-f4.1e100.net

t2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	trycloudflare.com 1 redirects venues-operators-portrait-versus.trycloudflare.com	248 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 410	137 KB
1	gstatic.com t2.gstatic.com	1 KB
1	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 10	18 B
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 641	31 KB
18	5

	Domain	Requested by
15	venues-operators-portrait-versus.trycloudflare.com	1 redirects venues-operators-portrait-versus.trycloudflare.com
2	cdn.jsdelivr.net	venues-operators-portrait-versus.trycloudflare.com cdn.jsdelivr.net
1	t2.gstatic.com	venues-operators-portrait-versus.trycloudflare.com
1	www.google.com	1 redirects
1	ajax.googleapis.com	venues-operators-portrait-versus.trycloudflare.com
18	5

This site contains no links.

Subject Issuer	Validity	Valid
trycloudflare.com WE1	`2024-07-01` - `2024-09-29`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
upload.video.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://venues-operators-portrait-versus.trycloudflare.com/
Frame ID: FC344B5C2373527EBD3A3161E5203FFB
Requests: 10 HTTP requests in this frame

Frame: https://venues-operators-portrait-versus.trycloudflare.com/sites/instagram/login.html
Frame ID: 5CCB543DD62A2CD2E07B2565C2CC7580
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

18
Requests

94 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

417 kB
Transfer

1053 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://www.google.com/s2/favicons?domain=https://instagram.com HTTP 301
https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://instagram.com&size=16

Request Chain 7

https://venues-operators-portrait-versus.trycloudflare.com/sites/instagram/index.php HTTP 302
https://venues-operators-portrait-versus.trycloudflare.com/sites/instagram/login.html

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
venues-operators-portrait-versus.trycloudflare.com/ 3 KB
1 KB 444ms
386ms Document
text/html 104.16.230.132
CLOUDFLARENET

General

Source	Level	URL Text
recommendation	verbose	URL: https://venues-operators-portrait-versus.trycloudflare.com/sites/instagram/login.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://venues-operators-portrait-versus.trycloudflare.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

venues-operators-portrait-versus.trycloudflare.com Open in urlscan Pro 104.16.230.132 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

18 Requests

94 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

4 IPs

2 Countries

417 kBTransfer

1053 kBSize

0 Cookies

0 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

venues-operators-portrait-versus.trycloudflare.com Open in urlscan Pro
104.16.230.132 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

94 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

417 kB
Transfer

1053 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!