www.starttesting.net Open in urlscan Pro
2606:4700:3033::681b:a865 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.starttesting.net/survey/flavinss/source=11709/subid=e:A-i_gry1WPj1SGL6sGUTwLKG_Y1KZ5Kns-yUy5FmsGM&subid2=thewarme...
Effective URL:
https://www.starttesting.net/survey/flavinss/source=11709/subid=e:A-i_gry1WPj1SGL6sGUTwLKG_Y1KZ5Kns-yUy5FmsGM&subid2=thewarme...
Submission: On February 07 via manual (February 7th 2020, 7:43:03 am UTC) from TW

Summary HTTP 49 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 3 domains to perform 49 HTTP transactions. The main IP is 2606:4700:3033::681b:a865, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.starttesting.net.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on December 23rd 2019. Valid for: 10 months.

This is the only time www.starttesting.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Investment Scam (Online) Lion's Den Scam (Online) Generic Crypto (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
43	2606:4700:303... 2606:4700:3033::681b:a865	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:81a::200a	15169 (GOOGLE) (GOOGLE)
2	2600:9000:205... 2600:9000:2057:2a00:1:cde5:7345:88c1	16509 (AMAZON-02) (AMAZON-02)
1	52.5.95.112 52.5.95.112	14618 (AMAZON-AES) (AMAZON-AES)
49	5

43 2606:4700:3033::681b:a865 (United States)

ASN13335 (CLOUDFLARENET, US)

www.starttesting.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2057:2a00:1:cde5:7345:88c1 (United States)

ASN16509 (AMAZON-02, US)

thumbs.gfycat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.5.95.112 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-5-95-112.compute-1.amazonaws.com

px.gfycat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
43	starttesting.net www.starttesting.net	3 MB
3	gfycat.com thumbs.gfycat.com px.gfycat.com	90 KB
3	googleapis.com fonts.googleapis.com	2 KB
49	3

	Domain	Requested by
43	www.starttesting.net	www.starttesting.net
3	fonts.googleapis.com	www.starttesting.net
2	thumbs.gfycat.com	www.starttesting.net
1	px.gfycat.com	www.starttesting.net
49	4

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-12-23` - `2020-10-09`	10 months	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2020-01-21` - `2020-04-14`	3 months	crt.sh
gfycat.com Amazon	`2019-05-17` - `2020-06-17`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.starttesting.net/survey/flavinss/source=11709/subid=e:A-i_gry1WPj1SGL6sGUTwLKG_Y1KZ5Kns-yUy5FmsGM&subid2=thewarmestcolor.org&subid3=11709&firstname=Maurizio&surname=Perini&city=Camogli&email=maurizio.perini%2540fincantieri.it/pid=19/nrp=ij23apxlxitnt8qh0akwn6zoc
Frame ID: 52C26548CAA2EAD735468229A83B93F6
Requests: 13 HTTP requests in this frame

Frame: https://www.starttesting.net/prelanders/flavioinsina/index.html
Frame ID: B5638BFD1DC824EE7F93381050B7A272
Requests: 38 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

49
Requests

100 %
HTTPS

75 %
IPv6

3
Domains

4
Subdomains

5
IPs

2
Countries

3642 kB
Transfer

4171 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

49 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request nrp=ij23apxlxitnt8qh0akwn6zoc Show response
www.starttesting.net/survey/flavinss/source=11709/subid=e:A-i_gry1WPj1SGL6sGUTwLKG_Y1KZ5Kns-yUy5FmsGM&subid2=thewarmestcolor.org&subid3=11709&firstname=Maurizio&surname=Perini&city=Camogli&email=ma... 7 KB
3 KB 332ms
235ms Document
text/html 2606:4700:3033::681b:a865
CLOUDFLARENET

General

Domain/Path	Expires	Name / Value
www.starttesting.net/	1970-01-19 07:21:01	Name: laravel_session Value: eyJpdiI6InhjYW1yaVhGQzZDYnNmb24wVzFrN3c9PSIsInZhbHVlIjoiOWMxSmc1ZTJOTCtFVlI2TE9McEF4OVd2OWN3N3IrRjJEclF3Ykt4aXFtU3lWUEdzS09IRzJJZGZJT25kTlN6ckg4RnVYTVNoczdrb2FoSFNHcml5Q0E9PSIsIm1hYyI6IjZiNjdiYmFmMmUxNTQzODM5NmY4YzZlNWFhOTRiNTViNDdjYzM1ZDc4NDNmYzlkNTM2N2QzYzM4Y2QwNzU0OTAifQ%3D%3D
www.starttesting.net/	1970-01-19 07:21:06	Name: b2ZmZXJXYWxs Value: %7B%22campaign%22%3A%2218001%22%2C%22survey%22%3A20813%2C%22source%22%3A%2211709%22%2C%22subid%22%3A%22subid%3De%3AA-i_gry1WPj1SGL6sGUTwLKG_Y1KZ5Kns-yUy5FmsGM%26subid2%3Dthewarmestcolor.org%26subid3%3D11709%26firstname%3DMaurizio%26surname%3DPerini%26city%3DCamogli%26email%3Dmaurizio.perini%40fincantieri.it%22%2C%22firstSession%22%3A%22fQdXFRcWVI0M1l9G4PMh6iGRfP37tDprV9D73o1k_18001%22%7D
www.starttesting.net/	1970-01-19 07:21:06	Name: survey_id_20813 Value: true
.starttesting.net/	1970-01-19 07:54:13	Name: __cfduid Value: dfda88284d980b5ba292a4d4a08d630831581061365

Source	Level	URL Text
console-api	log	URL: https://www.starttesting.net/survey/flavinss/source=11709/subid=e:A-i_gry1WPj1SGL6sGUTwLKG_Y1KZ5Kns-yUy5FmsGM&subid2=thewarmestcolor.org&subid3=11709&firstname=Maurizio&surname=Perini&city=Camogli&email=maurizio.perini%2540fincantieri.it/pid=19/nrp=ij23apxlxitnt8qh0akwn6zoc(Line 43) Message: processed: 2-thewarmestcolor.org 3-11709 firstname-Maurizio surname-Perini city-Camogli email-maurizio.perini@fincantieri.it
console-api	info	URL: https://www.starttesting.net/survey/flavinss/source=11709/subid=e:A-i_gry1WPj1SGL6sGUTwLKG_Y1KZ5Kns-yUy5FmsGM&subid2=thewarmestcolor.org&subid3=11709&firstname=Maurizio&surname=Perini&city=Camogli&email=maurizio.perini%2540fincantieri.it/pid=19/nrp=ij23apxlxitnt8qh0akwn6zoc(Line 43) Message: TP init

www.starttesting.net Open in urlscan Pro 2606:4700:3033::681b:a865 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

49 Requests

100 %HTTPS

75 %IPv6

3 Domains

4 Subdomains

5 IPs

2 Countries

3642 kBTransfer

4171 kBSize

4 Cookies

0 Outgoing links

Redirected requests

49 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.starttesting.net Open in urlscan Pro
2606:4700:3033::681b:a865 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

49
Requests

100 %
HTTPS

75 %
IPv6

3
Domains

4
Subdomains

5
IPs

2
Countries

3642 kB
Transfer

4171 kB
Size

4
Cookies

49 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!