usaadispute.info Open in urlscan Pro
2a06:98c1:3120::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://crest-mortgage.com/income.html
Effective URL:
https://usaadispute.info/on/ref
Submission: On August 21 via manual (August 21st 2024, 1:12:24 pm UTC) from IN — Scanned from DE

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 15 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is usaadispute.info.
TLS certificate: Issued by WE1 on August 18th 2024. Valid for: 3 months.

This is the only time usaadispute.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
2	69.49.244.120 69.49.244.120	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
3 16	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	3

2 69.49.244.120 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 69-49-244-120.webhostbox.net

crest-mortgage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a06:98c1:3120::3 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

usaadispute.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	usaadispute.info 3 redirects usaadispute.info	62 KB
2	crest-mortgage.com crest-mortgage.com	9 KB
15	2

	Domain	Requested by
16	usaadispute.info	3 redirects usaadispute.info crest-mortgage.com
2	crest-mortgage.com
15	2

This site contains no links.

Subject Issuer	Validity	Valid
www.crest-mortgage.com R11	`2024-08-17` - `2024-11-15`	3 months	crt.sh
usaadispute.info WE1	`2024-08-18` - `2024-11-16`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://usaadispute.info/on/ref
Frame ID: 62902C57D6996D5ED882588E42148CE7
Requests: 12 HTTP requests in this frame

Frame: https://usaadispute.info/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js
Frame ID: CFB8F2894BF0856CA3E4040FC2664E4D
Requests: 2 HTTP requests in this frame

Frame: https://usaadispute.info/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js
Frame ID: 8C9531749BD939910B6A76AB12DAF5FB
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

403 Forbidden

Page URL History Show full URLs

https://crest-mortgage.com/income.html Page URL
https://usaadispute.info/on/ref Page URL
https://usaadispute.info/cdn-cgi/phish-bypass?atok=p.za0nU_cYuDiFZ4eKu_yEH5cMy.293rkoO6EmFmS.g-172424... HTTP 301
https://usaadispute.info/on/ref Page URL
https://usaadispute.info/on/ref Page URL

Page Statistics

15
Requests

87 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

69 kB
Transfer

102 kB
Size

12
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://crest-mortgage.com/income.html Page URL
https://usaadispute.info/on/ref Page URL
https://usaadispute.info/cdn-cgi/phish-bypass?atok=p.za0nU_cYuDiFZ4eKu_yEH5cMy.293rkoO6EmFmS.g-1724245937-0.0.1.1-%2Fon%2Fref HTTP 301
https://usaadispute.info/on/ref Page URL
https://usaadispute.info/on/ref Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7

https://usaadispute.info/cdn-cgi/phish-bypass?atok=p.za0nU_cYuDiFZ4eKu_yEH5cMy.293rkoO6EmFmS.g-1724245937-0.0.1.1-%2Fon%2Fref HTTP 301
https://usaadispute.info/on/ref

Request Chain 9

https://usaadispute.info/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://usaadispute.info/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js

Request Chain 12

https://usaadispute.info/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://usaadispute.info/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js

15 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK income.html Show response
crest-mortgage.com/ 8 KB
8 KB 387ms
111ms Document
text/html 69.49.244.120
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://crest-mortgage.com/income.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.49.244.120 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 69-49-244-120.webhostbox.net
Software: Apache /
Resource Hash: b550956b72d349ccc28a6947b44d721ab45eec22c5c1fb97f656600687fa622e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 8004
Content-Type: text/html
Date: Wed, 21 Aug 2024 13:12:13 GMT
Keep-Alive: timeout=5, max=100
Last-Modified: Sun, 18 Aug 2024 17:33:41 GMT
Server: Apache

GET
DATA 200
OK truncated
/ 6 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2e62db922da50b92be09bffbbc1c38c154029ab0938dc2dba44b53c85f82c9b5

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H/1.1 404
Not Found favicon.ico
crest-mortgage.com/ 315 B
515 B 128ms
120ms Other
text/html 69.49.244.120
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://crest-mortgage.com/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.49.244.120 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 69-49-244-120.webhostbox.net
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Referer: https://crest-mortgage.com/income.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Wed, 21 Aug 2024 13:12:13 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H3 200 ref Show response
usaadispute.info/on/ 4 KB
2 KB 162ms
47ms Document
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://usaadispute.info/on/ref

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52c02e87c648ce48b4f68c7509e82720ba06e350ccfe902dc5abb730980429f4

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://crest-mortgage.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

cf-ray: 8b6adfb59ca79f94-AMS
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 21 Aug 2024 13:12:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TGUmwMJjhAhbMkmHj6MhGOAudV5l2AyS4RzMtviMQmnfmoUmMENnSjo1MYnUrHKWSZUvON7pGZWFCz66Puuw6hMRBcrAwkwPeHoQ6W9nemCujqhiqTMgp4hYVsmDrNm7B%2FIHpy7IHOaIaxM%2Bcpkj"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H3 200 cf.errors.css
usaadispute.info/cdn-cgi/styles/ 23 KB
5 KB 21ms
19ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://usaadispute.info/cdn-cgi/styles/cf.errors.css

Requested by

Host: usaadispute.info
URL: https://usaadispute.info/on/ref

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://usaadispute.info/on/ref
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 21 Aug 2024 13:12:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2024 09:12:52 GMT
server: cloudflare
etag: W/"66c30c94-5df3"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 8b6adfb62d919f94-AMS
expires: Wed, 21 Aug 2024 15:12:17 GMT

GET
H3 200 icon-exclamation.png
usaadispute.info/cdn-cgi/images/ 452 B
634 B 19ms
17ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://usaadispute.info/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: usaadispute.info
URL: https://usaadispute.info/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://usaadispute.info/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 21 Aug 2024 13:12:17 GMT
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2024 09:12:52 GMT
server: cloudflare
etag: "66c30c94-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 8b6adfb6de989f94-AMS
content-length: 452
expires: Wed, 21 Aug 2024 15:12:17 GMT

GET
H3 503 favicon.ico
usaadispute.info/ 6 KB
7 KB 237ms
231ms Other
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://usaadispute.info/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: https://usaadispute.info/on/ref
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Aug 2024 13:12:18 GMT
x-content-type-options: nosniff, nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ystWmun16Ouw6jYASm5vwxuF8ffNvq7ppZ2EwdIaxWyZ9UAvc%2FMrmaPlu%2BxASD8KAO9dJMQrTKQtnuCxCeP3hYR60%2FAvvfcfxLaCjik7afhLFD7R7gATAMRehaFMDfpMj3f9k%2Ft6uKvXqg%2Bx%2BtyB"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 8b6adfb7afba9f94-AMS
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block
expires: 0

GET
H3

503

ref Show response
usaadispute.info/on/
Redirect Chain

https://usaadispute.info/cdn-cgi/phish-bypass?atok=p.za0nU_cYuDiFZ4eKu_yEH5cMy.293rkoO6EmFmS.g-1724245937-0.0.1.1-%2Fon%2Fref
https://usaadispute.info/on/ref

19 KB
19 KB

209ms
209ms

Document
text/html

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://usaadispute.info/on/ref

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ad69bcaaddf574367ed643ac9b7b1992b5ad98a6cce738638cc1c7a2eb44b35

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Referer: https://usaadispute.info/on/ref
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 8b6adfc2b84e9f94-AMS
content-type: text/html; charset=utf-8
date: Wed, 21 Aug 2024 13:12:19 GMT
expires: 0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FxdhQcPhDc7huW%2BWBnHEWynamEAi%2B6huSFVJXttayhmu0n6%2BEW3wp%2FAdys6i%2FulHhm4uWrevfkwTdWyHW9LZ2AhqusoMtGYggkJXI0NSviQ%2F5FwlNaD9UC8wV6AiEaPF5WvWp%2FpVrZyl0n%2BTBJE4"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-content-type-options: nosniff nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block 1; mode=block

Redirect headers

cache-control: private, no-cache
cf-ray: 8b6adfc2881e9f94-AMS
content-length: 167
content-type: text/html
date: Wed, 21 Aug 2024 13:12:19 GMT
location: https://usaadispute.info/on/ref
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

POST
H3 204 ref
usaadispute.info/on/ 0
942 B 120ms
120ms XHR
text/plain 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://usaadispute.info/on/ref

Requested by

Host: crest-mortgage.com
URL: https://crest-mortgage.com/income.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

X-Requested-TimeStamp-Expire
X-Requested-TimeStamp-Combination
X-Requested-Type-Combination: GET
Content-type: application/x-www-form-urlencoded
X-Requested-Type: GET
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Referer: https://usaadispute.info/on/ref
X-Requested-with: XMLHttpRequest
X-Requested-TimeStamp
YqSKc49nviyld3QZiKBIy2AxJes: 40322844
rSPT66v6XYl-l4AHuBPHncunvP0: XmluN6HtoDmH0Wkdn5FCE0FuFZo

Response headers

pragma: no-cache
date: Wed, 21 Aug 2024 13:12:20 GMT
x-server-powered-by: Engintron
x-content-type-options: nosniff, nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BB%2BNIDib0inrkTLeqdsks3IwYDg81lnGJ7ESamZtLUGhl8%2F6xkctCY2as3L8KljUaYPbKVoR9ofzql3QvDBZIEDMxK9gnCr2hd%2F2ZRaL%2FlnpdSzTcBh3nYbCiu0OeruMjkdEKljKqztsiGXm6Uk1"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 8b6adfc48ae49f94-AMS
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block
expires: 0

GET
H3

200

main.js
usaadispute.info/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/ Frame CFB8
Redirect Chain

https://usaadispute.info/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://usaadispute.info/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js?

8 KB
4 KB

22ms
22ms

Script
application/javascript

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://usaadispute.info/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js?

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 21 Aug 2024 13:12:19 GMT
content-encoding: zstd
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Q55OMI%2BY3tmFyRAAii5L72ffCMAHIJ50iXH%2FpiPOPpLJ%2BYke2A0NBdYvUXXPLkO0fJuSunBAaTXJoohxwfvx%2B7dQqHhZ%2FfCvvEbViBmmE%2BKrNLfuzQqFGcflkMjO%2FA4hfiKMFKVw8YwD7USKuvc"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray: 8b6adfc4ab269f94-AMS
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Wed, 21 Aug 2024 13:12:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mg4vgVEJYmcThZIb4OSr0xvP1GmgB4xtYZYzAVE4Pn9uGjzhTLtE%2BTwg3BrR78GHnvBBusNvruWtD%2Bqsw9RcjKrOgRLbcNAK5HRAczLorYmMvnKLoMzmKQ3X10FnWSCrTG0V1BE89BCM7eqkoF%2Bd"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js?
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray: 8b6adfc48ae79f94-AMS
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 503 favicon.ico
usaadispute.info/ 18 KB
18 KB 162ms
161ms Other
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://usaadispute.info/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: https://usaadispute.info/on/ref
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Aug 2024 13:12:20 GMT
x-content-type-options: nosniff, nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dZk8EWKNZAXPAbXRPV9L72fzRQECWq8V7baRASl1QDL5mTUusXSY%2BiFTINDJk%2B%2BuSwITk8m4I9w3Ju6dZX7BYTKSrRYH72D5wXe1eDEWBOzYjaO8Cf9DyQ%2BrMJN7I4%2BXgMaDP92lECkN2oHxdD17"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 8b6adfc48af49f94-AMS
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block
expires: 0

POST
H3 200 8b6adfc2b84e9f94
usaadispute.info/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame CFB8 0
972 B 39ms
31ms XHR
text/plain 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://usaadispute.info/cdn-cgi/challenge-platform/h/b/jsd/r/8b6adfc2b84e9f94
Requested by: Host: usaadispute.info
URL: https://usaadispute.info/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 21 Aug 2024 13:12:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zLlB7awLOjzlI3Jqi3xc%2FwGS6P1Hsjc%2BXooDASnX5RfUo%2BAjmKCKS%2FKztg%2Bd5xfDkTKbEXubDWciPJwemc5SNWaSPt0uTVLguWUAveHvQE%2Fen8pQ8AmOoUo%2FjlPjI5akXSeMR2Z0KlU%2Fdga2ZKPm"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 8b6adfc5fcea9f94-AMS
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 403 Primary Request ref Show response
usaadispute.info/on/ 1 KB
1 KB 98ms
97ms Document
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://usaadispute.info/on/ref

Requested by

Host: crest-mortgage.com
URL: https://crest-mortgage.com/income.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

85b40d5e3dd0fcc468043b6d0ebb458091ad8fc93a07772c4aa9d2d62d51bb19

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Referer: https://usaadispute.info/on/ref
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8b6adfc60d019f94-AMS
content-encoding: zstd
content-type: text/html
date: Wed, 21 Aug 2024 13:12:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FjBMhSiVWYKL%2BBWQK7lTlS1Dx5CgCqiAZyHe56abWJwEbr40XZGNln3FrQLGCX4AB2Hom6TFHha3e7PANGROhe1%2B0cy3IQjfpr4eZN0kCZQTHayIOqeHvVctRbv8d0qCMDESXu4dA%2BH8ni4y9609"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff nosniff
x-xss-protection: 1; mode=block 1; mode=block

GET
H3

200

main.js Show response
usaadispute.info/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/ Frame 8C95
Redirect Chain

https://usaadispute.info/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://usaadispute.info/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js?

8 KB
0

0ms
0ms

Script
application/javascript

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://usaadispute.info/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js?

Protocol

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a669f2cbf158d552c0c0b325d22aa49c434601bdcb6953ae9cfa900320e208dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 21 Aug 2024 13:12:19 GMT
content-encoding: zstd
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Q55OMI%2BY3tmFyRAAii5L72ffCMAHIJ50iXH%2FpiPOPpLJ%2BYke2A0NBdYvUXXPLkO0fJuSunBAaTXJoohxwfvx%2B7dQqHhZ%2FfCvvEbViBmmE%2BKrNLfuzQqFGcflkMjO%2FA4hfiKMFKVw8YwD7USKuvc"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray: 8b6adfc4ab269f94-AMS
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Wed, 21 Aug 2024 13:12:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mg4vgVEJYmcThZIb4OSr0xvP1GmgB4xtYZYzAVE4Pn9uGjzhTLtE%2BTwg3BrR78GHnvBBusNvruWtD%2Bqsw9RcjKrOgRLbcNAK5HRAczLorYmMvnKLoMzmKQ3X10FnWSCrTG0V1BE89BCM7eqkoF%2Bd"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js?
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray: 8b6adfc48ae79f94-AMS
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 403 favicon.ico
usaadispute.info/ 548 B
659 B 123ms
123ms Other
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://usaadispute.info/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: https://usaadispute.info/on/ref
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: public
date: Wed, 21 Aug 2024 13:12:20 GMT
content-encoding: zstd
x-content-type-options: nosniff, nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dcSdeLvu3gdRgmgrPhVjvHEZtcawTRdrKYNI6YIsZlXLDnodmldqhfWuQ42313O9fS98vAzbT8g72s6El1tB1%2BEvijcsm2kLcaSqHjIls25%2FJl7WKIQXWZB6%2FUFyXhnJ%2Bv9yhNlFLueaKdpcSrG2"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutable
cf-ray: 8b6adfc6ce379f94-AMS
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block

POST
H3 200 8b6adfc60d019f94 Show response
usaadispute.info/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 8C95 0
965 B 29ms
23ms XHR
text/plain 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://usaadispute.info/cdn-cgi/challenge-platform/h/b/jsd/r/8b6adfc60d019f94
Requested by: Host: usaadispute.info
URL: https://usaadispute.info/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 21 Aug 2024 13:12:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dySWxRvpYUlhJu4nKS4dar5ZRVOPe8rWzG%2FnupTH5vLuw1rldYhyGTdHugWDlGJyCKe4ofQdlEd6%2Fj3Km4OSakxVgn3ENHXLdorg0x7zDprWmuRygeYZFzbtMfSfTf9byrNIPcrPmqt5g5DRGPsi"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 8b6adfc71ea99f94-AMS
alt-svc: h3=":443"; ma=86400
content-length: 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
usaadispute.info/	1970-01-20 22:58:52	Name: LUhmLXLH87E-uh_pHrKw1NneIbI Value: Khk2HC9dLduToHaLbUrdPX7fuBc
usaadispute.info/	1970-01-20 22:58:52	Name: yUzn7A0hxCTQ-I6p2zCrCgZrrcI Value: 1724245934
usaadispute.info/	1970-01-20 22:58:52	Name: DFKDQSS34QTm8M0x3A7ONJNCncw Value: 1724332334
usaadispute.info/	1970-01-20 22:58:52	Name: FPWC1sgHX2v7CBXrBsk3cF4HQOI Value: Gx2w3L5pd8lDKcWOMAHckBTmWIo
.usaadispute.info/	1970-01-20 22:58:52	Name: __cf_mw_byp Value: p.za0nU_cYuDiFZ4eKu_yEH5cMy.293rkoO6EmFmS.g-1724245937-0.0.1.1-/on/ref
usaadispute.info/	1970-01-20 22:58:52	Name: auCXP0Y1oifGM0a6CwBKtTBBpPU Value: f1oVGek4bgvzMWmjXJC2DuZOgk0
usaadispute.info/	1970-01-20 22:58:52	Name: _CQSYpc3skDqzxt70z57vhLIUzE Value: 3kd6pqMqiJMrglmIEMGIfeLgoNg
usaadispute.info/	1970-01-20 22:58:52	Name: 1Y1H9L2VLr3fvSUuwPRC0qtbVfQ Value: 1724245939
usaadispute.info/	1970-01-20 22:58:52	Name: CvW7Htzn7ojO4Nlz8OseAnCDRGs Value: 1724332339
usaadispute.info/	1970-01-20 22:58:52	Name: _ehmHkBcHgGD9R3rSkQ31vrAIAw Value: CXBALkHOJPwU01bShjvBBOCToXc
usaadispute.info/	1970-01-20 22:58:52	Name: 1cl7t9wFRUVyrn00IVBN8_fPdqw Value: nEHRwKNbfXxXzHkPT91Cz_pOafg
.usaadispute.info/	1970-01-21 07:43:01	Name: cf_clearance Value: z0Bg0DqFl6SEN_1_folPsh8vXvbfoGAkn.7gxkHXHdc-1724245940-1.2.1.1-cuVQfgHUjVTxN4TlzeHFVH7lPjxcbP4rF1K2sU6yrwIAl6xKXsxZn4VJQp.vBZVdr3KQ_BOJSjE508P0x2CavC4vA5X_q7F0qOBuqT4pmPkfTSTd7Rhk63d095mhSFciQl99tKRNrBi3k2pFtCqS24YAZfR4xHPkQtqmOIpugNCsqlylJogpqEuvLpclvdgUVtpSmWlLEuws7k6RVErD98vcnoj59tIQrYnYCQXTqvWfto.rV09r1tEvlWizpM4BJh5CkE50LOaG9Cwjq2hw0gXL2o843Sp2DoOPfXp3ExDI08PPu9QbjdYimr7MAfON1EMVCFQa4FjeEhmo5NhpA6ETOh6EZIJ6skSWyzfxJMViMJKSyF8hcW1ebdTUSoMFVXzRHDB9MZ.xTEsqjV35clk5aYW4fHNThDd9XEth1RE

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://crest-mortgage.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://usaadispute.info/favicon.ico Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://usaadispute.info/on/ref Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://usaadispute.info/favicon.ico Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://usaadispute.info/on/ref Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://usaadispute.info/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

crest-mortgage.com
usaadispute.info
2a06:98c1:3120::3
69.49.244.120
1ad69bcaaddf574367ed643ac9b7b1992b5ad98a6cce738638cc1c7a2eb44b35
25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393
2e62db922da50b92be09bffbbc1c38c154029ab0938dc2dba44b53c85f82c9b5
52c02e87c648ce48b4f68c7509e82720ba06e350ccfe902dc5abb730980429f4
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
85b40d5e3dd0fcc468043b6d0ebb458091ad8fc93a07772c4aa9d2d62d51bb19
a669f2cbf158d552c0c0b325d22aa49c434601bdcb6953ae9cfa900320e208dd
b550956b72d349ccc28a6947b44d721ab45eec22c5c1fb97f656600687fa622e
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

usaadispute.info Open in urlscan Pro 2a06:98c1:3120::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

15 Requests

87 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

69 kBTransfer

102 kBSize

12 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

12 Cookies

6 Console Messages

Indicators

usaadispute.info Open in urlscan Pro
2a06:98c1:3120::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

87 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

69 kB
Transfer

102 kB
Size

12
Cookies

15 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!