one.123berlin.xyz
Open in
urlscan Pro
2a06:98c1:3121::3
Public Scan
URL:
https://one.123berlin.xyz/dl.php?url=J01SJXPeIzh8i04bZu9HVOfCt1Wbu9sQTPxeBjlZyswQ8odr4ejZFyCcFAczCeJyJn27gh3IIPkphgC9%2BlR...
Submission Tags: falconsandbox
Submission: On April 12 via api from US — Scanned from NL
Submission Tags: falconsandbox
Submission: On April 12 via api from US — Scanned from NL
Summary
This website contacted 3 IPs
in 2 countries
across 3 domains to perform 7 HTTP transactions.
The main IP is 2a06:98c1:3121::3, located in
United States and
belongs to CLOUDFLARENET, US.
The main domain is one.123berlin.xyz.
TLS certificate: Issued by GTS CA 1P5 on March 8th 2023. Valid for: 3 months.
This is the only time one.123berlin.xyz was scanned on urlscan.io!
TLS certificate: Issued by GTS CA 1P5 on March 8th 2023. Valid for: 3 months.
This is the only time one.123berlin.xyz was scanned on urlscan.io!
urlscan.io Verdict: No classification
Downloads These files were downloaded by the website
Size: 37 MB (39237746 bytes, 46% done)
Downloaded from: https://ssrpde.ytjar.xyz/rr3---sn-4g5e6nzz.googlevideo.com/videoplayback?expire=1681321895&ei=R5s2ZJSRK4jO1wLdg4KYDg&ip=23.88.39.196&id=o-AHdgBEa7mTP5FWwIVfESgyZSYOF2IVpVYvgSxPPZaojU&itag=22&source=youtube&requiressl=yes&gcr=de&spc=99c5Cf1JyJl5jhUGrA40WdlO4OLj4_8&vprv=1&svpuc=1&mime=video%2Fmp4&cnr=14&ratebypass=yes&dur=263.848&lmt=1472222375097312&fexp=24007246&c=ANDROID&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cgcr%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Ccnr%2Cratebypass%2Cdur%2Clmt&sig=AOq0QJ8wRQIgOOX-iPDpwmYBcb6LgQZ4L-n079eyejvlw2sHL25wHOMCIQDlcTGgJp-nXLVN4rI6XH-DAKIxpDxFSSeiukp4XcHtHQ%3D%3D&title=Smallville+-+Clark+%26+Lana%27s+Love+%28+Legendado+%29.mp4&redirect_counter=1&rm=sn-4g5ekd76&req_id=c630b150ed6ca3ee&cms_redirect=yes&cmsv=e&ipbypass=yes&mh=X1&mip=116.203.232.108&mm=31&mn=sn-4g5e6nzz&ms=au&mt=1681302299&mv=m&mvi=3&pl=26&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIhAO4rzGeN1q5T9cs4o30x6E_MFss49pCffg8WlIHeMpXlAiAJnX6DDZbwBFc0igtmzGzbYHjfzObpBlTwxpHJTXpxfg%3D%3D
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 5 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2606:4700::68... 2606:4700::6810:3965 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 2 | 116.203.232.108 116.203.232.108 | 24940 (HETZNER-AS) (HETZNER-AS) | |
| 7 | 3 |
2
116.203.232.108
(Germany)
ASN24940 (HETZNER-AS, DE)
PTR: static.108.232.203.116.clients.your-server.de
ASN24940 (HETZNER-AS, DE)
PTR: static.108.232.203.116.clients.your-server.de
| ssrpde.ytjar.xyz |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 5 |
123berlin.xyz
one.123berlin.xyz |
22 KB |
| 2 |
ytjar.xyz
1 redirects
ssrpde.ytjar.xyz |
1 KB |
| 1 |
cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 1030 |
6 KB |
| 7 | 3 |
| Domain | Requested by | |
|---|---|---|
| 5 | one.123berlin.xyz |
one.123berlin.xyz
static.cloudflareinsights.com |
| 2 | ssrpde.ytjar.xyz |
1 redirects
one.123berlin.xyz
|
| 1 | static.cloudflareinsights.com |
one.123berlin.xyz
|
| 7 | 3 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.123berlin.xyz GTS CA 1P5 |
2023-03-08 - 2023-06-06 |
3 months | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-04-10 - 2024-04-09 |
a year | crt.sh |
| *.ytjar.xyz AlphaSSL CA - SHA256 - G4 |
2023-03-07 - 2024-04-07 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://one.123berlin.xyz/dl.php?url=J01SJXPeIzh8i04bZu9HVOfCt1Wbu9sQTPxeBjlZyswQ8odr4ejZFyCcFAczCeJyJn27gh3IIPkphgC9%2BlRlL7%2FFBR0B8UWaR3P%2FXhlVaP%2B6wybK555VF7fj%2BsVXYQAfAChgc24Mo75aIcwKxYorxPV6DPiqmMGY6%2FhZpuxKtyuT6h%2BN3QNRfbI4nSc1cSy5CG%2BXI9B1BzykQZuHugN%2BypD52WBnIDLf36%2B9G1Ra9y0N9rlN66%2F6jOc3BVJAwzlCaXGbca7sCaAl3RKy5IdBq4OlPER6TZxeT5w4UMUqo%2BSycbBmd%2F%2F98iUV9yI68zb%2BQ27XO2lgOrId1%2Ff3ff4DKmvVhOpJqYwyEXrlL5WORYBwTgeYIgUhy1n5p2qNHJr8KuFSOpVKnTIoX8qQUSQVERJDhw6zpYNkY8oTlHTPoUZ%2Bot8YYuHpr6nIzmUc6cSWUAtbtxW2lyQTUIYXxkimes3zsxDsrFitTz38L777n%2BlsvcMiz%2FEQ2fozD8rrxJix4Dlv6mA%2BUD0wbYBTuf41lwue7G8rAUhcvrNdPkoAg%2B%2BDhkdEYt9M1Ecx%2BIttAbylZSX28hAJrqLSttlTO2s%2FkJPt0D2IHJBnz%2FMb5nszx1LM00FE3Aals6RxwVdKzXZQIuGEeluVErgO9h9Co4n70EeoEQy8WfRI4sw7g5pNZkJgas2Ie%2FCXdda08tU3z3tU%2Bw%2FsEGBHvg%2BzX5ocRRNdD15m2QCboGBJW558FIkaStCXVsFLuXxYNwqbaveesnYztqIgvHd31TSNhAe0RURBTj90DQ3IqTA3JBahr4RlEHSx8zhg7VcaSWGU9WJyrZVjYfpt98WabwrTRozqcEuu2uZiK%2FoTQgpPLKvs5iS0EURBmlv6ozY096YJERzLjDTwRVCPuhINoLuGttedCgiijYCMlBZVF41%2B3uiXQt%2BMGfyWFr%2Bq4dQXhvqL%2B%2FZKPRyGon9FslrUVomzbdt0%2BLjPrspoEXSwyYNlhVfzFdWHZw23vBjk7hyAvplWDTQxyle0ypVa0esaOfL9olSUm6HTtheON0UVVqMb43l8pqWUMX4QbMllHcoCvkQDShAKIaRmpAL7h5pz%2FFmh%2BL5NaKHpVo7If2T3f7lQf9C1Gbmz53vah3BqJObiTA4yQe3YetObcNOzKMpeKW9qEj7DJcLTuvYf104GsYARyIsrpXxjFoF7CwzsQdbGzk5VNonYiwNXIBnZ8NiuOvCsLcQuWRGYrieQAnMrTjjrvE3wyyfFzP%2FsXPgHX1Rt7A0UiNnjo4CGPME%3D&i=22
Frame ID: 43BECC62404591DED681AEA07CF2A839
Requests: 3 HTTP requests in this frame
Frame:
https://ssrpde.ytjar.xyz/rr3---sn-4g5e6nzz.googlevideo.com/videoplayback?expire=1681321895&ei=R5s2ZJSRK4jO1wLdg4KYDg&ip=23.88.39.196&id=o-AHdgBEa7mTP5FWwIVfESgyZSYOF2IVpVYvgSxPPZaojU&itag=22&source=youtube&requiressl=yes&gcr=de&spc=99c5Cf1JyJl5jhUGrA40WdlO4OLj4_8&vprv=1&svpuc=1&mime=video%2Fmp4&cnr=14&ratebypass=yes&dur=263.848&lmt=1472222375097312&fexp=24007246&c=ANDROID&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cgcr%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Ccnr%2Cratebypass%2Cdur%2Clmt&sig=AOq0QJ8wRQIgOOX-iPDpwmYBcb6LgQZ4L-n079eyejvlw2sHL25wHOMCIQDlcTGgJp-nXLVN4rI6XH-DAKIxpDxFSSeiukp4XcHtHQ%3D%3D&title=Smallville+-+Clark+%26+Lana%27s+Love+%28+Legendado+%29.mp4&redirect_counter=1&rm=sn-4g5ekd76&req_id=c630b150ed6ca3ee&cms_redirect=yes&cmsv=e&ipbypass=yes&mh=X1&mip=116.203.232.108&mm=31&mn=sn-4g5e6nzz&ms=au&mt=1681302299&mv=m&mvi=3&pl=26&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIhAO4rzGeN1q5T9cs4o30x6E_MFss49pCffg8WlIHeMpXlAiAJnX6DDZbwBFc0igtmzGzbYHjfzObpBlTwxpHJTXpxfg%3D%3D
Frame ID: AAAF6CABAAB171E34358E665AC11A980
Requests: 1 HTTP requests in this frame
Frame:
https://one.123berlin.xyz/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1681300800
Frame ID: DF8EDFDE3A310A71F199B0C105A045F9
Requests: 3 HTTP requests in this frame
Screenshot
Page Title
Save itDetected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
Cloudflare Browser Insights
(Analytics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://ssrpde.ytjar.xyz/rr5---sn-4g5ednd7.googlevideo.com/videoplayback?expire=1681321895&ei=R5s2ZJSRK4jO1wLdg4KYDg&ip=23.88.39.196&id=o-AHdgBEa7mTP5FWwIVfESgyZSYOF2IVpVYvgSxPPZaojU&itag=22&source=youtube&requiressl=yes&mh=X1&mm=31%2C29&mn=sn-4g5ednd7%2Csn-4g5e6nzz&ms=au%2Crdu&mv=m&mvi=5&pl=25&gcr=de&initcwndbps=258750&spc=99c5Cf1JyJl5jhUGrA40WdlO4OLj4_8&vprv=1&svpuc=1&mime=video%2Fmp4&cnr=14&ratebypass=yes&dur=263.848&lmt=1472222375097312&mt=1681299644&fvip=3&fexp=24007246&c=ANDROID&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cgcr%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Ccnr%2Cratebypass%2Cdur%2Clmt&sig=AOq0QJ8wRQIgOOX-iPDpwmYBcb6LgQZ4L-n079eyejvlw2sHL25wHOMCIQDlcTGgJp-nXLVN4rI6XH-DAKIxpDxFSSeiukp4XcHtHQ%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhAN3oU5NY0k19H3etJkKXi61Nxoh8Cl4qP-1qWIDf6IL7AiB9VtiDZSNDOo0rYFQibjTqbBhn98bT7Y_vLxfl0A1Iug%3D%3D&title=Smallville+-+Clark+%26+Lana%27s+Love+%28+Legendado+%29.mp4 HTTP 302
- https://ssrpde.ytjar.xyz/rr3---sn-4g5e6nzz.googlevideo.com/videoplayback?expire=1681321895&ei=R5s2ZJSRK4jO1wLdg4KYDg&ip=23.88.39.196&id=o-AHdgBEa7mTP5FWwIVfESgyZSYOF2IVpVYvgSxPPZaojU&itag=22&source=youtube&requiressl=yes&gcr=de&spc=99c5Cf1JyJl5jhUGrA40WdlO4OLj4_8&vprv=1&svpuc=1&mime=video%2Fmp4&cnr=14&ratebypass=yes&dur=263.848&lmt=1472222375097312&fexp=24007246&c=ANDROID&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cgcr%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Ccnr%2Cratebypass%2Cdur%2Clmt&sig=AOq0QJ8wRQIgOOX-iPDpwmYBcb6LgQZ4L-n079eyejvlw2sHL25wHOMCIQDlcTGgJp-nXLVN4rI6XH-DAKIxpDxFSSeiukp4XcHtHQ%3D%3D&title=Smallville+-+Clark+%26+Lana%27s+Love+%28+Legendado+%29.mp4&redirect_counter=1&rm=sn-4g5ekd76&req_id=c630b150ed6ca3ee&cms_redirect=yes&cmsv=e&ipbypass=yes&mh=X1&mip=116.203.232.108&mm=31&mn=sn-4g5e6nzz&ms=au&mt=1681302299&mv=m&mvi=3&pl=26&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIhAO4rzGeN1q5T9cs4o30x6E_MFss49pCffg8WlIHeMpXlAiAJnX6DDZbwBFc0igtmzGzbYHjfzObpBlTwxpHJTXpxfg%3D%3D
7 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
dl.php
one.123berlin.xyz/ |
11 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
v2b4487d741ca48dcbadcaf954e159fc61680799950996
static.cloudflareinsights.com/beacon.min.js/ |
16 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
videoplayback
ssrpde.ytjar.xyz/rr3---sn-4g5e6nzz.googlevideo.com/ Frame AAAF Redirect Chain
|
0 0 |
Document
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
invisible.js
one.123berlin.xyz/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame DF8E |
30 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
pica.js
one.123berlin.xyz/cdn-cgi/challenge-platform/h/b/scripts/ Frame DF8E |
7 KB 4 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H3 |
7b6b76aeef6d0c33
one.123berlin.xyz/cdn-cgi/challenge-platform/h/b/cv/result/ Frame DF8E |
2 B 672 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H3 |
rum
one.123berlin.xyz/cdn-cgi/ |
0 143 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 boolean| credentialless object| _0xc4e function| _0xe63c string| url number| iTag string| expCookie function| triggerPop function| openInNewTab function| manualDl function| Cookies object| iframe object| __cfBeacon1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .123berlin.xyz/ | Name: __cf_bm Value: URVSy_nKFizB3NSym66TnNikioDePxjweWXUGgV389E-1681302449-0-AZ7EUGCTW67PZJOHcJtTMRQdZmaOasvv4vwjWoUIo9zldqsoShTQluiBGf0dh/sGn3eBTFGlA1eSm7sOH4lPYkCwOHOoKcU8iSuq71zjDJlU9oVMLy0VGWp90U9Hny1G3w== |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
one.123berlin.xyz
ssrpde.ytjar.xyz
static.cloudflareinsights.com
116.203.232.108
2606:4700::6810:3965
2a06:98c1:3121::3
0bf37c89036e8640ed2efe062da8080c04a5d55e74c9b8cc6116c91af33496e5
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
28d158d8d8d952ed9f6deff1680187c83c7ae178e657febba36cd7c071aa7cd5
4860695983e79ae4c596701d7203945837da206d3fdba56684661a5cd60b16c2
73e773368d1e5d96ba981dbf9641e95eced6396f9947f4400168cffa670a39bf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855