scanner-3071.win Open in urlscan Pro
2606:4700:30::681b:998d Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://scanner-3071.win/en/
Effective URL:
http://scanner-3071.win/en/
Submission: On December 10 via manual (December 10th 2018, 9:40:37 am UTC) from TW

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 2 domains to perform 9 HTTP transactions. The main IP is 2606:4700:30::681b:998d, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is scanner-3071.win.

This is the only time scanner-3071.win was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft Defender (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
2	2606:4700:30:... 2606:4700:30::681b:998d	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
5	2606:4700:30:... 2606:4700:30::681b:988d	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	46.105.201.240 46.105.201.240	16276 (OVH) (OVH)
1	192.95.33.34 192.95.33.34	16276 (OVH) (OVH)
9	5

2 2606:4700:30::681b:998d (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

scanner-3071.win	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:30::681b:988d (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

scanner-3071.win	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.201.240 (France)

ASN16276 (OVH, FR)

s10.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.95.33.34 (Montréal, Canada)

ASN16276 (OVH, FR)
PTR: ns5001604.ip-192-95-33.net

s4.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	scanner-3071.win scanner-3071.win	194 KB
2	histats.com s10.histats.com s4.histats.com	5 KB
9	2

	Domain	Requested by
7	scanner-3071.win	scanner-3071.win
1	s4.histats.com	s10.histats.com
1	s10.histats.com	scanner-3071.win
9	3

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 2 frames:

Primary Page: http://scanner-3071.win/en/
Frame ID: 6F2D242FD7FBB26C5D0CB7EBDEE9F4B1
Requests: 8 HTTP requests in this frame

Frame: http://scanner-3071.win/en/warning.mp3
Frame ID: D32B6ED765928D0FE9467D4538C2CF8B
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Twitter Bootstrap () Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i

Page Statistics

9
Requests

0 %
HTTPS

50 %
IPv6

2
Domains

3
Subdomains

5
IPs

3
Countries

199 kB
Transfer

400 kB
Size

8
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
14 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set / Show response scanner-3071.win/en/	11 KB 4 KB	40ms 32ms	Document text/html	2606:4700:30::681b:998d Cloudflare
General Check archive.org Show headers Download Go to Full URL http://scanner-3071.win/en/ Protocol HTTP/1.1 Server 2606:4700:30::681b:998d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / PHP/5.4.16 Resource Hash `6f5fd89dc30e876d179c838ecc69d93b84b52afa22dde42548b7f95eb1ac385d` Request headers Host scanner-3071.win Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 10 Dec 2018 09:40:21 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive Set-Cookie __cfduid=df343552fb6135b4579bdef477a95cb4d1544434821; expires=Tue, 10-Dec-19 09:40:21 GMT; path=/; domain=.scanner-3071.win; HttpOnly X-Powered-By PHP/5.4.16 Server cloudflare CF-RAY 486ebfe402636445-FRA Content-Encoding gzip
GET H/1.1	200 OK	bootstrap.css scanner-3071.win/en/index_files/	118 KB 20 KB	31ms 30ms	Stylesheet text/css	2606:4700:30::681b:998d Cloudflare
General Check archive.org Show headers Download Go to Full URL http://scanner-3071.win/en/index_files/bootstrap.css Requested by Host: scanner-3071.win URL: http://scanner-3071.win/en/ Protocol HTTP/1.1 Server 2606:4700:30::681b:998d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `df76fb7518b1201acc79262e0dc6c773a85f04c36e0a9ea61994c22fbd97087b` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host scanner-3071.win User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://scanner-3071.win/en/ Cookie __cfduid=df343552fb6135b4579bdef477a95cb4d1544434821 Connection keep-alive Cache-Control no-cache Referer http://scanner-3071.win/en/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 10 Dec 2018 09:40:21 GMT Content-Encoding gzip CF-Cache-Status REVALIDATED Last-Modified Thu, 15 Mar 2018 13:33:43 GMT Server cloudflare ETag W/"5aaa7637-1d9bc" Vary Accept-Encoding Content-Type text/css Access-Control-Allow-Origin * Cache-Control public, max-age=14400 Transfer-Encoding chunked Connection keep-alive CF-RAY 486ebfe432716445-FRA Expires Mon, 10 Dec 2018 13:40:21 GMT
GET H/1.1	200 OK	style.css scanner-3071.win/en/index_files/	23 KB 6 KB	37ms 31ms	Stylesheet text/css	2606:4700:30::681b:988d Cloudflare
General Check archive.org Show headers Download Go to Full URL http://scanner-3071.win/en/index_files/style.css Requested by Host: scanner-3071.win URL: http://scanner-3071.win/en/ Protocol HTTP/1.1 Server 2606:4700:30::681b:988d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `78dcaaf93c8b138b0d84e81e3a30a31daa07b00d733304977762a2c9636c6b5e` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host scanner-3071.win User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://scanner-3071.win/en/ Cookie __cfduid=df343552fb6135b4579bdef477a95cb4d1544434821 Connection keep-alive Cache-Control no-cache Referer http://scanner-3071.win/en/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 10 Dec 2018 09:40:21 GMT Content-Encoding gzip CF-Cache-Status REVALIDATED Last-Modified Thu, 15 Mar 2018 13:33:43 GMT Server cloudflare ETag W/"5aaa7637-5a79" Vary Accept-Encoding Content-Type text/css Access-Control-Allow-Origin * Cache-Control public, max-age=14400 Transfer-Encoding chunked Connection keep-alive CF-RAY 486ebfe4419796d0-FRA Expires Mon, 10 Dec 2018 13:40:21 GMT
GET H/1.1	200 OK	alert.css scanner-3071.win/en/index_files/	3 KB 1 KB	29ms 23ms	Stylesheet text/css	2606:4700:30::681b:988d Cloudflare
General Check archive.org Show headers Download Go to Full URL http://scanner-3071.win/en/index_files/alert.css Requested by Host: scanner-3071.win URL: http://scanner-3071.win/en/ Protocol HTTP/1.1 Server 2606:4700:30::681b:988d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `e8c8396c5ab9cd8e6db526222e96aa0d5e6208907a33f8c9032359398e0236b7` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host scanner-3071.win User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://scanner-3071.win/en/ Cookie __cfduid=df343552fb6135b4579bdef477a95cb4d1544434821 Connection keep-alive Cache-Control no-cache Referer http://scanner-3071.win/en/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 10 Dec 2018 09:40:21 GMT Content-Encoding gzip CF-Cache-Status REVALIDATED Last-Modified Thu, 15 Mar 2018 13:33:42 GMT Server cloudflare ETag W/"5aaa7636-ba5" Vary Accept-Encoding Content-Type text/css Access-Control-Allow-Origin * Cache-Control public, max-age=14400 Transfer-Encoding chunked Connection keep-alive CF-RAY 486ebfe44531c26f-FRA Expires Mon, 10 Dec 2018 13:40:21 GMT
GET H/1.1	200 OK	windows.png scanner-3071.win/en/index_files/	2 KB 3 KB	43ms 37ms	Image image/png	2606:4700:30::681b:988d Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://scanner-3071.win/en/index_files/windows.png Requested by Host: scanner-3071.win URL: http://scanner-3071.win/en/ Protocol HTTP/1.1 Server 2606:4700:30::681b:988d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `9e590c1c5e7601413a44e2c7b8611dab5fb2ee6d6287d3c88bf137465279ef54` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host scanner-3071.win User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://scanner-3071.win/en/ Cookie __cfduid=df343552fb6135b4579bdef477a95cb4d1544434821 Connection keep-alive Cache-Control no-cache Referer http://scanner-3071.win/en/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 10 Dec 2018 09:40:21 GMT CF-Cache-Status REVALIDATED Last-Modified Thu, 15 Mar 2018 13:33:43 GMT Server cloudflare ETag "5aaa7637-9d3" Vary Accept-Encoding Content-Type image/png Access-Control-Allow-Origin * Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 486ebfe4467396be-FRA Content-Length 2515 Expires Mon, 10 Dec 2018 13:40:21 GMT
GET DATA	200 OK	truncated /	68 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/png
GET H/1.1	200 OK	js15_as.js Show response s10.histats.com/	11 KB 5 KB	24ms 9ms	Script text/javascript	46.105.201.240 OVH
General Check archive.org Show headers Download Go to Full URL http://s10.histats.com/js15_as.js Requested by Host: scanner-3071.win URL: http://scanner-3071.win/en/ Protocol HTTP/1.1 Server 46.105.201.240 , France, ASN16276 (OVH, FR), Reverse DNS Software / Resource Hash `1f730c8b78091c3479abc2fb805b9093138f05acd0de421b8da96389cbbb9668` Request headers Referer http://scanner-3071.win/en/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 10 Dec 2018 09:37:20 GMT Content-Encoding gzip Last-Modified Thu, 06 Dec 2018 14:12:12 GMT X-CDN-Pop-IP 137.74.120.32/27 ETag "-139234964" X-Cacheable Matched cache Vary Accept-Encoding X-IPLB-Instance 4746 Content-Type text/javascript X-CDN-Pop sbg Accept-Ranges bytes Content-Length 4525
GET H/1.1	200 OK	warning.mp3 scanner-3071.win/en/ Frame D32B	64 KB 0	28ms 27ms	Document audio/mpeg	2606:4700:30::681b:988d Cloudflare
General Check archive.org Show headers Download Go to Full URL http://scanner-3071.win/en/warning.mp3 Requested by Host: scanner-3071.win URL: http://scanner-3071.win/en/ Protocol HTTP/1.1 Server 2606:4700:30::681b:988d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash Request headers Host scanner-3071.win Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer http://scanner-3071.win/en/ Accept-Encoding gzip, deflate Cookie __cfduid=df343552fb6135b4579bdef477a95cb4d1544434821 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://scanner-3071.win/en/ Response headers Date Mon, 10 Dec 2018 09:40:21 GMT Content-Type audio/mpeg Content-Length 164790 Connection keep-alive Last-Modified Thu, 15 Mar 2018 13:33:40 GMT ETag "5aaa7634-283b6" Access-Control-Allow-Origin * Accept-Ranges bytes Server cloudflare CF-RAY 486ebfe4c68e96be-FRA
GET H/1.1	200 OK	0.php Show response s4.histats.com/stats/	50 B 321 B	202ms 97ms	Script text/html	192.95.33.34 OVH
General Check archive.org Show headers Download Go to Full URL http://s4.histats.com/stats/0.php?4023616&@f16&@g1&@h1&@i1&@j1544434821907&@k0&@l1&@mInformation&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:-134106508&@b3:1544434822&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fscanner-3071.win%2Fen%2F&@w Requested by Host: s10.histats.com URL: http://s10.histats.com/js15_as.js Protocol HTTP/1.1 Server 192.95.33.34 Montréal, Canada, ASN16276 (OVH, FR), Reverse DNS ns5001604.ip-192-95-33.net Software / Resource Hash `65bcde13f5580a2482cdd02e8f178ec4358bef8d607c3afb5abac6b86e048801` Request headers Referer http://scanner-3071.win/en/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 10 Dec 2018 09:40:22 GMT Connection close Content-Length 50 Content-Type text/html;charset=UTF-8
GET DATA	200 OK	truncated / Frame D32B	715 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/png
GET DATA	200 OK	truncated / Frame D32B	381 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `63271dcce1a2518271ecc2b0bdcc5afc9c5f0968a8635e0f97a4c9747309eb82` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/svg+xml
GET DATA	200 OK	truncated / Frame D32B	243 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `9d2d8043c302d3a9da9277374a53e2285c471d5dc8397885b4931b82771d5cae` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/svg+xml
GET DATA	200 OK	truncated / Frame D32B	299 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a3d5b21692435e785aa0e698356735093bb93f6c2f61410c49761ee2448f7289` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/svg+xml
GET DATA	200 OK	truncated / Frame D32B	352 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5f3592a8b8037ea064764a2815799612063c6722d314d1d66d3a9391c3c16d66` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/svg+xml
GET DATA	200 OK	truncated / Frame D32B	178 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `3ee0806e69f2ae70a2267a58ac5fc5d52b5aa7aca6f3c0c08adad605fd8fbc16` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/svg+xml
GET DATA	200 OK	truncated / Frame D32B	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/png
GET H/1.1	206 Partial Content	warning.mp3 scanner-3071.win/en/ Frame D32B	161 KB 161 KB	84ms 84ms	Media audio/mpeg	2606:4700:30::681b:988d Cloudflare
General Check archive.org Show headers Download Go to Full URL http://scanner-3071.win/en/warning.mp3 Requested by Host: scanner-3071.win URL: http://scanner-3071.win/en/ Protocol HTTP/1.1 Server 2606:4700:30::681b:988d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `98b26d722140d37b99ac957bdc9d34318a86d8ea6800b7f8749fb96e74c916fb` Request headers Pragma no-cache Accept-Encoding identity;q=1, ;q=0 Host* scanner-3071.win User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 chrome-proxy frfr Accept / Cache-Control no-cache Referer http://scanner-3071.win/en/warning.mp3 Cookie __cfduid=df343552fb6135b4579bdef477a95cb4d1544434821; HstCfa4023616=1544434821907; HstCla4023616=1544434821907; HstCmu4023616=1544434821907; HstPn4023616=1; HstPt4023616=1; HstCnv4023616=1; HstCns4023616=1 Connection keep-alive Range bytes=0- Referer http://scanner-3071.win/en/warning.mp3 Accept-Encoding identity;q=1, ;q=0 User-Agent* Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Range bytes=0- chrome-proxy frfr Response headers Date Mon, 10 Dec 2018 09:40:22 GMT Last-Modified Thu, 15 Mar 2018 13:33:40 GMT Server cloudflare Access-Control-Allow-Origin * ETag "5aaa7634-283b6" Content-Type audio/mpeg Content-Range bytes 0-164789/164790 Connection keep-alive CF-RAY 486ebfe566bb96be-FRA Content-Length 164790
GET DATA	200 OK	truncated / Frame D32B	552 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `62f3f809487194fcc55a3ebd88811a604ae496027bb425d4ebd15d9ae1921945` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/svg+xml
GET DATA	200 OK	truncated / Frame D32B	547 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `eb14baeac955bb11e33cd7fd3fd2f698cf20db1b450325f45ea843b6cdc82366` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/svg+xml
GET DATA	200 OK	truncated / Frame D32B	364 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `223dbeaf95c21e29aad42c8656d9ad41dbe9497df36c95118158609625d95c53` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/svg+xml
GET DATA	200 OK	truncated / Frame D32B	242 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `91eb7001a90f9178135eede72f1c8a5300cababa4a078cb59debaa50de4b1788` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/svg+xml
GET DATA	200 OK	truncated / Frame D32B	351 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4c131a74d2f424e29ffb16d2b03fec20e3f0cae46c4f0aff594cdc8ade80c3ca` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/svg+xml
GET DATA	200 OK	truncated / Frame D32B	195 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `dfa16b4a1e6d34f5d50df7dfc436e91d75ed4454827f530b9b6011402a49cecf` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft Defender (Consumer)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
scanner-3071.win/	1970-01-19 05:46:10	Name: HstCnv4023616 Value: 1
scanner-3071.win/	1970-01-19 05:46:10	Name: HstPt4023616 Value: 1
scanner-3071.win/	1970-01-19 05:46:10	Name: HstCmu4023616 Value: 1544434821907
scanner-3071.win/	1970-01-19 05:46:10	Name: HstPn4023616 Value: 1
scanner-3071.win/	1970-01-19 05:46:10	Name: HstCfa4023616 Value: 1544434821907
scanner-3071.win/	1970-01-19 05:46:10	Name: HstCla4023616 Value: 1544434821907
scanner-3071.win/	1970-01-19 05:46:10	Name: HstCns4023616 Value: 1
.scanner-3071.win/	1970-01-19 05:46:10	Name: __cfduid Value: df343552fb6135b4579bdef477a95cb4d1544434821

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

s10.histats.com
s4.histats.com
scanner-3071.win
192.95.33.34
2606:4700:30::681b:988d
2606:4700:30::681b:998d
46.105.201.240
1f730c8b78091c3479abc2fb805b9093138f05acd0de421b8da96389cbbb9668
223dbeaf95c21e29aad42c8656d9ad41dbe9497df36c95118158609625d95c53
3ee0806e69f2ae70a2267a58ac5fc5d52b5aa7aca6f3c0c08adad605fd8fbc16
4c131a74d2f424e29ffb16d2b03fec20e3f0cae46c4f0aff594cdc8ade80c3ca
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5f3592a8b8037ea064764a2815799612063c6722d314d1d66d3a9391c3c16d66
62f3f809487194fcc55a3ebd88811a604ae496027bb425d4ebd15d9ae1921945
63271dcce1a2518271ecc2b0bdcc5afc9c5f0968a8635e0f97a4c9747309eb82
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
65bcde13f5580a2482cdd02e8f178ec4358bef8d607c3afb5abac6b86e048801
6f5fd89dc30e876d179c838ecc69d93b84b52afa22dde42548b7f95eb1ac385d
78dcaaf93c8b138b0d84e81e3a30a31daa07b00d733304977762a2c9636c6b5e
91eb7001a90f9178135eede72f1c8a5300cababa4a078cb59debaa50de4b1788
98b26d722140d37b99ac957bdc9d34318a86d8ea6800b7f8749fb96e74c916fb
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9d2d8043c302d3a9da9277374a53e2285c471d5dc8397885b4931b82771d5cae
9e590c1c5e7601413a44e2c7b8611dab5fb2ee6d6287d3c88bf137465279ef54
a3d5b21692435e785aa0e698356735093bb93f6c2f61410c49761ee2448f7289
df76fb7518b1201acc79262e0dc6c773a85f04c36e0a9ea61994c22fbd97087b
dfa16b4a1e6d34f5d50df7dfc436e91d75ed4454827f530b9b6011402a49cecf
e8c8396c5ab9cd8e6db526222e96aa0d5e6208907a33f8c9032359398e0236b7
eb14baeac955bb11e33cd7fd3fd2f698cf20db1b450325f45ea843b6cdc82366

scanner-3071.win Open in urlscan Pro 2606:4700:30::681b:998d Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

9 Requests

0 %HTTPS

50 %IPv6

2 Domains

3 Subdomains

5 IPs

3 Countries

199 kBTransfer

400 kBSize

8 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 14 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

22 JavaScript Global Variables

8 Cookies

Indicators

scanner-3071.win Open in urlscan Pro
2606:4700:30::681b:998d Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

0 %
HTTPS

50 %
IPv6

2
Domains

3
Subdomains

5
IPs

3
Countries

199 kB
Transfer

400 kB
Size

8
Cookies

9 HTTP transactions
14 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!