g19nupveu764415cec53a17.apitop.ru Open in urlscan Pro
2606:4700:3034::ac43:c48c Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://g19nupveu764415cec53a17.apitop.ru/
Submission: On May 22 via manual (May 22nd 2023, 5:29:12 pm UTC) from IN — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 16 HTTP transactions. The main IP is 2606:4700:3034::ac43:c48c, located in United States and belongs to CLOUDFLARENET, US. The main domain is g19nupveu764415cec53a17.apitop.ru.

This is the only time g19nupveu764415cec53a17.apitop.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 10	2606:4700:303... 2606:4700:3034::ac43:c48c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700::68... 2606:4700::6812:7b9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	3

10 2606:4700:3034::ac43:c48c (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

g19nupveu764415cec53a17.apitop.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:7b9 (United States)

ASN13335 (CLOUDFLARENET, US)

challenges.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	apitop.ru 1 redirects g19nupveu764415cec53a17.apitop.ru	219 KB
5	cloudflare.com challenges.cloudflare.com — Cisco Umbrella Rank: 6358	150 KB
16	2

	Domain	Requested by
10	g19nupveu764415cec53a17.apitop.ru	1 redirects g19nupveu764415cec53a17.apitop.ru
5	challenges.cloudflare.com	g19nupveu764415cec53a17.apitop.ru challenges.cloudflare.com
16	2

This site contains no links.

Subject Issuer	Validity	Valid
challenges.cloudflare.com Cloudflare Inc ECC CA-3	`2022-09-18` - `2023-09-17`	a year	crt.sh

This page contains 2 frames:

Primary Page: http://g19nupveu764415cec53a17.apitop.ru/
Frame ID: 6B52F9812EBE7BBE9624D55DD4D385AF
Requests: 11 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/uiwby/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Frame ID: 68FDA98A3E0B826960E1051E1392149C
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Loading...

Page URL History Show full URLs

http://g19nupveu764415cec53a17.apitop.ru/ Page URL
http://g19nupveu764415cec53a17.apitop.ru/cdn-cgi/phish-bypass?atok=KK2gPa9fUjBKcdOMeHCFuJl_fkrnuAvyT6hcoXV_EIk-168477... HTTP 301
http://g19nupveu764415cec53a17.apitop.ru/ Page URL

Page Statistics

16
Requests

31 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

369 kB
Transfer

680 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://g19nupveu764415cec53a17.apitop.ru/ Page URL
http://g19nupveu764415cec53a17.apitop.ru/cdn-cgi/phish-bypass?atok=KK2gPa9fUjBKcdOMeHCFuJl_fkrnuAvyT6hcoXV_EIk-1684776542-0-%2F HTTP 301
http://g19nupveu764415cec53a17.apitop.ru/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
g19nupveu764415cec53a17.apitop.ru/ 4 KB
2 KB 269ms
52ms Document
text/html 2606:4700:3034::ac43:c48c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://g19nupveu764415cec53a17.apitop.ru/

Protocol

HTTP/1.1

Server

2606:4700:3034::ac43:c48c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33f2e538b97d5c9026764daf10fe2b38a9a8f3224805ef37463be42a886745f0

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

CF-RAY: 7cb6c76f9fac3735-FRA
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Mon, 22 May 2023 17:29:02 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qkctzyVA2ANB%2FGRSctwB2EVhMj6hKgDAqtBjfHDWr3mB7dCq7bwRBaa9hbrq0odhRWlnYZeC2UfpShSLvzu8rvQxCLXo2BmaK56Io4SxleiEjp9dQZYyoGyR4YI0GUQMr9mT6fStxkZIPCmSzUlUj70tbYoquh2gjtyJubA%2F6mI%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN

GET
H/1.1 200
OK cf.errors.css
g19nupveu764415cec53a17.apitop.ru/cdn-cgi/styles/ 24 KB
5 KB 41ms
41ms Stylesheet
text/css 2606:4700:3034::ac43:c48c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://g19nupveu764415cec53a17.apitop.ru/cdn-cgi/styles/cf.errors.css

Requested by

Host: g19nupveu764415cec53a17.apitop.ru
URL: http://g19nupveu764415cec53a17.apitop.ru/

Protocol

HTTP/1.1

Server

2606:4700:3034::ac43:c48c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://g19nupveu764415cec53a17.apitop.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Mon, 22 May 2023 17:29:02 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 18 May 2023 12:46:56 GMT
Server: cloudflare
ETag: W/"64661e40-5e44"
Transfer-Encoding: chunked
X-Frame-Options: DENY
Content-Type: text/css
Vary: Accept-Encoding
Cache-Control: max-age=7200, public
Connection: keep-alive
CF-RAY: 7cb6c76fe84a3735-FRA
Expires: Mon, 22 May 2023 19:29:02 GMT

GET
H/1.1 200
OK icon-exclamation.png
g19nupveu764415cec53a17.apitop.ru/cdn-cgi/images/ 452 B
889 B 43ms
43ms Image
image/png 2606:4700:3034::ac43:c48c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://g19nupveu764415cec53a17.apitop.ru/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: g19nupveu764415cec53a17.apitop.ru
URL: http://g19nupveu764415cec53a17.apitop.ru/cdn-cgi/styles/cf.errors.css

Protocol

HTTP/1.1

Server

2606:4700:3034::ac43:c48c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://g19nupveu764415cec53a17.apitop.ru/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Mon, 22 May 2023 17:29:02 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 18 May 2023 12:46:56 GMT
Server: cloudflare
ETag: "64661e40-1c4"
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: max-age=7200, public
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 7cb6c77048cc3735-FRA
Content-Length: 452
Expires: Mon, 22 May 2023 19:29:02 GMT

GET
H/1.1

403
Forbidden

Primary Request / Show response
g19nupveu764415cec53a17.apitop.ru/
Redirect Chain

http://g19nupveu764415cec53a17.apitop.ru/cdn-cgi/phish-bypass?atok=KK2gPa9fUjBKcdOMeHCFuJl_fkrnuAvyT6hcoXV_EIk-1684776542-0-%2F
http://g19nupveu764415cec53a17.apitop.ru/

6 KB
5 KB

52ms
52ms

Document
text/html

2606:4700:3034::ac43:c48c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://g19nupveu764415cec53a17.apitop.ru/

Protocol

HTTP/1.1

Server

2606:4700:3034::ac43:c48c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3edab82e55de6d26457b884f71c668acccc23efc5f447346e6606e8304709480

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: http://g19nupveu764415cec53a17.apitop.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

CF-RAY: 7cb6c78d8e213735-FRA
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Mon, 22 May 2023 17:29:07 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IfqYuqe0ootXrumErhmJqXFVW8JNlRGZMDL1CkFkPFBPcpNYJh%2BWeTEO9nA0kMuSBvhmnaH5AEJHKfIsNF7%2BPpDSfNmH9g77Ol5RMaxBrhDy4f%2BHzIsQ1%2FXZ7XsE6xA%2BgLQY1CPLoGcVx%2Bxd75f89IdBPEBB3aoD%2B4RoS7D2YlM%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-mitigated: challenge

Redirect headers

CF-RAY: 7cb6c78d3dc73735-FRA
Cache-Control: private, no-cache
Connection: keep-alive
Content-Length: 167
Content-Type: text/html
Date: Mon, 22 May 2023 17:29:07 GMT
Location: http://g19nupveu764415cec53a17.apitop.ru/
Server: cloudflare
X-Content-Type-Options: nosniff
X-Frame-Options: DENY

GET
H/1.1 200
OK v1 Show response
g19nupveu764415cec53a17.apitop.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/ 146 KB
53 KB 100ms
60ms Script
application/javascript 2606:4700:3034::ac43:c48c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://g19nupveu764415cec53a17.apitop.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7cb6c78d8e213735
Requested by: Host: g19nupveu764415cec53a17.apitop.ru
URL: http://g19nupveu764415cec53a17.apitop.ru/
Protocol: HTTP/1.1
Server: 2606:4700:3034::ac43:c48c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae40afc91cb0a72f9fcbf89015a9fc5b3ee797c6151c5ab68f922a9d3bd58882

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://g19nupveu764415cec53a17.apitop.ru/?__cf_chl_rt_tk=EdK_XndGt8cXgR1Miy7thmAhKb1.KKMdzeFq8gbCuYw-1684776547-0-gaNycGzNB1A
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Mon, 22 May 2023 17:29:07 GMT
Content-Encoding: gzip
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tw5CzenG98p1Go0PlfeZGQD3%2BHlCvixLHmsdZ482ScSEXMt6IpWvjTRVltNvGUBYX4%2Fn7JbzSA0e6Onq2vMKK6SLMZ21p9gUQTKt1P4rA2Dvfc95VAmh5MAcVQRzhL4UXKissSbM779QToLwUFF5jWfUQSKvKwsxH3SyTA17VjE%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
Connection: keep-alive
CF-RAY: 7cb6c78e3b3e39e2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK transparent.gif
g19nupveu764415cec53a17.apitop.ru/cdn-cgi/images/trace/managed/js/ 42 B
477 B 86ms
46ms Image
image/gif 2606:4700:3034::ac43:c48c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://g19nupveu764415cec53a17.apitop.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cb6c78d8e213735

Requested by

Host: g19nupveu764415cec53a17.apitop.ru
URL: http://g19nupveu764415cec53a17.apitop.ru/?__cf_chl_rt_tk=EdK_XndGt8cXgR1Miy7thmAhKb1.KKMdzeFq8gbCuYw-1684776547-0-gaNycGzNB1A

Protocol

HTTP/1.1

Server

2606:4700:3034::ac43:c48c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://g19nupveu764415cec53a17.apitop.ru/?__cf_chl_rt_tk=EdK_XndGt8cXgR1Miy7thmAhKb1.KKMdzeFq8gbCuYw-1684776547-0-gaNycGzNB1A
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Mon, 22 May 2023 17:29:07 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 18 May 2023 12:46:56 GMT
Server: cloudflare
ETag: "64661e40-2a"
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=7200, public
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 7cb6c78e3d5f3802-FRA
Content-Length: 42
Expires: Mon, 22 May 2023 19:29:07 GMT

GET
H2 200 api.js Show response
challenges.cloudflare.com/turnstile/v0/g/7fe8adc8/ 15 KB
5 KB 151ms
66ms Script
application/javascript 2606:4700::6812:7b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/g/7fe8adc8/api.js?onload=_cf_chl_turnstile_l&render=explicit
Requested by: Host: g19nupveu764415cec53a17.apitop.ru
URL: http://g19nupveu764415cec53a17.apitop.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7cb6c78d8e213735
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:7b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 51957b7f445f96a4f027db0a264c33904aaa9cd1ef944148008e41d54d4f8f0c

Request headers

Referer
Origin: http://g19nupveu764415cec53a17.apitop.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Mon, 22 May 2023 17:29:07 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cf-ray: 7cb6c78f793318d6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H/1.1 200
OK c4ed1668098662d Show response
g19nupveu764415cec53a17.apitop.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/2015838095:1684773095:IbGfcsjo_rsf0pcqIW9v6VuPGY9Ce0RBy9dooPh8IXg/7cb6c78d8e213735/ 191 KB
145 KB 143ms
143ms XHR
text/plain 2606:4700:3034::ac43:c48c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://g19nupveu764415cec53a17.apitop.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/2015838095:1684773095:IbGfcsjo_rsf0pcqIW9v6VuPGY9Ce0RBy9dooPh8IXg/7cb6c78d8e213735/c4ed1668098662d
Requested by: Host: g19nupveu764415cec53a17.apitop.ru
URL: http://g19nupveu764415cec53a17.apitop.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7cb6c78d8e213735
Protocol: HTTP/1.1
Server: 2606:4700:3034::ac43:c48c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a8fbb17beda2900c9e2041b202b986e91919574e2397bcfa0dccd4066cac6e3

Request headers

Referer: http://g19nupveu764415cec53a17.apitop.ru/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
CF-Challenge: c4ed1668098662d
Content-type: application/x-www-form-urlencoded

Response headers

Date: Mon, 22 May 2023 17:29:07 GMT
Content-Encoding: gzip
cf_chl_gen: pmOWxcrf2n2lecFmwTau4LR8auFwu0NrJGJ4bk0t0v9SVyj9TzuD2CEfxM+iOzCsnG7wxz3sxLfCypmpgwet0JXAqkorWazB/kMQTihkBmqs/4Kaj97zYvAs6ubuW0Lc5nMR2B+ITmpX2afmgUAfjlP0lNQcLs8aRSsZs3KEqbzt89PfbadibmarxIzAKdzclkCaJlIN+y5xgjUKzgQzUhbypOWc5BCbyhPLy6irHjdyMORgAUSibMar9n+kz2cyoKEqM7BIQlOVW6qKIMFIjGIpow+pJXF7AofAtT5AQSkTSzOJFGw6hCyNCfPsl5uy76qFLaTKyN/BNmCFKJzbOsjtd+2lljkwnbxjWdOqKt8ctPuZx4/XUqLiau6/KKkvFE2/FEv14zEgXWsiKJWjEmW5YR5FiJOWiWzxGfajuB3ml8y6BtYCHNIoxStghvhHtByVgBGr+8szvYJNCMWawJfJPmC/LuWZ01OoOoPbTcRJqwxJP6e2D73KhwtUNl6m$4iCqI+AvUQsJXb6XZpIJ1A==
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cy8tEn%2F2WC5AYiefnymjHkyVF43RCZEyMmYBlfG90VWbVO8mwHBZon4XU9OR21rHm14QY9ETJBi%2FhNvVzKpaS1kmpCGIOgKnP3YIA5JUdNq8J6tXoAMI3p%2FgwhKqWbBFoEJyDfeKsk9Hc4ajrwa7Ixns7myXerAf8xz2%2Bgqatus%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/plain; charset=UTF-8
Connection: keep-alive
CF-RAY: 7cb6c78f9d3739e2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
BLOB 200
OK df5c0d7c-b218-494f-8cd1-511c6ea42e23
http://g19nupveu764415cec53a17.apitop.ru/ 220 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:http://g19nupveu764415cec53a17.apitop.ru/df5c0d7c-b218-494f-8cd1-511c6ea42e23
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d6b64601f895bed389aa525bed33990514b3ea089b51569aaf245f9479caeac8

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://g19nupveu764415cec53a17.apitop.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Length: 220
Content-Type: application/javascript

GET
H/1.1 200
OK 3U0GnWTv1Hv4PaM
g19nupveu764415cec53a17.apitop.ru/cdn-cgi/challenge-platform/h/g/img/7cb6c78d8e213735/1684776547797/ 61 B
678 B 49ms
49ms Image
image/png 2606:4700:3034::ac43:c48c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://g19nupveu764415cec53a17.apitop.ru/cdn-cgi/challenge-platform/h/g/img/7cb6c78d8e213735/1684776547797/3U0GnWTv1Hv4PaM
Protocol: HTTP/1.1
Server: 2606:4700:3034::ac43:c48c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53972cdeb27f421b92aa87d8fab42fb48544e342012aced2c552c22926ce87a2

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://g19nupveu764415cec53a17.apitop.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Mon, 22 May 2023 17:29:09 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cKKopBto84aH5mUJlZVm5DgX3lkiMQZqai%2BfVr45W7DEpg%2BF9ey9QljtI%2FNSWG1gfQXtGwTjtfjzfk6PDxSExR2USVBkApiEWa1ovEvcCiZx56WwA94WkDH4YwTaARAkQ8VFpQZP2D0VFIoJHaHFoFGFSn4VGeA1Q%2FaUcZni%2Bu4%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Connection: keep-alive
CF-RAY: 7cb6c797483e39e2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H/1.1 200
OK c4ed1668098662d Show response
g19nupveu764415cec53a17.apitop.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/2015838095:1684773095:IbGfcsjo_rsf0pcqIW9v6VuPGY9Ce0RBy9dooPh8IXg/7cb6c78d8e213735/ 8 KB
6 KB 110ms
110ms XHR
text/plain 2606:4700:3034::ac43:c48c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://g19nupveu764415cec53a17.apitop.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/2015838095:1684773095:IbGfcsjo_rsf0pcqIW9v6VuPGY9Ce0RBy9dooPh8IXg/7cb6c78d8e213735/c4ed1668098662d
Requested by: Host: g19nupveu764415cec53a17.apitop.ru
URL: http://g19nupveu764415cec53a17.apitop.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7cb6c78d8e213735
Protocol: HTTP/1.1
Server: 2606:4700:3034::ac43:c48c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e9eaf71ce4ff81604aea58b38176e003967b835f2f78d4dc4dd1d01325e542ca

Request headers

Referer: http://g19nupveu764415cec53a17.apitop.ru/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
CF-Challenge: c4ed1668098662d
Content-type: application/x-www-form-urlencoded

Response headers

Date: Mon, 22 May 2023 17:29:09 GMT
Content-Encoding: gzip
cf_chl_gen: eHURYX2JPojbnJnZYMby0holwVnEQ9QlNIegl8DibjshLoKojPDtVSWbaHwWUyij$6W2w5MynccE7YbjNQOrAYg==
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AJCztB%2BVXN1nRvFaMa5hPRq4c8qMdBI4Z%2FabNCeeXaUc1jPDibrensNarOM6hodPFMW0Geh6TJADwbT3gbLAfn2XX%2FhLYb1drgLa600Ozaxvd37tFH1s%2FhmPl4Xh7MmDXF4xrFv%2Fzdk8AvnUX9A43lIf%2BRMSWoC6i7JpyEOlJWc%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/plain; charset=UTF-8
Connection: keep-alive
CF-RAY: 7cb6c79ce80f39e2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 normal Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/uiwby/0x4AAAAAAAAjq6WYeRDKmebM/light/ Frame 68FD 22 KB
7 KB 100ms
55ms Document
text/html 2606:4700::6812:7b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/uiwby/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/g/7fe8adc8/api.js?onload=_cf_chl_turnstile_l&render=explicit
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:7b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a9f1641c86c93abd1988af03dd5222d768a1872184cd2f3eb550fbd4c4bd5a1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=0, must-revalidate
cf-ray: 7cb6c79dfca85c4a-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Mon, 22 May 2023 17:29:10 GMT
document-policy: js-profiling
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare

GET
H3 200 v1 Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/ Frame 68FD 149 KB
54 KB 51ms
51ms Script
application/javascript 2606:4700::6812:7b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7cb6c79dfca85c4a
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/uiwby/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:7b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a1d96c66f623032a11c9f0966a39c90929961650660a3c965c8b8ebe2afbb53

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/uiwby/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Mon, 22 May 2023 17:29:10 GMT
cache-control: max-age=0, must-revalidate
content-encoding: br
server: cloudflare
cf-ray: 7cb6c79e9d8e5c4a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type: application/javascript; charset=UTF-8

POST
H3 200 0e5c398f835bb06 Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/715539701:1684773044:y1nl3hipj8oLsU0RrmhXK298yYSt8ag7aMn1pOgKcrQ/7cb6c79dfca85c4a/ Frame 68FD 113 KB
84 KB 108ms
107ms XHR
text/plain 2606:4700::6812:7b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/715539701:1684773044:y1nl3hipj8oLsU0RrmhXK298yYSt8ag7aMn1pOgKcrQ/7cb6c79dfca85c4a/0e5c398f835bb06
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7cb6c79dfca85c4a
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:7b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 84c3989a574d182cb98121778be33d34373d37f6c724b13ade12dbfb9b95170e

Request headers

Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/uiwby/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
CF-Challenge: 0e5c398f835bb06
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 22 May 2023 17:29:10 GMT
content-encoding: br
cf_chl_gen: H8Ofk9eCxYq2lNrUmiOtqNc6K/mwr0//PR+hbPRc0zreqcJSUfkUoOur11ByGGs1ZWyw0f8/pBxLSLRK83q9md1N5ybUhkFPSaesghPm3lxUJ40BM8zGpKwq+ocUEliA9bqPtZKIViBKR3eDIlMT4YZTnx10swg2iDZgqUvAqWY63nqzWyCUluVsQ7JTygElLRcLgGD2ea001il3PyArJIQT3feQhgZJ98nLzhRCFVVwlQ+J0CnPAWGq4C+A6mtk/K0cxTko+JAJytMXbQNDmkVVvAV8YL5WblO7gZkqfyGT4F+sdZUqYmehXwTawda07/uEJCDCqHizYF2y3PFe31oIXv6psFB/lTXOvvqmlNhmfIMLEjfRhAB41Z7pG6erLHav21axt5Xa9aS+C9PS89zU71SgXjoM8iZwi4MExzm7cYA9zKsCPzHBFKnokZVx$I+00+28nBabbmH4TMxIwqg==
server: cloudflare
cf-ray: 7cb6c7a03f735c4a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type: text/plain; charset=UTF-8

GET
BLOB 200
OK 9728a0be-d400-4562-be03-96ccbe894ef0
https://challenges.cloudflare.com/ Frame 68FD 656 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://challenges.cloudflare.com/9728a0be-d400-4562-be03-96ccbe894ef0
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e41277bd48cc271455c85a90d1458c60265604cb04fcd58fc06436741d3d8c7c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/uiwby/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Length: 656
Content-Type: text/javascript

GET
H3 200 RGatlfdqve_gFq1
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7cb6c79dfca85c4a/1684776550449/ Frame 68FD 61 B
166 B 53ms
53ms Image
image/png 2606:4700::6812:7b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7cb6c79dfca85c4a/1684776550449/RGatlfdqve_gFq1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:7b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 517ba8cb6d43cd8a7ff275023c9f71ef89f8b81bc147780bd492bfbd2101d9b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/uiwby/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Mon, 22 May 2023 17:29:10 GMT
server: cloudflare
cf-ray: 7cb6c7a1792a5c4a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type: image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.g19nupveu764415cec53a17.apitop.ru/	1970-01-20 12:01:02	Name: __cf_mw_byp Value: KK2gPa9fUjBKcdOMeHCFuJl_fkrnuAvyT6hcoXV_EIk-1684776542-0-/

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: http://g19nupveu764415cec53a17.apitop.ru/ Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
other	error	URL: http://g19nupveu764415cec53a17.apitop.ru/ Message: The Cross-Origin-Opener-Policy header has been ignored, because the URL's origin was untrustworthy. It was defined either in the final response or a redirect. Please deliver the response using the HTTPS protocol. You can also use the 'localhost' origin instead. See https://www.w3.org/TR/powerful-features/#potentially-trustworthy-origin and https://html.spec.whatwg.org/#the-cross-origin-opener-policy-header.
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

challenges.cloudflare.com
g19nupveu764415cec53a17.apitop.ru
2606:4700:3034::ac43:c48c
2606:4700::6812:7b9
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
1a1d96c66f623032a11c9f0966a39c90929961650660a3c965c8b8ebe2afbb53
33f2e538b97d5c9026764daf10fe2b38a9a8f3224805ef37463be42a886745f0
3edab82e55de6d26457b884f71c668acccc23efc5f447346e6606e8304709480
517ba8cb6d43cd8a7ff275023c9f71ef89f8b81bc147780bd492bfbd2101d9b4
51957b7f445f96a4f027db0a264c33904aaa9cd1ef944148008e41d54d4f8f0c
53972cdeb27f421b92aa87d8fab42fb48544e342012aced2c552c22926ce87a2
6a8fbb17beda2900c9e2041b202b986e91919574e2397bcfa0dccd4066cac6e3
84c3989a574d182cb98121778be33d34373d37f6c724b13ade12dbfb9b95170e
8a9f1641c86c93abd1988af03dd5222d768a1872184cd2f3eb550fbd4c4bd5a1
ae40afc91cb0a72f9fcbf89015a9fc5b3ee797c6151c5ab68f922a9d3bd58882
d6b64601f895bed389aa525bed33990514b3ea089b51569aaf245f9479caeac8
e41277bd48cc271455c85a90d1458c60265604cb04fcd58fc06436741d3d8c7c
e9eaf71ce4ff81604aea58b38176e003967b835f2f78d4dc4dd1d01325e542ca
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

g19nupveu764415cec53a17.apitop.ru Open in urlscan Pro 2606:4700:3034::ac43:c48c Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

16 Requests

31 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

369 kBTransfer

680 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

15 JavaScript Global Variables

1 Cookies

4 Console Messages

Security Headers

Indicators

g19nupveu764415cec53a17.apitop.ru Open in urlscan Pro
2606:4700:3034::ac43:c48c Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

31 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

369 kB
Transfer

680 kB
Size

1
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!