homelyharbortreasure.fun Open in urlscan Pro
2606:4700:3034::ac43:9dd5 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://yabbergrounds.com/click?s2=1097816179&s1=351853&s3=5766&s4=1D&s7=dn&s8=164&trvid=11022
Effective URL:
https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=
Submission: On December 02 via manual (December 2nd 2023, 2:51:51 pm UTC) from US — Scanned from DE

Summary HTTP 18 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 4 domains to perform 18 HTTP transactions. The main IP is 2606:4700:3034::ac43:9dd5, located in United States and belongs to CLOUDFLARENET, US. The main domain is homelyharbortreasure.fun.
TLS certificate: Issued by GTS CA 1P5 on December 1st 2023. Valid for: 3 months.

This is the only time homelyharbortreasure.fun was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

	IP Address	AS Autonomous System
1 1	23.94.102.181 23.94.102.181	36352 (AS-COLOCR...) (AS-COLOCROSSING)
1 1	2606:4700:303... 2606:4700:3030::6815:5471	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2606:4700:303... 2606:4700:3034::ac43:9dd5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6811:2b8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	3

1 23.94.102.181 (United States) 1 redirects

ASN36352 (AS-COLOCROSSING, US)
PTR: 23-94-102-181-host.colocrossing.com

yabbergrounds.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3030::6815:5471 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

b.bestconvs.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700:3034::ac43:9dd5 (United States)

ASN13335 (CLOUDFLARENET, US)

homelyharbortreasure.fun	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:2b8 (United States)

ASN13335 (CLOUDFLARENET, US)

challenges.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	homelyharbortreasure.fun homelyharbortreasure.fun	161 KB
4	cloudflare.com challenges.cloudflare.com — Cisco Umbrella Rank: 5770	23 KB
1	bestconvs.net 1 redirects b.bestconvs.net	551 B
1	yabbergrounds.com 1 redirects yabbergrounds.com — Cisco Umbrella Rank: 839476	2 KB
18	4

	Domain	Requested by
12	homelyharbortreasure.fun	homelyharbortreasure.fun
4	challenges.cloudflare.com	homelyharbortreasure.fun challenges.cloudflare.com
1	b.bestconvs.net	1 redirects
1	yabbergrounds.com	1 redirects
18	4

This site contains links to these domains. Also see Links.

Domain
www.cloudflare.com

Subject Issuer	Validity	Valid
homelyharbortreasure.fun GTS CA 1P5	`2023-12-01` - `2024-02-29`	3 months	crt.sh
challenges.cloudflare.com Cloudflare Inc ECC CA-3	`2023-08-18` - `2024-08-17`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=
Frame ID: B5999785E3C11A12299F4D6A35848AF9
Requests: 18 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/aggff/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Frame ID: 89180BA1BD6052AAD3D8B41321370C93
Requests: 1 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/s0wbi/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Frame ID: F2089F25B26A70E04639E257EAD32020
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Just a moment...

Page URL History Show full URLs

https://yabbergrounds.com/click?s2=1097816179&s1=351853&s3=5766&s4=1D&s7=dn&s8=164&trvid=11022 HTTP 302
https://b.bestconvs.net/aff_c?offer_id=11319&aff_id=1030&aff_sub2=cqZUr7oCrPAy&aff_sub1=5766 HTTP 302
https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=576... Page URL
https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=576... Page URL

Page Statistics

18
Requests

89 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

3
IPs

1
Countries

184 kB
Transfer

464 kB
Size

4
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cloudflare.com/?utm_source=challenge&utm_campaign=m
Title: Cloudflare

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://yabbergrounds.com/click?s2=1097816179&s1=351853&s3=5766&s4=1D&s7=dn&s8=164&trvid=11022 HTTP 302
https://b.bestconvs.net/aff_c?offer_id=11319&aff_id=1030&aff_sub2=cqZUr7oCrPAy&aff_sub1=5766 HTTP 302
https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4= Page URL
https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://yabbergrounds.com/click?s2=1097816179&s1=351853&s3=5766&s4=1D&s7=dn&s8=164&trvid=11022 HTTP 302
https://b.bestconvs.net/aff_c?offer_id=11319&aff_id=1030&aff_sub2=cqZUr7oCrPAy&aff_sub1=5766 HTTP 302
https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=

18 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

403

NiYvvUKYgePIc4Dx6KJUxIt1M Show response
homelyharbortreasure.fun/c/
Redirect Chain

https://yabbergrounds.com/click?s2=1097816179&s1=351853&s3=5766&s4=1D&s7=dn&s8=164&trvid=11022
https://b.bestconvs.net/aff_c?offer_id=11319&aff_id=1030&aff_sub2=cqZUr7oCrPAy&aff_sub1=5766
https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=

7 KB
6 KB

81ms
32ms

Document
text/html

2606:4700:3034::ac43:9dd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::ac43:9dd5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a9ef71ddecec1160d284d7c26fae801ed19b881a808be16d92b3fd731f71fe0

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-mitigated: challenge
cf-ray: 82f463d2a9f93a6e-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
date: Sat, 02 Dec 2023 14:51:47 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FW75N4erJEVkkg%2BtI2GS8C1vzj3zCgSCTkZ8NP01raQidXcZ%2FlJx0OwxW%2B3Qkhsegdc%2Bu12DFazJI8S7q7Ns9mzar0bSccSTYGbgnWA2cVufBZXOWxN%2F%2Fhp0atdsA%2Bjr9DM98fLoK4ZSKEiQO%2Fs7P4eqYdkCDxM%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 82f463d1ec4e5d84-FRA
content-length: 329
date: Sat, 02 Dec 2023 14:51:46 GMT
expires: Sat, 26 Jul 1997 05:00:00 GMT
location: https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ayvvfCKYg049Wm1aj2rF02G3hDNklauRM7vhIhkoHsm1wk2qtlYYTGkckYTZKRiM0SCoRNc67Z9%2BZarQYPt0RXrzkAjyaxHx1BBG713jih9c%2FFpIwng9wshBiTcvefUhJQGR4cUNme3Q9sAm4Ws%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 challenges.css
homelyharbortreasure.fun/cdn-cgi/styles/ 6 KB
3 KB 10ms
10ms Stylesheet
text/css 2606:4700:3034::ac43:9dd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://homelyharbortreasure.fun/cdn-cgi/styles/challenges.css

Requested by

Host: homelyharbortreasure.fun
URL: https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::ac43:9dd5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b0bd09c1cc7119d27e45353a59bf6c2721563e1689853ff704057a7439508d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 02 Dec 2023 14:51:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 28 Nov 2023 16:06:21 GMT
server: cloudflare
etag: W/"65660ffd-19c8"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 82f463d2fa483a6e-FRA
expires: Sat, 02 Dec 2023 16:51:47 GMT

GET
H2 200 v1 Show response
homelyharbortreasure.fun/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/ 165 KB
56 KB 21ms
21ms Script
application/javascript 2606:4700:3034::ac43:9dd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://homelyharbortreasure.fun/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=82f463d2a9f93a6e
Requested by: Host: homelyharbortreasure.fun
URL: https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::ac43:9dd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 709ecac4a373d02ac7c7a52218d35a67e055079277d44e7f1927e2d54dd9d643

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=&__cf_chl_rt_tk=PFE8Jl0TqI9x17o39bZJOsAdFXxSzQFR7If6elN.1M4-1701528707-0-gaNycGzNDjs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 02 Dec 2023 14:51:47 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lz3bJCKnQNvRNjcKphrgVCC6YZhi9sus4rLIDB4RvJ8zT6LYev5Sla4SbAvmt%2B2AUEbvmLpo3rKLgprl%2BKx6h7QMh%2Fg%2BuBk%2FLVmzUACbr8n8kZUzw%2FH1rUv0WsJTVGGs0549zKU4OXTlZcG7GL9hn7c%2FqaSnhlM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 82f463d30a5b3a6e-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 api.js Show response
challenges.cloudflare.com/turnstile/v0/b/56d3063b/ 33 KB
11 KB 68ms
29ms Script
application/javascript 2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/b/56d3063b/api.js?onload=CUdK8&render=explicit
Requested by: Host: homelyharbortreasure.fun
URL: https://homelyharbortreasure.fun/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=82f463d2a9f93a6e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: acbe221d9bb71e85d0a3b52a7a9d44ee4669ab664186b32d0c737a2be62681e7

Request headers

Referer
Origin: https://homelyharbortreasure.fun
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 02 Dec 2023 14:51:47 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cf-ray: 82f463d378392c5f-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 403 favicon.ico
homelyharbortreasure.fun/ 402 B
402 B 17ms
16ms Image
text/html 2606:4700:3034::ac43:9dd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://homelyharbortreasure.fun/favicon.ico

Requested by

Host: homelyharbortreasure.fun
URL: https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:9dd5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f9903d58aca712e5370cb4fe7c987c11e48ed44106c7bdb02ec8c21057471091

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 02 Dec 2023 14:51:47 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: same-origin
alt-svc: h3=":443"; ma=86400
referrer-policy: same-origin
server: cloudflare
cross-origin-opener-policy: same-origin
cf-mitigated: challenge
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H4LlXAo94hvZ7RWeqPOxg%2FxFk9mo9XGQ8aW79xNvOVVx6Knk2dz9mAfL101qhBSDH0ZWvVxXY%2F6h3vqZOsOpU50MPfaicGRlGnxLje4XLqM8N9pq7Bh0sHCOySF%2BqXHnSxPypi72TP0%2BFeOmQcCb9n7WuSeciRs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cf-ray: 82f463d339bd5d93-FRA
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
DATA 200
OK truncated
/ 586 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

GET
BLOB 200
OK 0a585171-c3cc-4d3b-b6c5-aa98d1122478
https://homelyharbortreasure.fun/ 13 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://homelyharbortreasure.fun/0a585171-c3cc-4d3b-b6c5-aa98d1122478
Requested by: Host: homelyharbortreasure.fun
URL: https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8860e7fef89219a219cb11d18bd8e4a322f32072613f86e935e7fe162ab69c04

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Length: 13
Content-Type: text/javascript

POST
H3 200 39a785ba8ed8bdc Show response
homelyharbortreasure.fun/cdn-cgi/challenge-platform/h/b/flow/ov1/1941286659:1701526083:uqMsxWbCiBGtJrxBg1Kbji6Ov5NSXVLdWVD4kaInV7A/82f463d2a9f93a6e/ 12 KB
10 KB 54ms
54ms XHR
text/plain 2606:4700:3034::ac43:9dd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://homelyharbortreasure.fun/cdn-cgi/challenge-platform/h/b/flow/ov1/1941286659:1701526083:uqMsxWbCiBGtJrxBg1Kbji6Ov5NSXVLdWVD4kaInV7A/82f463d2a9f93a6e/39a785ba8ed8bdc
Requested by: Host: homelyharbortreasure.fun
URL: https://homelyharbortreasure.fun/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=82f463d2a9f93a6e
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:9dd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6713e7ccf5284415825bb146f7517d2c404fccbf8ce55e7a30fe8c171f9cd40f

Request headers

Referer: https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
CF-Challenge: 39a785ba8ed8bdc
Content-type: application/x-www-form-urlencoded

Response headers

date: Sat, 02 Dec 2023 14:51:47 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tiltbYzjHfKmO2fj0SzF%2FSpkLD87meQFjGU9PmHFYK1fEa31AjqWVGkXchylIfQBk6Md13VYKRLuUxlZmM%2FboAj0B%2FXTVBSr9YHiJhKLkiGNkupyknywls%2BJaMwcFvyeYlJv1t5J%2Fw%2FnVVYo3R3mIFqJHRPdtuA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 82f463d3ea895d93-FRA
alt-svc: h3=":443"; ma=86400
cf-chl-gen: 9YXt6/5o4CHeCoAgx0+EMTZ0YpMOsOnGs0cPdD8heCZQGV62u6tp1IkNIvOcnuPC$r58lPF4KCTqofxj/H8oVVw==

GET
H3 200 normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/aggff/0x4AAAAAAADnPIDROrmt1Wwj/light/ Frame 8918 0
0 35ms
24ms Document
text/html 2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/aggff/0x4AAAAAAADnPIDROrmt1Wwj/light/normal

Requested by

Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/b/56d3063b/api.js?onload=CUdK8&render=explicit

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 82f463d468a43a4f-FRA
content-encoding: br
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Sat, 02 Dec 2023 14:51:47 GMT
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare

POST
H3 200 39a785ba8ed8bdc Show response
homelyharbortreasure.fun/cdn-cgi/challenge-platform/h/b/flow/ov1/1941286659:1701526083:uqMsxWbCiBGtJrxBg1Kbji6Ov5NSXVLdWVD4kaInV7A/82f463d2a9f93a6e/ 2 KB
2 KB 29ms
29ms XHR
text/html 2606:4700:3034::ac43:9dd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://homelyharbortreasure.fun/cdn-cgi/challenge-platform/h/b/flow/ov1/1941286659:1701526083:uqMsxWbCiBGtJrxBg1Kbji6Ov5NSXVLdWVD4kaInV7A/82f463d2a9f93a6e/39a785ba8ed8bdc
Requested by: Host: homelyharbortreasure.fun
URL: https://homelyharbortreasure.fun/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=82f463d2a9f93a6e
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:9dd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 527f18d5d248d05a61af5badad279cd7067e4a9f38e00bf7807d21521c4a056d

Request headers

Referer: https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
CF-Challenge: 39a785ba8ed8bdc
Content-type: application/x-www-form-urlencoded

Response headers

cf-chl-out: c+4VZJAcjpKs1csSj4L2deiysjBEcAxMXrPaobXFkV+kyMPQcVAFahvWW9Vyw8KlGKsFkGvGP/wtIeGvpkt2SZgoNg5c+oVqi9yEH+Y7TZ0=$hPVDUT9sowMCuJkUVA5dfw==
cf-chl-out-s: w5UVRET4awmzALAuqi8a+T7+iiXnount2z29ixknqLvkIMCfVYE/ph62sHGGyRaa1dV0UKGBkyQd19asP/zz9JqW5pWW143yeZzcwdYAJziYaZzR3oFlA1tDxhA1Gl7vsxsP0CO5q3VuETkG2EQHVw==$EE+PZyQHlzVyVoxYZpu5uw==
date: Sat, 02 Dec 2023 14:51:47 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rqI6ev2gUV0is9qvIJMufX4kUFmggQX2S61ayaZivKO4mwNuTH6ltUuM4%2F82%2BdzgHxYqr1xkiP1Ml12o4UdqTarWH3W458%2Fh41BjPlm9zu5EcDuNtskPRJUZZ7aDcn2q6ntEiF0gqGAGXJ4yAGIf2%2FeDt65a%2FOo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 82f463d5bcc15d93-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 403 Primary Request NiYvvUKYgePIc4Dx6KJUxIt1M Show response
homelyharbortreasure.fun/c/ 7 KB
5 KB 14ms
14ms Document
text/html 2606:4700:3034::ac43:9dd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=

Requested by

Host: homelyharbortreasure.fun
URL: https://homelyharbortreasure.fun/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=82f463d2a9f93a6e

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:9dd5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c8a2dc8a72f19da1ce140d04ce5dcb516b2421e48e7a074dca59d82d4595230d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-mitigated: challenge
cf-ray: 82f463e608ed5d93-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
date: Sat, 02 Dec 2023 14:51:50 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jp9r145m3Y9F1GyudsWuXQzLq2M6LTPjdYlsN%2FC6aNrlJNK8oRxp%2B%2B2tWnG1apRLl%2Fw0z9GjpLSWOCOCKvCdnOi9HNHmKLqCMO5nYNnr0yp70tYcN5fxyrwO0fh9%2FuksoJUVFnj8j9c3g3wTv58c3cMGrecJnhI%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H3 200 challenges.css
homelyharbortreasure.fun/cdn-cgi/styles/ 6 KB
3 KB 14ms
14ms Stylesheet
text/css 2606:4700:3034::ac43:9dd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://homelyharbortreasure.fun/cdn-cgi/styles/challenges.css

Requested by

Host: homelyharbortreasure.fun
URL: https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:9dd5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b0bd09c1cc7119d27e45353a59bf6c2721563e1689853ff704057a7439508d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 02 Dec 2023 14:51:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 28 Nov 2023 16:07:35 GMT
server: cloudflare
etag: W/"65661047-19c8"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 82f463e619065d93-FRA
expires: Sat, 02 Dec 2023 16:51:50 GMT

GET
H3 200 v1 Show response
homelyharbortreasure.fun/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/ 170 KB
58 KB 23ms
23ms Script
application/javascript 2606:4700:3034::ac43:9dd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://homelyharbortreasure.fun/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=82f463e608ed5d93
Requested by: Host: homelyharbortreasure.fun
URL: https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:9dd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89788c101aab5a3ab7a492244c6c5ac7700daff78d590f72e1b01c2f39101cb2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=&__cf_chl_rt_tk=mtaMFDiPhdvybSOC7iYNNX9ncx3WWVHYBdVyv00mXio-1701528710-0-gaNycGzNC5A
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 02 Dec 2023 14:51:50 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2zOzm%2FnJSDKxgHOfGeZxNJz9kYtFj9B%2BRm5q5iih8lkH5nT47IWyn2Ku7o9H7dp8gwiWPkv82TRbQPsjsJCVkNv4ZQRdsX9PrB2zgRPTGPv8K9joNlCZ%2FINlPXElajaOT73mBwlaCKPZlvfh%2FyAlGsQAPCW7Jp8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 82f463e6391f5d93-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 api.js Show response
challenges.cloudflare.com/turnstile/v0/b/56d3063b/ 33 KB
11 KB 43ms
43ms Script
application/javascript 2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/b/56d3063b/api.js?onload=CUdK8&render=explicit
Requested by: Host: homelyharbortreasure.fun
URL: https://homelyharbortreasure.fun/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=82f463e608ed5d93
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: acbe221d9bb71e85d0a3b52a7a9d44ee4669ab664186b32d0c737a2be62681e7

Request headers

Referer
Origin: https://homelyharbortreasure.fun
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 02 Dec 2023 14:51:50 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cf-ray: 82f463e67bfa2c5f-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 403 favicon.ico
homelyharbortreasure.fun/ 6 KB
6 KB 21ms
21ms Image
text/html 2606:4700:3034::ac43:9dd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://homelyharbortreasure.fun/favicon.ico

Requested by

Host: homelyharbortreasure.fun
URL: https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:9dd5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d88ef96eb5c3a36cc679730efaaf2ff73cfbd63a019c332d9762da5ddabb40a

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 02 Dec 2023 14:51:50 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: same-origin
alt-svc: h3=":443"; ma=86400
referrer-policy: same-origin
server: cloudflare
cross-origin-opener-policy: same-origin
cf-mitigated: challenge
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f0MYo1toFecyrP825yrTAOfuOsRqkhqU3CEOD1uzgmBZO%2FMgMWrgm%2BSnGSmyzx0cABTT0Zei3GmnQEUT1NCMyUXEEzlRq1kG%2Fr0W2FU89UP6yaT%2FhUhdmDlhuDwqzw3zCfn08fc14mwUXYu2SIkDAAUFiCRNVkU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cf-ray: 82f463e689865d93-FRA
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
DATA 200
OK truncated
/ 586 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

GET
BLOB 200
OK 9e55e618-e1e7-47cf-9b94-70a62aaeb1e1
https://homelyharbortreasure.fun/ 13 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://homelyharbortreasure.fun/9e55e618-e1e7-47cf-9b94-70a62aaeb1e1
Requested by: Host: homelyharbortreasure.fun
URL: https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8860e7fef89219a219cb11d18bd8e4a322f32072613f86e935e7fe162ab69c04

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Length: 13
Content-Type: text/javascript

POST
H3 200 ec27dee075afe05 Show response
homelyharbortreasure.fun/cdn-cgi/challenge-platform/h/b/flow/ov1/2140640860:1701525918:448CJtkojJ5E8Q9zoCjoGuBparxxXEsp099LIBJ5U2M/82f463e608ed5d93/ 12 KB
10 KB 40ms
40ms XHR
text/plain 2606:4700:3034::ac43:9dd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://homelyharbortreasure.fun/cdn-cgi/challenge-platform/h/b/flow/ov1/2140640860:1701525918:448CJtkojJ5E8Q9zoCjoGuBparxxXEsp099LIBJ5U2M/82f463e608ed5d93/ec27dee075afe05
Requested by: Host: homelyharbortreasure.fun
URL: https://homelyharbortreasure.fun/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=82f463e608ed5d93
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:9dd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 997d833dbd39931e8fe87c53b4a37033473125c8b6d751e0df382ad88b5806e3

Request headers

Referer: https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
CF-Challenge: ec27dee075afe05
Content-type: application/x-www-form-urlencoded

Response headers

date: Sat, 02 Dec 2023 14:51:50 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EgCsOXadVHRQCWNsRXdMKJ6N5Lr48Q%2F5yyVl6IYoOvHHr93mR8bb%2FpaMHnDZ%2FAd6GhhTiaktIyM7kI0GkUhnboj%2FUg0K3eTH%2BFiIKvloGGbeyhrzHoKlTpKopCod0%2B37C4uIDoELmkcroe4vWpvf8v5HWQIyPTM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 82f463e72a5a5d93-FRA
alt-svc: h3=":443"; ma=86400
cf-chl-gen: BR7TIadsyogRylJGzPpdXzgVatUaSeDQHqao/EmfN7Kq3YeXOJOCpFIYYocNo0Pv$PxyME7MyCC1RkP5Om0P8zQ==

GET
H3 200 normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/s0wbi/0x4AAAAAAADnPIDROrmt1Wwj/light/ Frame F208 0
0 25ms
25ms Document
text/html 2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/s0wbi/0x4AAAAAAADnPIDROrmt1Wwj/light/normal

Requested by

Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/b/56d3063b/api.js?onload=CUdK8&render=explicit

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 82f463e78a583a4f-FRA
content-encoding: br
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Sat, 02 Dec 2023 14:51:50 GMT
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare

POST
H3 200 ec27dee075afe05 Show response
homelyharbortreasure.fun/cdn-cgi/challenge-platform/h/b/flow/ov1/2140640860:1701525918:448CJtkojJ5E8Q9zoCjoGuBparxxXEsp099LIBJ5U2M/82f463e608ed5d93/ 2 KB
2 KB 34ms
34ms XHR
text/html 2606:4700:3034::ac43:9dd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://homelyharbortreasure.fun/cdn-cgi/challenge-platform/h/b/flow/ov1/2140640860:1701525918:448CJtkojJ5E8Q9zoCjoGuBparxxXEsp099LIBJ5U2M/82f463e608ed5d93/ec27dee075afe05
Requested by: Host: homelyharbortreasure.fun
URL: https://homelyharbortreasure.fun/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=82f463e608ed5d93
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:9dd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f8c230195ee8598cef0f429fdfc5d79d6951951dea5ca997b92711831ab44c59

Request headers

Referer: https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
CF-Challenge: ec27dee075afe05
Content-type: application/x-www-form-urlencoded

Response headers

cf-chl-out: f3LUFgyoeD28wVma+LyWZD+/Vibm8uTI1EF//53lz756uIq5ZTe36Ok2RNZ0vqsMi9ZIsZeLjEafaos47birHb3/+jpph2DspmV4mSNCU9g=$3pUOrwcK3Tv7iSQ3u32BvQ==
cf-chl-out-s: xSavhfhpuLAE9mj7ANwyv/EqZHC7F+v7Cuc5EJbyBxQyfT6ZParquT9duBVl0COJOOKNBL5LIDQaU/uxQreJeAHjvHz792nHb3N1vc6DbUJNTqTwUzSjPlKtsE6xIBRplmg5NpWmUYYq5yp1Oc88yF0rmjxZCvnDAx1aYTuFwQSMXPLkUPaqHRlVX5ySN0eQDZSqKNIAl7M2YG59vz+Npd6tRwllfCICOV7CkaCK2lltJkj4+/F7WNJin4XXENzB$6l7Mh5NhxgGjDKuuGd+QhA==
date: Sat, 02 Dec 2023 14:51:50 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BagjOFsAl%2FRUR8gKnJITomA5TyV8Vq7my%2F7G%2B2LrfnZgqW1FGuoR%2BTAgI9Z7IsSSryf%2FWsQZ%2B8H4%2BLW1MzPMJYzUbDxxdi1cGZltmmzPOhpJvt9ARe0tV0n4xWsZEvSsAIMKsZw6Dg%2F3ydWu0Vb1tH3r%2FtMmkdk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 82f463e8dc225d93-FRA
alt-svc: h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Malicious task.domain
Submitted on December 2nd 2023, 2:52:47 pm UTC — From United States

Threats: Malware Unwanted Software Potentially Harmful Application
Comment: RUSSIAN SPYWARE: https://yabbergrounds.com/click?s2=1097816179&s1=351853&s3=5766&s4=1D&s7=dn&s8=164&trvid=11022 sent by RUSSIAN MALNET using harvested emails and MALICIOUS websites: https://storage.googleapis.com http://utoronto.gb.net https://juralpicture.pro https://toponeselectionsproducts.com https://yabbergrounds.com https://www.totaladblock.com https://urchingquest.com https://resedadome.pro https://www.winvegasplus-uk.com https://corporateeventplanningtips.com http://mastergloblive.com

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
yabbergrounds.com/	1970-01-20 17:22:00	Name: ClickDataNG Value: H4sIAAAAAAAA_7xU7Y7bNhB8FWH7JwEImZT1YTMwAtd3bYrEQdDe9YCiQEBJax9hmVSXpBI3uXcvKKl37gv0l_djZM3O7ugbDEhOWwMSRMpTDgz8pUeQnIEL9d2_cWPNgOSxBXlQnUMGTaeb0y8tSGj--uOeKrujT9sLMGiVR5Ci4qLIVhUvGTTq3Ct9NBEtBM8yBtrtPm1BegrIgKxXXtuxv1oXDCh0GJMsj48Ttpqw8Xv0jzZWGTgbqBkhgkGnTKvNMWb8ObunDiQAA3s4II3ILFtlDGpSpnmcwWNzgj563zu5WNRpjc7HeV1q0C_U4fC5eTsCP-t2I8RSrP8MnGdl7MQKX_KXggt1trlW5D8tsSmqsvzBeIiSOj-SIBzQhEnnXl1s8CDzYia3C0RomgtIuL3_FRgE0ldsL6qukY5kg2ld2tjzYtzLW5dtBF9XK1GKaqbrxGZZiFWxnNPlyGVO8o24mcNq05o5XG1EmU-xp2GcnmcZMND9tm0JnQMJeZGKXKSiyNIqv-6V0wKCQ9oe0XiQsLd_665TiyLlyasHbVr7xSUf7xLBU_4medCmzN8kX8v8dbLt-w4fsH6v_aJYVumyTF69f3e3_8CSTp8w-Rmbk32d7B7JnnEhxDrlackjl_U6-U0dFOn5OYgKH5CQQML_I0-Lg27w2Tw2yjRPGy_S_f5iuui4muwXN9Kbxnn-hx9JmXZScSrsbYvddeGjOuOUN9PrYGeptxQ9GF3WR9GzvEpuA9kex7MLxlO8p5vbUZrjxOTm9vv3d-jciNH-Mpd-ImVOh0A-Uedkr7SBeKSExu-ikrPHSB-1-dBflTwp41Qz2dqBNKHrGDTBeXsG-Q3wq0cyqhu_IC-7AAYDBwnTKmImQELcRIyziL2J0XJ6y5DPv_HW2shtqCKmzOHp6Z8AAAD__88y4xrdBAAA
yabbergrounds.com/	1970-01-20 17:22:00	Name: ClickDataNgFall Value: H4sIAAAAAAAA_7xU7Y7bNhB8FWH7JwEImZT1YTMwAtd3bYrEQdDe9YCiQEBJax9hmVSXpBI3uXcvKKl37gv0l_djZM3O7ugbDEhOWwMSRMpTDgz8pUeQnIEL9d2_cWPNgOSxBXlQnUMGTaeb0y8tSGj--uOeKrujT9sLMGiVR5Ci4qLIVhUvGTTq3Ct9NBEtBM8yBtrtPm1BegrIgKxXXtuxv1oXDCh0GJMsj48Ttpqw8Xv0jzZWGTgbqBkhgkGnTKvNMWb8ObunDiQAA3s4II3ILFtlDGpSpnmcwWNzgj563zu5WNRpjc7HeV1q0C_U4fC5eTsCP-t2I8RSrP8MnGdl7MQKX_KXggt1trlW5D8tsSmqsvzBeIiSOj-SIBzQhEnnXl1s8CDzYia3C0RomgtIuL3_FRgE0ldsL6qukY5kg2ld2tjzYtzLW5dtBF9XK1GKaqbrxGZZiFWxnNPlyGVO8o24mcNq05o5XG1EmU-xp2GcnmcZMND9tm0JnQMJeZGKXKSiyNIqv-6V0wKCQ9oe0XiQsLd_665TiyLlyasHbVr7xSUf7xLBU_4medCmzN8kX8v8dbLt-w4fsH6v_aJYVumyTF69f3e3_8CSTp8w-Rmbk32d7B7JnnEhxDrlackjl_U6-U0dFOn5OYgKH5CQQML_I0-Lg27w2Tw2yjRPGy_S_f5iuui4muwXN9Kbxnn-hx9JmXZScSrsbYvddeGjOuOUN9PrYGeptxQ9GF3WR9GzvEpuA9kex7MLxlO8p5vbUZrjxOTm9vv3d-jciNH-Mpd-ImVOh0A-Uedkr7SBeKSExu-ikrPHSB-1-dBflTwp41Qz2dqBNKHrGDTBeXsG-Q3wq0cyqhu_IC-7AAYDBwnTKmImQELcRIyziL2J0XJ6y5DPv_HW2shtqCKmzOHp6Z8AAAD__88y4xrdBAAA
homelyharbortreasure.fun/	1970-01-20 16:38:52	Name: cf_chl_rc_m Value: 1
homelyharbortreasure.fun/	1970-01-20 16:38:52	Name: cf_chl_2 Value: ec27dee075afe05

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'browsing-topics'.
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=#nt Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://homelyharbortreasure.fun/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'browsing-topics'.
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: https://homelyharbortreasure.fun/c/NiYvvUKYgePIc4Dx6KJUxIt1M?s1=102e3366258de0f8434cccaed9b308&s2=1030&s3=5766&offer_id=11319&s4=#nt Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://homelyharbortreasure.fun/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

b.bestconvs.net
challenges.cloudflare.com
homelyharbortreasure.fun
yabbergrounds.com
23.94.102.181
2606:4700:3030::6815:5471
2606:4700:3034::ac43:9dd5
2606:4700::6811:2b8
0a9ef71ddecec1160d284d7c26fae801ed19b881a808be16d92b3fd731f71fe0
0d88ef96eb5c3a36cc679730efaaf2ff73cfbd63a019c332d9762da5ddabb40a
2b0bd09c1cc7119d27e45353a59bf6c2721563e1689853ff704057a7439508d2
527f18d5d248d05a61af5badad279cd7067e4a9f38e00bf7807d21521c4a056d
6713e7ccf5284415825bb146f7517d2c404fccbf8ce55e7a30fe8c171f9cd40f
709ecac4a373d02ac7c7a52218d35a67e055079277d44e7f1927e2d54dd9d643
8860e7fef89219a219cb11d18bd8e4a322f32072613f86e935e7fe162ab69c04
89788c101aab5a3ab7a492244c6c5ac7700daff78d590f72e1b01c2f39101cb2
997d833dbd39931e8fe87c53b4a37033473125c8b6d751e0df382ad88b5806e3
acbe221d9bb71e85d0a3b52a7a9d44ee4669ab664186b32d0c737a2be62681e7
c8a2dc8a72f19da1ce140d04ce5dcb516b2421e48e7a074dca59d82d4595230d
f8c230195ee8598cef0f429fdfc5d79d6951951dea5ca997b92711831ab44c59
f9903d58aca712e5370cb4fe7c987c11e48ed44106c7bdb02ec8c21057471091
fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa

homelyharbortreasure.fun Open in urlscan Pro 2606:4700:3034::ac43:9dd5 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

18 Requests

89 %HTTPS

75 %IPv6

4 Domains

4 Subdomains

3 IPs

1 Countries

184 kBTransfer

464 kBSize

4 Cookies

1 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Malicious task.domain Submitted on December 2nd 2023, 2:52:47 pm UTC — From United States

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

15 JavaScript Global Variables

4 Cookies

8 Console Messages

Security Headers

Indicators

homelyharbortreasure.fun Open in urlscan Pro
2606:4700:3034::ac43:9dd5 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

89 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

3
IPs

1
Countries

184 kB
Transfer

464 kB
Size

4
Cookies

18 HTTP transactions
2 data transactions

Malicious task.domain
Submitted on December 2nd 2023, 2:52:47 pm UTC — From United States

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!