login.ibetrust.org Open in urlscan Pro
2606:4700:3036::6815:a98 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://socx.in/za3ht7
Effective URL:
https://login.ibetrust.org/YxAjOnzW
Submission: On February 03 via manual (February 3rd 2023, 12:26:01 pm UTC) from NL — Scanned from NL

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 6 domains to perform 17 HTTP transactions. The main IP is 2606:4700:3036::6815:a98, located in United States and belongs to CLOUDFLARENET, US. The main domain is login.ibetrust.org.
TLS certificate: Issued by GTS CA 1P5 on January 19th 2023. Valid for: 3 months.

This is the only time login.ibetrust.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	20.43.132.131 20.43.132.131	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:4700:303... 2606:4700:3036::6815:a98	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 8	2606:4700::68... 2606:4700::6812:7b9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	104.16.169.131 104.16.169.131	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	18.66.147.81 18.66.147.81	16509 (AMAZON-02) (AMAZON-02)
1	65.9.66.59 65.9.66.59	16509 (AMAZON-02) (AMAZON-02)
17	5

1 20.43.132.131 (Singapore) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

socx.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::6815:a98 (United States)

ASN13335 (CLOUDFLARENET, US)

login.ibetrust.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700::6812:7b9 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

challenges.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.16.169.131 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
newassets.hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.81 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-81.fra60.r.cloudfront.net

findicons.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.66.59 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-59.fra56.r.cloudfront.net

images.freeimages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	hcaptcha.com js.hcaptcha.com — Cisco Umbrella Rank: 14189 newassets.hcaptcha.com — Cisco Umbrella Rank: 11193 hcaptcha.com — Cisco Umbrella Rank: 5061	697 KB
8	cloudflare.com 1 redirects challenges.cloudflare.com — Cisco Umbrella Rank: 15799	102 KB
1	freeimages.com images.freeimages.com — Cisco Umbrella Rank: 155368	604 B
1	findicons.com 1 redirects findicons.com — Cisco Umbrella Rank: 297154	307 B
1	ibetrust.org login.ibetrust.org	5 KB
1	socx.in 1 redirects socx.in	359 B
17	6

	Domain	Requested by
8	challenges.cloudflare.com	1 redirects login.ibetrust.org challenges.cloudflare.com
6	newassets.hcaptcha.com	js.hcaptcha.com newassets.hcaptcha.com
1	hcaptcha.com	newassets.hcaptcha.com
1	images.freeimages.com	login.ibetrust.org
1	findicons.com	1 redirects
1	js.hcaptcha.com	login.ibetrust.org
1	login.ibetrust.org
1	socx.in	1 redirects
17	8

This site contains no links.

Subject Issuer	Validity	Valid
*.ibetrust.org GTS CA 1P5	`2023-01-19` - `2023-04-19`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-15` - `2023-05-15`	a year	crt.sh
challenges.cloudflare.com Cloudflare Inc ECC CA-3	`2022-09-18` - `2023-09-17`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://login.ibetrust.org/YxAjOnzW
Frame ID: 9309037D1A0F2261BD16A9F331A629A4
Requests: 4 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/eh4ax/0x4AAAAAAACDuMxh2AYkvvBh/auto/normal
Frame ID: EA970BD7A344374314CE1422D5B70BEE
Requests: 6 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/cd119c9/static/hcaptcha.html
Frame ID: 8BA2137B64812A69AA00608388B20004
Requests: 4 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/cd119c9/static/hcaptcha.html
Frame ID: AB0DB44D445BB7A030AAE386C8F7B1F9
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Just a moment...

Page URL History Show full URLs

https://socx.in/za3ht7 HTTP 302
https://login.ibetrust.org/YxAjOnzW Page URL

Page Statistics

17
Requests

88 %
HTTPS

33 %
IPv6

6
Domains

8
Subdomains

5
IPs

3
Countries

805 kB
Transfer

2189 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://socx.in/za3ht7 HTTP 302
https://login.ibetrust.org/YxAjOnzW Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP 302
https://challenges.cloudflare.com/turnstile/v0/b/925b3ffa/api.js?onload=onloadTurnstileCallback

Request Chain 2

https://findicons.com/files/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png HTTP 301
https://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons

17 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request YxAjOnzW Show response
login.ibetrust.org/
Redirect Chain

https://socx.in/za3ht7
https://login.ibetrust.org/YxAjOnzW

22 KB
5 KB

820ms
586ms

Document
text/html

2606:4700:3036::6815:a98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://login.ibetrust.org/YxAjOnzW
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:a98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a86f1ab1f64d139417358039dbc0dacb37a19244e45c658d72b23cac52fa609

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 793b26e8fe7a3804-FRA
content-encoding: br
content-type: text/html
date: Fri, 03 Feb 2023 12:25:55 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bcUYgBChDyPY8E1aVPVfzyRlALzkJSZsHZlAzsA0gHYSP9Ioda5M7o%2BL4nWevOQHpyLdjEygHZ635vedWr1tp5wshVGDkjhuN%2BurxmPIa825VASZOYBrvgoarzFEjyX7msXgWLTRf4aiz3%2FSEULodOA%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

Redirect headers

content-length: 0
date: Fri, 03 Feb 2023 12:25:54 GMT
location: https://login.ibetrust.org/YxAjOnzW
request-context: appId=cid-v1:4e568551-7364-4599-ac57-aea0b3d066af
server: Microsoft-IIS/10.0
strict-transport-security: max-age=2592000
x-powered-by: ASP.NET

GET
H2

200

api.js Show response
challenges.cloudflare.com/turnstile/v0/b/925b3ffa/
Redirect Chain

https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
https://challenges.cloudflare.com/turnstile/v0/b/925b3ffa/api.js?onload=onloadTurnstileCallback

11 KB
4 KB

138ms
138ms

Script
application/javascript

2606:4700::6812:7b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/b/925b3ffa/api.js?onload=onloadTurnstileCallback
Requested by: Host: login.ibetrust.org
URL: https://login.ibetrust.org/YxAjOnzW
Protocol: H2
Server: 2606:4700::6812:7b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6714e5fb8951d17fe337f2e403fe5812257e7bb9109c2db031047fb08e72282

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://login.ibetrust.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 03 Feb 2023 12:25:56 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=31536000
cf-ray: 793b26ed5cfab704-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: /turnstile/v0/b/925b3ffa/api.js?onload=onloadTurnstileCallback
date: Fri, 03 Feb 2023 12:25:56 GMT
cache-control: max-age=300, public
server: cloudflare
cf-ray: 793b26ed1ce4b704-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
vary: accept-encoding

GET
H2 200 api.js Show response
js.hcaptcha.com/1/ 284 KB
80 KB 107ms
37ms Script
application/javascript 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hcaptcha.com/1/api.js

Requested by

Host: login.ibetrust.org
URL: https://login.ibetrust.org/YxAjOnzW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b59a4f0c66e696603ad5267b5c183c40ec37815746d0286ac5c00f263b54a3f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://login.ibetrust.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 03 Feb 2023 12:25:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 f58d1aa3b3b084adbea41c7523e2047e.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
age: 0
x-amz-cf-pop: FRA56-C1
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 02 Feb 2023 17:18:41 GMT
server: cloudflare
etag: W/"777d334016fd859eff9671706a59e51c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=120
cf-ray: 793b26ed1adeb97e-AMS
x-amz-cf-id: Pj1ZzFBzQrihDxAjiukJlT-2Q5mSBPq7V1qHvATEn_ilxFWl_3a7RA==

GET
H2

200

microsoft_new_logo_alt.png
images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/
Redirect Chain

https://findicons.com/files/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png
https://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons

254 B
604 B

243ms
88ms

Image
image/png

65.9.66.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons
Requested by: Host: login.ibetrust.org
URL: https://login.ibetrust.org/YxAjOnzW
Protocol: H2
Server: 65.9.66.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-59.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2267d1822dbefc10c25e17d1fa4a6d9331e5a126e2483c5aff542d6107ebca36

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://login.ibetrust.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 23 Jan 2023 12:59:03 GMT
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Tue, 20 Dec 2022 05:17:19 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 948414
etag: "57ab754695eb0a2c74201ecd6948c12f"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 254
x-amz-cf-id: wco-6gv3nIhGnNeOaWIhdm4WI5mpwoHc-1nkDx4V1kUIftet29aEQw==

Redirect headers

date: Tue, 17 Jan 2023 05:13:40 GMT
via: 1.1 9c920cc684a38b53bc9c7a44ba794874.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA60-P4
age: 1494736
x-cache: Hit from cloudfront
location: https://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons
content-length: 0
x-amz-cf-id: iAkG9dRqwpAawPS72Wy4HrQ5XkASpoRxnfOFOgtz9wKYYcbL7jgVOg==

GET
H3 200 normal Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/eh4ax/0x4AAAAAAACDuMxh2AYkvvBh/auto/ Frame EA97 19 KB
7 KB 83ms
52ms Document
text/html 2606:4700::6812:7b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/eh4ax/0x4AAAAAAACDuMxh2AYkvvBh/auto/normal
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:7b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d3faf3567b94316a54be5e63482b414a55f7b062269229fd050fdcf18310b63d

Request headers

Referer: https://login.ibetrust.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=0, must-revalidate
cf-ray: 793b26ee78eed0cd-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Fri, 03 Feb 2023 12:25:56 GMT
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare

GET
H2 200 hcaptcha.html Show response
newassets.hcaptcha.com/captcha/v1/cd119c9/static/ Frame 8BA2 2 KB
965 B 55ms
34ms Document
text/html 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/cd119c9/static/hcaptcha.html

Requested by

Host: js.hcaptcha.com
URL: https://js.hcaptcha.com/1/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2fd998c092179161c25bf613a38b76c8baf1df2b3e6740ee2cc224fe4b73de4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://login.ibetrust.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

access-control-allow-origin: *
age: 8337
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=1209600
cf-cache-status: HIT
cf-ray: 793b26eedd0ab97e-AMS
content-encoding: br
content-type: text/html
date: Fri, 03 Feb 2023 12:25:56 GMT
last-modified: Thu, 02 Feb 2023 17:18:40 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 c35168d6765ec616de06013427e871a2.cloudfront.net (CloudFront)
x-amz-cf-id: 68014VuiFxrNY8Kc2SbqMlpCrxCrTyO1lS5kDf7d_KEIvhJNQEFm3g==
x-amz-cf-pop: LHR50-P7
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 hcaptcha.html Show response
newassets.hcaptcha.com/captcha/v1/cd119c9/static/ Frame AB0D 2 KB
812 B 51ms
34ms Document
text/html 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/cd119c9/static/hcaptcha.html

Requested by

Host: js.hcaptcha.com
URL: https://js.hcaptcha.com/1/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2fd998c092179161c25bf613a38b76c8baf1df2b3e6740ee2cc224fe4b73de4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://login.ibetrust.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

access-control-allow-origin: *
age: 8337
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=1209600
cf-cache-status: HIT
cf-ray: 793b26eedd08b97e-AMS
content-encoding: br
content-type: text/html
date: Fri, 03 Feb 2023 12:25:56 GMT
last-modified: Thu, 02 Feb 2023 17:18:40 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 c35168d6765ec616de06013427e871a2.cloudfront.net (CloudFront)
x-amz-cf-id: 68014VuiFxrNY8Kc2SbqMlpCrxCrTyO1lS5kDf7d_KEIvhJNQEFm3g==
x-amz-cf-pop: LHR50-P7
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H3 200 v1 Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/ Frame EA97 109 KB
40 KB 39ms
38ms Script
application/javascript 2606:4700::6812:7b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=793b26ee78eed0cd
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/eh4ax/0x4AAAAAAACDuMxh2AYkvvBh/auto/normal
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:7b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca98653a6b637616af933a8a55ecd00ab5992bbbee92d59fcefa9ca74f5d1ae3

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/eh4ax/0x4AAAAAAACDuMxh2AYkvvBh/auto/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 03 Feb 2023 12:25:56 GMT
cache-control: max-age=0, must-revalidate
content-encoding: br
server: cloudflare
cf-ray: 793b26eef99ad0cd-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type: application/javascript; charset=UTF-8

GET
H2 200 hcaptcha.js Show response
newassets.hcaptcha.com/captcha/v1/cd119c9/ Frame 8BA2 284 KB
80 KB 56ms
33ms Script
application/javascript 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/cd119c9/hcaptcha.js

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/cd119c9/static/hcaptcha.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b59a4f0c66e696603ad5267b5c183c40ec37815746d0286ac5c00f263b54a3f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://newassets.hcaptcha.com/captcha/v1/cd119c9/static/hcaptcha.html
Origin: https://newassets.hcaptcha.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 03 Feb 2023 12:25:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 f58d1aa3b3b084adbea41c7523e2047e.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
age: 8339
x-amz-cf-pop: FRA56-C1
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 02 Feb 2023 17:18:41 GMT
server: cloudflare
etag: W/"777d334016fd859eff9671706a59e51c"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1209600
cf-ray: 793b26ef5dd7b97e-AMS
x-amz-cf-id: Pj1ZzFBzQrihDxAjiukJlT-2Q5mSBPq7V1qHvATEn_ilxFWl_3a7RA==

GET
H2 200 hcaptcha.js Show response
newassets.hcaptcha.com/captcha/v1/cd119c9/ Frame AB0D 284 KB
80 KB 67ms
58ms Script
application/javascript 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/cd119c9/hcaptcha.js

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/cd119c9/static/hcaptcha.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b59a4f0c66e696603ad5267b5c183c40ec37815746d0286ac5c00f263b54a3f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://newassets.hcaptcha.com/captcha/v1/cd119c9/static/hcaptcha.html
Origin: https://newassets.hcaptcha.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 03 Feb 2023 12:25:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 f58d1aa3b3b084adbea41c7523e2047e.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
age: 8339
x-amz-cf-pop: FRA56-C1
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 02 Feb 2023 17:18:41 GMT
server: cloudflare
etag: W/"777d334016fd859eff9671706a59e51c"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1209600
cf-ray: 793b26ef5ddab97e-AMS
x-amz-cf-id: Pj1ZzFBzQrihDxAjiukJlT-2Q5mSBPq7V1qHvATEn_ilxFWl_3a7RA==

GET
DATA 200
OK truncated
/ Frame AB0D 798 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 57cafa49fb677c3f09d6e90b051917d10e7bb54e83102a25f3d32b06e8fa59a7

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 checksiteconfig Show response
hcaptcha.com/ Frame AB0D 554 B
786 B 62ms
53ms XHR
application/json 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hcaptcha.com/checksiteconfig?v=cd119c9&host=login.ibetrust.org&sitekey=234adb2f-52ba-4697-82fa-abecbb14b173&sc=1&swa=1

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/cd119c9/hcaptcha.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a8901ca29f2885b87aae70b2e5954f55504442258d90d4f7948b5fd3153c50a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://newassets.hcaptcha.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 03 Feb 2023 12:25:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://newassets.hcaptcha.com
access-control-allow-credentials: true
cf-ray: 793b26f06f33b97e-AMS
access-control-allow-headers: Cache-Control, Content-Type, DNT, Referer, User-Agent, challenge-bypass-token, cf-chl-bypass, challenge-bypass-token, challenge-bypass-host, challenge-bypass-path
cf-chl-bypass: 2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 hsw.js Show response
newassets.hcaptcha.com/c/9b22d05/ Frame 8BA2 958 KB
336 KB 33ms
33ms Script
application/javascript 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/c/9b22d05/hsw.js

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/cd119c9/hcaptcha.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9370f4e9a55b9daf93917a2a7226a112bf6c2c372ed8df068ead17c3bad0603a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://newassets.hcaptcha.com/captcha/v1/cd119c9/static/hcaptcha.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 03 Feb 2023 12:25:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 1b575b46b9e4dd6b829accb4ea728b00.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
age: 68497
x-amz-cf-pop: AMS1-P2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 13 Jan 2023 15:40:25 GMT
server: cloudflare
etag: W/"277b1bbb94abec56cd02f39a1918a9a1"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1209600
cf-ray: 793b26f0ca5c0e87-AMS
x-amz-cf-id: acdVbSuStvfigmwdTfn7uZWXkRE5cCHtP_3DAC9dbD2dA01-EYfWiQ==

POST
H3 200 d808ebb5432c694 Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/0.014371898501537878:1675422962:1-RXepdM0gvV-1q1U4IyTmUi3zx2QIFsvlX2po2V-m0/793b26ee78eed0cd/ Frame EA97 83 KB
41 KB 75ms
74ms XHR
text/plain 2606:4700::6812:7b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/0.014371898501537878:1675422962:1-RXepdM0gvV-1q1U4IyTmUi3zx2QIFsvlX2po2V-m0/793b26ee78eed0cd/d808ebb5432c694
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=793b26ee78eed0cd
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:7b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d139d2573907cdc9fd2d55ea3bde3c424612bfea470c6c04ddb220c575b58d45

Request headers

Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/eh4ax/0x4AAAAAAACDuMxh2AYkvvBh/auto/normal
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
CF-Challenge: d808ebb5432c694
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 03 Feb 2023 12:25:56 GMT
content-encoding: br
cf_chl_gen: ZSvqwo+jw07EInZ4nkLm/5FZuxqTqmSM2V+qEl0mx0otFr7REayMxOAuSKdynPJQxud+bLuNvzNmPjwMkIAT9ebCoRu9qs1vkWbme6CnIsNtQhWPixax2Eqsdac1wrTqYCkXVffa4JyY/Xm6m8Xke+6ucvcBPjQmDmHXU12HG7cZFwWeRAoJB4xSTnlnDjyOMtNHmpuDeJzIZPv7x3U0yiYc81ONk3V/82F9Wy9BLtdig7dBNKSsLRPu9yo9TmdcyKBLt/bnxn5DUlnf8Q4sTCsV9x05YlXIq0cJIamV7ykQ1V0/c3QR1tFStLeZdui9$Ob35slUkNa1W3H+CMH2RIw==
server: cloudflare
cf-ray: 793b26f11c60d0cd-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type: text/plain; charset=UTF-8

GET
H3 200 e Show response
newassets.hcaptcha.com/i/9b22d05/ Frame 8BA2 119 KB
119 KB 40ms
40ms XHR
application/octet-stream 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/i/9b22d05/e

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/cd119c9/hcaptcha.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ebe6e7ccaf38419a5b06bdde353c102931ae9c7151a489bf74d65d160a22858e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://newassets.hcaptcha.com/captcha/v1/cd119c9/static/hcaptcha.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 03 Feb 2023 12:25:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 db3ad39d2b444e5c9e38affc6638a5cc.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-content-type-options: nosniff
age: 68481
x-amz-cf-pop: AMS1-P2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 121705
last-modified: Fri, 13 Jan 2023 15:40:25 GMT
server: cloudflare
etag: "284bef8bc510141739397adc870fb78a"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 793b26f2bcd40e87-AMS
x-amz-cf-id: 9hnjmAvhpa7S1ibqzW8k7BiMLTx4Nz9TD-wKkpaNO1GNiYKENtRM9w==

GET
H3 200 7WKxW6PgYikNnke
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/img/793b26ee78eed0cd/1675427156672/ Frame EA97 61 B
166 B 40ms
40ms Image
image/png 2606:4700::6812:7b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/img/793b26ee78eed0cd/1675427156672/7WKxW6PgYikNnke
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:7b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 228c84188d13eae81e0ded41bfaea08c1fd73d6638b4eff33cb4f36788c7cab8

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/eh4ax/0x4AAAAAAACDuMxh2AYkvvBh/auto/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 03 Feb 2023 12:25:57 GMT
server: cloudflare
cf-ray: 793b26f5693ad0cd-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type: image/png

GET
H3 401 tYNS2eoZYKBmZjA Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/793b26ee78eed0cd/1675427156674/d58c6a4f350f0b5d889e2f6c5a0e14732ae594f5b958b9bacaa344522bc3d672/ Frame EA97 1 B
646 B 33ms
33ms Fetch
text/plain 2606:4700::6812:7b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/793b26ee78eed0cd/1675427156674/d58c6a4f350f0b5d889e2f6c5a0e14732ae594f5b958b9bacaa344522bc3d672/tYNS2eoZYKBmZjA
Requested by: Host: login.ibetrust.org
URL: https://login.ibetrust.org/YxAjOnzW
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:7b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/eh4ax/0x4AAAAAAACDuMxh2AYkvvBh/auto/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 03 Feb 2023 12:25:57 GMT
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20g1YxqTzUPC12Ini9sWg4UcyrllPW5WLm6yqNEUivD1nIAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAovhnF-5AxQKgIE33Z8z8UZD-A3JonmaJ2WjtJw44wSJ4ZRDi8TOl3msgbzSTp4OjuB13Q81gVXHf-1jieosPnwwuobcictrtG8Q_VyFkxtLH3B8Dy7aLVCCXoGAZjUyFiUjMoh6Jchy_HyObEQSMgnCo5f2W_-428Cqbv8YMNsTrNjMA_uiiM5NkWmg-TVHHEQWJd6_nAAshIK1581vwBKEOmRYvbcoZMO502KNYZ0JaowHieqgCaudU5de9cuFT515icCkbBIIrRphgs-78P4ZenGTG0FtJ7zIC4PMbx96SQZ_aKI3D5v7ikfTNcXMsq5peQ1SEI3twSZJkWzKEtwIDAQAB, max-age=20
server: cloudflare
cf-ray: 793b26f5a9a2d0cd-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type: text/plain; charset=UTF-8

POST
H3 200 d808ebb5432c694 Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/0.014371898501537878:1675422962:1-RXepdM0gvV-1q1U4IyTmUi3zx2QIFsvlX2po2V-m0/793b26ee78eed0cd/ Frame EA97 11 KB
8 KB 69ms
66ms XHR
text/plain 2606:4700::6812:7b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/0.014371898501537878:1675422962:1-RXepdM0gvV-1q1U4IyTmUi3zx2QIFsvlX2po2V-m0/793b26ee78eed0cd/d808ebb5432c694
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=793b26ee78eed0cd
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:7b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 419d4a2f88377cf201799aeaed0519203309b36d33a06c21cc07fde03bcf8bee

Request headers

Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/eh4ax/0x4AAAAAAACDuMxh2AYkvvBh/auto/normal
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
CF-Challenge: d808ebb5432c694
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 03 Feb 2023 12:25:58 GMT
content-encoding: br
cf_chl_gen: spgE1/b/PhsMvPqjXiHG3/n+YA+k+gfzMEMhH+v5Eao=$Gw+b1Qfecjemm0s6CJC4GA==
server: cloudflare
cf-ray: 793b26f9eeaed0cd-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type: text/plain; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.socx.in/	1970-01-20 09:25:13	Name: conversion_key Value: 11954_
.ibetrust.org/	1970-01-20 09:23:50	Name: Iauo Value: c9378b74bad217fc4e44ae51aad8786031e661e393308a86c87287c97cdd6424
.challenges.cloudflare.com/	1970-01-20 09:23:48	Name: __cf_bm Value: 95GO1L5E_dxVo4HBaSUWQ7sb4zXb6XwBeL0QT2h0SzI-1675427156-0-AaRV3SdBD9/x2FzCqVZ00VDqCvJWgkVxRhdLyTP9ndZtxv9UpiNVdB9GF91MTvQOuCQWnWtbPcek4pZu4S9N76I=

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/793b26ee78eed0cd/1675427156674/d58c6a4f350f0b5d889e2f6c5a0e14732ae594f5b958b9bacaa344522bc3d672/tYNS2eoZYKBmZjA Message: Failed to load resource: the server responded with a status of 401 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

challenges.cloudflare.com
findicons.com
hcaptcha.com
images.freeimages.com
js.hcaptcha.com
login.ibetrust.org
newassets.hcaptcha.com
socx.in
104.16.169.131
18.66.147.81
20.43.132.131
2606:4700:3036::6815:a98
2606:4700::6812:7b9
65.9.66.59
2267d1822dbefc10c25e17d1fa4a6d9331e5a126e2483c5aff542d6107ebca36
228c84188d13eae81e0ded41bfaea08c1fd73d6638b4eff33cb4f36788c7cab8
2fd998c092179161c25bf613a38b76c8baf1df2b3e6740ee2cc224fe4b73de4d
419d4a2f88377cf201799aeaed0519203309b36d33a06c21cc07fde03bcf8bee
57cafa49fb677c3f09d6e90b051917d10e7bb54e83102a25f3d32b06e8fa59a7
5a8901ca29f2885b87aae70b2e5954f55504442258d90d4f7948b5fd3153c50a
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
8a86f1ab1f64d139417358039dbc0dacb37a19244e45c658d72b23cac52fa609
9370f4e9a55b9daf93917a2a7226a112bf6c2c372ed8df068ead17c3bad0603a
a6714e5fb8951d17fe337f2e403fe5812257e7bb9109c2db031047fb08e72282
b59a4f0c66e696603ad5267b5c183c40ec37815746d0286ac5c00f263b54a3f9
ca98653a6b637616af933a8a55ecd00ab5992bbbee92d59fcefa9ca74f5d1ae3
d139d2573907cdc9fd2d55ea3bde3c424612bfea470c6c04ddb220c575b58d45
d3faf3567b94316a54be5e63482b414a55f7b062269229fd050fdcf18310b63d
ebe6e7ccaf38419a5b06bdde353c102931ae9c7151a489bf74d65d160a22858e

login.ibetrust.org Open in urlscan Pro 2606:4700:3036::6815:a98 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

17 Requests

88 %HTTPS

33 %IPv6

6 Domains

8 Subdomains

5 IPs

3 Countries

805 kBTransfer

2189 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

17 JavaScript Global Variables

3 Cookies

2 Console Messages

Indicators

login.ibetrust.org Open in urlscan Pro
2606:4700:3036::6815:a98 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

88 %
HTTPS

33 %
IPv6

6
Domains

8
Subdomains

5
IPs

3
Countries

805 kB
Transfer

2189 kB
Size

3
Cookies

17 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!