vc.treasureinthesteam.com Open in urlscan Pro
80.85.156.244 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://itiguala.edu.mx/?wptouch_switch=mobile&redirect=https%3A%2F%2Fpub-01c661b84693404693feb38953c60633.r2.dev%2FfJfx...
Effective URL:
https://vc.treasureinthesteam.com/ln
Submission: On June 27 via manual (June 27th 2023, 2:56:38 pm UTC) from US — Scanned from DE

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 8 domains to perform 19 HTTP transactions. The main IP is 80.85.156.244, located in Moscow, Russian Federation and belongs to CHELYABINSK-SIGNAL-AS, RU. The main domain is vc.treasureinthesteam.com.
TLS certificate: Issued by R3 on June 22nd 2023. Valid for: 3 months.

This is the only time vc.treasureinthesteam.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2a02:4780:b:6... 2a02:4780:b:630:0:11b6:67f5:1	47583 (AS-HOSTINGER) (AS-HOSTINGER)
1 1	156.67.72.84 156.67.72.84	47583 (AS-HOSTINGER) (AS-HOSTINGER)
1	2606:4700::68... 2606:4700::6812:323	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	80.85.156.244 80.85.156.244	44493 (CHELYABIN...) (CHELYABINSK-SIGNAL-AS)
1 8	2606:4700::68... 2606:4700::6811:2b8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	104.16.169.131 104.16.169.131	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	13.225.78.99 13.225.78.99	16509 (AMAZON-02) (AMAZON-02)
1	108.138.17.39 108.138.17.39	16509 (AMAZON-02) (AMAZON-02)
19	6

1 2a02:4780:b:630:0:11b6:67f5:1 (Phoenix, United States) 1 redirects

ASN47583 (AS-HOSTINGER, CY)

itiguala.edu.mx	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 156.67.72.84 (Phoenix, United States) 1 redirects

ASN47583 (AS-HOSTINGER, CY)

www.iguala.tecnm.mx	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:323 (United States)

ASN13335 (CLOUDFLARENET, US)

pub-01c661b84693404693feb38953c60633.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 80.85.156.244 (Moscow, Russian Federation)

ASN44493 (CHELYABINSK-SIGNAL-AS, RU)
PTR: stspoint.com

vc.treasureinthesteam.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700::6811:2b8 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

challenges.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.16.169.131 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
newassets.hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.78.99 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-99.fra2.r.cloudfront.net

findicons.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.17.39 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-17-39.fra56.r.cloudfront.net

images.freeimages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	cloudflare.com 1 redirects challenges.cloudflare.com — Cisco Umbrella Rank: 5263	215 KB
6	hcaptcha.com js.hcaptcha.com — Cisco Umbrella Rank: 12782 newassets.hcaptcha.com — Cisco Umbrella Rank: 11224 hcaptcha.com — Cisco Umbrella Rank: 7586	265 KB
1	freeimages.com images.freeimages.com — Cisco Umbrella Rank: 267638	605 B
1	findicons.com 1 redirects findicons.com — Cisco Umbrella Rank: 488355	304 B
1	treasureinthesteam.com vc.treasureinthesteam.com	19 KB
1	r2.dev pub-01c661b84693404693feb38953c60633.r2.dev	447 B
1	tecnm.mx 1 redirects www.iguala.tecnm.mx	456 B
1	itiguala.edu.mx 1 redirects itiguala.edu.mx	353 B
19	8

	Domain	Requested by
8	challenges.cloudflare.com	1 redirects vc.treasureinthesteam.com challenges.cloudflare.com
4	newassets.hcaptcha.com	js.hcaptcha.com newassets.hcaptcha.com
1	hcaptcha.com	newassets.hcaptcha.com
1	images.freeimages.com	vc.treasureinthesteam.com
1	findicons.com	1 redirects
1	js.hcaptcha.com	vc.treasureinthesteam.com
1	vc.treasureinthesteam.com
1	pub-01c661b84693404693feb38953c60633.r2.dev
1	www.iguala.tecnm.mx	1 redirects
1	itiguala.edu.mx	1 redirects
19	10

This site contains no links.

Subject Issuer	Validity	Valid
*.r2.dev E1	`2023-06-15` - `2023-09-13`	3 months	crt.sh
treasureinthesteam.com R3	`2023-06-22` - `2023-09-20`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-15` - `2024-04-14`	a year	crt.sh
challenges.cloudflare.com Cloudflare Inc ECC CA-3	`2022-09-18` - `2023-09-17`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://vc.treasureinthesteam.com/ln
Frame ID: AA72C9AA23ABE0B237ECFC9C6D17D417
Requests: 5 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/0727cda/static/hcaptcha.html
Frame ID: E117298730553915427052B18447F705
Requests: 2 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/0727cda/static/hcaptcha.html
Frame ID: 657072931D11AAA17076DBE1B4AC44FA
Requests: 4 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/34027/0x4AAAAAAAGO5D-6tTPxWFyL/auto/normal
Frame ID: BA9B1FAB4CBC859490B449B45D2C8017
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Just a moment...

Page URL History Show full URLs

https://itiguala.edu.mx/?wptouch_switch=mobile&redirect=https%3A%2F%2Fpub-01c661b84693404693feb38953... HTTP 301
http://www.iguala.tecnm.mx/?wptouch_switch=mobile&redirect=https%3A%2F%2Fpub-01c661b84693404693feb38953... HTTP 302
https://pub-01c661b84693404693feb38953c60633.r2.dev/fJfxJdq.html Page URL
https://vc.treasureinthesteam.com/ln Page URL

Page Statistics

19
Requests

74 %
HTTPS

38 %
IPv6

8
Domains

10
Subdomains

6
IPs

3
Countries

501 kB
Transfer

1358 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://itiguala.edu.mx/?wptouch_switch=mobile&redirect=https%3A%2F%2Fpub-01c661b84693404693feb38953c60633.r2.dev%2FfJfxJdq.html HTTP 301
http://www.iguala.tecnm.mx/?wptouch_switch=mobile&redirect=https%3A%2F%2Fpub-01c661b84693404693feb38953c60633.r2.dev%2FfJfxJdq.html HTTP 302
https://pub-01c661b84693404693feb38953c60633.r2.dev/fJfxJdq.html Page URL
https://vc.treasureinthesteam.com/ln Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://itiguala.edu.mx/?wptouch_switch=mobile&redirect=https%3A%2F%2Fpub-01c661b84693404693feb38953c60633.r2.dev%2FfJfxJdq.html HTTP 301
http://www.iguala.tecnm.mx/?wptouch_switch=mobile&redirect=https%3A%2F%2Fpub-01c661b84693404693feb38953c60633.r2.dev%2FfJfxJdq.html HTTP 302
https://pub-01c661b84693404693feb38953c60633.r2.dev/fJfxJdq.html

Request Chain 1

https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP 302
https://challenges.cloudflare.com/turnstile/v0/g/19b997cb/api.js?onload=onloadTurnstileCallback

Request Chain 3

https://findicons.com/files/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png HTTP 301
https://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons

19 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

fJfxJdq.html Show response
pub-01c661b84693404693feb38953c60633.r2.dev/
Redirect Chain

https://itiguala.edu.mx/?wptouch_switch=mobile&redirect=https%3A%2F%2Fpub-01c661b84693404693feb38953c60633.r2.dev%2FfJfxJdq.html
http://www.iguala.tecnm.mx/?wptouch_switch=mobile&redirect=https%3A%2F%2Fpub-01c661b84693404693feb38953c60633.r2.dev%2FfJfxJdq.html
https://pub-01c661b84693404693feb38953c60633.r2.dev/fJfxJdq.html

81 B
447 B

504ms
430ms

Document
text/html

2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-01c661b84693404693feb38953c60633.r2.dev/fJfxJdq.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 01396ccce2b2e57ac6869c17720fc1234e70d05fbe03561d57d0fde68e6ed21b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

CF-RAY: 7dde8993eba1bb8c-FRA
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Tue, 27 Jun 2023 14:56:34 GMT
ETag: W/"53615a835f33de85fd1050df91433048"
Last-Modified: Fri, 23 Jun 2023 21:41:47 GMT
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding

Redirect headers

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: no-cache, no-store, must-revalidate, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 27 Jun 2023 14:56:33 GMT
expires: Tue, 04 Jul 2023 14:56:33 GMT
location: https://pub-01c661b84693404693feb38953c60633.r2.dev/fJfxJdq.html
platform: hostinger
server: LiteSpeed
x-powered-by: PHP/7.4.33

GET
H/1.1 200
OK Primary Request ln Show response
vc.treasureinthesteam.com/ 18 KB
19 KB 819ms
631ms Document
text/html 80.85.156.244
CHELYABINSK-SIGNA...

General

Check archive.org

Show headers Download Go to

Full URL

https://vc.treasureinthesteam.com/ln

Protocol

HTTP/1.1

Security

TLS 1.3, , CHACHA20_POLY1305

Server

80.85.156.244 Moscow, Russian Federation, ASN44493 (CHELYABINSK-SIGNAL-AS, RU),

Reverse DNS

stspoint.com

Software

Resource Hash

c97d9e53fa0079e95977a6bd683d771555c0295be1bbd808ea3eb1f5fa70d67e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Request headers

Referer: https://pub-01c661b84693404693feb38953c60633.r2.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: close
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-Type: text/html
Transfer-Encoding: chunked

GET
H2

200

api.js Show response
challenges.cloudflare.com/turnstile/v0/g/19b997cb/
Redirect Chain

https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
https://challenges.cloudflare.com/turnstile/v0/g/19b997cb/api.js?onload=onloadTurnstileCallback

19 KB
7 KB

27ms
25ms

Script
application/javascript

2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/g/19b997cb/api.js?onload=onloadTurnstileCallback
Requested by: Host: vc.treasureinthesteam.com
URL: https://vc.treasureinthesteam.com/ln
Protocol: H2
Server: 2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a7a5045877238b1271059b2175e224d73844f717d25ee6bb0bd4751d21490075

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vc.treasureinthesteam.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 14:56:35 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cf-ray: 7dde899cdad12c63-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Tue, 27 Jun 2023 14:56:35 GMT
server: cloudflare
vary: accept-encoding
location: /turnstile/v0/g/19b997cb/api.js?onload=onloadTurnstileCallback
access-control-allow-origin: *
cache-control: max-age=300, public
cf-ray: 7dde899cbaaa2c63-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 api.js Show response
js.hcaptcha.com/1/ 310 KB
88 KB 58ms
16ms Script
application/javascript 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hcaptcha.com/1/api.js

Requested by

Host: vc.treasureinthesteam.com
URL: https://vc.treasureinthesteam.com/ln

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

312cf92abd3e71b57bdfe34cb798a201f7d5d7764a19a737f5a0c8c61e27c884

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vc.treasureinthesteam.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 14:56:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 3a0e1d5f608bda83df3702e1cc449b6a.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
x-amz-version-id: nBiWpiS.9bsrULoDDttSwR_nnBW6broL
age: 0
x-amz-cf-pop: MXP64-C3
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 27 Jun 2023 14:13:58 GMT
server: cloudflare
etag: W/"bbf2a11bc61147c3ddc32d14a5545a8f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=120
cf-ray: 7dde899caf4c3835-FRA
x-amz-cf-id: I9hJiWOgnPWf4BbAc8hfQIKSonaXDnQ3uifjD8Bic2ttr6I1eLTtjg==

GET
H2

200

microsoft_new_logo_alt.png
images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/
Redirect Chain

https://findicons.com/files/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png
https://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons

254 B
605 B

43ms
7ms

Image
image/png

108.138.17.39
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons
Requested by: Host: vc.treasureinthesteam.com
URL: https://vc.treasureinthesteam.com/ln
Protocol: H2
Server: 108.138.17.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-17-39.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2267d1822dbefc10c25e17d1fa4a6d9331e5a126e2483c5aff542d6107ebca36

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vc.treasureinthesteam.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 15:49:06 GMT
via: 1.1 4b69099d64ffa1fbe8adbe1235065a14.cloudfront.net (CloudFront)
last-modified: Tue, 20 Dec 2022 05:17:19 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P7
age: 13993650
etag: "57ab754695eb0a2c74201ecd6948c12f"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 254
x-amz-cf-id: 2lGriK1qL3zKKHkRkQeD6trEIpnxmpgi9YXpUoR9UnuJuh_0Qv0Rsg==

Redirect headers

date: Tue, 16 May 2023 14:02:22 GMT
via: 1.1 04ce5a607a98db6d08257633417b84d6.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA2-C2
age: 3632053
x-cache: Hit from cloudfront
location: https://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons
content-length: 0
x-amz-cf-id: dz2BoEN_ev09boKk2Iv-ugrCHBnnDHfVQDusFL9gw6pgv9aAeacBnQ==

GET
H2 200 hcaptcha.html Show response
newassets.hcaptcha.com/captcha/v1/0727cda/static/ Frame E117 2 KB
998 B 30ms
15ms Document
text/html 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/0727cda/static/hcaptcha.html

Requested by

Host: js.hcaptcha.com
URL: https://js.hcaptcha.com/1/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d583950fcbb9e612150585b026340e82306a2a14b2e5c081c0f59ba797cf07c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://vc.treasureinthesteam.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
age: 226
alt-svc: h3=":443"; ma=86400
cache-control: max-age=1209600
cf-cache-status: HIT
cf-ray: 7dde899d382a3835-FRA
content-encoding: br
content-type: text/html
cross-origin-embedder-policy: credentialless
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 14:56:35 GMT
last-modified: Tue, 27 Jun 2023 14:13:58 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 946220429f157f0f0ada3caf7d8642cc.cloudfront.net (CloudFront)
x-amz-cf-id: DxvKGFj5ekEA93Nsl00uaC6eV5oVZeiza4ufDGYhX_vV2Fyo1iRRIg==
x-amz-cf-pop: MXP64-C3
x-amz-server-side-encryption: AES256
x-amz-version-id: Ol0.L9m0bLLrgKU7TSTROp5ZT3finUIt
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 hcaptcha.html Show response
newassets.hcaptcha.com/captcha/v1/0727cda/static/ Frame 6570 2 KB
819 B 25ms
16ms Document
text/html 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/0727cda/static/hcaptcha.html

Requested by

Host: js.hcaptcha.com
URL: https://js.hcaptcha.com/1/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d583950fcbb9e612150585b026340e82306a2a14b2e5c081c0f59ba797cf07c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://vc.treasureinthesteam.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
age: 226
alt-svc: h3=":443"; ma=86400
cache-control: max-age=1209600
cf-cache-status: HIT
cf-ray: 7dde899d382b3835-FRA
content-encoding: br
content-type: text/html
cross-origin-embedder-policy: credentialless
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 14:56:35 GMT
last-modified: Tue, 27 Jun 2023 14:13:58 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 946220429f157f0f0ada3caf7d8642cc.cloudfront.net (CloudFront)
x-amz-cf-id: DxvKGFj5ekEA93Nsl00uaC6eV5oVZeiza4ufDGYhX_vV2Fyo1iRRIg==
x-amz-cf-pop: MXP64-C3
x-amz-server-side-encryption: AES256
x-amz-version-id: Ol0.L9m0bLLrgKU7TSTROp5ZT3finUIt
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H3 200 normal Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/34027/0x4AAAAAAAGO5D-6tTPxWFyL/auto/ Frame BA9B 24 KB
8 KB 18ms
18ms Document
text/html 2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/34027/0x4AAAAAAAGO5D-6tTPxWFyL/auto/normal

Requested by

Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9959fa528c38b5637d1b605f7f267ab262ab3b0b58f5a696da0e7765a9323110

Security Headers

Name	Value
Content-Security-Policy	frame-src https://challenges.cloudflare.com/; base-uri 'self'

Request headers

Referer: https://vc.treasureinthesteam.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=0, must-revalidate
cf-ray: 7dde899d3e619250-FRA
content-encoding: br
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 14:56:35 GMT
document-policy: js-profiling
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare

GET
H3 200 v1 Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/ Frame BA9B 180 KB
63 KB 15ms
15ms Script
application/javascript 2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7dde899d3e619250
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/34027/0x4AAAAAAAGO5D-6tTPxWFyL/auto/normal
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7cf2d88e45fb0a05272d07336a566b46712432aae0609128e8c0582fbc533ff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/34027/0x4AAAAAAAGO5D-6tTPxWFyL/auto/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 14:56:35 GMT
cache-control: max-age=0, must-revalidate
content-encoding: br
server: cloudflare
cf-ray: 7dde899daeda9250-FRA
alt-svc: h3=":443"; ma=86400
content-type: application/javascript; charset=UTF-8

GET
H2 200 hcaptcha.js Show response
newassets.hcaptcha.com/captcha/v1/0727cda/ Frame E117 310 KB
87 KB 15ms
14ms Script
application/javascript 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/0727cda/hcaptcha.js

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/0727cda/static/hcaptcha.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

312cf92abd3e71b57bdfe34cb798a201f7d5d7764a19a737f5a0c8c61e27c884

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://newassets.hcaptcha.com/captcha/v1/0727cda/static/hcaptcha.html
Origin: https://newassets.hcaptcha.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 14:56:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 3a0e1d5f608bda83df3702e1cc449b6a.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
x-amz-version-id: nBiWpiS.9bsrULoDDttSwR_nnBW6broL
age: 256
x-amz-cf-pop: MXP64-C3
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 27 Jun 2023 14:13:58 GMT
server: cloudflare
etag: W/"bbf2a11bc61147c3ddc32d14a5545a8f"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1209600
cf-ray: 7dde899da8e13835-FRA
x-amz-cf-id: I9hJiWOgnPWf4BbAc8hfQIKSonaXDnQ3uifjD8Bic2ttr6I1eLTtjg==

GET
H2 200 hcaptcha.js Show response
newassets.hcaptcha.com/captcha/v1/0727cda/ Frame 6570 310 KB
87 KB 21ms
21ms Script
application/javascript 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/0727cda/hcaptcha.js

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/0727cda/static/hcaptcha.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

312cf92abd3e71b57bdfe34cb798a201f7d5d7764a19a737f5a0c8c61e27c884

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://newassets.hcaptcha.com/captcha/v1/0727cda/static/hcaptcha.html
Origin: https://newassets.hcaptcha.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 14:56:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 3a0e1d5f608bda83df3702e1cc449b6a.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
x-amz-version-id: nBiWpiS.9bsrULoDDttSwR_nnBW6broL
age: 256
x-amz-cf-pop: MXP64-C3
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 27 Jun 2023 14:13:58 GMT
server: cloudflare
etag: W/"bbf2a11bc61147c3ddc32d14a5545a8f"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1209600
cf-ray: 7dde899da8e43835-FRA
x-amz-cf-id: I9hJiWOgnPWf4BbAc8hfQIKSonaXDnQ3uifjD8Bic2ttr6I1eLTtjg==

GET
DATA 200
OK truncated
/ Frame 6570 798 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 57cafa49fb677c3f09d6e90b051917d10e7bb54e83102a25f3d32b06e8fa59a7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 checksiteconfig Show response
hcaptcha.com/ Frame 6570 853 B
1017 B 58ms
43ms XHR
application/json 104.16.169.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hcaptcha.com/checksiteconfig?v=0727cda&host=vc.treasureinthesteam.com&sitekey=234adb2f-52ba-4697-82fa-abecbb14b173&sc=1&swa=1&spst=0

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/0727cda/hcaptcha.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

13cd662c19756586676cce722e4b4bebda058ca1edfdbcf55b5dfeb604c25a51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://newassets.hcaptcha.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 27 Jun 2023 14:56:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://newassets.hcaptcha.com
access-control-allow-credentials: true
cf-ray: 7dde899e49e03835-FRA
access-control-allow-headers: Cache-Control, Content-Type, DNT, Referer, User-Agent, challenge-bypass-token, cf-chl-bypass, challenge-bypass-token, challenge-bypass-host, challenge-bypass-path
cf-chl-bypass: 2
alt-svc: h3=":443"; ma=86400

GET
BLOB 200
OK bb2cd1ee-1beb-4287-8582-ef9eff46b19a
https://challenges.cloudflare.com/ Frame BA9B 0
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://challenges.cloudflare.com/bb2cd1ee-1beb-4287-8582-ef9eff46b19a
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/34027/0x4AAAAAAAGO5D-6tTPxWFyL/auto/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Length: 0
Content-Type: text/javascript

POST
H3 200 89681826c1876f0 Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/484074738:1687874938:GRSdjyWSS8ORm6bZUWKjLmYptsBpkLsastrq60C--Is/7dde899d3e619250/ Frame BA9B 181 KB
136 KB 140ms
140ms XHR
text/plain 2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/484074738:1687874938:GRSdjyWSS8ORm6bZUWKjLmYptsBpkLsastrq60C--Is/7dde899d3e619250/89681826c1876f0
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7dde899d3e619250
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c859ba2104de2ee6108c1fc4ee39d1af69f1041c245f136edcf72aa0bc360d54

Request headers

Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/34027/0x4AAAAAAAGO5D-6tTPxWFyL/auto/normal
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
CF-Challenge: 89681826c1876f0
Content-type: application/x-www-form-urlencoded

Response headers

cf-chl-gen: N7KFnuUr4GJw6kee7zFdF1vFidySZVCJRfZreRy5gBkDOazsFder6kZ34kdn3b/OdMar2dPnYXO6pREuDxkAmpC9oNRozb/TiBjvVyzWF4eMQ+tWVv+TcwJnolQbJg9GygMzyUTCFS+7lw8lQJVYJI8tyuL+QzUKN9DYXLB16bzftmBSuHRSMYk+FAWWgzu1Xa+qnzYDUeE/WBQlzbHefueZZykfR134k9NgOb9lvVyD0FdYM7Scqxs/K/9IbL90WY09498y83O4ABc/MCRt2RzzW+J4ZzCHFL2UqaMIKM+uaFPNrSWvd+LIhlnLWoICstBrmzWPGKMhKduWAOrGkqNwXLRqozwSd6EF09YRRtXRU6Gh41qVPd2/nEYerb93K+FIUaHiBQenxMO6UDRxxtKVMQM4qrgtDv9Cj2kdWVjr463qh7vUxumraYQ5cYVY97hgFGV/A0wku0QI3KJ89Y25rDZpFGHIpmjDO02iOHSPQbMUVblF5UwnSeKNFe/Rn/2XvwfeoOZ6A53yJ2RywuKcDHlSOFssM5qUoC1NBkI=$kIooiM3t7ntOF646U45PDg==
date: Tue, 27 Jun 2023 14:56:35 GMT
content-encoding: br
server: cloudflare
cf-ray: 7dde899eeff79250-FRA
alt-svc: h3=":443"; ma=86400
content-type: text/plain; charset=UTF-8

GET
BLOB 200
OK d4457425-690e-4987-a8c9-4ff723905729
https://challenges.cloudflare.com/ Frame BA9B 99 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://challenges.cloudflare.com/d4457425-690e-4987-a8c9-4ff723905729
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8da6995557d29a73fe50e281b1e09e241f0893b6b41ecf27702ba4f5c25c0194

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/34027/0x4AAAAAAAGO5D-6tTPxWFyL/auto/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Length: 99
Content-Type: text/javascript

GET
H3 401 YnHU0XnlPrYq-dH Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/7dde899d3e619250/1687877795684/e956b06561cd20e904703c3539b961c459ade45a54f2b6264205c7a04ae727d8/ Frame BA9B 1 B
630 B 18ms
17ms Fetch
text/plain 2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/7dde899d3e619250/1687877795684/e956b06561cd20e904703c3539b961c459ade45a54f2b6264205c7a04ae727d8/YnHU0XnlPrYq-dH
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7dde899d3e619250
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/34027/0x4AAAAAAAGO5D-6tTPxWFyL/auto/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 14:56:37 GMT
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20g6VawZWHNIOkEcDw1OblhxFmt5FpU8rYmQgXHoErnJ9gAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAnJgGHXFgEEqq8yaRnYgQn1gT46uaFki3UUDjfp_VlgM4ql0jpjYyONf6FEHnvmresTEQj8ggUgOjwmVAYNUINe0ryVKYPPqHIQsLwFCx4Go6aX3SrDbGOL2nLpuHxRKdCnYZnNq34CWddkTwdC6bTBKIH0yiTJ9_LOxToByUeOIZOdSpG12LqdoZLIg6OmQerEqEl0wKgnCV4gy46nXHSnzf4xLci3n9NFoB_8x7eB7V5dfzS1h-FuZvLQOr2UqC5OT1Bt-gU_Hg0737bFk2zhcl6S9pQG1FtcHfZayW9mAHph43hRWcayf5lFab6SsMaWiEPQ4t87FVE61plQoVkQIDAQAB, max-age=20
server: cloudflare
cf-ray: 7dde89abdc219250-FRA
alt-svc: h3=":443"; ma=86400
content-type: text/plain; charset=UTF-8

GET
BLOB 200
OK 911d46c1-1970-412b-a108-37cc6b9b8dad
https://challenges.cloudflare.com/ Frame BA9B 656 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://challenges.cloudflare.com/911d46c1-1970-412b-a108-37cc6b9b8dad
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e41277bd48cc271455c85a90d1458c60265604cb04fcd58fc06436741d3d8c7c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/34027/0x4AAAAAAAGO5D-6tTPxWFyL/auto/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Length: 656
Content-Type: text/javascript

GET
H3 200 am8Jurketn_99o4
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7dde899d3e619250/1687877795685/ Frame BA9B 61 B
148 B 14ms
14ms Image
image/png 2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7dde899d3e619250/1687877795685/am8Jurketn_99o4
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7581fbd60e52f9cd205533d76611f39ccdb7b220ee694fb5e72ce92540f2ee01

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/34027/0x4AAAAAAAGO5D-6tTPxWFyL/auto/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 14:56:37 GMT
server: cloudflare
cf-ray: 7dde89ac3c659250-FRA
alt-svc: h3=":443"; ma=86400
content-type: image/png

POST
H3 200 89681826c1876f0 Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/484074738:1687874938:GRSdjyWSS8ORm6bZUWKjLmYptsBpkLsastrq60C--Is/7dde899d3e619250/ Frame BA9B 928 B
1 KB 38ms
36ms XHR
text/html 2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/484074738:1687874938:GRSdjyWSS8ORm6bZUWKjLmYptsBpkLsastrq60C--Is/7dde899d3e619250/89681826c1876f0
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7dde899d3e619250
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cbce2d0bf37c9f915fa6a0b30a82ef347b1d9ec62c4e3500871a30f99aad9f61

Request headers

Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/34027/0x4AAAAAAAGO5D-6tTPxWFyL/auto/normal
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
CF-Challenge: 89681826c1876f0
Content-type: application/x-www-form-urlencoded

Response headers

cf-chl-out: Pyi+a72EtOAVdsIyUzlGyLFFhJpTudlv1t6zoqRUBTO2x8LPA6V7VUSqgT1u7tIrskwWM1DqtBIPjjiOOSTSnOCvqRj2VMh2L5cdJNqybsM=$1NBXE5Dc5tJ5pch68U+1mg==
cf-chl-out-s: zAMVQf259RfotEn5R1CfM/cZTGsDkkZ3WxOp6HYhgQz4wrpDAWwUYGaXX/8wcScm/bBT+DAcK+7xeW+Dxrid/nBQUCPIMu4LAbNUvdf6zuT+vwxFIoQwUy4YkOcFRkwXG+te8acMJSl4IauVq16aROYGiVKDOppvJfuMwlU6/8nPnCzco0t65oCt5Mrct2TQpQv2GpOuz2QivSV9ouuoL1BVzbrNw/0v3UEntnsU61po89gSrfh3jzZrTF92iLs8R3dZ0wTRC1Z3L3i1VPX/xthmehiWQjiSj+slPIbHucMdWboetSNMaUgTWV+u/EWm9HHvMk5sF8yYb2ZNxje0qeRruLfMg/P+cW7E+xdGOP6QJAZy2W1TQlnBA6/YlZYkTrAXhsz1HBxkzvSEaXCkonxKAI904fAZ8QGkmexmZpXGDfEGTZtr8pqKTaRzgQvdsnvphM8S4XPCz7+XkdbjHJ5zoqRm1PsL2X7bkCUCSQBdVqybqkaDgsDbxAhNLoN+GjJVbTUvl3QKIA1J2ZyAsivrVqXSBrPolN3olPz6jdg=$vHI1brcXLF/NekbfXycPFQ==
date: Tue, 27 Jun 2023 14:56:37 GMT
content-encoding: br
server: cloudflare
content-type: text/html; charset=UTF-8
cf-ray: 7dde89acecfb9250-FRA
alt-svc: h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.iguala.tecnm.mx/	1969-12-31 23:59:59	Name: wptouch-pro-view Value: mobile
			.treasureinthesteam.com/	1970-01-20 12:51:21	Name: EVILGINX2 Value: 30ff60d98606bcb2173d2d912b340c9203286690d2842aa74eb00e7034e35efe

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/7dde899d3e619250/1687877795684/e956b06561cd20e904703c3539b961c459ade45a54f2b6264205c7a04ae727d8/YnHU0XnlPrYq-dH Message: Failed to load resource: the server responded with a status of 401 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

challenges.cloudflare.com
findicons.com
hcaptcha.com
images.freeimages.com
itiguala.edu.mx
js.hcaptcha.com
newassets.hcaptcha.com
pub-01c661b84693404693feb38953c60633.r2.dev
vc.treasureinthesteam.com
www.iguala.tecnm.mx
104.16.169.131
108.138.17.39
13.225.78.99
156.67.72.84
2606:4700::6811:2b8
2606:4700::6812:323
2a02:4780:b:630:0:11b6:67f5:1
80.85.156.244
01396ccce2b2e57ac6869c17720fc1234e70d05fbe03561d57d0fde68e6ed21b
13cd662c19756586676cce722e4b4bebda058ca1edfdbcf55b5dfeb604c25a51
2267d1822dbefc10c25e17d1fa4a6d9331e5a126e2483c5aff542d6107ebca36
312cf92abd3e71b57bdfe34cb798a201f7d5d7764a19a737f5a0c8c61e27c884
57cafa49fb677c3f09d6e90b051917d10e7bb54e83102a25f3d32b06e8fa59a7
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
7581fbd60e52f9cd205533d76611f39ccdb7b220ee694fb5e72ce92540f2ee01
8d583950fcbb9e612150585b026340e82306a2a14b2e5c081c0f59ba797cf07c
8da6995557d29a73fe50e281b1e09e241f0893b6b41ecf27702ba4f5c25c0194
9959fa528c38b5637d1b605f7f267ab262ab3b0b58f5a696da0e7765a9323110
a7a5045877238b1271059b2175e224d73844f717d25ee6bb0bd4751d21490075
c859ba2104de2ee6108c1fc4ee39d1af69f1041c245f136edcf72aa0bc360d54
c97d9e53fa0079e95977a6bd683d771555c0295be1bbd808ea3eb1f5fa70d67e
cbce2d0bf37c9f915fa6a0b30a82ef347b1d9ec62c4e3500871a30f99aad9f61
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41277bd48cc271455c85a90d1458c60265604cb04fcd58fc06436741d3d8c7c
f7cf2d88e45fb0a05272d07336a566b46712432aae0609128e8c0582fbc533ff

vc.treasureinthesteam.com Open in urlscan Pro 80.85.156.244 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

19 Requests

74 %HTTPS

38 %IPv6

8 Domains

10 Subdomains

6 IPs

3 Countries

501 kBTransfer

1358 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

18 JavaScript Global Variables

2 Cookies

2 Console Messages

Indicators

vc.treasureinthesteam.com Open in urlscan Pro
80.85.156.244 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

74 %
HTTPS

38 %
IPv6

8
Domains

10
Subdomains

6
IPs

3
Countries

501 kB
Transfer

1358 kB
Size

2
Cookies

19 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!