login.commonoauth.cam Open in urlscan Pro
20.106.64.129  Malicious Activity! Public Scan

Submitted URL: https://mygovato-au.web.app/
Effective URL: https://login.commonoauth.cam/VqoPNeoA
Submission: On January 17 via automatic, source phishtank — Scanned from AU

Summary

This website contacted 7 IPs in 3 countries across 7 domains to perform 19 HTTP transactions. The main IP is 20.106.64.129, located in Phoenix, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is login.commonoauth.cam.
TLS certificate: Issued by R3 on December 30th 2022. Valid for: 3 months.
This is the only time login.commonoauth.cam was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 199.36.158.100 54113 (FASTLY)
1 149.154.167.220 62041 (TELEGRAM)
1 20.106.64.129 8075 (MICROSOFT...)
1 8 104.18.7.185 13335 (CLOUDFLAR...)
8 104.16.169.131 13335 (CLOUDFLAR...)
1 1 13.35.8.50 16509 (AMAZON-02)
1 13.33.88.126 16509 (AMAZON-02)
19 7
Apex Domain
Subdomains
Transfer
8 hcaptcha.com
js.hcaptcha.com — Cisco Umbrella Rank: 14004
newassets.hcaptcha.com — Cisco Umbrella Rank: 11100
hcaptcha.com — Cisco Umbrella Rank: 4768
721 KB
8 cloudflare.com
challenges.cloudflare.com — Cisco Umbrella Rank: 14323
93 KB
1 freeimages.com
images.freeimages.com — Cisco Umbrella Rank: 162589
603 B
1 findicons.com
findicons.com — Cisco Umbrella Rank: 254450
305 B
1 commonoauth.cam
login.commonoauth.cam
21 KB
1 telegram.org
api.telegram.org — Cisco Umbrella Rank: 46367
617 B
1 web.app
mygovato-au.web.app
1 KB
19 7
Domain Requested by
8 challenges.cloudflare.com 1 redirects login.commonoauth.cam
challenges.cloudflare.com
mygovato-au.web.app
6 newassets.hcaptcha.com js.hcaptcha.com
newassets.hcaptcha.com
1 hcaptcha.com newassets.hcaptcha.com
1 images.freeimages.com login.commonoauth.cam
1 findicons.com 1 redirects
1 js.hcaptcha.com login.commonoauth.cam
1 login.commonoauth.cam mygovato-au.web.app
1 api.telegram.org mygovato-au.web.app
1 mygovato-au.web.app
19 9

This site contains no links.

Subject Issuer Validity Valid
web.app
GTS CA 1D4
2022-12-19 -
2023-03-19
3 months crt.sh
api.telegram.org
Go Daddy Secure Certificate Authority - G2
2022-03-24 -
2023-04-25
a year crt.sh
login.commonoauth.cam
R3
2022-12-30 -
2023-03-30
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-05-15 -
2023-05-15
a year crt.sh
challenges.cloudflare.com
Cloudflare Inc ECC CA-3
2022-09-18 -
2023-09-17
a year crt.sh

This page contains 4 frames:

Primary Page: https://login.commonoauth.cam/VqoPNeoA
Frame ID: B8128D0E81C2AE9FC9D8EC18CEE81615
Requests: 6 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/y0az9/0x4AAAAAAABxRnGwZKt04b6v/auto/normal
Frame ID: E82CD0455910B7F42159328C3DD325DC
Requests: 6 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.html
Frame ID: 74F048BF403CBEF2D26CC12BEE7AD116
Requests: 4 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.html
Frame ID: CDB89CF1DAE80D0D760F7FC271314CBB
Requests: 4 HTTP requests in this frame

Screenshot

Page Title

Just a moment...

Page URL History Show full URLs

  1. https://mygovato-au.web.app/ Page URL
  2. https://login.commonoauth.cam/VqoPNeoA Page URL

Page Statistics

19
Requests

89 %
HTTPS

0 %
IPv6

7
Domains

9
Subdomains

7
IPs

3
Countries

837 kB
Transfer

2162 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://mygovato-au.web.app/ Page URL
  2. https://login.commonoauth.cam/VqoPNeoA Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP 302
  • https://challenges.cloudflare.com/turnstile/v0/g/97d2c448/api.js?onload=onloadTurnstileCallback
Request Chain 4
  • https://findicons.com/files/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png HTTP 301
  • https://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons

19 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
mygovato-au.web.app/
3 KB
1 KB
Document
General
Full URL
https://mygovato-au.web.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
64d386ca7a57f595a460db10aba1e1403ab56ad93dea85daff353247a5a148e2
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=3600
content-encoding
br
content-length
940
content-type
text/html; charset=utf-8
date
Tue, 17 Jan 2023 21:14:34 GMT
etag
"0f48120dcd35aa47c78f377d08b8489f50992d7233cfa7f0f0cb4c9f676598a0-br"
last-modified
Mon, 16 Jan 2023 23:22:58 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
x-cache-hits
1
x-served-by
cache-fty21329-FTY
x-timer
S1673990074.083887,VS0,VE1
getUpdates
api.telegram.org/bot5962973110:AAEm2LlMLabtGdFUHYS5OZ9KZaX99EwmTpM/
370 B
617 B
Fetch
General
Full URL
https://api.telegram.org/bot5962973110:AAEm2LlMLabtGdFUHYS5OZ9KZaX99EwmTpM/getUpdates?limit=1&offset=-1
Requested by
Host: mygovato-au.web.app
URL: https://mygovato-au.web.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.154.167.220 London, United Kingdom, ASN62041 (TELEGRAM, VG),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://mygovato-au.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 17 Jan 2023 21:14:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
server
nginx/1.18.0
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Type,Date,Server,Connection
content-length
370
Primary Request VqoPNeoA
login.commonoauth.cam/
21 KB
21 KB
Document
General
Full URL
https://login.commonoauth.cam/VqoPNeoA
Requested by
Host: mygovato-au.web.app
URL: https://mygovato-au.web.app/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
20.106.64.129 Phoenix, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
7d8b5a076abf73d79bf908bdc5f900bcbc4e64607e7804524adfd7fa57d4d544

Request headers

Referer
https://mygovato-au.web.app/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

Connection
close
Content-Type
text/html
Transfer-Encoding
chunked
api.js
challenges.cloudflare.com/turnstile/v0/g/97d2c448/
Redirect Chain
  • https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
  • https://challenges.cloudflare.com/turnstile/v0/g/97d2c448/api.js?onload=onloadTurnstileCallback
11 KB
4 KB
Script
General
Full URL
https://challenges.cloudflare.com/turnstile/v0/g/97d2c448/api.js?onload=onloadTurnstileCallback
Requested by
Host: login.commonoauth.cam
URL: https://login.commonoauth.cam/VqoPNeoA
Protocol
H2
Server
104.18.7.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1a687b2ed20a53ba5e9c3a58e56bef166bc4457cba16ec566885e910c549321

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://login.commonoauth.cam/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 17 Jan 2023 21:14:36 GMT
content-encoding
br
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000
cf-ray
78b219fa5ea629a2-MEL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location
/turnstile/v0/g/97d2c448/api.js?onload=onloadTurnstileCallback
date
Tue, 17 Jan 2023 21:14:36 GMT
cache-control
max-age=300, public
server
cloudflare
cf-ray
78b219f9be2a29a2-MEL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
vary
accept-encoding
api.js
js.hcaptcha.com/1/
284 KB
80 KB
Script
General
Full URL
https://js.hcaptcha.com/1/api.js
Requested by
Host: login.commonoauth.cam
URL: https://login.commonoauth.cam/VqoPNeoA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ad6ae536ba6962f01e5ef77d5daadf8e73f80847fb50c1ab5d95a14e5d34c10
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://login.commonoauth.cam/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 17 Jan 2023 21:14:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 81eb001c8f604c1552b1d28113e22e8e.cloudfront.net (CloudFront)
cf-cache-status
HIT
content-encoding
gzip
x-content-type-options
nosniff
age
0
x-amz-cf-pop
MEL50-C1
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 27 Dec 2022 13:52:50 GMT
server
cloudflare
etag
W/"6f882143f7e3a0802a1c7633f8b11933"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=120
cf-ray
78b219f9bfd75a67-MEL
x-amz-cf-id
-zkmeF633nYwGuVv-Fw_OpqERj6IcOqEG0fn4G8RAGS3xM3rQEfHSQ==
microsoft_new_logo_alt.png
images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/
Redirect Chain
  • https://findicons.com/files/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png
  • https://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons
254 B
603 B
Image
General
Full URL
https://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons
Requested by
Host: login.commonoauth.cam
URL: https://login.commonoauth.cam/VqoPNeoA
Protocol
H2
Server
13.33.88.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-88-126.sin2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2267d1822dbefc10c25e17d1fa4a6d9331e5a126e2483c5aff542d6107ebca36

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://login.commonoauth.cam/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 17 Jan 2023 15:00:27 GMT
via
1.1 2a08551383b826c5272c6d3873169312.cloudfront.net (CloudFront)
last-modified
Tue, 20 Dec 2022 05:17:19 GMT
server
AmazonS3
x-amz-cf-pop
SIN2-P2
age
22451
etag
"57ab754695eb0a2c74201ecd6948c12f"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
content-length
254
x-amz-cf-id
EVJHRU2A_97_srJNVliMTknAgPgT92JzB9jQQ6oLIHBkGil3mS4ZHA==

Redirect headers

date
Mon, 16 Jan 2023 16:02:36 GMT
via
1.1 dc82e67c3cbbf5963a8de3bcf19baccc.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
SIN5-C1
age
105120
x-cache
Hit from cloudfront
location
https://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons
content-length
0
x-amz-cf-id
TtBGnG99bMIF4yGZujQpfgBUWOGY75Khvd60dUYvyDGLrmrqJKnFDQ==
normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/y0az9/0x4AAAAAAABxRnGwZKt04b6v/auto/ Frame E82C
19 KB
7 KB
Document
General
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/y0az9/0x4AAAAAAABxRnGwZKt04b6v/auto/normal
Requested by
Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.7.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e94e0cf210461b9e9e6f324f4b9e3b70ad61848f85a9859ade62d8c6ba9762b3

Request headers

Referer
https://login.commonoauth.cam/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=0, must-revalidate
cf-ray
78b219fb09203772-MEL
content-encoding
br
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
cross-origin
date
Tue, 17 Jan 2023 21:14:36 GMT
permissions-policy
accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy
same-origin
server
cloudflare
hcaptcha.html
newassets.hcaptcha.com/captcha/v1/48ebaaf/static/ Frame 74F0
2 KB
1 KB
Document
General
Full URL
https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.html
Requested by
Host: js.hcaptcha.com
URL: https://js.hcaptcha.com/1/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e0da66f57636c3f2497d598db5c163cdd1450affc8fcf3be9d9095a4d629a2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://login.commonoauth.cam/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

access-control-allow-origin
*
age
634921
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=1209600
cf-cache-status
HIT
cf-ray
78b219fb49265a67-MEL
content-encoding
gzip
content-type
text/html
date
Tue, 17 Jan 2023 21:14:36 GMT
last-modified
Tue, 27 Dec 2022 13:52:50 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 9c269b27f2f2f1cf998e691405f9c020.cloudfront.net (CloudFront)
x-amz-cf-id
0qRqAnDmfDZxaU98PpoxX6dgWREgyw-yfH95QHBkI7sRwS3lxHXpwg==
x-amz-cf-pop
MEL50-C1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
hcaptcha.html
newassets.hcaptcha.com/captcha/v1/48ebaaf/static/ Frame CDB8
2 KB
894 B
Document
General
Full URL
https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.html
Requested by
Host: js.hcaptcha.com
URL: https://js.hcaptcha.com/1/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e0da66f57636c3f2497d598db5c163cdd1450affc8fcf3be9d9095a4d629a2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://login.commonoauth.cam/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

access-control-allow-origin
*
age
634921
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=1209600
cf-cache-status
HIT
cf-ray
78b219fb492c5a67-MEL
content-encoding
gzip
content-type
text/html
date
Tue, 17 Jan 2023 21:14:36 GMT
last-modified
Tue, 27 Dec 2022 13:52:50 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 9c269b27f2f2f1cf998e691405f9c020.cloudfront.net (CloudFront)
x-amz-cf-id
0qRqAnDmfDZxaU98PpoxX6dgWREgyw-yfH95QHBkI7sRwS3lxHXpwg==
x-amz-cf-pop
MEL50-C1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
v1
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/ Frame E82C
53 KB
23 KB
Script
General
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=78b219fb09203772
Requested by
Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/y0az9/0x4AAAAAAABxRnGwZKt04b6v/auto/normal
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.7.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7df6308b2cdb6dc626e16a0a0fffb758d97482236f69d56a0532ac89d4b06285

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/y0az9/0x4AAAAAAABxRnGwZKt04b6v/auto/normal
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 17 Jan 2023 21:14:36 GMT
cache-control
max-age=0, must-revalidate
content-encoding
br
server
cloudflare
cf-ray
78b219fbc9c43772-MEL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type
application/javascript; charset=UTF-8
hcaptcha.js
newassets.hcaptcha.com/captcha/v1/48ebaaf/ Frame 74F0
284 KB
80 KB
Script
General
Full URL
https://newassets.hcaptcha.com/captcha/v1/48ebaaf/hcaptcha.js
Requested by
Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ad6ae536ba6962f01e5ef77d5daadf8e73f80847fb50c1ab5d95a14e5d34c10
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.html
Origin
https://newassets.hcaptcha.com
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 17 Jan 2023 21:14:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 9405320fa0fe8b07332cedbf813919a2.cloudfront.net (CloudFront)
cf-cache-status
HIT
content-encoding
gzip
x-content-type-options
nosniff
age
169164
x-amz-cf-pop
MEL50-C1
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 27 Dec 2022 13:52:50 GMT
server
cloudflare
etag
W/"6f882143f7e3a0802a1c7633f8b11933"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=1209600
cf-ray
78b219fbf9c55a67-MEL
x-amz-cf-id
gnS81VpNEBjcIcdxkm8MsbAKmPmBgGvjZ44nvgXa5V7yhTjf19kYdA==
hcaptcha.js
newassets.hcaptcha.com/captcha/v1/48ebaaf/ Frame CDB8
284 KB
80 KB
Script
General
Full URL
https://newassets.hcaptcha.com/captcha/v1/48ebaaf/hcaptcha.js
Requested by
Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ad6ae536ba6962f01e5ef77d5daadf8e73f80847fb50c1ab5d95a14e5d34c10
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.html
Origin
https://newassets.hcaptcha.com
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 17 Jan 2023 21:14:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 9405320fa0fe8b07332cedbf813919a2.cloudfront.net (CloudFront)
cf-cache-status
HIT
content-encoding
gzip
x-content-type-options
nosniff
age
169164
x-amz-cf-pop
MEL50-C1
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 27 Dec 2022 13:52:50 GMT
server
cloudflare
etag
W/"6f882143f7e3a0802a1c7633f8b11933"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=1209600
cf-ray
78b219fbf9c65a67-MEL
x-amz-cf-id
gnS81VpNEBjcIcdxkm8MsbAKmPmBgGvjZ44nvgXa5V7yhTjf19kYdA==
truncated
/ Frame CDB8
798 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
57cafa49fb677c3f09d6e90b051917d10e7bb54e83102a25f3d32b06e8fa59a7

Request headers

accept-language
en-AU,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/png
checksiteconfig
hcaptcha.com/ Frame CDB8
554 B
842 B
XHR
General
Full URL
https://hcaptcha.com/checksiteconfig?v=48ebaaf&host=login.commonoauth.cam&sitekey=234adb2f-52ba-4697-82fa-abecbb14b173&sc=1&swa=1
Requested by
Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/48ebaaf/hcaptcha.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3fc16179d5fc0a236b42fc06f57ce0378fbebfb645041ab1fdbdd02b41a916fa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
application/json
Referer
https://newassets.hcaptcha.com/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 17 Jan 2023 21:14:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-encoding
gzip
server
cloudflare
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, HEAD, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://newassets.hcaptcha.com
access-control-allow-credentials
true
cf-ray
78b219fd7b3d5a67-MEL
access-control-allow-headers
Cache-Control, Content-Type, DNT, Referer, User-Agent, challenge-bypass-token, cf-chl-bypass, challenge-bypass-token, challenge-bypass-host, challenge-bypass-path
cf-chl-bypass
2
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
a38e006def07b63
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/0.7184496188534504:1673986006:EoqY9Ts4MHRbScB1BEJNnz0c3LoOT7g0L6cH8Jq-Iz8/78b219fb09203772/ Frame E82C
121 KB
57 KB
XHR
General
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/0.7184496188534504:1673986006:EoqY9Ts4MHRbScB1BEJNnz0c3LoOT7g0L6cH8Jq-Iz8/78b219fb09203772/a38e006def07b63
Requested by
Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=78b219fb09203772
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.7.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
311d736c6230c0fdd100d0cb11354f5514d68aef476ea9aac498a0335fa6eeff

Request headers

Referer
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/y0az9/0x4AAAAAAABxRnGwZKt04b6v/auto/normal
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
CF-Challenge
a38e006def07b63
Content-type
application/x-www-form-urlencoded

Response headers

date
Tue, 17 Jan 2023 21:14:37 GMT
content-encoding
br
cf_chl_gen
fB0cQvBdM1Hjkj5D//+zMXjkIX77qWzPyZS2RQYJkCgAXb0OK9Jkf5LNrwV7EIzdSeKJGuORFJnyGSS7TbsGdL1lDpBTCNdiimfLhRCk+fU17pr3hcEIkarVy0e8ap1B9mH/7A8XFsjcWgO/iPkr7tFo7eXFQugtXOCJAhhLxNa96avOQDtyHYEH34uleA7U0Yr6s1MYf4nojoJ7h96noDJBqcokWPsahIc05cgaz2nXZC/1E8NvpsAq8+qrggjSBx+q2/EZ+Uwj9G7ULV+qY/LeBIJxpzfN3LEJ4+El/FLzCSzmYMKHV3kCeRz6ZDBQQS/5DwIpJxEigFINi/xGA2xoAFooppxud/scSKMbj20=$JwwKMCV1k8NBkdWINaBMtw==
server
cloudflare
cf-ray
78b219fdbbe23772-MEL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type
text/plain; charset=UTF-8
hsw.js
newassets.hcaptcha.com/c/b1686a2/ Frame 74F0
957 KB
359 KB
Script
General
Full URL
https://newassets.hcaptcha.com/c/b1686a2/hsw.js
Requested by
Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/48ebaaf/hcaptcha.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c49a6c383b42b973c33d43316fa2cb5109edda97b2f2533881e8d353990949a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 17 Jan 2023 21:14:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 48521cea7ba3a3c93e45963b561492aa.cloudfront.net (CloudFront)
cf-cache-status
HIT
content-encoding
gzip
x-content-type-options
nosniff
age
100220
x-amz-cf-pop
MEL50-C1
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Fri, 23 Dec 2022 10:03:04 GMT
server
cloudflare
etag
W/"e27dcce9bea0c18f927485b6892b2b7b"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=1209600
cf-ray
78b219fe38db2b35-MEL
x-amz-cf-id
Qx4Pz_uyj4WNvTn4XsVYEjfojgyhnsRZajofnCKT7tGCw7rR8LwYlQ==
wUkYIiQvJCRsFzH
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/78b219fb09203772/1673990077086/ Frame E82C
61 B
166 B
Image
General
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/78b219fb09203772/1673990077086/wUkYIiQvJCRsFzH
Requested by
Host: login.commonoauth.cam
URL: https://login.commonoauth.cam/VqoPNeoA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.7.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a40c0f04249eeaaeaf54e443f17d61933451951772450edaac64ef1726110285

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/y0az9/0x4AAAAAAABxRnGwZKt04b6v/auto/normal
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 17 Jan 2023 21:14:37 GMT
server
cloudflare
cf-ray
78b219ff4d4f3772-MEL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type
image/png
MjjCDvo6cZZ1Vcr
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/78b219fb09203772/1673990077092/974416cacfb01d964e02e0d09af1395e9fc3ee5f6ddc51c80f3bf3455159a087/ Frame E82C
1 B
645 B
Fetch
General
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/78b219fb09203772/1673990077092/974416cacfb01d964e02e0d09af1395e9fc3ee5f6ddc51c80f3bf3455159a087/MjjCDvo6cZZ1Vcr
Requested by
Host: mygovato-au.web.app
URL: https://mygovato-au.web.app/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.7.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/y0az9/0x4AAAAAAABxRnGwZKt04b6v/auto/normal
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 17 Jan 2023 21:14:37 GMT
www-authenticate
PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gl0QWys-wHZZOAuDQmvE5Xp_D7l9t3FHIDzvzRVFZoIcAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAsB5nom4zwoHcXXx79Cbx3F4SdBJj3Q5Pwn0Xh_n-smKfZN2CSGKT8mXLLCEWU4RHHKBAC65vrdBScNgbROkyFrmmj2iO8254s6iUlWjWT_g_Ha0Kjz8gNDfuTRbQmfgbO6nLGJUKtIEepeA-qUCEALsKropvwOf-D6P0Ev9Chxqi6Qou9QLLv2lD3IsKB2x3hB_ve5dSpRn1o-YHKWxAehalc5Ua_0uu4tLUTscrl734rL7ZztFtfB-poE4u58KpiAc_QoBMyNyKAhJ4xscSlkscOud1lYx9-U-YCk3Ar4C8K1N1VTDMv4NBcd6wOfrLqlj-tZuj0bgRdmxDb420VQIDAQAB, max-age=15
server
cloudflare
cf-ray
78b21a018f923772-MEL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type
text/plain; charset=UTF-8
e
newassets.hcaptcha.com/i/b1686a2/ Frame 74F0
119 KB
119 KB
XHR
General
Full URL
https://newassets.hcaptcha.com/i/b1686a2/e
Requested by
Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/48ebaaf/hcaptcha.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd3947f47b01a151abd8b9f003e6b406e0d3408e2a904c15649e77103d7d171a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://newassets.hcaptcha.com/captcha/v1/48ebaaf/static/hcaptcha.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 17 Jan 2023 21:14:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 3b593385313db7b53d2e8b70fed2ab8c.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-content-type-options
nosniff
age
11743
x-amz-cf-pop
MEL50-C1
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
121651
last-modified
Fri, 23 Dec 2022 10:03:03 GMT
server
cloudflare
etag
"a4b1a83872a261cc5f82c62400df3719"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
78b21a025cfd2b35-MEL
x-amz-cf-id
8TgyOtkvGAcQ2xbgv5mPQTpEyGtCOL2E4XBsgavy9Bb9iPSQHcSl4A==
a38e006def07b63
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/0.7184496188534504:1673986006:EoqY9Ts4MHRbScB1BEJNnz0c3LoOT7g0L6cH8Jq-Iz8/78b219fb09203772/ Frame E82C
892 B
1 KB
XHR
General
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/0.7184496188534504:1673986006:EoqY9Ts4MHRbScB1BEJNnz0c3LoOT7g0L6cH8Jq-Iz8/78b219fb09203772/a38e006def07b63
Requested by
Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=78b219fb09203772
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.7.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e1b2cfbc5e926a892afb9da63f63fe97f350c1af1fe20deffe3f55ad96d626c

Request headers

Referer
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/y0az9/0x4AAAAAAABxRnGwZKt04b6v/auto/normal
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
CF-Challenge
a38e006def07b63
Content-type
application/x-www-form-urlencoded

Response headers

date
Tue, 17 Jan 2023 21:14:38 GMT
content-encoding
br
server
cloudflare
cf_chl_out
jeVadXPSL/baf3iHyEPcoHY13Ori0tAG8fqfl3G1seD3rvP7/KKmBGzdjS5Bpmynm1NU21OG63pcgx1hu1QPaA==$f9VedtIBglYbLwcJrYMyOA==
content-type
text/html; charset=UTF-8
cf_chl_out_s
5yFM2DeiT9KhHwxG/GjwW5a1D3ApkBwIZKwOLF4ZF0h7VWYtMaLbDNiFqrGj/EKXHs7cXQ5qUFaj+rt5oNMT92SBCCAR5AHhQDqY3gwW9+kryx7IXkECWN4nPrNNSTZZ33YTshJ/g+sfLYA5UxMHUYOxpq1H2AygkEa2DxrWjPxEOtvhT+kVCMvUxHhSyjP6yYLJY6euwkWJafxdOe+4rYTZjv3QvjPHvFuo6uMRF0nLFDa+TQUzFowC0drcdgCCravt8lM3WTDv05QiWfL68VobBQhdcaDJK7uxvjney3HIX1do8J3IbkIBqZcZW1PDmwmSKhFXTAV6NhVARd2Vz1RdgaZ0R1NJ0TUB/SPoUKCblzm3E+1PN4GBnnlZ7mNN$SN3DIZ61vuMJd+Gz2WPZtw==
cf-ray
78b21a0439a63772-MEL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| oncontentvisibilityautostatechange string| aemail function| verifyCallback_CF function| refreshCallBack function| switchToSecondCaptcha function| onloadTurnstileCallback function| incrementLoader object| cfChallengeAPI object| turnstile object| Raven object| hcaptcha object| grecaptcha number| ticker

1 Cookies

Domain/Path Name / Value
.challenges.cloudflare.com/ Name: __cf_bm
Value: r06GmI.8LFbAsr3_pr.7ubTQuisWueMIZA7nX4qHpVU-1673990076-0-Afxa3J/osYNmgQaAzEo3eJtmLx4SNfm8chrhKRpziO+STiRt/itxAH6e4rahX5tOMo1rqD2411709UP/+1H6zMc=

2 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network error URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/78b219fb09203772/1673990077092/974416cacfb01d964e02e0d09af1395e9fc3ee5f6ddc51c80f3bf3455159a087/MjjCDvo6cZZ1Vcr
Message:
Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload