mailsactivation.nl Open in urlscan Pro
172.67.162.89 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://gigpalooza.com/authns2/index.php
Effective URL:
https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php
Submission: On August 01 via manual (August 1st 2024, 10:59:07 pm UTC) from AU — Scanned from AU

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 15 HTTP transactions. The main IP is 172.67.162.89, located in United States and belongs to CLOUDFLARENET, US. The main domain is mailsactivation.nl.
TLS certificate: Issued by WE1 on June 13th 2024. Valid for: 3 months.

This is the only time mailsactivation.nl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	3.72.134.250 3.72.134.250	16509 (AMAZON-02) (AMAZON-02)
1 2	87.240.132.67 87.240.132.67	47541 (VKONTAKTE...) (VKONTAKTE-SPB-AS vk.com)
1	95.163.41.56 95.163.41.56	47764 (VK-AS) (VK-AS)
2 13	172.67.162.89 172.67.162.89	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	4

1 3.72.134.250 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server.logicspice.com

gigpalooza.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 87.240.132.67 (Russian Federation) 1 redirects

ASN47541 (VKONTAKTE-SPB-AS vk.com, RU)
PTR: srv67-132-240-87.vk.com

vk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
away.vk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.163.41.56 (Russian Federation)

ASN47764 (VK-AS, RU)
PTR: r.mail.ru

ad.mail.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 172.67.162.89 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

mailsactivation.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	mailsactivation.nl 2 redirects mailsactivation.nl	34 KB
2	vk.com 1 redirects vk.com — Cisco Umbrella Rank: 4208 away.vk.com — Cisco Umbrella Rank: 109448	2 KB
1	mail.ru ad.mail.ru — Cisco Umbrella Rank: 8659 privacy-cs.mail.ru Failed	37 KB
1	gigpalooza.com 1 redirects gigpalooza.com	343 B
15	4

	Domain	Requested by
13	mailsactivation.nl	2 redirects away.vk.com mailsactivation.nl
1	ad.mail.ru	away.vk.com
1	away.vk.com
1	vk.com	1 redirects
1	gigpalooza.com	1 redirects
0	privacy-cs.mail.ru Failed	ad.mail.ru
15	6

This site contains no links.

Subject Issuer	Validity	Valid
*.vk.com GlobalSign ECC OV SSL CA 2018	`2024-02-14` - `2025-03-02`	a year	crt.sh
*.mail.ru GlobalSign ECC OV SSL CA 2018	`2023-10-06` - `2024-11-06`	a year	crt.sh
mailsactivation.nl WE1	`2024-06-13` - `2024-09-11`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php
Frame ID: C2F32BBB307726AF86C37CF4DFC3C20F
Requests: 12 HTTP requests in this frame

Frame: https://mailsactivation.nl/cdn-cgi/challenge-platform/h/b/scripts/jsd/8c81cb09042c/main.js
Frame ID: E5DBC828519D709CE39B7E138D0A8584
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

403 Forbidden

Page URL History Show full URLs

https://gigpalooza.com/authns2/index.php HTTP 302
http://vk.com/away.php?to=https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php HTTP 307
https://vk.com/away.php?to=https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php HTTP 302
https://away.vk.com/away.php?rh=73686b2d-fdf7-4675-bca8-5196c26bafa2 Page URL
https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php Page URL
https://mailsactivation.nl/cdn-cgi/phish-bypass?atok=wUtyrXyhg5EeSqhn4u5LYwQkhgq0fxsd84VWFYPkrFk-172255... HTTP 301
https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php Page URL
https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

15
Requests

80 %
HTTPS

0 %
IPv6

4
Domains

6
Subdomains

4
IPs

3
Countries

72 kB
Transfer

201 kB
Size

17
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://gigpalooza.com/authns2/index.php HTTP 302
http://vk.com/away.php?to=https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php HTTP 307
https://vk.com/away.php?to=https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php HTTP 302
https://away.vk.com/away.php?rh=73686b2d-fdf7-4675-bca8-5196c26bafa2 Page URL
https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php Page URL
https://mailsactivation.nl/cdn-cgi/phish-bypass?atok=wUtyrXyhg5EeSqhn4u5LYwQkhgq0fxsd84VWFYPkrFk-1722553137-0.0.1.1-%2FErorr%2FMyGov-au%2Fgov-au%2Findex.php HTTP 301
https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php Page URL
https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://gigpalooza.com/authns2/index.php HTTP 302
http://vk.com/away.php?to=https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php HTTP 307
https://vk.com/away.php?to=https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php HTTP 302
https://away.vk.com/away.php?rh=73686b2d-fdf7-4675-bca8-5196c26bafa2

Request Chain 8

https://mailsactivation.nl/cdn-cgi/phish-bypass?atok=wUtyrXyhg5EeSqhn4u5LYwQkhgq0fxsd84VWFYPkrFk-1722553137-0.0.1.1-%2FErorr%2FMyGov-au%2Fgov-au%2Findex.php HTTP 301
https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php

Request Chain 10

https://mailsactivation.nl/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://mailsactivation.nl/cdn-cgi/challenge-platform/h/b/scripts/jsd/8c81cb09042c/main.js

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

away.php Show response
away.vk.com/
Redirect Chain

https://gigpalooza.com/authns2/index.php
http://vk.com/away.php?to=https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php
https://vk.com/away.php?to=https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php
https://away.vk.com/away.php?rh=73686b2d-fdf7-4675-bca8-5196c26bafa2

618 B
874 B

357ms
348ms

Document
text/html

87.240.132.67
VKONTAKTE-SPB-AS ...

General

Check archive.org

Show headers Download Go to

Full URL

https://away.vk.com/away.php?rh=73686b2d-fdf7-4675-bca8-5196c26bafa2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

87.240.132.67 , Russian Federation, ASN47541 (VKONTAKTE-SPB-AS vk.com, RU),

Reverse DNS

srv67-132-240-87.vk.com

Software

kittenx / KPHP/7.4.117845

Resource Hash

7ce52e97002cc0511006eb01da71ced09a3326c314279cf1ad5cf01fc6cff110

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-expose-headers: X-Frontend
cache-control: no-store
content-encoding: gzip
content-length: 333
content-type: text/html; charset=windows-1251
date: Thu, 01 Aug 2024 22:58:55 GMT
server: kittenx
x-frame-options: DENY
x-frontend: front918400
x-powered-by: KPHP/7.4.117845
x-trace-id: JR3zYtfy-DjEe84alrdJWiWKQs8TQw

Redirect headers

access-control-expose-headers: X-Frontend
cache-control: no-store
content-encoding: gzip
content-length: 20
content-type: text/html; charset=windows-1251
date: Thu, 01 Aug 2024 22:58:54 GMT
location: https://away.vk.com/away.php?rh=73686b2d-fdf7-4675-bca8-5196c26bafa2
origin-agent-cluster: ?0
server: kittenx
strict-transport-security: max-age=15768000
x-frame-options: DENY
x-frontend: front918400
x-powered-by: KPHP/7.4.117845
x-trace-id: dvnYypiQ3Ie8XhtnSLNMW4kfFVv7zw

GET
H2 200 sync-loader.js Show response
ad.mail.ru/static/ 143 KB
37 KB 1241ms
299ms Script
application/javascript 95.163.41.56
VK-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mail.ru/static/sync-loader.js
Requested by: Host: away.vk.com
URL: https://away.vk.com/away.php?rh=73686b2d-fdf7-4675-bca8-5196c26bafa2
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 95.163.41.56 , Russian Federation, ASN47764 (VK-AS, RU),
Reverse DNS: r.mail.ru
Software: nginx /
Resource Hash: b36942f73c0dc83452af737dc5c92e650b10395f71fc1931b828ff6af79cf6e9

Request headers

Referer: https://away.vk.com/
Origin: https://away.vk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 01 Aug 2024 22:58:56 GMT
content-encoding: gzip
server: nginx
content-type: application/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=600
timing-allow-origin: *
expires: Thu, 01 Aug 2024 23:08:56 GMT

GET
H2 200 index.php Show response
mailsactivation.nl/Erorr/MyGov-au/gov-au/ 4 KB
2 KB 34ms
8ms Document
text/html 172.67.162.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php

Requested by

Host: away.vk.com
URL: https://away.vk.com/away.php?rh=73686b2d-fdf7-4675-bca8-5196c26bafa2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.162.89 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa9dd20705b9e049a6b955cc5d53309b2b294f9f5bd43df7db2767a6fddf2fce

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://away.vk.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

cf-ray: 8ac96f943e025723-SYD
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 01 Aug 2024 22:58:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nVEV7kxMTRkTMvr%2BcGa5t608t0KZgnEwq%2FgWhvCttdKcKle%2Bd6VqSJXI1vzNU7YvDGAY3Wy2lbxrv%2B%2Ff9Ulq8TIaPRL9jNFP2oZyjbWSjanrgjf5q5IgeblHWkUrSeidAQfgn4c%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

POST /
privacy-cs.mail.ru/fp/ 0
0

OPTIONS /
privacy-cs.mail.ru/fp/ Frame 0
0

GET
H2 200 cf.errors.css
mailsactivation.nl/cdn-cgi/styles/ 23 KB
5 KB 6ms
6ms Stylesheet
text/css 172.67.162.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mailsactivation.nl/cdn-cgi/styles/cf.errors.css

Requested by

Host: mailsactivation.nl
URL: https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.162.89 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 01 Aug 2024 22:58:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2024 16:34:40 GMT
server: cloudflare
etag: W/"669fdba0-5df3"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 8ac96f944e1a5723-SYD
expires: Fri, 02 Aug 2024 00:58:57 GMT

GET
H2 200 icon-exclamation.png
mailsactivation.nl/cdn-cgi/images/ 452 B
540 B 6ms
6ms Image
image/png 172.67.162.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mailsactivation.nl/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: mailsactivation.nl
URL: https://mailsactivation.nl/cdn-cgi/styles/cf.errors.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.162.89 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://mailsactivation.nl/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 01 Aug 2024 22:58:57 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2024 16:34:40 GMT
server: cloudflare
etag: "669fdba0-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 8ac96f946e375723-SYD
content-length: 452
expires: Fri, 02 Aug 2024 00:58:57 GMT

GET
H2 403 favicon.ico
mailsactivation.nl/ 548 B
579 B 16ms
15ms Other
text/html 172.67.162.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mailsactivation.nl/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.162.89 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: public
date: Thu, 01 Aug 2024 22:58:57 GMT
content-encoding: br
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 931599
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LiekL2fHzBOHV0f6sBTF8RckKh%2Fd6uycMlGUWQ%2F9qY1T0Z91jUb1T0Kd0M06ir4NrfjZHYVVwDEwPOqMibxP9nKX4sDyw9n87oO1%2F85BVHAIFYhLlwIek89hE4C%2FrpdLbI0z3O0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutable
cf-ray: 8ac96f948e465723-SYD
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block

GET
H2

503

index.php Show response
mailsactivation.nl/Erorr/MyGov-au/gov-au/
Redirect Chain

https://mailsactivation.nl/cdn-cgi/phish-bypass?atok=wUtyrXyhg5EeSqhn4u5LYwQkhgq0fxsd84VWFYPkrFk-1722553137-0.0.1.1-%2FErorr%2FMyGov-au%2Fgov-au%2Findex.php
https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php

19 KB
20 KB

686ms
685ms

Document
text/html

172.67.162.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.162.89 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19c994b78e5ac0f606198ab0dc6f48828064af0d2ff680a3abf317457158e5e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Referer: https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 8ac96fb3bf855723-SYD
content-type: text/html; charset=utf-8
date: Thu, 01 Aug 2024 22:59:03 GMT
expires: 0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D%2B%2BEW3W9AthpILw10dVeqNlup3pIhnB84G1%2Fc6DkpEmlI1jacW8lrdMxbEmZrbt3jYiTlxG9dqO%2BNbwItovpvbKVwbKsVi76BCX3SYe%2FT7CiFqx%2Fv6krxOxOzb9MgxpCw7f84B8%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-content-type-options: nosniff nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block 1; mode=block

Redirect headers

cache-control: private, no-cache
cf-ray: 8ac96fb3bf765723-SYD
content-length: 167
content-type: text/html
date: Thu, 01 Aug 2024 22:59:02 GMT
location: https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

POST
H3 204 index.php
mailsactivation.nl/Erorr/MyGov-au/gov-au/ 0
907 B 948ms
947ms XHR
text/plain 172.67.162.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php

Requested by

Host: away.vk.com
URL: https://away.vk.com/away.php?rh=73686b2d-fdf7-4675-bca8-5196c26bafa2

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.162.89 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

X-Requested-TimeStamp-Expire
NotC1XBCN9ybBZQFlkf3HyBkAs: 21322825
X-Requested-TimeStamp-Combination
X-Requested-Type-Combination: GET
68ue2rzYzg2xaatSnaq38XNw4: lQBHrXHhCiTyjhGcdmsCjSlwFm0
Content-type: application/x-www-form-urlencoded
X-Requested-Type: GET
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Referer: https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php
X-Requested-with: XMLHttpRequest
X-Requested-TimeStamp

Response headers

pragma: no-cache
date: Thu, 01 Aug 2024 22:59:04 GMT
x-content-type-options: nosniff, nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c3yXsSyuMbiHZj6ow7%2FSy1MPvNI1g9nq4bnp4yKOPS6sr1t9cpI2EnyNfomYCi62vbNLPbG9fZJwfDKIK3j0dJJujc5N7WNMrgm%2B7u%2Bhxdr96ArYalawOlPYxXQ%2BpkCsdICnmDY%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 8ac96fba182fa979-SYD
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block
expires: 0

GET
H3

200

main.js Show response
mailsactivation.nl/cdn-cgi/challenge-platform/h/b/scripts/jsd/8c81cb09042c/ Frame E5DB
Redirect Chain

https://mailsactivation.nl/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://mailsactivation.nl/cdn-cgi/challenge-platform/h/b/scripts/jsd/8c81cb09042c/main.js?

8 KB
4 KB

17ms
17ms

Script
application/javascript

172.67.162.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mailsactivation.nl/cdn-cgi/challenge-platform/h/b/scripts/jsd/8c81cb09042c/main.js?

Protocol

Server

172.67.162.89 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f155e4f5fae9b137429ace398c97aca236b1b6b18c096f722768230c7ed720ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 01 Aug 2024 22:59:03 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1Glt2MlRzAzY2lVMntkJ%2FDi2LfNqrGpXLD2rogvVDmnJ2%2Fr6jjHTwlQyQ5zY0NGOK3HSsz3Mespqd6XHQeHhTJJR87nT0wGiLJp45MTS8%2BvbT7Tp1ZuI32tos%2FJHjy%2Bn7%2FsrY98%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray: 8ac96fba285da979-SYD
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Thu, 01 Aug 2024 22:59:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fZUpQaFzyknoj%2B2wB14WTUdXojxKXdKhwTgaDzru4NTB8uzGZDHVyaUclN%2Bkaw6xZkUQKoB4a5HR7rwYla0oTvOf4XaC6dY%2BW2xpzcQcCtZXYvT3voeMv9MB5baOjR%2FP3KbJxvc%3D"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/8c81cb09042c/main.js?
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray: 8ac96fba1832a979-SYD
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 403 favicon.ico
mailsactivation.nl/ 548 B
0 0ms
0ms Other
text/html 172.67.162.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mailsactivation.nl/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.162.89 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: public
date: Thu, 01 Aug 2024 22:58:57 GMT
content-encoding: br
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 931599
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LiekL2fHzBOHV0f6sBTF8RckKh%2Fd6uycMlGUWQ%2F9qY1T0Z91jUb1T0Kd0M06ir4NrfjZHYVVwDEwPOqMibxP9nKX4sDyw9n87oO1%2F85BVHAIFYhLlwIek89hE4C%2FrpdLbI0z3O0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutable
cf-ray: 8ac96f948e465723-SYD
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block

POST
H3 200 8ac96fb3bf855723 Show response
mailsactivation.nl/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame E5DB 0
686 B 26ms
21ms XHR
text/plain 172.67.162.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mailsactivation.nl/cdn-cgi/challenge-platform/h/b/jsd/r/8ac96fb3bf855723
Requested by: Host: mailsactivation.nl
URL: https://mailsactivation.nl/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.162.89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 01 Aug 2024 22:59:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yOsQirZ0IOQBJUIBMyx0rRYwozzI%2F1kk0AP40JE0YfHldq4H2jP7EFNLcA0LKeMc0hqq9SwB35B%2FzT8S58Ih6P6wre9MCgFuCo6zmq5rMu2ppG1T0%2F2kaHHN7v9e0dROBk51fjE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 8ac96fbab8eca979-SYD
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 403 Primary Request index.php Show response
mailsactivation.nl/Erorr/MyGov-au/gov-au/ 548 B
550 B 341ms
341ms Document
text/html 172.67.162.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php

Requested by

Host: away.vk.com
URL: https://away.vk.com/away.php?rh=73686b2d-fdf7-4675-bca8-5196c26bafa2

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.162.89 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Referer: https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8ac96fc00da0a979-SYD
content-encoding: br
content-type: text/html
date: Thu, 01 Aug 2024 22:59:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SHRpcU4KmAfEXoHLvnm4Y%2FporycuHwaGWYbXX4GGm3LBbEDGPWR8%2FPYnucA6s2t3K1mfDhRct%2BtAEPHE%2Bv6FjMMA72SPYw6nDjFsI1Pl8zdKuKdnNXOfSQkWd8wMZlty2cIkn7Y%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff nosniff
x-xss-protection: 1; mode=block 1; mode=block

GET
H2 403 favicon.ico
mailsactivation.nl/ 548 B
0 0ms
0ms Other
text/html 172.67.162.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mailsactivation.nl/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.162.89 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: public
date: Thu, 01 Aug 2024 22:58:57 GMT
content-encoding: br
x-content-type-options: nosniff, nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 931599
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LiekL2fHzBOHV0f6sBTF8RckKh%2Fd6uycMlGUWQ%2F9qY1T0Z91jUb1T0Kd0M06ir4NrfjZHYVVwDEwPOqMibxP9nKX4sDyw9n87oO1%2F85BVHAIFYhLlwIek89hE4C%2FrpdLbI0z3O0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutable
cf-ray: 8ac96f948e465723-SYD
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: privacy-cs.mail.ru
URL: https://privacy-cs.mail.ru/fp/?id=pKXHPVMpJkqGINFMvdK0x

Domain: privacy-cs.mail.ru
URL: https://privacy-cs.mail.ru/fp/?id=pKXHPVMpJkqGINFMvdK0x

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.vk.com/	1970-01-21 07:05:12	Name: remixlang Value: 3
.vk.com/	1970-01-21 07:14:49	Name: remixstlid Value: 9098436249129125195_cpy78f8oCxbrY0JTZZFmLJ4VqUA3OkNEubADSa7Qvvo
.vk.com/	1970-01-21 07:09:31	Name: remixua Value: -1%7C-1%7C213%7C1325429465
away.vk.com/	1970-01-20 22:39:17	Name: domain_sid Value: pKXHPVMpJkqGINFMvdK0x%3A1722553137281
.mailsactivation.nl/	1970-01-20 22:30:39	Name: __cf_mw_byp Value: wUtyrXyhg5EeSqhn4u5LYwQkhgq0fxsd84VWFYPkrFk-1722553137-0.0.1.1-/Erorr/MyGov-au/gov-au/index.php
mailsactivation.nl/	1970-01-20 22:30:39	Name: _8zup1pdQApxBcQH38kcizbQ-KA Value: Bb7RnVB8P6k7khDLPan_0W6uUkE
mailsactivation.nl/	1970-01-20 22:30:39	Name: b22c6AgJTYKsErpnAfHiudT-YdY Value: 1722553131
mailsactivation.nl/	1970-01-20 22:30:39	Name: fIjaf_hIiXearFsV7LH42RfZAik Value: 1722639531
mailsactivation.nl/	1970-01-20 22:30:39	Name: IHM-dMgNBUVLvRjrh_t2VWtDrNk Value: 1EcR8yx2zZ3ZwOPcr7pN8o6fA1g
mailsactivation.nl/	1970-01-20 22:30:39	Name: B8THBwGLbOiiidPimxhPjopcfGE Value: 1P8GalHtxQGPNjL3wR1zIkFJyKQ
mailsactivation.nl/	1970-01-20 22:30:39	Name: Oed1G3er3nCILfhmvut3gXfzx5U Value: EjC9ZpByw7o1ApGmvpKbvg506GM
.mailsactivation.nl/	1970-01-21 07:14:49	Name: cf_clearance Value: nG3VSTxszDFuZGUmn_o7_53Ub06Yszih3Ag4g5nWlJQ-1722553143-1.0.1.1-C.DmUIEOj0Qm8pfSAPf5gPQ4f69bCeugS7yrf6kz.l9j1sZO7E9MJxTF0xRzD.EEWvjVSa8UfEi1Azle6vw0xA
mailsactivation.nl/	1970-01-20 22:30:39	Name: dAxxy03s2btyrCkhKOznFnpXHlY Value: 3kd6pqMqiJMrglmIEMGIfeLgoNg
mailsactivation.nl/	1970-01-20 22:30:39	Name: Lzzr9SdrMzNVP9ckkUZgdUaeNjo Value: 1722553144
mailsactivation.nl/	1970-01-20 22:30:39	Name: Tj-9JM5jkpyLXu_L8v6ifIyS5fU Value: 1722639544
mailsactivation.nl/	1970-01-20 22:30:39	Name: Xd8dx0nm0Vkb7frzXE2cPfetMVo Value: dn85dmtqfLQCMf9rqI6i7l4Tkgs
mailsactivation.nl/	1970-01-20 22:30:39	Name: FNBH7Ydvk3PF9Rp_8H1QhEceO3E Value: VWWfiE6cIE0uY69Wg2hCwPMq-P8

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	info	URL: https://ad.mail.ru/static/sync-loader.js(Line 4) Message: WebGPU is experimental on this platform. See https://github.com/gpuweb/gpuweb/wiki/Implementation-Status#implementation-status
rendering	warning	URL: https://ad.mail.ru/static/sync-loader.js(Line 4) Message: Failed to create WebGPU Context Provider
network	error	URL: https://mailsactivation.nl/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://mailsactivation.nl/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://mailsactivation.nl/Erorr/MyGov-au/gov-au/index.php Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://mailsactivation.nl/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.mail.ru
away.vk.com
gigpalooza.com
mailsactivation.nl
privacy-cs.mail.ru
vk.com
privacy-cs.mail.ru
172.67.162.89
3.72.134.250
87.240.132.67
95.163.41.56
19c994b78e5ac0f606198ab0dc6f48828064af0d2ff680a3abf317457158e5e9
25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393
7ce52e97002cc0511006eb01da71ced09a3326c314279cf1ad5cf01fc6cff110
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
aa9dd20705b9e049a6b955cc5d53309b2b294f9f5bd43df7db2767a6fddf2fce
b36942f73c0dc83452af737dc5c92e650b10395f71fc1931b828ff6af79cf6e9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f155e4f5fae9b137429ace398c97aca236b1b6b18c096f722768230c7ed720ff
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

mailsactivation.nl Open in urlscan Pro 172.67.162.89 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

80 %HTTPS

0 %IPv6

4 Domains

6 Subdomains

4 IPs

3 Countries

72 kBTransfer

201 kBSize

17 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

17 Cookies

7 Console Messages

Security Headers

Indicators

mailsactivation.nl Open in urlscan Pro
172.67.162.89 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

80 %
HTTPS

0 %
IPv6

4
Domains

6
Subdomains

4
IPs

3
Countries

72 kB
Transfer

201 kB
Size

17
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!