urlscan.io logo urlscan.io
SecurityTrails logo

firefliesrade1.majstic.ir Open in urlscan Pro
172.67.174.148  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://firefliesrade1.majstic.ir/
Submission: On May 18 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 3 domains to perform 10 HTTP transactions. The main IP is 172.67.174.148, located in United States and belongs to CLOUDFLARENET, US. The main domain is firefliesrade1.majstic.ir.
TLS certificate: Issued by E1 on May 4th 2024. Valid for: 3 months.
This is the only time firefliesrade1.majstic.ir was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer) Generic Cloudflare (Online)

Domain & IP information

IP Address AS Autonomous System
1 6 172.67.174.148 13335 (CLOUDFLAR...)
1 3 104.17.2.184 13335 (CLOUDFLAR...)
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
2 2a06:98c1:312... 13335 (CLOUDFLAR...)
10 5
Apex Domain
Subdomains		 Transfer
6 majstic.ir
firefliesrade1.majstic.ir
10 KB
3 nov.ru
proiswm.nov.ru
comoet.nov.ru
104 KB
3 cloudflare.com
challenges.cloudflare.com — Cisco Umbrella Rank: 4500
14 KB
10 3
Domain Requested by
6 firefliesrade1.majstic.ir 1 redirects firefliesrade1.majstic.ir
3 challenges.cloudflare.com 1 redirects firefliesrade1.majstic.ir
challenges.cloudflare.com
2 comoet.nov.ru firefliesrade1.majstic.ir
1 proiswm.nov.ru firefliesrade1.majstic.ir
10 4

This site contains links to these domains. Also see Links.

Domain
www.microsoft.com
privacy.microsoft.com
login.live.com
go.microsoft.com
Subject Issuer Validity Valid
majstic.ir
E1		 2024-05-04 -
2024-08-02		 3 months crt.sh
proiswm.nov.ru
E1		 2024-04-29 -
2024-07-28		 3 months crt.sh
comoet.nov.ru
GTS CA 1P5		 2024-04-29 -
2024-07-28		 3 months crt.sh
challenges.cloudflare.com
Cloudflare Inc ECC CA-3		 2023-08-18 -
2024-08-17		 a year crt.sh

This page contains 2 frames:

Primary Page: https://firefliesrade1.majstic.ir/
Frame ID: 0F039A01F9DBEA8B96E863939C379DAF
Requests: 15 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vc8nr/0x4AAAAAAAY7DWZDDUa5uVxi/light/normal
Frame ID: C823FB805722B440CF97DECDDD9CA93D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Amazing Mountain

Page URL History Show full URLs

  1. https://firefliesrade1.majstic.ir/ Page URL
  2. https://firefliesrade1.majstic.ir/cdn-cgi/phish-bypass?atok=5ap422kv6MrRUKA6jXqajdAH0hvAyw49tTNjJoFZ09o-171602... HTTP 301
    https://firefliesrade1.majstic.ir/ Page URL

Page Statistics

10
Requests

90 %
HTTPS

50 %
IPv6

3
Domains

4
Subdomains

5
IPs

2
Countries

128 kB
Transfer

1692 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://firefliesrade1.majstic.ir/ Page URL
  2. https://firefliesrade1.majstic.ir/cdn-cgi/phish-bypass?atok=5ap422kv6MrRUKA6jXqajdAH0hvAyw49tTNjJoFZ09o-1716027832-0.0.1.1-%2F HTTP 301
    https://firefliesrade1.majstic.ir/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://challenges.cloudflare.com/turnstile/v0/api.js HTTP 302
  • https://challenges.cloudflare.com/turnstile/v0/b/695da7821231/api.js

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
firefliesrade1.majstic.ir/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://firefliesrade1.majstic.ir/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.174.148 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ff8c9bac46cc5179348c9df77dc63f1cc7aaed550b8a060af5ed71eb0a5118d
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cf-ray
885b22635ddb3a5e-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sat, 18 May 2024 10:23:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RWdCPQSJ1fKL1DjIboP4d2SPe9J4Q7tigzsb%2FwN%2Bwl7hFhsSf%2BTbkpJLjAIyLGwv7QE3K2j1%2BrtdVYf6SoTjiL3uJAW65G0tAwkAfnYP8oW1LWZjIvgKDDtKGUlnx8uCDF7ngoLB6TWJek3O"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
cf.errors.css
firefliesrade1.majstic.ir/cdn-cgi/styles/ 		23 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://firefliesrade1.majstic.ir/cdn-cgi/styles/cf.errors.css
Requested by
Host: firefliesrade1.majstic.ir
URL: https://firefliesrade1.majstic.ir/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.174.148 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://firefliesrade1.majstic.ir/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 18 May 2024 10:23:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 14 May 2024 13:45:29 GMT
server
cloudflare
etag
W/"66436af9-5df3"
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=7200, public
cf-ray
885b2263de8c3a5e-FRA
expires
Sat, 18 May 2024 12:23:52 GMT
icon-exclamation.png
firefliesrade1.majstic.ir/cdn-cgi/images/ 		452 B
635 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://firefliesrade1.majstic.ir/cdn-cgi/images/icon-exclamation.png?1376755637
Requested by
Host: firefliesrade1.majstic.ir
URL: https://firefliesrade1.majstic.ir/cdn-cgi/styles/cf.errors.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.174.148 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://firefliesrade1.majstic.ir/cdn-cgi/styles/cf.errors.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 18 May 2024 10:23:52 GMT
x-content-type-options
nosniff
last-modified
Tue, 14 May 2024 13:45:29 GMT
server
cloudflare
etag
"66436af9-1c4"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=7200, public
accept-ranges
bytes
cf-ray
885b22642f023a5e-FRA
content-length
452
expires
Sat, 18 May 2024 12:23:52 GMT
favicon.ico
firefliesrade1.majstic.ir/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://firefliesrade1.majstic.ir/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.174.148 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
679e7e62b81267c93d0778083ae0fd0efe24172ff0ac581835b54165b3d9ed43

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://firefliesrade1.majstic.ir/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 18 May 2024 10:23:53 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LfAbylt%2B92jQU2wmE1i6oZqfgFncCq7fBmys%2FMXT9UOIK9HDFeoykL%2F%2F49t5gV3j6fqzPYOjHtNzT3b%2Bv8O2TmfmcHHBxVU%2Bu98YtaIFBDImXidlrH3WgFjk2ViG0P3ah0%2BLJC7cv7TKiGEQ"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
private, no-cache, max-age=0
cf-ray
885b22648f743a5e-FRA
alt-svc
h3=":443"; ma=86400
Primary Request /
firefliesrade1.majstic.ir/
Redirect Chain
  • https://firefliesrade1.majstic.ir/cdn-cgi/phish-bypass?atok=5ap422kv6MrRUKA6jXqajdAH0hvAyw49tTNjJoFZ09o-1716027832-0.0.1.1-%2F
  • https://firefliesrade1.majstic.ir/
4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://firefliesrade1.majstic.ir/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.174.148 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3c5f5927f29797ce4d76cf0b44dc0aeee3e0ef32657e0f5392c13b99f92cae6

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://firefliesrade1.majstic.ir/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
885b228499463a5e-FRA
content-encoding
br
content-type
text/html
date
Sat, 18 May 2024 10:23:58 GMT
last-modified
Wed, 15 May 2024 09:15:19 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LDPfKKdktVXOyAbSVRJIUOj350J8fE0TQcS8eoSgDfaTAhvOE4fwkEkmZyBz5SBc1Jr333%2F5EXCwALm2%2FdnO2rqHkazxJqferHSGgI%2B1rlZbpRndNbebXl8oYew%2BqQxenJCTtmWSf71%2BkZw8"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

cache-control
private, no-cache
cf-ray
885b228448dc3a5e-FRA
content-length
167
content-type
text/html
date
Sat, 18 May 2024 10:23:58 GMT
location
https://firefliesrade1.majstic.ir/
server
cloudflare
x-content-type-options
nosniff
x-frame-options
DENY
api.js
challenges.cloudflare.com/turnstile/v0/b/695da7821231/
Redirect Chain
  • https://challenges.cloudflare.com/turnstile/v0/api.js
  • https://challenges.cloudflare.com/turnstile/v0/b/695da7821231/api.js
42 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://challenges.cloudflare.com/turnstile/v0/b/695da7821231/api.js
Requested by
Host: firefliesrade1.majstic.ir
URL: https://firefliesrade1.majstic.ir/
Protocol
H3
Server
104.17.2.184 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e158035a6f740b0245a027bf0d559c56782ebbeec7cab5a827083bd16aa47901

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://firefliesrade1.majstic.ir/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date
Sat, 18 May 2024 10:23:58 GMT
content-encoding
br
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=604800, public
cross-origin-resource-policy
cross-origin
cf-ray
885b2285ced53497-WAW
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Sat, 18 May 2024 10:23:58 GMT
server
cloudflare
vary
Accept-Encoding
location
/turnstile/v0/b/695da7821231/api.js
access-control-allow-origin
*
cache-control
max-age=300, public
cross-origin-resource-policy
cross-origin
cf-ray
885b22856e453497-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
code.php
proiswm.nov.ru/ 		2 MB
104 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://proiswm.nov.ru/code.php
Requested by
Host: firefliesrade1.majstic.ir
URL: https://firefliesrade1.majstic.ir/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
498e998e5c3068f8f08efb6c3d8cc05e2f972c2c10ceb0448234432de0c92696

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://firefliesrade1.majstic.ir/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 18 May 2024 10:23:59 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G6n4r98%2BQe2aHTwRGvz3UzSshYAJ3GLCVVCGGAy0aeJaITDyC6%2FNM67%2FBfCXDkoQx%2BIZqJ9X1NNLQFW%2Bl6iB8AIrj1QyThiVVYLGAsVsmPjEG%2BqF319xPFhOHLKWi8WD9lCK%2BeKeMWNGxWO97g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cf-ray
885b22867bff3611-FRA
alt-svc
h3=":443"; ma=86400
pro.php
comoet.nov.ru/ 		171 B
476 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://comoet.nov.ru/pro.php
Requested by
Host: firefliesrade1.majstic.ir
URL: https://firefliesrade1.majstic.ir/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf7db34ef47a466435bf24642517e154832d4c392880d694e598d5eee9b8cf2b

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Xsrf
6580c2acb29de72b8f4781ba8849a198c3bd6908
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 18 May 2024 10:23:59 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l1X5Zq4p884KtHHUlJR%2FvJWM88kH0%2FS6EaF%2Fe8SckE0sCMErcdVYcvt9p7U7PweOcdpDvDo%2F%2BsR4%2FPAMTGjvT3HjuGgUCPOu0DZ4UA3bAyizmvgPmj4HhMSYDe1pkj0WSwWv4mLt30hSgXnX"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
*
cf-ray
885b228c9f921c13-FRA
access-control-allow-headers
*
content-length
163
alt-svc
h3=":443"; ma=86400
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		513 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		7 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
55ce3b0ce5bc71339308107982cd7671f96014256ded0be36dc8062e64c847f1

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cbb3706e65b35a43bdcfebd23b5479dc0542ca7e23197869b683d12b524472fe

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		250 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8ed8f3acb9b87f99e42c74463d4e2be96ee85b8a87cd6eb874295ace420a5904

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vc8nr/0x4AAAAAAAY7DWZDDUa5uVxi/light/ Frame C823 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vc8nr/0x4AAAAAAAY7DWZDDUa5uVxi/light/normal
Requested by
Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/api.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.2.184 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-src https://challenges.cloudflare.com/; base-uri 'self'

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
alt-svc
h3=":443"; ma=86400
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
885b228c4cda3bcb-WAW
content-encoding
br
content-security-policy
frame-src https://challenges.cloudflare.com/; base-uri 'self'
content-type
text/html; charset=UTF-8
critical-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
cross-origin
date
Sat, 18 May 2024 10:23:59 GMT
document-policy
js-profiling
origin-agent-cluster
?1
permissions-policy
accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy
same-origin
server
cloudflare
pro.php
comoet.nov.ru/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://comoet.nov.ru/pro.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
xsrf
Access-Control-Request-Method
POST
Origin
https://firefliesrade1.majstic.ir
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
*
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
885b228c0ed21c13-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 18 May 2024 10:23:59 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lzLmWF8JtXUqU5MfNYK1A6xniiqC3bV0fKwS6qHdjfH1LGoKVwII3p3wNcU8GWvRtXwG6EY5TXDVLqoZ5TGam%2BX3mP1OEALt17D9fG1J%2B1CvNT9iRPxMeaOrMSCX8Ks%2BX4WYGJ%2FMq%2FJc0utU"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer) Generic Cloudflare (Online)

60 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| generateRandomTitle string| xsrftoken object| turnstile function| _0x4407 function| _0x2e359d function| _0x4c06 string| backgroundbg1 string| backgroundbg2 string| backgroundbg3 string| backgroundbg4 string| bannerlogo string| boilerone string| emaildisplay3 object| pserrmsg string| laurl function| whoami function| updateepm function| updatelaurl function| _0x3c80 function| PhoneAppNotification function| tryLogin function| previousStep function| previousStep1 function| previousStep2 function| previousStep3 function| previousStep4 function| showProgress function| hideProgress function| showLightbox function| hideLightbox function| processEmailFromUrl function| validateEmail function| handleEmailResponse function| showVerificationStep function| showProgress1 function| showLightbox1 function| showProgress2 function| showLightbox2 function| hideProgress2 function| hideLightbox2 function| showProgress10 function| showLightbox10 function| hideProgress10 function| hideLightbox10 function| updateUIElements function| submitForm function| OTPverifyP function| submitOTPP function| submitOTPS function| _0x7936 function| OTPverifyS function| CallVerify function| CallVerifyof function| tryLogincalloff function| tryLogincall function| handleTurnstileVerification function| initializeTurnstile object| cf_challenge_config

1 Cookies

Domain/Path Name / Value
.firefliesrade1.majstic.ir/ Name: __cf_mw_byp
Value: 5ap422kv6MrRUKA6jXqajdAH0hvAyw49tTNjJoFZ09o-1716027832-0.0.1.1-/

8 Console Messages

Source Level URL
Text
network error URL: https://firefliesrade1.majstic.ir/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()
security error URL: https://proiswm.nov.ru/code.php
Message:
The Content Security Policy 'default-src 'none'; font-src 'self' data:; img-src 'self' data:; style-src 'unsafe-inline'; media-src 'self' data:; script-src 'unsafe-inline' data:; object-src 'self' data:; frame-src 'self' data:;' was delivered via a <meta> element outside the document's <head>, which is disallowed. The policy has been ignored.
security error URL: https://proiswm.nov.ru/code.php
Message:
The Content Security Policy 'default-src 'none'; font-src 'self' data:; img-src 'self' data:; style-src 'unsafe-inline'; media-src 'self' data:; script-src 'unsafe-inline' data:; object-src 'self' data:; frame-src 'self' data:;' was delivered via a <meta> element outside the document's <head>, which is disallowed. The policy has been ignored.
security error URL: https://proiswm.nov.ru/code.php
Message:
The Content Security Policy 'default-src 'none'; font-src 'self' data:; img-src 'self' data:; style-src 'unsafe-inline'; media-src 'self' data:; script-src 'unsafe-inline' data:; object-src 'self' data:; frame-src 'self' data:;' was delivered via a <meta> element outside the document's <head>, which is disallowed. The policy has been ignored.
security error URL: https://proiswm.nov.ru/code.php
Message:
The Content Security Policy 'default-src 'none'; font-src 'self' data:; img-src 'self' data:; style-src 'unsafe-inline'; media-src 'self' data:; script-src 'unsafe-inline' data:; object-src 'self' data:; frame-src 'self' data:;' was delivered via a <meta> element outside the document's <head>, which is disallowed. The policy has been ignored.
security error URL: https://proiswm.nov.ru/code.php
Message:
The Content Security Policy 'default-src 'none'; font-src 'self' data:; img-src 'self' data:; style-src 'unsafe-inline'; media-src 'self' data:; script-src 'unsafe-inline' data:; object-src 'self' data:; frame-src 'self' data:;' was delivered via a <meta> element outside the document's <head>, which is disallowed. The policy has been ignored.
security error URL: https://proiswm.nov.ru/code.php
Message:
The Content Security Policy 'default-src 'none'; font-src 'self' data:; img-src 'self' data:; style-src 'unsafe-inline'; media-src 'self' data:; script-src 'unsafe-inline' data:; object-src 'self' data:; frame-src 'self' data:;' was delivered via a <meta> element outside the document's <head>, which is disallowed. The policy has been ignored.
recommendation verbose URL: https://firefliesrade1.majstic.ir/
Message:
[DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN