urlscan.io logo urlscan.io
SecurityTrails logo

ledger-actuel-clearsign.com Open in urlscan Pro
147.45.126.50  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://r.emailblue.hardbacon.ca/mk/cl/f/sh/7nVU1aA2nfsTSXovTyIB7vQaIL0zvYP/xR5RfYuyGaWM
Effective URL: https://ledger-actuel-clearsign.com/
Submission: On November 20 via api from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 8 domains to perform 9 HTTP transactions. The main IP is 147.45.126.50, located in Russian Federation and belongs to GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP, GB. The main domain is ledger-actuel-clearsign.com.
TLS certificate: Issued by R11 on November 19th 2024. Valid for: 3 months.
This is the only time ledger-actuel-clearsign.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Ledger (Crypto Exchange)

Domain & IP information

IP Address AS Autonomous System
1 1.179.112.196 396982 (GOOGLE-CL...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
2 2 108.167.188.247 19871 (NETWORK-S...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
3 147.45.126.50 215540 (GCS-AS GL...)
2 2a04:4e42:600... 54113 (FASTLY)
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a04:4e42::649 54113 (FASTLY)
9 7
1    1.179.112.196 (France)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
r.emailblue.hardbacon.ca
1    2606:4700:4400::6812:278d (United States)

ASN13335 (CLOUDFLARENET, US)
sibautomation.com
2    108.167.188.247 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: br416-ip03.hostgator.com.br
fastlinkbr.com
1    2606:4700:3033::ac43:8950 (United States)

ASN13335 (CLOUDFLARENET, US)
winter-best-done.com
3    147.45.126.50 (Russian Federation)

ASN215540 (GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP, GB)
PTR: 43774.ip-ptr.tech
ledger-actuel-clearsign.com
2    2a04:4e42:600::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
2    2606:4700::6812:15c4 (United States)

ASN13335 (CLOUDFLARENET, US)
www.ledger.com
ledger-wp-website-s3-prd.ledger.com
1    2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
Apex Domain
Subdomains		 Transfer
3 ledger-actuel-clearsign.com
ledger-actuel-clearsign.com
881 KB
2 ledger.com
www.ledger.com — Cisco Umbrella Rank: 51810
ledger-wp-website-s3-prd.ledger.com — Cisco Umbrella Rank: 601869
7 KB
2 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 318
3 KB
2 fastlinkbr.com
fastlinkbr.com
460 B
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 847
30 KB
1 winter-best-done.com
winter-best-done.com
648 B
1 sibautomation.com
sibautomation.com — Cisco Umbrella Rank: 23280
1 hardbacon.ca
r.emailblue.hardbacon.ca
755 B
9 8
Domain Requested by
3 ledger-actuel-clearsign.com r.emailblue.hardbacon.ca
ledger-actuel-clearsign.com
2 cdn.jsdelivr.net ledger-actuel-clearsign.com
cdn.jsdelivr.net
2 fastlinkbr.com 2 redirects
1 code.jquery.com ledger-actuel-clearsign.com
1 ledger-wp-website-s3-prd.ledger.com ledger-actuel-clearsign.com
1 www.ledger.com 1 redirects
1 winter-best-done.com 1 redirects
1 sibautomation.com r.emailblue.hardbacon.ca
1 r.emailblue.hardbacon.ca
9 9

This site contains links to these domains. Also see Links.

Domain
www.ledger.com
shop.ledger.com
Subject Issuer Validity Valid
r.emailblue.hardbacon.ca
R11		 2024-09-15 -
2024-12-14		 3 months crt.sh
sibautomation.com
WE1		 2024-10-03 -
2025-01-01		 3 months crt.sh
ledger-actuel-clearsign.com
R11		 2024-11-19 -
2025-02-17		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2024 Q3		 2024-07-30 -
2025-08-31		 a year crt.sh
*.jquery.com
Sectigo ECC Domain Validation Secure Server CA		 2024-06-25 -
2025-06-25		 a year crt.sh

This page contains 2 frames:

Primary Page: https://ledger-actuel-clearsign.com/
Frame ID: B74E6751B0B544FFF1C96F7159C61353
Requests: 9 HTTP requests in this frame

Frame: https://sibautomation.com/cm.html?id=1544184
Frame ID: F803DDAEC2C289FDD925608E8F78FF04
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Ledger Recover

Page URL History Show full URLs

  1. http://r.emailblue.hardbacon.ca/mk/cl/f/sh/7nVU1aA2nfsTSXovTyIB7vQaIL0zvYP/xR5RfYuyGaWM HTTP 307
    https://r.emailblue.hardbacon.ca/mk/cl/f/sh/7nVU1aA2nfsTSXovTyIB7vQaIL0zvYP/xR5RfYuyGaWM Page URL
  2. https://fastlinkbr.com/images HTTP 301
    https://fastlinkbr.com/images/ HTTP 302
    https://winter-best-done.com/ HTTP 302
    https://ledger-actuel-clearsign.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

9
Requests

89 %
HTTPS

63 %
IPv6

8
Domains

9
Subdomains

7
IPs

3
Countries

920 kB
Transfer

1293 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://r.emailblue.hardbacon.ca/mk/cl/f/sh/7nVU1aA2nfsTSXovTyIB7vQaIL0zvYP/xR5RfYuyGaWM HTTP 307
    https://r.emailblue.hardbacon.ca/mk/cl/f/sh/7nVU1aA2nfsTSXovTyIB7vQaIL0zvYP/xR5RfYuyGaWM Page URL
  2. https://fastlinkbr.com/images HTTP 301
    https://fastlinkbr.com/images/ HTTP 302
    https://winter-best-done.com/ HTTP 302
    https://ledger-actuel-clearsign.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://r.emailblue.hardbacon.ca/mk/cl/f/sh/7nVU1aA2nfsTSXovTyIB7vQaIL0zvYP/xR5RfYuyGaWM HTTP 307
  • https://r.emailblue.hardbacon.ca/mk/cl/f/sh/7nVU1aA2nfsTSXovTyIB7vQaIL0zvYP/xR5RfYuyGaWM
Request Chain 4
  • https://www.ledger.com/wp-content/uploads/2023/03/Recover-X-coincover.png HTTP 301
  • https://ledger-wp-website-s3-prd.ledger.com/uploads/2023/03/Recover-X-coincover.png

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
xR5RfYuyGaWM
r.emailblue.hardbacon.ca/mk/cl/f/sh/7nVU1aA2nfsTSXovTyIB7vQaIL0zvYP/
Redirect Chain
  • http://r.emailblue.hardbacon.ca/mk/cl/f/sh/7nVU1aA2nfsTSXovTyIB7vQaIL0zvYP/xR5RfYuyGaWM
  • https://r.emailblue.hardbacon.ca/mk/cl/f/sh/7nVU1aA2nfsTSXovTyIB7vQaIL0zvYP/xR5RfYuyGaWM
607 B
755 B 		Document
General
Check archive.org
Download Go to
Full URL
https://r.emailblue.hardbacon.ca/mk/cl/f/sh/7nVU1aA2nfsTSXovTyIB7vQaIL0zvYP/xR5RfYuyGaWM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
1.179.112.196 , France, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
/
Resource Hash
71fb93318e66af989f2b0bc13ad74bc858ff560cfbb3df98c643cc5eb8dd5258
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

content-length
607
content-type
text/html; charset=utf-8
date
Wed, 20 Nov 2024 08:51:51 GMT
x-content-type-options
nosniff
x-sib-server
gke-public-cluster-v2-1-179-112-136
x-xss-protection
1

Redirect headers

Location
https://r.emailblue.hardbacon.ca/mk/cl/f/sh/7nVU1aA2nfsTSXovTyIB7vQaIL0zvYP/xR5RfYuyGaWM
Non-Authoritative-Reason
HttpsUpgrades
cm.html
sibautomation.com/ Frame F803 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://sibautomation.com/cm.html?id=1544184
Requested by
Host: r.emailblue.hardbacon.ca
URL: https://r.emailblue.hardbacon.ca/mk/cl/f/sh/7nVU1aA2nfsTSXovTyIB7vQaIL0zvYP/xR5RfYuyGaWM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:278d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Sails <sailsjs.com>
Resource Hash

Request headers

Referer
https://r.emailblue.hardbacon.ca/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
age
18765
cache-control
public, max-age=7200
cf-cache-status
HIT
cf-ray
8e573357cd10a26d-YUL
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 20 Nov 2024 08:51:51 GMT
expires
Wed, 20 Nov 2024 10:51:51 GMT
server
cloudflare
vary
Accept-Encoding
x-powered-by
Sails <sailsjs.com>
Primary Request /
ledger-actuel-clearsign.com/
Redirect Chain
  • https://fastlinkbr.com/images
  • https://fastlinkbr.com/images/
  • https://winter-best-done.com/
  • https://ledger-actuel-clearsign.com/
24 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ledger-actuel-clearsign.com/
Requested by
Host: r.emailblue.hardbacon.ca
URL: https://r.emailblue.hardbacon.ca/mk/cl/f/sh/7nVU1aA2nfsTSXovTyIB7vQaIL0zvYP/xR5RfYuyGaWM
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
147.45.126.50 , Russian Federation, ASN215540 (GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP, GB),
Reverse DNS
43774.ip-ptr.tech
Software
nginx / PHP/8.3.13 PleskLin
Resource Hash
f1a91162bb98d6bce1b55dd16a961d121c07d87d7a6a48bb5b541bd8e7a536b1

Request headers

Referer
https://r.emailblue.hardbacon.ca/mk/cl/f/sh/7nVU1aA2nfsTSXovTyIB7vQaIL0zvYP/xR5RfYuyGaWM
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-length
7852
content-type
text/html; charset=UTF-8
date
Wed, 20 Nov 2024 08:51:52 GMT
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.3.13 PleskLin

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8e57335aba6fa255-YUL
content-type
text/html; charset=UTF-8
date
Wed, 20 Nov 2024 08:51:52 GMT
location
https://ledger-actuel-clearsign.com
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EG1b%2BF%2FUeV3xATseLbdGOMjtvk5nTkCRGv0in9xVht96Y8RAteI3uBFVfjyEauQ3MgDIZUzGbgFnBLFLfFP7hS5urgbX0hPmRwxym6Uj2YjUjBCdf%2BPNbJrws%2Feif4D466WIsbY2rCJQGkwwrX8aD1RNyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=TCP&rtt=15772&sent=8&recv=12&lost=0&retrans=0&sent_bytes=3970&recv_bytes=2308&delivery_rate=243888&cwnd=253&unsent_bytes=0&cid=08153dba3ec133ad&ts=270&x=0"
x-powered-by
PHP/8.3.13 PleskLin
all.css
ledger-actuel-clearsign.com/assets/ 		527 KB
245 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ledger-actuel-clearsign.com/assets/all.css?v=22242
Requested by
Host: ledger-actuel-clearsign.com
URL: https://ledger-actuel-clearsign.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
147.45.126.50 , Russian Federation, ASN215540 (GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP, GB),
Reverse DNS
43774.ip-ptr.tech
Software
nginx / PleskLin
Resource Hash
16bb9349be3ec2e7ae77fe74d212a9fc9fcc90d9648508bf9f47ba125c8508d8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ledger-actuel-clearsign.com/

Response headers

content-encoding
br
date
Wed, 20 Nov 2024 08:51:52 GMT
etag
W/"673d55d1-83ad9"
content-type
text/css
last-modified
Wed, 20 Nov 2024 03:21:53 GMT
server
nginx
x-powered-by
PleskLin
tabler-flags.min.css
cdn.jsdelivr.net/npm/@tabler/core@1.0.0-beta17/dist/css/ 		16 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/@tabler/core@1.0.0-beta17/dist/css/tabler-flags.min.css
Requested by
Host: ledger-actuel-clearsign.com
URL: https://ledger-actuel-clearsign.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2bf3d55743060b78c5353985c7b2f6e9dfe78a80fcbaae68c4e3565643df655a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ledger-actuel-clearsign.com/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"3e26-eVUhG+09kjEYgXHul87MuSyQW6w"
age
2353679
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Wed, 20 Nov 2024 08:51:52 GMT
content-type
text/css; charset=utf-8
x-served-by
cache-fra-etou8220152-FRA, cache-yul1970024-YUL
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
1257
x-jsd-version
1.0.0-beta17
Recover-X-coincover.png
ledger-wp-website-s3-prd.ledger.com/uploads/2023/03/
Redirect Chain
  • https://www.ledger.com/wp-content/uploads/2023/03/Recover-X-coincover.png
  • https://ledger-wp-website-s3-prd.ledger.com/uploads/2023/03/Recover-X-coincover.png
6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ledger-wp-website-s3-prd.ledger.com/uploads/2023/03/Recover-X-coincover.png
Requested by
Host: ledger-actuel-clearsign.com
URL: https://ledger-actuel-clearsign.com/
Protocol
H2
Server
2606:4700::6812:15c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c3fa3bed7b6ad01f1e21e09e957b87a1b7b5558c5434aa7224e6800c8af14492

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cf-bgj
imgq:100,h2pri
etag
"5eeea311b3bcfb87b05a632241a30e3e"
x-amz-version-id
_j_wEYUGgS49fUQ9Q9QMKfp4QaOV79If
cf-cache-status
HIT
age
29001
expires
Wed, 20 Nov 2024 12:51:52 GMT
cf-polished
origFmt=png, origSize=14352
date
Wed, 20 Nov 2024 08:51:52 GMT
content-type
image/webp
content-disposition
inline; filename="Recover-X-coincover.webp"
vary
Accept
last-modified
Mon, 04 Mar 2024 10:02:34 GMT
x-amz-id-2
KUrKHqLyFsrb2E9K94RjGsepJC2VdMynbgfn3Y8/lpcXRAJOLZn555/UY0j5uojWfAdYVFuGrzk=
x-amz-replication-status
COMPLETED
cache-control
public, max-age=14400
x-amz-request-id
01GA6F1T24DA7Q6T
cf-ray
8e5733602afca2c6-YUL
accept-ranges
bytes
content-length
5778
server
cloudflare
x-amz-server-side-encryption
AES256

Redirect headers

access-control-max-age
1728000
cf-cache-status
HIT
age
29001
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
expires
Wed, 20 Nov 2024 12:51:52 GMT
date
Wed, 20 Nov 2024 08:51:52 GMT
content-type
text/html
vary
Accept-Encoding
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
public, max-age=14400
location
https://ledger-wp-website-s3-prd.ledger.com/uploads/2023/03/Recover-X-coincover.png
access-control-allow-credentials
true
cf-ray
8e57335feae2a2c6-YUL
access-control-allow-origin
*
server
cloudflare
rcv.png
ledger-actuel-clearsign.com/assets/ 		627 KB
628 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ledger-actuel-clearsign.com/assets/rcv.png
Requested by
Host: ledger-actuel-clearsign.com
URL: https://ledger-actuel-clearsign.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
147.45.126.50 , Russian Federation, ASN215540 (GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP, GB),
Reverse DNS
43774.ip-ptr.tech
Software
nginx / PleskLin
Resource Hash
3897ab7614a8854eec84bd75838fa6e257b4d59f8af84c911ab8cf174b39b19a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

etag
"65dc6cbc-9caf1"
accept-ranges
bytes
content-length
641777
date
Wed, 20 Nov 2024 08:51:52 GMT
content-type
image/png
last-modified
Mon, 26 Feb 2024 10:49:32 GMT
server
nginx
x-powered-by
PleskLin
jquery-3.7.1.min.js
code.jquery.com/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.7.1.min.js
Requested by
Host: ledger-actuel-clearsign.com
URL: https://ledger-actuel-clearsign.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
etag
W/"28feccc0-155ed"
age
1272862
x-cache
HIT, HIT
date
Wed, 20 Nov 2024 08:51:52 GMT
content-type
application/javascript; charset=utf-8
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
x-cache-hits
180529, 10815
x-served-by
cache-lga21978-LGA, cache-yul1970080-YUL
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=604800
x-timer
S1732092713.958110,VS0,VE0
cross-origin-resource-policy
cross-origin
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
30336
server
nginx
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
24859811f0d8052e5979a146e00930a379b14745e480f40b20f1d9ccd79b99e0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
us.svg
cdn.jsdelivr.net/npm/@tabler/core@1.0.0-beta17/dist/img/flags/ 		6 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.jsdelivr.net/npm/@tabler/core@1.0.0-beta17/dist/img/flags/us.svg
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@tabler/core@1.0.0-beta17/dist/css/tabler-flags.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
db49bb7df4fabcd2d71d78376495747b9c978c06b6f6899ab95b61398f1d1c6e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://cdn.jsdelivr.net/npm/@tabler/core@1.0.0-beta17/dist/css/tabler-flags.min.css

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"1785-vgJJg25MAAFN5Ebs+Aodo7+Z55k"
age
897384
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Wed, 20 Nov 2024 08:51:53 GMT
content-type
image/svg+xml
x-served-by
cache-fra-eddf8230066-FRA, cache-yul1970024-YUL
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
1010
x-jsd-version
1.0.0-beta17

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Ledger (Crypto Exchange)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

3 Cookies

Domain/Path Name / Value
sibautomation.com/ Name: uuid
Value: 3a062cbb-fbed-4627-9631-0a8c66046846
.ledger.com/ Name: __cf_bm
Value: HgpPQOXB7GBn36qy.uaDALw73JTqUd0T9_TyFqezBg0-1732092712-1.0.1.1-NL7goS465gzVbiNHnhRpjTRRoH9XSuscjPOy8N.ZaYo9ffUJciYGRsJzgJKJX7ifi_2Jf9qj1Q_zrs9R9S.32Q
ledger-actuel-clearsign.com/ Name: preferredLanguage
Value: us

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1