pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev Open in urlscan Pro
2606:4700::6812:223 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/index.html
Submission: On August 09 via manual (August 9th 2023, 7:56:00 am UTC) from IN — Scanned from DE

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 2 countries across 7 domains to perform 17 HTTP transactions. The main IP is 2606:4700::6812:223, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev.
TLS certificate: Issued by E1 on June 15th 2023. Valid for: 3 months.

This is the only time pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700::68... 2606:4700::6812:223	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2a	20446 (STACKPATH...) (STACKPATH-CDN)
7	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:2800:233... 2606:2800:233:78b9:f44e:2c1f:31aa:d9ef	15133 (EDGECAST) (EDGECAST)
1	2606:2800:233... 2606:2800:233:b411:5612:27a2:d7a8:208d	15133 (EDGECAST) (EDGECAST)
1 3	2606:4700::68... 2606:4700::6811:3b8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.117.59.81 34.117.59.81	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2620:1ec:bdf::42 2620:1ec:bdf::42	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
17	9

1 2606:4700::6812:223 (United States)

ASN13335 (CLOUDFLARENET, US)

pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

codecrafters.su	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:233:78b9:f44e:2c1f:31aa:d9ef (United States)

ASN15133 (EDGECAST, US)

aadcdn.msftauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:b411:5612:27a2:d7a8:208d (United States)

ASN15133 (EDGECAST, US)

logincdn.msauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:3b8 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

challenges.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.59.81 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 81.59.117.34.bc.googleusercontent.com

ipinfo.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:bdf::42 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

aadcdn.msauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	codecrafters.su codecrafters.su	14 KB
3	cloudflare.com 1 redirects challenges.cloudflare.com — Cisco Umbrella Rank: 6398	10 KB
2	msauth.net logincdn.msauth.net — Cisco Umbrella Rank: 3823 aadcdn.msauth.net — Cisco Umbrella Rank: 1010	2 KB
2	msftauth.net aadcdn.msftauth.net — Cisco Umbrella Rank: 1032	4 KB
1	ipinfo.io ipinfo.io — Cisco Umbrella Rank: 6927	546 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 729	30 KB
1	r2.dev pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev	4 KB
17	7

	Domain	Requested by
7	codecrafters.su	pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev code.jquery.com
3	challenges.cloudflare.com	1 redirects pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev challenges.cloudflare.com
2	aadcdn.msftauth.net	pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev
1	aadcdn.msauth.net	codecrafters.su
1	ipinfo.io	code.jquery.com
1	logincdn.msauth.net	pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev
1	code.jquery.com	pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev
1	pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev
17	8

This site contains no links.

Subject Issuer	Validity	Valid
*.r2.dev E1	`2023-06-15` - `2023-09-13`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
codecrafters.su GTS CA 1P5	`2023-08-06` - `2023-11-04`	3 months	crt.sh
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA	`2023-01-31` - `2024-01-31`	a year	crt.sh
identitycdn.msauth.net Microsoft Azure TLS Issuing CA 06	`2022-08-23` - `2023-08-18`	a year	crt.sh
ipinfo.io R3	`2023-06-25` - `2023-09-23`	3 months	crt.sh
aadcdn.msauth.net DigiCert SHA2 Secure Server CA	`2023-07-29` - `2024-07-29`	a year	crt.sh
challenges.cloudflare.com Cloudflare Inc ECC CA-3	`2022-09-18` - `2023-09-17`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/index.html
Frame ID: 81BA982A7B959E183B80303D57AD9ED2
Requests: 16 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/es8py/0x4AAAAAAAIfa5LvC5PyuOIj/auto/normal
Frame ID: 2A7BDE609DA5F24C990EA8E79B1457D8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to your Microsoft account

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

88 %
HTTPS

88 %
IPv6

7
Domains

8
Subdomains

9
IPs

2
Countries

65 kB
Transfer

202 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP 302
https://challenges.cloudflare.com/turnstile/v0/g/74ac0d47/api.js?onload=onloadTurnstileCallback

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request index.html Show response
pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/ 23 KB
4 KB 285ms
198ms Document
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: feaff9371af4f97d5b6a58f4bfaf350d5c24af067b492bd37982ab481e17d686

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

CF-RAY: 7f3e70886eb037f2-FRA
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Wed, 09 Aug 2023 07:55:55 GMT
ETag: W/"fc9753a8b2c4863f921d8e8e7a1e1ce3"
Last-Modified: Wed, 09 Aug 2023 02:02:48 GMT
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 92ms
36ms Script
application/javascript 2001:4de0:ac18::1:a:2a
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev
URL: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 07:55:55 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-15d9d"
vary: Accept-Encoding
x-hw: 1691567755.dop264.fr8.t,1691567755.cds324.fr8.hn,1691567755.cds144.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H2 200 back.png
codecrafters.su/assets/ 231 B
735 B 86ms
29ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://codecrafters.su/assets/back.png
Requested by: Host: pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev
URL: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70e32b2db3f079bb0295a85a0db15ed9e5926294dd947938d6cfa595f5ab18b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 07:55:55 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5527
alt-svc: h3=":443"; ma=86400
content-length: 231
last-modified: Sun, 19 Mar 2023 15:20:17 GMT
server: cloudflare
etag: "e7-5f7425905ae40"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3J8YgUPggYFrNTcwt0eRax8YHsUDWKQ1XD2J9iUX3oZrAmpppgkenc5udAOciLuqj0%2BaSr95G2htH9HVS5dYDox2AN4lC4XePS4ljhcsBBd8qnGwHxsZrdjTq%2FM%2FzK8qvWGefsni0ddDWLAB0UM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7f3e708a1f2f91ef-FRA

GET
H2 200 key.png
codecrafters.su/assets/ 727 B
1 KB 27ms
25ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://codecrafters.su/assets/key.png
Requested by: Host: pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev
URL: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40ecb8832f6a9a8aaa0cc6e1287e867a4fca38433d091d86c6cab1f28fbab652

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 07:55:55 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5527
alt-svc: h3=":443"; ma=86400
content-length: 727
last-modified: Sun, 19 Mar 2023 15:20:17 GMT
server: cloudflare
etag: "2d7-5f7425905ae40"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tuTw0AspcDsAQvrQC7%2BZJzu%2FbibzujwjJaS1gqn3llWEv7yg7JbqkQA4wyGKWsPvo7DHXrpHxyLMPto7sRulNODC73fCc4H69RKOu43BIiGtyHIXgMg3XIuuUh42GF%2F%2FGAWEgxAhaaNsYASCfmU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7f3e708abfff91ef-FRA

GET
H2 200 picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
aadcdn.msftauth.net/shared/1.0/content/images/ 7 KB
2 KB 189ms
23ms Image
image/svg+xml 2606:2800:233:78b9:f44e:2c1f:31aa:d9ef
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
Requested by: Host: pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev
URL: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/index.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CE1) /
Resource Hash: a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 09 Aug 2023 07:55:56 GMT
content-encoding: gzip
content-md5: nTculR1Fom7eLci0F6rk+A==
age: 5999989
x-cache: HIT
content-length: 2407
x-ms-lease-status: unlocked
last-modified: Wed, 24 May 2023 10:11:51 GMT
server: ECAcc (frc/4CE1)
etag: 0x8DB5C3F4ADC079A
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 5fa84d31-801e-006c-5b05-9490f5000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 picker_verify_call_c2616792e1950f83fdef6e72dab97293.svg
aadcdn.msftauth.net/shared/1.0/content/images/ 3 KB
2 KB 187ms
21ms Image
image/svg+xml 2606:2800:233:78b9:f44e:2c1f:31aa:d9ef
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_call_c2616792e1950f83fdef6e72dab97293.svg
Requested by: Host: pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev
URL: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/index.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CF6) /
Resource Hash: 55ce3b0ce5bc71339308107982cd7671f96014256ded0be36dc8062e64c847f1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 09 Aug 2023 07:55:56 GMT
content-encoding: gzip
content-md5: XHrPYKKsqlxUvysuxtSE2A==
age: 5938282
x-cache: HIT
content-length: 1173
x-ms-lease-status: unlocked
last-modified: Wed, 24 May 2023 10:11:50 GMT
server: ECAcc (frc/4CF6)
etag: 0x8DB5C3F4A98E9BB
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: c90ed806-201e-007d-6094-94d1d0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 picker_verify_email_958962caa7cf6b75cd412e9e3b687b22.svg
logincdn.msauth.net/shared/1.0/content/images/ 268 B
689 B 204ms
20ms Image
image/svg+xml 2606:2800:233:b411:5612:27a2:d7a8:208d
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://logincdn.msauth.net/shared/1.0/content/images/picker_verify_email_958962caa7cf6b75cd412e9e3b687b22.svg
Requested by: Host: pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev
URL: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/index.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:b411:5612:27a2:d7a8:208d , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CE7) /
Resource Hash: b02b5df3ecd59d6cd90c60878683477532cbfc24660028657f290bdc7bc774b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 09 Aug 2023 07:55:56 GMT
content-encoding: gzip
content-md5: pFQUXilUkzYtIbvSwGgVBQ==
age: 5568597
x-cache: HIT
content-length: 212
x-ms-lease-status: unlocked
last-modified: Wed, 24 May 2023 10:21:22 GMT
server: ECAcc (frc/4CE7)
etag: 0x8DB5C409F549E50
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: a090b941-801e-0008-3df1-97f9aa000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2

200

api.js Show response
challenges.cloudflare.com/turnstile/v0/g/74ac0d47/
Redirect Chain

https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
https://challenges.cloudflare.com/turnstile/v0/g/74ac0d47/api.js?onload=onloadTurnstileCallback

27 KB
10 KB

50ms
45ms

Script
application/javascript

2606:4700::6811:3b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/g/74ac0d47/api.js?onload=onloadTurnstileCallback
Requested by: Host: pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev
URL: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/index.html
Protocol: H2
Server: 2606:4700::6811:3b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0f33190c14b543e76e11ab58c238e5d56508c3d0933c1cd7c64e478fedee376

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 07:55:56 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cf-ray: 7f3e708befe19b43-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Wed, 09 Aug 2023 07:55:56 GMT
server: cloudflare
vary: accept-encoding
location: /turnstile/v0/g/74ac0d47/api.js?onload=onloadTurnstileCallback
access-control-allow-origin: *
cache-control: max-age=300, public
cf-ray: 7f3e708baf8c9b43-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 QOccq2b8bnIImW5QOccq2b8bnIImW5.css
codecrafters.su/assets/pages/ 1 KB
751 B 133ms
117ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://codecrafters.su/assets/pages/QOccq2b8bnIImW5QOccq2b8bnIImW5.css?cb=1691567755831
Requested by: Host: pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev
URL: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7a6d2a3c45fe06e2662cf4dfecfdcc026d0f57da9c3e484f912c2bdf338d1d22

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 07:55:55 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 09 Aug 2023 02:34:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"4a3-6027453289686"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=opEb6c5ht3Vw2DiBnSJ26A7Lfsnv6bQMPVte79Ug%2F2Kft13EKhBhzeK7RETJOockgGNwykodwL%2Fhh%2FTSoEfPESOcHSLKe2XgYw2TqsNJ0f1TYZmHT%2Bd%2Bqmxbenwf6qKXDJe%2FskAuUBMwmjsGjD4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 7f3e708a1f2991ef-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 pages.min.css
codecrafters.su/assets/css/ 16 KB
4 KB 254ms
239ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://codecrafters.su/assets/css/pages.min.css?cb=1691567755831
Requested by: Host: pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev
URL: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c4e0c3b6b61a838deb4c5672c7e778194a90b2ac74c961e0393f0a81c033fbb2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 07:55:55 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 08 Aug 2023 23:06:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"3f18-6027169947793"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sfadnZ62YDm%2FGPyGjaJXXJ2zvIq03Pfwt3owOKXdBuWiHg827Rj%2BL%2Ba7htDJaoVmNMnxsqiQfN3cxPc7vWEDSMy6xg738Jujh9QFQ52VNmsEnieQdPZqBOx0RokmvQkr8TgnEDIlyUfKpGUQxwY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 7f3e708a1f2b91ef-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 pages.min.js Show response
codecrafters.su/assets/js/ 34 KB
5 KB 159ms
158ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://codecrafters.su/assets/js/pages.min.js?cb=1691567755831
Requested by: Host: pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev
URL: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d36cdcac75f48e5022fe448398b765f5da59b3754295211927f100d06706bb6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 07:55:56 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 08 Aug 2023 22:13:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"87c7-60270aab1bcea"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9dIwrPEgkmoHzNjQHC7YufX2ODcSkL7A5AWgywCJuMSlD%2BDcddlIbGkt9IUM1LAqYE19VBoOU%2BNZLwojnbHbhOZU%2FhkM7jq%2BRHulHx0u4fZseEJG5uaGxSKu5VdDdieZeKN%2Bx6copFtmQGwtjOc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 7f3e708ab80291ef-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 / Show response
ipinfo.io/ 299 B
546 B 292ms
140ms XHR
application/json 34.117.59.81
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://ipinfo.io/

Requested by

Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.0.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.117.59.81 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

81.59.117.34.bc.googleusercontent.com

Software

Resource Hash

296a10f7732c7a42814ee575a3ffbcbba661dfc0790a3b21b547e2f018e2f47c

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 07:55:56 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-encoding: gzip
via: 1.1 google
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block

POST
H2 200 info Show response
codecrafters.su/ 139 B
1 KB 506ms
359ms XHR
application/json 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://codecrafters.su/info
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.0.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.1.10
Resource Hash: c8b83194d47fd8994672ce15f47fca34558ba14c540a89e27914c35be487a8aa

Request headers

Accept: */*
Referer: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Wed, 09 Aug 2023 07:55:56 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/8.1.10
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b4Q2FH%2BEhq%2FYgOolHeCt%2Fbmn0%2Ft4v5nqMRPYsPd9gy70PhRnJd3%2FdGqfrMWx2gVcYT7n%2BiLM5IPZ0DjK%2FALRYXz9QJtHK7kp%2BgaKdtov1MqBqxfpFBjoHxgZR3OrZvMh6IZ5CHGiFe1dVDyeOCM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
cf-ray: 7f3e708b98809b8e-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
aadcdn.msauth.net/shared/1.0/content/images/backgrounds/ 2 KB
1 KB 180ms
26ms Image
image/svg+xml 2620:1ec:bdf::42
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
Requested by: Host: codecrafters.su
URL: https://codecrafters.su/assets/pages/QOccq2b8bnIImW5QOccq2b8bnIImW5.css?cb=1691567755831
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:bdf::42 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://codecrafters.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 09 Aug 2023 07:55:56 GMT
content-encoding: gzip
x-cache: TCP_HIT
content-length: 673
x-ms-lease-status: unlocked
last-modified: Wed, 24 May 2023 10:11:46 GMT
etag: 0x8DB5C3F47E260FD
x-azure-ref: 20230809T075556Z-z5r68d4xup64dct53qtcxerpms000000012000000003ckmn
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 4921500c-a01e-0009-0ea4-c84460000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

POST
H3 200 info Show response
codecrafters.su/ 1 B
1 KB 354ms
353ms XHR
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://codecrafters.su/info
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.0.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.1.10
Resource Hash: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Request headers

Accept: */*
Referer: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Wed, 09 Aug 2023 07:55:56 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/8.1.10
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jbrcK%2F4jPI8OeJTMoor3byLAllEVLddNgzxe%2BifYmu%2BRc6P4kf%2F%2BzP1hIedv7mqxW8OlPsYm9taueltibqFOp42AAVRBZh9C0GYmhTYyzFu1oAnYfqrq6x9XWxRfscA9mh9VRUtpvyciewyMheM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, private
cf-ray: 7f3e708c8cec1db0-FRA
alt-svc: h3=":443"; ma=86400

POST call
codecrafters.su/ 0
0

GET
H3 200 normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/es8py/0x4AAAAAAAIfa5LvC5PyuOIj/auto/ Frame 2A7B 0
0 34ms
33ms Document
text/html 2606:4700::6811:3b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/es8py/0x4AAAAAAAIfa5LvC5PyuOIj/auto/normal

Requested by

Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:3b8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-src https://challenges.cloudflare.com/; base-uri 'self'

Request headers

Referer: https://pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 7f3e70929b132c63-FRA
content-encoding: br
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Wed, 09 Aug 2023 07:55:57 GMT
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: codecrafters.su
URL: https://codecrafters.su/call

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msauth.net
aadcdn.msftauth.net
challenges.cloudflare.com
code.jquery.com
codecrafters.su
ipinfo.io
logincdn.msauth.net
pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev
codecrafters.su
2001:4de0:ac18::1:a:2a
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef
2606:2800:233:b411:5612:27a2:d7a8:208d
2606:4700::6811:3b8
2606:4700::6812:223
2620:1ec:bdf::42
2a06:98c1:3121::3
34.117.59.81
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
296a10f7732c7a42814ee575a3ffbcbba661dfc0790a3b21b547e2f018e2f47c
40ecb8832f6a9a8aaa0cc6e1287e867a4fca38433d091d86c6cab1f28fbab652
55ce3b0ce5bc71339308107982cd7671f96014256ded0be36dc8062e64c847f1
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d36cdcac75f48e5022fe448398b765f5da59b3754295211927f100d06706bb6
70e32b2db3f079bb0295a85a0db15ed9e5926294dd947938d6cfa595f5ab18b4
7a6d2a3c45fe06e2662cf4dfecfdcc026d0f57da9c3e484f912c2bdf338d1d22
a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8
b02b5df3ecd59d6cd90c60878683477532cbfc24660028657f290bdc7bc774b5
c4e0c3b6b61a838deb4c5672c7e778194a90b2ac74c961e0393f0a81c033fbb2
c8b83194d47fd8994672ce15f47fca34558ba14c540a89e27914c35be487a8aa
e0f33190c14b543e76e11ab58c238e5d56508c3d0933c1cd7c64e478fedee376
feaff9371af4f97d5b6a58f4bfaf350d5c24af067b492bd37982ab481e17d686
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev Open in urlscan Pro 2606:4700::6812:223 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

17 Requests

88 %HTTPS

88 %IPv6

7 Domains

8 Subdomains

9 IPs

2 Countries

65 kBTransfer

202 kBSize

0 Cookies

0 Outgoing links

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

32 JavaScript Global Variables

0 Cookies

Indicators

pub-5ecf8dfe386f493dae34d40b38324b16.r2.dev Open in urlscan Pro
2606:4700::6812:223 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

88 %
HTTPS

88 %
IPv6

7
Domains

8
Subdomains

9
IPs

2
Countries

65 kB
Transfer

202 kB
Size

0
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!