vvx2eydhgz2.typeform.com Open in urlscan Pro
2606:4700::6812:1a47  Malicious Activity! Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request HmLe7FaH Show response vvx2eydhgz2.typeform.com/to/	46 KB 16 KB	510ms 472ms	Document text/html	2606:4700::6812:1a47 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://vvx2eydhgz2.typeform.com/to/HmLe7FaH Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a47 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / 3927-3.186.0 Resource Hash 7407afba751c12b93c6bb2a78466560ed3710a6d54a21f818fd8bffd6c78c951 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains Request headers :method GET :authority vvx2eydhgz2.typeform.com :scheme https :path /to/HmLe7FaH pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 29 Jan 2021 07:01:30 GMT content-type text/html; charset=utf-8 set-cookie __cfduid=d1719d5d29cbf3f391f982eab252cc36d1611903690; expires=Sun, 28-Feb-21 07:01:30 GMT; path=/; domain=.typeform.com; HttpOnly; SameSite=Lax; Secure age 3225 cache-control private, no-cache, no-store, max-age=0, must-revalidate content-security-policy-report-only report-uri https://endpoint2.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV13syWPqbJn9XwMGe4caaop-n9urcHvJLaMJIs-ysikqC26ja3rzeMNHUqlhJ6Jj32snr_AmKUAt2hrNPOgIYRfr_GPi-UndDkRUPtIQ-yZfA== ; default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' ; frame-ancestors https: ; pragma no-cache vary Accept-Encoding x-cache HIT x-cache-lookup HIT x-envoy-upstream-service-time 1 x-powered-by 3927-3.186.0 x-varnish 6188394 4785372 access-control-allow-methods GET, OPTIONS, POST, PUT, PATCH, DELETE access-control-allow-headers X-Typeform-Key, Content-Type, Authorization, Typeform-Version access-control-expose-headers Location, X-Request-Id strict-transport-security max-age=63072000; includeSubDomains x-newp Yes cf-cache-status DYNAMIC cf-request-id 07ee8b7ecc0000d70deb022000000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 619115114944d70d-FRA content-encoding gzip
GET H2	200	large images.typeform.com/images/BSJ9ugPHSMRV/background/	277 KB 278 KB	55ms 10ms	Image image/jpeg	2600:9000:2156:3600:8:2495:5540:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://images.typeform.com/images/BSJ9ugPHSMRV/background/large Requested by Host: vvx2eydhgz2.typeform.com URL: https://vvx2eydhgz2.typeform.com/to/HmLe7FaH Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:3600:8:2495:5540:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash e2cd0c494e2c0a192b2661e162d8f92cca5a9dba38f8b624f36fe6dc3c4ea2fb Security Headers Name Value Content-Security-Policy script-src 'self' Request headers Referer https://vvx2eydhgz2.typeform.com/to/HmLe7FaH User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 28 Jan 2021 13:44:47 GMT via 1.1 150f57582a5422af77de04444db8acf9.cloudfront.net (CloudFront), 1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront) age 62203 x-amzn-requestid 021acb34-b2d3-436c-be6d-17bb4f91a381 x-cache Hit from cloudfront content-type image/jpeg access-control-allow-origin * cache-control max-age=2592000 x-amzn-trace-id Root=1-6012bfcf-1b4ea06f70b2e00a1db49244;Sampled=0 content-security-policy script-src 'self' x-amz-cf-pop HAM50-C3, FRA50-C1 x-amz-apigw-id Z3LobGjKIAMFqzw= content-length 284143 x-amz-cf-id k-8dfIeXMs5O4aeO9PTUDH_sbimzyQ6ZKkgm2FDnkbn_CBIr8_3N1g==
POST H2	200	view-form-closed vvx2eydhgz2.typeform.com/forms/HmLe7FaH/insights/events/	2 B 163 B	409ms 409ms	Other application/json	2606:4700::6812:1a47 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://vvx2eydhgz2.typeform.com/forms/HmLe7FaH/insights/events/view-form-closed Requested by Host: vvx2eydhgz2.typeform.com URL: https://vvx2eydhgz2.typeform.com/to/HmLe7FaH Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a47 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains Request headers Referer https://vvx2eydhgz2.typeform.com/to/HmLe7FaH User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers date Fri, 29 Jan 2021 07:01:31 GMT cf-cache-status DYNAMIC server cloudflare x-newp Yes strict-transport-security max-age=63072000; includeSubDomains access-control-allow-methods GET, OPTIONS, POST, PUT, PATCH, DELETE content-type application/json; charset=utf-8 access-control-allow-origin https://vvx2eydhgz2.typeform.com expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" access-control-expose-headers Location, X-Request-Id x-envoy-upstream-service-time 26 cf-ray 619115145dded70d-FRA access-control-allow-headers X-Typeform-Key, Content-Type, Authorization, Typeform-Version content-length 2 cf-request-id 07ee8b80b70000d70d0eb00000000001

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| insights object| formViewTracker

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.typeform.com/	1970-01-19 16:28:15	Name: __cfduid Value: d1719d5d29cbf3f391f982eab252cc36d1611903690

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

images.typeform.com
vvx2eydhgz2.typeform.com
2600:9000:2156:3600:8:2495:5540:93a1
2606:4700::6812:1a47
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
7407afba751c12b93c6bb2a78466560ed3710a6d54a21f818fd8bffd6c78c951
e2cd0c494e2c0a192b2661e162d8f92cca5a9dba38f8b624f36fe6dc3c4ea2fb