cin.xux.win Open in urlscan Pro
2606:4700:3036::6815:5679 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cin.xux.win/allianz/Service/login/3D.html
Submission: On November 29 via automatic, source openphish (November 29th 2021, 2:01:48 am UTC) — Scanned from DE

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 2606:4700:3036::6815:5679, located in United States and belongs to CLOUDFLARENET, US. The main domain is cin.xux.win.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 21st 2021. Valid for: a year.

This is the only time cin.xux.win was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:303... 2606:4700:3036::6815:5679	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	193.41.190.166 193.41.190.166	16193 (BORICA-AD) (BORICA-AD)
8	2

1 2606:4700:3036::6815:5679 (United States)

ASN13335 (CLOUDFLARENET, US)

cin.xux.win	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 193.41.190.166 (Bulgaria)

ASN16193 (BORICA-AD, BG)
PTR: net190-host166.borica.bg

3ds.borica.bg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	borica.bg 3ds.borica.bg	14 KB
1	xux.win cin.xux.win	2 KB
8	2

	Domain	Requested by
7	3ds.borica.bg	cin.xux.win
1	cin.xux.win
8	2

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-01-21` - `2022-01-20`	a year	crt.sh
3ds.borica.bg Thawte EV RSA CA 2018	`2021-09-20` - `2022-10-21`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://cin.xux.win/allianz/Service/login/3D.html
Frame ID: 18239622C3CE1BD2A7B2D8EF5B039127
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

3-D Secure регистрация

Page Statistics

8
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

16 kB
Transfer

14 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 3D.html Show response
cin.xux.win/allianz/Service/login/ 5 KB
2 KB 206ms
180ms Document
text/html 2606:4700:3036::6815:5679
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cin.xux.win/allianz/Service/login/3D.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:5679 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3fb2339635f8e8e6e629cc90a63e217a3c091b97386b725a7cda435411e3805d

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Mon, 29 Nov 2021 02:01:43 GMT
content-type: text/html
last-modified: Sun, 28 Nov 2021 13:31:12 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y0DYBdesx6i1k8zwDlYB%2BBHx6I8yeJvEivZzaGHPRGWFM9ZnA2hQ8w7rbJtG7xyNX9FsC7O3EEMvMf4aa%2B2QK2lmp3I14dvCRJxFSVUBDYhutuzkTsAYS0CHL5EI4Cge7%2B1rq7Ix16%2Bb2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6b583fee79fe0605-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H/1.1 200
200 style.css
3ds.borica.bg/auth/common/ 5 KB
6 KB 317ms
70ms Stylesheet
text/css 193.41.190.166
BORICA-AD

General

Check archive.org

Show headers Download Go to

Full URL

https://3ds.borica.bg/auth/common/style.css

Requested by

Host: cin.xux.win
URL: https://cin.xux.win/allianz/Service/login/3D.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.41.190.166 , Bulgaria, ASN16193 (BORICA-AD, BG),

Reverse DNS

net190-host166.borica.bg

Software

Apache /

Resource Hash

97bc6fbda88ef0190d83c49e9958375ca4e51c978e31e68c74109691432ec5b7

Security Headers

Name	Value
Content-Security-Policy	default-src https: wss: 'self'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: data: 'unsafe-inline'; font-src data: https:; img-src data: https:; frame-ancestors 'self' https:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cin.xux.win/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 02:01:43 GMT
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Connection: Keep-Alive
Content-Length: 5009
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 05 Aug 2021 19:14:34 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: W/"5009-1628190874000"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Content-Security-Policy: default-src https: wss: 'self'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: data: 'unsafe-inline'; font-src data: https:; img-src data: https:; frame-ancestors 'self' https:
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
200 enroll.css
3ds.borica.bg/auth/common/ 138 B
883 B 313ms
67ms Stylesheet
text/css 193.41.190.166
BORICA-AD

General

Check archive.org

Show headers Download Go to

Full URL

https://3ds.borica.bg/auth/common/enroll.css

Requested by

Host: cin.xux.win
URL: https://cin.xux.win/allianz/Service/login/3D.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.41.190.166 , Bulgaria, ASN16193 (BORICA-AD, BG),

Reverse DNS

net190-host166.borica.bg

Software

Apache /

Resource Hash

b5fc589379a01bac4630e781f1bfd8c10af95143b6964a9c86aeec6fc8e577f7

Security Headers

Name	Value
Content-Security-Policy	default-src https: wss: 'self'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: data: 'unsafe-inline'; font-src data: https:; img-src data: https:; frame-ancestors 'self' https:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cin.xux.win/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 02:01:43 GMT
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Connection: Keep-Alive
Content-Length: 138
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 05 Aug 2021 19:14:34 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: W/"138-1628190874000"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Content-Security-Policy: default-src https: wss: 'self'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: data: 'unsafe-inline'; font-src data: https:; img-src data: https:; frame-ancestors 'self' https:
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
200 ALLIANZ_logo.png
3ds.borica.bg/auth/images/ 2 KB
3 KB 287ms
39ms Image
image/png 193.41.190.166
BORICA-AD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3ds.borica.bg/auth/images/ALLIANZ_logo.png

Requested by

Host: cin.xux.win
URL: https://cin.xux.win/allianz/Service/login/3D.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.41.190.166 , Bulgaria, ASN16193 (BORICA-AD, BG),

Reverse DNS

net190-host166.borica.bg

Software

Apache /

Resource Hash

c722df691d377e2f49bbbc7852b90ff9c1833a1d129faaa06a0722e928bbf198

Security Headers

Name	Value
Content-Security-Policy	default-src https: wss: 'self'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: data: 'unsafe-inline'; font-src data: https:; img-src data: https:; frame-ancestors 'self' https:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cin.xux.win/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 02:01:43 GMT
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Connection: Keep-Alive
Content-Length: 2348
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 05 Aug 2021 19:14:34 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: W/"2348-1628190874000"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Content-Security-Policy: default-src https: wss: 'self'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: data: 'unsafe-inline'; font-src data: https:; img-src data: https:; frame-ancestors 'self' https:
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
200 bg.gif
3ds.borica.bg/auth/images/flags/ 360 B
1 KB 318ms
71ms Image
image/gif 193.41.190.166
BORICA-AD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3ds.borica.bg/auth/images/flags/bg.gif

Requested by

Host: cin.xux.win
URL: https://cin.xux.win/allianz/Service/login/3D.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.41.190.166 , Bulgaria, ASN16193 (BORICA-AD, BG),

Reverse DNS

net190-host166.borica.bg

Software

Apache /

Resource Hash

fa09df2be059aa0474c30dd564712625ad7d84f29129e253cad99673cce107a6

Security Headers

Name	Value
Content-Security-Policy	default-src https: wss: 'self'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: data: 'unsafe-inline'; font-src data: https:; img-src data: https:; frame-ancestors 'self' https:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cin.xux.win/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 02:01:43 GMT
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Connection: Keep-Alive
Content-Length: 360
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 05 Aug 2021 19:14:34 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: W/"360-1628190874000"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif
Content-Security-Policy: default-src https: wss: 'self'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: data: 'unsafe-inline'; font-src data: https:; img-src data: https:; frame-ancestors 'self' https:
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
200 en.gif
3ds.borica.bg/auth/images/flags/ 382 B
1 KB 319ms
37ms Image
image/gif 193.41.190.166
BORICA-AD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3ds.borica.bg/auth/images/flags/en.gif

Requested by

Host: cin.xux.win
URL: https://cin.xux.win/allianz/Service/login/3D.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.41.190.166 , Bulgaria, ASN16193 (BORICA-AD, BG),

Reverse DNS

net190-host166.borica.bg

Software

Apache /

Resource Hash

f63bb4cf2dbd735f91061bff9ac78995ccf05d943a8e32447bb68b4ccc5f6213

Security Headers

Name	Value
Content-Security-Policy	default-src https: wss: 'self'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: data: 'unsafe-inline'; font-src data: https:; img-src data: https:; frame-ancestors 'self' https:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cin.xux.win/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 02:01:43 GMT
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Connection: Keep-Alive
Content-Length: 382
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 05 Aug 2021 19:14:34 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: W/"382-1628190874000"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif
Content-Security-Policy: default-src https: wss: 'self'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: data: 'unsafe-inline'; font-src data: https:; img-src data: https:; frame-ancestors 'self' https:
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
200 bg.gif
3ds.borica.bg/auth/images/flags/ 360 B
1 KB 36ms
36ms Image
image/gif 193.41.190.166
BORICA-AD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3ds.borica.bg/auth/images/flags/bg.gif

Requested by

Host: cin.xux.win
URL: https://cin.xux.win/allianz/Service/login/3D.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.41.190.166 , Bulgaria, ASN16193 (BORICA-AD, BG),

Reverse DNS

net190-host166.borica.bg

Software

Apache /

Resource Hash

fa09df2be059aa0474c30dd564712625ad7d84f29129e253cad99673cce107a6

Security Headers

Name	Value
Content-Security-Policy	default-src https: wss: 'self'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: data: 'unsafe-inline'; font-src data: https:; img-src data: https:; frame-ancestors 'self' https:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cin.xux.win/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 02:01:43 GMT
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Connection: Keep-Alive
Content-Length: 360
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 05 Aug 2021 19:14:34 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: W/"360-1628190874000"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif
Content-Security-Policy: default-src https: wss: 'self'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: data: 'unsafe-inline'; font-src data: https:; img-src data: https:; frame-ancestors 'self' https:
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99

GET
H/1.1 200
200 en.gif
3ds.borica.bg/auth/images/flags/ 382 B
1 KB 36ms
36ms Image
image/gif 193.41.190.166
BORICA-AD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3ds.borica.bg/auth/images/flags/en.gif

Requested by

Host: cin.xux.win
URL: https://cin.xux.win/allianz/Service/login/3D.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.41.190.166 , Bulgaria, ASN16193 (BORICA-AD, BG),

Reverse DNS

net190-host166.borica.bg

Software

Apache /

Resource Hash

f63bb4cf2dbd735f91061bff9ac78995ccf05d943a8e32447bb68b4ccc5f6213

Security Headers

Name	Value
Content-Security-Policy	default-src https: wss: 'self'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: data: 'unsafe-inline'; font-src data: https:; img-src data: https:; frame-ancestors 'self' https:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cin.xux.win/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 02:01:43 GMT
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Connection: Keep-Alive
Content-Length: 382
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 05 Aug 2021 19:14:34 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: W/"382-1628190874000"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif
Content-Security-Policy: default-src https: wss: 'self'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: data: 'unsafe-inline'; font-src data: https:; img-src data: https:; frame-ancestors 'self' https:
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3ds.borica.bg
cin.xux.win
193.41.190.166
2606:4700:3036::6815:5679
3fb2339635f8e8e6e629cc90a63e217a3c091b97386b725a7cda435411e3805d
97bc6fbda88ef0190d83c49e9958375ca4e51c978e31e68c74109691432ec5b7
b5fc589379a01bac4630e781f1bfd8c10af95143b6964a9c86aeec6fc8e577f7
c722df691d377e2f49bbbc7852b90ff9c1833a1d129faaa06a0722e928bbf198
f63bb4cf2dbd735f91061bff9ac78995ccf05d943a8e32447bb68b4ccc5f6213
fa09df2be059aa0474c30dd564712625ad7d84f29129e253cad99673cce107a6

cin.xux.win Open in urlscan Pro 2606:4700:3036::6815:5679 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

8 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

16 kBTransfer

14 kBSize

0 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

0 Cookies

Indicators

cin.xux.win Open in urlscan Pro
2606:4700:3036::6815:5679 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

16 kB
Transfer

14 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions