urlscan.io logo urlscan.io
SecurityTrails logo

micr-sftolnine.xyz Open in urlscan Pro
2a06:98c1:3120::3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.followmyhealth.com/PatientAccess?Organization=//13630bs3.ruthcaprow.com%2FYmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl??&In...
Effective URL: https://micr-sftolnine.xyz/Mbart.decoster@adsanddata.be
Submission: On March 21 via manual from BE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 4 domains to perform 11 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is micr-sftolnine.xyz.
TLS certificate: Issued by GTS CA 1P5 on March 6th 2024. Valid for: 3 months.
This is the only time micr-sftolnine.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

IP Address AS Autonomous System
2 2 52.240.136.216 8075 (MICROSOFT...)
1 2 199.204.248.133 11989 (WEBINT)
1 8 2a06:98c1:312... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
11 4
Apex Domain
Subdomains		 Transfer
8 micr-sftolnine.xyz
micr-sftolnine.xyz
188 KB
2 cloudflare.com
challenges.cloudflare.com — Cisco Umbrella Rank: 3998
13 KB
2 ruthcaprow.com
13630bs3.ruthcaprow.com
1 KB
2 followmyhealth.com
www.followmyhealth.com — Cisco Umbrella Rank: 194387
3 KB
11 4
Domain Requested by
8 micr-sftolnine.xyz 1 redirects 13630bs3.ruthcaprow.com
micr-sftolnine.xyz
2 challenges.cloudflare.com micr-sftolnine.xyz
challenges.cloudflare.com
2 13630bs3.ruthcaprow.com 1 redirects
2 www.followmyhealth.com 2 redirects
11 4

This site contains links to these domains. Also see Links.

Domain
www.cloudflare.com
Subject Issuer Validity Valid
*.ruthcaprow.com
ZeroSSL RSA Domain Secure Site CA		 2024-02-18 -
2024-05-18		 3 months crt.sh
micr-sftolnine.xyz
GTS CA 1P5		 2024-03-06 -
2024-06-04		 3 months crt.sh
challenges.cloudflare.com
Cloudflare Inc ECC CA-3		 2023-08-18 -
2024-08-17		 a year crt.sh

This page contains 2 frames:

Primary Page: https://micr-sftolnine.xyz/Mbart.decoster@adsanddata.be
Frame ID: A56953CAB6AD36614DB30DB0C9B51DF3
Requests: 10 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/lfdxi/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Frame ID: 4DC38D37C9CD404BE3F32BAA5C3445C6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Just a moment...

Page URL History Show full URLs

  1. https://www.followmyhealth.com/PatientAccess?Organization=//13630bs3.ruthcaprow.com%2FYmFydC5kZWNvc3RlckBhZ... HTTP 302
    https://www.followmyhealth.com/Login/App/PatientAccess?invite=9MnjZPjvSBkWo1AJg0Su4CMECM3Gy2EqMLythemnkfrUi... HTTP 302
    http://13630bs3.ruthcaprow.com/YmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl??.followmyhealth.com/Login/App/PatientA... HTTP 301
    https://13630bs3.ruthcaprow.com/YmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl??.followmyhealth.com/Login/App/PatientA... Page URL
  2. https://micr-sftolnine.xyz/Mbart.decoster@adsanddata.be Page URL
  3. https://micr-sftolnine.xyz/cdn-cgi/phish-bypass?atok=rlChamMpvcDJ_Oe3hIPDCp4KXmrjB6V7f8XszORTDe8-171106... HTTP 301
    https://micr-sftolnine.xyz/Mbart.decoster@adsanddata.be Page URL

Page Statistics

11
Requests

91 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

1
Countries

201 kB
Transfer

622 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.followmyhealth.com/PatientAccess?Organization=//13630bs3.ruthcaprow.com%2FYmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl??&Invite=9MnjZPjvSBkWo1AJg0Su4CMECM3Gy2EqMLythemnkfrUifOZKY6iVLesbc/wYCFYSg4z04xrxoVh+YBkzkGlbNg6ZfZpnz2Fxa8Lq5YeHuI= HTTP 302
    https://www.followmyhealth.com/Login/App/PatientAccess?invite=9MnjZPjvSBkWo1AJg0Su4CMECM3Gy2EqMLythemnkfrUifOZKY6iVLesbc%2FwYCFYSg4z04xrxoVh%20YBkzkGlbNg6ZfZpnz2Fxa8Lq5YeHuI%3D&organization=%2F%2F13630bs3.ruthcaprow.com%2FYmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl%3F%3F HTTP 302
    http://13630bs3.ruthcaprow.com/YmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl??.followmyhealth.com/Login/App/PatientAccess?invite=9MnjZPjvSBkWo1AJg0Su4CMECM3Gy2EqMLythemnkfrUifOZKY6iVLesbc%2fwYCFYSg4z04xrxoVh+YBkzkGlbNg6ZfZpnz2Fxa8Lq5YeHuI%3d&organization=%2f%2f13630bs3.ruthcaprow.com%2fYmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl%3f%3f HTTP 301
    https://13630bs3.ruthcaprow.com/YmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl??.followmyhealth.com/Login/App/PatientAccess?invite=9MnjZPjvSBkWo1AJg0Su4CMECM3Gy2EqMLythemnkfrUifOZKY6iVLesbc%2fwYCFYSg4z04xrxoVh+YBkzkGlbNg6ZfZpnz2Fxa8Lq5YeHuI%3d&organization=%2f%2f13630bs3.ruthcaprow.com%2fYmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl%3f%3f Page URL
  2. https://micr-sftolnine.xyz/Mbart.decoster@adsanddata.be Page URL
  3. https://micr-sftolnine.xyz/cdn-cgi/phish-bypass?atok=rlChamMpvcDJ_Oe3hIPDCp4KXmrjB6V7f8XszORTDe8-1711063301-0.0.1.1-%2FMbart.decoster%40adsanddata.be HTTP 301
    https://micr-sftolnine.xyz/Mbart.decoster@adsanddata.be Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://www.followmyhealth.com/PatientAccess?Organization=//13630bs3.ruthcaprow.com%2FYmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl??&Invite=9MnjZPjvSBkWo1AJg0Su4CMECM3Gy2EqMLythemnkfrUifOZKY6iVLesbc/wYCFYSg4z04xrxoVh+YBkzkGlbNg6ZfZpnz2Fxa8Lq5YeHuI= HTTP 302
  • https://www.followmyhealth.com/Login/App/PatientAccess?invite=9MnjZPjvSBkWo1AJg0Su4CMECM3Gy2EqMLythemnkfrUifOZKY6iVLesbc%2FwYCFYSg4z04xrxoVh%20YBkzkGlbNg6ZfZpnz2Fxa8Lq5YeHuI%3D&organization=%2F%2F13630bs3.ruthcaprow.com%2FYmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl%3F%3F HTTP 302
  • http://13630bs3.ruthcaprow.com/YmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl??.followmyhealth.com/Login/App/PatientAccess?invite=9MnjZPjvSBkWo1AJg0Su4CMECM3Gy2EqMLythemnkfrUifOZKY6iVLesbc%2fwYCFYSg4z04xrxoVh+YBkzkGlbNg6ZfZpnz2Fxa8Lq5YeHuI%3d&organization=%2f%2f13630bs3.ruthcaprow.com%2fYmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl%3f%3f HTTP 301
  • https://13630bs3.ruthcaprow.com/YmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl??.followmyhealth.com/Login/App/PatientAccess?invite=9MnjZPjvSBkWo1AJg0Su4CMECM3Gy2EqMLythemnkfrUifOZKY6iVLesbc%2fwYCFYSg4z04xrxoVh+YBkzkGlbNg6ZfZpnz2Fxa8Lq5YeHuI%3d&organization=%2f%2f13630bs3.ruthcaprow.com%2fYmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl%3f%3f

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
YmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl
13630bs3.ruthcaprow.com/
Redirect Chain
  • https://www.followmyhealth.com/PatientAccess?Organization=//13630bs3.ruthcaprow.com%2FYmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl??&Invite=9MnjZPjvSBkWo1AJg0Su4CMECM3Gy2EqMLythemnkfrUifOZKY6iVLesbc/wYCFYS...
  • https://www.followmyhealth.com/Login/App/PatientAccess?invite=9MnjZPjvSBkWo1AJg0Su4CMECM3Gy2EqMLythemnkfrUifOZKY6iVLesbc%2FwYCFYSg4z04xrxoVh%20YBkzkGlbNg6ZfZpnz2Fxa8Lq5YeHuI%3D&organization=%2F%2F1...
  • http://13630bs3.ruthcaprow.com/YmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl??.followmyhealth.com/Login/App/PatientAccess?invite=9MnjZPjvSBkWo1AJg0Su4CMECM3Gy2EqMLythemnkfrUifOZKY6iVLesbc%2fwYCFYSg4z04xrxoV...
  • https://13630bs3.ruthcaprow.com/YmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl??.followmyhealth.com/Login/App/PatientAccess?invite=9MnjZPjvSBkWo1AJg0Su4CMECM3Gy2EqMLythemnkfrUifOZKY6iVLesbc%2fwYCFYSg4z04xrxo...
122 B
590 B 		Document
General
Check archive.org
Download Go to
Full URL
https://13630bs3.ruthcaprow.com/YmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl??.followmyhealth.com/Login/App/PatientAccess?invite=9MnjZPjvSBkWo1AJg0Su4CMECM3Gy2EqMLythemnkfrUifOZKY6iVLesbc%2fwYCFYSg4z04xrxoVh+YBkzkGlbNg6ZfZpnz2Fxa8Lq5YeHuI%3d&organization=%2f%2f13630bs3.ruthcaprow.com%2fYmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl%3f%3f
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.204.248.133 , United States, ASN11989 (WEBINT, US),
Reverse DNS
cp22.machighway.com
Software
Apache/2.4.51 (cPanel) OpenSSL/1.1.1l mod_bwlimited/1.4 / PHP/5.5.38
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
Keep-Alive
Content-Type
text/html
Date
Thu, 21 Mar 2024 23:21:01 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=100
Pragma
no-cache
Server
Apache/2.4.51 (cPanel) OpenSSL/1.1.1l mod_bwlimited/1.4
Transfer-Encoding
chunked
X-Powered-By
PHP/5.5.38

Redirect headers

Connection
Keep-Alive
Content-Length
533
Content-Type
text/html; charset=iso-8859-1
Date
Thu, 21 Mar 2024 23:21:01 GMT
Keep-Alive
timeout=5, max=100
Location
https://13630bs3.ruthcaprow.com/YmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl??.followmyhealth.com/Login/App/PatientAccess?invite=9MnjZPjvSBkWo1AJg0Su4CMECM3Gy2EqMLythemnkfrUifOZKY6iVLesbc%2fwYCFYSg4z04xrxoVh+YBkzkGlbNg6ZfZpnz2Fxa8Lq5YeHuI%3d&organization=%2f%2f13630bs3.ruthcaprow.com%2fYmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl%3f%3f
Server
Apache/2.4.51 (cPanel) OpenSSL/1.1.1l mod_bwlimited/1.4
Mbart.decoster@adsanddata.be
micr-sftolnine.xyz/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://micr-sftolnine.xyz/Mbart.decoster@adsanddata.be
Requested by
Host: 13630bs3.ruthcaprow.com
URL: https://13630bs3.ruthcaprow.com/YmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl??.followmyhealth.com/Login/App/PatientAccess?invite=9MnjZPjvSBkWo1AJg0Su4CMECM3Gy2EqMLythemnkfrUifOZKY6iVLesbc%2fwYCFYSg4z04xrxoVh+YBkzkGlbNg6ZfZpnz2Fxa8Lq5YeHuI%3d&organization=%2f%2f13630bs3.ruthcaprow.com%2fYmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl%3f%3f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
da3bc53e87260ccc6d8fd21271d20bffb6cd062bf9d2222f2cbfa511141d9b6a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://13630bs3.ruthcaprow.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cf-ray
8681ae040d091909-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 21 Mar 2024 23:21:41 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6C8I2rc%2FvVHIaTYtoqeCRTQNB5rAKpVpxRc%2BMMfFZhdd%2BH8giY3aBGBy9CqrN7RwSJoAMNM5kaFteLxqzQuyiAdcFJ%2Bfmaq6AMryPYHM5AOCn0tK4erdbo6yzH%2Fq5Jd811laRv5J3045C9aVTcxsoxo%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
cf.errors.css
micr-sftolnine.xyz/cdn-cgi/styles/ 		24 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://micr-sftolnine.xyz/cdn-cgi/styles/cf.errors.css
Requested by
Host: micr-sftolnine.xyz
URL: https://micr-sftolnine.xyz/Mbart.decoster@adsanddata.be
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://micr-sftolnine.xyz/Mbart.decoster@adsanddata.be
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 23:21:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 15 Mar 2024 16:05:18 GMT
server
cloudflare
etag
W/"65f471be-5e44"
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=7200, public
cf-ray
8681ae041d1b1909-FRA
expires
Fri, 22 Mar 2024 01:21:41 GMT
icon-exclamation.png
micr-sftolnine.xyz/cdn-cgi/images/ 		452 B
540 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://micr-sftolnine.xyz/cdn-cgi/images/icon-exclamation.png?1376755637
Requested by
Host: micr-sftolnine.xyz
URL: https://micr-sftolnine.xyz/cdn-cgi/styles/cf.errors.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://micr-sftolnine.xyz/cdn-cgi/styles/cf.errors.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 23:21:41 GMT
x-content-type-options
nosniff
last-modified
Fri, 15 Mar 2024 16:05:18 GMT
server
cloudflare
etag
"65f471be-1c4"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=7200, public
accept-ranges
bytes
cf-ray
8681ae042d311909-FRA
content-length
452
expires
Fri, 22 Mar 2024 01:21:41 GMT
Primary Request Mbart.decoster@adsanddata.be
micr-sftolnine.xyz/
Redirect Chain
  • https://micr-sftolnine.xyz/cdn-cgi/phish-bypass?atok=rlChamMpvcDJ_Oe3hIPDCp4KXmrjB6V7f8XszORTDe8-1711063301-0.0.1.1-%2FMbart.decoster%40adsanddata.be
  • https://micr-sftolnine.xyz/Mbart.decoster@adsanddata.be
15 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://micr-sftolnine.xyz/Mbart.decoster@adsanddata.be
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
40badfab315de4b35b218925989a8dfd4a83a42e354c571f98e0c202cc16c1d6
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://micr-sftolnine.xyz/Mbart.decoster@adsanddata.be
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
alt-svc
h3=":443"; ma=86400
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-chl-out
0FbQzKvo0Jorve6cLAo7+hsohldrobHB9NZyUcX+cmBmtvlOuDmVk/RiLxMNVShO6tvKBSPSJ37WS+oZNZkxs0V+qzqMyrVlvLlRRqjQIY7CTfDg99GrweS1JJL3eutXAn5RlTauT+GqZSuQ0VQPwA==$IQNX151y5XSq4VL98M2zFQ==
cf-mitigated
challenge
cf-ray
8681ae229dac1909-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Thu, 21 Mar 2024 23:21:46 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
origin-agent-cluster
?1
permissions-policy
accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy
same-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FPMDV5IejOt9My6%2B%2FFrypXQ91gH5yVSpdTFLnNlsdXCUm1dOtVfee0e47lFL20nRXWHH8oe1piFLmf95h%2BFnw9PjoviwbVZbQL6lflXs5d278ht9CKMCJ9CYBXxNv8Wm5b6q74K92X5y8y26u6VYhVE%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN

Redirect headers

cache-control
private, no-cache
cf-ray
8681ae228daa1909-FRA
content-length
167
content-type
text/html
date
Thu, 21 Mar 2024 23:21:46 GMT
location
https://micr-sftolnine.xyz/Mbart.decoster@adsanddata.be
server
cloudflare
x-content-type-options
nosniff
x-frame-options
DENY
v1
micr-sftolnine.xyz/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/ 		509 KB
145 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://micr-sftolnine.xyz/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8681ae229dac1909
Requested by
Host: micr-sftolnine.xyz
URL: https://micr-sftolnine.xyz/Mbart.decoster@adsanddata.be
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5ef4567d2a021e33065e7731daaa4631b5bf79397e0d4645eead65e1d2fc8c1c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://micr-sftolnine.xyz/Mbart.decoster@adsanddata.be?__cf_chl_rt_tk=qD.742RugQm9SKOY6RFCU9jWUPMNeUBHPT3jgLCRdb8-1711063306-0.0.1.1-1663
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 23:21:46 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eVu1YclCWK4lHG4dwWTlnsvhYEORkSIUfaIWZWCqpOvmUGNpfS4EJ5ypmoH3ak%2Bi7Br68sDjW5Rg0gke1WPmvObcU66ar6V6HVsyxSQFMHAPrvcjU4CbLU0WyYXX7LTkYB5o0UO%2FnvRdQjnWdps%2FEu4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
8681ae22cdd01909-FRA
alt-svc
h3=":443"; ma=86400
api.js
challenges.cloudflare.com/turnstile/v0/b/de9364586261/ 		39 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://challenges.cloudflare.com/turnstile/v0/b/de9364586261/api.js?onload=xtIF7&render=explicit
Requested by
Host: micr-sftolnine.xyz
URL: https://micr-sftolnine.xyz/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8681ae229dac1909
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7fd64c048d2fb9b5cfd0dd35e5b5bfc7d149b301dac2a0f0dc5bf1f13add1008

Request headers

Referer
Origin
https://micr-sftolnine.xyz
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 23:21:46 GMT
content-encoding
br
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000
cross-origin-resource-policy
cross-origin
cf-ray
8681ae2348cd0368-FRA
alt-svc
h3=":443"; ma=86400
favicon.ico
micr-sftolnine.xyz/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://micr-sftolnine.xyz/favicon.ico
Requested by
Host: micr-sftolnine.xyz
URL: https://micr-sftolnine.xyz/Mbart.decoster@adsanddata.be
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f5c1e9dbe64432b33d0bcfa5511bc2114052c76849faad4b7a8c4f5e00b8748b
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://micr-sftolnine.xyz/Mbart.decoster@adsanddata.be
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 23:21:46 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
same-origin
alt-svc
h3=":443"; ma=86400
cf-chl-out
HiOnMwX9NiaecGdQgMflmP0E/94hMH+95RGrJ3oN83p/h2kpGaFzFkQzrXpKcgp8TH8L14/jL9xzr2LB04xQPwlCLx4ux3oWVSCJKz79v6vgfOssEVxETe3gWA7F+QKkG/aJLwiFPWLdQW2SZKa4rQ==$PtRQzM5u8an9E1KDyPkIkg==
referrer-policy
same-origin
accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-opener-policy
same-origin
cf-mitigated
challenge
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bU36lMzu%2F8PwKkaIPNKCcjjcygddFsJD8Ak3sdpSU09zifkReHW8%2FJBHt5aHTNj%2FctFVucBLmD7G8kGTdRgEsb0Sl3mP32QQUId0nMd4PXfsabZgIE4XX9o0ZNuSsSYhX3GkwmGpLenNmhkMCWzSsHQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
origin-agent-cluster
?1
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy
accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cf-ray
8681ae231dff1909-FRA
expires
Thu, 01 Jan 1970 00:00:01 GMT
d9f8f7ac-5257-4cc7-b4c3-e93e3b4d029c
https://micr-sftolnine.xyz/ 		13 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://micr-sftolnine.xyz/d9f8f7ac-5257-4cc7-b4c3-e93e3b4d029c
Requested by
Host: micr-sftolnine.xyz
URL: https://micr-sftolnine.xyz/Mbart.decoster@adsanddata.be
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8860e7fef89219a219cb11d18bd8e4a322f32072613f86e935e7fe162ab69c04

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://micr-sftolnine.xyz/Mbart.decoster@adsanddata.be
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Length
13
Content-Type
text/javascript
fdfa7156b1ca3ad
micr-sftolnine.xyz/cdn-cgi/challenge-platform/h/b/flow/ov1/1393350729:1711059849:3JgEjcz-XwNfqF_DoSMCvOWQFmBWwaIb-5QAwpakJ58/8681ae229dac1909/ 		15 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://micr-sftolnine.xyz/cdn-cgi/challenge-platform/h/b/flow/ov1/1393350729:1711059849:3JgEjcz-XwNfqF_DoSMCvOWQFmBWwaIb-5QAwpakJ58/8681ae229dac1909/fdfa7156b1ca3ad
Requested by
Host: micr-sftolnine.xyz
URL: https://micr-sftolnine.xyz/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8681ae229dac1909
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b6038ee978afcc009fd274e325e0b93b010bece517de64491a89844d9f1f6c16

Request headers

Referer
https://micr-sftolnine.xyz/Mbart.decoster@adsanddata.be
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
CF-Challenge
fdfa7156b1ca3ad
Content-type
application/x-www-form-urlencoded

Response headers

date
Thu, 21 Mar 2024 23:21:46 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g12d2DrUFN7eCUOyY%2BDHpO57MEe03o1ntJvQfn1dAgARLk66Xl8aBfi7mmjNNBZMCVoZcHsYX5cTWZcLWrREVdqinwMo7QuwW8yjoibGIXYN1FlpR1ekH82yvSw4O1Cbn4f2r%2F1a57tpzNHlYR8ojEE%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
8681ae23ce8e1909-FRA
alt-svc
h3=":443"; ma=86400
cf-chl-gen
t3oLdcT1heJ6zGH5YDIOFwUPA+Oo5tRAbXiQLYPk0TyJXNWOX8DavkawtzNBbJ9C$0o0RKbsa2tAUl7kOFJI/nQ==
normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/lfdxi/0x4AAAAAAADnPIDROrmt1Wwj/light/ Frame 4DC3 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/lfdxi/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Requested by
Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/b/de9364586261/api.js?onload=xtIF7&render=explicit
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
alt-svc
h3=":443"; ma=86400
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
8681ae24391b9b83-FRA
content-encoding
br
content-security-policy
frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
content-type
text/html; charset=UTF-8
critical-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
cross-origin
date
Thu, 21 Mar 2024 23:21:46 GMT
document-policy
js-profiling
origin-agent-cluster
?1
permissions-policy
accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy
same-origin
server
cloudflare

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| _cf_chl_opt function| BVdIji3 function| rLBvM0 function| xtIF7 boolean| mvcD9 function| uuZYf1 function| uvjx8 function| ksPF5 function| NdXMl9 object| ODcli6 object| IpRwUR8 object| bympXl3 number| fZAlSH4 object| angular object| turnstile boolean| spAAs9 string| shSdG4

4 Cookies

Domain/Path Name / Value
.followmyhealth.com/ Name: Organization
Value: //13630bs3.ruthcaprow.com/YmFydC5kZWNvc3RlckBhZHNhbmRkYXRhLmJl??
.followmyhealth.com/ Name: __temp_data
Value:
13630bs3.ruthcaprow.com/ Name: PHPSESSID
Value: 6aefcead119997f2a84ec603bbe2a6c0
.micr-sftolnine.xyz/ Name: __cf_mw_byp
Value: rlChamMpvcDJ_Oe3hIPDCp4KXmrjB6V7f8XszORTDe8-1711063301-0.0.1.1-/Mbart.decoster@adsanddata.be

4 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'browsing-topics'.
security warning
Message:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network error URL: https://micr-sftolnine.xyz/Mbart.decoster@adsanddata.be
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://micr-sftolnine.xyz/favicon.ico
Message:
Failed to load resource: the server responded with a status of 403 ()