hypesquad-forms.tk Open in urlscan Pro
15.228.161.22 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://hypesquad-forms.tk/
Submission: On July 30 via api (July 30th 2022, 4:27:18 am UTC) from US — Scanned from DE

Summary HTTP 18 Redirects Links 25 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 18 HTTP transactions. The main IP is 15.228.161.22, located in São Paulo, Brazil and belongs to AMAZON-02, US. The main domain is hypesquad-forms.tk.

This is the only time hypesquad-forms.tk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Discord (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
10	15.228.161.22 15.228.161.22	16509 (AMAZON-02) (AMAZON-02)
8	2606:4700::68... 2606:4700::6810:7eaf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	2

10 15.228.161.22 (São Paulo, Brazil)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-228-161-22.sa-east-1.compute.amazonaws.com

hypesquad-forms.tk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700::6810:7eaf (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	hypesquad-forms.tk hypesquad-forms.tk	351 KB
8	unpkg.com unpkg.com — Cisco Umbrella Rank: 893	7 KB
18	2

	Domain	Requested by
10	hypesquad-forms.tk	hypesquad-forms.tk
8	unpkg.com	hypesquad-forms.tk
18	2

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.instagram.com
www.facebook.com
www.youtube.com
discord.com
discordstatus.com
support.discord.com
feedback.discord.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-01` - `2023-06-01`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://hypesquad-forms.tk/
Frame ID: 2DB6ED8AFC7B4EBCD5FE82D313464AD7
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Discord Moderator Recruitment

Page Statistics

18
Requests

6 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

359 kB
Transfer

365 kB
Size

0
Cookies

25 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/discord

Search URL Search Domain Scan URL

URL: https://www.instagram.com/discord/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/discord/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/discord/

Search URL Search Domain Scan URL

URL: https://discord.com/download
Title: Download

Search URL Search Domain Scan URL

URL: https://discord.com/nitro
Title: Nitro

Search URL Search Domain Scan URL

URL: https://discordstatus.com/
Title: Status

Search URL Search Domain Scan URL

URL: https://discord.com/company
Title: About

Search URL Search Domain Scan URL

URL: https://discord.com/jobs
Title: Jobs

Search URL Search Domain Scan URL

URL: https://discord.com/branding
Title: Branding

Search URL Search Domain Scan URL

URL: https://discord.com/newsroom
Title: Newsroom

Search URL Search Domain Scan URL

URL: https://discord.com/college
Title: College

Search URL Search Domain Scan URL

URL: https://support.discord.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://discord.com/safety
Title: Safety

Search URL Search Domain Scan URL

URL: https://discord.com/blog
Title: Blog

Search URL Search Domain Scan URL

URL: https://feedback.discord.com/
Title: Feedback

Search URL Search Domain Scan URL

URL: https://discord.com/developers/docs
Title: Developers

Search URL Search Domain Scan URL

URL: https://discord.com/streamkit
Title: StreamKit

Search URL Search Domain Scan URL

URL: https://discord.com/terms
Title: Terms

Search URL Search Domain Scan URL

URL: https://discord.com/privacy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://discord.com/
Title: Cookie Settings

Search URL Search Domain Scan URL

URL: https://discord.com/guidelines
Title: Guidelines

Search URL Search Domain Scan URL

URL: https://discord.com/acknowledgements
Title: Acknowledgements

Search URL Search Domain Scan URL

URL: https://discord.com/licenses
Title: Licenses

Search URL Search Domain Scan URL

URL: https://discord.com/moderation
Title: Moderation

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

http://unpkg.com/boxicons@2.1.1/svg/regular/bx-menu.svg HTTP 307
https://unpkg.com/boxicons@2.1.1/svg/regular/bx-menu.svg

Request Chain 11

http://unpkg.com/boxicons@2.1.1/svg/regular/bx-chevron-left.svg HTTP 307
https://unpkg.com/boxicons@2.1.1/svg/regular/bx-chevron-left.svg

Request Chain 12

http://unpkg.com/boxicons@2.1.1/svg/regular/bx-x.svg HTTP 307
https://unpkg.com/boxicons@2.1.1/svg/regular/bx-x.svg

Request Chain 13

http://unpkg.com/boxicons@2.1.1/svg/logos/bxl-twitter.svg HTTP 307
https://unpkg.com/boxicons@2.1.1/svg/logos/bxl-twitter.svg

Request Chain 14

http://unpkg.com/boxicons@2.1.1/svg/logos/bxl-instagram.svg HTTP 307
https://unpkg.com/boxicons@2.1.1/svg/logos/bxl-instagram.svg

Request Chain 15

http://unpkg.com/boxicons@2.1.1/svg/logos/bxl-facebook-square.svg HTTP 307
https://unpkg.com/boxicons@2.1.1/svg/logos/bxl-facebook-square.svg

Request Chain 16

http://unpkg.com/boxicons@2.1.1/svg/logos/bxl-youtube.svg HTTP 307
https://unpkg.com/boxicons@2.1.1/svg/logos/bxl-youtube.svg

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
hypesquad-forms.tk/ 12 KB
12 KB 427ms
202ms Document
text/html 15.228.161.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://hypesquad-forms.tk/
Protocol: HTTP/1.1
Server: 15.228.161.22 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-228-161-22.sa-east-1.compute.amazonaws.com
Software: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6 / PHP/8.1.6
Resource Hash: d488a9448be2449e33f1dbdcb31eff838b69932261b75fd9b340b7164549b15d

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Sat, 30 Jul 2022 04:27:13 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
Transfer-Encoding: chunked
X-Powered-By: PHP/8.1.6

GET
H/1.1 200
OK index.css
hypesquad-forms.tk/css/ 10 KB
10 KB 202ms
202ms Stylesheet
text/css 15.228.161.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://hypesquad-forms.tk/css/index.css
Requested by: Host: hypesquad-forms.tk
URL: http://hypesquad-forms.tk/
Protocol: HTTP/1.1
Server: 15.228.161.22 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-228-161-22.sa-east-1.compute.amazonaws.com
Software: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6 /
Resource Hash: d6ffa86e0c73b254358798cfb9a61850bc5d5c1a7a5f66af109a7bf35c7bd721

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://hypesquad-forms.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Sat, 30 Jul 2022 04:27:13 GMT
Last-Modified: Fri, 25 Feb 2022 02:40:35 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
ETag: "27bb-5d8ce9f8c2db8"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 10171

GET
H2 200 boxicons.js Show response
unpkg.com/boxicons@2.1.1/dist/ 13 KB
4 KB 47ms
18ms Script
application/javascript 2606:4700::6810:7eaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/boxicons@2.1.1/dist/boxicons.js

Requested by

Host: hypesquad-forms.tk
URL: http://hypesquad-forms.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

771792c29967271ab7d5dc2d674b532eb7e621105faaa0f1375672e920f319ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://hypesquad-forms.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sat, 30 Jul 2022 04:27:13 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 16057858
fly-request-id: 01FT83RF31R1CHDAFW3VXNJ85P
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"3303-GVZxmno9jwZ5q1NdVs23GVOuXzw"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 732b572fdd5768ec-FRA

GET
H/1.1 200
OK 22fd790491653d837422d80e3500cf92.svg
hypesquad-forms.tk/assets/ 5 KB
5 KB 600ms
203ms Image
image/svg+xml 15.228.161.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hypesquad-forms.tk/assets/22fd790491653d837422d80e3500cf92.svg
Requested by: Host: hypesquad-forms.tk
URL: http://hypesquad-forms.tk/
Protocol: HTTP/1.1
Server: 15.228.161.22 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-228-161-22.sa-east-1.compute.amazonaws.com
Software: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6 /
Resource Hash: 641b1091276ba75578c3d93f367f0d70bcbba7c62a7f159c4307acf0ed6c5cbe

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://hypesquad-forms.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Sat, 30 Jul 2022 04:27:13 GMT
Last-Modified: Thu, 24 Feb 2022 15:55:02 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
ETag: "12c4-5d8c59ae7c111"
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 4804

GET
H/1.1 200
OK a6193089fb762c7874fffcc9e61fa91e.svg
hypesquad-forms.tk/assets/ 36 KB
36 KB 804ms
203ms Image
image/svg+xml 15.228.161.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hypesquad-forms.tk/assets/a6193089fb762c7874fffcc9e61fa91e.svg
Requested by: Host: hypesquad-forms.tk
URL: http://hypesquad-forms.tk/
Protocol: HTTP/1.1
Server: 15.228.161.22 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-228-161-22.sa-east-1.compute.amazonaws.com
Software: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6 /
Resource Hash: e5d5284e778466ff3cec71bf016f248e81047facf07748ff844ef0d831b98bff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://hypesquad-forms.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Sat, 30 Jul 2022 04:27:13 GMT
Last-Modified: Thu, 24 Feb 2022 15:56:08 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
ETag: "8fab-5d8c59edbf22b"
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 36779

GET
H/1.1 200
OK mobile.js Show response
hypesquad-forms.tk/scripts/ 241 B
561 B 393ms
202ms Script
application/javascript 15.228.161.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://hypesquad-forms.tk/scripts/mobile.js
Requested by: Host: hypesquad-forms.tk
URL: http://hypesquad-forms.tk/
Protocol: HTTP/1.1
Server: 15.228.161.22 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-228-161-22.sa-east-1.compute.amazonaws.com
Software: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6 /
Resource Hash: 36a7a3ee7e491ac59aaed0a4f9fa0e869b8ee9c04cdabad6bcca8598c58e9352

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://hypesquad-forms.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Sat, 30 Jul 2022 04:27:13 GMT
Last-Modified: Fri, 25 Feb 2022 02:29:40 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
ETag: "f1-5d8ce788cac99"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 241

GET
H/1.1 200
OK 88055567e3d928bcb1e67e967081572e.woff
hypesquad-forms.tk/assets/ 61 KB
61 KB 209ms
202ms Font
font/woff 15.228.161.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://hypesquad-forms.tk/assets/88055567e3d928bcb1e67e967081572e.woff
Requested by: Host: hypesquad-forms.tk
URL: http://hypesquad-forms.tk/css/index.css
Protocol: HTTP/1.1
Server: 15.228.161.22 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-228-161-22.sa-east-1.compute.amazonaws.com
Software: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6 /
Resource Hash: 0e9a97ab8ee2408a80d5d42ea49fc1cbf291f71a11a3a1728418074087709754

Request headers

Referer: http://hypesquad-forms.tk/css/index.css
Origin: http://hypesquad-forms.tk
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Sat, 30 Jul 2022 04:27:13 GMT
Last-Modified: Wed, 23 Feb 2022 23:17:30 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
ETag: "f430-5d8b7ab6cf743"
Content-Type: font/woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 62512

GET
H/1.1 200
OK 32c4f766e4892c054dfd367dbe0fc6dc.woff
hypesquad-forms.tk/assets/ 54 KB
55 KB 212ms
203ms Font
font/woff 15.228.161.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://hypesquad-forms.tk/assets/32c4f766e4892c054dfd367dbe0fc6dc.woff
Requested by: Host: hypesquad-forms.tk
URL: http://hypesquad-forms.tk/css/index.css
Protocol: HTTP/1.1
Server: 15.228.161.22 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-228-161-22.sa-east-1.compute.amazonaws.com
Software: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6 /
Resource Hash: 8612deb0cfdfde638ad9e286429dd4cf56418398dc0d6721ce43842403d9f320

Request headers

Referer: http://hypesquad-forms.tk/css/index.css
Origin: http://hypesquad-forms.tk
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Sat, 30 Jul 2022 04:27:13 GMT
Last-Modified: Wed, 23 Feb 2022 23:17:12 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
ETag: "d9c8-5d8b7aa5a438c"
Content-Type: font/woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 55752

GET
H/1.1 200
OK ae7c84783ad48b6d1c8e2bfbe707e0d4.woff2
hypesquad-forms.tk/assets/ 56 KB
56 KB 211ms
203ms Font
font/woff2 15.228.161.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://hypesquad-forms.tk/assets/ae7c84783ad48b6d1c8e2bfbe707e0d4.woff2
Requested by: Host: hypesquad-forms.tk
URL: http://hypesquad-forms.tk/css/index.css
Protocol: HTTP/1.1
Server: 15.228.161.22 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-228-161-22.sa-east-1.compute.amazonaws.com
Software: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6 /
Resource Hash: e7f99c2e4bc60f87969eb7f02b7b41be1fc8918686c7b479d50874564b2c921e

Request headers

Referer: http://hypesquad-forms.tk/css/index.css
Origin: http://hypesquad-forms.tk
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Sat, 30 Jul 2022 04:27:13 GMT
Last-Modified: Wed, 23 Feb 2022 23:18:45 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
ETag: "e074-5d8b7afee6824"
Content-Type: font/woff2
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 57460

GET
H/1.1 200
OK 64f5045e7c47202da327cadef3c611d1.woff2
hypesquad-forms.tk/assets/ 53 KB
53 KB 401ms
202ms Font
font/woff2 15.228.161.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://hypesquad-forms.tk/assets/64f5045e7c47202da327cadef3c611d1.woff2
Requested by: Host: hypesquad-forms.tk
URL: http://hypesquad-forms.tk/css/index.css
Protocol: HTTP/1.1
Server: 15.228.161.22 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-228-161-22.sa-east-1.compute.amazonaws.com
Software: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6 /
Resource Hash: 36a2dfff913ee4040728aa64bb5754b42ee615b750aa8e192c98ff2ea171c5ab

Request headers

Referer: http://hypesquad-forms.tk/css/index.css
Origin: http://hypesquad-forms.tk
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Sat, 30 Jul 2022 04:27:13 GMT
Last-Modified: Wed, 23 Feb 2022 23:18:24 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
ETag: "d3a8-5d8b7aeada36f"
Content-Type: font/woff2
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 54184

GET
H/1.1 200
OK 746a4f241e03deffc59b08c5650cf458.woff
hypesquad-forms.tk/assets/ 61 KB
62 KB 402ms
201ms Font
font/woff 15.228.161.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://hypesquad-forms.tk/assets/746a4f241e03deffc59b08c5650cf458.woff
Requested by: Host: hypesquad-forms.tk
URL: http://hypesquad-forms.tk/css/index.css
Protocol: HTTP/1.1
Server: 15.228.161.22 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-15-228-161-22.sa-east-1.compute.amazonaws.com
Software: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6 /
Resource Hash: 12954218db16e3a3c86a6ee84e41be8bb35cee983ffd5233b37c7e094f9dcf11

Request headers

Referer: http://hypesquad-forms.tk/css/index.css
Origin: http://hypesquad-forms.tk
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Sat, 30 Jul 2022 04:27:13 GMT
Last-Modified: Wed, 23 Feb 2022 23:17:38 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
ETag: "f530-5d8b7abec1117"
Content-Type: font/woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 62768

GET
H2

200

bx-menu.svg Show response
unpkg.com/boxicons@2.1.1/svg/regular/
Redirect Chain

http://unpkg.com/boxicons@2.1.1/svg/regular/bx-menu.svg
https://unpkg.com/boxicons@2.1.1/svg/regular/bx-menu.svg

137 B
225 B

33ms
16ms

XHR
image/svg+xml

2606:4700::6810:7eaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/boxicons@2.1.1/svg/regular/bx-menu.svg

Requested by

Host: hypesquad-forms.tk
URL: http://hypesquad-forms.tk/

Protocol

Server

2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

651abeef520364269ba205d29fbabf3919c269ca66d7758d1c8e108e947335ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://hypesquad-forms.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sat, 30 Jul 2022 04:27:13 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7776960
fly-request-id: 01G1YX1DZWAC0DN0564PMJE3VJ-fra
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"89-c8eWmp1lCcx3B2PXtn7tShsnBIA"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 732b57325d6b9b94-FRA

Redirect headers

Location: https://unpkg.com/boxicons@2.1.1/svg/regular/bx-menu.svg
Non-Authoritative-Reason: HSTS
Access-Control-Allow-Credentials: true
Cross-Origin-Resource-Policy: Cross-Origin
Access-Control-Allow-Origin: http://hypesquad-forms.tk

GET
H2

200

bx-chevron-left.svg Show response
unpkg.com/boxicons@2.1.1/svg/regular/
Redirect Chain

http://unpkg.com/boxicons@2.1.1/svg/regular/bx-chevron-left.svg
https://unpkg.com/boxicons@2.1.1/svg/regular/bx-chevron-left.svg

170 B
250 B

33ms
17ms

XHR
image/svg+xml

2606:4700::6810:7eaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/boxicons@2.1.1/svg/regular/bx-chevron-left.svg

Requested by

Host: hypesquad-forms.tk
URL: http://hypesquad-forms.tk/

Protocol

Server

2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8cfe7c7fc83870c106ed8c55506e51208ecc267e4e96706ae3dd1eaa496f003

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://hypesquad-forms.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sat, 30 Jul 2022 04:27:13 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26505
fly-request-id: 01G95WEJMB8VC0XB6QRS7HNMM6-fra
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"aa-nInKcEFHGzF0NZm/B7hSx25ytoY"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 732b57325d6e9b94-FRA

Redirect headers

Location: https://unpkg.com/boxicons@2.1.1/svg/regular/bx-chevron-left.svg
Non-Authoritative-Reason: HSTS
Access-Control-Allow-Credentials: true
Cross-Origin-Resource-Policy: Cross-Origin
Access-Control-Allow-Origin: http://hypesquad-forms.tk

GET
H2

200

bx-x.svg Show response
unpkg.com/boxicons@2.1.1/svg/regular/
Redirect Chain

http://unpkg.com/boxicons@2.1.1/svg/regular/bx-x.svg
https://unpkg.com/boxicons@2.1.1/svg/regular/bx-x.svg

244 B
547 B

31ms
15ms

XHR
image/svg+xml

2606:4700::6810:7eaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/boxicons@2.1.1/svg/regular/bx-x.svg

Requested by

Host: hypesquad-forms.tk
URL: http://hypesquad-forms.tk/

Protocol

Server

2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

21a7dc13c340ee4b0ae73fc2a291c243e1ae104fc324d7f4faba8216a954eefd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://hypesquad-forms.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sat, 30 Jul 2022 04:27:13 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 12182191
fly-request-id: 01FXVKWEH0X2PASQ8AZ7WG14RX-fra
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"f4-Fhz7iNvlYfxk2B44b+KbasBKhHE"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 732b57325d6f9b94-FRA

Redirect headers

Location: https://unpkg.com/boxicons@2.1.1/svg/regular/bx-x.svg
Non-Authoritative-Reason: HSTS
Access-Control-Allow-Credentials: true
Cross-Origin-Resource-Policy: Cross-Origin
Access-Control-Allow-Origin: http://hypesquad-forms.tk

GET
H2

200

bxl-twitter.svg Show response
unpkg.com/boxicons@2.1.1/svg/logos/
Redirect Chain

http://unpkg.com/boxicons@2.1.1/svg/logos/bxl-twitter.svg
https://unpkg.com/boxicons@2.1.1/svg/logos/bxl-twitter.svg

685 B
494 B

34ms
18ms

XHR
image/svg+xml

2606:4700::6810:7eaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/boxicons@2.1.1/svg/logos/bxl-twitter.svg

Requested by

Host: hypesquad-forms.tk
URL: http://hypesquad-forms.tk/

Protocol

Server

2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10b9b2a075922945d595a7683b14ab74c3f988e51beea5deaa82bd211b533fcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://hypesquad-forms.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sat, 30 Jul 2022 04:27:13 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 8028039
fly-request-id: 01G1QDK2YNF9QDJNQ1TTW6DRJM-fra
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"2ad-x699s7PsrMYsTB48gYPaBowCCrY"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 732b57325d719b94-FRA

Redirect headers

Location: https://unpkg.com/boxicons@2.1.1/svg/logos/bxl-twitter.svg
Non-Authoritative-Reason: HSTS
Access-Control-Allow-Credentials: true
Cross-Origin-Resource-Policy: Cross-Origin
Access-Control-Allow-Origin: http://hypesquad-forms.tk

GET
H2

200

bxl-instagram.svg Show response
unpkg.com/boxicons@2.1.1/svg/logos/
Redirect Chain

http://unpkg.com/boxicons@2.1.1/svg/logos/bxl-instagram.svg
https://unpkg.com/boxicons@2.1.1/svg/logos/bxl-instagram.svg

1 KB
753 B

35ms
19ms

XHR
image/svg+xml

2606:4700::6810:7eaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/boxicons@2.1.1/svg/logos/bxl-instagram.svg

Requested by

Host: hypesquad-forms.tk
URL: http://hypesquad-forms.tk/

Protocol

Server

2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14877869a24dd096c0272022871ac95e6be09b98b7b8fa3f24f83e8950a69d25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://hypesquad-forms.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sat, 30 Jul 2022 04:27:13 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1064546
fly-request-id: 01G86YG2DVY5PDDCNGJVRK1R7W-fra
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"582-ziZttlGFxiHSjHboslt7bb/NWMI"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 732b57325d709b94-FRA

Redirect headers

Location: https://unpkg.com/boxicons@2.1.1/svg/logos/bxl-instagram.svg
Non-Authoritative-Reason: HSTS
Access-Control-Allow-Credentials: true
Cross-Origin-Resource-Policy: Cross-Origin
Access-Control-Allow-Origin: http://hypesquad-forms.tk

GET
H2

200

bxl-facebook-square.svg Show response
unpkg.com/boxicons@2.1.1/svg/logos/
Redirect Chain

http://unpkg.com/boxicons@2.1.1/svg/logos/bxl-facebook-square.svg
https://unpkg.com/boxicons@2.1.1/svg/logos/bxl-facebook-square.svg

342 B
341 B

31ms
16ms

XHR
image/svg+xml

2606:4700::6810:7eaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/boxicons@2.1.1/svg/logos/bxl-facebook-square.svg

Requested by

Host: hypesquad-forms.tk
URL: http://hypesquad-forms.tk/

Protocol

Server

2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

24c482f1247326adee78200004cd0f0b216c537f0efb5043526bbbaadfc54ba6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://hypesquad-forms.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sat, 30 Jul 2022 04:27:13 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1070515
fly-request-id: 01G86RSXGFW0KSK1TAF1DTS5PE-fra
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"156-5Uhxfwrjkgg9Qo0VmlSryP0xd7I"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 732b57325d6c9b94-FRA

Redirect headers

Location: https://unpkg.com/boxicons@2.1.1/svg/logos/bxl-facebook-square.svg
Non-Authoritative-Reason: HSTS
Access-Control-Allow-Credentials: true
Cross-Origin-Resource-Policy: Cross-Origin
Access-Control-Allow-Origin: http://hypesquad-forms.tk

GET
H2

200

bxl-youtube.svg Show response
unpkg.com/boxicons@2.1.1/svg/logos/
Redirect Chain

http://unpkg.com/boxicons@2.1.1/svg/logos/bxl-youtube.svg
https://unpkg.com/boxicons@2.1.1/svg/logos/bxl-youtube.svg

479 B
406 B

33ms
18ms

XHR
image/svg+xml

2606:4700::6810:7eaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/boxicons@2.1.1/svg/logos/bxl-youtube.svg

Requested by

Host: hypesquad-forms.tk
URL: http://hypesquad-forms.tk/

Protocol

Server

2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b4d3dce478445f0f1b17fbd4a29c542cc210e215a87d261044d351099332c65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://hypesquad-forms.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sat, 30 Jul 2022 04:27:13 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4415337
fly-request-id: 01G5331A99ANN7SNHH31PR5GTW-fra
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"1df-Ec+S7NpXsQ73BtFEYAWQZAPi3TA"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 732b57325d6d9b94-FRA

Redirect headers

Location: https://unpkg.com/boxicons@2.1.1/svg/logos/bxl-youtube.svg
Non-Authoritative-Reason: HSTS
Access-Control-Allow-Credentials: true
Cross-Origin-Resource-Policy: Cross-Origin
Access-Control-Allow-Origin: http://hypesquad-forms.tk

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Discord (Instant Messenger)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hypesquad-forms.tk
unpkg.com
15.228.161.22
2606:4700::6810:7eaf
0e9a97ab8ee2408a80d5d42ea49fc1cbf291f71a11a3a1728418074087709754
10b9b2a075922945d595a7683b14ab74c3f988e51beea5deaa82bd211b533fcf
12954218db16e3a3c86a6ee84e41be8bb35cee983ffd5233b37c7e094f9dcf11
14877869a24dd096c0272022871ac95e6be09b98b7b8fa3f24f83e8950a69d25
21a7dc13c340ee4b0ae73fc2a291c243e1ae104fc324d7f4faba8216a954eefd
24c482f1247326adee78200004cd0f0b216c537f0efb5043526bbbaadfc54ba6
36a2dfff913ee4040728aa64bb5754b42ee615b750aa8e192c98ff2ea171c5ab
36a7a3ee7e491ac59aaed0a4f9fa0e869b8ee9c04cdabad6bcca8598c58e9352
4b4d3dce478445f0f1b17fbd4a29c542cc210e215a87d261044d351099332c65
641b1091276ba75578c3d93f367f0d70bcbba7c62a7f159c4307acf0ed6c5cbe
651abeef520364269ba205d29fbabf3919c269ca66d7758d1c8e108e947335ea
771792c29967271ab7d5dc2d674b532eb7e621105faaa0f1375672e920f319ef
8612deb0cfdfde638ad9e286429dd4cf56418398dc0d6721ce43842403d9f320
d488a9448be2449e33f1dbdcb31eff838b69932261b75fd9b340b7164549b15d
d6ffa86e0c73b254358798cfb9a61850bc5d5c1a7a5f66af109a7bf35c7bd721
d8cfe7c7fc83870c106ed8c55506e51208ecc267e4e96706ae3dd1eaa496f003
e5d5284e778466ff3cec71bf016f248e81047facf07748ff844ef0d831b98bff
e7f99c2e4bc60f87969eb7f02b7b41be1fc8918686c7b479d50874564b2c921e

hypesquad-forms.tk Open in urlscan Pro 15.228.161.22 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

18 Requests

6 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

359 kBTransfer

365 kBSize

0 Cookies

25 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

0 Cookies

Indicators

hypesquad-forms.tk Open in urlscan Pro
15.228.161.22 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

6 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

359 kB
Transfer

365 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!