auothu-authnticate-redirect.pages.dev Open in urlscan Pro
2606:4700:e6::ac40:ca06 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://protect-us.mimecast.com/s/sWUzCBBynBfBBzZgUzjmkh?domain=auothu-authnticate-redirect.pages.dev
Effective URL:
https://auothu-authnticate-redirect.pages.dev/000ni0-0-0
Submission: On March 14 via manual (March 14th 2022, 1:02:10 am UTC) from IN — Scanned from US

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 12 HTTP transactions. The main IP is 2606:4700:e6::ac40:ca06, located in United States and belongs to CLOUDFLARENET, US. The main domain is auothu-authnticate-redirect.pages.dev.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 6th 2022. Valid for: a year.

This is the only time auothu-authnticate-redirect.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address	AS Autonomous System
2 2	205.139.111.117 205.139.111.117	30031 (MIMECAST-) (MIMECAST-)
11	2606:4700:e6:... 2606:4700:e6::ac40:ca06	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.67.65.37 18.67.65.37	16509 (AMAZON-02) (AMAZON-02)
12	3

2 205.139.111.117 (United States) 2 redirects

ASN30031 (MIMECAST-, US)
PTR: us-api.mimecast.com

protect-us.mimecast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700:e6::ac40:ca06 (United States)

ASN13335 (CLOUDFLARENET, US)

auothu-authnticate-redirect.pages.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.67.65.37 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-65-37.iad89.r.cloudfront.net

logo.clearbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	pages.dev auothu-authnticate-redirect.pages.dev	94 KB
2	mimecast.com 2 redirects protect-us.mimecast.com — Cisco Umbrella Rank: 8294	2 KB
1	clearbit.com logo.clearbit.com — Cisco Umbrella Rank: 24264	21 KB
12	3

	Domain	Requested by
11	auothu-authnticate-redirect.pages.dev	auothu-authnticate-redirect.pages.dev
2	protect-us.mimecast.com	2 redirects
1	logo.clearbit.com	auothu-authnticate-redirect.pages.dev
12	3

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-03-06` - `2023-03-05`	a year	crt.sh
clearbit.com Amazon	`2021-04-22` - `2022-05-21`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://auothu-authnticate-redirect.pages.dev/000ni0-0-0
Frame ID: 06B1721E3D186316BD3E71BF4841FF56
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

FRANKLINTEMPLETON Login

Page URL History Show full URLs

https://protect-us.mimecast.com/s/sWUzCBBynBfBBzZgUzjmkh?domain=auothu-authnticate-redirect.pages.dev HTTP 307
https://protect-us.mimecast.com/redirect/eNqtVdtu20YQ_RWDfZXkvXPXaIs6sQMUTYzCqWvXVSHsZSgxFi_gLlUrgf-9QzKO7TQ... HTTP 307
https://auothu-authnticate-redirect.pages.dev/000ni0-0-0 Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

115 kB
Transfer

368 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://protect-us.mimecast.com/s/sWUzCBBynBfBBzZgUzjmkh?domain=auothu-authnticate-redirect.pages.dev HTTP 307
https://protect-us.mimecast.com/redirect/eNqtVdtu20YQ_RWDfZXkvXPXaIs6sQMUTYzCqWvXVSHsZSgxFi_gLlUrgf-9QzKO7TQG_BAIEDnXnTkzZ_kp63ybsqNsb2N_0yxumnXfwS9FZ-ubbVknqNotpKZe-KbKZtm28dkRnWUdeCjblMoKUFYip0ZIZQghaMN0bJbZlKzflHXRYPZPy89yBXWKy-zob9QU5RbObAUoLjPXhP1ik6plNltmcWPpqBVUUuZC7hQnxDgPVBfUEUWCp8JyzyRRDAjcRzGpxjheMCGk5LwQ2hHtRGBEKalpIYgpHLOCWc-N0p4HpYEo56kXGhizwG0uxnxVkGOy4KVRlBl82sJA4CAJ5cqywGUopBmdu6ZJ7793AQjvH_t2AijBbVoeIkLbqdny46DPDdN3s6_BTDi-WJUxljg5uI-4B1V5WhRQ5MpxCIGboBUvuM4tZYRIFqTKtQRmvwaVWq-NEMYW2B1YLnPBmbQWiPB5cLIggrDgLVDiPSvQ5HLhhLAW3YKDJ6A67YISzmihc8ZxlkaAN4YEk2MWr78F6vcp4DGoFcRo17A87AqvGZvH1DsH4THChtG7f-5w90OJWz9Q5dcapbYM2ZHQuO8u4r4TiSqL5MheX7w_lvqYmhy97BjwegP-5uL87aTAmaDu2HsUY2XjBiVwOHRuBhqxQgVOrPeuYCq3hSxYcIUySkolhpA6dBhRpmdJGnv3AT1-tzH-23Th4PS2Lbv9wVmTSg8H85cxPVXpXdPX2GTWxwRdZbKhVf-_Fof744HlCFHZlo9IXt_v5G_jebODv8bjR4ShsuV2NL6gpjEiNBhSjyHPOE2zgjiMhyJLqSZaiQm2hzK_VPX8UQ_FPQf1CytCp7Kd9lfLBWNsITU-pmtj08Q02oYXCHO3XwxLv7V76BY1oO1uGsZZE_CqzQglKJctvj7Nhtoqroeusx8ZYYxwyqkhTJgFF0SfspOTU64EOWXk2938PGSY6JBwo7MvScSQRPLh3L7bomWTUhuPlofLQ9s3adPPbZ82NS6XTTDvYOLJosVEcRFgtzzEz0Jdkjn-foDLNx_DZdq9rdLumv-5v754VfnqTW_Zbevq8627ehWvr853rpQfHCM_DbMcKLRe-Tms-kjoiuZ8tQv4P-erh01cTfUOdrb6vLFzRGtO8faQTFI-LOu6HxHyDVnvVlfxna76i8sTcwymKtdo9xjZVND5Ce2niw7ribpt1yTscN7HxXCZeBvTSJq7_wCFFEDJ HTTP 307
https://auothu-authnticate-redirect.pages.dev/000ni0-0-0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request 000ni0-0-0 Show response
auothu-authnticate-redirect.pages.dev/
Redirect Chain

https://protect-us.mimecast.com/s/sWUzCBBynBfBBzZgUzjmkh?domain=auothu-authnticate-redirect.pages.dev
https://protect-us.mimecast.com/redirect/eNqtVdtu20YQ_RWDfZXkvXPXaIs6sQMUTYzCqWvXVSHsZSgxFi_gLlUrgf-9QzKO7TQG_BAIEDnXnTkzZ_kp63ybsqNsb2N_0yxumnXfwS9FZ-ubbVknqNotpKZe-KbKZtm28dkRnWUdeCjblMoKUFYip0ZI...
https://auothu-authnticate-redirect.pages.dev/000ni0-0-0

11 KB
3 KB

72ms
31ms

Document
text/html

2606:4700:e6::ac40:ca06
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://auothu-authnticate-redirect.pages.dev/000ni0-0-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ca06 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 67a14ea4119e6bb5f19f3eae66d562f0e6d3186d08b989c37bf88a146da501bf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-US,en;q=0.9

Response headers

date: Mon, 14 Mar 2022 01:02:05 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=0, must-revalidate
etag: W/"61967f4cb747933f7552f7757744b9e9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0TNTjI2ksbQMqprlMlQKStc3ZBjtGJeDvWM7oUT0Ya6Q%2FZhPu0fHD%2BP8DQnx%2BWE3docg8OHyYARQ1JKFATKUlGBfd7vSB1F17X4OI77kDZqjdtIxWCFZ9YfwuLCTtQBgedbHUzAfVVb%2Fboak21N%2BmLrZEszEr4lb1EVkuGV7w2JMLdXT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 6eb914f50d5d18cc-EWR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

Date: Mon, 14 Mar 2022 01:02:05 GMT
Content-Length: 0
Connection: keep-alive
Location: https://auothu-authnticate-redirect.pages.dev/000ni0-0-0#eWFzdWtvLmtvZ3VyZUBmcmFua2xpbnRlbXBsZXRvbi5jb20=
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Cache-control: no-store
Pragma: no-cache

GET
H2 200 bootstrap.css
auothu-authnticate-redirect.pages.dev/index_files/ 141 KB
22 KB 59ms
57ms Stylesheet
text/css 2606:4700:e6::ac40:ca06
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://auothu-authnticate-redirect.pages.dev/index_files/bootstrap.css
Requested by: Host: auothu-authnticate-redirect.pages.dev
URL: https://auothu-authnticate-redirect.pages.dev/000ni0-0-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ca06 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://auothu-authnticate-redirect.pages.dev/000ni0-0-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 01:02:05 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"c34db0bec958e930cafdc5c1280b8264"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kbzL4q50hGkxiN7QzAJa6mL5g%2BobRkvu947akuZ3mTXCgOLR9ZLF0sdEtA75xi6Sf8GvmR8lH%2B5yVhYEEZDRFAXW7jVaB425%2FS2Nb1wZRzsRjCo3PXl4zO3mE3ddPhLsdkRKDEWQ3m80ziv0b2B%2B6rOmobIkKc5PyBowFzcC03GEAHH4"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: public, max-age=0, must-revalidate
cf-ray: 6eb914f55e3718cc-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 css.css
auothu-authnticate-redirect.pages.dev/index_files/ 1 KB
765 B 45ms
44ms Stylesheet
text/css 2606:4700:e6::ac40:ca06
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://auothu-authnticate-redirect.pages.dev/index_files/css.css
Requested by: Host: auothu-authnticate-redirect.pages.dev
URL: https://auothu-authnticate-redirect.pages.dev/000ni0-0-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ca06 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f701947ccec193e5d77382be3f43481c0cab84b75dad13a7497c386c7d13a6a

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://auothu-authnticate-redirect.pages.dev/000ni0-0-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 01:02:05 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"07812d80dd867188ee0ae14050fa425e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZusQpZTgeUv6oyt4ejwcEuYruZvOPLNZSP5d5WsHt9mvpLCcjEFy1BPhhrGEU%2FKEODk9iSZ2KkqzuR7HGNgY3hBHFApvDeKLUzHzAZw0BbcZNYxNpVeTiaKaVHgiXoc2SK%2FOJIHvjr%2F2PIXrrHUsU0R2wHueo%2BLU9JbJPjNWyCSP0aEk"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: public, max-age=0, must-revalidate
cf-ray: 6eb914f55e3918cc-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 font-awesome.css
auothu-authnticate-redirect.pages.dev/index_files/ 30 KB
7 KB 39ms
38ms Stylesheet
text/css 2606:4700:e6::ac40:ca06
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://auothu-authnticate-redirect.pages.dev/index_files/font-awesome.css
Requested by: Host: auothu-authnticate-redirect.pages.dev
URL: https://auothu-authnticate-redirect.pages.dev/000ni0-0-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ca06 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://auothu-authnticate-redirect.pages.dev/000ni0-0-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 01:02:05 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"ff0b0f498cbe698eedf313816af886a5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2y9WssQn1Klkd63iB0DbA0PTYuxmzS3GY%2FTLO97OQzBGwQEpOupXwEMSRhR9iqShJu0kMZwsoq4WtQdYHhfI4%2BqPATaaXDfPqH577LhEHcKhNhMRA2vSrWQ1SP%2FG7LdJAGWwfu9g3Hr3PGqgMQhMbjvpFTtekPuHC40YV5YeB7l%2F0jsP"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: public, max-age=0, must-revalidate
cf-ray: 6eb914f55e3b18cc-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 styles.css
auothu-authnticate-redirect.pages.dev/index_files/ 2 KB
1015 B 43ms
42ms Stylesheet
text/css 2606:4700:e6::ac40:ca06
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://auothu-authnticate-redirect.pages.dev/index_files/styles.css
Requested by: Host: auothu-authnticate-redirect.pages.dev
URL: https://auothu-authnticate-redirect.pages.dev/000ni0-0-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ca06 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f50010fb3423b3c462b636e5cb4af628c18f7b15f448203a0ef6dcae0df22a6b

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://auothu-authnticate-redirect.pages.dev/000ni0-0-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 01:02:05 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"ca2aee66960e95c70a6bf4b4a239097e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XxTJ%2FE4jNp2h6V0qhPack3eol%2BPjl8UxciHpTj9Gegg4InjhadSuABzlTzXfWjZvoFGR9ItrK8bL3lhJzSwPi4Fa0r%2FFiPTokzDlmVRHbvuUHgAyU1G6dq9XJqywuyfYyuIs2WORwXt4Kehtf5vRcRBFJ6GwEEw2H6FwHI5V7%2Bo%2FrP37"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: public, max-age=0, must-revalidate
cf-ray: 6eb914f55e3d18cc-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 jquery.js Show response
auothu-authnticate-redirect.pages.dev/index_files/ 84 KB
31 KB 60ms
59ms Script
application/javascript 2606:4700:e6::ac40:ca06
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://auothu-authnticate-redirect.pages.dev/index_files/jquery.js
Requested by: Host: auothu-authnticate-redirect.pages.dev
URL: https://auothu-authnticate-redirect.pages.dev/000ni0-0-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ca06 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://auothu-authnticate-redirect.pages.dev/000ni0-0-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 01:02:05 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"ea34e325270be1c2d8c0d34c46871195"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TSGrbZBpbn2C6zdzBHxw6NQnwwDJ%2FF%2Ba2RF9Voz%2FLNoGRtH5EZwKRJtXEmSy6J%2FdXFccZBrjCES1SIykSNj2zH1eb6l%2BG4EZlNORRCNU5aCUSf%2FH%2F5oFAP%2B83ZnCZ%2B2fCyfHfXgu1tRX%2FsEQTrRyJ5hUdoTu4NQAsRuwQ%2FBX27xKPAtf"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
cf-ray: 6eb914f55e4118cc-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 bootstrap.js Show response
auothu-authnticate-redirect.pages.dev/index_files/ 50 KB
15 KB 47ms
47ms Script
application/javascript 2606:4700:e6::ac40:ca06
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://auothu-authnticate-redirect.pages.dev/index_files/bootstrap.js
Requested by: Host: auothu-authnticate-redirect.pages.dev
URL: https://auothu-authnticate-redirect.pages.dev/000ni0-0-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ca06 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://auothu-authnticate-redirect.pages.dev/000ni0-0-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 01:02:05 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"31c3f9ea0df3dd0d791098afa7b69631"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JeJpfaIwn1L241od1oFZCXohI1k6UaDyKY4U4R2oxIy7%2FMNc%2FdxoX1IYEo2KkBvl9pJEQ4KHrsncIsKDoPittT8bkVd50zbCCCKuoUdHBHnXFDNhYk9%2BdpSdfhGMwj0rbpRVYQnl6rwU%2BBFgjGGzMp7PBGYqMpoke65zS5meZdSA2f64"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
cf-ray: 6eb914f55e4418cc-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 script.js Show response
auothu-authnticate-redirect.pages.dev/index_files/ 4 KB
2 KB 38ms
38ms Script
application/javascript 2606:4700:e6::ac40:ca06
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://auothu-authnticate-redirect.pages.dev/index_files/script.js
Requested by: Host: auothu-authnticate-redirect.pages.dev
URL: https://auothu-authnticate-redirect.pages.dev/000ni0-0-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ca06 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd81cb994b55e35df2458d732519b9281a3898a6ec49553f973d035acf19309d

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://auothu-authnticate-redirect.pages.dev/000ni0-0-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 01:02:05 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"a23d26a2e7c6183862b76afc4371d5e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IMj6KOvm79nPXaTJtOv44T2uDbTBUKNYlOhEeZyJscWpMBaja8AnuNv4FlgqkdiTAdzGL%2F%2FYu6T9LJxU85%2Bh5zwKIjzZaLFO1JV%2B8PRXonqa2SuuvT%2FLqR7QDz4hfhj0JoxVbXsR8a4BPlWgmbIJ%2FzGjpME14zdfHOYdwUCHtbS9WcJA"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
cf-ray: 6eb914f55e4718cc-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
DATA 200
OK truncated
/ 884 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7b3e10ed2f867fd289acfef86780d8f78ecae39000fed6a0557a3b82b15b57e3

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 fontawesome-webfont.woff2
auothu-authnticate-redirect.pages.dev/fonts/ 8 KB
4 KB 57ms
56ms Font
text/html 2606:4700:e6::ac40:ca06
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://auothu-authnticate-redirect.pages.dev/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: auothu-authnticate-redirect.pages.dev
URL: https://auothu-authnticate-redirect.pages.dev/index_files/font-awesome.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ca06 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd5fb1183799276e5d5ba143a14dd0d8284080b9358417652f9d772983447b4e

Request headers

Referer: https://auothu-authnticate-redirect.pages.dev/index_files/font-awesome.css
Origin: https://auothu-authnticate-redirect.pages.dev
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 01:02:05 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"fedfdce7cb06b2e3b233e8578c5d864b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dU1xJ5Noyt4B9QpJwvZviduzgNwOTQpQu6FZBZ73mgSp2alhl6Nv0VXHuaoupuKanSXVgkPcw7U8vLx4cVQ744G2WGF6PGMxogi9ZyEm4iEy%2BezDanFUUS0Y1VVt6PSSkhRCeYr1dSCWXBceYhngRaLHJaIfGTPmMyoh1ykYas5Ml5AJ"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
cache-control: public, max-age=0, must-revalidate
cf-ray: 6eb914f5ef8918cc-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 franklintempleton.com
logo.clearbit.com/ 21 KB
21 KB 82ms
10ms Image
image/png 18.67.65.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://logo.clearbit.com/franklintempleton.com

Requested by

Host: auothu-authnticate-redirect.pages.dev
URL: https://auothu-authnticate-redirect.pages.dev/000ni0-0-0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.37 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-37.iad89.r.cloudfront.net

Software

envoy /

Resource Hash

f348d15a93e2d428fef5f18b5ac7b680e2142faacd6db175ce0731dcaae1e3c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://auothu-authnticate-redirect.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Feb 2022 14:14:42 GMT
via: 1.1 1b6db55df4d0459558669f7d008cda9c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
server: envoy
age: 1162043
content-security-policy-report-only: default-src: 'self'; report-uri https://o13610.ingest.sentry.io/api/6173537/security/?sentry_key=7ac906c405c04da0bad984892f88d1bb
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: IAD89-P1
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-id: US9x0VB7cX_TgMoN4HRWDD5PY60uk4Mo-VFUOVbkej-WLqYK6OaO0A==

GET
H2 200 fontawesome-webfont.woff
auothu-authnticate-redirect.pages.dev/fonts/ 8 KB
4 KB 41ms
40ms Font
text/html 2606:4700:e6::ac40:ca06
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://auothu-authnticate-redirect.pages.dev/fonts/fontawesome-webfont.woff?v=4.7.0
Requested by: Host: auothu-authnticate-redirect.pages.dev
URL: https://auothu-authnticate-redirect.pages.dev/index_files/font-awesome.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ca06 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd5fb1183799276e5d5ba143a14dd0d8284080b9358417652f9d772983447b4e

Request headers

Referer: https://auothu-authnticate-redirect.pages.dev/index_files/font-awesome.css
Origin: https://auothu-authnticate-redirect.pages.dev
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 01:02:05 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"fedfdce7cb06b2e3b233e8578c5d864b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8uDH4RSHpLm1528T5cqvD7qdK%2FYsPwPsbMspTrhAaecZILjMZ5m0J5X3oHTbi10JkYfXjmCjRr0trMvEjmJP8TAl6%2FYayyZMR3oDnWDESex%2F%2BbmpMS7wTpA5wvHU006KBswTzm74%2BKf825WyajOsg0kxhM9%2FEKJ85TxyNErBM8x%2FPQdv"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
cache-control: public, max-age=0, must-revalidate
cf-ray: 6eb914f6383f18cc-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 fontawesome-webfont.ttf
auothu-authnticate-redirect.pages.dev/fonts/ 8 KB
4 KB 33ms
32ms Font
text/html 2606:4700:e6::ac40:ca06
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://auothu-authnticate-redirect.pages.dev/fonts/fontawesome-webfont.ttf?v=4.7.0
Requested by: Host: auothu-authnticate-redirect.pages.dev
URL: https://auothu-authnticate-redirect.pages.dev/index_files/font-awesome.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ca06 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd5fb1183799276e5d5ba143a14dd0d8284080b9358417652f9d772983447b4e

Request headers

Referer: https://auothu-authnticate-redirect.pages.dev/index_files/font-awesome.css
Origin: https://auothu-authnticate-redirect.pages.dev
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 01:02:05 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"fedfdce7cb06b2e3b233e8578c5d864b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=guQWc1Fpi9uq2VsgGOOw71LVqrOt9AhXex2lrDJpZs6%2B%2BKDEx%2F%2BVkjK1la5A%2FlFJmxSoAZS4gyZisS835iF7oeuru05omRY1OEdjEiqhn4H02EFpiiWfMbKt3KWHaKn%2FFId5eeGem9CqqdNf8oZnzsIr%2BZw5cuy1mJ0CLWUfqwZp55FY"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
cache-control: public, max-age=0, must-revalidate
cf-ray: 6eb914f678bf18cc-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://auothu-authnticate-redirect.pages.dev/000ni0-0-0#eWFzdWtvLmtvZ3VyZUBmcmFua2xpbnRlbXBsZXRvbi5jb20= Message: Mixed Content: The page at 'https://auothu-authnticate-redirect.pages.dev/000ni0-0-0#eWFzdWtvLmtvZ3VyZUBmcmFua2xpbnRlbXBsZXRvbi5jb20=' was loaded over HTTPS, but requested an insecure element 'http://logo.clearbit.com/franklintempleton.com'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
other	warning	URL: https://auothu-authnticate-redirect.pages.dev/000ni0-0-0#eWFzdWtvLmtvZ3VyZUBmcmFua2xpbnRlbXBsZXRvbi5jb20= Message: Failed to decode downloaded font: https://auothu-authnticate-redirect.pages.dev/fonts/fontawesome-webfont.woff2?v=4.7.0
other	warning	URL: https://auothu-authnticate-redirect.pages.dev/000ni0-0-0#eWFzdWtvLmtvZ3VyZUBmcmFua2xpbnRlbXBsZXRvbi5jb20= Message: OTS parsing error: invalid sfntVersion: 218774561
other	warning	URL: https://auothu-authnticate-redirect.pages.dev/000ni0-0-0#eWFzdWtvLmtvZ3VyZUBmcmFua2xpbnRlbXBsZXRvbi5jb20= Message: Failed to decode downloaded font: https://auothu-authnticate-redirect.pages.dev/fonts/fontawesome-webfont.woff?v=4.7.0
other	warning	URL: https://auothu-authnticate-redirect.pages.dev/000ni0-0-0#eWFzdWtvLmtvZ3VyZUBmcmFua2xpbnRlbXBsZXRvbi5jb20= Message: OTS parsing error: invalid sfntVersion: 218774561
other	warning	URL: https://auothu-authnticate-redirect.pages.dev/000ni0-0-0#eWFzdWtvLmtvZ3VyZUBmcmFua2xpbnRlbXBsZXRvbi5jb20= Message: Failed to decode downloaded font: https://auothu-authnticate-redirect.pages.dev/fonts/fontawesome-webfont.ttf?v=4.7.0
other	warning	URL: https://auothu-authnticate-redirect.pages.dev/000ni0-0-0#eWFzdWtvLmtvZ3VyZUBmcmFua2xpbnRlbXBsZXRvbi5jb20= Message: OTS parsing error: invalid sfntVersion: 218774561

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auothu-authnticate-redirect.pages.dev
logo.clearbit.com
protect-us.mimecast.com
18.67.65.37
205.139.111.117
2606:4700:e6::ac40:ca06
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
67a14ea4119e6bb5f19f3eae66d562f0e6d3186d08b989c37bf88a146da501bf
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7b3e10ed2f867fd289acfef86780d8f78ecae39000fed6a0557a3b82b15b57e3
8f701947ccec193e5d77382be3f43481c0cab84b75dad13a7497c386c7d13a6a
cd81cb994b55e35df2458d732519b9281a3898a6ec49553f973d035acf19309d
dd5fb1183799276e5d5ba143a14dd0d8284080b9358417652f9d772983447b4e
f348d15a93e2d428fef5f18b5ac7b680e2142faacd6db175ce0731dcaae1e3c5
f50010fb3423b3c462b636e5cb4af628c18f7b15f448203a0ef6dcae0df22a6b

auothu-authnticate-redirect.pages.dev Open in urlscan Pro 2606:4700:e6::ac40:ca06 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

115 kBTransfer

368 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

7 Console Messages

Indicators

auothu-authnticate-redirect.pages.dev Open in urlscan Pro
2606:4700:e6::ac40:ca06 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

115 kB
Transfer

368 kB
Size

0
Cookies

12 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!