![](/screenshots/14a2bb0b-356f-4f72-a9b3-da181242e363.png)
danli.mandl.ru
Open in
urlscan Pro
2606:4700:3034::6815:3d55
Malicious Activity!
Public Scan
Submission: On August 24 via api from IN — Scanned from DE
Summary
This is the only time danli.mandl.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 12 | 2606:4700:303... 2606:4700:3034::6815:3d55 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 2606:4700::68... 2606:4700::6811:2b8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
17 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
mandl.ru
1 redirects
danli.mandl.ru |
149 KB |
4 |
cloudflare.com
challenges.cloudflare.com — Cisco Umbrella Rank: 6115 |
20 KB |
17 | 2 |
Domain | Requested by | |
---|---|---|
12 | danli.mandl.ru |
1 redirects
danli.mandl.ru
|
4 | challenges.cloudflare.com |
danli.mandl.ru
challenges.cloudflare.com |
17 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
challenges.cloudflare.com Cloudflare Inc ECC CA-3 |
2023-08-18 - 2024-08-17 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
http://danli.mandl.ru/
Frame ID: 6542AF20D96A122951F4FB2B8CE52338
Requests: 15 HTTP requests in this frame
Frame:
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hoaxp/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Frame ID: 9EC0355F44658F533DD40406F4E8C018
Requests: 1 HTTP requests in this frame
Frame:
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3l2u5/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Frame ID: BA24E9F8719C1E4FC4F70BD44F73F648
Requests: 1 HTTP requests in this frame
Screenshot
![](/screenshots/14a2bb0b-356f-4f72-a9b3-da181242e363.png)
Page Title
Loading...Page URL History Show full URLs
- http://danli.mandl.ru/ Page URL
-
http://danli.mandl.ru/cdn-cgi/phish-bypass?atok=yyaQwQD06TOB2jeLKOoFZgDWK0qhAtsaoeR6Q32vcSI-169286...
HTTP 301
http://danli.mandl.ru/ Page URL
- http://danli.mandl.ru/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://danli.mandl.ru/ Page URL
-
http://danli.mandl.ru/cdn-cgi/phish-bypass?atok=yyaQwQD06TOB2jeLKOoFZgDWK0qhAtsaoeR6Q32vcSI-1692869964-0-%2F
HTTP 301
http://danli.mandl.ru/ Page URL
- http://danli.mandl.ru/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 3- http://danli.mandl.ru/cdn-cgi/phish-bypass?atok=yyaQwQD06TOB2jeLKOoFZgDWK0qhAtsaoeR6Q32vcSI-1692869964-0-%2F HTTP 301
- http://danli.mandl.ru/
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
danli.mandl.ru/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cf.errors.css
danli.mandl.ru/cdn-cgi/styles/ |
24 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-exclamation.png
danli.mandl.ru/cdn-cgi/images/ |
452 B 889 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
danli.mandl.ru/ Redirect Chain
|
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
v1
danli.mandl.ru/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/ |
162 KB 55 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
challenges.cloudflare.com/turnstile/v0/g/313d8a27/ |
29 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
6b11724c-78c7-4061-80cb-5306274a9047
http://danli.mandl.ru/ |
13 B 0 |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
257e559018db385
danli.mandl.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/262567872:1692868038:CKVL8KFHavLwePFFKh6vGjTLz0aApOFRNOmE8h-XKsU/7fbaa0d979bebbb6/ |
10 KB 8 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hoaxp/0x4AAAAAAADnPIDROrmt1Wwj/light/ Frame 9EC0 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
257e559018db385
danli.mandl.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/262567872:1692868038:CKVL8KFHavLwePFFKh6vGjTLz0aApOFRNOmE8h-XKsU/7fbaa0d979bebbb6/ |
2 KB 3 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
danli.mandl.ru/ |
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
v1
danli.mandl.ru/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/ |
164 KB 54 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
challenges.cloudflare.com/turnstile/v0/g/313d8a27/ |
29 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
c6edb83c-2b0b-4e86-936c-9902fe6db067
http://danli.mandl.ru/ |
13 B 0 |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
54f789fb5b116f6
danli.mandl.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/885526586:1692868086:kJx-4Pyqzt0_alg2DWU7FKzIh5NM5cvwGF_T7ae2ZZw/7fbaa0ecd89a37ea/ |
10 KB 8 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3l2u5/0x4AAAAAAADnPIDROrmt1Wwj/light/ Frame BA24 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
54f789fb5b116f6
danli.mandl.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/885526586:1692868086:kJx-4Pyqzt0_alg2DWU7FKzIh5NM5cvwGF_T7ae2ZZw/7fbaa0ecd89a37ea/ |
2 KB 3 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| _cf_chl_opt function| QlFv6 function| ICY6 function| ozlfeI1 function| aw3 object| Rkiqk9 function| TwZwupsVWD function| URXdVe4 boolean| KdU6 function| vQGSCb7 object| YSIJaU7 object| turnstile boolean| HVYp3 string| qja62 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.danli.mandl.ru/ | Name: __cf_mw_byp Value: yyaQwQD06TOB2jeLKOoFZgDWK0qhAtsaoeR6Q32vcSI-1692869964-0-/ |
|
danli.mandl.ru/ | Name: cf_chl_rc_m Value: 1 |
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
challenges.cloudflare.com
danli.mandl.ru
2606:4700:3034::6815:3d55
2606:4700::6811:2b8
0d32eabd56a583a97a70339a6beedd1be08b12af56498c1bf6c637d42443c2a2
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
1ae488283b6cebf52b5bd97cd3dbe44e84ab7e87234525258a07e59a1904c2ed
2a857b5f6394050090645c48945139a5cc0ce327474eae435992d884fff1aaed
55df56d7b19d32b049585f75a24864e8fe09fae96f88682841ce446237e454c8
8860e7fef89219a219cb11d18bd8e4a322f32072613f86e935e7fe162ab69c04
a9b53b2c43d12abbeb5a8b33a887544146937366b19ba56e57b88a44333551ee
bd507cb64b35f448ed9c7cf310b4386b08fb3ec18253e5a9a727ef244e82d104
c9e15cfbbf49fcd27def8906e10040db5ff7662a30aea9d9d2ca98e941d8315d
d4d4cb8d2be23a4d9871de8d153dac3aaaf93d253059c988a3c151c482a571a7
e0088e6e5d52d06b588039afd30b03c9efff9b3f634870a02ea14f44bc715633
e1aa6096a47f8926d45fbc3629b8e56c599402a52755a4a7aac0d1300a8434d5
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016