bramdansuperot.pages.dev Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://vrapd.xyz/othaims-gifts
Effective URL:
https://bramdansuperot.pages.dev/
Submission: On July 17 via manual (July 17th 2024, 4:47:35 pm UTC) from SA — Scanned from DE

Summary HTTP 25 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 7 IPs in 1 countries across 5 domains to perform 25 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is bramdansuperot.pages.dev.
TLS certificate: Issued by WE1 on June 28th 2024. Valid for: 3 months.

This is the only time bramdansuperot.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 2	107.180.113.22 107.180.113.22	398101 (GO-DADDY-...) (GO-DADDY-COM-LLC)
1 1	67.199.248.10 67.199.248.10	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:4700:310... 2606:4700:310c::ac42:2fc9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	72.167.56.14 72.167.56.14	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
1	199.232.196.193 199.232.196.193	54113 (FASTLY) (FASTLY)
5	199.232.192.193 199.232.192.193	54113 (FASTLY) (FASTLY)
1 8	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
25	7

2 107.180.113.22 (Ashburn, United States) 1 redirects

ASN398101 (GO-DADDY-COM-LLC, US)
PTR: 22.113.180.107.host.secureserver.net

vrapd.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.199.248.10 (United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:310c::ac42:2fc9 (United States)

ASN13335 (CLOUDFLARENET, US)

od-img.pages.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.167.56.14 (United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: 14.56.167.72.host.secureserver.net

oresk.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.196.193 (United States)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 199.232.192.193 (United States)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a06:98c1:3121::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

bramdansuperot.pages.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	pages.dev 1 redirects od-img.pages.dev poramdansupermar2.pages.dev Failed bramdansuperot.pages.dev	23 KB
6	imgur.com i.imgur.com — Cisco Umbrella Rank: 7108	683 KB
2	vrapd.xyz 1 redirects vrapd.xyz	865 B
1	oresk.xyz oresk.xyz	3 KB
1	bit.ly 1 redirects bit.ly — Cisco Umbrella Rank: 6373	434 B
25	5

	Domain	Requested by
8	bramdansuperot.pages.dev	1 redirects oresk.xyz bramdansuperot.pages.dev
6	i.imgur.com	oresk.xyz
2	vrapd.xyz	1 redirects
1	oresk.xyz	oresk.xyz
1	od-img.pages.dev	vrapd.xyz oresk.xyz
1	bit.ly	1 redirects
0	poramdansupermar2.pages.dev Failed	oresk.xyz
25	7

This site contains links to these domains. Also see Links.

Domain
www.cloudflare.com

Subject Issuer	Validity	Valid
vrapd.xyz R10	`2024-07-17` - `2024-10-15`	3 months	crt.sh
webdisk.oresk.xyz R10	`2024-06-13` - `2024-09-11`	3 months	crt.sh
*.imgur.com Sectigo RSA Domain Validation Secure Server CA	`2024-02-15` - `2025-02-14`	a year	crt.sh
bramdansuperot.pages.dev WE1	`2024-06-28` - `2024-09-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://bramdansuperot.pages.dev/
Frame ID: 5A24B6E22F3545674C3B686AB0DBD199
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Worker threw exception | bramdansuperot.pages.dev | Cloudflare

Page URL History Show full URLs

https://vrapd.xyz/othaims-gifts HTTP 301
https://vrapd.xyz/othaims-gifts/ Page URL
https://oresk.xyz/othaims-anniversary/ Page URL
https://bramdansuperot.pages.dev/ Page URL
https://bramdansuperot.pages.dev/cdn-cgi/phish-bypass?atok=WxWfVqxpWN4eu3cV9JkbxF.pWNwQ4LdveaNEJ3v9zy8-172123... HTTP 301
https://bramdansuperot.pages.dev/ Page URL

Page Statistics

25
Requests

60 %
HTTPS

29 %
IPv6

5
Domains

7
Subdomains

7
IPs

1
Countries

709 kB
Transfer

755 kB
Size

1
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cloudflare.com/5xx-error-landing/
Title: Cloudflare

Search URL Search Domain Scan URL

URL: https://www.cloudflare.com/login?utm_source=error_100x
Title: login to Cloudflare

Search URL Search Domain Scan URL

URL: https://www.cloudflare.com/5xx-error-landing
Title: Cloudflare

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://vrapd.xyz/othaims-gifts HTTP 301
https://vrapd.xyz/othaims-gifts/ Page URL
https://oresk.xyz/othaims-anniversary/ Page URL
https://bramdansuperot.pages.dev/ Page URL
https://bramdansuperot.pages.dev/cdn-cgi/phish-bypass?atok=WxWfVqxpWN4eu3cV9JkbxF.pWNwQ4LdveaNEJ3v9zy8-1721234846-0.0.1.1-%2F HTTP 301
https://bramdansuperot.pages.dev/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://vrapd.xyz/othaims-gifts HTTP 301
https://vrapd.xyz/othaims-gifts/

Request Chain 1

https://bit.ly/4cUjj6M HTTP 301
https://od-img.pages.dev/ic.png?OthaimNew39

25 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
vrapd.xyz/othaims-gifts/
Redirect Chain

https://vrapd.xyz/othaims-gifts
https://vrapd.xyz/othaims-gifts/

1004 B
514 B

160ms
159ms

Document
text/html

107.180.113.22
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://vrapd.xyz/othaims-gifts/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.113.22 Ashburn, United States, ASN398101 (GO-DADDY-COM-LLC, US),
Reverse DNS: 22.113.180.107.host.secureserver.net
Software: Apache /
Resource Hash: ddfd9229bbcec545d1b33a7df9408958bb378c6347901fa6a674f4745320c6d2

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
content-encoding: br
content-length: 405
content-type: text/html
date: Wed, 17 Jul 2024 16:47:25 GMT
etag: "43410c9-3ec-61d58d21234c0-br"
last-modified: Tue, 16 Jul 2024 08:06:19 GMT
server: Apache
vary: Accept-Encoding

Redirect headers

content-length: 240
content-type: text/html; charset=iso-8859-1
date: Wed, 17 Jul 2024 16:47:25 GMT
location: https://vrapd.xyz/othaims-gifts/
server: Apache

GET
H3

200

ic.png
od-img.pages.dev/
Redirect Chain

https://bit.ly/4cUjj6M
https://od-img.pages.dev/ic.png?OthaimNew39

73 B
592 B

112ms
74ms

Image
image/png

2606:4700:310c::ac42:2fc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://od-img.pages.dev/ic.png?OthaimNew39

Requested by

Host: vrapd.xyz
URL: https://vrapd.xyz/othaims-gifts/

Protocol

Server

2606:4700:310c::ac42:2fc9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://vrapd.xyz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 17 Jul 2024 16:47:26 GMT
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "dffe0cf1a64d3dd05635fc937707c193"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rrnCapfsFulcvCB8XPfV2idmGfBCeZurwqrx%2Bn23Y3rVSM6e54P66VTLrpR9TYvJYSCImodoucy%2FOonw9hV3s4RrcBDsU2lLvWcgdaeSvWkqt0CkRKpgSW7vpA7PQWQHOuElVPbG7HpoOjp%2B%2BW6U"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 8a4bb6bc3b8b3820-FRA
alt-svc: h3=":443"; ma=86400
content-length: 73

Redirect headers

date: Wed, 17 Jul 2024 16:47:26 GMT
content-security-policy: referrer always;
referrer-policy: unsafe-url
via: 1.1 google
server: nginx
content-type: text/html; charset=utf-8
location: https://od-img.pages.dev/ic.png?OthaimNew39
cache-control: private, max-age=90
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 130

GET
H2 200 /
oresk.xyz/othaims-anniversary/ 9 KB
3 KB 536ms
165ms Document
text/html 72.167.56.14
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://oresk.xyz/othaims-anniversary/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.167.56.14 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 14.56.167.72.host.secureserver.net
Software: Apache /
Resource Hash

Request headers

Referer: https://vrapd.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
content-encoding: br
content-length: 2750
content-type: text/html
date: Wed, 17 Jul 2024 16:47:26 GMT
etag: "60679f1-2331-61d39747a8a41-br"
last-modified: Sun, 14 Jul 2024 18:41:04 GMT
server: Apache
vary: Accept-Encoding

GET
H2 200 OEytDrP.jpeg
i.imgur.com/ 17 KB
18 KB 45ms
7ms Other
image/jpeg 199.232.196.193
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://i.imgur.com/OEytDrP.jpeg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

Referer: https://vrapd.xyz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 17 Jul 2024 16:47:26 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD89-P1
age: 1391407
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront, HIT, HIT
content-length: 17542
x-served-by: cache-iad-kjyo7100167-IAD, cache-fra-eddf8230025-FRA
last-modified: Sun, 05 May 2024 00:45:28 GMT
server: cat factory 1.0
x-timer: S1721234846.246460,VS0,VE0
etag: "32536c5010e4af246ed835b59a7badda"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: N8N-xpYZhvqIlQ54IrMkl-wFoeQjsBnCk1ulHrBBFLBfA5t0eq_q9A==
x-cache-hits: 6, 52

GET app.css
poramdansupermar2.pages.dev/css/ 0
0

GET app.css
poramdansupermar2.pages.dev/css/landers/survey-pick-a-box/ 0
0

GET
H2 200 1fQ9sIT.png
i.imgur.com/ 76 KB
76 KB 27ms
7ms Image
image/png 199.232.192.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/1fQ9sIT.png

Requested by

Host: oresk.xyz
URL: https://oresk.xyz/othaims-anniversary/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.192.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

Referer: https://oresk.xyz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 17 Jul 2024 16:47:26 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD89-P1
age: 1231829
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront, HIT, HIT
content-length: 77536
x-served-by: cache-iad-kjyo7100113-IAD, cache-fra-eddf8230098-FRA
last-modified: Thu, 29 Feb 2024 13:23:06 GMT
server: cat factory 1.0
x-timer: S1721234847.807581,VS0,VE0
etag: "cbc5732e1290831170cae8e801f563fc"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 0osAKVC_TuvV1MISbxd5yaU2giRVWjDEu4mj8EgB1rIO_FMygYKxOA==
x-cache-hits: 608, 47

GET
H2 200 iA4hj7u.jpeg
i.imgur.com/ 214 KB
214 KB 37ms
18ms Image
image/jpeg 199.232.192.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/iA4hj7u.jpeg

Requested by

Host: oresk.xyz
URL: https://oresk.xyz/othaims-anniversary/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.192.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

Referer: https://oresk.xyz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 17 Jul 2024 16:47:26 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 551226
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront, HIT, HIT
content-length: 218809
x-served-by: cache-iad-kjyo7100117-IAD, cache-fra-eddf8230098-FRA
last-modified: Thu, 11 Jul 2024 07:40:21 GMT
server: cat factory 1.0
x-timer: S1721234847.807766,VS0,VE2
etag: "8538bb5de9c9fb7e423327f276debc04"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: Yz9HOqjbDW0ZWq94H9i0fRk1K0UWZa3kzEZrkrrPxUxK_SBv5FRsMQ==
x-cache-hits: 5, 1

GET
H2 200 fmZLKXU.png
i.imgur.com/ 22 KB
22 KB 9ms
8ms Image
image/png 199.232.192.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/fmZLKXU.png

Requested by

Host: oresk.xyz
URL: https://oresk.xyz/othaims-anniversary/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.192.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

Referer: https://oresk.xyz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 17 Jul 2024 16:47:26 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 496780
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront, HIT, HIT
content-length: 22669
x-served-by: cache-iad-kiad7000124-IAD, cache-fra-eddf8230098-FRA
last-modified: Thu, 11 Jul 2024 22:47:47 GMT
server: cat factory 1.0
x-timer: S1721234847.845504,VS0,VE0
etag: "8d57e6d4564dab03ae6fde7ffdbfb82d"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: N3C1JaODVQ6njdEDbP58yTC8hzYP4VlakWOaX6STLyet7TfQB2vgQA==
x-cache-hits: 3, 46

GET
H2 200 IydMRJT.png
i.imgur.com/ 341 KB
341 KB 16ms
11ms Image
image/png 199.232.192.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/IydMRJT.png

Requested by

Host: oresk.xyz
URL: https://oresk.xyz/othaims-anniversary/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.192.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

Referer: https://oresk.xyz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 17 Jul 2024 16:47:26 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: MIA3-P1
age: 914988
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront, HIT, HIT
content-length: 349137
x-served-by: cache-iad-kjyo7100127-IAD, cache-fra-eddf8230098-FRA
last-modified: Sat, 06 Apr 2024 02:11:08 GMT
server: cat factory 1.0
x-timer: S1721234847.877308,VS0,VE3
etag: "fe08532a0493a211eccc4dc995391970"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: JOi5fEYE2SNFOifoS52xk3j5Ai3bYrgWPVOCZ6Tr3wcDmff_GiYkqA==
x-cache-hits: 2, 1

GET
H2 200 zCO3qy2.png
i.imgur.com/ 12 KB
12 KB 14ms
9ms Image
image/png 199.232.192.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/zCO3qy2.png

Requested by

Host: oresk.xyz
URL: https://oresk.xyz/othaims-anniversary/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.192.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

Referer: https://oresk.xyz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 17 Jul 2024 16:47:26 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: JFK50-P6
age: 252456
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront, HIT, HIT
content-length: 11815
x-served-by: cache-iad-kiad7000141-IAD, cache-fra-eddf8230098-FRA
last-modified: Sun, 14 Jul 2024 18:39:50 GMT
server: cat factory 1.0
x-timer: S1721234847.877316,VS0,VE0
etag: "d5d324928552c6c966e686e3e1d10345"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: yq-NJn_I3OLeDGENVGigWAjZ-wEFP9XhnTFzlTWZAbVKIM4pOVd_fA==
x-cache-hits: 1, 36

GET true.png
od-img.pages.dev/ 0
0

GET XxiCuSd.jpeg
i.imgur.com/ 0
0

GET checked.png
poramdansupermar2.pages.dev/img/landers/survey-pick-a-box/ 0
0

GET spinner.gif
poramdansupermar2.pages.dev/img/landers/survey-pick-a-box/ 0
0

GET app.js
poramdansupermar2.pages.dev/js/ 0
0

GET app.js
poramdansupermar2.pages.dev/js/landers/survey-pick-a-box/ 0
0

GET p.js
oresk.xyz/ 0
0

GET
H3 200 / Show response
bramdansuperot.pages.dev/ 4 KB
2 KB 58ms
14ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bramdansuperot.pages.dev/

Requested by

Host: oresk.xyz
URL: https://oresk.xyz/othaims-anniversary/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11bc7aad286eae20dddeb503f016e7ccf407d6627d46a05fb630c5a362aaf6c4

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://oresk.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cf-ray: 8a4bb6c1583818c9-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 17 Jul 2024 16:47:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yX%2F%2B1k2AkY0ClU1JK8bMwBHISlrFWfcXpzO1e5yF9ktNAywztWho44qPhP5tQeAexGk%2F1qM6Nt7Cww9b3DZaWvMJfnanVylhXEQqAnsZSj5WprO%2FwpXnyK9NtqF93VFywMYj%2BMkzNZT6001xKziA3tWiuooClsA%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H3 200 cf.errors.css
bramdansuperot.pages.dev/cdn-cgi/styles/ 23 KB
5 KB 13ms
13ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bramdansuperot.pages.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: bramdansuperot.pages.dev
URL: https://bramdansuperot.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://bramdansuperot.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 17 Jul 2024 16:47:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 Jul 2024 17:10:21 GMT
server: cloudflare
etag: W/"6691637d-5df3"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 8a4bb6c1786118c9-FRA
expires: Wed, 17 Jul 2024 18:47:26 GMT

GET
H3 200 icon-exclamation.png
bramdansuperot.pages.dev/cdn-cgi/images/ 452 B
635 B 16ms
15ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bramdansuperot.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: bramdansuperot.pages.dev
URL: https://bramdansuperot.pages.dev/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://bramdansuperot.pages.dev/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 17 Jul 2024 16:47:27 GMT
x-content-type-options: nosniff
last-modified: Fri, 12 Jul 2024 17:10:21 GMT
server: cloudflare
etag: "6691637d-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 8a4bb6c2398b18c9-FRA
content-length: 452
expires: Wed, 17 Jul 2024 18:47:27 GMT

GET
H3 500 favicon.ico
bramdansuperot.pages.dev/ 4 KB
5 KB 34ms
32ms Other
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bramdansuperot.pages.dev/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f11d1dec92d2591b274b2add1e247ea9d9a8021cfb6ade17a10f748a8398c939

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://bramdansuperot.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 17 Jul 2024 16:47:27 GMT
referrer-policy: same-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dOSxA4H6%2BK7f5v87csODjgW%2FwkB94xkK0Z06Q7Pj1%2Fnn5GJ%2Fi4FzdCEYPogsPZyzZUD98fOEPKFeGCeo8seLWvueBhzZlfKSPEgpKTgjIb9AMv1gIyKPz0WngDhvzSNmcg%2B4qYFh57rD9KXn5bJo3wDiwWaXFNw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 8a4bb6c269d518c9-FRA
alt-svc: h3=":443"; ma=86400
content-length: 4347
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H3

500

Primary Request / Show response
bramdansuperot.pages.dev/
Redirect Chain

https://bramdansuperot.pages.dev/cdn-cgi/phish-bypass?atok=WxWfVqxpWN4eu3cV9JkbxF.pWNwQ4LdveaNEJ3v9zy8-1721234846-0.0.1.1-%2F
https://bramdansuperot.pages.dev/

4 KB
5 KB

24ms
23ms

Document
text/html

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bramdansuperot.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ab47ea26e0d84f76101d1af85d81349a5a6b62cefb544b5c3bb76780c936e5f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://bramdansuperot.pages.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 8a4bb6da1e6c18c9-FRA
content-length: 4347
content-type: text/html; charset=UTF-8
date: Wed, 17 Jul 2024 16:47:30 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aUYIb%2BYg039jAgXU4eKwwB4ufSXpN%2BZOvX5wp%2BLHgcTDc5ZEjul7eWvlwlWKXgu%2BdJMju2M%2FZKOwAo1DQCsAO74BiUT4Vo%2F7dHuUVeikS%2F9QHxn9AFTRAI0RKRzo3q3z4Fiubzv0dkhEmtvStv3s%2Fnn8q3fR1Fg%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

Redirect headers

cache-control: private, no-cache
cf-ray: 8a4bb6d9fe3a18c9-FRA
content-length: 167
content-type: text/html
date: Wed, 17 Jul 2024 16:47:30 GMT
location: https://bramdansuperot.pages.dev/
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H3 200 cf.errors.css
bramdansuperot.pages.dev/cdn-cgi/styles/ 23 KB
0 0ms
0ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bramdansuperot.pages.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: bramdansuperot.pages.dev
URL: https://bramdansuperot.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://bramdansuperot.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 17 Jul 2024 16:47:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 Jul 2024 17:10:21 GMT
server: cloudflare
etag: W/"6691637d-5df3"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 8a4bb6c1786118c9-FRA
expires: Wed, 17 Jul 2024 18:47:26 GMT

GET
H3 500 favicon.ico
bramdansuperot.pages.dev/ 4 KB
5 KB 20ms
20ms Other
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bramdansuperot.pages.dev/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bad62605d40538e2eabbc7640aa3d32c424cea2eca865151bd5e9e01af326c4b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://bramdansuperot.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 17 Jul 2024 16:47:30 GMT
referrer-policy: same-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2maPc2LbPYFTZDHTSxKA27EIp8ieOylOeqBbxR2jGOcvRh2RzjG9AfyVfGwc5EP8vr9w9DHZbhnJyzHi4G4APvVNVI9FZbANU7t125bmBZ%2BbK6cquCGvX0RC4uoDQORHvEdMEnPPNnvCkSBiIwP9e3d7XS1iIjQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 8a4bb6da6ed318c9-FRA
alt-svc: h3=":443"; ma=86400
content-length: 4347
expires: Thu, 01 Jan 1970 00:00:01 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: poramdansupermar2.pages.dev
URL: https://poramdansupermar2.pages.dev/css/app.css?id=2fbe2d9a9a40ca9b2489

Domain: poramdansupermar2.pages.dev
URL: https://poramdansupermar2.pages.dev/css/landers/survey-pick-a-box/app.css?id=cfc27b22c2dc71691640

Domain: od-img.pages.dev
URL: https://od-img.pages.dev/true.png

Domain: i.imgur.com
URL: https://i.imgur.com/XxiCuSd.jpeg

Domain: poramdansupermar2.pages.dev
URL: https://poramdansupermar2.pages.dev/img/landers/survey-pick-a-box/checked.png

Domain: poramdansupermar2.pages.dev
URL: https://poramdansupermar2.pages.dev/img/landers/survey-pick-a-box/spinner.gif

Domain: poramdansupermar2.pages.dev
URL: https://poramdansupermar2.pages.dev/js/app.js?id=d41d8cd98f00b204e980

Domain: poramdansupermar2.pages.dev
URL: https://poramdansupermar2.pages.dev/js/landers/survey-pick-a-box/app.js?id=17138759790b445ece6b

Domain: oresk.xyz
URL: https://oresk.xyz/p.js?f=sync&lr=1&partner=6ead5f0c5ddb6c1d33a3179db69d52f2ab5ba8ceb41f0306c27032933ca3b3f3

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _cf_translation

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.bramdansuperot.pages.dev/	1970-01-20 22:08:41	Name: __cf_mw_byp Value: WxWfVqxpWN4eu3cV9JkbxF.pWNwQ4LdveaNEJ3v9zy8-1721234846-0.0.1.1-/

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://bramdansuperot.pages.dev/favicon.ico Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://bramdansuperot.pages.dev/ Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://bramdansuperot.pages.dev/favicon.ico Message: Failed to load resource: the server responded with a status of 500 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bit.ly
bramdansuperot.pages.dev
i.imgur.com
od-img.pages.dev
oresk.xyz
poramdansupermar2.pages.dev
vrapd.xyz
i.imgur.com
od-img.pages.dev
oresk.xyz
poramdansupermar2.pages.dev
107.180.113.22
199.232.192.193
199.232.196.193
2606:4700:310c::ac42:2fc9
2a06:98c1:3121::3
67.199.248.10
72.167.56.14
11bc7aad286eae20dddeb503f016e7ccf407d6627d46a05fb630c5a362aaf6c4
6ab47ea26e0d84f76101d1af85d81349a5a6b62cefb544b5c3bb76780c936e5f
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
bad62605d40538e2eabbc7640aa3d32c424cea2eca865151bd5e9e01af326c4b
ddfd9229bbcec545d1b33a7df9408958bb378c6347901fa6a674f4745320c6d2
f11d1dec92d2591b274b2add1e247ea9d9a8021cfb6ade17a10f748a8398c939
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

bramdansuperot.pages.dev Open in urlscan Pro 2a06:98c1:3121::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

25 Requests

60 %HTTPS

29 %IPv6

5 Domains

7 Subdomains

7 IPs

1 Countries

709 kBTransfer

755 kBSize

1 Cookies

3 Outgoing links

Page URL History

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

1 Cookies

3 Console Messages

Indicators

bramdansuperot.pages.dev Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

60 %
HTTPS

29 %
IPv6

5
Domains

7
Subdomains

7
IPs

1
Countries

709 kB
Transfer

755 kB
Size

1
Cookies

25 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!