gothicoutfit.com Open in urlscan Pro
104.21.33.29 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://free4facebook.com/VM29WQV91CE/XfJrknaUj.html
Effective URL:
https://gothicoutfit.com/help/10009283718881/confirm.html
Submission: On December 09 via api (December 9th 2023, 12:54:39 am UTC) from US — Scanned from US

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 6 domains to perform 14 HTTP transactions. The main IP is 104.21.33.29, located in and belongs to CLOUDFLARENET, US. The main domain is gothicoutfit.com.
TLS certificate: Issued by GTS CA 1P5 on October 22nd 2023. Valid for: 3 months.

This is the only time gothicoutfit.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
1 1	104.21.77.6 104.21.77.6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	172.67.140.188 172.67.140.188	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5 13	104.21.33.29 104.21.33.29	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.251.40.99 142.251.40.99	15169 (GOOGLE) (GOOGLE)
2	172.217.13.196 172.217.13.196	15169 (GOOGLE) (GOOGLE)
1	104.20.61.122 104.20.61.122	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	5

1 104.21.77.6 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

free4facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.140.188 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

gothicoutfit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 104.21.33.29 (None, ) 5 redirects

ASN13335 (CLOUDFLARENET, US)

gothicoutfit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.40.99 (Newark, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s79-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.13.196 (United States)

ASN15169 (GOOGLE, US)
PTR: yul03s05-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.20.61.122 (None, )

ASN13335 (CLOUDFLARENET, US)

api.ipgeolocation.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	gothicoutfit.com 7 redirects gothicoutfit.com	90 KB
2	google.com www.google.com — Cisco Umbrella Rank: 2	2 KB
2	gstatic.com www.gstatic.com	201 KB
1	ipgeolocation.io api.ipgeolocation.io — Cisco Umbrella Rank: 35512	781 B
1	free4facebook.com 1 redirects free4facebook.com	492 B
0	ipify.org Failed api.ipify.org Failed
14	6

	Domain	Requested by
15	gothicoutfit.com	7 redirects gothicoutfit.com
2	www.google.com	gothicoutfit.com
2	www.gstatic.com	gothicoutfit.com www.google.com
1	api.ipgeolocation.io	gothicoutfit.com
1	free4facebook.com	1 redirects
0	api.ipify.org Failed	gothicoutfit.com
14	6

This site contains no links.

Subject Issuer	Validity	Valid
gothicoutfit.com GTS CA 1P5	`2023-10-22` - `2024-01-20`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-28` - `2024-04-27`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://gothicoutfit.com/help/10009283718881/confirm.html
Frame ID: 63C59AF167B6939E27CABF78484BEE68
Requests: 12 HTTP requests in this frame

Frame: https://gothicoutfit.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
Frame ID: EE7BD01B653DADA074A6E04C369B2924
Requests: 2 HTTP requests in this frame

Frame: https://gothicoutfit.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
Frame ID: 8A276F48F74B1AADC9D5A08282B37709
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BUSINESS SUITE

Page URL History Show full URLs

https://free4facebook.com/VM29WQV91CE/XfJrknaUj.html HTTP 302
http://gothicoutfit.com/help/10009283718881 HTTP 301
https://gothicoutfit.com/help/10009283718881 Page URL
https://gothicoutfit.com/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6694892 HTTP 302
http://gothicoutfit.com/help/10009283718881 HTTP 301
https://gothicoutfit.com/help/10009283718881 HTTP 301
https://gothicoutfit.com/help/10009283718881/ HTTP 302
https://gothicoutfit.com/help/10009283718881/confirm.html Page URL

Detected technologies

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

14
Requests

79 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

5
IPs

2
Countries

290 kB
Transfer

847 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://free4facebook.com/VM29WQV91CE/XfJrknaUj.html HTTP 302
http://gothicoutfit.com/help/10009283718881 HTTP 301
https://gothicoutfit.com/help/10009283718881 Page URL
https://gothicoutfit.com/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6694892 HTTP 302
http://gothicoutfit.com/help/10009283718881 HTTP 301
https://gothicoutfit.com/help/10009283718881 HTTP 301
https://gothicoutfit.com/help/10009283718881/ HTTP 302
https://gothicoutfit.com/help/10009283718881/confirm.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://free4facebook.com/VM29WQV91CE/XfJrknaUj.html HTTP 302
http://gothicoutfit.com/help/10009283718881 HTTP 301
https://gothicoutfit.com/help/10009283718881

Request Chain 1

https://gothicoutfit.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://gothicoutfit.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js

Request Chain 13

https://gothicoutfit.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://gothicoutfit.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js

14 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

10009283718881 Show response
gothicoutfit.com/help/
Redirect Chain

https://free4facebook.com/VM29WQV91CE/XfJrknaUj.html
http://gothicoutfit.com/help/10009283718881
https://gothicoutfit.com/help/10009283718881

2 KB
1 KB

93ms
62ms

Document
text/html

104.21.33.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gothicoutfit.com/help/10009283718881
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.33.29 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5069d1dc4b8dd28ab3f407719489dfde4ef9164df2c03bbd4bb862f00c781705

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
cf-cache-status: DYNAMIC
cf-edge-cache: no-cache
cf-ray: 832947101ac043ac-EWR
content-encoding: br
content-type: text/html
date: Sat, 09 Dec 2023 00:54:34 GMT
last-modified: Saturday, 09-Dec-2023 00:54:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yuYZIR1DLMldpmvTj0tv7NUJyvm3jaIVBwuufSejI12jP8YiyX9s4FYY%2Fs3DOYa7P%2FxvrFiUbDnLwIXy6bjFs3JxV98qv5F1mwqLFxQLkS2KMi5vBKabt%2BMCwL1saKPmRBvX"}],"group":"cf-nel","max_age":604800}
server: cloudflare

Redirect headers

CF-RAY: 8329470fcf6f3344-EWR
Cache-Control: max-age=3600
Connection: keep-alive
Date: Sat, 09 Dec 2023 00:54:34 GMT
Expires: Sat, 09 Dec 2023 01:54:34 GMT
Location: https://gothicoutfit.com/help/10009283718881
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QmYJo3XBsJVLgFgWMF%2FXs8m7C03vMQFwjkFXrx1Gi%2B%2BXhwtTfjJUzLkpTphhKlL1G5%2BgTyvjJx6lljMoujU6kTNCBcWTkbFqeLA7TMM3hWCjB9bRSLnw46Vp7FtOLGfORXhU"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H2

200

main.js
gothicoutfit.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/ Frame EE7B
Redirect Chain

https://gothicoutfit.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://gothicoutfit.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js

7 KB
4 KB

22ms
22ms

Script
application/javascript

104.21.33.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gothicoutfit.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js

Protocol

Server

104.21.33.29 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 00:54:34 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vhfXGjroKW9eqz8Cj3dQRsMVnQuYPXz7PVN%2FmWmRXjk9yvGJqX95CmkUKMrfhjKdVLKDTloUvlmpuzOmIiH8TKIjxVH913Vh%2BvOrcPY3NeqJOL%2BEjYbse7vNJlNDqC4lC%2BUM"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 83294710eb9943ac-EWR
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Sat, 09 Dec 2023 00:54:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nolr2RnxiKkLuo%2FAo5OEy4B6cRgQ4NNX9oIJ4%2BXiyOoTl3QK7E1%2BIn9QpFhkxrm6shJDoixWxmfUEwJKGRf7SA8H%2BKSJ0hidqch0I196%2FnPSs2VYa8q2ixL4KVhuK6jGuhR1"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
cache-control: max-age=300, public
cf-ray: 83294710cb6343ac-EWR
alt-svc: h3=":443"; ma=86400

GET
H3

200

Primary Request confirm.html Show response
gothicoutfit.com/help/10009283718881/
Redirect Chain

https://gothicoutfit.com/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6694892
http://gothicoutfit.com/help/10009283718881
https://gothicoutfit.com/help/10009283718881
https://gothicoutfit.com/help/10009283718881/
https://gothicoutfit.com/help/10009283718881/confirm.html

137 KB
51 KB

53ms
52ms

Document
text/html

104.21.33.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gothicoutfit.com/help/10009283718881/confirm.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.33.29 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e97f70c514a2699ce93111c2ecc86116b698a4655451d6b8dd72b14f12824715

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=3600, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 83294711d82141e9-EWR
content-encoding: br
content-type: text/html
date: Sat, 09 Dec 2023 00:54:34 GMT
last-modified: Fri, 08 Dec 2023 16:57:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6b6R2kvGL4sSFEaIVgcIjjMdU0LUvrXVrh1NmU1JCtLtvmIQgezWClLCvenN70VyrFmnu8HEtDXpVkjLoqplggJ9lg3wNN02t073pM15iw%2Bi0v4by1q%2BaoaDd%2FON7eiftmtN"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-turbo-charged-by: LiteSpeed

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 832947118fbb41e9-EWR
content-type: text/html; charset=UTF-8
date: Sat, 09 Dec 2023 00:54:34 GMT
location: confirm.html
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FalI%2B%2BgFU3b9iA7Kg0xFFp7MdHdl0xi%2F%2FJUaESrbFG9HGQIpLpqSu3LmAI%2FfCxSDmPeE1HD3Kka4e2maz%2BldaKyxtMPNRoIKX4C9gLWw4sdD4WPc%2FIQxYvzVR1dOP1g4PP0O"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: PHP/7.2.34
x-turbo-charged-by: LiteSpeed

POST
H3 200 832947101ac043ac
gothicoutfit.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame EE7B 0
547 B 45ms
44ms XHR
text/plain 104.21.33.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gothicoutfit.com/cdn-cgi/challenge-platform/h/b/jsd/r/832947101ac043ac
Requested by: Host: gothicoutfit.com
URL: https://gothicoutfit.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.33.29 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 09 Dec 2023 00:54:34 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bZpYQ26r%2FLgW%2F3VJ5HU9gnYS%2FQ5CYSQI8g0gcDgxDLpuOBrTDGThY%2BoxSLmmRMHc0zkMuG6jYgdCdre1YPSCtV2gSwfiyyVOAEVBY9Bkxa8IvCi%2FrJGsjozmWhfS2V2AhN5E"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 83294711aff341e9-EWR
alt-svc: h3=":443"; ma=86400

GET
H2 404 recaptcha__vi.js
www.gstatic.com/recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/ 0
0 221ms
173ms Script
text/html 142.251.40.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__vi.js

Requested by

Host: gothicoutfit.com
URL: https://gothicoutfit.com/help/10009283718881/confirm.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.99 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f3.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gothicoutfit.com/
Origin: https://gothicoutfit.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 00:54:34 GMT
x-content-type-options: nosniff
server: sffe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1621
x-xss-protection: 0

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 1 KB
1 KB 127ms
63ms Script
text/javascript 172.217.13.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: gothicoutfit.com
URL: https://gothicoutfit.com/help/10009283718881/confirm.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.13.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

yul03s05-in-f4.1e100.net

Software

GSE /

Resource Hash

b311ac29f8d7837679d637891db9bbcc84ab0fa8652196d3605de190dc6a6857

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://gothicoutfit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 00:54:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Sat, 09 Dec 2023 00:54:34 GMT

GET
H3 200 style.css
gothicoutfit.com/ 146 KB
25 KB 74ms
74ms Stylesheet
text/css 104.21.33.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gothicoutfit.com/style.css

Requested by

Host: gothicoutfit.com
URL: https://gothicoutfit.com/help/10009283718881/confirm.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.33.29 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc8b1a0c0827d63eec2c7b9a30d4794ea64fe479cab57c61e86a9d6ad339e4d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-US,en;q=0.9
Referer: https://gothicoutfit.com/help/10009283718881/confirm.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 00:54:34 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 28405
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 08 Dec 2023 11:06:05 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4wP7LODW23yFkkgkVzleHA0fhytCQecxovkmv1wkty3Rmg9FlkICFe%2F6rGv853hXxv7t%2F3%2FcTsIt%2BF0IJohPESwWwkXkBO%2BDwDsAivc9KoM%2BGXYsdelFJP0Wndd4%2BQvYj6Ec"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8329471288cc41e9-EWR
expires: Fri, 15 Dec 2023 17:01:09 GMT

GET
DATA 200
OK truncated
/ 24 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c220e023d96c314f9aaea30f093ce0c1fd03b58a81331fa451ffb6f1355c397a

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 20 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b1f89c63b9a87f0a0b2737a0789cf18c8b3786302e2c7dd56fa1d2ebc7bfde2

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 1 KB
908 B 69ms
64ms Script
text/javascript 172.217.13.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=explicit

Requested by

Host: gothicoutfit.com
URL: https://gothicoutfit.com/help/10009283718881/confirm.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.13.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

yul03s05-in-f4.1e100.net

Software

GSE /

Resource Hash

1d55855f99b267c07025276f750560e75e15b39dedaa1d32fff1c8180d782e39

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://gothicoutfit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 00:54:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Sat, 09 Dec 2023 00:54:34 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/ 501 KB
201 KB 15ms
14ms Script
text/javascript 142.251.40.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.99 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f3.1e100.net

Software

sffe /

Resource Hash

6788908efcff931e3c0c4fb54a255932414a22e81971dcc1427c8a4f459a1fbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gothicoutfit.com/
Origin: https://gothicoutfit.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 17:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26486
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 204921
x-xss-protection: 0
last-modified: Mon, 04 Dec 2023 17:08:31 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 07 Dec 2024 17:33:08 GMT

GET /
api.ipify.org/ 0
0

GET
H2 200 ipgeo Show response
api.ipgeolocation.io/ 891 B
781 B 104ms
41ms Fetch
application/json 104.20.61.122
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.ipgeolocation.io/ipgeo?apiKey=f40a6ea769ce4740b4d5462dc649bbcf

Requested by

Host: gothicoutfit.com
URL: https://gothicoutfit.com/help/10009283718881/confirm.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.61.122 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9b0311d92a926a62425c1a8d3a3ae997b5f6800cef8625042cb36104caa1bb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://gothicoutfit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 00:54:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json
access-control-allow-origin: https://gothicoutfit.com
access-control-allow-credentials: true
cf-ray: 83294713f8f66a58-EWR
alt-svc: h3=":443"; ma=86400

GET
H3 404 Segoe.73e9cd89613cc1d9a962.ttf
gothicoutfit.com/ 0
0 428ms
427ms Font
text/html 104.21.33.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gothicoutfit.com/Segoe.73e9cd89613cc1d9a962.ttf

Requested by

Host: gothicoutfit.com
URL: https://gothicoutfit.com/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.33.29 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.2.34

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gothicoutfit.com/style.css
Origin: https://gothicoutfit.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 00:54:35 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-powered-by: PHP/7.2.34
x-magento-tags: cat_c,cat_c_107,cat_c_94,cat_c_100,cat_c_69,cat_c_110,cat_c_111,store,cms_b,gdpr_c,NAVIGATIONPRO_MENU_4,theme_editor_backend_css_block,cms_b_header_cms_links,cms_b_argento_scroll_up,cms_b_header_slider,cms_b_footer_cms_content,cms_b_footer_information,cms_p_1122,FPC
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-magento-cache-control: max-age=86400, public, s-maxage=86400
pragma: no-cache
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NalA8wzl4L8MHuXJVIbAieh%2BJWY%2FGVuGLUqlNzZtTYocO2enFuNkebYk5eSljT75iso7XlMY44hhxECcHFKmcOTEtAQFTLE%2FwN1CQyzlng3J%2BAX%2BatVSW4fOLoK87sO5MWWi"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=0, must-revalidate, no-cache, no-store
x-magento-cache-debug: HIT
x-turbo-charged-by: LiteSpeed
cf-ray: 8329471399a541e9-EWR
expires: Thu, 08 Dec 2022 16:57:50 GMT

GET
H3

200

main.js Show response
gothicoutfit.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/ Frame 8A27
Redirect Chain

https://gothicoutfit.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://gothicoutfit.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js

7 KB
4 KB

36ms
36ms

Script
application/javascript

104.21.33.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gothicoutfit.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js

Requested by

Host: gothicoutfit.com
URL: https://gothicoutfit.com/help/10009283718881/confirm.html

Protocol

Server

104.21.33.29 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6472da5ce9b64cc206debbcdae8eadf30ad7412db6a0302120b5d283158dd94

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 00:54:34 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yr12WTxPx2i1OZtcwmObNMuzapqEfM6Q8%2B3gUoLQzNP%2FwaQW%2FpKQSMvUhz6%2BnER%2Fk53uwxxEw29chUvHSRY9Ucu2XAJefyHyG%2BgTn76%2F98SxqDHTSpmrk2wGlrN08wI1jTfQ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 83294713fa0341e9-EWR
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Sat, 09 Dec 2023 00:54:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I0Ylme9Laaof2%2F5P0j%2F%2Bct%2BCjKi7hzLXgCWSq2ieD7FfT0U5JFS7MYbPfzFnQE9a9gc%2BOX0zYGzIXBwfM%2B1DVCgKP9GShyLLLz0r1VlGuHsDKqROiXUQqQLyOWHCs2Nv50Uo"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
cache-control: max-age=300, public
cf-ray: 83294713b9ca41e9-EWR
alt-svc: h3=":443"; ma=86400

POST
H3 200 83294711d82141e9 Show response
gothicoutfit.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 8A27 0
546 B 132ms
132ms XHR
text/plain 104.21.33.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gothicoutfit.com/cdn-cgi/challenge-platform/h/b/jsd/r/83294711d82141e9
Requested by: Host: gothicoutfit.com
URL: https://gothicoutfit.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.33.29 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 09 Dec 2023 00:54:35 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WpctcrVKsWXBfVfhVFNorkrnzFDx%2FN5VM2giYYSulxMQZAroRwNfJQoODfTaZyTa9XsR13TRel%2FLEnTOxSKy7jU%2FCJyXSWw86kNNGzKtDsq13wZxRu9F5I9%2FCZnFo9vEwPSn"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 83294714cade41e9-EWR
alt-svc: h3=":443"; ma=86400

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: api.ipify.org
URL: https://api.ipify.org/?format=json

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.gothicoutfit.com/	1970-01-20 17:31:15	Name: wschkid Value: bcd7044387dd2babc7b741c3f2ff0bebbf351589.1702169674.1
.gothicoutfit.com/	1970-01-21 01:33:39	Name: cf_clearance Value: 2kz9LD0OPQoSAX4be_BGWaz3t9YypuBf8LYOowyp2VA-1702083275-0-1-7f812d07.8515db85.a422d28f-0.2.1702083275
.gothicoutfit.com/	1970-01-20 16:48:06	Name: PHPSESSID Value: 9b28499fbe297e3e62c59a36132e7ce4

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.gstatic.com/recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__vi.js Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://gothicoutfit.com/help/10009283718881/confirm.html Message: Refused to execute script from 'https://www.gstatic.com/recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__vi.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://gothicoutfit.com/help/10009283718881/confirm.html Message: Refused to execute script from 'https://www.gstatic.com/recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__vi.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
network	error	URL: https://gothicoutfit.com/Segoe.73e9cd89613cc1d9a962.ttf Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.ipgeolocation.io
api.ipify.org
free4facebook.com
gothicoutfit.com
www.google.com
www.gstatic.com
api.ipify.org
104.20.61.122
104.21.33.29
104.21.77.6
142.251.40.99
172.217.13.196
172.67.140.188
1d55855f99b267c07025276f750560e75e15b39dedaa1d32fff1c8180d782e39
5069d1dc4b8dd28ab3f407719489dfde4ef9164df2c03bbd4bb862f00c781705
5b1f89c63b9a87f0a0b2737a0789cf18c8b3786302e2c7dd56fa1d2ebc7bfde2
6788908efcff931e3c0c4fb54a255932414a22e81971dcc1427c8a4f459a1fbf
a9b0311d92a926a62425c1a8d3a3ae997b5f6800cef8625042cb36104caa1bb0
b311ac29f8d7837679d637891db9bbcc84ab0fa8652196d3605de190dc6a6857
c220e023d96c314f9aaea30f093ce0c1fd03b58a81331fa451ffb6f1355c397a
cc8b1a0c0827d63eec2c7b9a30d4794ea64fe479cab57c61e86a9d6ad339e4d5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e97f70c514a2699ce93111c2ecc86116b698a4655451d6b8dd72b14f12824715
f6472da5ce9b64cc206debbcdae8eadf30ad7412db6a0302120b5d283158dd94

gothicoutfit.com Open in urlscan Pro 104.21.33.29 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

79 %HTTPS

0 %IPv6

6 Domains

6 Subdomains

5 IPs

2 Countries

290 kBTransfer

847 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

15 JavaScript Global Variables

3 Cookies

4 Console Messages

Indicators

gothicoutfit.com Open in urlscan Pro
104.21.33.29 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

79 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

5
IPs

2
Countries

290 kB
Transfer

847 kB
Size

3
Cookies

14 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!