pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pcloak.blob.core.windows.net/web/6x6j5404ewhw.html?fbclid=PAAabpyk3eMMgvevrGaPTJ73MYVgujqQFD9anb9UhmKfn14dJKobjFCqwJUkg_aem_t...
Submission: On July 11 via api (July 11th 2023, 12:40:38 am UTC) from TR — Scanned from DE

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 8 HTTP transactions. The main IP is 20.60.220.36, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is pcloak.blob.core.windows.net.
TLS certificate: Issued by Microsoft RSA TLS CA 02 on March 22nd 2023. Valid for: a year.

This is the only time pcloak.blob.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	20.60.220.36 20.60.220.36	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	77.245.159.14 77.245.159.14	42868 (NIOBEBILI...) (NIOBEBILISIMHIZMETLERI)
1	88.255.37.202 88.255.37.202	9121 (TTNET) (TTNET)
8	4

4 20.60.220.36 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

pcloak.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.245.159.14 (Turkey)

ASN42868 (NIOBEBILISIMHIZMETLERI, TR)
PTR: stilgar.wlsrv.com

www.cloakan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.255.37.202 (Mamak, Turkey)

ASN9121 (TTNET, TR)
PTR: 88.255.37.202.static.ttnet.com.tr

www.diyanet.gov.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	windows.net pcloak.blob.core.windows.net	3 KB
2	cloakan.co www.cloakan.co	719 B
1	diyanet.gov.tr www.diyanet.gov.tr	47 KB
8	3

	Domain	Requested by
4	pcloak.blob.core.windows.net	pcloak.blob.core.windows.net
2	www.cloakan.co	pcloak.blob.core.windows.net
1	www.diyanet.gov.tr	www.cloakan.co www.diyanet.gov.tr
8	3

This site contains no links.

Subject Issuer	Validity	Valid
*.blob.core.windows.net Microsoft RSA TLS CA 02	`2023-03-22` - `2024-03-22`	a year	crt.sh
cpanel.cloakan.co R3	`2023-07-03` - `2023-10-01`	3 months	crt.sh
*.diyanet.gov.tr GeoTrust RSA CA 2018	`2022-09-30` - `2023-10-31`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://pcloak.blob.core.windows.net/web/6x6j5404ewhw.html?fbclid=PAAabpyk3eMMgvevrGaPTJ73MYVgujqQFD9anb9UhmKfn14dJKobjFCqwJUkg_aem_th_AfksJ2NTEeiunfgFyq_m8jdX3Ol0BIJKRCgykSQUpxn5QTLUjIUb7cl9iKtO-C0rX-A4QNeeEWMc5PbCHZHEGcr8
Frame ID: 028D0801C1985621CDC6AB2CC073187A
Requests: 6 HTTP requests in this frame

Frame: https://www.diyanet.gov.tr/tr-TR
Frame ID: 3B22061407669F7B72DA762B43CE99CE
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

88 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

50 kB
Transfer

56 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request 6x6j5404ewhw.html Show response pcloak.blob.core.windows.net/web/	1 KB 2 KB	624ms 101ms	Document text/html	20.60.220.36 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://pcloak.blob.core.windows.net/web/6x6j5404ewhw.html?fbclid=PAAabpyk3eMMgvevrGaPTJ73MYVgujqQFD9anb9UhmKfn14dJKobjFCqwJUkg_aem_th_AfksJ2NTEeiunfgFyq_m8jdX3Ol0BIJKRCgykSQUpxn5QTLUjIUb7cl9iKtO-C0rX-A4QNeeEWMc5PbCHZHEGcr8 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `551a5643792262addb1530506ef922be685bd6f9da7b7f8010fc2b5c4d6dd5c0` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Content-Length 1321 Content-MD5 J68YZH+1j7DCE7gdLkuFLQ== Content-Type text/html Date Tue, 11 Jul 2023 00:40:33 GMT ETag 0x8DB5ED07B30A595 Last-Modified Sat, 27 May 2023 16:36:11 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-blob-type BlockBlob x-ms-lease-status unlocked x-ms-request-id a78d8d6c-f01e-0077-5590-b39799000000 x-ms-version 2009-09-19
GET H/1.1	404 The specified blob does not exist.	jquery.min.js pcloak.blob.core.windows.net/web/	0 0	96ms 95ms	Script application/xml	20.60.220.36 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://pcloak.blob.core.windows.net/web/jquery.min.js Requested by Host: pcloak.blob.core.windows.net URL: https://pcloak.blob.core.windows.net/web/6x6j5404ewhw.html?fbclid=PAAabpyk3eMMgvevrGaPTJ73MYVgujqQFD9anb9UhmKfn14dJKobjFCqwJUkg_aem_th_AfksJ2NTEeiunfgFyq_m8jdX3Ol0BIJKRCgykSQUpxn5QTLUjIUb7cl9iKtO-C0rX-A4QNeeEWMc5PbCHZHEGcr8 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://pcloak.blob.core.windows.net/web/6x6j5404ewhw.html?fbclid=PAAabpyk3eMMgvevrGaPTJ73MYVgujqQFD9anb9UhmKfn14dJKobjFCqwJUkg_aem_th_AfksJ2NTEeiunfgFyq_m8jdX3Ol0BIJKRCgykSQUpxn5QTLUjIUb7cl9iKtO-C0rX-A4QNeeEWMc5PbCHZHEGcr8 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-ms-request-id a78d8de1-f01e-0077-3e90-b39799000000 Date Tue, 11 Jul 2023 00:40:33 GMT x-ms-version 2009-09-19 Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-Length 215 Content-Type application/xml
GET H/1.1	200 OK	cloakan.js Show response pcloak.blob.core.windows.net/web/	308 B 717 B	105ms 104ms	Script text/javascript	20.60.220.36 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://pcloak.blob.core.windows.net/web/cloakan.js Requested by Host: pcloak.blob.core.windows.net URL: https://pcloak.blob.core.windows.net/web/6x6j5404ewhw.html?fbclid=PAAabpyk3eMMgvevrGaPTJ73MYVgujqQFD9anb9UhmKfn14dJKobjFCqwJUkg_aem_th_AfksJ2NTEeiunfgFyq_m8jdX3Ol0BIJKRCgykSQUpxn5QTLUjIUb7cl9iKtO-C0rX-A4QNeeEWMc5PbCHZHEGcr8 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a` Request headers accept-language de-DE,de;q=0.9 Referer https://pcloak.blob.core.windows.net/web/6x6j5404ewhw.html?fbclid=PAAabpyk3eMMgvevrGaPTJ73MYVgujqQFD9anb9UhmKfn14dJKobjFCqwJUkg_aem_th_AfksJ2NTEeiunfgFyq_m8jdX3Ol0BIJKRCgykSQUpxn5QTLUjIUb7cl9iKtO-C0rX-A4QNeeEWMc5PbCHZHEGcr8 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Tue, 11 Jul 2023 00:40:33 GMT Last-Modified Mon, 13 Jun 2022 14:36:49 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 zPiKctHo6j8i1UGOFPpInw== ETag 0x8DA4D4A263C11C2 Content-Type text/javascript x-ms-request-id e6344f3e-401e-0062-3b90-b3802a000000 x-ms-version 2009-09-19 Content-Length 308
GET H/1.1	200 OK	style.css pcloak.blob.core.windows.net/web/	166 B 568 B	192ms 96ms	Stylesheet text/css	20.60.220.36 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://pcloak.blob.core.windows.net/web/style.css Requested by Host: pcloak.blob.core.windows.net URL: https://pcloak.blob.core.windows.net/web/6x6j5404ewhw.html?fbclid=PAAabpyk3eMMgvevrGaPTJ73MYVgujqQFD9anb9UhmKfn14dJKobjFCqwJUkg_aem_th_AfksJ2NTEeiunfgFyq_m8jdX3Ol0BIJKRCgykSQUpxn5QTLUjIUb7cl9iKtO-C0rX-A4QNeeEWMc5PbCHZHEGcr8 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5` Request headers accept-language de-DE,de;q=0.9 Referer https://pcloak.blob.core.windows.net/web/6x6j5404ewhw.html?fbclid=PAAabpyk3eMMgvevrGaPTJ73MYVgujqQFD9anb9UhmKfn14dJKobjFCqwJUkg_aem_th_AfksJ2NTEeiunfgFyq_m8jdX3Ol0BIJKRCgykSQUpxn5QTLUjIUb7cl9iKtO-C0rX-A4QNeeEWMc5PbCHZHEGcr8 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob Date Tue, 11 Jul 2023 00:40:33 GMT Last-Modified Mon, 13 Jun 2022 14:36:49 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 9ruAIrm4XHnQO3/sM8J0AQ== ETag 0x8DA4D4A26527CA0 Content-Type text/css x-ms-request-id a78d8e68-f01e-0077-3a90-b39799000000 x-ms-version 2009-09-19 Content-Length 166
GET H2	200	px.php Show response www.cloakan.co/	55 B 321 B	272ms 143ms	XHR text/html	77.245.159.14 NIOBEBILISIMHIZME...
General Check archive.org Show headers Download Go to Full URL https://www.cloakan.co/px.php?id=6x6j5404ewhw Requested by Host: pcloak.blob.core.windows.net URL: https://pcloak.blob.core.windows.net/web/6x6j5404ewhw.html?fbclid=PAAabpyk3eMMgvevrGaPTJ73MYVgujqQFD9anb9UhmKfn14dJKobjFCqwJUkg_aem_th_AfksJ2NTEeiunfgFyq_m8jdX3Ol0BIJKRCgykSQUpxn5QTLUjIUb7cl9iKtO-C0rX-A4QNeeEWMc5PbCHZHEGcr8 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR), Reverse DNS stilgar.wlsrv.com Software LiteSpeed / PHP/7.3.33 Resource Hash `a9f55a9e4658a9960455f9485c446ea9874f2590ae283801311d84e908536cc2` Request headers accept-language de-DE,de;q=0.9 Referer https://pcloak.blob.core.windows.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Tue, 11 Jul 2023 00:40:31 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.3.33 vary Accept-Encoding,User-Agent content-type text/html; charset=UTF-8 access-control-allow-origin * alt-svc quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000 content-length 45
GET H2	200	nv.php Show response www.cloakan.co/	245 B 398 B	256ms 148ms	Script text/html	77.245.159.14 NIOBEBILISIMHIZME...
General Check archive.org Show headers Download Go to Full URL https://www.cloakan.co/nv.php?id=6x6j5404ewhw-m Requested by Host: pcloak.blob.core.windows.net URL: https://pcloak.blob.core.windows.net/web/cloakan.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR), Reverse DNS stilgar.wlsrv.com Software LiteSpeed / PHP/7.3.33 Resource Hash `05934289152818922692b8c23b88b3e7a2b31fe2eabe3ffbd2aecedc0e2363a9` Request headers accept-language de-DE,de;q=0.9 Referer https://pcloak.blob.core.windows.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Tue, 11 Jul 2023 00:40:31 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.3.33 vary Accept-Encoding,User-Agent content-type text/html; charset=UTF-8 alt-svc quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000 content-length 125
GET H/1.1	200 OK	tr-TR Show response www.diyanet.gov.tr/ Frame 3B22	45 KB 47 KB	269ms 61ms	Document text/html	88.255.37.202 TTNET
General Check archive.org Show headers Download Go to Full URL https://www.diyanet.gov.tr/tr-TR Requested by Host: www.cloakan.co URL: https://www.cloakan.co/nv.php?id=6x6j5404ewhw-m Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 88.255.37.202 Mamak, Turkey, ASN9121 (TTNET, TR), Reverse DNS 88.255.37.202.static.ttnet.com.tr Software / Resource Hash `9c8813b4ae61051843f859046aa42f345b2dc00483869c3a6deface556199728` Request headers Referer https://pcloak.blob.core.windows.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-store, must-revalidate, no-cache, max-age=0 Content-Length 46478 Content-Type text/html
GET		083d721e09ab2000809dd6a6ced9f59c5b169af5deb8ad2e16b389527a57a8642c2f30df4ba2677b www.diyanet.gov.tr/TSPD/ Frame 3B22	0 0

GET DATA	200 OK	truncated / Frame 3B22	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6b2d3b8d05910bc9a2ac7d415532427b69f6288e334a7dd3609fbe879eb5447c` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame 3B22	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a03daae92a941b781bf4c29bf6d8e01d14858260bf2ed6c9147d949e0e37a93e` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame 3B22	5 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b0961386f2d1bee85609436e7db3f1bf0b4469ad6498c4f7d851adc7833cf99d` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.diyanet.gov.tr
URL: https://www.diyanet.gov.tr/TSPD/083d721e09ab2000809dd6a6ced9f59c5b169af5deb8ad2e16b389527a57a8642c2f30df4ba2677b?type=5

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pcloak.blob.core.windows.net/web/jquery.min.js Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
network	error	URL: https://www.diyanet.gov.tr/TSPD/083d721e09ab2000809dd6a6ced9f59c5b169af5deb8ad2e16b389527a57a8642c2f30df4ba2677b?type=5 Message: Failed to load resource: net::ERR_CONNECTION_RESET

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

pcloak.blob.core.windows.net
www.cloakan.co
www.diyanet.gov.tr
www.diyanet.gov.tr
20.60.220.36
77.245.159.14
88.255.37.202
05934289152818922692b8c23b88b3e7a2b31fe2eabe3ffbd2aecedc0e2363a9
4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a
551a5643792262addb1530506ef922be685bd6f9da7b7f8010fc2b5c4d6dd5c0
6b2d3b8d05910bc9a2ac7d415532427b69f6288e334a7dd3609fbe879eb5447c
9c8813b4ae61051843f859046aa42f345b2dc00483869c3a6deface556199728
a03daae92a941b781bf4c29bf6d8e01d14858260bf2ed6c9147d949e0e37a93e
a9f55a9e4658a9960455f9485c446ea9874f2590ae283801311d84e908536cc2
b0961386f2d1bee85609436e7db3f1bf0b4469ad6498c4f7d851adc7833cf99d
cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5

pcloak.blob.core.windows.net Open in urlscan Pro 20.60.220.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

8 Requests

88 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

4 IPs

2 Countries

50 kBTransfer

56 kBSize

0 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

88 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

50 kB
Transfer

56 kB
Size

0
Cookies

8 HTTP transactions
3 data transactions