fakevm.site Open in urlscan Pro
172.67.176.152 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://u44433001.ct.sendgrid.net/ls/click?upn=u001.Z91zSr8vfxa4WBMGMGT0nlOip6a4f139XuAC-2B2nOx-2BA6GXVCSrBNUq7wmbGGuUDE2bxS_L5o2T...
Effective URL:
https://fakevm.site/?rid=FSu9Mkl
Submission Tags: falconsandbox
Submission: On September 05 via api (September 5th 2024, 3:19:32 pm UTC) from US — Scanned from DE

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 17 HTTP transactions. The main IP is 172.67.176.152, located in United States and belongs to CLOUDFLARENET, US. The main domain is fakevm.site.
TLS certificate: Issued by WE1 on August 14th 2024. Valid for: 3 months.

This is the only time fakevm.site was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.89.123.122 167.89.123.122	11377 (SENDGRID) (SENDGRID)
1 4	172.67.176.152 172.67.176.152	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	99.83.249.126 99.83.249.126	16509 (AMAZON-02) (AMAZON-02)
17	3

1 167.89.123.122 (Chicago, United States) 1 redirects

ASN11377 (SENDGRID, US)
PTR: o16789123x122.outbound-mail.sendgrid.net

u44433001.ct.sendgrid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.67.176.152 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

fakevm.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 99.83.249.126 (United States)

ASN16509 (AMAZON-02, US)
PTR: a4023aff01b5a6263.awsglobalaccelerator.com

auth.exelatech.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	exelatech.com auth.exelatech.com	440 KB
4	fakevm.site 1 redirects fakevm.site	10 KB
1	sendgrid.net 1 redirects u44433001.ct.sendgrid.net	234 B
17	3

	Domain	Requested by
11	auth.exelatech.com	fakevm.site auth.exelatech.com
4	fakevm.site	1 redirects fakevm.site
1	u44433001.ct.sendgrid.net	1 redirects
17	3

This site contains no links.

Subject Issuer	Validity	Valid
fakevm.site WE1	`2024-08-14` - `2024-11-12`	3 months	crt.sh
*.exelatech.com Sectigo RSA Organization Validation Secure Server CA	`2024-01-31` - `2025-01-30`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://fakevm.site/?rid=FSu9Mkl
Frame ID: C9D7B2C99B72A6CB3974025135ED8306
Requests: 15 HTTP requests in this frame

Frame: https://fakevm.site/cdn-cgi/challenge-platform/h/b/scripts/jsd/a5b175b00260/main.js
Frame ID: EA655F11CD69BE7B60CB794168F58531
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Welcome to Exela SSO

Page URL History Show full URLs

https://u44433001.ct.sendgrid.net/ls/click?upn=u001.Z91zSr8vfxa4WBMGMGT0nlOip6a4f139XuAC-2B2nOx-2BA6GXVCSrBNUq... HTTP 302
https://fakevm.site/?rid=FSu9Mkl Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

76 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

450 kB
Transfer

743 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://u44433001.ct.sendgrid.net/ls/click?upn=u001.Z91zSr8vfxa4WBMGMGT0nlOip6a4f139XuAC-2B2nOx-2BA6GXVCSrBNUq7wmbGGuUDE2bxS_L5o2Tp6tvBYrWdoGcRHTqaYEp7IT2lfbOHUk-2B66vUtjs9uICQU-2Bp7ILHxQqXq7eAXGx-2B0onljHsn82oTuXiNaE8GkQDg1-2BqXDaXk6w7UtkPN-2FCBk71rd1OvMACHUxUriUa39Odw1WlBtcEDlZlsJIDsl-2F8J1YWG7rzwcfMBoqdrTRLqMxB-2BvwCVbwvcLq5NjzEE3fMoDvPkRSh1MTVUUYS4JpcjLtXvEEwvFsT5oSVs-3D HTTP 302
https://fakevm.site/?rid=FSu9Mkl Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11

https://fakevm.site/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://fakevm.site/cdn-cgi/challenge-platform/h/b/scripts/jsd/a5b175b00260/main.js

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request / Show response
fakevm.site/
Redirect Chain

https://u44433001.ct.sendgrid.net/ls/click?upn=u001.Z91zSr8vfxa4WBMGMGT0nlOip6a4f139XuAC-2B2nOx-2BA6GXVCSrBNUq7wmbGGuUDE2bxS_L5o2Tp6tvBYrWdoGcRHTqaYEp7IT2lfbOHUk-2B66vUtjs9uICQU-2Bp7ILHxQqXq7eAXGx-...
https://fakevm.site/?rid=FSu9Mkl

24 KB
5 KB

337ms
275ms

Document
text/html

172.67.176.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fakevm.site/?rid=FSu9Mkl
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a39d17e275d18c968a86fec77d4c51b4d14c9628d2d13a7f06b789cd7261593b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8be732900ebed25e-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 05 Sep 2024 15:19:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0BCAroopLtIhieBz%2By8fbmSE0637qp0vTHQjNCySLPQdgkHgbpNcUmm%2BbxWJYdeUyLIU4LBhd29PhLEp%2FzWA%2Fj4reVo6HMRg7XERn4EnmTeW0CrCvt6izzkyY5zZLg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-server: gophish

Redirect headers

Connection: keep-alive
Content-Length: 54
Content-Type: text/html; charset=utf-8
Date: Thu, 05 Sep 2024 15:19:25 GMT
Location: https://fakevm.site?rid=FSu9Mkl
Server: nginx
X-Robots-Tag: noindex, nofollow

GET
H2 200 jquery.min.js Show response
auth.exelatech.com/resources/zzu6c/login/hcmer/js/plugins/ 87 KB
31 KB 258ms
32ms Script
text/javascript 99.83.249.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.exelatech.com/resources/zzu6c/login/hcmer/js/plugins/jquery.min.js

Requested by

Host: fakevm.site
URL: https://fakevm.site/?rid=FSu9Mkl

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

99.83.249.126 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a4023aff01b5a6263.awsglobalaccelerator.com

Software

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://fakevm.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 15:19:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: gzip
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
x-xss-protection: 1; mode=block

GET
H2 200 font-awesome.min.css
auth.exelatech.com/resources/zzu6c/login/hcmer/css/ 23 KB
6 KB 286ms
61ms Stylesheet
text/css 99.83.249.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.exelatech.com/resources/zzu6c/login/hcmer/css/font-awesome.min.css

Requested by

Host: fakevm.site
URL: https://fakevm.site/?rid=FSu9Mkl

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

99.83.249.126 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a4023aff01b5a6263.awsglobalaccelerator.com

Software

Resource Hash

541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://fakevm.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 15:19:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: gzip
content-type: text/css;charset=UTF-8
cache-control: max-age=2592000
content-length: 5442
x-xss-protection: 1; mode=block

GET
H2 200 sweetalert2@8.js Show response
auth.exelatech.com/resources/zzu6c/login/hcmer/js/ 63 KB
17 KB 263ms
38ms Script
text/javascript 99.83.249.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.exelatech.com/resources/zzu6c/login/hcmer/js/sweetalert2@8.js

Requested by

Host: fakevm.site
URL: https://fakevm.site/?rid=FSu9Mkl

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

99.83.249.126 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a4023aff01b5a6263.awsglobalaccelerator.com

Software

Resource Hash

671cb08137fc76509b9504e46348d81b90800f81d50c85fcce84c39681a31ca9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://fakevm.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 15:19:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: gzip
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
x-xss-protection: 1; mode=block

GET
H2 200 style.css
auth.exelatech.com/resources/zzu6c/login/hcmer/css/ 10 KB
3 KB 275ms
49ms Stylesheet
text/css 99.83.249.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.exelatech.com/resources/zzu6c/login/hcmer/css/style.css

Requested by

Host: fakevm.site
URL: https://fakevm.site/?rid=FSu9Mkl

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

99.83.249.126 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a4023aff01b5a6263.awsglobalaccelerator.com

Software

Resource Hash

6991bf8cf523deffae4b4e47b572347b6a41cd55af05c6e5ba8550282f644393

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://fakevm.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 15:19:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: gzip
content-type: text/css;charset=UTF-8
cache-control: max-age=2592000
content-length: 2406
x-xss-protection: 1; mode=block

GET
H2 200 bootstrap.css
auth.exelatech.com/resources/zzu6c/login/hcmer/css/ 149 KB
22 KB 276ms
50ms Stylesheet
text/css 99.83.249.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.exelatech.com/resources/zzu6c/login/hcmer/css/bootstrap.css

Requested by

Host: fakevm.site
URL: https://fakevm.site/?rid=FSu9Mkl

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

99.83.249.126 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a4023aff01b5a6263.awsglobalaccelerator.com

Software

Resource Hash

799f97a8e1dcbd1b8593a6432ff889f046ef1773cd57ada4aa476aa885bd9d3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://fakevm.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 15:19:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: gzip
content-type: text/css;charset=UTF-8
cache-control: max-age=2592000
x-xss-protection: 1; mode=block

GET
H2 200 otp.css
auth.exelatech.com/resources/zzu6c/login/hcmer/css/ 719 B
928 B 286ms
61ms Stylesheet
text/css 99.83.249.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.exelatech.com/resources/zzu6c/login/hcmer/css/otp.css

Requested by

Host: fakevm.site
URL: https://fakevm.site/?rid=FSu9Mkl

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

99.83.249.126 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a4023aff01b5a6263.awsglobalaccelerator.com

Software

Resource Hash

dd30c31bd74fd534efc5e22e79f67a6622c3418e4ae489cf5ae5c67b97659dbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://fakevm.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 15:19:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: gzip
content-type: text/css;charset=UTF-8
cache-control: max-age=2592000
content-length: 368
x-xss-protection: 1; mode=block

GET
H2 200 login.css
auth.exelatech.com/resources/zzu6c/login/hcmer/keycloak_css/ 16 KB
4 KB 275ms
50ms Stylesheet
text/css 99.83.249.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.exelatech.com/resources/zzu6c/login/hcmer/keycloak_css/login.css

Requested by

Host: fakevm.site
URL: https://fakevm.site/?rid=FSu9Mkl

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

99.83.249.126 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a4023aff01b5a6263.awsglobalaccelerator.com

Software

Resource Hash

bf355174e3149c8a598d883ca154a0bc29f1b9267d0068351268a1439f2e2b8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://fakevm.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 15:19:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: gzip
content-type: text/css;charset=UTF-8
cache-control: max-age=2592000
content-length: 3675
x-xss-protection: 1; mode=block

GET
H2 200 tile.css
auth.exelatech.com/resources/zzu6c/login/hcmer/keycloak_css/ 7 KB
2 KB 275ms
50ms Stylesheet
text/css 99.83.249.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.exelatech.com/resources/zzu6c/login/hcmer/keycloak_css/tile.css

Requested by

Host: fakevm.site
URL: https://fakevm.site/?rid=FSu9Mkl

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

99.83.249.126 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a4023aff01b5a6263.awsglobalaccelerator.com

Software

Resource Hash

38f57a9833dde172f48a5d3294357b7cdde64c6ad734ad59261e2c4246e4dd40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://fakevm.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 15:19:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: gzip
content-type: text/css;charset=UTF-8
cache-control: max-age=2592000
content-length: 1263
x-xss-protection: 1; mode=block

GET
H2 200 logo.svg
auth.exelatech.com/resources/zzu6c/login/hcmer/images/ 2 KB
1 KB 33ms
32ms Image
image/svg+xml 99.83.249.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auth.exelatech.com/resources/zzu6c/login/hcmer/images/logo.svg

Requested by

Host: fakevm.site
URL: https://fakevm.site/?rid=FSu9Mkl

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

99.83.249.126 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a4023aff01b5a6263.awsglobalaccelerator.com

Software

Resource Hash

c5cb60e4ccad11fd34763ccfc68d4fca32839712ed15fee2a2003af1a679fec8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://fakevm.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 15:19:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: gzip
content-type: image/svg+xml
cache-control: max-age=2592000
content-length: 721
x-xss-protection: 1; mode=block

GET
H2 200 loginbg.jpg
auth.exelatech.com/resources/zzu6c/login/hcmer/images/ 352 KB
353 KB 34ms
33ms Image
image/jpeg 99.83.249.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auth.exelatech.com/resources/zzu6c/login/hcmer/images/loginbg.jpg

Requested by

Host: auth.exelatech.com
URL: https://auth.exelatech.com/resources/zzu6c/login/hcmer/css/style.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

99.83.249.126 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a4023aff01b5a6263.awsglobalaccelerator.com

Software

Resource Hash

0f3c887ae97d9efdd89db5c13680497c94a15b322103a2ea428ccc0947d9007d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 15:19:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
content-type: image/jpeg

GET fontawesome-webfont.woff2
auth.exelatech.com/resources/zzu6c/login/hcmer/fonts/ 0
0

GET
H3

200

main.js Show response
fakevm.site/cdn-cgi/challenge-platform/h/b/scripts/jsd/a5b175b00260/ Frame EA65
Redirect Chain

https://fakevm.site/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://fakevm.site/cdn-cgi/challenge-platform/h/b/scripts/jsd/a5b175b00260/main.js?

8 KB
4 KB

13ms
13ms

Script
application/javascript

172.67.176.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fakevm.site/cdn-cgi/challenge-platform/h/b/scripts/jsd/a5b175b00260/main.js?

Requested by

Host: fakevm.site
URL: https://fakevm.site/?rid=FSu9Mkl

Protocol

Server

172.67.176.152 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c724dbf1e3e67013dbcb10a512fe302f2f5f3958e60bc153b6308d2dac072ac2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 15:19:26 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=34a0Xw1veeaiVuYbrq9K4tcCg4DWHLIfDXdm1UhDYHuLepOHj2sVBsO6BflwdreUz0ZXCn5rFa1sW180Qs9ZPwn7cAqmWx59XYiqytbbJLoKi5cssQ%2Bcuk%2Fs0wAadg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray: 8be73293fd2fd25e-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Thu, 05 Sep 2024 15:19:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1E9fk3mMil5jOeIlkKEi31CPdwCHNh9VemdZJTdDl2Y%2B6Ny7WhRWRc%2BQT%2Ft%2BVuQ5r43YI8BIoYXo1Dgu7l4gibbH6hSyrOK%2B5C5X9FYDQxsn%2FyZGmRYlikbPfXd3rw%3D%3D"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/a5b175b00260/main.js?
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray: 8be73293ecddd25e-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H3 200 8be732900ebed25e Show response
fakevm.site/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame EA65 0
917 B 29ms
25ms XHR
text/plain 172.67.176.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fakevm.site/cdn-cgi/challenge-platform/h/b/jsd/r/8be732900ebed25e
Requested by: Host: fakevm.site
URL: https://fakevm.site/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 05 Sep 2024 15:19:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Hn%2FXMq9GwFz80shMd%2BrliwDcSWbI7kkNe7f685fRStfLR%2BipI28shkN%2BnY2%2B0Y2nAkbIPjMA30GVnOMEdlaRybW%2BLYWmZLpUt%2BXpcbm71AE501P6Gh5aLvEAnyuyA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 8be732948f91d25e-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET fontawesome-webfont.woff
auth.exelatech.com/resources/zzu6c/login/hcmer/fonts/ 0
0

GET fontawesome-webfont.ttf
auth.exelatech.com/resources/zzu6c/login/hcmer/fonts/ 0
0

GET
H2 200 favicon.svg
auth.exelatech.com/resources/zzu6c/login/hcmer/images/ 1 KB
1 KB 33ms
33ms Other
image/svg+xml 99.83.249.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.exelatech.com/resources/zzu6c/login/hcmer/images/favicon.svg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

99.83.249.126 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a4023aff01b5a6263.awsglobalaccelerator.com

Software

Resource Hash

d293e6a5aa853a6ffb19d7a3caa9fbd26948b10eb8de4ebbde42218cd5b459d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://fakevm.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 15:19:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: gzip
content-type: image/svg+xml
cache-control: max-age=2592000
content-length: 731
x-xss-protection: 1; mode=block

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: auth.exelatech.com
URL: https://auth.exelatech.com/resources/zzu6c/login/hcmer/fonts/fontawesome-webfont.woff2?v=4.3.0

Domain: auth.exelatech.com
URL: https://auth.exelatech.com/resources/zzu6c/login/hcmer/fonts/fontawesome-webfont.woff?v=4.3.0

Domain: auth.exelatech.com
URL: https://auth.exelatech.com/resources/zzu6c/login/hcmer/fonts/fontawesome-webfont.ttf?v=4.3.0

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.fakevm.site/	1970-01-21 08:04:45	Name: cf_clearance Value: m_Sl1DvXQSx8PhNZq9Mr_pu6tOHtgS58mYJ9DctMdxo-1725549566-1.2.1.1-fKuyDtFbiltLrh8tTHdjTnU9j_zRjJhiLotDUNUfnOiMUXsxhvnOvg5eY.q.OZy.xO3w24AxOL4S7Qn_nRZVzKMkDDyLTYnPIAlVAA6F83eEu0MwNGjzn.VfDTVkzr2X1j3FTrn6Wea.9eJVtA7BkIz5UQooOSV6pzzivW3xolhA55H49riMwYMHcz5rXJtbvPRFpKAMpjoo9s_BNlw15boWGxgV2kp3DPX48OIC8ZfCe2XVy5zts2L53870D6dSs4_kJoK8W8IlXIh9JX.GiMn5TUYZBlpcnlAbuPi_ILs0jrkRFVljz._nCzuUPXITLxMJfLhQIplnAA20A2mNBpVUjMrPxEsCLti7bcrJ5ayS13RnJjKR9KNnQzbzGC36
			auth.exelatech.com/	1970-01-20 23:29:14	Name: AWSALBCORS Value: ByGuhGtiNshWNXMBw18V7HSxsTsFbQDMMs/GbGqdoYrU6Vc1aC+HM0OGcwmGM8gxMPEucKr+moDoVJVdej3zU1v+UvD0fX9xGvvx8UUoT6JO/AgWHrU534aI/njM

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://fakevm.site/?rid=FSu9Mkl Message: Access to font at 'https://auth.exelatech.com/resources/zzu6c/login/hcmer/fonts/fontawesome-webfont.woff2?v=4.3.0' from origin 'https://fakevm.site' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://auth.exelatech.com/resources/zzu6c/login/hcmer/fonts/fontawesome-webfont.woff2?v=4.3.0 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://fakevm.site/?rid=FSu9Mkl Message: Access to font at 'https://auth.exelatech.com/resources/zzu6c/login/hcmer/fonts/fontawesome-webfont.woff?v=4.3.0' from origin 'https://fakevm.site' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://auth.exelatech.com/resources/zzu6c/login/hcmer/fonts/fontawesome-webfont.woff?v=4.3.0 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://fakevm.site/?rid=FSu9Mkl Message: Access to font at 'https://auth.exelatech.com/resources/zzu6c/login/hcmer/fonts/fontawesome-webfont.ttf?v=4.3.0' from origin 'https://fakevm.site' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://auth.exelatech.com/resources/zzu6c/login/hcmer/fonts/fontawesome-webfont.ttf?v=4.3.0 Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth.exelatech.com
fakevm.site
u44433001.ct.sendgrid.net
auth.exelatech.com
167.89.123.122
172.67.176.152
99.83.249.126
0f3c887ae97d9efdd89db5c13680497c94a15b322103a2ea428ccc0947d9007d
38f57a9833dde172f48a5d3294357b7cdde64c6ad734ad59261e2c4246e4dd40
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
671cb08137fc76509b9504e46348d81b90800f81d50c85fcce84c39681a31ca9
6991bf8cf523deffae4b4e47b572347b6a41cd55af05c6e5ba8550282f644393
799f97a8e1dcbd1b8593a6432ff889f046ef1773cd57ada4aa476aa885bd9d3d
a39d17e275d18c968a86fec77d4c51b4d14c9628d2d13a7f06b789cd7261593b
bf355174e3149c8a598d883ca154a0bc29f1b9267d0068351268a1439f2e2b8d
c5cb60e4ccad11fd34763ccfc68d4fca32839712ed15fee2a2003af1a679fec8
c724dbf1e3e67013dbcb10a512fe302f2f5f3958e60bc153b6308d2dac072ac2
d293e6a5aa853a6ffb19d7a3caa9fbd26948b10eb8de4ebbde42218cd5b459d8
dd30c31bd74fd534efc5e22e79f67a6622c3418e4ae489cf5ae5c67b97659dbb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

fakevm.site Open in urlscan Pro 172.67.176.152 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

76 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

450 kBTransfer

743 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

2 Cookies

6 Console Messages

Indicators

fakevm.site Open in urlscan Pro
172.67.176.152 Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

76 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

450 kB
Transfer

743 kB
Size

2
Cookies

17 HTTP transactions
0 data transactions