auth-securedatasafe.com Open in urlscan Pro
188.114.97.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.coreinfrasolutions.com/fet
Effective URL:
https://auth-securedatasafe.com/?KIWm9ukq9DbA
Submission: On July 15 via api (July 15th 2024, 10:42:43 pm UTC) from US — Scanned from DE

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 14 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is auth-securedatasafe.com.
TLS certificate: Issued by WE1 on June 26th 2024. Valid for: 3 months.

This is the only time auth-securedatasafe.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 2	198.102.28.80 198.102.28.80	54839 (EMPIRE) (EMPIRE)
3 16	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	2

2 198.102.28.80 (Las Vegas, United States) 1 redirects

ASN54839 (EMPIRE, US)

www.coreinfrasolutions.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 188.114.97.3 (Amsterdam, Netherlands) 3 redirects

ASN13335 (CLOUDFLARENET, US)

auth-securedatasafe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	auth-securedatasafe.com 3 redirects auth-securedatasafe.com	50 KB
2	coreinfrasolutions.com 1 redirects www.coreinfrasolutions.com	846 B
14	2

	Domain	Requested by
16	auth-securedatasafe.com	3 redirects www.coreinfrasolutions.com auth-securedatasafe.com
2	www.coreinfrasolutions.com	1 redirects
14	2

This site contains no links.

Subject Issuer	Validity	Valid
coreinfrasolutions.com cPanel, Inc. Certification Authority	`2024-05-30` - `2024-08-28`	3 months	crt.sh
auth-securedatasafe.com WE1	`2024-06-26` - `2024-09-24`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://auth-securedatasafe.com/?KIWm9ukq9DbA
Frame ID: 309BB4823D018C4A56744EFF45C0C2E3
Requests: 10 HTTP requests in this frame

Frame: https://auth-securedatasafe.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js
Frame ID: 677308F97B232AAF8881E020722FB12B
Requests: 2 HTTP requests in this frame

Frame: https://auth-securedatasafe.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js
Frame ID: 6E18E853ACBFDC648D27CB6178CA0656
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

403 Forbidden

Page URL History Show full URLs

http://www.coreinfrasolutions.com/fet HTTP 307
https://www.coreinfrasolutions.com/fet HTTP 301
https://www.coreinfrasolutions.com/fet/ Page URL
https://auth-securedatasafe.com/?KIWm9ukq9DbA Page URL
https://auth-securedatasafe.com/cdn-cgi/phish-bypass?atok=QV9UxrB50euANINHQX9mwicohAtKQ9N_HmZN_8RiVLQ-172108... HTTP 301
https://auth-securedatasafe.com/?KIWm9ukq9DbA Page URL
https://auth-securedatasafe.com/?KIWm9ukq9DbA Page URL

Page Statistics

14
Requests

86 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

50 kB
Transfer

77 kB
Size

13
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.coreinfrasolutions.com/fet HTTP 307
https://www.coreinfrasolutions.com/fet HTTP 301
https://www.coreinfrasolutions.com/fet/ Page URL
https://auth-securedatasafe.com/?KIWm9ukq9DbA Page URL
https://auth-securedatasafe.com/cdn-cgi/phish-bypass?atok=QV9UxrB50euANINHQX9mwicohAtKQ9N_HmZN_8RiVLQ-1721083349-0.0.1.1-%2F%3FKIWm9ukq9DbA HTTP 301
https://auth-securedatasafe.com/?KIWm9ukq9DbA Page URL
https://auth-securedatasafe.com/?KIWm9ukq9DbA Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://www.coreinfrasolutions.com/fet HTTP 307
https://www.coreinfrasolutions.com/fet HTTP 301
https://www.coreinfrasolutions.com/fet/

Request Chain 5

https://auth-securedatasafe.com/cdn-cgi/phish-bypass?atok=QV9UxrB50euANINHQX9mwicohAtKQ9N_HmZN_8RiVLQ-1721083349-0.0.1.1-%2F%3FKIWm9ukq9DbA HTTP 301
https://auth-securedatasafe.com/?KIWm9ukq9DbA

Request Chain 7

https://auth-securedatasafe.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://auth-securedatasafe.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js

Request Chain 10

https://auth-securedatasafe.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://auth-securedatasafe.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
www.coreinfrasolutions.com/fet/
Redirect Chain

http://www.coreinfrasolutions.com/fet
https://www.coreinfrasolutions.com/fet
https://www.coreinfrasolutions.com/fet/

650 B
483 B

180ms
179ms

Document
text/html

198.102.28.80
EMPIRE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.coreinfrasolutions.com/fet/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.102.28.80 Las Vegas, United States, ASN54839 (EMPIRE, US),
Reverse DNS
Software: Apache / PHP/7.2.34
Resource Hash: b8001a323c995afd4fc7768b538d651ad648e480fe3fe5ac02ac2386f9e5fc46

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-length: 367
content-type: text/html; charset=UTF-8
date: Mon, 15 Jul 2024 22:42:29 GMT
server: Apache
vary: Accept-Encoding,User-Agent
x-powered-by: PHP/7.2.34

Redirect headers

content-length: 247
content-type: text/html; charset=iso-8859-1
date: Mon, 15 Jul 2024 22:42:28 GMT
location: https://www.coreinfrasolutions.com/fet/
server: Apache

GET
H2 200 / Show response
auth-securedatasafe.com/ 4 KB
2 KB 393ms
18ms Document
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth-securedatasafe.com/?KIWm9ukq9DbA

Requested by

Host: www.coreinfrasolutions.com
URL: https://www.coreinfrasolutions.com/fet/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e38145132a145e87c209cb0a39b4b47de329b3c1d3027f26e4bb74c0b9af89ca

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.coreinfrasolutions.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cf-ray: 8a3d4417592592a7-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 15 Jul 2024 22:42:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FtNqqNavc1zi99bhunLGNscUXXxBj8oK1nK3%2BjW8tI5oO1V0i4X0t8%2BdKnKPO%2FGdcihvJq0fhJq%2BmhiJEoLATpEpt808dPD8l0U%2B0jAAvd%2Bnl33Y3YHnvq%2B%2Br7DbFdh%2F1YNGZ7Q06gD%2Bvw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 cf.errors.css
auth-securedatasafe.com/cdn-cgi/styles/ 23 KB
5 KB 17ms
17ms Stylesheet
text/css 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth-securedatasafe.com/cdn-cgi/styles/cf.errors.css

Requested by

Host: auth-securedatasafe.com
URL: https://auth-securedatasafe.com/?KIWm9ukq9DbA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://auth-securedatasafe.com/?KIWm9ukq9DbA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 15 Jul 2024 22:42:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 11 Jul 2024 08:13:48 GMT
server: cloudflare
etag: W/"668f943c-5df3"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 8a3d4417894192a7-FRA
expires: Tue, 16 Jul 2024 00:42:29 GMT

GET
H2 200 icon-exclamation.png
auth-securedatasafe.com/cdn-cgi/images/ 452 B
541 B 15ms
15ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auth-securedatasafe.com/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: auth-securedatasafe.com
URL: https://auth-securedatasafe.com/cdn-cgi/styles/cf.errors.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://auth-securedatasafe.com/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 15 Jul 2024 22:42:29 GMT
x-content-type-options: nosniff
last-modified: Thu, 11 Jul 2024 08:13:48 GMT
server: cloudflare
etag: "668f943c-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 8a3d4417a95892a7-FRA
content-length: 452
expires: Tue, 16 Jul 2024 00:42:29 GMT

GET
H2 503 favicon.ico
auth-securedatasafe.com/ 18 KB
19 KB 116ms
115ms Other
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth-securedatasafe.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

963b94eb7315484085d3d7ccaaf878c3c205f4550a35be126e43ebc54244df6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: https://auth-securedatasafe.com/?KIWm9ukq9DbA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Jul 2024 22:42:29 GMT
x-content-type-options: nosniff, nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FZACO5ipnG%2Fi8S4lw%2FMx5Sk3B1YcwwIc5aK%2FJTwR722PRpWa7q93JKNT%2BNW0tUx2ARnzTapbm7aLwQsnTQDv5rCNsGIvn75%2BqVw3vkqj8DIs857fk0EUtcWanDRn8b9sGFu%2FUGVzyKE9sg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 8a3d4417c96392a7-FRA
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block
expires: 0

GET
H3

503

/ Show response
auth-securedatasafe.com/
Redirect Chain

https://auth-securedatasafe.com/cdn-cgi/phish-bypass?atok=QV9UxrB50euANINHQX9mwicohAtKQ9N_HmZN_8RiVLQ-1721083349-0.0.1.1-%2F%3FKIWm9ukq9DbA
https://auth-securedatasafe.com/?KIWm9ukq9DbA

7 KB
8 KB

85ms
85ms

Document
text/html

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth-securedatasafe.com/?KIWm9ukq9DbA

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bef4bf8c0d829b9a92b8ed74793a47c72d882cafab4af8c78392339ef1dd5656

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Referer: https://auth-securedatasafe.com/?KIWm9ukq9DbA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 8a3d44384ac290e8-FRA
content-type: text/html; charset=utf-8
date: Mon, 15 Jul 2024 22:42:34 GMT
expires: 0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ygPj29kTci8CsvK55%2BXfPRdW65S1UP0BuoYJcc%2FLL%2BLH982y%2BYxUEEkb%2Fn6R86gmS9nFIW2UoIj0i2GoRGHGU4hiIbzF%2FtY61pGD2sevALNZEi4V5elaDgN8HwxmYRiy22%2FDlUd0rO3rGg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-content-type-options: nosniff nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block 1; mode=block

Redirect headers

cache-control: private, no-cache
cf-ray: 8a3d4438291292a7-FRA
content-length: 167
content-type: text/html
date: Mon, 15 Jul 2024 22:42:34 GMT
location: https://auth-securedatasafe.com/?KIWm9ukq9DbA
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

POST
H3 204 /
auth-securedatasafe.com/ 0
944 B 55ms
54ms XHR
text/plain 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth-securedatasafe.com/?KIWm9ukq9DbA

Requested by

Host: www.coreinfrasolutions.com
URL: https://www.coreinfrasolutions.com/fet/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

X-Requested-TimeStamp-Expire
BS1ahSrOP53DmIoyuFHjrJnTwko: 35312739
pZ2znvh0WvJkg2K9tG7PdS-Mw: mwx9KMyI0SSxPNxBcQN9UxfR2Jw
X-Requested-TimeStamp-Combination
X-Requested-Type-Combination: GET
Content-type: application/x-www-form-urlencoded
X-Requested-Type: GET
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Referer: https://auth-securedatasafe.com/?KIWm9ukq9DbA
X-Requested-with: XMLHttpRequest
X-Requested-TimeStamp

Response headers

pragma: no-cache
date: Mon, 15 Jul 2024 22:42:35 GMT
x-server-powered-by: Engintron
x-content-type-options: nosniff, nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4YeSr78oTtyTu%2BhvHYIhrRi%2FpNoFHymAXSXVjVHNdmK4C16X3018k6wgR%2Bd%2FrjZVMtPI%2FZo%2BXh7tS5aPpWuNDF9FaKoDJEYvzXOOOSlyGeiIK7ftUajYAITr9nmkiXFJ6Hb07MlV4%2BhYAA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 8a3d4438eb1e90e8-FRA
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block
expires: 0

GET
H3

200

main.js Show response
auth-securedatasafe.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/ Frame 6773
Redirect Chain

https://auth-securedatasafe.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://auth-securedatasafe.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js?

8 KB
4 KB

20ms
20ms

Script
application/javascript

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth-securedatasafe.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js?

Protocol

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9108487daa96b70bc124f21afaf7afa89d7a1095df4843db06f6d1ce4993040d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 15 Jul 2024 22:42:35 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6w8OoQ0dFzmqpSqgYFaCUQzYvuXASSTknQRN7F1j%2BxgVtgJWQefCd4NC6BM3ubaiVl6V4trlY4wDy0g3esKwahL1EUWJlBLRKnNI9XDxJZjRfnFApa0XoYy9Trt%2Fjyp1clvulpDhtx%2FXBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 8a3d44390b3790e8-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Mon, 15 Jul 2024 22:42:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pyNIYqBTlURfyo8PH%2FfROZFoA5mZ8TBoqglLNP39rZdo9BKAXGeqDAQxR7dbMnOWWfOu4%2FCypXNxB0f%2BNsbpMxH7ybG%2FMwfiCd07KzsMkr%2B%2FXuppLPoyw1hAvnFbMukj%2BYZjmv7iPxY3jQ%3D%3D"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js?
access-control-allow-origin: *
cache-control: max-age: 300, public
cf-ray: 8a3d4438eb1f90e8-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 503 favicon.ico
auth-securedatasafe.com/ 6 KB
7 KB 87ms
87ms Other
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth-securedatasafe.com/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: https://auth-securedatasafe.com/?KIWm9ukq9DbA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Jul 2024 22:42:35 GMT
x-content-type-options: nosniff, nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wSpJMgniBhJ3%2FlJqtWm%2FkGhsiNYv8VYtLaxeyD0vSAp%2FKOWqmXecMjSBdLmHc7sL7z6TJicAMJOiPehDiy4dOB%2BB1tX8%2BGoem6Jh9XI0TO9dNiyHtjaf1E9BTuAq0nEyKlGUCn305azWgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 8a3d4438eb2190e8-FRA
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block
expires: 0

POST
H3 200 8a3d44384ac290e8
auth-securedatasafe.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 6773 0
704 B 32ms
29ms XHR
text/plain 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://auth-securedatasafe.com/cdn-cgi/challenge-platform/h/g/jsd/r/8a3d44384ac290e8
Requested by: Host: auth-securedatasafe.com
URL: https://auth-securedatasafe.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 15 Jul 2024 22:42:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1%2FnGok0cDO2m97ZgFvaz%2FUbtW9hs1tPJ5oA9XjH2lWEInwHHcojLprZY1qUjW8LNSSl3RSaVpcnw0ml5D02Ko%2B%2FD6im4H2IdCRiMRvRYeYmYntea3Vuwkahvl1Tx14KRGv2nW%2FPl%2FvhtSA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 8a3d44397b6690e8-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 403 Primary Request / Show response
auth-securedatasafe.com/ 1 KB
954 B 56ms
55ms Document
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth-securedatasafe.com/?KIWm9ukq9DbA

Requested by

Host: www.coreinfrasolutions.com
URL: https://www.coreinfrasolutions.com/fet/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbb37d45bb0f489cddcfa876a7ca4655be83dbb0b23b68f4dbb9ad2c4da41024

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Referer: https://auth-securedatasafe.com/?KIWm9ukq9DbA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8a3d44397b6a90e8-FRA
content-encoding: br
content-type: text/html
date: Mon, 15 Jul 2024 22:42:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PlrWZxfBTJo7FtNc2ccZkllm4qL3cezTcupJLciXBRqNrcXYgO5SXLQC%2FZ728jwb6dziHr4h6GMjg%2BvCbO0Wd2b8Tvsc%2F%2FBQnEPcnoaacJ%2F2iL8FQ6N%2BB%2BaDj7s%2FVn4SZcgztzARI5y4rA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff nosniff
x-xss-protection: 1; mode=block 1; mode=block

GET
H3

200

main.js Show response
auth-securedatasafe.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/ Frame 6E18
Redirect Chain

https://auth-securedatasafe.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://auth-securedatasafe.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js?

8 KB
0

0ms
0ms

Script
application/javascript

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth-securedatasafe.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js?

Protocol

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9108487daa96b70bc124f21afaf7afa89d7a1095df4843db06f6d1ce4993040d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 15 Jul 2024 22:42:35 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6w8OoQ0dFzmqpSqgYFaCUQzYvuXASSTknQRN7F1j%2BxgVtgJWQefCd4NC6BM3ubaiVl6V4trlY4wDy0g3esKwahL1EUWJlBLRKnNI9XDxJZjRfnFApa0XoYy9Trt%2Fjyp1clvulpDhtx%2FXBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 8a3d44390b3790e8-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Mon, 15 Jul 2024 22:42:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rHxGV51%2F5MX8V1Uz4aCvLO%2B42MW0JzUd3gxuRaTOzxa2WU0DpBQHxnlblVYtvSRksDL4ANaNbDIbhP8oXtBXQpw9DPBJ2YbpZ66%2BbJ123MZojLbfA98lMc%2BwDLBFO614LDGkArC9MLrsCA%3D%3D"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js?
access-control-allow-origin: *
cache-control: max-age: 300, public
cf-ray: 8a3d4439ebab90e8-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 403 favicon.ico
auth-securedatasafe.com/ 548 B
640 B 55ms
54ms Other
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth-securedatasafe.com/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: https://auth-securedatasafe.com/?KIWm9ukq9DbA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: public
date: Mon, 15 Jul 2024 22:42:35 GMT
content-encoding: br
x-content-type-options: nosniff, nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w5DQHNGQgXqb7O8P3DNZLlS5pnrW0R%2Fl%2BCQRXz0IZE2L2NztH61jh44jR6bjAVGNyvG14oKONtz9Aq6ILQ%2FX2d15GS3ruq%2Fup0pjhV96LbQ4MJyOK9PHZCLPotWhdDQBbKC358scrp7LvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutable
cf-ray: 8a3d4439ebad90e8-FRA
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block

POST
H3 200 8a3d44397b6a90e8 Show response
auth-securedatasafe.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 6E18 0
703 B 25ms
21ms XHR
text/plain 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://auth-securedatasafe.com/cdn-cgi/challenge-platform/h/g/jsd/r/8a3d44397b6a90e8
Requested by: Host: auth-securedatasafe.com
URL: https://auth-securedatasafe.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 15 Jul 2024 22:42:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PieMAciK7F4DMI6tLqId3ADwAYLs2mlekJtdA4Ql9N1AOqv7VdEztfh5rspPO0AhIoEhalheQs2N0e2QwQebmpZruX1Rax%2F8NekcHhwoXU9z%2Fy93RhRJN0%2BgYqoCs7fTuGZGIrKNzDp3%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 8a3d443a4be090e8-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
auth-securedatasafe.com/	1970-01-20 22:06:09	Name: xqi_Zzn7z5u0RxG6bMo18F-nmtY Value: xha5eop3ZnhL3-SBDmTLLSAXiJk
auth-securedatasafe.com/	1970-01-20 22:06:09	Name: JsL0LgIsNgd5hkJ1H-dvfEUy0LI Value: 1721083344
auth-securedatasafe.com/	1970-01-20 22:06:09	Name: w2G7n_l0TxW2R0pifceWnXHmQ74 Value: 1721169744
auth-securedatasafe.com/	1970-01-20 22:06:09	Name: HFweH9Fkcf7EDz9io617c-XpnMM Value: MDC_yxphs_v5c21TFGMpCKE2me4
auth-securedatasafe.com/	1970-01-20 22:06:09	Name: DdCDZBal-qoE_trdpStZL6ZhPqo Value: jgBAhIXO9xbAb95FoPK3tAz9tUI
.auth-securedatasafe.com/	1970-01-20 22:06:09	Name: __cf_mw_byp Value: QV9UxrB50euANINHQX9mwicohAtKQ9N_HmZN_8RiVLQ-1721083349-0.0.1.1-/?KIWm9ukq9DbA
auth-securedatasafe.com/	1970-01-20 22:06:09	Name: r4NhA7VTjfBhrXHCeMEK0QT9lJU Value: w4LBiijFiNaCRPOD3k4mH1EkfAE
auth-securedatasafe.com/	1970-01-20 22:06:09	Name: NfQZAVYlSPogGlrwCCA1Zl6d8X8 Value: 92sElsyoJ0b50sw1c9dWvofQlmI
auth-securedatasafe.com/	1970-01-20 22:06:09	Name: 7ml9gAwJrA6bSaxM1QkoeNwCHXc Value: 1721083351
auth-securedatasafe.com/	1970-01-20 22:06:09	Name: oNbyArXvCStJRcA0x_FDpAGnJEI Value: 1721169751
auth-securedatasafe.com/	1970-01-20 22:06:09	Name: YrHyCK1nVThOZW9Qe1jVzpS61Sw Value: 1D8ceMXP9A_Q6fnf1SUDZlkkE_A
auth-securedatasafe.com/	1970-01-20 22:06:09	Name: gLdK-3Abes7uPeg2HkRgpH9U_rs Value: Zn0D1ZDc8yvMPD4MX4ueEKzjTlo
.auth-securedatasafe.com/	1970-01-21 06:50:19	Name: cf_clearance Value: WZ_wlweGj69XmoDDf9XrPfx.MESzh7pxjIIyL1aESLI-1721083355-1.0.1.1-.qIIlfBWS6an.R7NVg7w1UHuFSyZyf9PnrZXljN3TyobDnkV2CxArO8pv8tS7Ofw3AC9I9mK_m6wrBF9QOH0rw

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://auth-securedatasafe.com/favicon.ico Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://auth-securedatasafe.com/?KIWm9ukq9DbA Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://auth-securedatasafe.com/favicon.ico Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://auth-securedatasafe.com/?KIWm9ukq9DbA Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://auth-securedatasafe.com/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth-securedatasafe.com
www.coreinfrasolutions.com
188.114.97.3
198.102.28.80
25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
9108487daa96b70bc124f21afaf7afa89d7a1095df4843db06f6d1ce4993040d
963b94eb7315484085d3d7ccaaf878c3c205f4550a35be126e43ebc54244df6b
b8001a323c995afd4fc7768b538d651ad648e480fe3fe5ac02ac2386f9e5fc46
bef4bf8c0d829b9a92b8ed74793a47c72d882cafab4af8c78392339ef1dd5656
cbb37d45bb0f489cddcfa876a7ca4655be83dbb0b23b68f4dbb9ad2c4da41024
e38145132a145e87c209cb0a39b4b47de329b3c1d3027f26e4bb74c0b9af89ca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

auth-securedatasafe.com Open in urlscan Pro 188.114.97.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

14 Requests

86 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

50 kBTransfer

77 kBSize

13 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

13 Cookies

5 Console Messages

Indicators

auth-securedatasafe.com Open in urlscan Pro
188.114.97.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

86 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

50 kB
Transfer

77 kB
Size

13
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!