nrezf.0ff365files.com Open in urlscan Pro
2a06:98c1:3120::3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://api.getjusto.com/redirect?to=https%3A%2F%2Fhydropod.sa.com%2Fnew%2Fauth%2Ffirdxn%2F%2F%2F%2Fam9uYXRoYW4uZWxraW5nd...
Effective URL:
https://nrezf.0ff365files.com/Mjonathan.elkington@alvariuminvestments.com
Submission: On May 08 via manual (May 8th 2023, 4:21:50 pm UTC) from US — Scanned from DE

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 4 domains to perform 15 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is nrezf.0ff365files.com.
TLS certificate: Issued by GTS CA 1P5 on May 2nd 2023. Valid for: 3 months.

This is the only time nrezf.0ff365files.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	44.193.55.9 44.193.55.9	14618 (AMAZON-AES) (AMAZON-AES)
1	162.241.69.179 162.241.69.179	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
7	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700::68... 2606:4700::6812:7b9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	4

1 44.193.55.9 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-193-55-9.compute-1.amazonaws.com

api.getjusto.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.241.69.179 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: a.cruisevirusreviews.com

hydropod.sa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

nrezf.0ff365files.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:7b9 (United States)

ASN13335 (CLOUDFLARENET, US)

challenges.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	0ff365files.com nrezf.0ff365files.com	206 KB
5	cloudflare.com challenges.cloudflare.com — Cisco Umbrella Rank: 6491	113 KB
1	sa.com hydropod.sa.com	291 B
1	getjusto.com 1 redirects api.getjusto.com — Cisco Umbrella Rank: 830910	576 B
15	4

	Domain	Requested by
7	nrezf.0ff365files.com	nrezf.0ff365files.com
5	challenges.cloudflare.com	nrezf.0ff365files.com challenges.cloudflare.com hydropod.sa.com
1	hydropod.sa.com
1	api.getjusto.com	1 redirects
15	4

This site contains no links.

Subject Issuer	Validity	Valid
cpcontacts.hydropod.sa.com R3	`2023-05-03` - `2023-08-01`	3 months	crt.sh
0ff365files.com GTS CA 1P5	`2023-05-02` - `2023-07-31`	3 months	crt.sh
challenges.cloudflare.com Cloudflare Inc ECC CA-3	`2022-09-18` - `2023-09-17`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://nrezf.0ff365files.com/Mjonathan.elkington@alvariuminvestments.com
Frame ID: 83B69665827027E2CC1E8AE7A025A1FA
Requests: 11 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/mlsae/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Frame ID: 2761949FC644742CB2289516F5E7449F
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Loading...

Page Statistics

15
Requests

87 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

1
Countries

320 kB
Transfer

629 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://api.getjusto.com/redirect?to=https%3A%2F%2Fhydropod.sa.com%2Fnew%2Fauth%2Ffirdxn%2F%2F%2F%2Fam9uYXRoYW4uZWxraW5ndG9uQGFsdmFyaXVtaW52ZXN0bWVudHMuY29t HTTP 302
https://hydropod.sa.com/new/auth/firdxn////am9uYXRoYW4uZWxraW5ndG9uQGFsdmFyaXVtaW52ZXN0bWVudHMuY29t

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

am9uYXRoYW4uZWxraW5ndG9uQGFsdmFyaXVtaW52ZXN0bWVudHMuY29t Show response
hydropod.sa.com/new/auth/firdxn////
Redirect Chain

https://api.getjusto.com/redirect?to=https%3A%2F%2Fhydropod.sa.com%2Fnew%2Fauth%2Ffirdxn%2F%2F%2F%2Fam9uYXRoYW4uZWxraW5ndG9uQGFsdmFyaXVtaW52ZXN0bWVudHMuY29t
https://hydropod.sa.com/new/auth/firdxn////am9uYXRoYW4uZWxraW5ndG9uQGFsdmFyaXVtaW52ZXN0bWVudHMuY29t

0
291 B

427ms
176ms

Document
text/html

162.241.69.179
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://hydropod.sa.com/new/auth/firdxn////am9uYXRoYW4uZWxraW5ndG9uQGFsdmFyaXVtaW52ZXN0bWVudHMuY29t
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.241.69.179 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: a.cruisevirusreviews.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Mon, 08 May 2023 16:21:45 GMT
Keep-Alive: timeout=5, max=100
Server: Apache
Transfer-Encoding: chunked
refresh: 0;url=https://nrezf.0ff365files.com/Mjonathan.elkington@alvariuminvestments.com

Redirect headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Access-Control-Allow-Origin,X-HTTP-Method-Override,Content-Type,Authorization,Accept,x-orion-nonce,x-orion-platform,x-orion-publickey,x-orion-signature,x-orion-locale,x-orion-twofactor,x-orion-deviceid,x-orion-fp,x-orion-domain,x-orion-appcode,x-orion-referrer,x-orion-posversion,x-orion-timezone,x-orion-pathname,x-orion-device-country-code,x-orion-jwt,x-orion-refresh,x-orion-wrapped-website,sentry-trace
access-control-allow-methods: POST,GET,PUT,PATCH,DELETE,OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
date: Mon, 08 May 2023 16:21:45 GMT
location: https://hydropod.sa.com/new/auth/firdxn////am9uYXRoYW4uZWxraW5ndG9uQGFsdmFyaXVtaW52ZXN0bWVudHMuY29t

GET
H2 403 Primary Request Mjonathan.elkington@alvariuminvestments.com Show response
nrezf.0ff365files.com/ 8 KB
5 KB 90ms
23ms Document
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nrezf.0ff365files.com/Mjonathan.elkington@alvariuminvestments.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

06a71e414aa23ae3f130b24714b2a4b7530d298fce3a7e4103901cf9aa8dac1e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://hydropod.sa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-mitigated: challenge
cf-ray: 7c4309a51da03630-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
date: Mon, 08 May 2023 16:21:46 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aUf5DbBRQ%2BhJxoSdlzSfW8g%2F9zFyLf7VKyOjk1JgFsvTfOAGFE6e4HrVJegUOfLOvexFVcewKy85HwGhJ1dkX6%2BdlsG2a4OcOLrP7IE%2F7lhwbNf5MEb%2BM5A%2FavQ%2Fy3MU0NKB2ge8gfh7rPaUZu%2B1CUXSu4Q%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 v1 Show response
nrezf.0ff365files.com/cdn-cgi/challenge-platform/h/g/orchestrate/managed/ 142 KB
51 KB 18ms
17ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nrezf.0ff365files.com/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7c4309a51da03630
Requested by: Host: nrezf.0ff365files.com
URL: https://nrezf.0ff365files.com/Mjonathan.elkington@alvariuminvestments.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26ae5eeec1af69f2915d5d3940e2a8c4ba8e6f2d94731c3520d48ea20cb32d69

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nrezf.0ff365files.com/Mjonathan.elkington@alvariuminvestments.com?__cf_chl_rt_tk=IBdUI0jfJUh_wxUMqibtEBV50zfhLJhyzijejxDrNDA-1683562906-0-gaNycGzNC_s
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 08 May 2023 16:21:46 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=arraUlWlR%2F95nx%2Bcdvmdq7TKhXjlC2ipj%2BXw0wWzMdTUOpq0fZASl%2BR4q3H%2BvL6ZWGR5fcHdnINJfZR9zn9RhAoljKVLitvcE%2FgtzddUX%2Bhtfu6f9FW9ZF6G811zbdC%2BPQTBgIVMHlBhmMWYnPB8nNesDmA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
cf-ray: 7c4309a56e0b3630-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 transparent.gif
nrezf.0ff365files.com/cdn-cgi/images/trace/managed/js/ 42 B
220 B 10ms
9ms Image
image/gif 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nrezf.0ff365files.com/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c4309a51da03630

Requested by

Host: nrezf.0ff365files.com
URL: https://nrezf.0ff365files.com/Mjonathan.elkington@alvariuminvestments.com?__cf_chl_rt_tk=IBdUI0jfJUh_wxUMqibtEBV50zfhLJhyzijejxDrNDA-1683562906-0-gaNycGzNC_s

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nrezf.0ff365files.com/Mjonathan.elkington@alvariuminvestments.com?__cf_chl_rt_tk=IBdUI0jfJUh_wxUMqibtEBV50zfhLJhyzijejxDrNDA-1683562906-0-gaNycGzNC_s
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 08 May 2023 16:21:46 GMT
x-content-type-options: nosniff
last-modified: Fri, 28 Apr 2023 14:11:18 GMT
server: cloudflare
etag: "644bd406-2a"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 7c4309a56e0d3630-FRA
content-length: 42
expires: Mon, 08 May 2023 18:21:46 GMT

GET
H2 200 api.js Show response
challenges.cloudflare.com/turnstile/v0/g/b5e45436/ 15 KB
5 KB 64ms
46ms Script
application/javascript 2606:4700::6812:7b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/g/b5e45436/api.js?onload=_cf_chl_turnstile_l&render=explicit
Requested by: Host: nrezf.0ff365files.com
URL: https://nrezf.0ff365files.com/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7c4309a51da03630
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:7b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5205e201bbd649a3a4af0ecb9b1e8a80f73aa8ea4aee1740302b1b8f7435b27f

Request headers

Referer
Origin: https://nrezf.0ff365files.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 08 May 2023 16:21:46 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cf-ray: 7c4309a5bd579bce-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H3 200 4a0f098912e76b5 Show response
nrezf.0ff365files.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1474784899:1683562063:ZaEUqA-KM0dJRsmv8zoZsceyBqMTauI0Y6jSodBcd6M/7c4309a51da03630/ 193 KB
143 KB 133ms
133ms XHR
text/plain 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nrezf.0ff365files.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1474784899:1683562063:ZaEUqA-KM0dJRsmv8zoZsceyBqMTauI0Y6jSodBcd6M/7c4309a51da03630/4a0f098912e76b5
Requested by: Host: nrezf.0ff365files.com
URL: https://nrezf.0ff365files.com/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7c4309a51da03630
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a1b6541b7063122f7f0718165048b7b11ae70599080a472984bd41c47df5f639

Request headers

Referer: https://nrezf.0ff365files.com/Mjonathan.elkington@alvariuminvestments.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
CF-Challenge: 4a0f098912e76b5
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 08 May 2023 16:21:46 GMT
content-encoding: br
cf_chl_gen: MyMqBd5czsFeLLp0DzbnIov+azhgGUoZJgAPNBT0G7jAd1Oq2opMBlBtRkzcqAlXvq1bpl0SwB1zspMY+V0YMhi0W7FEsarHj3BSRg0AwDtYvGRNy3NiOIxf1ZkNgqlUGTRZhkyVraGSKt9sxvSEq2rEZq6ccP/xtLiJ2aEJIJLs4rlcreu6Dinu+PgJGzu5h9bEtlFAl5T77Q3awTsSYM42lH1Xr/5tdHWkQ2M/LQbXySS2H+TFr198OPCJ9iaxJHd6Z2/PNfWp5I0o49Q6DKAHIv3ph3VLihql3mkgcluV8Msg6HudFaTsMipq6JsHHJnM87OWdG9uPKAYfnccwr9PgBcBXXgRO+fATcIkp2oYTSKVXnuXqdNrZxCShlKZdGWlMyasQ5Tqx2F9D/G3D05hDwERX3e4usOm2MFvn44zBeYNS+pihkKid9NUyqy5GMQDcuVGbZNN1Ir/41jEJw==$sU1pFiemC+XRqvL0CKeXzQ==
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nUf7i6y%2FwmgrvtmHNz3AdVwAM6q2cuCRYuebAsVJIko2Mb6a88unfSNV0252gr6uwD8H2W1tgUQEk6J6CunV7fF8gBneZE921JJknMGyVFBizBVQ07yKNURkWIGjcOygv5oDIekdvLsAfMjH4L2tMQ5D894%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 7c4309a66fd76987-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 401 juAOf2Xac9cPpLC Show response
nrezf.0ff365files.com/cdn-cgi/challenge-platform/h/g/pat/7c4309a51da03630/1683562906637/dbfc147cacc51a5f57c5f0833dc6689e01968a51011b684f6d81c8d6d506c47b/ 1 B
934 B 18ms
17ms Fetch
text/plain 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nrezf.0ff365files.com/cdn-cgi/challenge-platform/h/g/pat/7c4309a51da03630/1683562906637/dbfc147cacc51a5f57c5f0833dc6689e01968a51011b684f6d81c8d6d506c47b/juAOf2Xac9cPpLC
Requested by: Host: nrezf.0ff365files.com
URL: https://nrezf.0ff365files.com/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7c4309a51da03630
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nrezf.0ff365files.com/Mjonathan.elkington@alvariuminvestments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 08 May 2023 16:21:47 GMT
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20g2_wUfKzFGl9XxfCDPcZongGWilEBG2hPbYHI1tUGxHsAFW5yZXpmLjBmZjM2NWZpbGVzLmNvbQ==, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAn23qyGdHVs28an7XXJsPKj7kVCaC9GVfIA_hqz7TYAdgPPPWwl9HHr2M2TPFejyc6bFISKBkmpvDiLNyAvKEm13RN65hHys38F97m-W3nV3CX88cMDzDhHNeSKqQo1MoCrKUVRA-HzoI7whFpb6oZatrsiQfT6e0EDSrkJ6AGKwW_hqtTq7Q8oQ8NMvLvQL4MtSLPzPcvwFOz2xb4cnOAAux7Xqj_X9nqx6jEU9gIxdjYa3s0NPyqM-bXlYDhp2Sss_2cyjfmadXK8iNYTmz68Ee9rJbH-kOjl28L1MjBPE6_7T93xkwiDUx1oIe6PkSyh1uv2wJROfbRBP3WttzJwIDAQAB, max-age=20
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H0uSNQ0QayJ5fZBUW11vEKwFmjG9Wk1qBF6SDX1ORHpsuDJZfBaG1C7X31r1hjHniLYqfjIT50DKMTK4NEcJmWTg7n7Yx9jqTANy5m0pUongqXRalyE8hg6Y4r6QW1oMKAMYVytcasGDdMf6YQbsmvvKQ%2FA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 7c4309ad3f8d6987-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 jKzojK3SzOLQ0jX
nrezf.0ff365files.com/cdn-cgi/challenge-platform/h/g/img/7c4309a51da03630/1683562906638/ 61 B
461 B 15ms
15ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nrezf.0ff365files.com/cdn-cgi/challenge-platform/h/g/img/7c4309a51da03630/1683562906638/jKzojK3SzOLQ0jX
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a514dfeefd23bfd303288adb50609bdddb5c611e1ed9ce35126fdc396c30a76

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nrezf.0ff365files.com/Mjonathan.elkington@alvariuminvestments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 08 May 2023 16:21:47 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c4309ad6fb26987-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HYpJs3LfecR5JtXRLafs%2B%2BgGzU48dzwpWIhV7jc0831t4fvTrb4SCfbqPg3Mz%2FldR4Kr5nbZDkg6csIefzHOG2faZextBHBA5FwPPn%2Bw4nDqQ%2BgCFx%2BHb2HtbI5wGzjKeLJ0lkvqgiAVdTd90wEci73Qc5Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png

GET
BLOB 200
OK f1c14c72-e6a2-4e47-b10a-d527321b59c1
https://nrezf.0ff365files.com/ 656 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://nrezf.0ff365files.com/f1c14c72-e6a2-4e47-b10a-d527321b59c1
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e41277bd48cc271455c85a90d1458c60265604cb04fcd58fc06436741d3d8c7c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nrezf.0ff365files.com/Mjonathan.elkington@alvariuminvestments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Length: 656
Content-Type: text/javascript

GET
BLOB 200
OK d95d2329-a447-4827-9d6c-bbb157941e36
https://nrezf.0ff365files.com/ 539 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://nrezf.0ff365files.com/d95d2329-a447-4827-9d6c-bbb157941e36
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 08c91791d18c8b35509f8951ba53b3868ebc91a142f78fb1294aadad03f537c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://nrezf.0ff365files.com/Mjonathan.elkington@alvariuminvestments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Length: 539
Content-Type: text/javascript

POST
H3 200 4a0f098912e76b5 Show response
nrezf.0ff365files.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1474784899:1683562063:ZaEUqA-KM0dJRsmv8zoZsceyBqMTauI0Y6jSodBcd6M/7c4309a51da03630/ 7 KB
6 KB 46ms
45ms XHR
text/plain 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nrezf.0ff365files.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1474784899:1683562063:ZaEUqA-KM0dJRsmv8zoZsceyBqMTauI0Y6jSodBcd6M/7c4309a51da03630/4a0f098912e76b5
Requested by: Host: nrezf.0ff365files.com
URL: https://nrezf.0ff365files.com/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7c4309a51da03630
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b6263a1c13c1c0bec10b30aea2e03160b96a3b3a410269a88ef82043aeacfd60

Request headers

Referer: https://nrezf.0ff365files.com/Mjonathan.elkington@alvariuminvestments.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
CF-Challenge: 4a0f098912e76b5
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 08 May 2023 16:21:49 GMT
content-encoding: br
cf_chl_gen: 6mgSqu/3iUAGVQwhKjOEubMTMnrDkSwioo1j8ufBr1K4g2J+RpOwyhvzuUnwoiSE$IMRXbVlqpYMX1itDu3Hy1A==
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a6GPJeWmBlFCBWsNmnIuFkfWpawjtF17F9aBVeiozXzxG%2Fl98F4tpknHWT21n8PbQVWphRy4IjupvhA5BXx98xRr0MGhpfwvmqyIFTFovBnhnasVrABICQk6VAF8uDrftp8%2FZ0dQgKwwB4w0GhgYV4L%2B5%2Bo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 7c4309b93dda6987-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 normal Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/mlsae/0x4AAAAAAAAjq6WYeRDKmebM/light/ Frame 2761 22 KB
7 KB 43ms
28ms Document
text/html 2606:4700::6812:7b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/mlsae/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/g/b5e45436/api.js?onload=_cf_chl_turnstile_l&render=explicit
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:7b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6bedb2765cb5900b9d81e261b27f45618de3f376c0a5e65f2a00ab863026524d

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=0, must-revalidate
cf-ray: 7c4309b9a8111cb7-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Mon, 08 May 2023 16:21:49 GMT
document-policy: js-profiling
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare

GET
H3 200 v1 Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/ Frame 2761 156 KB
56 KB 36ms
36ms Script
application/javascript 2606:4700::6812:7b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7c4309b9a8111cb7
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/mlsae/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:7b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de16737d173669242744b451cab24f687a18848bee76ee504b573eb2c888e587

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/mlsae/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 08 May 2023 16:21:49 GMT
cache-control: max-age=0, must-revalidate
content-encoding: br
server: cloudflare
cf-ray: 7c4309ba69221cb7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type: application/javascript; charset=UTF-8

POST
H3 200 cee7cb76b78c049 Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/580695387:1683562110:seixZ2-kZ4JqHJczfhsgIZ9e02lWY09NL-EYQX1T6c8/7c4309b9a8111cb7/ Frame 2761 85 KB
44 KB 52ms
51ms XHR
text/plain 2606:4700::6812:7b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/580695387:1683562110:seixZ2-kZ4JqHJczfhsgIZ9e02lWY09NL-EYQX1T6c8/7c4309b9a8111cb7/cee7cb76b78c049
Requested by: Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7c4309b9a8111cb7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:7b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9cc87c13fa3ed027b2e1e8cc8c81b8958e00f6b13cc45afaa17efec9e9c9db07

Request headers

Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/mlsae/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
CF-Challenge: cee7cb76b78c049
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 08 May 2023 16:21:50 GMT
content-encoding: br
cf_chl_gen: Ps0/GsOtLywYDZ1dBuOMOMQk9KRRLX8BIrW4IgXpcqQHJzw3wibXHmQ9xgV5w89U0wNZftVnONPHMaEe7W0VHkzJdWak3jBV3ALzHDY2CulJNLy6PNdpRLNKPbq2WbV8r37/Jw4RsX+6DcW9xE4FFxFHccoPEs4yf4eqa68Eh9WMe4X8Jl0r559P6LT+8hVCYSWkjx+jphic1SoWRBdHC4o3FLp2uWchIMUvsahVTsif+34CO6nzcLcCqo9HFfQDq/025RwFVKM77Ve4PwHtzSLHVT76BiM/UP96y08xLRalo4dTpKvc0tXu1fNssSf/YQQ8qkRjztm509QsfxZ4B6pSjcTUdI4JtxO+u8SyuzCvLsZBg5wcGnc7Hgiym5uxonfWT8Ja6LQ7sKddsmC996pYAOeENRiQxl8LrPctycg=$lAC6oZjAmc0iErgVa4AiEw==
server: cloudflare
cf-ray: 7c4309bb6a911cb7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type: text/plain; charset=UTF-8

GET
H3 401 U3M-aXYXcDjCcvu Show response
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/7c4309b9a8111cb7/1683562909999/ac7d9ac913285aae4c5a21450bdcfdab55feb5dc4aee57a5f7cd132a40238f5d/ Frame 2761 1 B
647 B 15ms
15ms Fetch
text/plain 2606:4700::6812:7b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/7c4309b9a8111cb7/1683562909999/ac7d9ac913285aae4c5a21450bdcfdab55feb5dc4aee57a5f7cd132a40238f5d/U3M-aXYXcDjCcvu
Requested by: Host: hydropod.sa.com
URL: https://hydropod.sa.com/new/auth/firdxn////am9uYXRoYW4uZWxraW5ndG9uQGFsdmFyaXVtaW52ZXN0bWVudHMuY29t
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:7b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/mlsae/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 08 May 2023 16:21:50 GMT
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20grH2ayRMoWq5MWiFFC9z9q1X-tdxK7lel980TKkAjj10AGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAn23qyGdHVs28an7XXJsPKj7kVCaC9GVfIA_hqz7TYAdgPPPWwl9HHr2M2TPFejyc6bFISKBkmpvDiLNyAvKEm13RN65hHys38F97m-W3nV3CX88cMDzDhHNeSKqQo1MoCrKUVRA-HzoI7whFpb6oZatrsiQfT6e0EDSrkJ6AGKwW_hqtTq7Q8oQ8NMvLvQL4MtSLPzPcvwFOz2xb4cnOAAux7Xqj_X9nqx6jEU9gIxdjYa3s0NPyqM-bXlYDhp2Sss_2cyjfmadXK8iNYTmz68Ee9rJbH-kOjl28L1MjBPE6_7T93xkwiDUx1oIe6PkSyh1uv2wJROfbRBP3WttzJwIDAQAB, max-age=20
server: cloudflare
cf-ray: 7c4309bbfb831cb7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type: text/plain; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: https://nrezf.0ff365files.com/Mjonathan.elkington@alvariuminvestments.com Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://nrezf.0ff365files.com/cdn-cgi/challenge-platform/h/g/pat/7c4309a51da03630/1683562906637/dbfc147cacc51a5f57c5f0833dc6689e01968a51011b684f6d81c8d6d506c47b/juAOf2Xac9cPpLC Message: Failed to load resource: the server responded with a status of 401 ()
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/7c4309b9a8111cb7/1683562909999/ac7d9ac913285aae4c5a21450bdcfdab55feb5dc4aee57a5f7cd132a40238f5d/U3M-aXYXcDjCcvu Message: Failed to load resource: the server responded with a status of 401 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.getjusto.com
challenges.cloudflare.com
hydropod.sa.com
nrezf.0ff365files.com
162.241.69.179
2606:4700::6812:7b9
2a06:98c1:3120::3
44.193.55.9
06a71e414aa23ae3f130b24714b2a4b7530d298fce3a7e4103901cf9aa8dac1e
08c91791d18c8b35509f8951ba53b3868ebc91a142f78fb1294aadad03f537c8
26ae5eeec1af69f2915d5d3940e2a8c4ba8e6f2d94731c3520d48ea20cb32d69
5205e201bbd649a3a4af0ecb9b1e8a80f73aa8ea4aee1740302b1b8f7435b27f
6a514dfeefd23bfd303288adb50609bdddb5c611e1ed9ce35126fdc396c30a76
6bedb2765cb5900b9d81e261b27f45618de3f376c0a5e65f2a00ab863026524d
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
9cc87c13fa3ed027b2e1e8cc8c81b8958e00f6b13cc45afaa17efec9e9c9db07
a1b6541b7063122f7f0718165048b7b11ae70599080a472984bd41c47df5f639
b6263a1c13c1c0bec10b30aea2e03160b96a3b3a410269a88ef82043aeacfd60
de16737d173669242744b451cab24f687a18848bee76ee504b573eb2c888e587
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41277bd48cc271455c85a90d1458c60265604cb04fcd58fc06436741d3d8c7c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

nrezf.0ff365files.com Open in urlscan Pro 2a06:98c1:3120::3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

15 Requests

87 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

4 IPs

1 Countries

320 kBTransfer

629 kBSize

0 Cookies

0 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

0 Cookies

5 Console Messages

Indicators

nrezf.0ff365files.com Open in urlscan Pro
2a06:98c1:3120::3 Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

87 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

1
Countries

320 kB
Transfer

629 kB
Size

0
Cookies

15 HTTP transactions
0 data transactions