at7z4x6n9w3r2gqk.f8l.ru
Open in
urlscan Pro
2a06:98c1:3121::3
Public Scan
Effective URL: https://at7z4x6n9w3r2gqk.f8l.ru/w5T1m4V7f/
Submission: On July 07 via manual from PH — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on July 1st 2023. Valid for: 3 months.
This is the only time at7z4x6n9w3r2gqk.f8l.ru was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 68.168.84.60 68.168.84.60 | 17378 (AS17378) (AS17378) | |
1 | 192.185.87.81 192.185.87.81 | 19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING) | |
1 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:1a | 20446 (STACKPATH...) (STACKPATH-CDN) | |
1 8 | 2606:4700::68... 2606:4700::6811:2b8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a04:4e42:200... 2a04:4e42:200::485 | 54113 (FASTLY) (FASTLY) | |
14 | 6 |
ASN17378 (AS17378, US)
PTR: 60.84.168.68.static.dbsintl.net
www.nexxt.com |
ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 192-185-87-81.unifiedlayer.com
groundfighterwear.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
cloudflare.com
1 redirects
challenges.cloudflare.com — Cisco Umbrella Rank: 5263 |
286 KB |
2 |
nexxt.com
2 redirects
www.nexxt.com — Cisco Umbrella Rank: 143019 |
6 KB |
1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 368 |
25 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 749 |
30 KB |
1 |
f8l.ru
at7z4x6n9w3r2gqk.f8l.ru |
2 KB |
1 |
groundfighterwear.com
groundfighterwear.com |
130 B |
14 | 6 |
Domain | Requested by | |
---|---|---|
8 | challenges.cloudflare.com |
1 redirects
at7z4x6n9w3r2gqk.f8l.ru
challenges.cloudflare.com |
2 | www.nexxt.com | 2 redirects |
1 | cdn.jsdelivr.net |
groundfighterwear.com
|
1 | code.jquery.com |
groundfighterwear.com
|
1 | at7z4x6n9w3r2gqk.f8l.ru | |
1 | groundfighterwear.com | |
14 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.groundfighterwear.com R3 |
2023-06-29 - 2023-09-27 |
3 months | crt.sh |
f8l.ru GTS CA 1P5 |
2023-07-01 - 2023-09-29 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4 |
2022-12-23 - 2024-01-24 |
a year | crt.sh |
challenges.cloudflare.com Cloudflare Inc ECC CA-3 |
2022-09-18 - 2023-09-17 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://at7z4x6n9w3r2gqk.f8l.ru/w5T1m4V7f/
Frame ID: 7082905B1D3D3FCBA82A45E289DF7B14
Requests: 6 HTTP requests in this frame
Frame:
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/0cm2i/0x4AAAAAAAGzadhfqGiC3rV2/auto/normal
Frame ID: 8737C0B1BB233DFB19A7403B35E193F5
Requests: 9 HTTP requests in this frame
Screenshot
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://www.nexxt.com/common/track/trackgeneral.asp?tcid=106ttid=2cid=146408910emid=18977&tv1=Unsubscribetl2=3Dsdtv2=30200224%2B14%3A08bydal=truesid=EFC4BF1A-2DD6-4735-A7FC-6285ED6C4AACintsti=&red=https%3A%2F%2Fgroundfighterwear.com%2Fnew%2Fauth%2FhkIG%2F%2F%2F%2FZC53cmF6aWRsb0B1c3dhdGVyc2VydmljZXMuY29t HTTP 301
- https://www.nexxt.com/common/track/trackgeneral.asp?tcid=106ttid=2cid=146408910emid=18977&tv1=Unsubscribetl2=3Dsdtv2=30200224%2B14%3A08bydal=truesid=EFC4BF1A-2DD6-4735-A7FC-6285ED6C4AACintsti=&red=https%3A%2F%2Fgroundfighterwear.com%2Fnew%2Fauth%2FhkIG%2F%2F%2F%2FZC53cmF6aWRsb0B1c3dhdGVyc2VydmljZXMuY29t HTTP 302
- https://groundfighterwear.com/new/auth/hkIG////ZC53cmF6aWRsb0B1c3dhdGVyc2VydmljZXMuY29t
- https://challenges.cloudflare.com/turnstile/v0/api.js HTTP 302
- https://challenges.cloudflare.com/turnstile/v0/g/19b997cb/api.js
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
ZC53cmF6aWRsb0B1c3dhdGVyc2VydmljZXMuY29t
groundfighterwear.com/new/auth/hkIG//// Redirect Chain
|
0 130 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
at7z4x6n9w3r2gqk.f8l.ru/w5T1m4V7f/ |
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
130 B 0 |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
challenges.cloudflare.com/turnstile/v0/g/19b997cb/ Redirect Chain
|
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/ |
152 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/0cm2i/0x4AAAAAAAGzadhfqGiC3rV2/auto/ Frame 8737 |
24 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
v1
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/ Frame 8737 |
171 KB 59 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
da06d3d1-4ebb-4d2d-af54-119440f71b14
https://challenges.cloudflare.com/ Frame 8737 |
0 0 |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
8f9ed9a95ac2d1f
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1970815401:1688747007:2bB3XQDNJ37ByzB_CGvi2zg0LglzUTUpwCqJ3NpgF1Q/7e31a559f8e4382c/ Frame 8737 |
267 KB 201 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
WuCmr_IgzOy-KJp
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/7e31a559f8e4382c/1688749249854/7180a99eec2ef9ebf91bf24406a250ad11672546cceddcf42bea9ae2005d11ce/ Frame 8737 |
1 B 628 B |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
9a9e4bdf-1813-429c-ba70-8b05a83b4106
https://challenges.cloudflare.com/ Frame 8737 |
99 B 0 |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
69ca4632-8c9f-44a0-ae54-574e876bf039
https://challenges.cloudflare.com/ Frame 8737 |
656 B 0 |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
aeLk31xc_YCdlct
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7e31a559f8e4382c/1688749249855/ Frame 8737 |
61 B 147 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
8f9ed9a95ac2d1f
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1970815401:1688747007:2bB3XQDNJ37ByzB_CGvi2zg0LglzUTUpwCqJ3NpgF1Q/7e31a559f8e4382c/ Frame 8737 |
13 KB 10 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 boolean| credentialless object| onbeforetoggle object| onscrollend string| nox function| $ function| jQuery function| x object| turnstile6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.nexxt.com/ | Name: BeyondSessionId Value: xTXuKbmNF7TMbBWHfTkJo9Ws%2fRtrd1DkNpmlkBNmxsWfO83orSI%2fkKlHfGsRiXfn |
|
.nexxt.com/ | Name: UB Value: Key=674cb229-ff71-4ef9-b3fa-91cdb7a56d32 |
|
.nexxt.com/ | Name: Visitor Value: NewSessionID=33E68CEF-0FEE-4DD7-A7F6-8C9616394D42&Tracked=B4391ACD-5621-4686-9A03-4648D58E237E |
|
www.nexxt.com/ | Name: DidIPLkup Value: Y |
|
www.nexxt.com/ | Name: SERVERID Value: WFE2202 |
|
at7z4x6n9w3r2gqk.f8l.ru/ | Name: PHPSESSID Value: 60m08ggugu8ssj1tkuudokcpj7 |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
at7z4x6n9w3r2gqk.f8l.ru
cdn.jsdelivr.net
challenges.cloudflare.com
code.jquery.com
groundfighterwear.com
www.nexxt.com
192.185.87.81
2001:4de0:ac18::1:a:1a
2606:4700::6811:2b8
2a04:4e42:200::485
2a06:98c1:3121::3
68.168.84.60
3183261912cb80bb5c789aeaf736a33a6c01a7334d07d3f6ed6b362bba79fb61
3e08d5bfa343a720683f894c2f0fae5e14563c27b291fef407cca2765078d4a3
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b
8da6995557d29a73fe50e281b1e09e241f0893b6b41ecf27702ba4f5c25c0194
8e80470bbd3e90966ebc80546a0de4208037410975145177219646886e614a6b
a7a5045877238b1271059b2175e224d73844f717d25ee6bb0bd4751d21490075
c968df877e8a7a83c96ed3e24b73f2bd38d8dee4b375534f44cc40ca069654c1
d3b062bd3e1f11c92f2c583e1951a615054e6025f8539f826005f2a114eecdfe
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41277bd48cc271455c85a90d1458c60265604cb04fcd58fc06436741d3d8c7c
f81eb26314f07abb492de5162a8a0a2ee995e06179f4be1dea767753b08c3168
fe22c199a901aea0cfef3981a37573415c8ee96ad531d6ac9bd42dd99667c9b4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e