www.vx-underground.org Open in urlscan Pro
2a06:98c1:3121::3 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.vx-underground.org/samples.html
Submission Tags: falconsandbox
Submission: On September 16 via api (September 16th 2023, 10:57:47 am UTC) from US — Scanned from NL

Summary HTTP 10 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.vx-underground.org.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 21st 2022. Valid for: a year.

This is the only time www.vx-underground.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
7 17	2a06:98c1:312... 2a06:98c1:3121::3		13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2

17 2a06:98c1:3121::3 (United States) 7 redirects

ASN13335 (CLOUDFLARENET, US)

www.vx-underground.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vx-underground.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	vx-underground.org 7 redirects www.vx-underground.org vx-underground.org	7 MB
10	1

	Domain	Requested by
10	www.vx-underground.org	www.vx-underground.org
7	vx-underground.org	7 redirects
10	2

This site contains links to these domains. Also see Links.

Domain
twitter.com
donorbox.org
vx-underwear.org
www.mdsec.co.uk
maldevacademy.com
www.shellterproject.com
guidedhacking.com
link.malcore.io
app.uizard.io
zetalytics.com
www.phantomoverlay.io

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-10-21` - `2023-10-21`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.vx-underground.org/samples.html
Frame ID: D7EC52B1957AA6E8F0464BE6BDFA891B
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

vx-underground

Page Statistics

10
Requests

30 %
HTTPS

100 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

7290 kB
Transfer

16357 kB
Size

0
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/vxunderground
Title: Official vx-underground Twitter

Search URL Search Domain Scan URL

URL: https://donorbox.org/support-vx-underground
Title: Donate to vx-underground

Search URL Search Domain Scan URL

URL: https://donorbox.org/vxug-monthly
Title: Support vx-underground monthly

Search URL Search Domain Scan URL

URL: https://vx-underwear.org/
Title: Buy vx-underground Merchandise

Search URL Search Domain Scan URL

URL: https://www.mdsec.co.uk/nighthawk/

Search URL Search Domain Scan URL

URL: https://maldevacademy.com/?referrer=vx-underground

Search URL Search Domain Scan URL

URL: https://www.shellterproject.com/

Search URL Search Domain Scan URL

URL: https://guidedhacking.com/

Search URL Search Domain Scan URL

URL: https://link.malcore.io/learn-more

Search URL Search Domain Scan URL

URL: https://app.uizard.io/p/c69fa2aa

Search URL Search Domain Scan URL

URL: http://zetalytics.com/
Title: zetalytics.com

Search URL Search Domain Scan URL

URL: https://www.phantomoverlay.io/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://vx-underground.org/nh_sponsor.jpg HTTP 301
https://www.vx-underground.org/nh_sponsor.jpg

Request Chain 1

https://vx-underground.org/md_sponsor.png HTTP 301
https://www.vx-underground.org/md_sponsor.png

Request Chain 2

https://vx-underground.org/shellter_sponsor.png HTTP 301
https://www.vx-underground.org/shellter_sponsor.png

Request Chain 3

https://vx-underground.org/gh-vxug.png HTTP 301
https://www.vx-underground.org/gh-vxug.png

Request Chain 4

https://vx-underground.org/Malcore_Banner_vx.png HTTP 301
https://www.vx-underground.org/Malcore_Banner_vx.png

Request Chain 5

https://vx-underground.org/zetalytics.jpg HTTP 301
https://www.vx-underground.org/zetalytics.jpg

Request Chain 6

https://vx-underground.org/po.png HTTP 301
https://www.vx-underground.org/po.png

10 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request samples.html
www.vx-underground.org/ 16 MB
7 MB 1964ms
1888ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.vx-underground.org/samples.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 807896eb3a25367a-FRA
content-encoding: br
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
content-type: text/html
date: Sat, 16 Sep 2023 10:57:38 GMT
last-modified: Sat, 09 Sep 2023 01:23:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
permissions-policy: interest-cohort=()
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jy%2FyVLMGWt2p8ZW5x9oDh4ZxyAqudQ800GzuM7ZXd2Hkv73mgp0ZyLscZAgoKHQ80EFuoppEr%2BaYv478QcXAbscm5haAhHaf5UuaP4wa3kFSxIRe6HA5qqWoHkn7Ctl66WwchQjrBiSy2%2FYvvyw1czMfTTWD"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3

200

nh_sponsor.jpg
www.vx-underground.org/
Redirect Chain

https://vx-underground.org/nh_sponsor.jpg
https://www.vx-underground.org/nh_sponsor.jpg

118 KB
118 KB

47ms
47ms

Image
image/jpeg

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vx-underground.org/nh_sponsor.jpg

Requested by

Host: www.vx-underground.org
URL: https://www.vx-underground.org/samples.html

Protocol

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a22e57fa8dc8af2d60f7277f5ca1b9a2b2388079018aeaabeb86043b8e8fd546

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.vx-underground.org/samples.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 10:57:39 GMT
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 115303
alt-svc: h3=":443"; ma=86400
content-length: 120469
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 19 Jul 2023 15:23:55 GMT
server: cloudflare
etag: "64b8000b-1d695"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DSx4M%2BR%2Bn6MnNN%2FI%2Fzii1CvKruifx9dF7Ns1NN4OH8BFysI9VXDufKslM5sYoKlv9OZA8IVs4pPhPjDz3pGCQXXUWF3u7iqh%2BX2mqDDV9p%2BSk3IUK7pem0i%2BOhO5vRPyKKvu39MaeF2RKS%2F9VDuMpMEQfBy1"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=604800
permissions-policy: interest-cohort=()
accept-ranges: bytes
cf-ray: 80789700aa982bc0-FRA
expires: Wed, 20 Sep 2023 17:23:14 GMT

Redirect headers

date: Sat, 16 Sep 2023 10:57:39 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k%2BthK%2FAR7oakBc74fjnkl5KV3YoUukcDuUyux%2FPng1wsnL5EQSrQC3PNFTGAVjjKJqC9AXYVOHNQr%2FcYXYnXxPzqum8ZWmrUG3E4VnDgiqLcowqpkinN91AvmSvzWQtDrTrmpJlAoCrt5z42pztaohw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: http://www.vx-underground.org/nh_sponsor.jpg
cache-control: max-age=14400
cf-ray: 807896ff9bff367a-FRA
alt-svc: h3=":443"; ma=86400

GET
H3

200

md_sponsor.png
www.vx-underground.org/
Redirect Chain

https://vx-underground.org/md_sponsor.png
https://www.vx-underground.org/md_sponsor.png

22 KB
23 KB

110ms
110ms

Image
image/png

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vx-underground.org/md_sponsor.png

Requested by

Host: www.vx-underground.org
URL: https://www.vx-underground.org/samples.html

Protocol

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed431dfd1c80da71980a9a1d042854007a5ec162da8a0c58cb9f4806a93ba9d4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.vx-underground.org/samples.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 10:57:39 GMT
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 137763
alt-svc: h3=":443"; ma=86400
content-length: 22860
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 01 Jul 2023 03:01:01 GMT
server: cloudflare
etag: "649f96ed-594c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nmhBZSnioaMaVwZDGs5GrvcXFNxW4jrlMaAwViUDEIs%2BAP5W55ET0ts4NVZDY6xrZzurgdJR3KPIsHhPC5TudE7n3XJjU3QSLUtOJZ4OjU0gDHsLShXexcXn4grZpS5d%2BzVSSr%2FjojSvBKGgAznhFTXAkwCA"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=604800
permissions-policy: interest-cohort=()
accept-ranges: bytes
cf-ray: 80789700aa9d2bc0-FRA
expires: Fri, 15 Sep 2023 09:55:55 GMT

Redirect headers

date: Sat, 16 Sep 2023 10:57:39 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FFJ%2FxCOIuTIqNKplN1fZ8x4CBiZJ1N1ViQerqb%2FiWR6233w9BgGxvLzoZ1zIF%2FSnGbQQ86IopX6r%2FtmSaEyr5xlrBHB6%2FY9w2dcGVZw185zYnCuHLcoXF8AnEkC1plhAR54l%2B2ZaIQ0WaY8sOJWovlA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: http://www.vx-underground.org/md_sponsor.png
cache-control: max-age=14400
cf-ray: 807896ff9c00367a-FRA
alt-svc: h3=":443"; ma=86400

GET
H3

200

shellter_sponsor.png
www.vx-underground.org/
Redirect Chain

https://vx-underground.org/shellter_sponsor.png
https://www.vx-underground.org/shellter_sponsor.png

26 KB
26 KB

28ms
27ms

Image
image/png

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vx-underground.org/shellter_sponsor.png

Requested by

Host: www.vx-underground.org
URL: https://www.vx-underground.org/samples.html

Protocol

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22894b2168323e4090cebf2a4b465516706553a77b2e0f297c37c0c0e531722e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.vx-underground.org/samples.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 10:57:39 GMT
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 314328
alt-svc: h3=":443"; ma=86400
content-length: 26336
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 14 Aug 2023 18:53:35 GMT
server: cloudflare
etag: "64da782f-66e0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u3emycq2pKm61mlnwNI1g2Lw2D%2FBkOnim5EwmE3XCc5MtCRKaDmPM4pb%2B7jQOI%2BUOAoEnuR2K0TIeEcKO6E8czqBdnPg%2BbzfdpGaNmo7VOQycx9E5dg7n9j6%2FLuSvpoh587fg6fQayi1S8iVyyUHSr%2FYIoD%2F"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=604800
permissions-policy: interest-cohort=()
accept-ranges: bytes
cf-ray: 80789700aa962bc0-FRA
expires: Mon, 18 Sep 2023 20:02:11 GMT

Redirect headers

date: Sat, 16 Sep 2023 10:57:39 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VHY1jPD0K7OdLrSQyJ5GlVwhcq9KtsJIeU68tZKF8dG1pk5KPrSZKyx9RgZuYJCEB%2B06rReOHmEu1qzJUGWmr0zH9A3LwPTH5NIeFAWQIwc3M%2BtBVvq7n%2BQShY%2FU8VXRzC6NDgs86jeHAPKNZ79chJU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: http://www.vx-underground.org/shellter_sponsor.png
cache-control: max-age=14400
cf-ray: 807896ff9c08367a-FRA
alt-svc: h3=":443"; ma=86400

GET
H3

200

gh-vxug.png
www.vx-underground.org/
Redirect Chain

https://vx-underground.org/gh-vxug.png
https://www.vx-underground.org/gh-vxug.png

112 KB
113 KB

92ms
91ms

Image
image/png

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vx-underground.org/gh-vxug.png

Requested by

Host: www.vx-underground.org
URL: https://www.vx-underground.org/samples.html

Protocol

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ff99c9e6a4796927391184eeedc82bbdc2f7236677772055c3fbfac1944db1f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.vx-underground.org/samples.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 10:57:39 GMT
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 588
alt-svc: h3=":443"; ma=86400
content-length: 114908
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 01 Jul 2023 03:01:01 GMT
server: cloudflare
etag: "649f96ed-1c0dc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tOkczacSxeZPJk3hxfBu7RHFR6XT%2BKrG9sbb56Myh8sV5VnEeN71wneUbhL6XqlpPZvBcYVTUaEnz8k604cdmHI2QOwFcQUysi7YmPhVPiZwSMLmhU%2BOrVXUOKlLu%2BszQ7bDwgAdNni4ZS%2BrpM1zwWASdORp"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=604800
permissions-policy: interest-cohort=()
accept-ranges: bytes
cf-ray: 80789700aa9b2bc0-FRA
expires: Tue, 19 Sep 2023 20:02:26 GMT

Redirect headers

date: Sat, 16 Sep 2023 10:57:39 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3sXcJ60A9ZGx9JD9KGDQvw4XFvIWwDxMCvZuLXK4sF3Ulg5RHjQGOtNidIs%2BEn1mdx9groWZ7vlw8t%2BATZwbfoC%2FXtLkiY64jgyQHwT5tuXOaAPGtZsqnVS70GWKxoOOsB6dh%2FRzP%2Br%2F4SDsqOBPvaQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: http://www.vx-underground.org/gh-vxug.png
cache-control: max-age=14400
cf-ray: 807896ff9c06367a-FRA
alt-svc: h3=":443"; ma=86400

GET
H3

200

Malcore_Banner_vx.png
www.vx-underground.org/
Redirect Chain

https://vx-underground.org/Malcore_Banner_vx.png
https://www.vx-underground.org/Malcore_Banner_vx.png

53 KB
54 KB

72ms
71ms

Image
image/png

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vx-underground.org/Malcore_Banner_vx.png

Requested by

Host: www.vx-underground.org
URL: https://www.vx-underground.org/samples.html

Protocol

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5fc6de9bfacdc7d72d48b16f46fed043a62d6ee094f7a15bd8f48f55e915e81

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.vx-underground.org/samples.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 10:57:39 GMT
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 115302
alt-svc: h3=":443"; ma=86400
content-length: 54177
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 01 Jul 2023 03:01:01 GMT
server: cloudflare
etag: "649f96ed-d3a1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W8lwOndqPzsHVCVoFSDQ6IShi1khn%2Facwt0n31iDzX3Zk2znyHR%2BJYInhEDyk62oxXKLqmb4GgfKn3T2BERkWKWdN%2BHGUX9uc1c7R3d3mi0%2BDffAakQO%2F9So3zsQ18a%2FcC2fiOoni8Fm2HJYx7bB%2F0GFWj4M"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=604800
permissions-policy: interest-cohort=()
accept-ranges: bytes
cf-ray: 80789700aa992bc0-FRA
expires: Fri, 15 Sep 2023 04:25:58 GMT

Redirect headers

date: Sat, 16 Sep 2023 10:57:39 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yq3p1tkDGMphClMprnjV9B8RNdQPPybSixnQ7vbg0MwjhYfUWzX51KIOnr4LpKG8VU6W9fxNrBPTfbM8SoQMy%2F3N2lkDKKDsg1Rhh4r9d3GpIjaAEEHhjpVkMKD4EF9louUQmA%2F7%2BQ5H3JOD6fSIuGE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: http://www.vx-underground.org/Malcore_Banner_vx.png
cache-control: max-age=14400
cf-ray: 807896ff9c03367a-FRA
alt-svc: h3=":443"; ma=86400

GET
H3

200

zetalytics.jpg
www.vx-underground.org/
Redirect Chain

https://vx-underground.org/zetalytics.jpg
https://www.vx-underground.org/zetalytics.jpg

34 KB
35 KB

32ms
31ms

Image
image/jpeg

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vx-underground.org/zetalytics.jpg

Requested by

Host: www.vx-underground.org
URL: https://www.vx-underground.org/samples.html

Protocol

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c8eed1640c501d00c86927302d304e9fe73ec11be40fcd84462dbd60bb3d1c7b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.vx-underground.org/samples.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 10:57:40 GMT
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 137764
alt-svc: h3=":443"; ma=86400
content-length: 35288
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 01 Jul 2023 03:01:01 GMT
server: cloudflare
etag: "649f96ed-89d8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pHKdE%2F1zGF50j1kzEEui7JKln1OznUxT9EJTXYt%2FzSl5x3HGbxmBWvRqrLjuQODeUPAwklZdc%2BE%2FWiJgIl99cgs4Ryz%2F8gbZixTJbaX%2FcoJR1bLFcDauGI4FeZi6LGRErql7guT6eKqI0NaRc7iHjEZHOr0F"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=604800
permissions-policy: interest-cohort=()
accept-ranges: bytes
cf-ray: 807897021cd42bc0-FRA
expires: Tue, 19 Sep 2023 08:22:19 GMT

Redirect headers

date: Sat, 16 Sep 2023 10:57:40 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=95U%2BfAaTBDQydWbsrOrZoNNrW3kmkA3UxO6IJf6tygBs4H3G3rdZZjjlidfgGjaA%2FXOJYpWlkNOkdIu2zjTWkDzARwxJjzQNv4pAean2fMkatwRT4w8aXGCooD%2Fa7IWUVCBM3OczZVM7tkUzmFKrbLM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: http://www.vx-underground.org/zetalytics.jpg
cache-control: max-age=14400
cf-ray: 807896ff9c09367a-FRA
alt-svc: h3=":443"; ma=86400

GET
H3

200

po.png
www.vx-underground.org/
Redirect Chain

https://vx-underground.org/po.png
https://www.vx-underground.org/po.png

61 KB
61 KB

32ms
32ms

Image
image/png

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vx-underground.org/po.png

Requested by

Host: www.vx-underground.org
URL: https://www.vx-underground.org/samples.html

Protocol

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed923b4de7182c05a5890600e8e9833a0286ead3c32e1695d218b4c108149a02

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.vx-underground.org/samples.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 10:57:40 GMT
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 174005
alt-svc: h3=":443"; ma=86400
content-length: 62008
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 01 Jul 2023 03:01:01 GMT
server: cloudflare
etag: "649f96ed-f238"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JPD14Q41wFNPaJmd1zqqjeV0D5EDmkWjPU1QthdK%2Fu%2FALNgkf14I%2B12W6UTNR2KYSMwUATkr30pKk78QLPAyTKNI6u2EHErWEoj4YyKYLOZ26JpsftWtatLpilIzxfUcUgZSF3c0%2BLuRz0RBl85si%2FWEcv4i"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=604800
permissions-policy: interest-cohort=()
accept-ranges: bytes
cf-ray: 807897017bdd2bc0-FRA
expires: Sat, 16 Sep 2023 06:58:08 GMT

Redirect headers

date: Sat, 16 Sep 2023 10:57:40 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 589
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8fBlXu9DmyYAT91JiaQ3u%2FFQKH3JS1O35VSwpdUoYEVfc%2FEkPNgULs6g4ONmENwhqsQ3mSWXMcx05Uw8pmQh8hNCHZLmCm03VnuirPRDxltm9rdrd%2BJBK7%2BltwL4kTv86LnMSojhfQX4rNfeQSDZrvg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: http://www.vx-underground.org/po.png
cache-control: max-age=14400
cf-ray: 80789700fafc2bc0-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 email-decode.min.js Show response
www.vx-underground.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 142ms
141ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.vx-underground.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.vx-underground.org
URL: https://www.vx-underground.org/samples.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.vx-underground.org/samples.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 10:57:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Sep 2023 15:48:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6500883e-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gJr7lxnUfEWyXv9WWqWuY9a6pLFlqwQpPNOEafRh4cLX6GiqSAcdJ8h4UYUkN7kazDBglHaFgQjU1aGczEmIqpChqMuhmZQTPRWKS6udrYWl8On9Z01W67rMQNSz7BGIqKH88oGFo75Tkm2wbZhLWbepPZwd"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 807896ff9bfc367a-FRA
expires: Mon, 18 Sep 2023 10:57:39 GMT

GET
H3 200 headerbg.PNG
www.vx-underground.org/ 20 KB
21 KB 29ms
29ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vx-underground.org/headerbg.PNG

Requested by

Host: www.vx-underground.org
URL: https://www.vx-underground.org/samples.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70cc6b4e65a49117c9d44f4d24ecc148cafab38fc9020643ec8a505227184ba7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.vx-underground.org/samples.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 10:57:39 GMT
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 588
alt-svc: h3=":443"; ma=86400
content-length: 20622
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 01 Jul 2023 03:01:01 GMT
server: cloudflare
etag: "649f96ed-508e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=528lxJUwTPC%2BphYyrn%2BHE%2FpeOsQqo3m6GQ%2BwZ1O%2F09nc8ElW4kyDcQDByOA1N8YDlb281BGQmfP76b2WyMepDBZFCScj1nn020RpPAjGUdEY%2BW6j1LGMfwlD1NnNCDRYgq5gThWFu9z4iV0Vw2lMVlGq%2Bhxp"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=604800
permissions-policy: interest-cohort=()
accept-ranges: bytes
cf-ray: 807896fff9bd2bc0-FRA
expires: Mon, 18 Sep 2023 09:50:58 GMT

GET
DATA 200
OK truncated
/ 7 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f89eebb8f10505963e6d4acc5fb52033b0fc7ce609d49daab1833cab3796ffc3

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 147 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2c9aa39098834ea2335ed700091705dbb4ec498d20706ccd7195872f263e0962

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 844 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 37be050a2b8fe1312ed8cb1bb811bbed3ae87e334dd9749144927bad1eb4e0bb

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 306 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0f678d6560aa83b45031731aea77eb5b1799ae1515d9f45bc57c226ae1e2a3cb

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 144 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 535f2bf8f6ec96952bb2901eab514dd20071273a1134a7b0255ae40e1569ba3b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 64 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 40e9c2b688f78c0cd43c60298ecd353fcd54745bb6e83a3ffa6b0fb19e1936fb

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

Content-Type: image/gif

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

vx-underground.org
www.vx-underground.org
2a06:98c1:3121::3
0f678d6560aa83b45031731aea77eb5b1799ae1515d9f45bc57c226ae1e2a3cb
22894b2168323e4090cebf2a4b465516706553a77b2e0f297c37c0c0e531722e
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2c9aa39098834ea2335ed700091705dbb4ec498d20706ccd7195872f263e0962
37be050a2b8fe1312ed8cb1bb811bbed3ae87e334dd9749144927bad1eb4e0bb
40e9c2b688f78c0cd43c60298ecd353fcd54745bb6e83a3ffa6b0fb19e1936fb
535f2bf8f6ec96952bb2901eab514dd20071273a1134a7b0255ae40e1569ba3b
70cc6b4e65a49117c9d44f4d24ecc148cafab38fc9020643ec8a505227184ba7
8ff99c9e6a4796927391184eeedc82bbdc2f7236677772055c3fbfac1944db1f
a22e57fa8dc8af2d60f7277f5ca1b9a2b2388079018aeaabeb86043b8e8fd546
a5fc6de9bfacdc7d72d48b16f46fed043a62d6ee094f7a15bd8f48f55e915e81
c8eed1640c501d00c86927302d304e9fe73ec11be40fcd84462dbd60bb3d1c7b
ed431dfd1c80da71980a9a1d042854007a5ec162da8a0c58cb9f4806a93ba9d4
ed923b4de7182c05a5890600e8e9833a0286ead3c32e1695d218b4c108149a02
f89eebb8f10505963e6d4acc5fb52033b0fc7ce609d49daab1833cab3796ffc3

www.vx-underground.org Open in urlscan Pro 2a06:98c1:3121::3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

10 Requests

30 %HTTPS

100 %IPv6

1 Domains

2 Subdomains

2 IPs

1 Countries

7290 kBTransfer

16357 kBSize

0 Cookies

12 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

0 Cookies

1 Console Messages

Security Headers

Indicators

www.vx-underground.org Open in urlscan Pro
2a06:98c1:3121::3 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

30 %
HTTPS

100 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

7290 kB
Transfer

16357 kB
Size

0
Cookies

10 HTTP transactions
6 data transactions