message.xelsibackpor.cf

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 6 HTTP transactions. The main IP is 2606:4700:3037::ac43:8f34, located in United States and belongs to CLOUDFLARENET, US. The main domain is message.xelsibackpor.cf.

This is the only time message.xelsibackpor.cf was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:303... 2606:4700:3037::ac43:8f34	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2a	20446 (STACKPATH...) (STACKPATH-CDN)
1	54.230.163.9 54.230.163.9	16509 (AMAZON-02) (AMAZON-02)
1	147.91.168.38 147.91.168.38	13092 (UB-AS) (UB-AS)
6	5

1 2606:4700:3037::ac43:8f34 (United States)

ASN13335 (CLOUDFLARENET, US)

message.xelsibackpor.cf	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

netdna.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.230.163.9 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-163-9.ewr53.r.cloudfront.net

ocdn.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.91.168.38 (Novi Sad, Serbia)

ASN13092 (UB-AS, RS)
PTR: dynuns.arm.uns.ac.rs

www.uns.ac.rs	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	bootstrapcdn.com netdna.bootstrapcdn.com — Cisco Umbrella Rank: 2755	31 KB
1	uns.ac.rs www.uns.ac.rs	185 KB
1	ocdn.eu ocdn.eu — Cisco Umbrella Rank: 25263	197 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 686	82 KB
1	xelsibackpor.cf message.xelsibackpor.cf	18 KB
6	5

	Domain	Requested by
2	netdna.bootstrapcdn.com	message.xelsibackpor.cf
1	www.uns.ac.rs	message.xelsibackpor.cf
1	ocdn.eu	message.xelsibackpor.cf
1	code.jquery.com	message.xelsibackpor.cf
1	message.xelsibackpor.cf
6	5

This site contains links to these domains. Also see Links.

Domain
twitter.com
facebook.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-01-29` - `2023-01-29`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
*.ocdn.eu GeoTrust RSA CA 2018	`2022-01-13` - `2023-01-13`	a year	crt.sh
www.uns.ac.rs GEANT OV RSA CA 4	`2022-09-27` - `2023-09-27`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://message.xelsibackpor.cf/
Frame ID: 98939F38CBBE9676C65B99AD30252E7F
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Deo medicinara u Novom Pazaru okrenuo leđa premijerki i ministru zdravlja

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

6
Requests

83 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

513 kB
Transfer

868 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/
Title: Twitter

Search URL Search Domain Scan URL

URL: https://facebook.com/
Title: Facebook

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
message.xelsibackpor.cf/ 56 KB
18 KB 499ms
233ms Document
text/html 2606:4700:3037::ac43:8f34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://message.xelsibackpor.cf/
Protocol: HTTP/1.1
Server: 2606:4700:3037::ac43:8f34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d91abfd4148c41631e36335416006e5730de781cf32e991cdb6a3bffed851ad7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

CF-Cache-Status: DYNAMIC
CF-RAY: 77c8a9c9b82f2316-ORD
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Tue, 20 Dec 2022 13:18:19 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ozWKhrS76z7CaPQ%2FgzpEXG%2B1re8kmddrWb1Gk7JGROS3ob%2FkYDowBb%2FXoSuQSsrt2FAZSR6miKJB8lFCh1luoDkb1agwTF3e62R5Wy3Fug9YZGeBMn88u0MU2H8KRuS70SDHl6CJ1OzhY03jak7BH8t%2FYRkZRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 bootstrap.min.css
netdna.bootstrapcdn.com/bootstrap/3.3.5/css/ 120 KB
20 KB 108ms
44ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://netdna.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css

Requested by

Host: message.xelsibackpor.cf
URL: http://message.xelsibackpor.cf/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: http://message.xelsibackpor.cf/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 20 Dec 2022 13:18:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 718
age: 2410405
cdn-cachedat: 03/12/2022 03:48:25
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: W/"5d5357cb3704e1f43a1f5bfed2aebf42"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cdn-cache: HIT
access-control-allow-origin: *
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 1bb2e78b9508644ccf81d73995ba6c00
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 77c8a9cc588722ca-ORD
cdn-requestpullsuccess: True

GET
H2 200 jquery.js Show response
code.jquery.com/ 276 KB
82 KB 146ms
30ms Script
application/javascript 2001:4de0:ac18::1:a:2a
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery.js
Requested by: Host: message.xelsibackpor.cf
URL: http://message.xelsibackpor.cf/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 3029834a820c79c154c377f52e2719fc3ff2a27600a07ae089ea7fde9087f6bc

Request headers

accept-language: en-US,en;q=0.9
Referer: http://message.xelsibackpor.cf/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 20 Dec 2022 13:18:19 GMT
content-encoding: gzip
x-sp-metadata: HS256.CKuIh50GEosBCiRkYTM2MjY2Mi1jNTg5LTQyNzgtOTQ1ZC02MzEzNjU4ZTJlOTIQ+OiCoKvU+wIaBgib7IadBiIQMjYwMjpmZmM4OjE6MTo6NCiI+QIwAzgEQhZUTFNfQUVTXzEyOF9HQ01fU0hBMjU2WiAzZTliMjA2MTAwOThiNmM5YmZmOTUzODU2ZTU4MDE2YRosCAESJDkxMTI2ODk3LTk4MTAtNDMxMi04NDI5LTYwNjgxYTU0ZjgxYRijjwUiGAgCEhRjZHMwMDUuY2g0Lmh3Y2RuLm5ldA==.SM/L+eKrKUv1THChwso8zWwZYqYXijRX0Pe6y/cM5XQ=
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-4508e"
vary: Accept-Encoding
x-hw: 1671542299.dop071.ch4.t,1671542299.cds213.ch4.hn,1671542299.cds005.ch4.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 83875

GET
H2 200 bootstrap.min.js Show response
netdna.bootstrapcdn.com/bootstrap/3.3.5/js/ 36 KB
11 KB 105ms
42ms Script
application/javascript 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://netdna.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js

Requested by

Host: message.xelsibackpor.cf
URL: http://message.xelsibackpor.cf/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: http://message.xelsibackpor.cf/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 20 Dec 2022 13:18:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 718
age: 2410328
cdn-cachedat: 03/12/2022 05:52:15
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: W/"4becdc9104623e891fbb9d38bba01be4"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cdn-cache: HIT
access-control-allow-origin: *
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 8b64722ce67adb74b26c2db75eb778fd
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 77c8a9cc588922ca-ORD
cdn-requestpullsuccess: True

GET
H2 200 a1xk9lLaHR0cDovL29jZG4uZXUvaW1hZ2VzL3B1bHNjbXMvTkdJN01EQV8vZmRhZWFkMmIxZmI4NTQwNDg0ZjE5Y2U0NzQ0YjNmODYuanBnkZMCzQSwAIEAAQ
ocdn.eu/pulscms-transforms/1/ 196 KB
197 KB 966ms
831ms Image
image/jpeg 54.230.163.9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ocdn.eu/pulscms-transforms/1/a1xk9lLaHR0cDovL29jZG4uZXUvaW1hZ2VzL3B1bHNjbXMvTkdJN01EQV8vZmRhZWFkMmIxZmI4NTQwNDg0ZjE5Y2U0NzQ0YjNmODYuanBnkZMCzQSwAIEAAQ
Requested by: Host: message.xelsibackpor.cf
URL: http://message.xelsibackpor.cf/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.163.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-163-9.ewr53.r.cloudfront.net
Software: Ring Publishing - Accelerator /
Resource Hash: fb8a0f11d045e973548ed26b3d3caaf03b731100c72aeaea82431fd14bc313a3

Request headers

accept-language: en-US,en;q=0.9
Referer: http://message.xelsibackpor.cf/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 20 Dec 2022 13:18:20 GMT
via: 1.1 f28d01ff99a9babe0b725f1873c60b2a.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR53-C3
x-cache: Miss from cloudfront
x-amz-meta-public-height: 800
alt-svc: h3=":443"; ma=86400
content-length: 200813
x-amz-meta-public-width: 1200
last-modified: Fri, 01 Jul 2022 19:11:57 GMT
server: Ring Publishing - Accelerator
etag: "7bbd5fe14293dd42493b29480accae62"
content-type: image/jpeg
x-amz-meta-md5: 7bbd5fe14293dd42493b29480accae62
cache-control: max-age=604800, public
accept-ranges: bytes
x-amz-cf-id: KHVmIfPcQZnOI5QPdQY-lQPpE-_YJevjiebaNz2MTWAue41x88RjTQ==

GET
H/1.1 200
OK su1.jpg
www.uns.ac.rs/images/slike/SU/ 184 KB
185 KB 1324ms
144ms Image
image/jpeg 147.91.168.38
UB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.uns.ac.rs/images/slike/SU/su1.jpg
Requested by: Host: message.xelsibackpor.cf
URL: http://message.xelsibackpor.cf/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 147.91.168.38 Novi Sad, Serbia, ASN13092 (UB-AS, RS),
Reverse DNS: dynuns.arm.uns.ac.rs
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 44b695b2d1cffaed87f5a020857413e2715b2bdf8467a330cda76edd93c3edd2

Request headers

accept-language: en-US,en;q=0.9
Referer: http://message.xelsibackpor.cf/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Tue, 20 Dec 2022 13:18:20 GMT
Last-Modified: Thu, 25 Jun 2020 09:53:36 GMT
Server: Apache/2.2.15 (CentOS)
ETag: "2804d0-2e1ee-5a8e590f18aa9"
Content-Type: image/jpeg
Connection: close
Accept-Ranges: bytes
Content-Length: 188910

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| $ function| jQuery object| jQuery1111016138058936789568

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			message.xelsibackpor.cf/	1969-12-31 23:59:59	Name: ch1c Value: b

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
message.xelsibackpor.cf
netdna.bootstrapcdn.com
ocdn.eu
www.uns.ac.rs
147.91.168.38
2001:4de0:ac18::1:a:2a
2606:4700:3037::ac43:8f34
2606:4700::6812:acf
54.230.163.9
3029834a820c79c154c377f52e2719fc3ff2a27600a07ae089ea7fde9087f6bc
31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87
44b695b2d1cffaed87f5a020857413e2715b2bdf8467a330cda76edd93c3edd2
4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327
d91abfd4148c41631e36335416006e5730de781cf32e991cdb6a3bffed851ad7
fb8a0f11d045e973548ed26b3d3caaf03b731100c72aeaea82431fd14bc313a3

message.xelsibackpor.cf Open in urlscan Pro 2606:4700:3037::ac43:8f34 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

6 Requests

83 %HTTPS

60 %IPv6

5 Domains

5 Subdomains

5 IPs

3 Countries

513 kBTransfer

868 kBSize

1 Cookies

2 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

1 Cookies

Indicators

message.xelsibackpor.cf Open in urlscan Pro
2606:4700:3037::ac43:8f34 Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

83 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

513 kB
Transfer

868 kB
Size

1
Cookies

6 HTTP transactions
0 data transactions