![](/screenshots/d3bbc7bc-7839-4868-a1ea-95543b4f608c.png)
pre.adanih.com
Open in
urlscan Pro
2606:4700:3031::6815:5193
Malicious Activity!
Public Scan
Submission: On August 07 via api from US — Scanned from US
Summary
TLS certificate: Issued by GTS CA 1P5 on July 11th 2023. Valid for: 3 months.
This is the only time pre.adanih.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700:303... 2606:4700:3031::6815:5193 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 3 | 2606:4700::68... 2606:4700::6811:2b8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 104.16.169.131 104.16.169.131 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 108.139.47.120 108.139.47.120 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 13.225.223.52 13.225.223.52 | 16509 (AMAZON-02) (AMAZON-02) | |
10 | 5 |
ASN13335 (CLOUDFLARENET, US)
js.hcaptcha.com | |
newassets.hcaptcha.com | |
api2.hcaptcha.com |
ASN16509 (AMAZON-02, US)
PTR: server-108-139-47-120.jfk50.r.cloudfront.net
findicons.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-225-223-52.jfk51.r.cloudfront.net
images.freeimages.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
hcaptcha.com
js.hcaptcha.com — Cisco Umbrella Rank: 13262 newassets.hcaptcha.com — Cisco Umbrella Rank: 12132 api2.hcaptcha.com — Cisco Umbrella Rank: 23476 |
269 KB |
3 |
cloudflare.com
1 redirects
challenges.cloudflare.com — Cisco Umbrella Rank: 6398 |
10 KB |
1 |
freeimages.com
images.freeimages.com — Cisco Umbrella Rank: 205958 |
634 B |
1 |
findicons.com
1 redirects
findicons.com — Cisco Umbrella Rank: 382758 |
307 B |
1 |
adanih.com
pre.adanih.com |
6 KB |
10 | 5 |
Domain | Requested by | |
---|---|---|
4 | newassets.hcaptcha.com |
js.hcaptcha.com
newassets.hcaptcha.com |
3 | challenges.cloudflare.com |
1 redirects
pre.adanih.com
challenges.cloudflare.com |
1 | api2.hcaptcha.com |
newassets.hcaptcha.com
|
1 | images.freeimages.com |
pre.adanih.com
|
1 | findicons.com | 1 redirects |
1 | js.hcaptcha.com |
pre.adanih.com
|
1 | pre.adanih.com | |
10 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
adanih.com GTS CA 1P5 |
2023-07-11 - 2023-10-09 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-04-15 - 2024-04-14 |
a year | crt.sh |
challenges.cloudflare.com Cloudflare Inc ECC CA-3 |
2022-09-18 - 2023-09-17 |
a year | crt.sh |
This page contains 4 frames:
Primary Page:
https://pre.adanih.com/cl
Frame ID: 7EE6F00B43CB59FA6864668496885E39
Requests: 4 HTTP requests in this frame
Frame:
https://newassets.hcaptcha.com/captcha/v1/e7de24e/static/hcaptcha.html
Frame ID: A1E83EC8B7617AC6E3DB562CA3C39249
Requests: 2 HTTP requests in this frame
Frame:
https://newassets.hcaptcha.com/captcha/v1/e7de24e/static/hcaptcha.html
Frame ID: D02AFB8525AA66A06AA47B3FA9326B7B
Requests: 4 HTTP requests in this frame
Frame:
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/9vls5/0x4AAAAAAAH51LUjEKUHjvhz/auto/normal
Frame ID: 38EBEAC4CDB1987BC7720D04BB82DF43
Requests: 1 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP 302
- https://challenges.cloudflare.com/turnstile/v0/g/74ac0d47/api.js?onload=onloadTurnstileCallback
- https://findicons.com/files/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png HTTP 301
- https://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
cl
pre.adanih.com/ |
22 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
challenges.cloudflare.com/turnstile/v0/g/74ac0d47/ Redirect Chain
|
27 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
js.hcaptcha.com/1/ |
313 KB 89 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_new_logo_alt.png
images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/ Redirect Chain
|
254 B 634 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hcaptcha.html
newassets.hcaptcha.com/captcha/v1/e7de24e/static/ Frame A1E8 |
2 KB 934 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hcaptcha.html
newassets.hcaptcha.com/captcha/v1/e7de24e/static/ Frame D02A |
2 KB 762 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/9vls5/0x4AAAAAAAH51LUjEKUHjvhz/auto/ Frame 38EB |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hcaptcha.js
newassets.hcaptcha.com/captcha/v1/e7de24e/ Frame A1E8 |
313 KB 89 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hcaptcha.js
newassets.hcaptcha.com/captcha/v1/e7de24e/ Frame D02A |
313 KB 89 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame D02A |
798 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
checksiteconfig
api2.hcaptcha.com/ Frame D02A |
682 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 function| verifyCallback_CF function| verifyCallback_hCaptcha function| validateElement function| refreshCallBack function| switchToSecondCaptcha function| onloadTurnstileCallback function| incrementLoader object| Raven object| hcaptcha object| grecaptcha object| turnstile number| ticker2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.adanih.com/ | Name: JerQ Value: 5f1f547c2c66ee5601df52970c2b419c17d2e6b8a1f9d30eb6fb85a6c2b7d2bd |
|
api2.hcaptcha.com/ | Name: __cflb Value: 02DiuHLwzyAZNoSCVjn6MALgguX5ocQp6hVjUyPoF5wji |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api2.hcaptcha.com
challenges.cloudflare.com
findicons.com
images.freeimages.com
js.hcaptcha.com
newassets.hcaptcha.com
pre.adanih.com
104.16.169.131
108.139.47.120
13.225.223.52
2606:4700:3031::6815:5193
2606:4700::6811:2b8
2267d1822dbefc10c25e17d1fa4a6d9331e5a126e2483c5aff542d6107ebca36
4dd1488cb95c47acc06568f4b0025ebe90af1f3f72ca71ce55dbf593d9ed35ce
57cafa49fb677c3f09d6e90b051917d10e7bb54e83102a25f3d32b06e8fa59a7
8bbcb5b575be48954b223ba0a63a9846199ebb27232e5981ec9d8101e31010e1
b00dab5d32c9cc96359c7fe7a1462ffe183843ddd350a30cd7c67ad70d33f323
b542343fcaafeb357e440d6164797b4a313f1003c0bdc2b0db3f12c4b1e41284
e0f33190c14b543e76e11ab58c238e5d56508c3d0933c1cd7c64e478fedee376