bundle-valorant.fun Open in urlscan Pro
2606:4700:3035::6815:3516 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://bundle-valorant.fun/
Submission Tags: https://sinking.yachts sinking-yachts phishing Search All
Submission: On October 29 via api (October 29th 2023, 1:04:43 pm UTC) from US — Scanned from DE

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 4 countries across 7 domains to perform 18 HTTP transactions. The main IP is 2606:4700:3035::6815:3516, located in United States and belongs to CLOUDFLARENET, US. The main domain is bundle-valorant.fun.
TLS certificate: Issued by E1 on October 28th 2023. Valid for: 3 months.

This is the only time bundle-valorant.fun was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

	IP Address	AS Autonomous System
1 7	2606:4700:303... 2606:4700:3035::6815:3516	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	185.149.120.5 185.149.120.5	57724 (DDOS-GUARD) (DDOS-GUARD)
2	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
2	162.19.58.158 162.19.58.158	16276 (OVH) (OVH)
1	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
1	2a02:6ea0:c70... 2a02:6ea0:c700::17	60068 (CDN77 ^_^) (CDN77 ^_^)
4	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
18	7

7 2606:4700:3035::6815:3516 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

bundle-valorant.fun	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.149.120.5 (Russian Federation)

ASN57724 (DDOS-GUARD, RU)
PTR: ddos-guard.net

valorant11.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.19.58.158 (France)

ASN16276 (OVH, FR)
PTR: ns3096590.ip-162-19-58.eu

i.ibb.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.137 (United States)

ASN54113 (FASTLY, US)

images.contentstack.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:c700::17 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

assets.nicepagecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	bundle-valorant.fun 1 redirects bundle-valorant.fun	165 KB
4	gstatic.com fonts.gstatic.com	103 KB
2	ibb.co i.ibb.co — Cisco Umbrella Rank: 11551	172 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	3 KB
2	valorant11.com valorant11.com
1	nicepagecdn.com assets.nicepagecdn.com	85 KB
1	contentstack.io images.contentstack.io — Cisco Umbrella Rank: 10722	2 KB
18	7

	Domain	Requested by
7	bundle-valorant.fun	1 redirects bundle-valorant.fun
4	fonts.gstatic.com	fonts.googleapis.com
2	i.ibb.co	bundle-valorant.fun
2	fonts.googleapis.com	bundle-valorant.fun
2	valorant11.com	bundle-valorant.fun
1	assets.nicepagecdn.com	bundle-valorant.fun
1	images.contentstack.io	bundle-valorant.fun
18	7

This site contains no links.

Subject Issuer	Validity	Valid
bundle-valorant.fun E1	`2023-10-28` - `2024-01-26`	3 months	crt.sh
valorant11.com R3	`2023-10-19` - `2024-01-17`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-09` - `2024-01-01`	3 months	crt.sh
ibb.co R3	`2023-10-09` - `2024-01-07`	3 months	crt.sh
*.contentstack.io Gandi Standard SSL CA 2	`2023-04-05` - `2024-05-05`	a year	crt.sh
1071178158.rsc.cdn77.org R3	`2023-08-23` - `2023-11-21`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-09` - `2024-01-01`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://bundle-valorant.fun/
Frame ID: 4524CAA5768FE0C40CEEE887CC9B8474
Requests: 16 HTTP requests in this frame

Frame: https://bundle-valorant.fun/cdn-cgi/challenge-platform/h/g/scripts/jsd/c359bc3d/main.js
Frame ID: 30AC2F7056C55EFEA5CBB2C2402B6CAD
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Free Collections | Valorant

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

94 %
HTTPS

57 %
IPv6

7
Domains

7
Subdomains

7
IPs

4
Countries

530 kB
Transfer

2121 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15

https://bundle-valorant.fun/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://bundle-valorant.fun/cdn-cgi/challenge-platform/h/g/scripts/jsd/c359bc3d/main.js

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
bundle-valorant.fun/ 2 MB
121 KB 357ms
59ms Document
text/html 2606:4700:3035::6815:3516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bundle-valorant.fun/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:3516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 92acba6d226a65b69fc9565539173733b8dd1b7e5970659f71171ef84f4f7b71

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 81dba019dd6a91e3-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Sun, 29 Oct 2023 13:04:37 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B7eVMUd1jPSK40XkvhsVXfjVS1Ro5FYxbhtPVYJ1HJvP6mLdMxFR%2FlvxIRpUleOpSFUF5GWyVPI%2Fdvh0Ksp0%2BOALJeMAhyOXAGuPVXWyvXYSOv02wXeeGVnaBlKYFcRzCuPe6QNCSG4HD%2FwuscflSkjW"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 404 jquery-1.9.1.min.js
valorant11.com/assets/ 0
0 876ms
144ms Script
text/html 185.149.120.5
DDOS-GUARD

General

Check archive.org

Show headers Download Go to

Full URL: https://valorant11.com/assets/jquery-1.9.1.min.js
Requested by: Host: bundle-valorant.fun
URL: https://bundle-valorant.fun/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.149.120.5 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS: ddos-guard.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bundle-valorant.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

GET
H2 404 main.js
valorant11.com/assets/ 0
0 805ms
73ms Script
text/html 185.149.120.5
DDOS-GUARD

General

Check archive.org

Show headers Download Go to

Full URL: https://valorant11.com/assets/main.js
Requested by: Host: bundle-valorant.fun
URL: https://bundle-valorant.fun/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.149.120.5 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS: ddos-guard.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bundle-valorant.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

GET
H2 200 css
fonts.googleapis.com/ 57 KB
2 KB 287ms
22ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i|Open+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i

Requested by

Host: bundle-valorant.fun
URL: https://bundle-valorant.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

06d0284d9583f027fd84d0542370fde07e9659dfcdf11ce43c760893e76b433a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bundle-valorant.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 29 Oct 2023 13:04:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 29 Oct 2023 12:16:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 29 Oct 2023 13:04:37 GMT

GET
H2 200 css
fonts.googleapis.com/ 18 KB
1 KB 286ms
22ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald:200,300,400,500,600,700|Titillium+Web:200,200i,300,300i,400,400i,600,600i,700,700i,900

Requested by

Host: bundle-valorant.fun
URL: https://bundle-valorant.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

41b6ee793c5f06eab675c4d333950af9b10a73a8fa507dd702bd94c15dd85f4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bundle-valorant.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 29 Oct 2023 13:04:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 29 Oct 2023 13:00:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 29 Oct 2023 13:04:37 GMT

GET
H2 200 6425b9dc64f3de6495ae681f-6236664cd4deb99ea41ce0e2-Riot-20-Games.png
i.ibb.co/BqCPPQf/ 28 KB
29 KB 371ms
60ms Image
image/png 162.19.58.158
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.ibb.co/BqCPPQf/6425b9dc64f3de6495ae681f-6236664cd4deb99ea41ce0e2-Riot-20-Games.png
Requested by: Host: bundle-valorant.fun
URL: https://bundle-valorant.fun/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.19.58.158 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3096590.ip-162-19-58.eu
Software: nginx /
Resource Hash: 568999f1fecb36a9de1a7e9b7fccd8611727d6b1515683dc4755908c39d26ddc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bundle-valorant.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Sun, 29 Oct 2023 13:04:37 GMT
last-modified: Wed, 06 Sep 2023 12:47:56 GMT
server: nginx
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 29085
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 6ac0ff5feb2e723eaa18dace82b96ab9aca5ed93038ad2d739f3d58132cc3bed.png
i.ibb.co/6nfjBjb/ 143 KB
143 KB 371ms
59ms Image
image/png 162.19.58.158
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.ibb.co/6nfjBjb/6ac0ff5feb2e723eaa18dace82b96ab9aca5ed93038ad2d739f3d58132cc3bed.png
Requested by: Host: bundle-valorant.fun
URL: https://bundle-valorant.fun/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.19.58.158 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3096590.ip-162-19-58.eu
Software: nginx /
Resource Hash: 6ac0ff5feb2e723eaa18dace82b96ab9aca5ed93038ad2d739f3d58132cc3bed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bundle-valorant.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Sun, 29 Oct 2023 13:04:37 GMT
last-modified: Wed, 06 Sep 2023 12:46:36 GMT
server: nginx
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 146081
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 vp.png
bundle-valorant.fun/static/images/main/ 17 KB
17 KB 72ms
72ms Image
image/png 2606:4700:3035::6815:3516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bundle-valorant.fun/static/images/main/vp.png
Requested by: Host: bundle-valorant.fun
URL: https://bundle-valorant.fun/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:3516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 917e81eed7aaf318dba86c2f8b66aea7344b65912a5732b6966cee48c5946d6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bundle-valorant.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Sun, 29 Oct 2023 13:04:37 GMT
cf-cache-status: MISS
last-modified: Thu, 19 Oct 2023 23:57:59 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: dcff828f18055497b2b9ababbcf1db0c
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ny68uU78XYBRqJG3T%2BLkpTfXXrDvCj3ibRn7erWBubUUrbGYyKADdiAMvHZCuiVArOaCvO7WEyvUCm%2FS5fUNdazCNyPxU5CvoZiMV%2BNM48Uz4WfIqtzobv8YIVRRWKQzML8k%2FH8%2Bu1XqJhy2u7fnqw%2FF"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 81dba01b1ec091e3-FRA
alt-svc: h3=":443"; ma=86400
content-length: 17433

GET
H2 200 vct.webp
bundle-valorant.fun/static/images/main/ 10 KB
10 KB 67ms
66ms Image
image/webp 2606:4700:3035::6815:3516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bundle-valorant.fun/static/images/main/vct.webp
Requested by: Host: bundle-valorant.fun
URL: https://bundle-valorant.fun/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:3516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: edddf54905ab1c7fec8173905c883dbe59485bd093a6dde7f3ee53d68eca533d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bundle-valorant.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Sun, 29 Oct 2023 13:04:37 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 19 Oct 2023 23:57:59 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4G5Mt8HX4WAEdRdkkwvnkE5BLQrSQvhERMNOhVuEXS1kGlhrmu7s%2F4vy5rsQoji18Gi5tFnkC%2F6sa2tbHs5XR5Z0yUyGOgTqKO9HcUOSdZT7p4pzhqi%2FpVa5DXJ2c3%2FE9irZbc6cIYiIfkbIG1TMCGT5"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
cache-control: max-age=14400
cf-ray: 81dba01b1ec291e3-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 arcane.webp
bundle-valorant.fun/static/images/main/ 11 KB
12 KB 59ms
59ms Image
image/webp 2606:4700:3035::6815:3516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bundle-valorant.fun/static/images/main/arcane.webp
Requested by: Host: bundle-valorant.fun
URL: https://bundle-valorant.fun/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:3516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8d67fb30abdb1dfcf37100191f1096cad3bb026b56215629ca797f2b010ad03

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bundle-valorant.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Sun, 29 Oct 2023 13:04:37 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 19 Oct 2023 23:58:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=08eONPKuV5Nm4ZDgan%2Fnu4jdHwD41i4KyVJS%2BZYrzulO3RIRdayNbT%2Bcy3xsAyRpCwK%2FDQ4L2AzFjzMmwGo6yNOvgW2MqrGXxq2GsgodLlGFviFFVJdA6WBlapl1bBZuSYo8TrpL5vBXC2L4rf7hIJU9"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
cache-control: max-age=14400
cf-ray: 81dba01b1ec491e3-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 val-logo-small.png
images.contentstack.io/v3/assets/blt0eb2a2986b796d29/blt50870b13992cdf47/63b0d7d089f85210f400107e/ 2 KB
2 KB 333ms
276ms Image
image/png 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt0eb2a2986b796d29/blt50870b13992cdf47/63b0d7d089f85210f400107e/val-logo-small.png?&height=75&disable=upscale
Requested by: Host: bundle-valorant.fun
URL: https://bundle-valorant.fun/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: fbe858ec920dc18fc20c2bdf4452d588b992bf9d53e4bf1b5dd17f23fb50b7b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bundle-valorant.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Sun, 29 Oct 2023 13:04:37 GMT
via: 1.1 varnish, 1.1 varnish
age: 3875713
x-cache: HIT, HIT
fastly-io-info: ifsz=2592 idim=98x55 ifmt=png ofsz=1906 odim=98x55 ofmt=png
content-disposition: inline; filename=val-logo-small.png
fastly-stats: io=1
content-length: 1906
x-request-id: dbe6d1d15591dfe1786eb6f3b6f6cbac
x-served-by: cache-sjc1000125-SJC, cache-fra-eddf8230132-FRA
x-runtime: 63ms
server: contentstack
x-timer: S1698584678.671930,VS0,VE1
x-contentstack-organization: blt86ac51dd68a0a1f6
etag: "UpAZTmPE2lNZfpOCVTBFAIfxjw2EHzZuEVA9QFIPfVY"
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 97, 30

GET
H2 200 back.png
assets.nicepagecdn.com/8d24208d/5484341/images/ 85 KB
85 KB 72ms
24ms Image
image/png 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.nicepagecdn.com/8d24208d/5484341/images/back.png
Requested by: Host: bundle-valorant.fun
URL: https://bundle-valorant.fun/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 52337c0ca5ceb6c828ef8622b99386a35c5ce2403cba12d1a8d33201d8d59d8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bundle-valorant.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sun, 29 Oct 2023 13:04:37 GMT
x-amz-version-id: dKRJ61X83yWRwVRILQX.try75l6uQCCN
x-age-lb: 141971
x-cache-op: REVALIDATED
x-amz-request-id: 3Q4YMXF9QVBTAVVB
x-77-cache: HIT
x-accel-date: 1698442706
content-length: 86582
x-amz-id-2: 8rFXP5OpMxPIi7NfOcfouafl6rUH4CZXPmR/kbAVTmlCaFHRx3AEEix3c6GFHzYmnwZX8KWQfr8=
x-77-nzt: ApySIYg3Nzf/kyoCANRmOAk3Nzf/YaUAAA
x-accel-expires: @1699437169
x-77-age: 184308
x-cache-lb: HIT
last-modified: Fri, 28 Jul 2023 10:39:38 GMT
server: CDN77-Turbo
etag: "3417ea80d58d971afc7a548dc0c5b273"
x-77-nzt-ray: f6587a1d059d09d165583e653ccded38
content-type: image/png
accept-ranges: bytes

GET
H2 200 NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2
fonts.gstatic.com/s/titilliumweb/v17/ 12 KB
12 KB 133ms
41ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v17/NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oswald:200,300,400,500,600,700|Titillium+Web:200,200i,300,300i,400,400i,600,600i,700,700i,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d5c1172f24f4f49f780c65cf5be897527fd08f3662a2ba8db0cfe0057d92e367

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://bundle-valorant.fun
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 17:52:57 GMT
x-content-type-options: nosniff
age: 155501
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11796
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 20:48:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 26 Oct 2024 17:52:57 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 101ms
9ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i|Open+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://bundle-valorant.fun
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 18:18:43 GMT
x-content-type-options: nosniff
age: 499555
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Oct 2024 18:18:43 GMT

GET
H2 200 TK3iWkUHHAIjg752GT8G.woff2
fonts.gstatic.com/s/oswald/v53/ 28 KB
28 KB 139ms
48ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oswald:200,300,400,500,600,700|Titillium+Web:200,200i,300,300i,400,400i,600,600i,700,700i,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

241ced7f220982f5679a64cc6db34ed42cd21274508cc5814616d9efe374afde

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://bundle-valorant.fun
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 19:42:02 GMT
x-content-type-options: nosniff
age: 494556
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28512
x-xss-protection: 0
last-modified: Tue, 15 Aug 2023 18:44:12 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Oct 2024 19:42:02 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v36/ 47 KB
47 KB 110ms
19ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://bundle-valorant.fun
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 18:16:19 GMT
x-content-type-options: nosniff
age: 240499
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48432
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 25 Oct 2024 18:16:19 GMT

GET
H3

200

main.js Show response
bundle-valorant.fun/cdn-cgi/challenge-platform/h/g/scripts/jsd/c359bc3d/ Frame 30AC
Redirect Chain

https://bundle-valorant.fun/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://bundle-valorant.fun/cdn-cgi/challenge-platform/h/g/scripts/jsd/c359bc3d/main.js

7 KB
4 KB

18ms
17ms

Script
application/javascript

2606:4700:3035::6815:3516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bundle-valorant.fun/cdn-cgi/challenge-platform/h/g/scripts/jsd/c359bc3d/main.js

Protocol

Server

2606:4700:3035::6815:3516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a60451f90892a24f5ecf496da88d731a4c492353bbef2c4acd19a96d09707ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Sun, 29 Oct 2023 13:04:38 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uE3iG4inwVFBdTeQWnyfqp1wun%2Bvh66fIHvRaYXgJ5wGJJUaVuFqAOED%2Fqff4SGXGHbQdFqrYJkKx6yl1AfbFYtRan3IckGoLbMsA1sCIqJheShyWC6pi3chUS35AJi4svrZNCWDNW02NrDjorILeQqy"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 81dba020bee9922f-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Sun, 29 Oct 2023 13:04:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nvo01AEEM1MgRrLoQjjllc3gG5L6ddMLXWVIMR%2FELXNGNW4cMqSkhGn6%2FlOiWFZYWG%2FYTDrgo7kKO3v%2B6P0sy%2FL0QaR1UWwsOTTSn4RSF7SN%2FI9ObjR3hCvVUgU5BpdapYYKMFyU37ZAFvLsbosLB6U0"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/c359bc3d/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
cf-ray: 81dba0209ec4922f-FRA
alt-svc: h3=":443"; ma=86400

POST
H3 200 81dba019dd6a91e3 Show response
bundle-valorant.fun/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 30AC 0
565 B 44ms
44ms XHR
text/plain 2606:4700:3035::6815:3516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bundle-valorant.fun/cdn-cgi/challenge-platform/h/g/jsd/r/81dba019dd6a91e3
Requested by: Host: bundle-valorant.fun
URL: https://bundle-valorant.fun/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:3516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 29 Oct 2023 13:04:38 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jVuztV0097D4ZUrn2ZCjGN%2B4YPgzC6SF0YxN%2BcoBK3u422dhzVOuiVzBdBYVb5UQHDmpmn8zf6f%2B9lLvTpL1GbgfcR6pcGL3HdXhOA7sb7WjmqBofTPU%2BSl3P0HgHY83ONosXFphb5GAPDbIXbcDUGgB"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 81dba0218f7d922f-FRA
alt-svc: h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Malicious task.url
Submitted on October 29th 2023, 1:04:49 pm UTC — From United States

Threats: Phishing Scam
Comment: This domain is present in the Sinking Yachts anti-phishing list. More Info: https://sinking.yachts

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture function| select1 function| select2

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.bundle-valorant.fun/	1970-01-21 00:35:20	Name: cf_clearance Value: 7Cdit5vw7.NCjOVTDgmkE00uCyVYhJqHSSRhifnXh1M-1698584678-0-1-894691d1.ea536bd8.3ac782c7-0.2.1698584678

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://valorant11.com/assets/main.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://valorant11.com/assets/jquery-1.9.1.min.js Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.nicepagecdn.com
bundle-valorant.fun
fonts.googleapis.com
fonts.gstatic.com
i.ibb.co
images.contentstack.io
valorant11.com
151.101.130.137
162.19.58.158
185.149.120.5
2606:4700:3035::6815:3516
2a00:1450:4001:828::200a
2a00:1450:4001:831::2003
2a02:6ea0:c700::17
06d0284d9583f027fd84d0542370fde07e9659dfcdf11ce43c760893e76b433a
241ced7f220982f5679a64cc6db34ed42cd21274508cc5814616d9efe374afde
41b6ee793c5f06eab675c4d333950af9b10a73a8fa507dd702bd94c15dd85f4d
52337c0ca5ceb6c828ef8622b99386a35c5ce2403cba12d1a8d33201d8d59d8a
568999f1fecb36a9de1a7e9b7fccd8611727d6b1515683dc4755908c39d26ddc
6a60451f90892a24f5ecf496da88d731a4c492353bbef2c4acd19a96d09707ef
6ac0ff5feb2e723eaa18dace82b96ab9aca5ed93038ad2d739f3d58132cc3bed
917e81eed7aaf318dba86c2f8b66aea7344b65912a5732b6966cee48c5946d6a
92acba6d226a65b69fc9565539173733b8dd1b7e5970659f71171ef84f4f7b71
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
b8d67fb30abdb1dfcf37100191f1096cad3bb026b56215629ca797f2b010ad03
d5c1172f24f4f49f780c65cf5be897527fd08f3662a2ba8db0cfe0057d92e367
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
edddf54905ab1c7fec8173905c883dbe59485bd093a6dde7f3ee53d68eca533d
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
fbe858ec920dc18fc20c2bdf4452d588b992bf9d53e4bf1b5dd17f23fb50b7b2

bundle-valorant.fun Open in urlscan Pro 2606:4700:3035::6815:3516 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

18 Requests

94 %HTTPS

57 %IPv6

7 Domains

7 Subdomains

7 IPs

4 Countries

530 kBTransfer

2121 kBSize

1 Cookies

0 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Malicious task.url Submitted on October 29th 2023, 1:04:49 pm UTC — From United States

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

4 JavaScript Global Variables

1 Cookies

2 Console Messages

Indicators

bundle-valorant.fun Open in urlscan Pro
2606:4700:3035::6815:3516 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

94 %
HTTPS

57 %
IPv6

7
Domains

7
Subdomains

7
IPs

4
Countries

530 kB
Transfer

2121 kB
Size

1
Cookies

18 HTTP transactions
0 data transactions

Malicious task.url
Submitted on October 29th 2023, 1:04:49 pm UTC — From United States

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!