lixinammoi.click Open in urlscan Pro
2606:4700:3037::6815:1b4a  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request help-1918022278 Show response lixinammoi.click/	137 KB 50 KB	678ms 608ms	Document text/html	2606:4700:3037::6815:1b4a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://lixinammoi.click/help-1918022278 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::6815:1b4a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.33 Resource Hash b57afbc00b8e9f87be7b69030f04e0fe504670bd8a110948f1faf36a8f4ac0cc Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 868227e32d270996-MIA content-encoding br content-type text/html; charset=UTF-8 date Fri, 22 Mar 2024 00:44:54 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lTOTynj0brxs47YrOAZEtaXazV9p1lkPaa%2BIWidyxYIER%2F2Q6%2FIy63krDxJ%2FswrbtwYoPdRpwkzexoDKxHk%2B9%2B%2Fov4rKKB41mN5BgIxMsSEW5zyz%2B8nlHNvZDu4vSJEGJqrsReF6BwrpV2Mlq6Nh"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-powered-by PHP/7.4.33 x-turbo-charged-by LiteSpeed
GET H2	200	style.css lixinammoi.click/	146 KB 25 KB	48ms 47ms	Stylesheet text/css	2606:4700:3037::6815:1b4a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://lixinammoi.click/style.css Requested by Host: lixinammoi.click URL: https://lixinammoi.click/help-1918022278 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::6815:1b4a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cc8b1a0c0827d63eec2c7b9a30d4794ea64fe479cab57c61e86a9d6ad339e4d5 Request headers accept-language en-US,en;q=0.9 Referer https://lixinammoi.click/help-1918022278 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 22 Mar 2024 00:44:54 GMT content-encoding br cf-cache-status HIT last-modified Fri, 20 Oct 2023 09:44:08 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 128957 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rleiqA0yMnYo2aeY3yQcCUWjh4LSGIF9qxk6B3flNhJnGUYVIeph6rR3fMMedwHI1JuuSQbBqdfHU0q4XBt4Un4z7OguQgLWo6gDDiiK4mnJJnfifSviEAO8fy%2FNi73Uurq898J%2B3pMupo0PYT%2Bt"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 868227e70b7a0996-MIA alt-svc h3=":443"; ma=86400 expires Wed, 27 Mar 2024 12:55:37 GMT
GET H2	404	Segoe.73e9cd89613cc1d9a962.ttf lixinammoi.click/	0 0	306ms 306ms	Font text/html	2606:4700:3037::6815:1b4a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://lixinammoi.click/Segoe.73e9cd89613cc1d9a962.ttf Requested by Host: lixinammoi.click URL: https://lixinammoi.click/style.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::6815:1b4a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://lixinammoi.click/style.css Origin https://lixinammoi.click accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers pragma no-cache date Fri, 22 Mar 2024 00:44:54 GMT content-encoding br cf-cache-status BYPASS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iksRINIqf%2FVm7haVdXmmwWecnhWKGeX33z6KSSt6BmYeetvrXfmSRlRd6NNGd3zpl5wX78ga6gyBqUtiI0YxznM3sUmoq1PkABRIupf786xcJkXMOKi9W4UQWJXAKHDs50ISFnCck4ZW7O1lp%2FDP"}],"group":"cf-nel","max_age":604800} content-type text/html cache-control private, no-cache, no-store, must-revalidate, max-age=0 x-turbo-charged-by LiteSpeed cf-ray 868227e78c2f0996-MIA alt-svc h3=":443"; ma=86400
GET DATA	200 OK	truncated /	24 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash c220e023d96c314f9aaea30f093ce0c1fd03b58a81331fa451ffb6f1355c397a Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	20 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 5b1f89c63b9a87f0a0b2737a0789cf18c8b3786302e2c7dd56fa1d2ebc7bfde2 Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Content-Type image/png
GET H2	200	api.js Show response www.google.com/recaptcha/	1 KB 1 KB	234ms 92ms	Script text/javascript	2607:f8b0:4006:80c::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js?render=explicit Requested by Host: lixinammoi.click URL: https://lixinammoi.click/help-1918022278 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:80c::2004 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 477ec11c44ea9f4ccd5d099a8c226dfc600eeedcbff89402cb4067239ff6cb9a Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-US,en;q=0.9 Referer https://lixinammoi.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 22 Mar 2024 00:44:55 GMT content-encoding gzip x-content-type-options nosniff content-security-policy frame-ancestors 'self' server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=utf-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 1; mode=block expires Fri, 22 Mar 2024 00:44:55 GMT
GET H2	200	/ Show response api.ipify.org/	22 B 155 B	200ms 105ms	Fetch application/json	172.67.74.152 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.ipify.org/?format=json Requested by Host: lixinammoi.click URL: https://lixinammoi.click/help-1918022278 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.74.152 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c3f0c5bd17ead8dcb853264a2c853c2b6612212c0c17d0742d458412886257f6 Request headers accept-language en-US,en;q=0.9 Referer https://lixinammoi.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Fri, 22 Mar 2024 00:44:55 GMT cf-cache-status DYNAMIC server cloudflare vary Origin content-type application/json access-control-allow-origin * cf-ray 868227ec0d92dadd-MIA content-length 22
GET H2	200	recaptcha__en.js Show response www.gstatic.com/recaptcha/releases/YurWEBlMIwR4EqFPncmQTkxQ/	492 KB 197 KB	245ms 64ms	Script text/javascript	2607:f8b0:4006:81e::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/YurWEBlMIwR4EqFPncmQTkxQ/recaptcha__en.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api.js?render=explicit Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:81e::2003 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 926d6123e0e95e1576a0ed9668e524d25a69b41a29c11228d2d7149656b34f7c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://lixinammoi.click/ Origin https://lixinammoi.click accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Thu, 21 Mar 2024 09:16:10 GMT content-encoding gzip x-content-type-options nosniff age 55725 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 200837 x-xss-protection 0 last-modified Fri, 15 Mar 2024 21:41:54 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Fri, 21 Mar 2025 09:16:10 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| isFirstLoginInput boolean| requestRatioSelected function| uploadFile function| inputChanger function| nextButton function| moveTab function| modalSetting function| saveInfo object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| recaptcha

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://lixinammoi.click/Segoe.73e9cd89613cc1d9a962.ttf Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.ipify.org
lixinammoi.click
www.google.com
www.gstatic.com
172.67.74.152
2606:4700:3037::6815:1b4a
2607:f8b0:4006:80c::2004
2607:f8b0:4006:81e::2003
477ec11c44ea9f4ccd5d099a8c226dfc600eeedcbff89402cb4067239ff6cb9a
5b1f89c63b9a87f0a0b2737a0789cf18c8b3786302e2c7dd56fa1d2ebc7bfde2
926d6123e0e95e1576a0ed9668e524d25a69b41a29c11228d2d7149656b34f7c
b57afbc00b8e9f87be7b69030f04e0fe504670bd8a110948f1faf36a8f4ac0cc
c220e023d96c314f9aaea30f093ce0c1fd03b58a81331fa451ffb6f1355c397a
c3f0c5bd17ead8dcb853264a2c853c2b6612212c0c17d0742d458412886257f6
cc8b1a0c0827d63eec2c7b9a30d4794ea64fe479cab57c61e86a9d6ad339e4d5