dgjjfyje.com Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://qi.lv/wiu
Effective URL:
https://dgjjfyje.com/CRA/dwn/index.php
Submission: On February 05 via api (February 5th 2023, 6:38:43 pm UTC) from LU — Scanned from NL

Summary HTTP 22 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 22 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is dgjjfyje.com.
TLS certificate: Issued by GTS CA 1P5 on January 30th 2023. Valid for: 3 months.

This is the only time dgjjfyje.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Canadian Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2a06:98c1:312... 2a06:98c1:3121::c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2a06:98c1:312... 2a06:98c1:3120::c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
22	4

1 2a06:98c1:3121::c (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

qi.lv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::c (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

qi.lv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

dgjjfyje.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	dgjjfyje.com dgjjfyje.com	146 KB
5	gstatic.com fonts.gstatic.com	82 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 34	2 KB
2	qi.lv 2 redirects qi.lv	1 KB
22	4

	Domain	Requested by
15	dgjjfyje.com	dgjjfyje.com
5	fonts.gstatic.com	fonts.googleapis.com
2	fonts.googleapis.com	dgjjfyje.com
2	qi.lv	2 redirects
22	4

This site contains no links.

Subject Issuer	Validity	Valid
*.dgjjfyje.com GTS CA 1P5	`2023-01-30` - `2023-04-30`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://dgjjfyje.com/CRA/dwn/index.php
Frame ID: EC23307E760C674A879D18911D8FE0B8
Requests: 18 HTTP requests in this frame

Frame: https://dgjjfyje.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1675612800
Frame ID: F352C36462D45CADE16C2EDFD6605170
Requests: 3 HTTP requests in this frame

Frame: https://dgjjfyje.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1675612800
Frame ID: 158048EA22885C70B37031A5127D9C85
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Canada Revenue Agency - CRA Sign in

Page URL History Show full URLs

http://qi.lv/wiu HTTP 301
https://qi.lv/wiu HTTP 302
https://dgjjfyje.com/CRA/dwn/index.php Page URL
https://dgjjfyje.com/CRA/dwn/index.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

22
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

231 kB
Transfer

601 kB
Size

12
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://qi.lv/wiu HTTP 301
https://qi.lv/wiu HTTP 302
https://dgjjfyje.com/CRA/dwn/index.php Page URL
https://dgjjfyje.com/CRA/dwn/index.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://qi.lv/wiu HTTP 301
https://qi.lv/wiu HTTP 302
https://dgjjfyje.com/CRA/dwn/index.php

22 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

503

index.php Show response
dgjjfyje.com/CRA/dwn/
Redirect Chain

http://qi.lv/wiu
https://qi.lv/wiu
https://dgjjfyje.com/CRA/dwn/index.php

14 KB
15 KB

186ms
85ms

Document
text/html

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dgjjfyje.com/CRA/dwn/index.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d58d1baf17341f342ae71bcd82e58114818aa1257d375f3403b4ed5123952a30

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.38 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 794dc3a3debe0ba6-AMS
content-type: text/html; charset=utf-8
date: Sun, 05 Feb 2023 18:38:38 GMT
expires: 0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pQT%2B6YM2w%2FOOr84JJ%2BXMvB3CrF43UFR0vShNCXIFuaL6hhWpoRhmbft1b3L5ghiqGFlWaE45HkqlZKr%2BN1gf1GgADUMrlnBpgiUFgOcQQV7hiBVId30XlljXuF43v4qjheS%2FM2t0O4ETnNM%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-content-type-options: nosniff nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 794dc3a2ac53b97a-AMS
content-type: text/html; charset=UTF-8
date: Sun, 05 Feb 2023 18:38:38 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://dgjjfyje.com/CRA/dwn/index.php
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r2aLjLaNrlFBNQCpCyLnre7N5VrnR9MYUj0V%2FaUnQG8TZH0pwH2o5NZKkpPXPX1i43tqzXjpjsHTOhqXRw74SQj%2BJtiIfb3pkB7cfVRaO3JdGlhEZUWQ%2FEvCkSrtqE3rw1TAWg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000

POST
H2 204 index.php
dgjjfyje.com/CRA/dwn/ 0
695 B 61ms
60ms XHR
text/plain 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dgjjfyje.com/CRA/dwn/index.php

Requested by

Host: dgjjfyje.com
URL: https://dgjjfyje.com/CRA/dwn/index.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

64xXIjQNcl1LTwkqKuErTRPkeI: FV1BhRuS57wS5cGsfo8gVDytPo
X-Requested-TimeStamp-Expire
accept-language: nl-NL,nl;q=0.9
X-Requested-TimeStamp-Combination
X-Requested-Type-Combination: GET
Content-type: application/x-www-form-urlencoded
RuH-eHrmdlK622D298qVOLl1E: 24252227
X-Requested-Type: GET
Referer: https://dgjjfyje.com/CRA/dwn/index.php
X-Requested-with: XMLHttpRequest
X-Requested-TimeStamp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.38 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 05 Feb 2023 18:38:38 GMT
x-content-type-options: nosniff, nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F1Rac17%2FcX4niHYhnDqlz567NIEpAFRn49s6erai3opIznq3wohbhQ1nUOvF3IyuLZe66zOXg8HRGzxR%2FZdJnG8mKPyLb5P5M5vdJHOMLz0D8%2F2477zYWHwAPGtyejzCzTBRqLDeeCN2IDs%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 794dc3a498060ba6-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block
expires: 0

GET
H2 200 invisible.js Show response
dgjjfyje.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame F352 34 KB
14 KB 37ms
37ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dgjjfyje.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1675612800
Requested by: Host: dgjjfyje.com
URL: https://dgjjfyje.com/CRA/dwn/index.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a25420ae64b9b3d98d5af7711a4b61154e066aa8700ea9480cd2e9d843f916da

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.38 Safari/537.36

Response headers

date: Sun, 05 Feb 2023 18:38:38 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G%2F1Rttb2jS%2FgMRouIk5vBSh0wwpfZe9ZMCwO2eROGEiR52JL%2BAknPHxi9eYCEnVENoI4WFFTpSKcMAejFE1UcazOjFyNDZSnZABWT4LEg2zX0%2BGqqNjaFM37GffxH98Twy0ZwuRA%2F10cO1Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 794dc3a498080ba6-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 pica.js
dgjjfyje.com/cdn-cgi/challenge-platform/h/b/scripts/ Frame F352 19 KB
8 KB 31ms
31ms Other
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dgjjfyje.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.38 Safari/537.36

Response headers

date: Sun, 05 Feb 2023 18:38:38 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6hcCU%2BYC9My7GzA%2Fw58NU7V9WfoqQ5GXyvf5LNt%2BdRiqpuwG5xXvtiM3RzUlunJLQ4TXMSnnpm2j%2BdBX0daxbXdtW3rVuSwVVxFmKbLrruhnwRvaEYooobJ4XuJTmvKOpOsWO7jYy5pkiwY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 794dc3a4f9030b4b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 Primary Request index.php Show response
dgjjfyje.com/CRA/dwn/ 13 KB
5 KB 2524ms
2523ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dgjjfyje.com/CRA/dwn/index.php

Requested by

Host: dgjjfyje.com
URL: https://dgjjfyje.com/CRA/dwn/index.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7593e6968016a7ce167488dbfc91c56efffa381cb71f6c3f561784d434fd1d24

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Referer: https://dgjjfyje.com/CRA/dwn/index.php
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.38 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 794dc3a4f9040b4b-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sun, 05 Feb 2023 18:38:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vn33rHts8lB1TGJ3aghepXeMl91BeW2LnUmcUOAjQhD6Z%2FXl696wKzgggRl7gbhQxgFiU8FIJ5M7%2B44MVvEFhd1vT8cYm2eKNVneTDiKM6lFWqSQqLZe72F9BLp6CY3Sx0OwbVlec%2FRPyic%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff nosniff
x-xss-protection: 1; mode=block 1; mode=block

POST
H3 200 794dc3a3debe0ba6
dgjjfyje.com/cdn-cgi/challenge-platform/h/b/cv/result/ Frame F352 2 B
671 B 50ms
49ms XHR
text/plain 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dgjjfyje.com/cdn-cgi/challenge-platform/h/b/cv/result/794dc3a3debe0ba6
Requested by: Host: dgjjfyje.com
URL: https://dgjjfyje.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1675612800
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.38 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 05 Feb 2023 18:38:39 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1LQFXt6ZHGx1NgYeBs4kQkmhJRTnrxpiCNw00zUAOmIgzH31O0tbNf%2FpghjZsbEAQSsclG5gUK7%2Ba2dB22vtwADQnfrdYyNSROlaLYWImCxfbHcQVUHN0FgYSrS8Hl%2BN9XF4GtEsJugBHwg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 794dc3a70a360b4b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 cms2.css
dgjjfyje.com/CRA/dwn/dxcss/ 2 KB
1 KB 90ms
89ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dgjjfyje.com/CRA/dwn/dxcss/cms2.css

Requested by

Host: dgjjfyje.com
URL: https://dgjjfyje.com/CRA/dwn/index.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

922b29982c604cb77c82a27900857b7e9be69252ef3d1686c87dc3893abcaaba

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://dgjjfyje.com/CRA/dwn/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.38 Safari/537.36

Response headers

date: Sun, 05 Feb 2023 18:38:41 GMT
content-encoding: br
x-content-type-options: nosniff, nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block
pragma: public
last-modified: Thu, 02 Feb 2023 13:05:56 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K2IGTaOWI1NEdWP9cdzk8Sjyb6s2T9kCJfsJsBF0xVqnbpscrIc3J1UUHYnzdLkikbevGMm4svvEdzxmnNlJGcGEM2wLWCVJPr5w125%2BQRag%2B5xrqOkZtP8Nw1aCrPLqt9BuOxb7%2FurI77E%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 794dc3b4ca520b4b-AMS
expires: Tue, 07 Mar 2023 18:38:39 GMT

GET
H3 200 common.css
dgjjfyje.com/CRA/dwn/dxcss/ 3 KB
1 KB 93ms
92ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dgjjfyje.com/CRA/dwn/dxcss/common.css

Requested by

Host: dgjjfyje.com
URL: https://dgjjfyje.com/CRA/dwn/index.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c9b2a27075da307d5a735af2ed7a0117ccf1d64420ddccd7c16dd36f77feaef

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://dgjjfyje.com/CRA/dwn/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.38 Safari/537.36

Response headers

date: Sun, 05 Feb 2023 18:38:41 GMT
content-encoding: br
x-content-type-options: nosniff, nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block
pragma: public
last-modified: Thu, 02 Feb 2023 13:06:02 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SeeVQeKH4r6%2FKsiSFBoRKXjEG%2BpFtCor9yp94paLhntEJun6oa28emRzKjPa7IuGhdLyWkZka0ZxwvsM4NpVdCU9SER99Cbc96XSWBwhIoYaky02tIJDMGmOKq1v%2BRQ6khHNMXpw2mDN0Lk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 794dc3b4ca530b4b-AMS
expires: Tue, 07 Mar 2023 18:38:39 GMT

GET
H3 200 timeout.css
dgjjfyje.com/CRA/dwn/dxcss/ 428 B
696 B 91ms
90ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dgjjfyje.com/CRA/dwn/dxcss/timeout.css

Requested by

Host: dgjjfyje.com
URL: https://dgjjfyje.com/CRA/dwn/index.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

447a4a6c6d785d6fc009367d1fd835b3245114e3162a5dafe288ea54ffd7e0c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://dgjjfyje.com/CRA/dwn/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.38 Safari/537.36

Response headers

date: Sun, 05 Feb 2023 18:38:41 GMT
content-encoding: br
x-content-type-options: nosniff, nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block
pragma: public
last-modified: Thu, 02 Feb 2023 13:06:08 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BiNX3YXQMojKWaYDzSvEIyfWb%2FiqZKvwbbId2YynEsmaMmLYsjEdVT5rKYxaPEEYaKM%2Bs%2FiN1JL0Qqp3zzsyCQyicvk5s1ju4MSefcqU0uK7230q8HgHWkxrynFVU8fuqNTkqSc62j2daRA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 794dc3b4ca550b4b-AMS
expires: Tue, 07 Mar 2023 18:38:39 GMT

GET
H3 200 theme.min.css
dgjjfyje.com/CRA/dwn/dxcss/ 356 KB
71 KB 140ms
140ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dgjjfyje.com/CRA/dwn/dxcss/theme.min.css

Requested by

Host: dgjjfyje.com
URL: https://dgjjfyje.com/CRA/dwn/index.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4bc3ba048d3662873f578957b148e6289c16a44bf0ecb62974f6869f2a6e53d

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://dgjjfyje.com/CRA/dwn/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.38 Safari/537.36

Response headers

date: Sun, 05 Feb 2023 18:38:41 GMT
content-encoding: br
x-content-type-options: nosniff, nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block
pragma: public
last-modified: Thu, 02 Feb 2023 13:11:42 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=swkYQIjRuXx9%2BBVQThR6RbNSmcnwPWTJ6TfT%2F%2FP8OJKcOZ0CRfbVhXRcEccQmNEd6fZ68TZrvvQy3aH%2BZaDVVJggqpAFv3fotEwY4vccUrD9PkXKNrDVUdeh4FiIZCjDBsF%2FDN%2B0JKXB76o%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 794dc3b4ca560b4b-AMS
expires: Tue, 07 Mar 2023 18:38:39 GMT

GET
H3 200 sig-blk-en.svg
dgjjfyje.com/CRA/dwn/dximg/ 10 KB
3 KB 89ms
88ms Image
image/svg+xml 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dgjjfyje.com/CRA/dwn/dximg/sig-blk-en.svg

Requested by

Host: dgjjfyje.com
URL: https://dgjjfyje.com/CRA/dwn/index.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2e36d892559ddef5691afa5bfba0996945fade837eb649bf6761f583ed95007

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://dgjjfyje.com/CRA/dwn/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.38 Safari/537.36

Response headers

date: Sun, 05 Feb 2023 18:38:41 GMT
content-encoding: br
x-content-type-options: nosniff, nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block
pragma: public
last-modified: Thu, 02 Feb 2023 13:09:14 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EXG6%2F%2BIXIaVgX5XJcxLMLqjxQiGtfZSy2fcxtaDdKZuS%2FN16jogp2yr%2F%2Fr5JuSUe2NxiGGkNUCX%2FEMeWBlAtAXgUVHUwTYGniwn%2BXqUU3%2BpM9LdiOj2Vlb8gVLk84%2Bp4bO3YkFbrfc3AJ9g%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=5184000
cf-ray: 794dc3b4da600b4b-AMS
expires: Thu, 06 Apr 2023 18:38:40 GMT

GET
H3 200 wmms-blk.svg
dgjjfyje.com/CRA/dwn/dximg/ 5 KB
2 KB 90ms
89ms Image
image/svg+xml 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dgjjfyje.com/CRA/dwn/dximg/wmms-blk.svg

Requested by

Host: dgjjfyje.com
URL: https://dgjjfyje.com/CRA/dwn/index.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc827f391db1b0a6917a1773e98731ab7901dd9897f0ad46c0f797f27f279487

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://dgjjfyje.com/CRA/dwn/index.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.38 Safari/537.36

Response headers

date: Sun, 05 Feb 2023 18:38:41 GMT
content-encoding: br
x-content-type-options: nosniff, nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block
pragma: public
last-modified: Thu, 02 Feb 2023 13:11:32 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0TgLPg9yvEuiCjfnMeXh3jgjG4LX9xXY9CZdR1keqaYpU7tvyw0z3EibmGN2CT0MjF5ShJFZZcnjRywAdoBwKOg7MbSUt41BLT4ibLfRn35eTQgJcxqbBgsibw%2FmL0F4p0w0aHpWt%2FNV6P0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=5184000
cf-ray: 794dc3b4da610b4b-AMS
expires: Thu, 06 Apr 2023 18:38:40 GMT

GET
DATA 200
OK truncated
/ 491 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89a441bfc7b3cef1d44f7e65dc322758c3eecbe195b5d40ceeac278e2f1fb54c

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.38 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ 9 KB
1 KB 123ms
49ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Noto+Sans:400,700,400italic,700italic&subset=latin,latin-ext

Requested by

Host: dgjjfyje.com
URL: https://dgjjfyje.com/CRA/dwn/dxcss/theme.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

594634cc0b7f37cff08b11778c0f039912467ce455f22b4741fc94da6985695f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://dgjjfyje.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.38 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 05 Feb 2023 18:38:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 05 Feb 2023 18:38:41 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 05 Feb 2023 18:38:41 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
533 B 137ms
64ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin,latin-ext

Requested by

Host: dgjjfyje.com
URL: https://dgjjfyje.com/CRA/dwn/dxcss/theme.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aed5ccd9a1464ec082338fd88b0b73b810af66c72b4adffe270607212d4693a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://dgjjfyje.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.38 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 05 Feb 2023 18:38:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 05 Feb 2023 16:49:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 05 Feb 2023 18:38:41 GMT

GET
H2 200 o-0IIpQlx3QUlC5A4PNr5TRA.woff2
fonts.gstatic.com/s/notosans/v27/ 13 KB
13 KB 164ms
93ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosans/v27/o-0IIpQlx3QUlC5A4PNr5TRA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:400,700,400italic,700italic&subset=latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88f00438d26021a325247c4427898f7c778a22976df9f1a9d9876429778bf265

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://dgjjfyje.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.38 Safari/537.36

Response headers

date: Sun, 05 Feb 2023 07:57:44 GMT
x-content-type-options: nosniff
age: 38457
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12860
x-xss-protection: 0
last-modified: Mon, 09 May 2022 18:27:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 05 Feb 2024 07:57:44 GMT

GET
DATA 200
OK truncated
/ 266 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.38 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
23 KB 138ms
69ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://dgjjfyje.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.38 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 06:33:26 GMT
x-content-type-options: nosniff
age: 475515
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23040
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Jan 2024 06:33:26 GMT

GET
H2 200 o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2
fonts.gstatic.com/s/notosans/v27/ 12 KB
13 KB 152ms
83ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosans/v27/o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:400,700,400italic,700italic&subset=latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1c30918a861cb6a985ab55d54ad7e861682354197f164cb3b7194f20eed67ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://dgjjfyje.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.38 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 13:54:01 GMT
x-content-type-options: nosniff
age: 276280
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12684
x-xss-protection: 0
last-modified: Mon, 09 May 2022 18:28:04 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 02 Feb 2024 13:54:01 GMT

GET
H2 200 o-0TIpQlx3QUlC5A4PNr4Az5ZuyDzW0.woff2
fonts.gstatic.com/s/notosans/v27/ 11 KB
12 KB 102ms
33ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosans/v27/o-0TIpQlx3QUlC5A4PNr4Az5ZuyDzW0.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:400,700,400italic,700italic&subset=latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8c357781bf89d971e4aced299202c71c94eccae63401887400dd3a89d7f336e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://dgjjfyje.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.38 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 10:05:59 GMT
x-content-type-options: nosniff
age: 289962
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11252
x-xss-protection: 0
last-modified: Mon, 09 May 2022 18:28:17 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 02 Feb 2024 10:05:59 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
23 KB 106ms
38ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://dgjjfyje.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.38 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 17:08:09 GMT
x-content-type-options: nosniff
age: 437432
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Jan 2024 17:08:09 GMT

GET
H3 200 invisible.js Show response
dgjjfyje.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame 1580 32 KB
14 KB 32ms
32ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dgjjfyje.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1675612800
Requested by: Host: dgjjfyje.com
URL: https://dgjjfyje.com/CRA/dwn/index.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d7b6f59eb2ac34a7211fa636dfadc5c362330bf27d008acc85965afd676f1708

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.38 Safari/537.36

Response headers

date: Sun, 05 Feb 2023 18:38:41 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Def%2BglmMsDIgzOF7%2FPUVPaL6%2BEZa%2FlKz5JS5sG6R5emILw%2BF5ehEEGYz3rkOeD8LUjp4tBP%2FO%2FHieUm8HaDiZu9vcfUMj0Gg7MDD79pDivLQiCd6ZLjFQ%2BiWRi0VSlaprUR%2FUjWL6MY1Wsw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 794dc3b70b970b4b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 pica.js
dgjjfyje.com/cdn-cgi/challenge-platform/h/b/scripts/ Frame 1580 19 KB
8 KB 41ms
40ms Other
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dgjjfyje.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Requested by: Host: dgjjfyje.com
URL: https://dgjjfyje.com/CRA/dwn/index.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a703ca88430637bb460bdbf1937b70b5407f1c774b042cd8caa9d869cde187f3

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.38 Safari/537.36

Response headers

date: Sun, 05 Feb 2023 18:38:41 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RSrG%2FuY3zHodXbl%2F68Gn0Z8tkmf1bep6lZ3e9xgwqBH%2FSHj6ZnkPhy37qpbWuH%2FTTBU3xVFMkqoZJpfBHurxqiN5kWJGqx3pq2rrMk7ZXhqxn2%2BAGX5kOH2dGMvsPOhuPy%2BAOpRrDFkBBqM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 794dc3b75bc00b4b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H3 200 794dc3a4f9040b4b Show response
dgjjfyje.com/cdn-cgi/challenge-platform/h/b/cv/result/ Frame 1580 2 B
675 B 55ms
55ms XHR
text/plain 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dgjjfyje.com/cdn-cgi/challenge-platform/h/b/cv/result/794dc3a4f9040b4b
Requested by: Host: dgjjfyje.com
URL: https://dgjjfyje.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1675612800
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.38 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 05 Feb 2023 18:38:42 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TQKmV80AZQW2a6mEwd%2FkX6LT2uVqbODvwPoB%2Fd3pyL4M%2BaBDe%2B1Fgfq5z127JmrSh0bb%2BEZp3EIyyQV9v3zN%2BM%2BFSSlt14Cx27eM9yeN50J4grZDnw243%2FLPx6mgxHo7UGw4cq2DBxC369g%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 794dc3b97d030b4b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Canadian Government (Government)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontentvisibilityautostatechange

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
qi.lv/	1969-12-31 23:59:59	Name: PHPSESSID Value: 2aeff4e71de7526e3b12d1e71c246d80
dgjjfyje.com/	1970-01-20 09:28:28	Name: -oYEIgQDpvqo4c3BQI0PqkgKXNc Value: dTFrObIvKqK4McNkpfHsL65Q3Ec
dgjjfyje.com/	1970-01-20 09:28:28	Name: RtBJlIC014T6Bu-BxrGwKA0UNo8 Value: 1675622315
dgjjfyje.com/	1970-01-20 09:28:28	Name: j30yASkXIhKEgeKhaCkrc7Qh9Qc Value: 1675708715
dgjjfyje.com/	1970-01-20 09:28:28	Name: Ajds-5G79Tlw35kXw3qlbTMoi5A Value: rk-9y6Mwn-RVv6b6jYcHadEA38o
dgjjfyje.com/	1970-01-20 09:28:28	Name: ydwsPxaORwj3Qo2F_QJMrBoDQUQ Value: 5Zgr2ItomcxptJeGNMH6b-C8TRw
dgjjfyje.com/	1970-01-20 09:28:28	Name: e_NGYU7x42WaclmYsVwem1RU0KY Value: 7ov2bzEry24rr2_9jf4ILyQ8rrs
dgjjfyje.com/	1970-01-20 09:28:28	Name: 0q7CcdIbdwEFzzLZkVAkvkD2Rag Value: 1675622317
dgjjfyje.com/	1970-01-20 09:28:28	Name: 2qtIc32fUQHpBlucXSHfWgBMlQk Value: 1675708717
dgjjfyje.com/	1970-01-20 09:28:28	Name: 7J7UIcrMJTa_KpTycoIFfO9xcVI Value: coxPI3J1tvIST1UfqlYgdSVn6AE
dgjjfyje.com/	1970-01-20 09:28:28	Name: xYk2SvSG08izk-L1pZa_NHpZmmA Value: XjkzoykQLvuL3bv6ZI3AyGtxgp4
.dgjjfyje.com/	1970-01-20 09:27:04	Name: __cf_bm Value: C1_b2s0CNTrCPyscQrafyrTPi4U.SynEEsrGh.2Tn6k-1675622322-0-ATscxRU3bP7Y6Vz3smqM/9ByrO6L93OdAcZIhaBdLLxreD9R59fO8kQsQFGk0vEMrMS9YK+TcnhSOKsm0xE9D1UltDK+ZOFoke6+AEtHVssl+Jfn7/7AApXqH1HF4hmi5C7Yg6JydHTco4ieHv+DKwg=

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://dgjjfyje.com/CRA/dwn/index.php Message: Failed to load resource: the server responded with a status of 503 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dgjjfyje.com
fonts.googleapis.com
fonts.gstatic.com
qi.lv
2a00:1450:4001:810::2003
2a00:1450:4001:830::200a
2a06:98c1:3120::c
2a06:98c1:3121::3
2a06:98c1:3121::c
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
447a4a6c6d785d6fc009367d1fd835b3245114e3162a5dafe288ea54ffd7e0c7
4c9b2a27075da307d5a735af2ed7a0117ccf1d64420ddccd7c16dd36f77feaef
594634cc0b7f37cff08b11778c0f039912467ce455f22b4741fc94da6985695f
662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33
7593e6968016a7ce167488dbfc91c56efffa381cb71f6c3f561784d434fd1d24
88f00438d26021a325247c4427898f7c778a22976df9f1a9d9876429778bf265
89a441bfc7b3cef1d44f7e65dc322758c3eecbe195b5d40ceeac278e2f1fb54c
8c357781bf89d971e4aced299202c71c94eccae63401887400dd3a89d7f336e5
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
922b29982c604cb77c82a27900857b7e9be69252ef3d1686c87dc3893abcaaba
a25420ae64b9b3d98d5af7711a4b61154e066aa8700ea9480cd2e9d843f916da
a703ca88430637bb460bdbf1937b70b5407f1c774b042cd8caa9d869cde187f3
aed5ccd9a1464ec082338fd88b0b73b810af66c72b4adffe270607212d4693a2
b2e36d892559ddef5691afa5bfba0996945fade837eb649bf6761f583ed95007
b4bc3ba048d3662873f578957b148e6289c16a44bf0ecb62974f6869f2a6e53d
c1c30918a861cb6a985ab55d54ad7e861682354197f164cb3b7194f20eed67ac
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
d58d1baf17341f342ae71bcd82e58114818aa1257d375f3403b4ed5123952a30
d7b6f59eb2ac34a7211fa636dfadc5c362330bf27d008acc85965afd676f1708
dc827f391db1b0a6917a1773e98731ab7901dd9897f0ad46c0f797f27f279487

dgjjfyje.com Open in urlscan Pro 2a06:98c1:3121::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

22 Requests

100 %HTTPS

100 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

231 kBTransfer

601 kBSize

12 Cookies

0 Outgoing links

Page URL History

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

12 Cookies

1 Console Messages

Security Headers

Indicators

dgjjfyje.com Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

231 kB
Transfer

601 kB
Size

12
Cookies

22 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!