www.finalfantasyxiv.com-hp.xyz Open in urlscan Pro
93.157.63.125 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/
Submission: On April 24 via manual (April 24th 2020, 3:34:50 am UTC) from CA

Summary HTTP 23 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 23 HTTP transactions. The main IP is 93.157.63.125, located in Russian Federation and belongs to NFORCE, NL. The main domain is www.finalfantasyxiv.com-hp.xyz.
TLS certificate: Issued by Let's Encrypt Authority X3 on April 23rd 2020. Valid for: 3 months.

This is the only time www.finalfantasyxiv.com-hp.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Square Enix (Gaming)

Domain & IP information

	IP Address	AS Autonomous System
1 3	93.157.63.125 93.157.63.125	43350 (NFORCE) (NFORCE)
19	143.204.89.82 143.204.89.82	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:821::2003	15169 (GOOGLE) (GOOGLE)
23	4

3 93.157.63.125 (Russian Federation) 1 redirects

ASN43350 (NFORCE, NL)
PTR: server.dnsfreevoice.com

www.finalfantasyxiv.com-hp.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 143.204.89.82 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-89-82.fra50.r.cloudfront.net

cache.secure.square-enix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	square-enix.com cache.secure.square-enix.com	239 KB
3	com-hp.xyz 1 redirects www.finalfantasyxiv.com-hp.xyz	15 KB
1	gstatic.com www.gstatic.com	121 KB
1	google.com www.google.com	545 B
23	4

	Domain	Requested by
19	cache.secure.square-enix.com	www.finalfantasyxiv.com-hp.xyz
3	www.finalfantasyxiv.com-hp.xyz	1 redirects www.finalfantasyxiv.com-hp.xyz
1	www.gstatic.com	www.google.com
1	www.google.com	www.finalfantasyxiv.com-hp.xyz
23	4

This site contains links to these domains. Also see Links.

Domain
square-enix-games.com
support.eu.square-enix.com

Subject Issuer	Validity	Valid
finalfantasyxiv.com-hp.xyz Let's Encrypt Authority X3	`2020-04-23` - `2020-07-22`	3 months	crt.sh
*.secure.square-enix.com Amazon	`2019-05-23` - `2020-06-23`	a year	crt.sh
www.google.com GTS CA 1O1	`2020-04-07` - `2020-06-30`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-04-01` - `2020-06-24`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/
Frame ID: 00F78E8103BFD6242E1720B311CBCA9C
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4 HTTP 301
https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/ Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

script /\/recaptcha\/api\.js/i

Page Statistics

23
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

376 kB
Transfer

545 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://square-enix-games.com/en_GB/seaccount/otp
Title: Enhancing security with one-time passwords.

Search URL Search Domain Scan URL

URL: https://square-enix-games.com/en_GB/seaccount
Title: What is a Square Enix account?

Search URL Search Domain Scan URL

URL: https://support.eu.square-enix.com/main.php?la=2&id=612
Title: Square Enix Support Centre

Search URL Search Domain Scan URL

URL: https://square-enix-games.com/en_GB/documents/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4 HTTP 301
https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/
Redirect Chain

https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4
https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/

11 KB
11 KB

28ms
27ms

Document
text/html

93.157.63.125
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.157.63.125 , Russian Federation, ASN43350 (NFORCE, NL),
Reverse DNS: server.dnsfreevoice.com
Software: Apache /
Resource Hash: 4aeabe40fbb8ad7dd4d4bebe3e43ecea23f791ffe9eb63f9074cf1ddab39fb8c

Request headers

Host: www.finalfantasyxiv.com-hp.xyz
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 24 Apr 2020 03:34:25 GMT
Server: Apache
Last-Modified: Thu, 23 Apr 2020 21:48:55 GMT
Accept-Ranges: bytes
Content-Length: 11104
Keep-Alive: timeout=5, max=79
Connection: Keep-Alive
Content-Type: text/html

Redirect headers

Date: Fri, 24 Apr 2020 03:34:25 GMT
Server: Apache
Location: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/
Content-Length: 267
Keep-Alive: timeout=5, max=80
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 reset.css
cache.secure.square-enix.com/account/content/flat/common/css/ 1 KB
2 KB 98ms
22ms Stylesheet
text/css 143.204.89.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cache.secure.square-enix.com/account/content/flat/common/css/reset.css?ver=19202023033627

Requested by

Host: www.finalfantasyxiv.com-hp.xyz
URL: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.89.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-82.fra50.r.cloudfront.net

Software

Apache /

Resource Hash

4a853ba1edbd4da68cfc48b692d7cedd0bfd81de8a1da01166024ec973aaccc2

Security Headers

Name	Value
Strict-Transport-Security	max-age=600; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=600; includeSubDomains
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
etag: "4ba-5a1d3787a36c0"
age: 98490
x-cache: Hit from cloudfront
status: 200
content-length: 1210
x-xss-protection: 1; mode=block
last-modified: Fri, 27 Mar 2020 10:21:55 GMT
server: Apache
date: Fri, 24 Apr 2020 00:08:38 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: PBv-PI0PecSa_uVwOqL_mP2R4gQ4NTA6E3I7QhXeSlZYynfHzokI7g==

GET
H2 200 core.css
cache.secure.square-enix.com/account/content/flat/responsive/css/ 25 KB
25 KB 108ms
32ms Stylesheet
text/css 143.204.89.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cache.secure.square-enix.com/account/content/flat/responsive/css/core.css?ver=19202023033627

Requested by

Host: www.finalfantasyxiv.com-hp.xyz
URL: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.89.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-82.fra50.r.cloudfront.net

Software

Apache /

Resource Hash

9d6f3097426937fdd5f1e6351e2bbd0294705dc333a5a535464c23cf924a0867

Security Headers

Name	Value
Strict-Transport-Security	max-age=600; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=600; includeSubDomains
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
etag: "636b-5a1d3787a36c0"
age: 92425
x-cache: Hit from cloudfront
status: 200
content-length: 25451
x-xss-protection: 1; mode=block
last-modified: Fri, 27 Mar 2020 10:21:55 GMT
server: Apache
date: Thu, 23 Apr 2020 08:52:02 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: r1C-HBOvWydNsalNvWzV2hBtSYpQFC6PLdIN3gYUq8HdbWIjwU1iPQ==

GET
H2 200 base.css
cache.secure.square-enix.com/account/content/flat/responsive/css/ 23 KB
23 KB 119ms
43ms Stylesheet
text/css 143.204.89.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cache.secure.square-enix.com/account/content/flat/responsive/css/base.css?ver=19202023033627

Requested by

Host: www.finalfantasyxiv.com-hp.xyz
URL: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.89.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-82.fra50.r.cloudfront.net

Software

Apache /

Resource Hash

a81f8ca56091ef8e56b1673a8305faebc9656e690c60726ac57ab204946735ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=600; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=600; includeSubDomains
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
etag: "5a07-5a1d3787a36c0"
age: 96885
x-cache: Hit from cloudfront
status: 200
content-length: 23047
x-xss-protection: 1; mode=block
last-modified: Fri, 27 Mar 2020 10:21:55 GMT
server: Apache
date: Fri, 24 Apr 2020 00:08:38 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: M8CDIf9Yqxkwl8n2pHJewFKOod4mMXrniGXMgL_ky04CIBZ_UKhx-A==

GET
H2 200 main.css
cache.secure.square-enix.com/account/content/flat/responsive/css/ 16 KB
16 KB 126ms
50ms Stylesheet
text/css 143.204.89.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cache.secure.square-enix.com/account/content/flat/responsive/css/main.css?ver=19202023033627

Requested by

Host: www.finalfantasyxiv.com-hp.xyz
URL: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.89.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-82.fra50.r.cloudfront.net

Software

Apache /

Resource Hash

024c4dfffbc3859a884a7f320aabda6f26284da4bf277f3e3d52f9d7802776e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=600; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=600; includeSubDomains
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
etag: "3f3d-5a1d3787a36c0"
age: 67343
x-cache: Hit from cloudfront
status: 200
content-length: 16189
x-xss-protection: 1; mode=block
last-modified: Fri, 27 Mar 2020 10:21:55 GMT
server: Apache
date: Thu, 23 Apr 2020 08:52:02 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: TsM14nO6mZHACj9Tbxu_ADPQQbL6JxUNnNMOX_vqTAARUI2lDBtICA==

GET
H2 200 jquery-3.4.0.min.js Show response
cache.secure.square-enix.com/oauth/content/jquery/ 86 KB
87 KB 129ms
53ms Script
application/javascript 143.204.89.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cache.secure.square-enix.com/oauth/content/jquery/jquery-3.4.0.min.js?ver=19202023033627

Requested by

Host: www.finalfantasyxiv.com-hp.xyz
URL: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.89.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-82.fra50.r.cloudfront.net

Software

Apache /

Resource Hash

26a80014d87ff2ce19f2d1cfc92e537213f96ab6b620a4217da3cb643aeab4ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=600; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=600; includeSubDomains
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
etag: "15857-5a21f7f8a28c0"
age: 54758
x-cache: Hit from cloudfront
status: 200
content-length: 88151
x-xss-protection: 1; mode=block
last-modified: Tue, 31 Mar 2020 05:04:11 GMT
server: Apache
date: Thu, 23 Apr 2020 12:21:48 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: XKEnEEf6ACjBPQXHXKCo0VR0H4Vt0pDtHVEqeOHM8pSpOuwkPkt2wA==

GET
H2 200 jquery.easing.1.3.js Show response
cache.secure.square-enix.com/oauth/content/js/ 8 KB
8 KB 142ms
67ms Script
application/javascript 143.204.89.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cache.secure.square-enix.com/oauth/content/js/jquery.easing.1.3.js?ver=19202023033627

Requested by

Host: www.finalfantasyxiv.com-hp.xyz
URL: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.89.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-82.fra50.r.cloudfront.net

Software

Apache /

Resource Hash

73d066fdcf0ef3de55c490a4105672112f64f5df30b4029d95c96441c4a1a886

Security Headers

Name	Value
Strict-Transport-Security	max-age=600; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 23 Apr 2020 22:57:10 GMT
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
age: 16636
x-cache: Hit from cloudfront
status: 200
content-length: 8064
x-xss-protection: 1; mode=block
last-modified: Tue, 31 Mar 2020 05:04:11 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "1f80-5a21f7f8a28c0"
strict-transport-security: max-age=600; includeSubDomains
content-type: application/javascript
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: UokmKcbix3DSMeqi0q-ZlLAeBmCebluH_-_c0fZR1wPEvNarTnrYiw==

GET
H2 200 logo.js Show response
cache.secure.square-enix.com/oauth/content/js/ 341 B
755 B 142ms
67ms Script
application/javascript 143.204.89.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cache.secure.square-enix.com/oauth/content/js/logo.js?ver=19202023033627

Requested by

Host: www.finalfantasyxiv.com-hp.xyz
URL: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.89.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-82.fra50.r.cloudfront.net

Software

Apache /

Resource Hash

8efe2cd16b305535611ba7eff6711c3b8fa1a1d5c1fbf94531f57c8950712ced

Security Headers

Name	Value
Strict-Transport-Security	max-age=600; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 23 Apr 2020 23:03:45 GMT
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
age: 16241
x-cache: Hit from cloudfront
status: 200
content-length: 341
x-xss-protection: 1; mode=block
last-modified: Tue, 31 Mar 2020 05:04:53 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "155-5a21f820b0740"
strict-transport-security: max-age=600; includeSubDomains
content-type: application/javascript
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: fjXkrAuBsQ7xUX9f1IzEgk01QwGX1jzq0YAwnbOmusMMqVc34xjGmw==

GET
H2 200 swk.js Show response
cache.secure.square-enix.com/oauth/content/swk/ 33 KB
34 KB 143ms
68ms Script
application/javascript 143.204.89.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cache.secure.square-enix.com/oauth/content/swk/swk.js?ver=19202023033627&lang=en&src=https://cache.secure.square-enix.com/oauth/content/swk

Requested by

Host: www.finalfantasyxiv.com-hp.xyz
URL: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.89.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-82.fra50.r.cloudfront.net

Software

Apache /

Resource Hash

cb1b4495577f5e3c20f5e111c559df0ae753595e3c8951780f302e5e263407e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=600; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=600; includeSubDomains
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
etag: "8596-5a21f7f8a28c0"
age: 56675
x-cache: Hit from cloudfront
status: 200
content-length: 34198
x-xss-protection: 1; mode=block
last-modified: Tue, 31 Mar 2020 05:04:11 GMT
server: Apache
date: Thu, 23 Apr 2020 11:53:11 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: aGaN4DeCpnfYQqtE_b-JdaYw4NZfhLOYfGq8HkJoWAbXCBUS_85ZXA==

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 674 B
545 B 22ms
22ms Script
text/javascript 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: www.finalfantasyxiv.com-hp.xyz
URL: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

eff1e369cf0b3ccaf06a247ad118d31ddb4dee8c19ae178d2f7bd6f4043a2d6c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 24 Apr 2020 03:34:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 445
x-xss-protection: 1; mode=block
expires: Fri, 24 Apr 2020 03:34:26 GMT

GET
H2 200 is_iframe.js Show response
cache.secure.square-enix.com/oauth/content/js/ 173 B
585 B 142ms
68ms Script
application/javascript 143.204.89.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cache.secure.square-enix.com/oauth/content/js/is_iframe.js?ver=19202023033627

Requested by

Host: www.finalfantasyxiv.com-hp.xyz
URL: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.89.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-82.fra50.r.cloudfront.net

Software

Apache /

Resource Hash

91edb3c289aafd7384bcf935a583883dad251d9def1f55110f4eb00f632a0336

Security Headers

Name	Value
Strict-Transport-Security	max-age=600; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 23 Apr 2020 08:09:58 GMT
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
age: 69867
x-cache: Hit from cloudfront
status: 200
content-length: 173
x-xss-protection: 1; mode=block
last-modified: Tue, 31 Mar 2020 05:04:11 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "ad-5a21f7f8a28c0"
strict-transport-security: max-age=600; includeSubDomains
content-type: application/javascript
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: ppNco72-wDLeFmo0Jjy7dMZcIdrDauDRsEPz3RqWD4cKna9-BTYQCQ==

GET
H2 200 shadowbringers_logo.png
cache.secure.square-enix.com/oauth/content/image/en/ffxiv_forum/ 23 KB
24 KB 23ms
22ms Image
image/png 143.204.89.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cache.secure.square-enix.com/oauth/content/image/en/ffxiv_forum/shadowbringers_logo.png?ver=19202023033627

Requested by

Host: www.finalfantasyxiv.com-hp.xyz
URL: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.89.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-82.fra50.r.cloudfront.net

Software

Apache /

Resource Hash

27681adaaa9c9b6bf521a7495175c6bcb150c69cbf3d87206447215687a1529b

Security Headers

Name	Value
Strict-Transport-Security	max-age=600; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=600; includeSubDomains
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
etag: "5cc1"
age: 44535
x-cache: Hit from cloudfront
status: 200
content-length: 23745
x-xss-protection: 1; mode=block
last-modified: Tue, 31 Mar 2020 05:05:09 GMT
server: Apache
date: Thu, 23 Apr 2020 15:55:28 GMT
x-frame-options: SAMEORIGIN
content-type: image/png
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: Z7zrn13GgYuKqDaFFWVt6qUBBDBp_TLMIbYSNWnfcxVNTDy_9aJq2A==

GET
H2 200 keyboard.png
cache.secure.square-enix.com/oauth/content/swk/image/ 1 KB
2 KB 25ms
24ms Image
image/png 143.204.89.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cache.secure.square-enix.com/oauth/content/swk/image/keyboard.png?ver=19202023033627

Requested by

Host: www.finalfantasyxiv.com-hp.xyz
URL: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.89.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-82.fra50.r.cloudfront.net

Software

Apache /

Resource Hash

86102adf9c855bebef5e4db34b43eaefa4b075efdb516044742e50b8ac5c8607

Security Headers

Name	Value
Strict-Transport-Security	max-age=600; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 23 Apr 2020 22:20:43 GMT
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
age: 18823
x-cache: Hit from cloudfront
status: 200
content-length: 1511
x-xss-protection: 1; mode=block
last-modified: Tue, 31 Mar 2020 05:04:11 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "5e7-5a21f7f8a28c0"
strict-transport-security: max-age=600; includeSubDomains
content-type: image/png
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: VD7zpsKmEt-TXTGAuyhn2iO-QMbOruA2yj1paQNbJ21ebQ-c4hfPfg==

GET
H2 200 login.png
cache.secure.square-enix.com/account/content/flat/responsive/img/login/icon/ 2 KB
2 KB 24ms
23ms Image
image/png 143.204.89.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cache.secure.square-enix.com/account/content/flat/responsive/img/login/icon/login.png?ver=19202023033627

Requested by

Host: www.finalfantasyxiv.com-hp.xyz
URL: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.89.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-82.fra50.r.cloudfront.net

Software

Apache /

Resource Hash

3fdef8e0c59e6d05ca7252e08ae8d6c9424773912d3c2f22e9e105b9fb121926

Security Headers

Name	Value
Strict-Transport-Security	max-age=600; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=600; includeSubDomains
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
etag: "7c0-5a1d3787a36c0"
age: 8854
x-cache: Hit from cloudfront
status: 200
content-length: 1984
x-xss-protection: 1; mode=block
last-modified: Fri, 27 Mar 2020 10:21:55 GMT
server: Apache
date: Fri, 24 Apr 2020 01:19:55 GMT
x-frame-options: SAMEORIGIN
content-type: image/png
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: rjsfaUHccRlnsQGpjSrbMxTZ3rK4CVkkJZncsAHCayij2tAZyLipVA==

GET
H/1.1 200
OK getseal.png
www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/ 4 KB
4 KB 27ms
26ms Image
image/png 93.157.63.125
NFORCE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/getseal.png
Requested by: Host: www.finalfantasyxiv.com-hp.xyz
URL: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.157.63.125 , Russian Federation, ASN43350 (NFORCE, NL),
Reverse DNS: server.dnsfreevoice.com
Software: Apache /
Resource Hash: adf76e2b525174befd7108ae774141882f52a466bab0fa34a72bf65eaf738339

Request headers

Referer: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 24 Apr 2020 03:34:26 GMT
Last-Modified: Wed, 22 Apr 2020 23:26:41 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=78
Content-Length: 3616

GET
H2 200 signup.png
cache.secure.square-enix.com/account/content/flat/responsive/img/login/icon/ 2 KB
2 KB 24ms
23ms Image
image/png 143.204.89.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cache.secure.square-enix.com/account/content/flat/responsive/img/login/icon/signup.png?ver=19202023033627

Requested by

Host: www.finalfantasyxiv.com-hp.xyz
URL: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.89.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-82.fra50.r.cloudfront.net

Software

Apache /

Resource Hash

3ab53eebd2750d61104f2bfc0e2350237b119ff8c37dfe880cf672bb57c72339

Security Headers

Name	Value
Strict-Transport-Security	max-age=600; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=600; includeSubDomains
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
etag: "6e5-5a1d3787a36c0"
age: 163169
x-cache: Hit from cloudfront
status: 200
content-length: 1765
x-xss-protection: 1; mode=block
last-modified: Fri, 27 Mar 2020 10:21:55 GMT
server: Apache
date: Thu, 23 Apr 2020 05:46:25 GMT
x-frame-options: SAMEORIGIN
content-type: image/png
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: wbI0bFKEl_DWCefkanFQx-VI23XgadaNKKFbXu6hl4TilgrMTmoqJA==

GET
H2 200 pc.png
cache.secure.square-enix.com/account/content/flat/responsive/img/header/logo/ 4 KB
5 KB 24ms
23ms Image
image/png 143.204.89.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cache.secure.square-enix.com/account/content/flat/responsive/img/header/logo/pc.png

Requested by

Host: www.finalfantasyxiv.com-hp.xyz
URL: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.89.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-82.fra50.r.cloudfront.net

Software

Apache /

Resource Hash

c7e06e45feb9bba80caa9974d7938e8f2f5ca62989deda329ec248bb4a19d1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=600; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cache.secure.square-enix.com/account/content/flat/responsive/css/base.css?ver=19202023033627
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=600; includeSubDomains
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
etag: "10d8-5a1d3787a36c0"
age: 94562
x-cache: Hit from cloudfront
status: 200
content-length: 4312
x-xss-protection: 1; mode=block
last-modified: Fri, 27 Mar 2020 10:21:55 GMT
server: Apache
date: Thu, 23 Apr 2020 23:28:13 GMT
x-frame-options: SAMEORIGIN
content-type: image/png
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: WL5aD1c08rRGhj9zWg5gyRZDDoXcw7PfM9Miv2C-GSPl8sXQJXXusg==

GET
H2 200 icon_pc.png
cache.secure.square-enix.com/account/content/flat/responsive/img/contentbox/header/ 1 KB
2 KB 24ms
23ms Image
image/png 143.204.89.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cache.secure.square-enix.com/account/content/flat/responsive/img/contentbox/header/icon_pc.png

Requested by

Host: www.finalfantasyxiv.com-hp.xyz
URL: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.89.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-82.fra50.r.cloudfront.net

Software

Apache /

Resource Hash

f69809e527e33af6e8c8b4dd7aa4af28747da778e83e675efc7ae2cbe24665aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=600; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cache.secure.square-enix.com/account/content/flat/responsive/css/base.css?ver=19202023033627
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=600; includeSubDomains
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
etag: "469-5a1d3787a36c0"
age: 108768
x-cache: Hit from cloudfront
status: 200
content-length: 1129
x-xss-protection: 1; mode=block
last-modified: Fri, 27 Mar 2020 10:21:55 GMT
server: Apache
date: Thu, 23 Apr 2020 19:51:08 GMT
x-frame-options: SAMEORIGIN
content-type: image/png
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: 0BjKMgCPyHUKEF6tpc6ZHPF7aNnA_Yu_BJlgLDlwlMyiJZry1EzVuQ==

GET
H2 200 id.png
cache.secure.square-enix.com/account/content/flat/responsive/img/login/icon/ 354 B
758 B 24ms
24ms Image
image/png 143.204.89.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cache.secure.square-enix.com/account/content/flat/responsive/img/login/icon/id.png

Requested by

Host: www.finalfantasyxiv.com-hp.xyz
URL: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.89.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-82.fra50.r.cloudfront.net

Software

Apache /

Resource Hash

c09416eded136096230b7096eda4b028e05bd909e010c0a496eaccd726443f8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=600; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cache.secure.square-enix.com/account/content/flat/responsive/css/main.css?ver=19202023033627
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=600; includeSubDomains
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
etag: "162-5a1d3787a36c0"
age: 77580
x-cache: Hit from cloudfront
status: 200
content-length: 354
x-xss-protection: 1; mode=block
last-modified: Fri, 27 Mar 2020 10:21:55 GMT
server: Apache
date: Fri, 24 Apr 2020 00:19:31 GMT
x-frame-options: SAMEORIGIN
content-type: image/png
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: bW4YRIiCPPXb4Ontx5lhQOr8Wd_cQxWW-RJiCVucaPu0X_DUB0qsWQ==

GET
H2 200 password.png
cache.secure.square-enix.com/account/content/flat/responsive/img/login/icon/ 1 KB
2 KB 22ms
22ms Image
image/png 143.204.89.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cache.secure.square-enix.com/account/content/flat/responsive/img/login/icon/password.png

Requested by

Host: www.finalfantasyxiv.com-hp.xyz
URL: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.89.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-82.fra50.r.cloudfront.net

Software

Apache /

Resource Hash

ae495f3fcf5a0418cc3f9bcdf9541bdb08f6f1841176e5e3527c5d9b075e006c

Security Headers

Name	Value
Strict-Transport-Security	max-age=600; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cache.secure.square-enix.com/account/content/flat/responsive/css/main.css?ver=19202023033627
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=600; includeSubDomains
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
etag: "573-5a1d3787a36c0"
age: 89920
x-cache: Hit from cloudfront
status: 200
content-length: 1395
x-xss-protection: 1; mode=block
last-modified: Fri, 27 Mar 2020 10:21:55 GMT
server: Apache
date: Thu, 23 Apr 2020 23:22:21 GMT
x-frame-options: SAMEORIGIN
content-type: image/png
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: 1zqnjyWDGZvl7S_gXJsK61chgb4zAWHEyjspFaYxFCMvN51o1dKgzA==

GET
H2 200 pc.png
cache.secure.square-enix.com/account/content/flat/responsive/img/misc/icon/next/ 2 KB
2 KB 25ms
25ms Image
image/png 143.204.89.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cache.secure.square-enix.com/account/content/flat/responsive/img/misc/icon/next/pc.png

Requested by

Host: www.finalfantasyxiv.com-hp.xyz
URL: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.89.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-82.fra50.r.cloudfront.net

Software

Apache /

Resource Hash

d557ff8fc59eb1dbc9bcb2bfdbfe6a7072a53e111391c83fd694e27a957abb17

Security Headers

Name	Value
Strict-Transport-Security	max-age=600; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cache.secure.square-enix.com/account/content/flat/responsive/css/base.css?ver=19202023033627
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=600; includeSubDomains
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
etag: "85e-5a1d3787a36c0"
age: 89920
x-cache: Hit from cloudfront
status: 200
content-length: 2142
x-xss-protection: 1; mode=block
last-modified: Fri, 27 Mar 2020 10:21:55 GMT
server: Apache
date: Thu, 23 Apr 2020 08:49:28 GMT
x-frame-options: SAMEORIGIN
content-type: image/png
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: ESead6XVgy4zXHbGf_BWbcaT4ydrNeXkWQgM7wEpNW20HyIr_U4E5g==

GET
H2 200 pc.png
cache.secure.square-enix.com/account/content/flat/responsive/img/footer/icon/arrow/ 1 KB
2 KB 24ms
24ms Image
image/png 143.204.89.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cache.secure.square-enix.com/account/content/flat/responsive/img/footer/icon/arrow/pc.png

Requested by

Host: www.finalfantasyxiv.com-hp.xyz
URL: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.89.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-82.fra50.r.cloudfront.net

Software

Apache /

Resource Hash

a2bee0679800bdda01132e21f0afd98c32e72075d6e290a4f62a9d93d87d4cd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=600; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cache.secure.square-enix.com/account/content/flat/responsive/css/base.css?ver=19202023033627
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=600; includeSubDomains
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
etag: "552-5a1d3787a36c0"
age: 82364
x-cache: Hit from cloudfront
status: 200
content-length: 1362
x-xss-protection: 1; mode=block
last-modified: Fri, 27 Mar 2020 10:21:55 GMT
server: Apache
date: Fri, 24 Apr 2020 02:24:10 GMT
x-frame-options: SAMEORIGIN
content-type: image/png
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: h2Z1TD3ae_p88AwzinuZm4vm2w9yuC-weMSjlomyWcSyA-SYxVmypQ==

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/wk6lx42JIeYmEAQSHndnyT8Q/ 299 KB
121 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:821::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/wk6lx42JIeYmEAQSHndnyT8Q/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b3f949c5fa5809887926e9351f3d35a72b6c9b542bcbfffbc41e0fd87424ae71

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.finalfantasyxiv.com-hp.xyz/lodestone/2f5bd41a4/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 20 Apr 2020 16:59:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 20 Apr 2020 04:05:48 GMT
server: sffe
age: 297326
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 124243
x-xss-protection: 0
expires: Tue, 20 Apr 2021 16:59:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Square Enix (Gaming)

214 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cache.secure.square-enix.com
www.finalfantasyxiv.com-hp.xyz
www.google.com
www.gstatic.com
143.204.89.82
2a00:1450:4001:809::2004
2a00:1450:4001:821::2003
93.157.63.125
024c4dfffbc3859a884a7f320aabda6f26284da4bf277f3e3d52f9d7802776e4
26a80014d87ff2ce19f2d1cfc92e537213f96ab6b620a4217da3cb643aeab4ba
27681adaaa9c9b6bf521a7495175c6bcb150c69cbf3d87206447215687a1529b
3ab53eebd2750d61104f2bfc0e2350237b119ff8c37dfe880cf672bb57c72339
3fdef8e0c59e6d05ca7252e08ae8d6c9424773912d3c2f22e9e105b9fb121926
4a853ba1edbd4da68cfc48b692d7cedd0bfd81de8a1da01166024ec973aaccc2
4aeabe40fbb8ad7dd4d4bebe3e43ecea23f791ffe9eb63f9074cf1ddab39fb8c
73d066fdcf0ef3de55c490a4105672112f64f5df30b4029d95c96441c4a1a886
86102adf9c855bebef5e4db34b43eaefa4b075efdb516044742e50b8ac5c8607
8efe2cd16b305535611ba7eff6711c3b8fa1a1d5c1fbf94531f57c8950712ced
91edb3c289aafd7384bcf935a583883dad251d9def1f55110f4eb00f632a0336
9d6f3097426937fdd5f1e6351e2bbd0294705dc333a5a535464c23cf924a0867
a2bee0679800bdda01132e21f0afd98c32e72075d6e290a4f62a9d93d87d4cd1
a81f8ca56091ef8e56b1673a8305faebc9656e690c60726ac57ab204946735ff
adf76e2b525174befd7108ae774141882f52a466bab0fa34a72bf65eaf738339
ae495f3fcf5a0418cc3f9bcdf9541bdb08f6f1841176e5e3527c5d9b075e006c
b3f949c5fa5809887926e9351f3d35a72b6c9b542bcbfffbc41e0fd87424ae71
c09416eded136096230b7096eda4b028e05bd909e010c0a496eaccd726443f8f
c7e06e45feb9bba80caa9974d7938e8f2f5ca62989deda329ec248bb4a19d1e0
cb1b4495577f5e3c20f5e111c559df0ae753595e3c8951780f302e5e263407e7
d557ff8fc59eb1dbc9bcb2bfdbfe6a7072a53e111391c83fd694e27a957abb17
eff1e369cf0b3ccaf06a247ad118d31ddb4dee8c19ae178d2f7bd6f4043a2d6c
f69809e527e33af6e8c8b4dd7aa4af28747da778e83e675efc7ae2cbe24665aa

www.finalfantasyxiv.com-hp.xyz Open in urlscan Pro 93.157.63.125 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

23 Requests

100 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

376 kBTransfer

545 kBSize

0 Cookies

4 Outgoing links

Page URL History

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

214 JavaScript Global Variables

0 Cookies

Indicators

www.finalfantasyxiv.com-hp.xyz Open in urlscan Pro
93.157.63.125 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

376 kB
Transfer

545 kB
Size

0
Cookies

23 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!