cloudflare-ipfs.com Open in urlscan Pro
104.17.96.13  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request bafkreienbn3rwmlicdpwtwmt3gbeb7qvlb3dlpnuidsf3j6dnxf67mtbyy Show response cloudflare-ipfs.com/ipfs/	58 KB 40 KB	171ms 147ms	Document text/html	104.17.96.13 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cloudflare-ipfs.com/ipfs/bafkreienbn3rwmlicdpwtwmt3gbeb7qvlb3dlpnuidsf3j6dnxf67mtbyy Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.96.13 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8d0b771b316810df69d993d98240fe15587635bdb440e45da7c36dcbefb261c6 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers access-control-allow-headers Content-Type Range User-Agent X-Requested-With access-control-allow-methods GET access-control-allow-origin * access-control-expose-headers Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output alt-svc h3=":443"; ma=86400 cache-control public, max-age=29030400, immutable cf-cache-status MISS cf-ray 88507cfd9f306a75-TXL content-encoding br content-type text/html date Fri, 17 May 2024 03:23:20 GMT etag W/"bafkreienbn3rwmlicdpwtwmt3gbeb7qvlb3dlpnuidsf3j6dnxf67mtbyy" server cloudflare vary Accept-Encoding x-cf-ipfs-cache-status miss x-ipfs-path /ipfs/bafkreienbn3rwmlicdpwtwmt3gbeb7qvlb3dlpnuidsf3j6dnxf67mtbyy x-ipfs-roots bafkreienbn3rwmlicdpwtwmt3gbeb7qvlb3dlpnuidsf3j6dnxf67mtbyy
GET H3	200	crypto-js.min.js Show response cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/	47 KB 14 KB	76ms 40ms	Script application/javascript	104.17.25.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js Requested by Host: cloudflare-ipfs.com URL: https://cloudflare-ipfs.com/ipfs/bafkreienbn3rwmlicdpwtwmt3gbeb7qvlb3dlpnuidsf3j6dnxf67mtbyy Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://cloudflare-ipfs.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform "Win32" Response headers date Fri, 17 May 2024 03:23:20 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 8220 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 13972 last-modified Sat, 14 Aug 2021 20:33:09 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "61182885-3694" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7%2FJXELqVrYOBVuq7ZEMECV2zwC2HhFy2JLwPFGTOtJpshPaLeDDAzluzGr0nOOUjMOXgR%2FplTRoFdNrNFfnVTgS2tzgYZ6GiNnnAAI7AHuFbs5GbbK8LUtL0HwaUtPS%2FeNNGre%2FD"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 88507cff094f3a98-FRA expires Wed, 07 May 2025 03:23:20 GMT
GET H2	200	jquery-1.9.1.js Show response code.jquery.com/	262 KB 78 KB	95ms 27ms	Script application/javascript	2a04:4e42:400::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-1.9.1.js Requested by Host: cloudflare-ipfs.com URL: https://cloudflare-ipfs.com/ipfs/bafkreienbn3rwmlicdpwtwmt3gbeb7qvlb3dlpnuidsf3j6dnxf67mtbyy Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://cloudflare-ipfs.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 17 May 2024 03:23:20 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 3541666 x-cache HIT, HIT content-length 79506 x-served-by cache-lga21952-LGA, cache-fra-eddf8230039-FRA last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1715916201.969655,VS0,VE0 etag W/"28feccc0-4185d" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 16, 63642
GET H2	200	AJFCJaXhZo6cUCNh1ssNQzSV3jc1ppd5Vt2HN5GjHL82rJR25OrOigrMWVvBpwQN6BD4T_qHdwh2spOZ9bKA-BqcHsttYMUy5sxc-E99nKe9pgDJsCX0icydpRhjm97W_S4_6cism2sTCOp-Oxa807yjCEw=w1580-h720-s-no lh3.googleusercontent.com/pw/	192 KB 193 KB	447ms 339ms	Image image/gif	2a00:1450:4001:831::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://lh3.googleusercontent.com/pw/AJFCJaXhZo6cUCNh1ssNQzSV3jc1ppd5Vt2HN5GjHL82rJR25OrOigrMWVvBpwQN6BD4T_qHdwh2spOZ9bKA-BqcHsttYMUy5sxc-E99nKe9pgDJsCX0icydpRhjm97W_S4_6cism2sTCOp-Oxa807yjCEw=w1580-h720-s-no?authuser=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software fife / Resource Hash c51ecfdbb39612d629bbbfa57896c63dc52971d7bcf78f1795944be16274a8eb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://cloudflare-ipfs.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 17 May 2024 03:23:21 GMT x-content-type-options nosniff server fife etag "v51" vary Origin content-type image/gif access-control-expose-headers Content-Length cache-control private, max-age=86400, no-transform cross-origin-resource-policy cross-origin content-disposition inline;filename="Flashback - Jul 5, 2023 00_04_12.gif" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 197044 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	AMWts8CjWLE-4lSHnzZVyyi38RiG_iHUev92wvk3GXVlZur4_v68tJc5TxPcsfc6Vo4P2_Sa5_Dg4wBjO9x0q0xYFQKyjpg1zURhvOLxyPhDhPJg_Z8XDFduSWtavIhhZp_z9dX4zrOp2jk9GCWUmL_6qus=s128-no lh3.googleusercontent.com/pw/	330 B 646 B	434ms 332ms	Other image/png	2a00:1450:4001:831::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://lh3.googleusercontent.com/pw/AMWts8CjWLE-4lSHnzZVyyi38RiG_iHUev92wvk3GXVlZur4_v68tJc5TxPcsfc6Vo4P2_Sa5_Dg4wBjO9x0q0xYFQKyjpg1zURhvOLxyPhDhPJg_Z8XDFduSWtavIhhZp_z9dX4zrOp2jk9GCWUmL_6qus=s128-no Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software fife / Resource Hash fea8fbaec75213e1af8005edfcdc94e7b5d7dca6ddb4e262d66e4756bda96d54 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://cloudflare-ipfs.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 17 May 2024 03:23:21 GMT x-content-type-options nosniff server fife etag "v30" vary Origin content-type image/png access-control-expose-headers Content-Length cache-control private, max-age=86400, no-transform cross-origin-resource-policy cross-origin content-disposition inline;filename="logo-off-1.png" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 330 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST		/ lkalzzop.online/obufsssssssscaaatoion/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

lkalzzop.online

URL

https://lkalzzop.online/obufsssssssscaaatoion/

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

311 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| hNbVgqgF string| WOWAzKDP string| BEymRobw string| ATBzuakK string| ZltjRavS string| baXxGlUn string| KMFQdXOR string| SbhcDLek string| gvYKVeFd string| VyRDqRfW string| NJhDIIQG string| nkyUskRy string| LLfPpGAd string| HqkjqfFb string| LnIvCDvm string| QJhuYalH string| KmjfcsbV string| BCyEJcLk string| crnfhvTe string| tQsdmyiK string| zXDFUEcb string| FbRpEngJ string| JcwdHFqv string| Mfhwtptx string| BiPtKsiE string| VJKwqTgC string| gkxWiNrd string| nhhpgrUL string| vcqfKosl string| vYUvFgNu string| mlFkUTwn string| jRoLGfON string| YZcQCXWr string| JYKCxwzj string| jWZYTgoX string| sXQdLGMp string| dVlBLHBx string| PZKYyLpX string| qHSGxYns string| XhhylySZ string| prwuSzEa string| VlpchTfD string| myTbHHvW string| kfzvgprq string| yhoTJXvd string| htJPtImm string| kdExkJTu string| BDElbgZZ string| GoSilxrz string| tpTEvVaV string| VRYbVrvr string| SaIDrFny string| GIAkBdUw string| oSAeooUS string| zarrYWWT string| AemarkJP string| WJfGvUJI string| bXOwHMTg string| zTTgbBoZ string| KyZrsOAy string| TRrsphPH string| NqVARTXB string| QTnTHWMi string| GucdHmdC string| CVLxtMxF string| PUKVjTvy string| fjgcGkuJ string| zqIoThxI string| GpRVesaM string| APYaPFPG string| gSSLtnSr string| RpWEtDJM string| GzFBJhnB string| mpDIaFGo string| nBnLMcGE string| otqDKJGQ string| PylINohV string| AsbgEcDh string| fRNcwddx string| JuHHsLqb string| nYbqexMr string| grzzJbCE string| IqWhPOmr string| fIYrNqwZ string| uVmVykli string| bonuSNlt string| kBHaGOks string| OhfbwLAC string| fnmlgHBG string| yZWgmiCb string| seVsVyRZ string| GhZmTNhe string| srORyziE string| vJqMXZeR string| GjzTLRgt string| SQGXIUXa string| cvsHGnmX string| hxeWOXsj string| YSBWQJln string| fGFzKztM string| BmtnbzAt string| qrnRkYCP string| dJBCngya string| phPgIoAe string| ddrZkbqF string| wCTwokdm string| pLhTnpGW string| JYlifOQl string| GQCplqOM string| zetmBxpg string| pjOFPtzz string| TQbdjQHv string| WwZlontW string| PYPLLKDt string| mXsdbEDu string| JePNtTPD string| sqjvKuFa string| GriwBvOD string| FrSrHiui string| zUSbMslM string| iDqvRgVY string| bcrklcEh string| NrEsnBqY string| yPDpVWQi string| rtWEdgEH string| EtYUgkJQ string| oeuDBZOL string| RBmfjKlE string| UQsmqIHq string| VqIwrFmr string| izQJXRcW string| LdljkJmM string| GkGjTmYa string| mAuZAoAI string| DXnvWYmb string| iWcursjM string| RnWnsXSB string| ntuaGhWb string| jDTAkoJI string| xclTundI string| oihLtdTi string| bsaVYFUY string| jpqQCDzv string| CIKOCuzk string| MPwqLKVg string| YGUtByES string| XTfLWWWL string| WeScmIht string| oYjDEEPc string| mYrtWqXE string| wdXVCdYa string| CdUIudnJ string| cqsymbwl string| GDiTrZTY string| CyLgPgKW string| NBCGKzaU string| GVCagVmV object| CryptoJS object| decrypted object| key function| _0x3d4b function| _0x3d9170 function| _0x4ab417 function| _0x464327 function| _0x204ad7 function| _0x766e68 function| _0x2ae988 function| _0x1b9a44 function| _0xd45be7 function| _0x307fc8 function| _0x27fe3e function| _0x4559c0 function| _0x4bbe86 function| _0x1e8ec8 function| _0x5355be function| _0xd1f941 function| _0x21654f function| _0x5efb94 function| _0x52957a function| _0x137590 function| _0x613c37 function| _0x249344 function| _0x2a9fec function| _0x18fa61 function| _0x21aa3c function| _0x43c50c function| _0x172554 function| _0x44d0a3 function| _0x3737f6 function| _0x4fd9f3 function| _0x27334b function| _0x3b9b8c function| _0x4fafec function| _0xfdf878 function| _0x6cac41 function| _0x4af0a0 function| _0x3f2b60 function| _0x32320f function| _0x5204bc function| _0x4e58f6 function| _0x5f5de3 function| _0x3a3696 function| _0x2272b4 function| _0x444788 function| _0x94e4b2 function| _0x3fe756 function| _0x1f234e function| _0x53d68d function| _0xd95145 function| _0x1848f0 function| _0x39b23b function| _0x2d896f function| _0x54fc68 function| _0x3d3264 function| _0x130e9f function| _0x4b8362 function| _0x217d73 function| _0x82fcde function| _0x1de470 function| _0x1ab60b function| _0x312c11 function| _0x135252 function| _0x527cb2 function| _0x58d0bb function| _0x60746b function| _0xeb5be3 function| _0x8f1a13 function| _0x372f56 function| _0xcffbd1 function| _0xc0aa5a function| _0x10e0a7 function| _0x2dae75 function| _0x4cad01 function| _0xa4e0b9 function| _0x40a722 function| _0x2a982a function| _0x432a0d function| _0x45f3ce function| _0x2f0c59 function| _0x1cb8f3 function| _0x66ec9f function| _0x42418e function| _0x398135 function| _0x300bd1 function| _0x267feb function| _0x14d1dd function| _0x5e1ac8 function| _0x579fff function| _0x16d620 function| _0x1d3c03 function| _0x586b79 function| _0x247b18 function| _0x5655e6 function| _0x1aa5a0 function| _0x46ff49 function| _0x1a4da3 function| _0x552377 function| _0x36028b function| _0x2c761c function| _0x7238ad function| _0x5e5047 function| _0x1d31c4 function| _0x110f51 function| _0x60f5f3 function| _0x78fc36 function| _0x5f238a function| _0x3c6fa5 function| _0x161418 function| _0x19e099 function| _0x222575 function| _0x34d3b4 function| _0x137edf function| _0x2eea03 function| _0xe5dd1b function| _0x400417 function| _0x353f7c function| _0x2ade3e function| _0xf333fe function| _0x1a8ed5 function| _0x43209b function| _0x243644 function| _0x5ce290 function| _0x5ac300 function| _0x3f27f4 function| _0x49cf71 function| _0x1fefd4 function| _0x5d29e6 function| _0x4a166e function| _0x57be0f function| _0x139317 function| _0x12a9b2 function| _0x4f3350 function| _0x26ef5f function| _0x5a10ef function| _0x4b92ae function| _0x266d79 function| _0x48a83b function| _0x37eb11 function| _0x25eb66 function| _0x5dc465 function| _0x1456d9 function| _0x3b23 object| _0xa53e string| IGOBZL string| cbbg string| kaka90nal string| ka45k459final2 string| kak0011afinal number| countttingerr function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			cloudflare-ipfs.com/	1970-01-20 20:38:38	Name: __cf_bm Value: Oz3ZjAfz8ThSz3xRK2.CY9j3ijFVw1DV0fpSQp2wqpw-1715916200-1.0.1.1-F82scgg52MYBfJFW_RmvhLz5QFzkTyFI3ayzGeyt6.mVRCKEzvd4BB3ENh__AZc51mRyzKYJUWiaAemyjD9V2w

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://cloudflare-ipfs.com/ipfs/bafkreienbn3rwmlicdpwtwmt3gbeb7qvlb3dlpnuidsf3j6dnxf67mtbyy(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://cloudflare-ipfs.com/ipfs/bafkreienbn3rwmlicdpwtwmt3gbeb7qvlb3dlpnuidsf3j6dnxf67mtbyy(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://lkalzzop.online/obufsssssssscaaatoion/ Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://lkalzzop.online/obufsssssssscaaatoion/ Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
cloudflare-ipfs.com
code.jquery.com
lh3.googleusercontent.com
lkalzzop.online
lkalzzop.online
104.17.25.14
104.17.96.13
2a00:1450:4001:831::2001
2a04:4e42:400::649
7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40
8d0b771b316810df69d993d98240fe15587635bdb440e45da7c36dcbefb261c6
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
c51ecfdbb39612d629bbbfa57896c63dc52971d7bcf78f1795944be16274a8eb
fea8fbaec75213e1af8005edfcdc94e7b5d7dca6ddb4e262d66e4756bda96d54