bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m.ipfs.dweb.link Open in urlscan Pro
209.94.90.1  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m.ipfs.dweb.link/	57 KB 40 KB	515ms 13ms	Document text/html	209.94.90.1 PROTOCOL
General Check archive.org Show headers Download Go to Full URL https://bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m.ipfs.dweb.link/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 209.94.90.1 , United States, ASN40680 (PROTOCOL, US), Reverse DNS Software openresty / Resource Hash b33b9e7bb7712bbdcf2b22c2dc300d8d69f06d9f53d5b31823ec83682dca71d3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 accept-language en-US,en;q=0.9 Response headers access-control-allow-headers X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output access-control-allow-methods GET GET, POST, OPTIONS access-control-allow-origin * access-control-expose-headers Content-Range, X-Chunked-Output, X-Stream-Output cache-control public, max-age=29030400, immutable content-encoding gzip content-type text/html date Sat, 22 Jul 2023 15:09:43 GMT etag W/"bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m" server openresty strict-transport-security max-age=31536000; includeSubDomains; preload timing-allow-origin * vary Accept-Encoding x-ipfs-gateway-host ipfs-bank18-ny5 x-ipfs-lb-pop gateway-bank1-ny5 x-ipfs-path /ipfs/bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m/ x-ipfs-pop ipfs-bank18-ny5 x-ipfs-roots bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m x-proxy-cache HIT
GET H2	200	crypto-js.min.js Show response cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/	47 KB 14 KB	397ms 10ms	Script application/javascript	104.17.25.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js Requested by Host: bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m.ipfs.dweb.link URL: https://bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m.ipfs.dweb.link/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer https://bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m.ipfs.dweb.link/ accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Sat, 22 Jul 2023 15:09:44 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 2662150 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 13972 last-modified Sat, 14 Aug 2021 20:33:09 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "61182885-3694" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d4Xk1urpfq0usSRmtliTZw6lAjGrIEBi7vKeqSnO03trulXCp5S4UZrSuE1AEiUXyuEAMu2iXM3ApA%2BZDAO2yq1RsCbNQjs9BuUAgq0pEEY7ceBTid3WSlEjXUY5oMEXVItDhh9X"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 7eac9b3f4a1b8c0b-EWR expires Thu, 11 Jul 2024 15:09:44 GMT
GET H2	200	jquery-1.9.1.js Show response code.jquery.com/	262 KB 78 KB	366ms 15ms	Script application/javascript	69.16.175.42 STACKPATH-CDN
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-1.9.1.js Requested by Host: bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m.ipfs.dweb.link URL: https://bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m.ipfs.dweb.link/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US), Reverse DNS hwcdn.net Software nginx / Resource Hash 7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40 Request headers accept-language en-US,en;q=0.9 Referer https://bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m.ipfs.dweb.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Response headers date Sat, 22 Jul 2023 15:09:44 GMT content-encoding gzip last-modified Wed, 16 Feb 2022 10:50:39 GMT server nginx etag W/"620cd6ff-4185d" vary Accept-Encoding x-hw 1690038584.dop208.ny3.t,1690038584.cds202.ny3.hn,1690038584.cds244.ny3.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 79506
GET H2	200	AJFCJaXhZo6cUCNh1ssNQzSV3jc1ppd5Vt2HN5GjHL82rJR25OrOigrMWVvBpwQN6BD4T_qHdwh2spOZ9bKA-BqcHsttYMUy5sxc-E99nKe9pgDJsCX0icydpRhjm97W_S4_6cism2sTCOp-Oxa807yjCEw=w1580-h720-s-no lh3.googleusercontent.com/pw/	192 KB 193 KB	577ms 219ms	Image image/gif	172.217.13.161 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://lh3.googleusercontent.com/pw/AJFCJaXhZo6cUCNh1ssNQzSV3jc1ppd5Vt2HN5GjHL82rJR25OrOigrMWVvBpwQN6BD4T_qHdwh2spOZ9bKA-BqcHsttYMUy5sxc-E99nKe9pgDJsCX0icydpRhjm97W_S4_6cism2sTCOp-Oxa807yjCEw=w1580-h720-s-no?authuser=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.13.161 , United States, ASN15169 (GOOGLE, US), Reverse DNS yul03s04-in-f1.1e100.net Software fife / Resource Hash c51ecfdbb39612d629bbbfa57896c63dc52971d7bcf78f1795944be16274a8eb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m.ipfs.dweb.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Response headers date Sat, 22 Jul 2023 15:09:44 GMT x-content-type-options nosniff server fife etag "v51" vary Origin content-type image/gif access-control-expose-headers Content-Length cache-control private, max-age=86400, no-transform cross-origin-resource-policy cross-origin content-disposition inline;filename="Flashback - Jul 5, 2023 00_04_12.gif" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 197044 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	/ Show response lkalzzop.online/obufsssssssscaaatoion/	928 KB 72 KB	524ms 185ms	XHR application/json	172.67.193.237 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://lkalzzop.online/obufsssssssscaaatoion/ Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-1.9.1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.193.237 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b13e4bfdccc28dc4b28733f02099beb91f8dbd3299c883a99dac7b619379d822 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Accept application/json, text/javascript, */*; q=0.01 Referer https://bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m.ipfs.dweb.link/ accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers date Sat, 22 Jul 2023 15:09:45 GMT content-encoding br x-content-type-options nosniff referrer-policy same-origin cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary origin x-frame-options DENY content-type application/json access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=csbPA6kaVGDbUnfBz7WSNbNkCHUbU0OXoCnNNoYDzYxSzXEnRt6xiGZ%2F77oeN9ddJUruIwa2W08fMFa2cqo0Od8XwsOISLZBVeuJ4AvukuDT1dNTfZwYMINONGt8y0OeJKk%3D"}],"group":"cf-nel","max_age":604800} cf-ray 7eac9b48197c43e9-EWR alt-svc h3=":443"; ma=86400 x-xss-protection 1; mode=block
GET H2	200	AMWts8C1y-LmqPwr79FSVd9YMV5yeje6h34dtqg8n1c7UYT__udX1hIixqqaItUS-Vtl4epJI-2Qtycgc0GgiWtrFAFZIVdjRD8HShOpZsK0Vucx0qiSJ9iKKAd1_ocqVqIgMtn1jlLj4HB4Ap_2ZUiwAnk=w108-h24-no lh3.googleusercontent.com/pw/	2 KB 2 KB	117ms 117ms	Image image/png	172.217.13.161 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://lh3.googleusercontent.com/pw/AMWts8C1y-LmqPwr79FSVd9YMV5yeje6h34dtqg8n1c7UYT__udX1hIixqqaItUS-Vtl4epJI-2Qtycgc0GgiWtrFAFZIVdjRD8HShOpZsK0Vucx0qiSJ9iKKAd1_ocqVqIgMtn1jlLj4HB4Ap_2ZUiwAnk=w108-h24-no Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.13.161 , United States, ASN15169 (GOOGLE, US), Reverse DNS yul03s04-in-f1.1e100.net Software fife / Resource Hash 994ac85af4db5a2b5f7ce72d4f49c6b1c18c6422c8e57e623a2873bd7599e404 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m.ipfs.dweb.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Response headers date Sat, 22 Jul 2023 15:09:46 GMT x-content-type-options nosniff server fife etag "v2c" vary Origin content-type image/png access-control-expose-headers Content-Length cache-control private, max-age=86400, no-transform cross-origin-resource-policy cross-origin content-disposition inline;filename="login.png" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1552 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	AMWts8CNmlIjdTtHgPdAMoSG4uyQnKbGT1407U5GJD9BBD5gOhyThvxN7ptqzSc9OV7GvMrNxsLjt_kin2qpj8tlLu4VPG_UA8XrdDZZYTEJRXHQkb_glHR4oYOoSP3tDH1rPkDWcGOdNw-zacvrmMF7NU0=s150-no lh3.googleusercontent.com/pw/	4 KB 4 KB	144ms 144ms	Image image/png	172.217.13.161 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://lh3.googleusercontent.com/pw/AMWts8CNmlIjdTtHgPdAMoSG4uyQnKbGT1407U5GJD9BBD5gOhyThvxN7ptqzSc9OV7GvMrNxsLjt_kin2qpj8tlLu4VPG_UA8XrdDZZYTEJRXHQkb_glHR4oYOoSP3tDH1rPkDWcGOdNw-zacvrmMF7NU0=s150-no Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.13.161 , United States, ASN15169 (GOOGLE, US), Reverse DNS yul03s04-in-f1.1e100.net Software fife / Resource Hash 2d44c3b13c9057d5ef8db356f47f29d0a7b79ccce4a1140018352289cb304336 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m.ipfs.dweb.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Response headers date Sat, 22 Jul 2023 15:09:46 GMT x-content-type-options nosniff server fife etag "v38" vary Origin content-type image/png access-control-expose-headers Content-Length cache-control private, max-age=86400, no-transform cross-origin-resource-policy cross-origin content-disposition inline;filename="signin-options_4e48046ce74f4b89d45037c90576bfac.png" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 3716 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	AMWts8DXuoTCchIiCUMSjRAC76eUjCoJ1Hj726Mdu1LszHJglP2MLf_RoCW0uZpRXU92HCp7sJJtRW1SSsaUhnE1muSBc8avCHEqEHuLdsuLbYPj0hMJ1kVq-hZ1eYf_w6QcxuCHVVBR-siBvHZM2G9Rlbw=s150-no lh3.googleusercontent.com/pw/	5 KB 5 KB	147ms 146ms	Image image/png	172.217.13.161 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://lh3.googleusercontent.com/pw/AMWts8DXuoTCchIiCUMSjRAC76eUjCoJ1Hj726Mdu1LszHJglP2MLf_RoCW0uZpRXU92HCp7sJJtRW1SSsaUhnE1muSBc8avCHEqEHuLdsuLbYPj0hMJ1kVq-hZ1eYf_w6QcxuCHVVBR-siBvHZM2G9Rlbw=s150-no Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.13.161 , United States, ASN15169 (GOOGLE, US), Reverse DNS yul03s04-in-f1.1e100.net Software fife / Resource Hash 930b3261c05ddf41566ca5906f3a5f91a437bf4de2513a84d5995a8aa1aec819 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m.ipfs.dweb.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Response headers date Sat, 22 Jul 2023 15:09:46 GMT x-content-type-options nosniff server fife etag "v54" vary Origin content-type image/png access-control-expose-headers Content-Length cache-control private, max-age=86400, no-transform cross-origin-resource-policy cross-origin content-disposition inline;filename="picker_account_aad_f83ebff69a4a1685e4dc9650cdab8886.png" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 5421 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	AMWts8CLLNnGpj7_FWohqCPJSzzgHwWUwFqF-CN0acr9XqBJvbhlCprvfnAvLav0gAOr0ez63QMTk6WPV7V7rT_ZZ7E5ueysaU99HDwu7huiWEUvbNO3mDIklTKmUuxN9sPyZMwDPt-T39tp9ZO2Pq53dRI=s150-no lh3.googleusercontent.com/pw/	6 KB 6 KB	112ms 112ms	Image image/png	172.217.13.161 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://lh3.googleusercontent.com/pw/AMWts8CLLNnGpj7_FWohqCPJSzzgHwWUwFqF-CN0acr9XqBJvbhlCprvfnAvLav0gAOr0ez63QMTk6WPV7V7rT_ZZ7E5ueysaU99HDwu7huiWEUvbNO3mDIklTKmUuxN9sPyZMwDPt-T39tp9ZO2Pq53dRI=s150-no Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.13.161 , United States, ASN15169 (GOOGLE, US), Reverse DNS yul03s04-in-f1.1e100.net Software fife / Resource Hash d1b8ac36f78215154031b551101879964a09a9e3c2ce4c7e89ccfb59eafd9879 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m.ipfs.dweb.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Response headers date Sat, 22 Jul 2023 15:09:46 GMT x-content-type-options nosniff server fife etag "v50" vary Origin content-type image/png access-control-expose-headers Content-Length cache-control private, max-age=86400, no-transform cross-origin-resource-policy cross-origin content-disposition inline;filename="picker_account_msa_2d8f86059be176833897099ee6ddedeb.png" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 6045 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg aadcdn.msftauth.net/shared/1.0/content/images/	513 B 669 B	469ms 6ms	Image image/svg+xml	152.199.4.44 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msftauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.4.44 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (nya/7907) / Resource Hash 34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58 Request headers accept-language en-US,en;q=0.9 Referer https://bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m.ipfs.dweb.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sat, 22 Jul 2023 15:09:46 GMT content-encoding gzip content-md5 TjUQkZ0p0Y7rbj6LJofS9Q== age 282030 x-cache HIT content-length 276 x-ms-lease-status unlocked last-modified Thu, 16 Jan 2020 00:32:45 GMT server ECAcc (nya/7907) etag 0x8D79A1B9B05915D vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-ms-request-id 886f3a6e-401e-004c-451d-baeea4000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	AMWts8AK-lOypWQRHV6CblnIhwum5iMC-2fHJehOkF8BqfFCgB1DZT2LI30pbRIC605sfh4PyJS0qLFawTwXAyFCgEjDlPQe4GThYYbbx5CB-urZNnpa1Uhn-GrOGG5UcX6f5GsSPkypixgkdMoOBFlQqZ4=s150-no lh3.googleusercontent.com/pw/	810 B 947 B	94ms 93ms	Image image/png	172.217.13.161 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://lh3.googleusercontent.com/pw/AMWts8AK-lOypWQRHV6CblnIhwum5iMC-2fHJehOkF8BqfFCgB1DZT2LI30pbRIC605sfh4PyJS0qLFawTwXAyFCgEjDlPQe4GThYYbbx5CB-urZNnpa1Uhn-GrOGG5UcX6f5GsSPkypixgkdMoOBFlQqZ4=s150-no?authuser=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.13.161 , United States, ASN15169 (GOOGLE, US), Reverse DNS yul03s04-in-f1.1e100.net Software fife / Resource Hash 34058a4c997349cd3c91a3bc59bcc82dd6920bd57a555b49875bf71eae942e2c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m.ipfs.dweb.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Response headers date Sat, 22 Jul 2023 15:09:46 GMT x-content-type-options nosniff server fife etag "v4c" vary Origin content-type image/png access-control-expose-headers Content-Length cache-control private, max-age=86400, no-transform cross-origin-resource-policy cross-origin content-disposition inline;filename="picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.png" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 810 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	AMWts8Cql-_FqT-vTMz5KecPfNkES17GUcAhZtgXLH0x4Wv9Lj4vnoCGPorATuuzvKe5c-hTrhXFnWh6cu4TC2cJjWKbnr2Fq-avQW5Q1oqvrNCP29CvGjXZZkxpkBgWTjA6DBjYlYpLr5-pfWHOb04OsBY=s150-no lh3.googleusercontent.com/pw/	2 KB 2 KB	100ms 100ms	Image image/png	172.217.13.161 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://lh3.googleusercontent.com/pw/AMWts8Cql-_FqT-vTMz5KecPfNkES17GUcAhZtgXLH0x4Wv9Lj4vnoCGPorATuuzvKe5c-hTrhXFnWh6cu4TC2cJjWKbnr2Fq-avQW5Q1oqvrNCP29CvGjXZZkxpkBgWTjA6DBjYlYpLr5-pfWHOb04OsBY=s150-no Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.13.161 , United States, ASN15169 (GOOGLE, US), Reverse DNS yul03s04-in-f1.1e100.net Software fife / Resource Hash 033ae15f266ca2f0edb4980492e4e70c5a41ffb87ee9f6daaea6a4ef64980034 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m.ipfs.dweb.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Response headers date Sat, 22 Jul 2023 15:09:46 GMT x-content-type-options nosniff server fife etag "v4c" vary Origin content-type image/png access-control-expose-headers Content-Length cache-control private, max-age=86400, no-transform cross-origin-resource-policy cross-origin content-disposition inline;filename="picker_verify_code_f7ab697e65b83ce9870a4736085deeec.png" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 2382 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	AMWts8CPpl_w_5Fj80z5l9jlYET_SacByn_w9oXKdt92XWEATpkaTNMXRjd49krHesOb3FAHMXEQBD5153gSMnAZGOmXwR9Rp_K_-6jVQvTb4qi9QggArKoSZ61C-gpBRHxrTvoFunjzMPQhEspfqSTvD-o=s150-no lh3.googleusercontent.com/pw/	5 KB 6 KB	94ms 94ms	Image image/png	172.217.13.161 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://lh3.googleusercontent.com/pw/AMWts8CPpl_w_5Fj80z5l9jlYET_SacByn_w9oXKdt92XWEATpkaTNMXRjd49krHesOb3FAHMXEQBD5153gSMnAZGOmXwR9Rp_K_-6jVQvTb4qi9QggArKoSZ61C-gpBRHxrTvoFunjzMPQhEspfqSTvD-o=s150-no Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.13.161 , United States, ASN15169 (GOOGLE, US), Reverse DNS yul03s04-in-f1.1e100.net Software fife / Resource Hash f2c40a63580308bf348c5e8eb9a0880238f5f207e228e0c091e83b1efcbf979f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m.ipfs.dweb.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Response headers date Sat, 22 Jul 2023 15:09:46 GMT x-content-type-options nosniff server fife etag "v4c" vary Origin content-type image/png access-control-expose-headers Content-Length cache-control private, max-age=86400, no-transform cross-origin-resource-policy cross-origin content-disposition inline;filename="picker_verify_call_fe87496cc7a44412f7893a72099c120a.png" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 5533 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	AMWts8BB5eL1vbp9dPEQCSEMJxM3Y9agty2fbo3XhD76Dz3OBAH0vp3VSA07-yrArrrYp5TuF80R6HzDKK65oJ8-tv7Px-SFgTOIBONfJYbApe2ilHyCEg9LRrwu52XsghVBZuQtpKdlw0j9iUdY8MqKhVU=s150-no lh3.googleusercontent.com/pw/	3 KB 4 KB	98ms 98ms	Image image/png	172.217.13.161 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://lh3.googleusercontent.com/pw/AMWts8BB5eL1vbp9dPEQCSEMJxM3Y9agty2fbo3XhD76Dz3OBAH0vp3VSA07-yrArrrYp5TuF80R6HzDKK65oJ8-tv7Px-SFgTOIBONfJYbApe2ilHyCEg9LRrwu52XsghVBZuQtpKdlw0j9iUdY8MqKhVU=s150-no Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.13.161 , United States, ASN15169 (GOOGLE, US), Reverse DNS yul03s04-in-f1.1e100.net Software fife / Resource Hash f25dfd78d4d536460d422ea51153547edeb12f9662867f8972413972007e35c3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m.ipfs.dweb.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Response headers date Sat, 22 Jul 2023 15:09:46 GMT x-content-type-options nosniff server fife etag "v4c" vary Origin content-type image/png access-control-expose-headers Content-Length cache-control private, max-age=86400, no-transform cross-origin-resource-policy cross-origin content-disposition inline;filename="picker_verify_fluent_authenticator_b59c16ca9bf156438a8a96d45e33db64.png" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 3568 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	AMWts8D8e5caxJov7GOp1rwDQidEks3V2UuXk1O7PZDbHZa5IL_i0KpG0ekmdhUvoDq55PguGPsZ-IFD0DpviH169WF09S-C8-tYQlW5MiYBzUesaWNDrAhwB3xLJo66GKNcYquCnPMjb1AN4oiTdyMOkvI=w1652-h929-no lh3.googleusercontent.com/pw/	19 KB 19 KB	105ms 105ms	Image image/jpeg	172.217.13.161 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://lh3.googleusercontent.com/pw/AMWts8D8e5caxJov7GOp1rwDQidEks3V2UuXk1O7PZDbHZa5IL_i0KpG0ekmdhUvoDq55PguGPsZ-IFD0DpviH169WF09S-C8-tYQlW5MiYBzUesaWNDrAhwB3xLJo66GKNcYquCnPMjb1AN4oiTdyMOkvI=w1652-h929-no Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.13.161 , United States, ASN15169 (GOOGLE, US), Reverse DNS yul03s04-in-f1.1e100.net Software fife / Resource Hash efcfd4559471866f1f28ff4c67fd629c36fec893ea2071b8e54509a2471fedd5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m.ipfs.dweb.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Response headers date Sat, 22 Jul 2023 15:09:46 GMT x-content-type-options nosniff server fife etag "v30" vary Origin content-type image/jpeg access-control-expose-headers Content-Length cache-control private, max-age=86400, no-transform cross-origin-resource-policy cross-origin content-disposition inline;filename="bg-off.jpg" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 19683 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

301 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| wfDhAXFW string| gBIKYhYw string| EYDIOrTC string| ShsPXRCz string| AJlcDtJI string| kbFGgMij string| SkLYaKOa string| ZwVdUEyV string| clhwsQrf string| UvZyZhKZ string| MQBFcloK string| eyaDXTbs string| nyoKMagV string| JxNdjPrL string| xVFuSIlt string| fyZLgdtz string| sfyrDTMT string| SYBaHvaf string| fVdFnxzP string| oLmqxUFo string| AqcPcQIn string| knorMygq string| SxriUEoS string| JhYNjNZk string| mLknUhgS string| VtTJPoaZ string| ZIspvnoW string| EQejdROG string| hgSFEBki string| kGifNhDu string| hUftWGrr string| ZsvzvGMg string| RvLIANck string| EtDEPElQ string| Rpjgsezt string| MlwitxWw string| PwIxPCIg string| gQapBHfs string| ImGarqsj string| LkEAZJyk string| NaeZVKkT string| JDTUAPIJ string| uEdjCPZK string| ngQPaBGH string| mGWMJsEq string| GBgWkkEy string| lHteZock string| krXLHZMM string| RcNYCVZq string| kRGXRRCD string| BWKoNjQi string| LobsMVqA string| aJXirevi string| fxOUEISi string| oqFJVPbf string| VNNLceUA string| MNDggpWc string| UALobIHQ string| VKCBFdKr string| LfscXqHz string| AkOhyhBE string| PvkeFQZx string| QqqChXEv string| whVSBGuW string| wAdpkZpe string| fmhrWspH string| IZSYtkUG string| hzMiDgJB string| QTdwmsNd string| MTCszKzS string| FuNtUYAR string| dlFfBwSf string| XdFvvpYS string| qoibQtqY string| JGOBhikg string| JnYvxwgo string| WChEWNfh string| UZkmoWlS string| uiihQfon string| UWKFrlKb string| ksRRxibe string| FXRVDJgx string| qGdkKNlh string| WdMGarSs string| bFDlthSR string| hGNpqWHg string| xEEtWSRP string| IrLJJXvz string| pfuRnWFv string| CMBSDiaC string| EBFfDxkk string| AqqGqLbG string| jzSiYdFV string| DYNnJGQk string| hJjlcndX string| KDGFSLBC string| ViGBXVUe string| hZlKJDLF string| mtPNczSP string| ayieJTZP string| HzUUuaCo string| DNRmYNaj string| PcQoeLZo string| CcAVVJQA string| wiGdNFBA string| sJJiGztG string| hModQHIJ string| rTDGRvQA string| ieVouHCx string| oryzpmna string| wnGIgsCZ string| jkBgKhCA string| IEQLYQfj string| KdnZHjtm string| pAKeHPag string| FDnMkYoK string| jTaJjVxF string| ezNntFYw string| IpuQyeSK string| YJJNnjfB string| tWhijNHn string| WElFbtUd string| YwfCRUlz string| YrMYWArh string| UoAKzdWv string| ocQAKyim string| HelUobxg string| YsaDstwU string| WXtbFLwv string| lmAfkREV string| dnheQVef string| VKkhwQtw string| oBWJBGQp string| LfyzjBLc string| cxJjpWCa string| gFHCwefV string| MpNUUsZR string| ZdxcNxcL string| iiPimRPR string| sASREYDd string| NmjYOYGc string| kLXQmMiy string| cijPxzxy string| dkwYdKNJ string| pTyZbjrZ string| pGotYOeO string| xKTfjLNi object| CryptoJS object| decrypted object| key function| _0x3440 function| _0x35a4c7 function| _0x3776f9 function| _0x4e6030 function| _0xbb0e76 function| _0x31b828 function| _0x50a0fc function| _0x1b7580 function| _0x2fbcf4 function| _0x27a45e function| _0x5b0056 function| _0x546dc8 function| _0x133bf3 function| _0x3ae71f function| _0x5856e9 function| _0x226a94 function| _0x3806aa function| _0x4cf543 function| _0x299909 function| _0x2a19e8 function| _0x40c279 function| _0x1a09fa function| _0x11030e function| _0x16d8b4 function| _0x3b491d function| _0x1a69ed function| _0x287717 function| _0x375718 function| _0x9ff6f4 function| _0x3b5534 function| _0x143ee4 function| _0x49a999 function| _0x4fadbd function| _0x42fd1f function| _0x48d18f function| _0x106a1b function| _0x22c942 function| _0x3df983 function| _0x17b022 function| _0x56defb function| _0x4de071 function| _0x56a928 function| _0x3e5d2e function| _0x39830b function| _0x1f1815 function| _0x4aced0 function| _0x1510e2 function| _0x674b31 function| _0x4caf41 function| _0x56660d function| _0x198d15 function| _0x53eb4d function| _0x3bed6a function| _0x3e640e function| _0x5392e5 function| _0x4b9823 function| _0x24c0d8 function| _0x179818 function| _0x294868 function| _0x3e5715 function| _0x1108cc function| _0xc8ffa4 function| _0x2dbd84 function| _0x320530 function| _0x27c835 function| _0x514c10 function| _0x3ba5f2 function| _0x7ace0d function| _0x40f06c function| _0x1f2f5b function| _0x5e1c42 function| _0x49deff function| _0xc0d76 function| _0x57788c function| _0x44da10 function| _0x2e8a6d function| _0xb9a87c function| _0x17c0d6 function| _0x5a5cc3 function| _0x4619a8 function| _0x4db27e function| _0x19371a function| _0x451fb7 function| _0x431c4b function| _0x3327de function| _0x1cfe2a function| _0x8ecb85 function| _0x5cc6f1 function| _0x13d6b6 function| _0x46e874 function| _0x4f5f06 function| _0x462a31 function| _0xb9ac10 function| _0x5787e2 function| _0x396548 function| _0x1a78cf function| _0x2b1e41 function| _0x2621cc function| _0x44a627 function| _0x1b8bb2 function| _0x4fdd4b function| _0x726b4d function| _0x13a738 function| _0x24dca3 function| _0x16acbc function| _0x457070 function| _0x27bedb function| _0x90156d function| _0x5db3ea function| _0x5f5d9e function| _0xaafdb5 function| _0x166b1d function| _0x382c84 function| _0x3274b5 function| _0x51d851 function| _0x52cb27 function| _0x2428b0 function| _0x3e7f39 function| _0x2e3995 function| _0x2b5a15 function| _0x3d3027 function| _0x6ffd77 function| _0x47b714 function| _0xe6062d function| _0x186b4f function| _0x552cbf function| _0x2cbe41 function| _0x230a2b function| _0x46479e function| _0x454597 function| _0x4b79d9 function| _0x220423 function| _0x431fa3 function| _0x166f34 function| _0x228b44 function| _0x5f5104 function| _0x59e2eb function| _0x4c21 object| _0xa077 string| IGOBZL string| cbbg string| kaka90nal string| ka45k459final2 string| kak0011afinal number| countttingerr function| $ function| jQuery string| kakakaafinal string| getjsonnn number| counterror number| dalizk

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m.ipfs.dweb.link/(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m.ipfs.dweb.link/(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msftauth.net
bafkreifthophxn3rfo646kzcylodadmnnhyg3h2t2wzrqi7mqnuc3str2m.ipfs.dweb.link
cdnjs.cloudflare.com
code.jquery.com
lh3.googleusercontent.com
lkalzzop.online
104.17.25.14
152.199.4.44
172.217.13.161
172.67.193.237
209.94.90.1
69.16.175.42
033ae15f266ca2f0edb4980492e4e70c5a41ffb87ee9f6daaea6a4ef64980034
2d44c3b13c9057d5ef8db356f47f29d0a7b79ccce4a1140018352289cb304336
34058a4c997349cd3c91a3bc59bcc82dd6920bd57a555b49875bf71eae942e2c
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
930b3261c05ddf41566ca5906f3a5f91a437bf4de2513a84d5995a8aa1aec819
994ac85af4db5a2b5f7ce72d4f49c6b1c18c6422c8e57e623a2873bd7599e404
b13e4bfdccc28dc4b28733f02099beb91f8dbd3299c883a99dac7b619379d822
b33b9e7bb7712bbdcf2b22c2dc300d8d69f06d9f53d5b31823ec83682dca71d3
c51ecfdbb39612d629bbbfa57896c63dc52971d7bcf78f1795944be16274a8eb
d1b8ac36f78215154031b551101879964a09a9e3c2ce4c7e89ccfb59eafd9879
efcfd4559471866f1f28ff4c67fd629c36fec893ea2071b8e54509a2471fedd5
f25dfd78d4d536460d422ea51153547edeb12f9662867f8972413972007e35c3
f2c40a63580308bf348c5e8eb9a0880238f5f207e228e0c091e83b1efcbf979f