bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link Open in urlscan Pro
2602:fea2:2::1  Malicious Activity! Public Scan

URL: https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/aremo.html
Submission: On April 26 via api from US — Scanned from DE

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 14 HTTP transactions. The main IP is 2602:fea2:2::1, located in United States and belongs to PROTOCOL, US. The main domain is bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link.
TLS certificate: Issued by R3 on March 27th 2023. Valid for: 3 months.
This is the only time bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
2 2602:fea2:2::1 40680 (PROTOCOL)
1 2001:4de0:ac1... 20446 (STACKPATH...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
9 2a00:1450:400... 15169 (GOOGLE)
1 152.199.23.37 15133 (EDGECAST)
14 5
Apex Domain
Subdomains
Transfer
9 googleusercontent.com
lh3.googleusercontent.com — Cisco Umbrella Rank: 143
49 KB
2 dweb.link
bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link
65 KB
1 msftauth.net
aadcdn.msftauth.net — Cisco Umbrella Rank: 2612
752 B
1 jaliksopz.online
jaliksopz.online
634 B
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 997
78 KB
14 5
Domain Requested by
9 lh3.googleusercontent.com bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link
2 bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link code.jquery.com
1 aadcdn.msftauth.net bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link
1 jaliksopz.online code.jquery.com
1 code.jquery.com bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link
14 5

This site contains no links.

Subject Issuer Validity Valid
*.i.ipfs.io
R3
2023-03-27 -
2023-06-25
3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA
2022-08-03 -
2023-07-14
a year crt.sh
*.jaliksopz.online
GTS CA 1P5
2023-03-27 -
2023-06-25
3 months crt.sh
*.googleusercontent.com
GTS CA 1C3
2023-04-03 -
2023-06-26
3 months crt.sh
aadcdn.msftauth.net
DigiCert SHA2 Secure Server CA
2023-01-31 -
2024-01-31
a year crt.sh

This page contains 1 frames:

Primary Page: https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/aremo.html
Frame ID: FF9127A3950C4155EDAE3FD14FDC5F86
Requests: 14 HTTP requests in this frame

Screenshot

Page Title

Sign in to your account

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

193 kB
Transfer

1069 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request aremo.html
bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/
759 KB
65 KB
Document
General
Full URL
https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/aremo.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
openresty /
Resource Hash
0fbee63ff791fe600692cb491c45dfc946670220f5b2afe26c199b2939b25ee7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
access-control-allow-methods
GET GET, POST, OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Range, X-Chunked-Output, X-Stream-Output
cache-control
public, max-age=29030400, immutable
content-encoding
gzip
content-type
text/html
date
Wed, 26 Apr 2023 20:40:44 GMT
etag
W/"bafkreiapx3td754r7zqanewljeoelx6jiztqeihvwkx6e3aztmuttms644"
server
openresty
strict-transport-security
max-age=31536000; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
x-ipfs-gateway-host
ipfs-bank6-fr2
x-ipfs-lb-pop
gateway-bank1-fr2
x-ipfs-path
/ipfs/bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54/aremo.html
x-ipfs-pop
ipfs-bank6-fr2
x-ipfs-roots
bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54,bafkreiapx3td754r7zqanewljeoelx6jiztqeihvwkx6e3aztmuttms644
x-proxy-cache
HIT
jquery-1.9.1.js
code.jquery.com/
262 KB
78 KB
Script
General
Full URL
https://code.jquery.com/jquery-1.9.1.js
Requested by
Host: bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link
URL: https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/aremo.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date
Wed, 26 Apr 2023 20:40:44 GMT
content-encoding
gzip
last-modified
Fri, 12 Aug 2022 13:47:01 GMT
server
nginx
etag
W/"62f659d5-4185d"
vary
Accept-Encoding
x-hw
1682541644.dop224.fr8.t,1682541644.cds281.fr8.hn,1682541644.cds330.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
79506
Lsbg.php
jaliksopz.online/
5 B
634 B
XHR
General
Full URL
https://jaliksopz.online/Lsbg.php
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-1.9.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700:3034::ac43:a357 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
63ad8e85349fe11819885976ef96cbe3f6f65c288b290713acadbdf9a9280388

Request headers

Accept
*/*
Referer
https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Wed, 26 Apr 2023 20:40:45 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
access-control-max-age
1000
access-control-allow-methods
GET, PUT, POST, DELETE, OPTIONS
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B3nqmt6WcpiImRmYfH80pM1k4INJDkJh9JVSpEtMeJb%2FZovbreP9S8w%2FkOYscgtsCKSNyu1ThSfq8PuoUf3TiWPdTQ%2BkUA7o%2F9x7aikP4sRyYmZV6VK5%2BLh6lLjMDyxhJ8FN8GZTwm9OMPhq4SXx"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
7be1a47cdaad9bdc-FRA
access-control-allow-headers
Origin, Content-Type, X-Auth-Token , Authorization
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
aremo.html
bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/
42 B
499 B
XHR
General
Full URL
https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/aremo.html
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-1.9.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
openresty /
Resource Hash
199a4b151d7ba7657f2d9a65c59cdb6d206cfd99ec841ae36819837d50ab4b97
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/aremo.html
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Wed, 26 Apr 2023 20:40:44 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
x-ipfs-pop
ipfs-bank6-fr2
server
openresty
x-ipfs-lb-pop
gateway-bank1-fr2
allow
GET, HEAD, OPTIONS
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Content-Range, X-Chunked-Output, X-Stream-Output
timing-allow-origin
*
access-control-allow-headers
X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
content-length
42
AMWts8C1y-LmqPwr79FSVd9YMV5yeje6h34dtqg8n1c7UYT__udX1hIixqqaItUS-Vtl4epJI-2Qtycgc0GgiWtrFAFZIVdjRD8HShOpZsK0Vucx0qiSJ9iKKAd1_ocqVqIgMtn1jlLj4HB4Ap_2ZUiwAnk=w108-h24-no
lh3.googleusercontent.com/pw/
2 KB
2 KB
Image
General
Full URL
https://lh3.googleusercontent.com/pw/AMWts8C1y-LmqPwr79FSVd9YMV5yeje6h34dtqg8n1c7UYT__udX1hIixqqaItUS-Vtl4epJI-2Qtycgc0GgiWtrFAFZIVdjRD8HShOpZsK0Vucx0qiSJ9iKKAd1_ocqVqIgMtn1jlLj4HB4Ap_2ZUiwAnk=w108-h24-no
Requested by
Host: bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link
URL: https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/aremo.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
994ac85af4db5a2b5f7ce72d4f49c6b1c18c6422c8e57e623a2873bd7599e404
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date
Wed, 26 Apr 2023 20:40:44 GMT
x-content-type-options
nosniff
server
fife
etag
"v2c"
vary
Origin
content-type
image/png
access-control-expose-headers
Content-Length
cache-control
private, max-age=86400, no-transform
content-disposition
inline;filename="login.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1552
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
AMWts8CNmlIjdTtHgPdAMoSG4uyQnKbGT1407U5GJD9BBD5gOhyThvxN7ptqzSc9OV7GvMrNxsLjt_kin2qpj8tlLu4VPG_UA8XrdDZZYTEJRXHQkb_glHR4oYOoSP3tDH1rPkDWcGOdNw-zacvrmMF7NU0=s150-no
lh3.googleusercontent.com/pw/
4 KB
4 KB
Image
General
Full URL
https://lh3.googleusercontent.com/pw/AMWts8CNmlIjdTtHgPdAMoSG4uyQnKbGT1407U5GJD9BBD5gOhyThvxN7ptqzSc9OV7GvMrNxsLjt_kin2qpj8tlLu4VPG_UA8XrdDZZYTEJRXHQkb_glHR4oYOoSP3tDH1rPkDWcGOdNw-zacvrmMF7NU0=s150-no
Requested by
Host: bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link
URL: https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/aremo.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
2d44c3b13c9057d5ef8db356f47f29d0a7b79ccce4a1140018352289cb304336
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date
Wed, 26 Apr 2023 20:40:44 GMT
x-content-type-options
nosniff
server
fife
etag
"v38"
vary
Origin
content-type
image/png
access-control-expose-headers
Content-Length
cache-control
private, max-age=86400, no-transform
content-disposition
inline;filename="signin-options_4e48046ce74f4b89d45037c90576bfac.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3716
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
AMWts8DXuoTCchIiCUMSjRAC76eUjCoJ1Hj726Mdu1LszHJglP2MLf_RoCW0uZpRXU92HCp7sJJtRW1SSsaUhnE1muSBc8avCHEqEHuLdsuLbYPj0hMJ1kVq-hZ1eYf_w6QcxuCHVVBR-siBvHZM2G9Rlbw=s150-no
lh3.googleusercontent.com/pw/
5 KB
5 KB
Image
General
Full URL
https://lh3.googleusercontent.com/pw/AMWts8DXuoTCchIiCUMSjRAC76eUjCoJ1Hj726Mdu1LszHJglP2MLf_RoCW0uZpRXU92HCp7sJJtRW1SSsaUhnE1muSBc8avCHEqEHuLdsuLbYPj0hMJ1kVq-hZ1eYf_w6QcxuCHVVBR-siBvHZM2G9Rlbw=s150-no
Requested by
Host: bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link
URL: https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/aremo.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
930b3261c05ddf41566ca5906f3a5f91a437bf4de2513a84d5995a8aa1aec819
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date
Wed, 26 Apr 2023 20:40:44 GMT
x-content-type-options
nosniff
server
fife
etag
"v54"
vary
Origin
content-type
image/png
access-control-expose-headers
Content-Length
cache-control
private, max-age=86400, no-transform
content-disposition
inline;filename="picker_account_aad_f83ebff69a4a1685e4dc9650cdab8886.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5421
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
AMWts8CLLNnGpj7_FWohqCPJSzzgHwWUwFqF-CN0acr9XqBJvbhlCprvfnAvLav0gAOr0ez63QMTk6WPV7V7rT_ZZ7E5ueysaU99HDwu7huiWEUvbNO3mDIklTKmUuxN9sPyZMwDPt-T39tp9ZO2Pq53dRI=s150-no
lh3.googleusercontent.com/pw/
6 KB
6 KB
Image
General
Full URL
https://lh3.googleusercontent.com/pw/AMWts8CLLNnGpj7_FWohqCPJSzzgHwWUwFqF-CN0acr9XqBJvbhlCprvfnAvLav0gAOr0ez63QMTk6WPV7V7rT_ZZ7E5ueysaU99HDwu7huiWEUvbNO3mDIklTKmUuxN9sPyZMwDPt-T39tp9ZO2Pq53dRI=s150-no
Requested by
Host: bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link
URL: https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/aremo.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
d1b8ac36f78215154031b551101879964a09a9e3c2ce4c7e89ccfb59eafd9879
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date
Wed, 26 Apr 2023 20:40:44 GMT
x-content-type-options
nosniff
server
fife
etag
"v50"
vary
Origin
content-type
image/png
access-control-expose-headers
Content-Length
cache-control
private, max-age=86400, no-transform
content-disposition
inline;filename="picker_account_msa_2d8f86059be176833897099ee6ddedeb.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6045
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
aadcdn.msftauth.net/shared/1.0/content/images/
513 B
752 B
Image
General
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
Requested by
Host: bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link
URL: https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/aremo.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48EE) /
Resource Hash
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 26 Apr 2023 20:40:44 GMT
content-encoding
gzip
content-md5
TjUQkZ0p0Y7rbj6LJofS9Q==
age
11992194
x-cache
HIT
content-length
276
x-ms-lease-status
unlocked
last-modified
Thu, 16 Jan 2020 00:32:45 GMT
server
ECAcc (ama/48EE)
etag
0x8D79A1B9B05915D
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
07e46505-701e-0036-1a6d-0bf93d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
AMWts8AK-lOypWQRHV6CblnIhwum5iMC-2fHJehOkF8BqfFCgB1DZT2LI30pbRIC605sfh4PyJS0qLFawTwXAyFCgEjDlPQe4GThYYbbx5CB-urZNnpa1Uhn-GrOGG5UcX6f5GsSPkypixgkdMoOBFlQqZ4=s150-no
lh3.googleusercontent.com/pw/
810 B
932 B
Image
General
Full URL
https://lh3.googleusercontent.com/pw/AMWts8AK-lOypWQRHV6CblnIhwum5iMC-2fHJehOkF8BqfFCgB1DZT2LI30pbRIC605sfh4PyJS0qLFawTwXAyFCgEjDlPQe4GThYYbbx5CB-urZNnpa1Uhn-GrOGG5UcX6f5GsSPkypixgkdMoOBFlQqZ4=s150-no?authuser=0
Requested by
Host: bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link
URL: https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/aremo.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
34058a4c997349cd3c91a3bc59bcc82dd6920bd57a555b49875bf71eae942e2c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date
Wed, 26 Apr 2023 20:40:44 GMT
x-content-type-options
nosniff
server
fife
etag
"v4c"
vary
Origin
content-type
image/png
access-control-expose-headers
Content-Length
cache-control
private, max-age=86400, no-transform
content-disposition
inline;filename="picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
810
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
AMWts8Cql-_FqT-vTMz5KecPfNkES17GUcAhZtgXLH0x4Wv9Lj4vnoCGPorATuuzvKe5c-hTrhXFnWh6cu4TC2cJjWKbnr2Fq-avQW5Q1oqvrNCP29CvGjXZZkxpkBgWTjA6DBjYlYpLr5-pfWHOb04OsBY=s150-no
lh3.googleusercontent.com/pw/
2 KB
2 KB
Image
General
Full URL
https://lh3.googleusercontent.com/pw/AMWts8Cql-_FqT-vTMz5KecPfNkES17GUcAhZtgXLH0x4Wv9Lj4vnoCGPorATuuzvKe5c-hTrhXFnWh6cu4TC2cJjWKbnr2Fq-avQW5Q1oqvrNCP29CvGjXZZkxpkBgWTjA6DBjYlYpLr5-pfWHOb04OsBY=s150-no
Requested by
Host: bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link
URL: https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/aremo.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
033ae15f266ca2f0edb4980492e4e70c5a41ffb87ee9f6daaea6a4ef64980034
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date
Wed, 26 Apr 2023 20:40:44 GMT
x-content-type-options
nosniff
server
fife
etag
"v4c"
vary
Origin
content-type
image/png
access-control-expose-headers
Content-Length
cache-control
private, max-age=86400, no-transform
content-disposition
inline;filename="picker_verify_code_f7ab697e65b83ce9870a4736085deeec.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2382
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
AMWts8CPpl_w_5Fj80z5l9jlYET_SacByn_w9oXKdt92XWEATpkaTNMXRjd49krHesOb3FAHMXEQBD5153gSMnAZGOmXwR9Rp_K_-6jVQvTb4qi9QggArKoSZ61C-gpBRHxrTvoFunjzMPQhEspfqSTvD-o=s150-no
lh3.googleusercontent.com/pw/
5 KB
6 KB
Image
General
Full URL
https://lh3.googleusercontent.com/pw/AMWts8CPpl_w_5Fj80z5l9jlYET_SacByn_w9oXKdt92XWEATpkaTNMXRjd49krHesOb3FAHMXEQBD5153gSMnAZGOmXwR9Rp_K_-6jVQvTb4qi9QggArKoSZ61C-gpBRHxrTvoFunjzMPQhEspfqSTvD-o=s150-no
Requested by
Host: bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link
URL: https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/aremo.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
f2c40a63580308bf348c5e8eb9a0880238f5f207e228e0c091e83b1efcbf979f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date
Wed, 26 Apr 2023 20:40:44 GMT
x-content-type-options
nosniff
server
fife
etag
"v4c"
vary
Origin
content-type
image/png
access-control-expose-headers
Content-Length
cache-control
private, max-age=86400, no-transform
content-disposition
inline;filename="picker_verify_call_fe87496cc7a44412f7893a72099c120a.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5533
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
AMWts8BB5eL1vbp9dPEQCSEMJxM3Y9agty2fbo3XhD76Dz3OBAH0vp3VSA07-yrArrrYp5TuF80R6HzDKK65oJ8-tv7Px-SFgTOIBONfJYbApe2ilHyCEg9LRrwu52XsghVBZuQtpKdlw0j9iUdY8MqKhVU=s150-no
lh3.googleusercontent.com/pw/
3 KB
4 KB
Image
General
Full URL
https://lh3.googleusercontent.com/pw/AMWts8BB5eL1vbp9dPEQCSEMJxM3Y9agty2fbo3XhD76Dz3OBAH0vp3VSA07-yrArrrYp5TuF80R6HzDKK65oJ8-tv7Px-SFgTOIBONfJYbApe2ilHyCEg9LRrwu52XsghVBZuQtpKdlw0j9iUdY8MqKhVU=s150-no
Requested by
Host: bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link
URL: https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/aremo.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
f25dfd78d4d536460d422ea51153547edeb12f9662867f8972413972007e35c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date
Wed, 26 Apr 2023 20:40:44 GMT
x-content-type-options
nosniff
server
fife
etag
"v4c"
vary
Origin
content-type
image/png
access-control-expose-headers
Content-Length
cache-control
private, max-age=86400, no-transform
content-disposition
inline;filename="picker_verify_fluent_authenticator_b59c16ca9bf156438a8a96d45e33db64.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3568
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
AMWts8D8e5caxJov7GOp1rwDQidEks3V2UuXk1O7PZDbHZa5IL_i0KpG0ekmdhUvoDq55PguGPsZ-IFD0DpviH169WF09S-C8-tYQlW5MiYBzUesaWNDrAhwB3xLJo66GKNcYquCnPMjb1AN4oiTdyMOkvI=w1652-h929-no
lh3.googleusercontent.com/pw/
19 KB
20 KB
Image
General
Full URL
https://lh3.googleusercontent.com/pw/AMWts8D8e5caxJov7GOp1rwDQidEks3V2UuXk1O7PZDbHZa5IL_i0KpG0ekmdhUvoDq55PguGPsZ-IFD0DpviH169WF09S-C8-tYQlW5MiYBzUesaWNDrAhwB3xLJo66GKNcYquCnPMjb1AN4oiTdyMOkvI=w1652-h929-no
Requested by
Host: bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link
URL: https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/aremo.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
efcfd4559471866f1f28ff4c67fd629c36fec893ea2071b8e54509a2471fedd5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date
Wed, 26 Apr 2023 20:40:44 GMT
x-content-type-options
nosniff
server
fife
etag
"v30"
vary
Origin
content-type
image/jpeg
access-control-expose-headers
Content-Length
cache-control
private, max-age=86400, no-transform
content-disposition
inline;filename="bg-off.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19683
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| $ function| jQuery string| cbbg string| IGOBZL object| _0x12a5 string| balgoz undefined| redirect_to undefined| orgzzn undefined| work_or_personal function| alltrysss function| myAjaxRequest_expire function| myAjaxRequest function| work_selected function| personal_selected function| rchngee function| wait string| lblgva string| lbafzz string| fafazz2 string| lblgva_json string| lbafzz_json string| fafazz2_json string| kakakaafinal string| getjsonnn object| shortcut

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/aremo.html
Message:
Failed to load resource: the server responded with a status of 405 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload