gateway.lighthouse.storage Open in urlscan Pro
2600:9000:275b:400:14:a17:a6c0:93a1  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://base-blk.vercel.app/ Page URL
2. https://base-blk.glitch.me/ Page URL
3. https://gateway.lighthouse.storage/ipfs/bafybeidvjhcswxji6vpgl6kybb4cfjofhr4trulgxrheg2e66y7hvketg4 Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response base-blk.vercel.app/	2 KB 1 KB	216ms 106ms	Document text/html	76.76.21.22 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://base-blk.vercel.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Vercel / Resource Hash eb00149c974bb9b89ea29722462d5a836fac64a274f385a12302426d9c58a584 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers access-control-allow-origin * age 9712 cache-control public, max-age=0, must-revalidate content-disposition inline content-encoding br content-type text/html; charset=utf-8 date Fri, 08 Nov 2024 06:50:27 GMT etag W/"95c96842c33b8d8c9b5eead82b5b66b2" last-modified Fri, 08 Nov 2024 04:08:34 GMT referrer-policy origin-when-cross-origin server Vercel strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff x-dns-prefetch-control on x-frame-options DENY x-vercel-cache HIT x-vercel-id lhr1::l8v5v-1731048627006-0bab10bba435
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/2.2.4/	84 KB 30 KB	211ms 55ms	Script text/javascript	2a00:1450:4001:811::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js Requested by Host: base-blk.vercel.app URL: https://base-blk.vercel.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://base-blk.vercel.app/ Response headers content-encoding gzip age 141291 report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} x-content-type-options nosniff expires Thu, 06 Nov 2025 15:35:36 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 06 Nov 2024 15:35:36 GMT last-modified Tue, 03 Mar 2020 19:15:00 GMT content-type text/javascript; charset=UTF-8 vary Accept-Encoding cache-control public, max-age=31536000, stale-while-revalidate=2592000 timing-allow-origin * cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" cross-origin-resource-policy cross-origin content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers accept-ranges bytes access-control-allow-origin * content-length 30028 x-xss-protection 0 server sffe
GET H2	200	jquery-3.1.1.min.js Show response code.jquery.com/	85 KB 30 KB	129ms 26ms	Script application/javascript	2a04:4e42:400::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.1.1.min.js Requested by Host: base-blk.vercel.app URL: https://base-blk.vercel.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://base-blk.vercel.app/ Response headers content-encoding gzip etag W/"28feccc0-152b5" age 5168342 x-cache HIT, HIT date Fri, 08 Nov 2024 06:50:27 GMT content-type application/javascript; charset=utf-8 last-modified Fri, 18 Oct 1991 12:00:00 GMT x-cache-hits 44672, 4371 x-served-by cache-lga21947-LGA, cache-lon420090-LON vary Accept-Encoding cache-control public, max-age=31536000, stale-while-revalidate=604800 x-timer S1731048627.230210,VS0,VE0 cross-origin-resource-policy cross-origin via 1.1 varnish, 1.1 varnish accept-ranges bytes access-control-allow-origin * content-length 30070 server nginx
GET H2	200	jquery-3.3.1.js Show response code.jquery.com/	265 KB 79 KB	130ms 27ms	Script application/javascript	2a04:4e42:400::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.3.1.js Requested by Host: base-blk.vercel.app URL: https://base-blk.vercel.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Origin https://base-blk.vercel.app Referer https://base-blk.vercel.app/ Response headers content-encoding gzip etag W/"28feccc0-42587" age 1384588 x-cache HIT, HIT date Fri, 08 Nov 2024 06:50:27 GMT content-type application/javascript; charset=utf-8 vary Accept-Encoding x-cache-hits 29056, 3477 last-modified Fri, 18 Oct 1991 12:00:00 GMT x-served-by cache-lga21980-LGA, cache-lhr-egll1980050-LHR cache-control public, max-age=31536000, stale-while-revalidate=604800 x-timer S1731048627.230353,VS0,VE0 via 1.1 varnish, 1.1 varnish accept-ranges bytes access-control-allow-origin * content-length 80268 server nginx
GET H2	200	/ Show response base-blk.glitch.me/	901 B 1 KB	588ms 296ms	Document text/html	54.167.19.172 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://base-blk.glitch.me/ Requested by Host: base-blk.vercel.app URL: https://base-blk.vercel.app/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.167.19.172 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-167-19-172.compute-1.amazonaws.com Software AmazonS3 / Resource Hash e9c6346904b89560beb56d7f599b52bf083b42fbc933845561b6af8e9a9a8152 Request headers Referer https://base-blk.vercel.app/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers accept-ranges bytes cache-control no-cache content-length 901 content-type text/html; charset=utf-8 date Fri, 08 Nov 2024 06:50:27 GMT etag "b1be085ca60e797324616423c71ad445" last-modified Fri, 08 Nov 2024 03:29:53 GMT server AmazonS3 x-amz-id-2 /sd0/lSBEE5ZAKAvOprJP4sKW6lL7l17tjAgn/nodW0p5O0B2+aNnqIalDpQdd8asPNVwlTSP60= x-amz-request-id KR5GYT8BQ4ZCEMCC x-amz-server-side-encryption AES256 x-amz-version-id ytyIVz8UWo8k92Z6KEyJpSsXmd.r_Cag
GET H2	200	Primary Request bafybeidvjhcswxji6vpgl6kybb4cfjofhr4trulgxrheg2e66y7hvketg4 Show response gateway.lighthouse.storage/ipfs/	3 MB 3 MB	692ms 497ms	Document text/html	2600:9000:275b:400:14:a17:a6c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://gateway.lighthouse.storage/ipfs/bafybeidvjhcswxji6vpgl6kybb4cfjofhr4trulgxrheg2e66y7hvketg4 Requested by Host: base-blk.glitch.me URL: https://base-blk.glitch.me/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:275b:400:14:a17:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx/1.22.1 / Resource Hash a1b48332bac499cafd84de6e35bbb25200cd9780bc9f2db5d371d7a0d7f7ab64 Request headers Referer https://base-blk.glitch.me/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers accept-ranges bytes access-control-allow-headers Content-Type, Range, User-Agent, X-Requested-With access-control-allow-methods GET, HEAD, OPTIONS access-control-allow-origin * access-control-expose-headers Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output cache-control public, max-age=29030400, immutable content-length 3024058 content-location /ipfs/bafybeidvjhcswxji6vpgl6kybb4cfjofhr4trulgxrheg2e66y7hvketg4?format=json content-type text/html date Fri, 08 Nov 2024 06:50:28 GMT etag "bafybeidvjhcswxji6vpgl6kybb4cfjofhr4trulgxrheg2e66y7hvketg4" server nginx/1.22.1 via 1.1 69114e4ea0aa4e532a5be63a75c51e2c.cloudfront.net (CloudFront) x-amz-cf-id kh4mtuIHO-0v1RWDMGvQbqAs1EFsnPYGSCr99FaiaiBlqYS8M8CUsA== x-amz-cf-pop FRA60-P7 x-cache Miss from cloudfront x-ipfs-path /ipfs/bafybeidvjhcswxji6vpgl6kybb4cfjofhr4trulgxrheg2e66y7hvketg4 x-ipfs-roots bafybeidvjhcswxji6vpgl6kybb4cfjofhr4trulgxrheg2e66y7hvketg4
GET H2	200	styles.min.css internationalyachtchartergroup.com/webmail/skins/larry/	53 KB 10 KB	241ms 113ms	Stylesheet text/css	2606:4700:3108::ac42:2aef CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://internationalyachtchartergroup.com/webmail/skins/larry/styles.min.css?s=1480262938 Requested by Host: base-blk.vercel.app URL: https://base-blk.vercel.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3108::ac42:2aef , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cede90ea2d2fc62a7f606fa90e57ff7d8fc7d640d10cbf118c65b9c860ef5bbd Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://gateway.lighthouse.storage/ Response headers cache-control max-age=86400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status HIT etag W/"d30f-5424a9297fa80" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2QEa8ofl%2BYj0TaqRCeJ%2FYkPeONf%2BawgswsOfHoly7XwCy40urtx0chzekESClsmuy9epQJ6LL59oA7oHvtSAZ40Q7Vph7DWlFIAv3yo4s3LM5x%2BgZhZsN%2FOVLgmKXI3ZgNYyx8P1va5GMn%2F18wjeqp6ChfXErUdIx1l7TVyLPro%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8df3a1111b9376a7-LHR server-timing cfL4;desc="?proto=TCP&rtt=5480&sent=7&recv=9&lost=0&retrans=0&sent_bytes=4020&recv_bytes=2255&delivery_rate=1413231&cwnd=235&unsent_bytes=0&cid=c965f6a84f139183&ts=125&x=0" date Fri, 08 Nov 2024 06:50:30 GMT content-type text/css last-modified Sun, 27 Nov 2016 16:08:58 GMT vary Accept-Encoding server cloudflare
GET H/1.1	200 OK	jquery-3.2.1.min.js Show response zitromanx.top/myjs/vendor/jquery/	85 KB 30 KB	407ms 82ms	Script application/javascript	95.164.33.245 STARK-INDUSTRIES
General Check archive.org Show headers Download Go to Full URL https://zitromanx.top/myjs/vendor/jquery/jquery-3.2.1.min.js Requested by Host: base-blk.vercel.app URL: https://base-blk.vercel.app/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 95.164.33.245 Stockholm, Sweden, ASN44477 (STARK-INDUSTRIES, GB), Reverse DNS vm2090149.stark-industries.solutions Software Apache/2.4.41 (Ubuntu) / Resource Hash 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Referer https://gateway.lighthouse.storage/ Response headers Content-Encoding gzip ETag "15283-6058e96471640-gzip" Connection Keep-Alive Accept-Ranges bytes Content-Length 30138 Keep-Alive timeout=5, max=100 Date Fri, 08 Nov 2024 06:50:30 GMT Last-Modified Sun, 17 Sep 2023 14:10:25 GMT Vary Accept-Encoding Server Apache/2.4.41 (Ubuntu) Content-Type application/javascript
GET H/1.1	200 OK	animsition.min.js Show response zitromanx.top/myjs/vendor/animsition/js/	5 KB 2 KB	352ms 50ms	Script application/javascript	95.164.33.245 STARK-INDUSTRIES
General Check archive.org Show headers Download Go to Full URL https://zitromanx.top/myjs/vendor/animsition/js/animsition.min.js Requested by Host: base-blk.vercel.app URL: https://base-blk.vercel.app/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 95.164.33.245 Stockholm, Sweden, ASN44477 (STARK-INDUSTRIES, GB), Reverse DNS vm2090149.stark-industries.solutions Software Apache/2.4.41 (Ubuntu) / Resource Hash f32da6bf81134c664b32582076b8260b3b614d508d5c651d0907b581df2a9323 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Referer https://gateway.lighthouse.storage/ Response headers Content-Encoding gzip ETag "15ef-6058e96471640-gzip" Connection Keep-Alive Accept-Ranges bytes Content-Length 1976 Keep-Alive timeout=5, max=100 Date Fri, 08 Nov 2024 06:50:30 GMT Last-Modified Sun, 17 Sep 2023 14:10:25 GMT Vary Accept-Encoding Server Apache/2.4.41 (Ubuntu) Content-Type application/javascript
GET H/1.1	200 OK	popper.js Show response zitromanx.top/myjs/vendor/bootstrap/js/	80 KB 21 KB	412ms 58ms	Script application/javascript	95.164.33.245 STARK-INDUSTRIES
General Check archive.org Show headers Download Go to Full URL https://zitromanx.top/myjs/vendor/bootstrap/js/popper.js Requested by Host: base-blk.vercel.app URL: https://base-blk.vercel.app/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 95.164.33.245 Stockholm, Sweden, ASN44477 (STARK-INDUSTRIES, GB), Reverse DNS vm2090149.stark-industries.solutions Software Apache/2.4.41 (Ubuntu) / Resource Hash 8d49d070ae93a36681f93e53804bad25f1c586a304c895a2565334c4c9f11c7f Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Referer https://gateway.lighthouse.storage/ Response headers Content-Encoding gzip ETag "13f06-6058e96471640-gzip" Connection Keep-Alive Accept-Ranges bytes Content-Length 21214 Keep-Alive timeout=5, max=99 Date Fri, 08 Nov 2024 06:50:30 GMT Last-Modified Sun, 17 Sep 2023 14:10:25 GMT Vary Accept-Encoding Server Apache/2.4.41 (Ubuntu) Content-Type application/javascript
GET H/1.1	200 OK	bootstrap.min.js Show response zitromanx.top/myjs/vendor/bootstrap/js/	50 KB 13 KB	423ms 55ms	Script application/javascript	95.164.33.245 STARK-INDUSTRIES
General Check archive.org Show headers Download Go to Full URL https://zitromanx.top/myjs/vendor/bootstrap/js/bootstrap.min.js Requested by Host: base-blk.vercel.app URL: https://base-blk.vercel.app/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 95.164.33.245 Stockholm, Sweden, ASN44477 (STARK-INDUSTRIES, GB), Reverse DNS vm2090149.stark-industries.solutions Software Apache/2.4.41 (Ubuntu) / Resource Hash 0e25895d7caaf355a53d19c37c69a06198f668e5422b211d27597ed93983b80b Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Referer https://gateway.lighthouse.storage/ Response headers Content-Encoding gzip ETag "c7c7-6058e96471640-gzip" Connection Keep-Alive Accept-Ranges bytes Content-Length 12980 Keep-Alive timeout=5, max=99 Date Fri, 08 Nov 2024 06:50:30 GMT Last-Modified Sun, 17 Sep 2023 14:10:25 GMT Vary Accept-Encoding Server Apache/2.4.41 (Ubuntu) Content-Type application/javascript
GET H/1.1	200 OK	select2.min.js Show response zitromanx.top/myjs/vendor/select2/	65 KB 19 KB	463ms 58ms	Script application/javascript	95.164.33.245 STARK-INDUSTRIES
General Check archive.org Show headers Download Go to Full URL https://zitromanx.top/myjs/vendor/select2/select2.min.js Requested by Host: base-blk.vercel.app URL: https://base-blk.vercel.app/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 95.164.33.245 Stockholm, Sweden, ASN44477 (STARK-INDUSTRIES, GB), Reverse DNS vm2090149.stark-industries.solutions Software Apache/2.4.41 (Ubuntu) / Resource Hash a9aee5ad5f0fb19a12bc2ead84c11f615113a6835e80cd05dcdfc123f7b75524 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Referer https://gateway.lighthouse.storage/ Response headers Content-Encoding gzip ETag "10468-6058e96471640-gzip" Connection Keep-Alive Accept-Ranges bytes Content-Length 19023 Keep-Alive timeout=5, max=99 Date Fri, 08 Nov 2024 06:50:30 GMT Last-Modified Sun, 17 Sep 2023 14:10:25 GMT Vary Accept-Encoding Server Apache/2.4.41 (Ubuntu) Content-Type application/javascript
GET H/1.1	200 OK	moment.min.js Show response zitromanx.top/myjs/vendor/daterangepicker/	46 KB 15 KB	378ms 78ms	Script application/javascript	95.164.33.245 STARK-INDUSTRIES
General Check archive.org Show headers Download Go to Full URL https://zitromanx.top/myjs/vendor/daterangepicker/moment.min.js Requested by Host: base-blk.vercel.app URL: https://base-blk.vercel.app/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 95.164.33.245 Stockholm, Sweden, ASN44477 (STARK-INDUSTRIES, GB), Reverse DNS vm2090149.stark-industries.solutions Software Apache/2.4.41 (Ubuntu) / Resource Hash 4e411c99fe4a486db34e801a53392ae86f8659eccc438944b5a062c9aaba25be Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Referer https://gateway.lighthouse.storage/ Response headers Content-Encoding gzip ETag "b635-6058e96471640-gzip" Connection Keep-Alive Accept-Ranges bytes Content-Length 15265 Keep-Alive timeout=5, max=100 Date Fri, 08 Nov 2024 06:50:30 GMT Last-Modified Sun, 17 Sep 2023 14:10:25 GMT Vary Accept-Encoding Server Apache/2.4.41 (Ubuntu) Content-Type application/javascript
GET H/1.1	200 OK	daterangepicker.js Show response zitromanx.top/myjs/vendor/daterangepicker/	68 KB 12 KB	345ms 55ms	Script application/javascript	95.164.33.245 STARK-INDUSTRIES
General Check archive.org Show headers Download Go to Full URL https://zitromanx.top/myjs/vendor/daterangepicker/daterangepicker.js Requested by Host: base-blk.vercel.app URL: https://base-blk.vercel.app/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 95.164.33.245 Stockholm, Sweden, ASN44477 (STARK-INDUSTRIES, GB), Reverse DNS vm2090149.stark-industries.solutions Software Apache/2.4.41 (Ubuntu) / Resource Hash 2c3836208d9d0a3f9dab8ef05dda493c6e98c175155e7e7abba3575207ad0244 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Referer https://gateway.lighthouse.storage/ Response headers Content-Encoding gzip ETag "11090-6058e96471640-gzip" Connection Keep-Alive Accept-Ranges bytes Content-Length 12045 Keep-Alive timeout=5, max=100 Date Fri, 08 Nov 2024 06:50:30 GMT Last-Modified Sun, 17 Sep 2023 14:10:25 GMT Vary Accept-Encoding Server Apache/2.4.41 (Ubuntu) Content-Type application/javascript
GET H/1.1	200 OK	countdowntime.js Show response zitromanx.top/myjs/vendor/countdowntime/	1 KB 833 B	407ms 107ms	Script application/javascript	95.164.33.245 STARK-INDUSTRIES
General Check archive.org Show headers Download Go to Full URL https://zitromanx.top/myjs/vendor/countdowntime/countdowntime.js Requested by Host: base-blk.vercel.app URL: https://base-blk.vercel.app/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 95.164.33.245 Stockholm, Sweden, ASN44477 (STARK-INDUSTRIES, GB), Reverse DNS vm2090149.stark-industries.solutions Software Apache/2.4.41 (Ubuntu) / Resource Hash 4cff184248850f8767575963eb504ee95bbfabff946cdbfb4271474442b80ecd Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Referer https://gateway.lighthouse.storage/ Response headers Content-Encoding gzip ETag "53c-6058e96471640-gzip" Connection Keep-Alive Accept-Ranges bytes Content-Length 483 Keep-Alive timeout=5, max=100 Date Fri, 08 Nov 2024 06:50:30 GMT Last-Modified Sun, 17 Sep 2023 14:10:25 GMT Vary Accept-Encoding Server Apache/2.4.41 (Ubuntu) Content-Type application/javascript
GET H/1.1	200 OK	main.js Show response zitromanx.top/myjs/js/	2 KB 1 KB	403ms 103ms	Script application/javascript	95.164.33.245 STARK-INDUSTRIES
General Check archive.org Show headers Download Go to Full URL https://zitromanx.top/myjs/js/main.js Requested by Host: base-blk.vercel.app URL: https://base-blk.vercel.app/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 95.164.33.245 Stockholm, Sweden, ASN44477 (STARK-INDUSTRIES, GB), Reverse DNS vm2090149.stark-industries.solutions Software Apache/2.4.41 (Ubuntu) / Resource Hash d418f1a383157e6d013cc08376bfad645f6b8a5a7e4310798ec0a5c8b389eccb Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Referer https://gateway.lighthouse.storage/ Response headers Content-Encoding gzip ETag "99e-6058e96471640-gzip" Connection Keep-Alive Accept-Ranges bytes Content-Length 692 Keep-Alive timeout=5, max=100 Date Fri, 08 Nov 2024 06:50:30 GMT Last-Modified Sun, 17 Sep 2023 14:10:25 GMT Vary Accept-Encoding Server Apache/2.4.41 (Ubuntu) Content-Type application/javascript
GET DATA	200 OK	truncated /	3 KB 0		Image image/webp
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 343b43c50e3c026f49164591bcd84a3a6a4f69dd0b4e56a2418ad19b930f537a Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers Content-Type image/webp
GET H2	200	linen.jpg internationalyachtchartergroup.com/webmail/skins/larry/images/	14 KB 14 KB	114ms 113ms	Image image/jpeg	2606:4700:3108::ac42:2aef CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://internationalyachtchartergroup.com/webmail/skins/larry/images/linen.jpg?v=0382.14157 Requested by Host: internationalyachtchartergroup.com URL: https://internationalyachtchartergroup.com/webmail/skins/larry/styles.min.css?s=1480262938 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3108::ac42:2aef , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a712b63789e2d5ca0d67dfc6583e3c4374daf13bbd23ef76c83c3c9e881dea7b Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://internationalyachtchartergroup.com/webmail/skins/larry/styles.min.css?s=1480262938 Response headers cf-bgj imgq:100,h2pri etag "374d-5424a9297fa80" cf-cache-status HIT report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rL353BNCGN3f5X3x9J1GYY8vzHY6ksfymslHR%2FCdVv52mdGD%2F74PuIy7W1j9esojcbrKF%2BnrOeRWprbE8EU%2BEiaC4EA60JIHDDGGcHGlfasBCQkU%2FIpC1kpxc224zLO3uCfsX9fvruth%2BGVtl4wJBCXcfZuymlrh5MGMhKmNW5c%3D"}],"group":"cf-nel","max_age":604800} cf-polished origSize=14157 server-timing cfL4;desc="?proto=TCP&rtt=4880&sent=25&recv=14&lost=0&retrans=0&sent_bytes=14915&recv_bytes=2684&delivery_rate=6766169&cwnd=238&unsent_bytes=0&cid=c965f6a84f139183&ts=243&x=0" date Fri, 08 Nov 2024 06:50:30 GMT content-type image/jpeg last-modified Sun, 27 Nov 2016 16:08:58 GMT vary Accept-Encoding cache-control max-age=86400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8df3a111dbfb76a7-LHR accept-ranges bytes content-length 14109 server cloudflare
GET H2	200	linen_login.jpg internationalyachtchartergroup.com/webmail/skins/larry/images/	10 KB 11 KB	117ms 117ms	Image image/jpeg	2606:4700:3108::ac42:2aef CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://internationalyachtchartergroup.com/webmail/skins/larry/images/linen_login.jpg?v=0484.10363 Requested by Host: internationalyachtchartergroup.com URL: https://internationalyachtchartergroup.com/webmail/skins/larry/styles.min.css?s=1480262938 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3108::ac42:2aef , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 465cfa8692ff9561b87f8df906324b4219e333667ab219555e4695bb97fa4546 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://internationalyachtchartergroup.com/webmail/skins/larry/styles.min.css?s=1480262938 Response headers cf-bgj imgq:100,h2pri etag "287b-5424a9297fa80" cf-cache-status HIT report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7kSiNExJG15IGMGgYZ8WG3bosiyeXF6mgB0S8iWjpneZQbwElXFy92qrGvojoNVOapqL%2FYSEMCw8qill2MODuIheLCvH2%2FgKTGDKViEt9Xn%2BZD37UA%2FakOXhgWH1R7b8mWK9xnnmFypPZGI1hvVeBqrVvikUXjUbC5h8HYwqrnA%3D"}],"group":"cf-nel","max_age":604800} cf-polished origSize=10363 server-timing cfL4;desc="?proto=TCP&rtt=4880&sent=49&recv=14&lost=0&retrans=0&sent_bytes=29904&recv_bytes=2684&delivery_rate=6766169&cwnd=238&unsent_bytes=0&cid=c965f6a84f139183&ts=244&x=0" date Fri, 08 Nov 2024 06:50:30 GMT content-type image/jpeg last-modified Sun, 27 Nov 2016 16:08:58 GMT vary Accept-Encoding cache-control max-age=86400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8df3a111dbff76a7-LHR accept-ranges bytes content-length 10317 server cloudflare
GET H2	200	login_shadow.png internationalyachtchartergroup.com/webmail/skins/larry/images/	562 B 1 KB	126ms 126ms	Image image/webp	2606:4700:3108::ac42:2aef CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://internationalyachtchartergroup.com/webmail/skins/larry/images/login_shadow.png?v=1169.789 Requested by Host: internationalyachtchartergroup.com URL: https://internationalyachtchartergroup.com/webmail/skins/larry/styles.min.css?s=1480262938 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3108::ac42:2aef , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 32475dee52caa49526b0fcf33968518747e33c04e5730d22a54962e865b15b8e Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://internationalyachtchartergroup.com/webmail/skins/larry/styles.min.css?s=1480262938 Response headers cf-bgj imgq:100,h2pri etag "315-5424a9297fa80" cf-cache-status HIT report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kKB1Tgc5qwSmxzrM8ymjrX52hTGtUAzHqQjUuJzyNb5kBV2iEtSPucqIhIv3b7AbyMA6EiZo9lgP4dtvF3Ocjh6U%2FFCKFoIc4XfeIu0x%2Bkec%2BByd0AFvWHBPZAkR4RWCxRK7KxgETvp70Gb3NXhtVXRcPhJXS8RDBuKbALGRMac%3D"}],"group":"cf-nel","max_age":604800} cf-polished origFmt=png, origSize=789 server-timing cfL4;desc="?proto=TCP&rtt=3720&sent=67&recv=21&lost=0&retrans=0&sent_bytes=41017&recv_bytes=2684&delivery_rate=15915296&cwnd=238&unsent_bytes=0&cid=c965f6a84f139183&ts=249&x=0" date Fri, 08 Nov 2024 06:50:30 GMT content-type image/webp content-disposition inline; filename="login_shadow.webp" vary Accept last-modified Sun, 27 Nov 2016 16:08:58 GMT cache-control max-age=86400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8df3a111dc0076a7-LHR accept-ranges bytes content-length 562 server cloudflare
GET H/1.1	200 OK	favicon.ico zitromanx.top/rcubby/black/	34 KB 34 KB	50ms 49ms	Other image/vnd.microsoft.icon	95.164.33.245 STARK-INDUSTRIES
General Check archive.org Show headers Download Go to Full URL https://zitromanx.top/rcubby/black/favicon.ico Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 95.164.33.245 Stockholm, Sweden, ASN44477 (STARK-INDUSTRIES, GB), Reverse DNS vm2090149.stark-industries.solutions Software Apache/2.4.41 (Ubuntu) / Resource Hash 20c30fd4340308d6a4ab222acae353fc2460793ac76645bb1ef1d9d61f4f0a9e Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://gateway.lighthouse.storage/ Response headers ETag "86be-6058e96565880" Connection Keep-Alive Accept-Ranges bytes Content-Length 34494 Keep-Alive timeout=5, max=98 Date Fri, 08 Nov 2024 06:50:30 GMT Last-Modified Sun, 17 Sep 2023 14:10:26 GMT Content-Type image/vnd.microsoft.icon Server Apache/2.4.41 (Ubuntu)

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| Popper function| moment function| daterangepicker function| _0x278b69 function| _0x277b13 function| _0x434f57 function| _0xa129ea function| _0x56f649 function| _0x1816 object| filter function| search function| _0x529a function| _0x58575b string| dot

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://zitromanx.top/myjs/vendor/jquery/jquery-3.2.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://zitromanx.top/myjs/vendor/jquery/jquery-3.2.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://zitromanx.top/myjs/vendor/animsition/js/animsition.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://zitromanx.top/myjs/vendor/bootstrap/js/popper.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://zitromanx.top/myjs/vendor/bootstrap/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://zitromanx.top/myjs/vendor/select2/select2.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://zitromanx.top/myjs/vendor/daterangepicker/moment.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://zitromanx.top/myjs/vendor/daterangepicker/daterangepicker.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://zitromanx.top/myjs/vendor/countdowntime/countdowntime.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://zitromanx.top/myjs/js/main.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
base-blk.glitch.me
base-blk.vercel.app
code.jquery.com
gateway.lighthouse.storage
internationalyachtchartergroup.com
zitromanx.top
2600:9000:275b:400:14:a17:a6c0:93a1
2606:4700:3108::ac42:2aef
2a00:1450:4001:811::200a
2a04:4e42:400::649
54.167.19.172
76.76.21.22
95.164.33.245
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0e25895d7caaf355a53d19c37c69a06198f668e5422b211d27597ed93983b80b
20c30fd4340308d6a4ab222acae353fc2460793ac76645bb1ef1d9d61f4f0a9e
2c3836208d9d0a3f9dab8ef05dda493c6e98c175155e7e7abba3575207ad0244
32475dee52caa49526b0fcf33968518747e33c04e5730d22a54962e865b15b8e
343b43c50e3c026f49164591bcd84a3a6a4f69dd0b4e56a2418ad19b930f537a
465cfa8692ff9561b87f8df906324b4219e333667ab219555e4695bb97fa4546
4cff184248850f8767575963eb504ee95bbfabff946cdbfb4271474442b80ecd
4e411c99fe4a486db34e801a53392ae86f8659eccc438944b5a062c9aaba25be
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8d49d070ae93a36681f93e53804bad25f1c586a304c895a2565334c4c9f11c7f
a1b48332bac499cafd84de6e35bbb25200cd9780bc9f2db5d371d7a0d7f7ab64
a712b63789e2d5ca0d67dfc6583e3c4374daf13bbd23ef76c83c3c9e881dea7b
a9aee5ad5f0fb19a12bc2ead84c11f615113a6835e80cd05dcdfc123f7b75524
cede90ea2d2fc62a7f606fa90e57ff7d8fc7d640d10cbf118c65b9c860ef5bbd
d418f1a383157e6d013cc08376bfad645f6b8a5a7e4310798ec0a5c8b389eccb
d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad
e9c6346904b89560beb56d7f599b52bf083b42fbc933845561b6af8e9a9a8152
eb00149c974bb9b89ea29722462d5a836fac64a274f385a12302426d9c58a584
f32da6bf81134c664b32582076b8260b3b614d508d5c651d0907b581df2a9323