bb7c383694.nxcli.net Open in urlscan Pro
209.87.149.123  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index.html Show response bb7c383694.nxcli.net/docx/auth/	5 KB 1 KB	529ms 197ms	Document text/html	209.87.149.123 NEXCESS-NET
General Check archive.org Show headers Download Go to Full URL https://bb7c383694.nxcli.net/docx/auth/index.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 209.87.149.123 , United States, ASN36444 (NEXCESS-NET, US), Reverse DNS cloudhost-2963068.us-midwest-1.nxcli.net Software nginx / Resource Hash acba6f6ad281790b2a3fb8e35f31534bc715d37778afb11092097c900195cdc5 Request headers :method GET :authority bb7c383694.nxcli.net :scheme https :path /docx/auth/index.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers server nginx date Wed, 02 Jun 2021 07:48:59 GMT content-type text/html vary Accept-Encoding last-modified Sat, 29 May 2021 16:03:02 GMT etag W/"1412-5c37a208a2a49" x-cache-nxaccel BYPASS content-encoding br
GET H2	200	style.css bb7c383694.nxcli.net/docx/auth/css/	4 KB 866 B	114ms 113ms	Stylesheet text/css	209.87.149.123 NEXCESS-NET
General Check archive.org Show headers Download Go to Full URL https://bb7c383694.nxcli.net/docx/auth/css/style.css Requested by Host: bb7c383694.nxcli.net URL: https://bb7c383694.nxcli.net/docx/auth/index.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 209.87.149.123 , United States, ASN36444 (NEXCESS-NET, US), Reverse DNS cloudhost-2963068.us-midwest-1.nxcli.net Software nginx / Resource Hash f898c2fbdbe05cb55722c12280c6334ce78160ba916cc866ff4d71681a2ee827 Request headers :path /docx/auth/css/style.css pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,*/*;q=0.1 cache-control no-cache sec-fetch-dest style :authority bb7c383694.nxcli.net referer https://bb7c383694.nxcli.net/docx/auth/index.html :scheme https sec-fetch-site same-origin :method GET Referer https://bb7c383694.nxcli.net/docx/auth/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 02 Jun 2021 07:48:59 GMT content-encoding br last-modified Sat, 29 May 2021 16:03:11 GMT server nginx etag W/"e05-5c37a2110176f" vary Accept-Encoding x-cache-nxaccel MISS content-type text/css
GET H2	200	bg.jpg bb7c383694.nxcli.net/docx/auth/images/	248 KB 249 KB	115ms 115ms	Image image/jpeg	209.87.149.123 NEXCESS-NET
General Check archive.org Show headers Download Go to Show image Full URL https://bb7c383694.nxcli.net/docx/auth/images/bg.jpg Requested by Host: bb7c383694.nxcli.net URL: https://bb7c383694.nxcli.net/docx/auth/index.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 209.87.149.123 , United States, ASN36444 (NEXCESS-NET, US), Reverse DNS cloudhost-2963068.us-midwest-1.nxcli.net Software nginx / Resource Hash 66c9262105a61de9e340c2f150789b9639a5efda664fe4aa26aab6feaa6538e9 Request headers :path /docx/auth/images/bg.jpg pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority bb7c383694.nxcli.net referer https://bb7c383694.nxcli.net/docx/auth/index.html :scheme https sec-fetch-site same-origin :method GET Referer https://bb7c383694.nxcli.net/docx/auth/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 02 Jun 2021 07:48:59 GMT last-modified Sat, 29 May 2021 16:03:16 GMT server nginx etag "3e1b5-5c37a2155659e" x-cache-nxaccel MISS content-type image/jpeg accept-ranges bytes content-length 254389
GET H2	200	office.jpg bb7c383694.nxcli.net/docx/auth/images/	54 KB 54 KB	293ms 291ms	Image image/jpeg	209.87.149.123 NEXCESS-NET
General Check archive.org Show headers Download Go to Show image Full URL https://bb7c383694.nxcli.net/docx/auth/images/office.jpg Requested by Host: bb7c383694.nxcli.net URL: https://bb7c383694.nxcli.net/docx/auth/index.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 209.87.149.123 , United States, ASN36444 (NEXCESS-NET, US), Reverse DNS cloudhost-2963068.us-midwest-1.nxcli.net Software nginx / Resource Hash e8e636632ecc87a6acc57dd8a29bcb5beef8e76a2ee321a9ae25dae8e1728972 Request headers :path /docx/auth/images/office.jpg pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority bb7c383694.nxcli.net referer https://bb7c383694.nxcli.net/docx/auth/index.html :scheme https sec-fetch-site same-origin :method GET Referer https://bb7c383694.nxcli.net/docx/auth/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 02 Jun 2021 07:48:59 GMT last-modified Sat, 29 May 2021 16:03:25 GMT server nginx etag "d8d6-5c37a21dc122c" x-cache-nxaccel MISS content-type image/jpeg accept-ranges bytes content-length 55510
GET H2	200	a.jpg bb7c383694.nxcli.net/docx/auth/images/	22 KB 22 KB	205ms 204ms	Image image/jpeg	209.87.149.123 NEXCESS-NET
General Check archive.org Show headers Download Go to Show image Full URL https://bb7c383694.nxcli.net/docx/auth/images/a.jpg Requested by Host: bb7c383694.nxcli.net URL: https://bb7c383694.nxcli.net/docx/auth/index.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 209.87.149.123 , United States, ASN36444 (NEXCESS-NET, US), Reverse DNS cloudhost-2963068.us-midwest-1.nxcli.net Software nginx / Resource Hash 8da96f2d14192222b35cfc72f6e20d14700d9bdc7648c161479de8fa0af11bba Request headers :path /docx/auth/images/a.jpg pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority bb7c383694.nxcli.net referer https://bb7c383694.nxcli.net/docx/auth/index.html :scheme https sec-fetch-site same-origin :method GET Referer https://bb7c383694.nxcli.net/docx/auth/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 02 Jun 2021 07:48:59 GMT last-modified Sat, 29 May 2021 16:03:12 GMT server nginx etag "56a9-5c37a21158227" x-cache-nxaccel MISS content-type image/jpeg accept-ranges bytes content-length 22185
GET H2	200	b.jpg bb7c383694.nxcli.net/docx/auth/images/	21 KB 21 KB	296ms 295ms	Image image/jpeg	209.87.149.123 NEXCESS-NET
General Check archive.org Show headers Download Go to Show image Full URL https://bb7c383694.nxcli.net/docx/auth/images/b.jpg Requested by Host: bb7c383694.nxcli.net URL: https://bb7c383694.nxcli.net/docx/auth/index.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 209.87.149.123 , United States, ASN36444 (NEXCESS-NET, US), Reverse DNS cloudhost-2963068.us-midwest-1.nxcli.net Software nginx / Resource Hash b5ff6dad788d0924e72210fa336302e69383a364858b4f1e346365ce6e48c63e Request headers :path /docx/auth/images/b.jpg pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority bb7c383694.nxcli.net referer https://bb7c383694.nxcli.net/docx/auth/index.html :scheme https sec-fetch-site same-origin :method GET Referer https://bb7c383694.nxcli.net/docx/auth/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 02 Jun 2021 07:48:59 GMT last-modified Sat, 29 May 2021 16:03:19 GMT server nginx etag "5320-5c37a218eb57d" x-cache-nxaccel MISS content-type image/jpeg accept-ranges bytes content-length 21280
GET H2	200	c.jpg bb7c383694.nxcli.net/docx/auth/images/	22 KB 22 KB	296ms 295ms	Image image/jpeg	209.87.149.123 NEXCESS-NET
General Check archive.org Show headers Download Go to Show image Full URL https://bb7c383694.nxcli.net/docx/auth/images/c.jpg Requested by Host: bb7c383694.nxcli.net URL: https://bb7c383694.nxcli.net/docx/auth/index.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 209.87.149.123 , United States, ASN36444 (NEXCESS-NET, US), Reverse DNS cloudhost-2963068.us-midwest-1.nxcli.net Software nginx / Resource Hash 3da54511ac0e73757ecd028c575929627c9155f9bbf06c4775f7dda9ec92570e Request headers :path /docx/auth/images/c.jpg pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority bb7c383694.nxcli.net referer https://bb7c383694.nxcli.net/docx/auth/index.html :scheme https sec-fetch-site same-origin :method GET Referer https://bb7c383694.nxcli.net/docx/auth/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 02 Jun 2021 07:48:59 GMT last-modified Sat, 29 May 2021 16:03:17 GMT server nginx etag "578a-5c37a216c395e" x-cache-nxaccel MISS content-type image/jpeg accept-ranges bytes content-length 22410
GET H2	200	d.jpg bb7c383694.nxcli.net/docx/auth/images/	20 KB 20 KB	296ms 294ms	Image image/jpeg	209.87.149.123 NEXCESS-NET
General Check archive.org Show headers Download Go to Show image Full URL https://bb7c383694.nxcli.net/docx/auth/images/d.jpg Requested by Host: bb7c383694.nxcli.net URL: https://bb7c383694.nxcli.net/docx/auth/index.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 209.87.149.123 , United States, ASN36444 (NEXCESS-NET, US), Reverse DNS cloudhost-2963068.us-midwest-1.nxcli.net Software nginx / Resource Hash 2e98ae8fc7c172537f466af8cb25e3d72a3f1f6637c38d097b67309864d64c52 Request headers :path /docx/auth/images/d.jpg pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority bb7c383694.nxcli.net referer https://bb7c383694.nxcli.net/docx/auth/index.html :scheme https sec-fetch-site same-origin :method GET Referer https://bb7c383694.nxcli.net/docx/auth/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 02 Jun 2021 07:48:59 GMT last-modified Sat, 29 May 2021 16:03:19 GMT server nginx etag "4e3f-5c37a21817ead" x-cache-nxaccel MISS content-type image/jpeg accept-ranges bytes content-length 20031
GET H2	200	e.jpg bb7c383694.nxcli.net/docx/auth/images/	22 KB 22 KB	296ms 295ms	Image image/jpeg	209.87.149.123 NEXCESS-NET
General Check archive.org Show headers Download Go to Show image Full URL https://bb7c383694.nxcli.net/docx/auth/images/e.jpg Requested by Host: bb7c383694.nxcli.net URL: https://bb7c383694.nxcli.net/docx/auth/index.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 209.87.149.123 , United States, ASN36444 (NEXCESS-NET, US), Reverse DNS cloudhost-2963068.us-midwest-1.nxcli.net Software nginx / Resource Hash 7f21de022cf092abc5670e9f72ad508341bf5c4bfd2653f0275fe9d938fed2ee Request headers :path /docx/auth/images/e.jpg pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority bb7c383694.nxcli.net referer https://bb7c383694.nxcli.net/docx/auth/index.html :scheme https sec-fetch-site same-origin :method GET Referer https://bb7c383694.nxcli.net/docx/auth/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 02 Jun 2021 07:48:59 GMT last-modified Sat, 29 May 2021 16:03:20 GMT server nginx etag "5876-5c37a21984e85" x-cache-nxaccel MISS content-type image/jpeg accept-ranges bytes content-length 22646
GET H2	200	f.jpg bb7c383694.nxcli.net/docx/auth/images/	19 KB 19 KB	296ms 295ms	Image image/jpeg	209.87.149.123 NEXCESS-NET
General Check archive.org Show headers Download Go to Show image Full URL https://bb7c383694.nxcli.net/docx/auth/images/f.jpg Requested by Host: bb7c383694.nxcli.net URL: https://bb7c383694.nxcli.net/docx/auth/index.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 209.87.149.123 , United States, ASN36444 (NEXCESS-NET, US), Reverse DNS cloudhost-2963068.us-midwest-1.nxcli.net Software nginx / Resource Hash d7178995a57c3e89768e8489d468e6e774b7271b97d254f92259ddbd20586c60 Request headers :path /docx/auth/images/f.jpg pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority bb7c383694.nxcli.net referer https://bb7c383694.nxcli.net/docx/auth/index.html :scheme https sec-fetch-site same-origin :method GET Referer https://bb7c383694.nxcli.net/docx/auth/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 02 Jun 2021 07:48:59 GMT last-modified Sat, 29 May 2021 16:03:21 GMT server nginx etag "4c2b-5c37a21a6d15d" x-cache-nxaccel MISS content-type image/jpeg accept-ranges bytes content-length 19499
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/3.3.1/	85 KB 30 KB	8ms 6ms	Script text/javascript	2a00:1450:4001:80f::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js Requested by Host: bb7c383694.nxcli.net URL: https://bb7c383694.nxcli.net/docx/auth/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://bb7c383694.nxcli.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 01 Jun 2021 16:12:23 GMT content-encoding gzip x-content-type-options nosniff age 56196 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 30399 x-xss-protection 0 last-modified Tue, 03 Mar 2020 19:15:00 GMT server sffe vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Wed, 01 Jun 2022 16:12:23 GMT
GET H2	200	css fonts.googleapis.com/	10 KB 876 B	14ms 14ms	Stylesheet text/css	2a00:1450:4001:831::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800 Requested by Host: bb7c383694.nxcli.net URL: https://bb7c383694.nxcli.net/docx/auth/css/style.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash c5188a8f33fbb436c1cee4016b445aa5680c35ed430c0fe92e78650403bcb509 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://bb7c383694.nxcli.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Wed, 02 Jun 2021 05:54:31 GMT server ESF date Wed, 02 Jun 2021 07:48:59 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 02 Jun 2021 07:48:59 GMT
GET H2	200	mem5YaGs126MiZpBA-UN7rgOUuhp.woff2 fonts.gstatic.com/s/opensans/v20/	15 KB 15 KB	7ms 6ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://bb7c383694.nxcli.net Referer https://fonts.googleapis.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 01 Jun 2021 07:46:46 GMT x-content-type-options nosniff last-modified Tue, 18 May 2021 21:21:50 GMT server sffe age 86533 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15112 x-xss-protection 0 expires Wed, 01 Jun 2022 07:46:46 GMT
GET H2	200	mem8YaGs126MiZpBA-UFVZ0b.woff2 fonts.gstatic.com/s/opensans/v20/	14 KB 14 KB	7ms 6ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v20/mem8YaGs126MiZpBA-UFVZ0b.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://bb7c383694.nxcli.net Referer https://fonts.googleapis.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 01 Jun 2021 22:32:33 GMT x-content-type-options nosniff last-modified Tue, 18 May 2021 21:21:19 GMT server sffe age 33386 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 14440 x-xss-protection 0 expires Wed, 01 Jun 2022 22:32:33 GMT
GET H2	200	mem5YaGs126MiZpBA-UNirkOUuhp.woff2 fonts.gstatic.com/s/opensans/v20/	15 KB 15 KB	7ms 7ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UNirkOUuhp.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c298433cc9eb86f4c0be0a447b0faf398dee9186d2bcf26683297de2758cddc7 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://bb7c383694.nxcli.net Referer https://fonts.googleapis.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 01 Jun 2021 12:56:46 GMT x-content-type-options nosniff last-modified Tue, 18 May 2021 21:21:26 GMT server sffe age 67933 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 14956 x-xss-protection 0 expires Wed, 01 Jun 2022 12:56:46 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| window_opener_xc function| get_extra_data

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
bb7c383694.nxcli.net
fonts.googleapis.com
fonts.gstatic.com
209.87.149.123
2a00:1450:4001:80f::200a
2a00:1450:4001:829::2003
2a00:1450:4001:831::200a
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
2e98ae8fc7c172537f466af8cb25e3d72a3f1f6637c38d097b67309864d64c52
3da54511ac0e73757ecd028c575929627c9155f9bbf06c4775f7dda9ec92570e
66c9262105a61de9e340c2f150789b9639a5efda664fe4aa26aab6feaa6538e9
7f21de022cf092abc5670e9f72ad508341bf5c4bfd2653f0275fe9d938fed2ee
8da96f2d14192222b35cfc72f6e20d14700d9bdc7648c161479de8fa0af11bba
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
acba6f6ad281790b2a3fb8e35f31534bc715d37778afb11092097c900195cdc5
b5ff6dad788d0924e72210fa336302e69383a364858b4f1e346365ce6e48c63e
c298433cc9eb86f4c0be0a447b0faf398dee9186d2bcf26683297de2758cddc7
c5188a8f33fbb436c1cee4016b445aa5680c35ed430c0fe92e78650403bcb509
c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c
d7178995a57c3e89768e8489d468e6e774b7271b97d254f92259ddbd20586c60
e8e636632ecc87a6acc57dd8a29bcb5beef8e76a2ee321a9ae25dae8e1728972
f898c2fbdbe05cb55722c12280c6334ce78160ba916cc866ff4d71681a2ee827