mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io Open in urlscan Pro
2604:1380:4601:6204:5000:33ff:fede:ad31 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/
Effective URL:
https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/login.html?hlw=vomr9itPpnOEpc83pR&szukpr=pEYuZbVcqK32LHAXI6js&ubdchmbol=URH4pHv1XdN1pL3cM
Submission: On March 15 via api (March 15th 2023, 8:35:15 pm UTC) from US — Scanned from FR

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 14 HTTP transactions. The main IP is 2604:1380:4601:6204:5000:33ff:fede:ad31, located in Amsterdam, Netherlands and belongs to PACKET, US. The main domain is mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io.
TLS certificate: Issued by R3 on February 16th 2023. Valid for: 3 months.

This is the only time mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
2	2604:1380:460... 2604:1380:4601:6204:5000:33ff:fede:ad31	54825 (PACKET) (PACKET)
9	2606:4700:303... 2606:4700:3035::6815:2705	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
14	5

2 2604:1380:4601:6204:5000:33ff:fede:ad31 (Amsterdam, Netherlands)

ASN54825 (PACKET, US)

mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700:3035::6815:2705 (United States)

ASN13335 (CLOUDFLARENET, US)

beststronglinks.shop	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	beststronglinks.shop beststronglinks.shop	171 KB
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 305 fonts.googleapis.com — Cisco Umbrella Rank: 34	31 KB
2	icp0.io mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io	7 KB
1	gstatic.com fonts.gstatic.com	44 KB
14	4

	Domain	Requested by
9	beststronglinks.shop	mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io
2	mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io	mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	beststronglinks.shop
1	ajax.googleapis.com	mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io
14	5

This site contains no links.

Subject Issuer	Validity	Valid
boundary.dfinity.network R3	`2023-02-16` - `2023-05-17`	3 months	crt.sh
*.beststronglinks.shop GTS CA 1P5	`2023-02-14` - `2023-05-15`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/login.html?hlw=vomr9itPpnOEpc83pR&szukpr=pEYuZbVcqK32LHAXI6js&ubdchmbol=URH4pHv1XdN1pL3cM
Frame ID: F49E2AF72B278E055699DEA7B4CDB871
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Document

Page URL History Show full URLs

https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/ Page URL
https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/login.html?hlw=vomr9itPpnOEpc83pR&szukpr=pEYuZbVcqK32LHAXI6js&ubdchmbol=URH4... Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

253 kB
Transfer

324 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/ Page URL
https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/login.html?hlw=vomr9itPpnOEpc83pR&szukpr=pEYuZbVcqK32LHAXI6js&ubdchmbol=URH4pHv1XdN1pL3cM Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 /
mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/ 2 KB
3 KB 205ms
91ms Document
text/html 2604:1380:4601:6204:5000:33ff:fede:ad31
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2604:1380:4601:6204:5000:33ff:fede:ad31 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: nginx/1.21.3 /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-None-Match,If-Modified-Since,Cache-Control,Content-Type,Range,Cookie
access-control-allow-methods: HEAD, GET, POST, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges,Content-Length,Content-Range
access-control-max-age: 600
content-encoding: gzip
content-type: text/html
date: Wed, 15 Mar 2023 20:35:09 GMT
etag: W/"dd462236ccf134e135fcbc0557f87be04159ed24e15bc14ccc42a2320411bcb9"
ic-certificate: certificate=:2dn3o2R0cmVlgwGDAYMBgwJIY2FuaXN0ZXKDAYIEWCDUyzffTR5tJqyul3Axd4FzDL9TeNFyfuVqbOtbeGPp74MBggRYIFnpdWsF1ksLrsjWTF7U3Rzpx8Qt0Zj6W5Um2Pc9+zN+gwGCBFgg8rMGZ5kOmfRZIH+mWvUTZQXrlkStGUitNjw7+w7O/GiDAYIEWCABuWzzypqjUj0O8n0qZLQAEkMZk50zDqv2ls9jtnLd74MBgwGCBFggU1JC88lMIUmMr3QrzMj610ld+uGhEMGm473cQbXBr6qDAkoAAAAAAXANPAEBgwGDAYMBgwJOY2VydGlmaWVkX2RhdGGCA1ggVgGIlGPtLbehd3QgrmFGnER/JWZ7e/g8CEnbz3iXUIaCBFggg8Vr8U3ePSjeZsaStfydl+ndmFtq1ysP5vhOio3z3LKCBFggyByaMukKKSN8Crg2gRvMX/dWwZsYbSI0fAzhjq88zT+CBFggudNSCP1JIetLuKZa0oAYCsdXq7u+E0fGCsQ1WFVCAHSCBFgg16Cj3MSlD3rbWfr1r9GaBxYpTMPyZSl4PSIRQu1AAiSCBFgghpAycrA9gmtEVOm9VM6tYdRXs1IvVNhC9I+/yRsn++6CBFgggtfAsnGN3px94SdBHDlc+d5WJCb2KCMlVCX9i7jip5aDAYIEWCDMV4EJ/F295ZHPecs/pjJs3M3Z+ojqJ1ksqIiCQ2av44MCRHRpbWWCA0n/lK+l+MCsphdpc2lnbmF0dXJlWDCUaFY2NkkY+a692vkDI00pSM+fMLmkKGHIaukDbJqvjabbpgXcI9Baj/2liHtRqWZqZGVsZWdhdGlvbqJpc3VibmV0X2lkWB1YG1qi8QxfIh5F3nSizsr9PaB2vjnbCQfL9VS7AmtjZXJ0aWZpY2F0ZVkCV9nZ96JkdHJlZYMBggRYIJ2HZlE2JVFoubceywwE9ms370iCb5Xk55CxE1YtsbVDgwGDAkZzdWJuZXSDAYMBggRYIFNj2ZIcRorBoMBHUSShcDsO6rRPEq/ku3IaBZ6r+8zegwGDAYMBgwGDAlgdWBtaovEMXyIeRd50os7K/T2gdr452wkHy/VUuwKDAYMCT2NhbmlzdGVyX3Jhbmdlc4IDWBvZ2feBgkoAAAAAAXAAAAEBSgAAAAABf///AQGDAkpwdWJsaWNfa2V5ggNYhTCBgjAdBg0rBgEEAYLcfAUDAQIBBgwrBgEEAYLcfAUDAgEDYQCtKKK/qubJJI7x6j5PS8bqKRAc5TOwB1NJu4aohTXCFs5DTJqgGLh0ZUQd2ZftIycOKyHhJsdPFik726KQM+hY7NUL2nvhtpKkAeFU64e2Xc8Jg2NeV44+ovbZsCx8edyCBFggjRtv8+CAQFV3mNVT1kr5WJnyWgFm47EnbRyN299atwWCBFggXS0clDj24duh363CxQ9Ri2MYJijTzWm0lE1YyzaqmJyCBFggnDg+uNKnyGxqRBNVBqKPJwcv4tvvPp7pr0cezcBjs9OCBFggahf2pvbtIRmbiD0zGINIi2Qyd+FwcugtHMQDa7Uso2aCBFgg3xEkQ13xybrh8TRO8/2mpg+Pr30Gcg418BNJ2KZPyWSDAkR0aW1lggNJjdns/eeLuqUXaXNpZ25hdHVyZVgwlhwOA2zfwtIyeLxaRWoywH2u9B3mgx+yuyqYDjcX3Ax7tlxKGHnmjI/MdUbiuZy9:, tree=:2dn3gwJLaHR0cF9hc3NldHODAYMBgwGDAkkvQU9MLmh0bWyCBFggPHiZQ3fcrebMtbVQPH63U0Q1K7vwC75t0WiVBvm1nvOCBFggOXufuOSMpmi7Tdm15qDMYe1GrIXaUwVEcjSSxL2apdaCBFggu4I/4omQqlVKq+juLptbTzMNgqJMJgsFGE/9c78L/UeDAYIEWCC1PO5U40RqV3hDzwrRIRlSmsmlD89iJn99FTrpD7t1ioMBggRYIMNiF4+TpNex/vBJeXum7fAZZ5zM9qgL8r5XtqKgFZhBgwGCBFggnP7vvdRVgFEoLHSY+vnyIsn1aLpGXy0oHw15tf02wFKDAYMCSy9pbmRleC5odG1sggNYIN1GIjbM8TThNfy8BVf4e+BBWe0k4VvBTMxCojIEEby5ggRYIJVJxYCupFK1VxsoD4Z0Ty259BqMvcQqWOEPZMe4GXB/:
server: nginx/1.21.3

GET
H2 200 Primary Request login.html Show response
mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/ 8 KB
3 KB 813ms
812ms Document
text/html 2604:1380:4601:6204:5000:33ff:fede:ad31
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/login.html?hlw=vomr9itPpnOEpc83pR&szukpr=pEYuZbVcqK32LHAXI6js&ubdchmbol=URH4pHv1XdN1pL3cM
Requested by: Host: mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io
URL: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2604:1380:4601:6204:5000:33ff:fede:ad31 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: nginx/1.21.3 /
Resource Hash: c03b40a79340d6b211123ad66cfc616ab19a5d68cffbeea38e1fb8a6cf4e43b6

Request headers

Referer: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-None-Match,If-Modified-Since,Cache-Control,Content-Type,Range,Cookie
access-control-allow-methods: HEAD, GET, POST, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges,Content-Length,Content-Range
access-control-max-age: 600
content-encoding: gzip
content-length: 1437
content-type: text/html
date: Wed, 15 Mar 2023 20:35:10 GMT
etag: "82f0037e733d3e92d2a25385755dceff209ff5ada451e3c5a6db9f847fe397ba"
ic-certificate: certificate=:2dn3o2R0cmVlgwGDAYMBgwJIY2FuaXN0ZXKDAYIEWCDUyzffTR5tJqyul3Axd4FzDL9TeNFyfuVqbOtbeGPp74MBggRYIFnpdWsF1ksLrsjWTF7U3Rzpx8Qt0Zj6W5Um2Pc9+zN+gwGCBFgg8rMGZ5kOmfRZIH+mWvUTZQXrlkStGUitNjw7+w7O/GiDAYIEWCABuWzzypqjUj0O8n0qZLQAEkMZk50zDqv2ls9jtnLd74MBgwGCBFggU1JC88lMIUmMr3QrzMj610ld+uGhEMGm473cQbXBr6qDAkoAAAAAAXANPAEBgwGDAYMBgwJOY2VydGlmaWVkX2RhdGGCA1ggVgGIlGPtLbehd3QgrmFGnER/JWZ7e/g8CEnbz3iXUIaCBFggg8Vr8U3ePSjeZsaStfydl+ndmFtq1ysP5vhOio3z3LKCBFggyByaMukKKSN8Crg2gRvMX/dWwZsYbSI0fAzhjq88zT+CBFggudNSCP1JIetLuKZa0oAYCsdXq7u+E0fGCsQ1WFVCAHSCBFgg16Cj3MSlD3rbWfr1r9GaBxYpTMPyZSl4PSIRQu1AAiSCBFggn4DHG+OdwDGR+/M9ipAGrwY+tgKh3n8ZSShmKzomxTKCBFggDlHQMCoFfdUykhvCSgHaA75IpuyY1zvkp2QQDvRkXpWDAYIEWCDMV4EJ/F295ZHPecs/pjJs3M3Z+ojqJ1ksqIiCQ2av44MCRHRpbWWCA0m2rvrQ+8Csphdpc2lnbmF0dXJlWDCEqpQKJNUjpFkvJjv7FG+XJhJm6KXNVnil9tzZglC/CW5t8OvXXxNJc3V2PmbGTpxqZGVsZWdhdGlvbqJpc3VibmV0X2lkWB1YG1qi8QxfIh5F3nSizsr9PaB2vjnbCQfL9VS7AmtjZXJ0aWZpY2F0ZVkCV9nZ96JkdHJlZYMBggRYIJ2HZlE2JVFoubceywwE9ms370iCb5Xk55CxE1YtsbVDgwGDAkZzdWJuZXSDAYMBggRYIFNj2ZIcRorBoMBHUSShcDsO6rRPEq/ku3IaBZ6r+8zegwGDAYMBgwGDAlgdWBtaovEMXyIeRd50os7K/T2gdr452wkHy/VUuwKDAYMCT2NhbmlzdGVyX3Jhbmdlc4IDWBvZ2feBgkoAAAAAAXAAAAEBSgAAAAABf///AQGDAkpwdWJsaWNfa2V5ggNYhTCBgjAdBg0rBgEEAYLcfAUDAQIBBgwrBgEEAYLcfAUDAgEDYQCtKKK/qubJJI7x6j5PS8bqKRAc5TOwB1NJu4aohTXCFs5DTJqgGLh0ZUQd2ZftIycOKyHhJsdPFik726KQM+hY7NUL2nvhtpKkAeFU64e2Xc8Jg2NeV44+ovbZsCx8edyCBFggjRtv8+CAQFV3mNVT1kr5WJnyWgFm47EnbRyN299atwWCBFggXS0clDj24duh363CxQ9Ri2MYJijTzWm0lE1YyzaqmJyCBFggnDg+uNKnyGxqRBNVBqKPJwcv4tvvPp7pr0cezcBjs9OCBFggahf2pvbtIRmbiD0zGINIi2Qyd+FwcugtHMQDa7Uso2aCBFgg3xEkQ13xybrh8TRO8/2mpg+Pr30Gcg418BNJ2KZPyWSDAkR0aW1lggNJjdns/eeLuqUXaXNpZ25hdHVyZVgwlhwOA2zfwtIyeLxaRWoywH2u9B3mgx+yuyqYDjcX3Ax7tlxKGHnmjI/MdUbiuZy9:, tree=:2dn3gwJLaHR0cF9hc3NldHODAYIEWCCGE9iFiNxUiGV2zPjYXfxiAWPYlsy5/ABnuGSsrVGhN4MBggRYILU87lTjRGpXeEPPCtEhGVKayaUPz2Imf30VOukPu3WKgwGCBFggw2IXj5Ok17H+8El5e6bt8BlnnMz2qAvyvle2oqAVmEGDAYIEWCCc/u+91FWAUSgsdJj6+fIiyfVoukZfLSgfDXm1/TbAUoMBggRYIIm7vBWNizcOUQfDamUAR8hdHo5SQkZgZrHv8xUa8SbvgwJLL2xvZ2luLmh0bWyCA1ggwDtAp5NA1rIREjrWbPxharGaXWjP++6jjh+4ps9OQ7Y=:
server: nginx/1.21.3

GET
H2 200 style.css
beststronglinks.shop/email-list/sharepoint/sp2/css/ 5 KB
2 KB 722ms
648ms Stylesheet
text/css 2606:4700:3035::6815:2705
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beststronglinks.shop/email-list/sharepoint/sp2/css/style.css
Requested by: Host: mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io
URL: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/login.html?hlw=vomr9itPpnOEpc83pR&szukpr=pEYuZbVcqK32LHAXI6js&ubdchmbol=URH4pHv1XdN1pL3cM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:2705 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26cd09cb9e7b62c79e0c6e871ec3303602f0853a211bf7111744be57b421d80c

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 20:35:10 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 29 Sep 2022 12:33:56 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"1460-5e9d0173e9500-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PU9P6vdaHm2je3qopDZYilWIvJiTNasORvCQfG3ShGQ82OTGGlIlZStsPD0%2BqQdxu22IQvf%2F%2F%2F5ayHiMRPpJvo2pqbgBpCKz8f%2FGv%2Ff%2BFp7pgfmvWFtkR1zPBH45XFSTpgsh5g6Y4w5qRurbZ5ht%2FTPO%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 7a878a9448c10415-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ 85 KB
30 KB 93ms
26ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

Requested by

Host: mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io
URL: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/login.html?hlw=vomr9itPpnOEpc83pR&szukpr=pEYuZbVcqK32LHAXI6js&ubdchmbol=URH4pHv1XdN1pL3cM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Mon, 13 Mar 2023 08:14:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 217260
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30399
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Mar 2024 08:14:10 GMT

GET
H2 200 header-logo.png
beststronglinks.shop/email-list/sharepoint/sp2/images/ 8 KB
8 KB 737ms
663ms Image
image/png 2606:4700:3035::6815:2705
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beststronglinks.shop/email-list/sharepoint/sp2/images/header-logo.png
Requested by: Host: mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io
URL: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/login.html?hlw=vomr9itPpnOEpc83pR&szukpr=pEYuZbVcqK32LHAXI6js&ubdchmbol=URH4pHv1XdN1pL3cM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:2705 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 433924b4f8a9ea44393a2a7bba64f61b2746a468986e1766710ee5b2792a54fa

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 20:35:10 GMT
cf-cache-status: MISS
last-modified: Thu, 29 Sep 2022 12:33:56 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "1e5e-5e9d0173e9500"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kv%2BMr34cT%2FjvcgKS%2FBtfmsWj5%2BuDqM8C%2Bqvz3XoVtc%2BT4CnnD5yJYhfQ%2B4MJKDGKMcqpE8ELt%2BD9OXG1sIxf5WBd4RJJAagpzChSxcgPoHR%2F14Nis47Nex%2FXS3fpmF5jpjDCzxFBIZNbKufwbhhY0bFMoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7a878a9448c20415-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7774

GET
H2 200 gmail.jpg
beststronglinks.shop/email-list/sharepoint/sp2/images/ 14 KB
15 KB 752ms
679ms Image
image/jpeg 2606:4700:3035::6815:2705
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beststronglinks.shop/email-list/sharepoint/sp2/images/gmail.jpg
Requested by: Host: mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io
URL: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/login.html?hlw=vomr9itPpnOEpc83pR&szukpr=pEYuZbVcqK32LHAXI6js&ubdchmbol=URH4pHv1XdN1pL3cM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:2705 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0395c2d974a610a5826088c1752b49945c0b38e841389e794bf7171e2326982c

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 20:35:10 GMT
cf-cache-status: MISS
last-modified: Thu, 29 Sep 2022 12:33:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "3919-5e9d0175d1980"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hrG1oZdzSuJH9oufR%2B0dCxvttzB2tiwsWYyuxzHPoekqbzoIIoH4vrjRTUbj7dYTDfars5AH7eC2PO4DR8aHOdhgSObmQcWL3ghTQ3LppZUtrJ%2BNW5ccP6NPMq5vzy9v5y0NARuJw%2BZxIrJFJrqueRxVBg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7a878a9448c40415-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14617

GET
H2 200 aol.jpg
beststronglinks.shop/email-list/sharepoint/sp2/images/ 14 KB
14 KB 734ms
661ms Image
image/jpeg 2606:4700:3035::6815:2705
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beststronglinks.shop/email-list/sharepoint/sp2/images/aol.jpg
Requested by: Host: mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io
URL: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/login.html?hlw=vomr9itPpnOEpc83pR&szukpr=pEYuZbVcqK32LHAXI6js&ubdchmbol=URH4pHv1XdN1pL3cM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:2705 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b2bf99365d81089bbb0939d15bd959809492c068555dbead87f91802589ef5a9

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 20:35:10 GMT
cf-cache-status: MISS
last-modified: Thu, 29 Sep 2022 12:33:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "362d-5e9d0175d1980"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MLljPKsPGAuwSUDRSQItx0zf%2FSLyFJmYJxbJxnPSD3xbstP%2Be5S2W04TLM6IgH6%2BWVb7OFTOREWWO9Q6qV8fG1j%2FdLuAu4KAVZ4xNOlNJx9B%2BtS3R%2FMVT8lt%2F52UfbYUafQ92O%2Fo7Ju%2F28YwpjZEVfSqYw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7a878a9448c50415-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13869

GET
H2 200 outlook.jpg
beststronglinks.shop/email-list/sharepoint/sp2/images/ 15 KB
15 KB 744ms
671ms Image
image/jpeg 2606:4700:3035::6815:2705
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beststronglinks.shop/email-list/sharepoint/sp2/images/outlook.jpg
Requested by: Host: mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io
URL: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/login.html?hlw=vomr9itPpnOEpc83pR&szukpr=pEYuZbVcqK32LHAXI6js&ubdchmbol=URH4pHv1XdN1pL3cM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:2705 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8911de9c6b54ea92f9322ea7570ee16713718211f4dabc77b820256dc923b4c

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 20:35:10 GMT
cf-cache-status: MISS
last-modified: Thu, 29 Sep 2022 12:33:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "3c52-5e9d0174dd740"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RHm%2BbhtBVeOBuFnqqMWe4uqZ9mOoXLQQPRyuDTs%2Bi1JblrWij4oI43RiIFnceMoA9fbgIxnCuCLkL9xudmGvBhjP7aIs9hZIABlZz4u8YR8jHS0WhXa9OBfff1JksBfWCRTTFnHmeoKFB2xl7FTIM6STFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7a878a9448c60415-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15442

GET
H2 200 office.jpg
beststronglinks.shop/email-list/sharepoint/sp2/images/ 14 KB
14 KB 755ms
682ms Image
image/jpeg 2606:4700:3035::6815:2705
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beststronglinks.shop/email-list/sharepoint/sp2/images/office.jpg
Requested by: Host: mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io
URL: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/login.html?hlw=vomr9itPpnOEpc83pR&szukpr=pEYuZbVcqK32LHAXI6js&ubdchmbol=URH4pHv1XdN1pL3cM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:2705 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bedcbef0141493931f41db1b4410c80f62812f1d5a5f98de10fcfe4da57e994d

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 20:35:10 GMT
cf-cache-status: MISS
last-modified: Thu, 29 Sep 2022 12:33:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "3810-5e9d0174dd740"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xJCW%2FJ%2ByYjKxskqvlCKyG5XuLp8WeC5j7SPfNmq9drLgQm2t2A6Cy%2FLcn9RXbL1gfWhBUMlhm54juERHzC1OK6EqP7nbYT2su1Y1WgA0tRSEPhGtfdYQ%2F4wrhcdneaHnE08RJ0NnDuortynIJx9TiywnmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7a878a9448c80415-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14352

GET
H2 200 yahoo.jpg
beststronglinks.shop/email-list/sharepoint/sp2/images/ 15 KB
15 KB 658ms
657ms Image
image/jpeg 2606:4700:3035::6815:2705
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beststronglinks.shop/email-list/sharepoint/sp2/images/yahoo.jpg
Requested by: Host: mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io
URL: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/login.html?hlw=vomr9itPpnOEpc83pR&szukpr=pEYuZbVcqK32LHAXI6js&ubdchmbol=URH4pHv1XdN1pL3cM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:2705 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9dcb3f39c6f1c7f2b0fa75391efa497c84ade4b3a12867af284fbe224d24c3e9

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 20:35:10 GMT
cf-cache-status: MISS
last-modified: Thu, 29 Sep 2022 12:33:56 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "3a5b-5e9d0173e9500"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BNs%2Bd2T2NEfbISrqcybSrLufbA%2BtPphzEzOoswLwT9UemIfV5cSsQZPoGIcfI%2BeKzs2uuiuayVnlMCdAaBZXa3FFAJckUIHttgulzSUwoXgw90%2BY2A1VSatmkJ4s8%2Bvvy%2Fx980UcKbmcnQLt9ONkBBMrbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7a878a9489030415-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14939

GET
H2 200 other.jpg
beststronglinks.shop/email-list/sharepoint/sp2/images/ 14 KB
14 KB 649ms
649ms Image
image/jpeg 2606:4700:3035::6815:2705
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beststronglinks.shop/email-list/sharepoint/sp2/images/other.jpg
Requested by: Host: mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io
URL: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/login.html?hlw=vomr9itPpnOEpc83pR&szukpr=pEYuZbVcqK32LHAXI6js&ubdchmbol=URH4pHv1XdN1pL3cM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:2705 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7976b777c1a1d694739e57292d1629d371aa79be6d7a2a87bcb0d0b9edad79f2

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 20:35:10 GMT
cf-cache-status: MISS
last-modified: Thu, 29 Sep 2022 12:33:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "3818-5e9d0175d1980"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0v%2B8u2thTC917vkZTAyQblYfdhNzCzCIQJVW7nHsA%2F0Rmh6tYdbo7W%2Fb%2Bx9jqpqY4Xd9hOGYU5StUMvFAtnbPbkExCfk4XqxWlLPoP2wgv55jSy0twsQer%2F0vIVZ0fVrvVPG3sxgvZEZyj6U6Ni9TwG3iQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7a878a9489040415-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14360

GET
H2 200 css
fonts.googleapis.com/ 13 KB
1 KB 96ms
36ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800

Requested by

Host: beststronglinks.shop
URL: https://beststronglinks.shop/email-list/sharepoint/sp2/css/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cba6172988c4f2a636c28d2c46741ebbb03873f482eb038b51ee0c4840c9d13f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://beststronglinks.shop/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 15 Mar 2023 20:35:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 19:31:13 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 15 Mar 2023 20:35:10 GMT

GET
H2 200 other-email-bg.jpg
beststronglinks.shop/email-list/sharepoint/sp2/images/ 73 KB
74 KB 198ms
197ms Image
image/jpeg 2606:4700:3035::6815:2705
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beststronglinks.shop/email-list/sharepoint/sp2/images/other-email-bg.jpg
Requested by: Host: mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io
URL: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/login.html?hlw=vomr9itPpnOEpc83pR&szukpr=pEYuZbVcqK32LHAXI6js&ubdchmbol=URH4pHv1XdN1pL3cM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:2705 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f8a773c568a4b8181d3796b724647bd0430198457699649a2d9a7425f88e57e

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 20:35:11 GMT
cf-cache-status: MISS
last-modified: Thu, 29 Sep 2022 12:33:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "124b2-5e9d0174dd740"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K4603uKRQmaYsnCrejkt5%2BwFOrsiqiB5203Lb8eQmFvG1yLwX9zVEPfiAuB1qm6f0cfuwPWvfrL%2FACLWoHtoV0Ulh%2BkwSK5TOIF7roO8Bzdyb0Nf1bGymhkdPeqfmMAXNOQ80wgmGHUL40ZZQP46pzI7uA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7a878a990d0e0415-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 74930

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ 44 KB
44 KB 86ms
26ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 08 Mar 2023 23:44:24 GMT
x-content-type-options: nosniff
age: 593446
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Mar 2024 23:44:24 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/login.html?hlw=vomr9itPpnOEpc83pR&szukpr=pEYuZbVcqK32LHAXI6js&ubdchmbol=URH4pHv1XdN1pL3cM Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io/login.html?hlw=vomr9itPpnOEpc83pR&szukpr=pEYuZbVcqK32LHAXI6js&ubdchmbol=URH4pHv1XdN1pL3cM Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
beststronglinks.shop
fonts.googleapis.com
fonts.gstatic.com
mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io
2604:1380:4601:6204:5000:33ff:fede:ad31
2606:4700:3035::6815:2705
2a00:1450:4001:80b::200a
2a00:1450:4001:813::200a
2a00:1450:4001:828::2003
0395c2d974a610a5826088c1752b49945c0b38e841389e794bf7171e2326982c
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
26cd09cb9e7b62c79e0c6e871ec3303602f0853a211bf7111744be57b421d80c
433924b4f8a9ea44393a2a7bba64f61b2746a468986e1766710ee5b2792a54fa
5f8a773c568a4b8181d3796b724647bd0430198457699649a2d9a7425f88e57e
7976b777c1a1d694739e57292d1629d371aa79be6d7a2a87bcb0d0b9edad79f2
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
9dcb3f39c6f1c7f2b0fa75391efa497c84ade4b3a12867af284fbe224d24c3e9
a8911de9c6b54ea92f9322ea7570ee16713718211f4dabc77b820256dc923b4c
b2bf99365d81089bbb0939d15bd959809492c068555dbead87f91802589ef5a9
bedcbef0141493931f41db1b4410c80f62812f1d5a5f98de10fcfe4da57e994d
c03b40a79340d6b211123ad66cfc616ab19a5d68cffbeea38e1fb8a6cf4e43b6
cba6172988c4f2a636c28d2c46741ebbb03873f482eb038b51ee0c4840c9d13f

mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io Open in urlscan Pro 2604:1380:4601:6204:5000:33ff:fede:ad31 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

100 %IPv6

4 Domains

5 Subdomains

5 IPs

3 Countries

253 kBTransfer

324 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

mabz5-yqaaa-aaaal-qbu6a-cai.raw.icp0.io Open in urlscan Pro
2604:1380:4601:6204:5000:33ff:fede:ad31 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

253 kB
Transfer

324 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!