critixexchangesharefile.com Open in urlscan Pro
20.118.134.80 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://riozgmqyv.figueiredoeferreira.com.br/#yjgslewc2NvdHQud3JpZ2h0QGlndHNvbHV0aW9ucy5jb20=
Effective URL:
https://critixexchangesharefile.com/
Submission: On February 22 via manual (February 22nd 2022, 4:32:14 am UTC) from IN — Scanned from DE

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 2 countries across 6 domains to perform 18 HTTP transactions. The main IP is 20.118.134.80, located in Phoenix, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is critixexchangesharefile.com.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on February 21st 2022. Valid for: 3 months.

This is the only time critixexchangesharefile.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1	108.167.168.59 108.167.168.59	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1	52.250.2.234 52.250.2.234	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	20.118.134.80 20.118.134.80	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
3	152.199.23.37 152.199.23.37	() ()
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3b	() ()
18	9

1 108.167.168.59 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 108-167-168-59.unifiedlayer.com

riozgmqyv.figueiredoeferreira.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.250.2.234 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

52.250.2.234	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.118.134.80 (Phoenix, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

critixexchangesharefile.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 152.199.23.37 (None, )

ASN- ()

aadcdn.msftauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3b (None, )

ASN- ()

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	gstatic.com www.gstatic.com fonts.gstatic.com	341 KB
4	google.com www.google.com — Cisco Umbrella Rank: 2	41 KB
3	msftauth.net aadcdn.msftauth.net	51 KB
2	critixexchangesharefile.com critixexchangesharefile.com	106 KB
1	jquery.com code.jquery.com	30 KB
1	figueiredoeferreira.com.br riozgmqyv.figueiredoeferreira.com.br	356 B
18	6

	Domain	Requested by
4	www.gstatic.com	www.google.com www.gstatic.com
4	www.google.com	critixexchangesharefile.com www.gstatic.com www.google.com
3	aadcdn.msftauth.net	critixexchangesharefile.com
2	fonts.gstatic.com	www.google.com
2	critixexchangesharefile.com	52.250.2.234
1	code.jquery.com	critixexchangesharefile.com
1	riozgmqyv.figueiredoeferreira.com.br
18	7

This site contains no links.

Subject Issuer	Validity	Valid
www.teste.figueiredoeferreira.com.br R3	`2022-01-20` - `2022-04-20`	3 months	crt.sh
critixexchangesharefile.com ZeroSSL RSA Domain Secure Site CA	`2022-02-21` - `2022-05-22`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA	`2021-05-13` - `2022-05-13`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://critixexchangesharefile.com/
Frame ID: CFEA74010AEAE9EAE0AB2C1B3656CDE0
Requests: 13 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LczKBgbAAAAAM13luWBh4giCR_GCXWRre4BYkFR&co=aHR0cHM6Ly9jcml0aXhleGNoYW5nZXNoYXJlZmlsZS5jb206NDQz&hl=de&v=1B_yv3CBEV10KtI2HJ6eEXhJ&size=invisible&cb=bqufxtnislsy
Frame ID: D45903D73037CE3BE7D483BD9B4DAEC9
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://riozgmqyv.figueiredoeferreira.com.br/ Page URL
http://52.250.2.234/bb/scott.wright@igtsolutions.com Page URL
https://critixexchangesharefile.com/MTY0NTUwNDMyODcwZWQ1ZWVkMTI0YThmNzdkYTYyZjBhYzY3ZWQxZGFlOGFiMDA2ZWNjMWM5NGFm... Page URL
https://critixexchangesharefile.com/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

18
Requests

94 %
HTTPS

50 %
IPv6

6
Domains

7
Subdomains

9
IPs

2
Countries

569 kB
Transfer

1207 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://riozgmqyv.figueiredoeferreira.com.br/ Page URL
http://52.250.2.234/bb/scott.wright@igtsolutions.com Page URL
https://critixexchangesharefile.com/MTY0NTUwNDMyODcwZWQ1ZWVkMTI0YThmNzdkYTYyZjBhYzY3ZWQxZGFlOGFiMDA2ZWNjMWM5NGFmN2M0ZjYzNjZmZjI4MDNmZmI1NDIyOWViMQ==?id=c2NvdHQud3JpZ2h0QGlndHNvbHV0aW9ucy5jb20=&uid=63324e766448517564334a705a32683051476c6e64484e7662485630615739756379356a6232303d&auth=3139332e32372e31342e3434 Page URL
https://critixexchangesharefile.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 /
riozgmqyv.figueiredoeferreira.com.br/ 322 B
356 B 717ms
297ms Document
text/html 108.167.168.59
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://riozgmqyv.figueiredoeferreira.com.br/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.167.168.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 108-167-168-59.unifiedlayer.com
Software: Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

vary: Accept-Encoding
content-encoding: gzip
content-length: 259
content-type: text/html; charset=UTF-8
date: Tue, 22 Feb 2022 04:32:06 GMT
server: Apache

GET
H/1.1 200
OK scott.wright@igtsolutions.com
52.250.2.234/bb/ 374 B
630 B 2007ms
1847ms Document
text/html 52.250.2.234
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: http://52.250.2.234/bb/scott.wright@igtsolutions.com
Requested by: Host: riozgmqyv.figueiredoeferreira.com.br
URL: https://riozgmqyv.figueiredoeferreira.com.br/
Protocol: HTTP/1.1
Server: 52.250.2.234 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/8.0.12 / PHP/8.0.12
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Tue, 22 Feb 2022 04:32:06 GMT
Server: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/8.0.12
X-Powered-By: PHP/8.0.12
Content-Length: 374
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK MTY0NTUwNDMyODcwZWQ1ZWVkMTI0YThmNzdkYTYyZjBhYzY3ZWQxZGFlOGFiMDA2ZWNjMWM5NGFmN2M0ZjYzNjZmZjI4MDNmZmI1NDIyOWViMQ== Show response
critixexchangesharefile.com/ 1 KB
2 KB 1218ms
860ms Document
text/html 20.118.134.80
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://critixexchangesharefile.com/MTY0NTUwNDMyODcwZWQ1ZWVkMTI0YThmNzdkYTYyZjBhYzY3ZWQxZGFlOGFiMDA2ZWNjMWM5NGFmN2M0ZjYzNjZmZjI4MDNmZmI1NDIyOWViMQ==?id=c2NvdHQud3JpZ2h0QGlndHNvbHV0aW9ucy5jb20=&uid=63324e766448517564334a705a32683051476c6e64484e7662485630615739756379356a6232303d&auth=3139332e32372e31342e3434

Requested by

Host: 52.250.2.234
URL: http://52.250.2.234/bb/scott.wright@igtsolutions.com

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

20.118.134.80 Phoenix, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27 / PHP/7.4.27

Resource Hash

a7233f5b9a320b469d17535747e2f3222cf59b02ce1111f8d2fe37e90ad630b6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://52.250.2.234/

Response headers

Date: Tue, 22 Feb 2022 04:32:09 GMT
Server: Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27
Content-Security-Policy: upgrade-insecure-requests;
X-Powered-By: PHP/7.4.27
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
Content-Length: 1157
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 884 B
1000 B 42ms
20ms Script
text/javascript 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LczKBgbAAAAAM13luWBh4giCR_GCXWRre4BYkFR

Requested by

Host: critixexchangesharefile.com
URL: https://critixexchangesharefile.com/MTY0NTUwNDMyODcwZWQ1ZWVkMTI0YThmNzdkYTYyZjBhYzY3ZWQxZGFlOGFiMDA2ZWNjMWM5NGFmN2M0ZjYzNjZmZjI4MDNmZmI1NDIyOWViMQ==?id=c2NvdHQud3JpZ2h0QGlndHNvbHV0aW9ucy5jb20=&uid=63324e766448517564334a705a32683051476c6e64484e7662485630615739756379356a6232303d&auth=3139332e32372e31342e3434

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

17f4d23769bb626972e345c38040b81282c31c5653d879641250d62d53ac0a4d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://critixexchangesharefile.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 22 Feb 2022 04:32:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 587
x-xss-protection: 1; mode=block
expires: Tue, 22 Feb 2022 04:32:09 GMT

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/1B_yv3CBEV10KtI2HJ6eEXhJ/ 358 KB
142 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/1B_yv3CBEV10KtI2HJ6eEXhJ/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LczKBgbAAAAAM13luWBh4giCR_GCXWRre4BYkFR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee5d8f682805ed45d8c9ff24941a1ad286763bf61e23fde210d41e5016607106

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://critixexchangesharefile.com/
Origin: https://critixexchangesharefile.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 22 Feb 2022 03:17:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4490
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 144945
x-xss-protection: 0
last-modified: Mon, 14 Feb 2022 05:01:42 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 22 Feb 2023 03:17:19 GMT

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame D459 41 KB
22 KB 28ms
27ms Document
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LczKBgbAAAAAM13luWBh4giCR_GCXWRre4BYkFR&co=aHR0cHM6Ly9jcml0aXhleGNoYW5nZXNoYXJlZmlsZS5jb206NDQz&hl=de&v=1B_yv3CBEV10KtI2HJ6eEXhJ&size=invisible&cb=bqufxtnislsy

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/1B_yv3CBEV10KtI2HJ6eEXhJ/recaptcha__de.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3e3b8f5340cd49ea1157452be8201fb304a7dcb01c592713b40bd2c148728c5c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-M/jLwryqrCSx5ZTZozQABw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://critixexchangesharefile.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 22 Feb 2022 04:32:09 GMT
content-security-policy: script-src 'report-sample' 'nonce-M/jLwryqrCSx5ZTZozQABw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 21800
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/1B_yv3CBEV10KtI2HJ6eEXhJ/ Frame D459 51 KB
24 KB 23ms
7ms Stylesheet
text/css 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/1B_yv3CBEV10KtI2HJ6eEXhJ/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LczKBgbAAAAAM13luWBh4giCR_GCXWRre4BYkFR&co=aHR0cHM6Ly9jcml0aXhleGNoYW5nZXNoYXJlZmlsZS5jb206NDQz&hl=de&v=1B_yv3CBEV10KtI2HJ6eEXhJ&size=invisible&cb=bqufxtnislsy

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 22 Feb 2022 04:25:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 373
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 14 Feb 2022 05:01:42 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 22 Feb 2023 04:25:56 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/1B_yv3CBEV10KtI2HJ6eEXhJ/ Frame D459 358 KB
142 KB 21ms
7ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/1B_yv3CBEV10KtI2HJ6eEXhJ/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee5d8f682805ed45d8c9ff24941a1ad286763bf61e23fde210d41e5016607106

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 22 Feb 2022 03:17:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4490
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 144945
x-xss-protection: 0
last-modified: Mon, 14 Feb 2022 05:01:42 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 22 Feb 2023 03:17:19 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame D459 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/1B_yv3CBEV10KtI2HJ6eEXhJ/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/1B_yv3CBEV10KtI2HJ6eEXhJ/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 18:59:48 GMT
x-content-type-options: nosniff
age: 552741
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Tue, 22 Feb 2022 18:59:48 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame D459 15 KB
16 KB 30ms
7ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 17:06:41 GMT
x-content-type-options: nosniff
age: 559528
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 15 Feb 2023 17:06:41 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame D459 15 KB
15 KB 31ms
9ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 14:17:54 GMT
x-content-type-options: nosniff
age: 569655
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 15 Feb 2023 14:17:54 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame D459 102 B
134 B 16ms
15ms Other
text/javascript 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=1B_yv3CBEV10KtI2HJ6eEXhJ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e603b509658fdf55f0b46c6af2e7c189447f5046357e7d359b1fe6803574f7f2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LczKBgbAAAAAM13luWBh4giCR_GCXWRre4BYkFR&co=aHR0cHM6Ly9jcml0aXhleGNoYW5nZXNoYXJlZmlsZS5jb206NDQz&hl=de&v=1B_yv3CBEV10KtI2HJ6eEXhJ&size=invisible&cb=bqufxtnislsy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 22 Feb 2022 04:32:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Tue, 22 Feb 2022 04:32:09 GMT

POST
H3 200 reload Show response
www.google.com/recaptcha/api2/ Frame D459 31 KB
18 KB 46ms
46ms XHR
application/json 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/reload?k=6LczKBgbAAAAAM13luWBh4giCR_GCXWRre4BYkFR

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/1B_yv3CBEV10KtI2HJ6eEXhJ/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9afa3c051ee973f57d359d63d2d192fdf03f9f4571b759bff5edcc50a5d6c095

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LczKBgbAAAAAM13luWBh4giCR_GCXWRre4BYkFR&co=aHR0cHM6Ly9jcml0aXhleGNoYW5nZXNoYXJlZmlsZS5jb206NDQz&hl=de&v=1B_yv3CBEV10KtI2HJ6eEXhJ&size=invisible&cb=bqufxtnislsy
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Tue, 22 Feb 2022 04:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18131
x-xss-protection: 1; mode=block
expires: Tue, 22 Feb 2022 04:32:10 GMT

POST
H/1.1 200
OK Primary Request / Show response
critixexchangesharefile.com/ 104 KB
104 KB 1203ms
1203ms Document
text/html 20.118.134.80
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://critixexchangesharefile.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

20.118.134.80 Phoenix, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27 / PHP/7.4.27

Resource Hash

25cc45fdbb1f6148c8ebd135cfe8d6c1cc00ed1939f7ba173c43d4dc15f849e8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://critixexchangesharefile.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://critixexchangesharefile.com/MTY0NTUwNDMyODcwZWQ1ZWVkMTI0YThmNzdkYTYyZjBhYzY3ZWQxZGFlOGFiMDA2ZWNjMWM5NGFmN2M0ZjYzNjZmZjI4MDNmZmI1NDIyOWViMQ==?id=c2NvdHQud3JpZ2h0QGlndHNvbHV0aW9ucy5jb20=&uid=63324e766448517564334a705a32683051476c6e64484e7662485630615739756379356a6232303d&auth=3139332e32372e31342e3434

Response headers

Date: Tue, 22 Feb 2022 04:32:12 GMT
Server: Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27
Content-Security-Policy: upgrade-insecure-requests;
X-Powered-By: PHP/7.4.27
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

GET
H2 200 converged.v2.login.min_rayhgcterrtxpnvapp3erg2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 105 KB
20 KB 46ms
9ms Stylesheet
text/css 152.199.23.37

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_rayhgcterrtxpnvapp3erg2.css
Requested by: Host: critixexchangesharefile.com
URL: https://critixexchangesharefile.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.37 -, , ASN (),
Reverse DNS
Software: ECAcc (frc/8FAB) /
Resource Hash: ea6449d448a48495c557755af39701567925ceafc30e06fba05f65e723c91aa3

Request headers

Referer: https://critixexchangesharefile.com/
Origin: https://critixexchangesharefile.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 22 Feb 2022 04:32:13 GMT
content-encoding: gzip
content-md5: +rPQJ6BWMovrMLNrlexvKQ==
age: 21612549
x-cache: HIT
content-length: 19595
x-ms-lease-status: unlocked
last-modified: Sat, 21 Nov 2020 03:49:00 GMT
server: ECAcc (frc/8FAB)
etag: 0x8D88DD061D3546B
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 9bf8b192-801e-000e-2214-631f6b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 jquery-3.1.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 56ms
19ms Script
application/javascript 2001:4de0:ac18::1:a:3b

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.1.1.min.js
Requested by: Host: critixexchangesharefile.com
URL: https://critixexchangesharefile.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3b -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Request headers

Referer: https://critixexchangesharefile.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Tue, 22 Feb 2022 04:32:13 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-152b5"
vary: Accept-Encoding
x-hw: 1645504333.dop006.ml1.t,1645504333.cds224.ml1.hn,1645504333.cds204.ml1.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30070

GET
H2 200 converged.v2.login.min_rayhgcterrtxpnvapp3erg2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 0
19 KB 33ms
12ms Other
text/css 152.199.23.37

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_rayhgcterrtxpnvapp3erg2.css
Requested by: Host: critixexchangesharefile.com
URL: https://critixexchangesharefile.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.37 -, , ASN (),
Reverse DNS
Software: ECAcc (frc/8FAB) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://critixexchangesharefile.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 22 Feb 2022 04:32:13 GMT
content-encoding: gzip
content-md5: +rPQJ6BWMovrMLNrlexvKQ==
age: 21612549
x-cache: HIT
content-length: 19595
x-ms-lease-status: unlocked
last-modified: Sat, 21 Nov 2020 03:49:00 GMT
server: ECAcc (frc/8FAB)
etag: 0x8D88DD061D3546B
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 9bf8b192-801e-000e-2214-631f6b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 ux.converged.login.strings-en.min_szor2ujtsn_b-ik0b744ha2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 0
12 KB 31ms
11ms Other
application/x-javascript 152.199.23.37

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_szor2ujtsn_b-ik0b744ha2.js
Requested by: Host: critixexchangesharefile.com
URL: https://critixexchangesharefile.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.37 -, , ASN (),
Reverse DNS
Software: ECAcc (frc/8FA5) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://critixexchangesharefile.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 22 Feb 2022 04:32:13 GMT
content-encoding: gzip
content-md5: 6Qvaph3XjGlz0gTgNQb8QQ==
age: 11930128
x-cache: HIT
content-length: 12109
x-ms-lease-status: unlocked
last-modified: Wed, 06 Jan 2021 18:56:03 GMT
server: ECAcc (frc/8FA5)
etag: 0x8D8B274B724F769
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 4fabead7-501e-0003-3f24-bb2de5000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
DATA 200
OK truncated
/ 7 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dd857f991cc91a3f52e400bc6e3452ca871f9aa4db616e4748918bc8507d8072

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 217 B
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9e35e16ed2d132b80b321b118f62deb3c448d76f31c834b5eea969ff3885369a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 31 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a33593e9043efefbaf94d9ca220c885ce1c42dd2a7707f30ed072d7d71587da5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/jpeg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.google.com/recaptcha	1970-01-20 05:24:16	Name: _GRECAPTCHA Value: 09AGEo2mObQvaAX2NH5pPvKr1Bv9BZk7Sm_hcNVarQYvF5BdaNzwKMszy0pF_zw1Hg7j-EzJ_1W2l1eA4bDtt-4xY
			critixexchangesharefile.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 6eq6640188q2avgk3kf0hjr5pr

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://critixexchangesharefile.com/(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.1.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://critixexchangesharefile.com/(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.1.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msftauth.net
code.jquery.com
critixexchangesharefile.com
fonts.gstatic.com
riozgmqyv.figueiredoeferreira.com.br
www.google.com
www.gstatic.com
108.167.168.59
152.199.23.37
20.118.134.80
2001:4de0:ac18::1:a:3b
2a00:1450:4001:803::2003
2a00:1450:4001:811::2003
2a00:1450:4001:811::2004
52.250.2.234
17f4d23769bb626972e345c38040b81282c31c5653d879641250d62d53ac0a4d
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
25cc45fdbb1f6148c8ebd135cfe8d6c1cc00ed1939f7ba173c43d4dc15f849e8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3e3b8f5340cd49ea1157452be8201fb304a7dcb01c592713b40bd2c148728c5c
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
9afa3c051ee973f57d359d63d2d192fdf03f9f4571b759bff5edcc50a5d6c095
9e35e16ed2d132b80b321b118f62deb3c448d76f31c834b5eea969ff3885369a
a33593e9043efefbaf94d9ca220c885ce1c42dd2a7707f30ed072d7d71587da5
a7233f5b9a320b469d17535747e2f3222cf59b02ce1111f8d2fe37e90ad630b6
dd857f991cc91a3f52e400bc6e3452ca871f9aa4db616e4748918bc8507d8072
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e603b509658fdf55f0b46c6af2e7c189447f5046357e7d359b1fe6803574f7f2
ea6449d448a48495c557755af39701567925ceafc30e06fba05f65e723c91aa3
ee5d8f682805ed45d8c9ff24941a1ad286763bf61e23fde210d41e5016607106
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

critixexchangesharefile.com Open in urlscan Pro 20.118.134.80 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

94 %HTTPS

50 %IPv6

6 Domains

7 Subdomains

9 IPs

2 Countries

569 kBTransfer

1207 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

2 Cookies

2 Console Messages

Indicators

critixexchangesharefile.com Open in urlscan Pro
20.118.134.80 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

94 %
HTTPS

50 %
IPv6

6
Domains

7
Subdomains

9
IPs

2
Countries

569 kB
Transfer

1207 kB
Size

2
Cookies

18 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!