lyptogfposdirefdwe.azurewebsites.net Open in urlscan Pro
13.71.170.130 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://26.67.106.34.bc.googleusercontent.com/ne/?id=iJZkaSf4dE&email=Andrew.C.Adamson%40boeing.com&opd=Ka3gHx7DjS
Effective URL:
https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
Submission: On September 14 via api (September 14th 2020, 3:53:20 pm UTC) from US

Summary HTTP 23 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 3 countries across 9 domains to perform 23 HTTP transactions. The main IP is 13.71.170.130, located in Toronto, Canada and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is lyptogfposdirefdwe.azurewebsites.net.
TLS certificate: Issued by Microsoft IT TLS CA 5 on September 24th 2019. Valid for: 2 years.

This is the only time lyptogfposdirefdwe.azurewebsites.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	34.106.67.26 34.106.67.26	15169 (GOOGLE) (GOOGLE)
1	13.71.170.130 13.71.170.130	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	52.200.39.230 52.200.39.230	14618 (AMAZON-AES) (AMAZON-AES)
9	151.101.65.195 151.101.65.195	54113 (FASTLY) (FASTLY)
4	2606:4700::68... 2606:4700::6810:7eaf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6811:4e6b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700:303... 2606:4700:3033::ac43:cf56	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2620:1ec:bdf::10 2620:1ec:bdf::10	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
23	8

1 34.106.67.26 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 26.67.106.34.bc.googleusercontent.com

26.67.106.34.bc.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.71.170.130 (Toronto, Canada)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

lyptogfposdirefdwe.azurewebsites.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.200.39.230 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-200-39-230.compute-1.amazonaws.com

ameizoxposaewe.herokuapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 151.101.65.195 (United States)

ASN54113 (FASTLY, US)

vancndnewis.firebaseapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:7eaf (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:4e6b (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3033::ac43:cf56 (United States)

ASN13335 (CLOUDFLARENET, US)

thenewshot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:bdf::10 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

aadcdn.msauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	firebaseapp.com vancndnewis.firebaseapp.com	179 KB
4	cloudflare.com cdnjs.cloudflare.com	31 KB
4	unpkg.com unpkg.com	75 KB
2	thenewshot.com thenewshot.com	486 B
1	msauth.net aadcdn.msauth.net	1 KB
1	googleapis.com ajax.googleapis.com	30 KB
1	herokuapp.com ameizoxposaewe.herokuapp.com	4 KB
1	azurewebsites.net lyptogfposdirefdwe.azurewebsites.net	1 KB
1	googleusercontent.com 1 redirects 26.67.106.34.bc.googleusercontent.com	391 B
23	9

	Domain	Requested by
9	vancndnewis.firebaseapp.com	lyptogfposdirefdwe.azurewebsites.net
4	cdnjs.cloudflare.com	lyptogfposdirefdwe.azurewebsites.net
4	unpkg.com	lyptogfposdirefdwe.azurewebsites.net
2	thenewshot.com	unpkg.com
1	aadcdn.msauth.net	lyptogfposdirefdwe.azurewebsites.net
1	ajax.googleapis.com	lyptogfposdirefdwe.azurewebsites.net
1	ameizoxposaewe.herokuapp.com	lyptogfposdirefdwe.azurewebsites.net
1	lyptogfposdirefdwe.azurewebsites.net
1	26.67.106.34.bc.googleusercontent.com	1 redirects
23	9

This site contains no links.

Subject Issuer	Validity	Valid
*.azurewebsites.net Microsoft IT TLS CA 5	`2019-09-24` - `2021-09-24`	2 years	crt.sh
*.herokuapp.com DigiCert SHA2 High Assurance Server CA	`2020-06-15` - `2021-07-07`	a year	crt.sh
firebaseapp.com GTS CA 1O1	`2019-10-28` - `2020-10-26`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-02` - `2021-08-02`	a year	crt.sh
cdnjs.cloudflare.com DigiCert ECC Secure Server CA	`2020-08-12` - `2022-08-17`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
aadcdn.msauth.net DigiCert SHA2 Secure Server CA	`2020-07-08` - `2021-07-08`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
Frame ID: 508515981D092E1A591BD7E5547D0D58
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://26.67.106.34.bc.googleusercontent.com/ne/?id=iJZkaSf4dE&email=Andrew.C.Adamson%40boeing.com&opd=Ka3gHx7DjS HTTP 302
https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

23
Requests

100 %
HTTPS

56 %
IPv6

9
Domains

9
Subdomains

8
IPs

3
Countries

321 kB
Transfer

1050 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://26.67.106.34.bc.googleusercontent.com/ne/?id=iJZkaSf4dE&email=Andrew.C.Adamson%40boeing.com&opd=Ka3gHx7DjS HTTP 302
https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request rtydxds.php Show response
lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/
Redirect Chain

http://26.67.106.34.bc.googleusercontent.com/ne/?id=iJZkaSf4dE&email=Andrew.C.Adamson%40boeing.com&opd=Ka3gHx7DjS
https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b

1 KB
1 KB

551ms
192ms

Document
text/html

13.71.170.130
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.71.170.130 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache / PHP/7.3.15
Resource Hash: 0e4f0770270e436d566f2133207ff8fb97d16ede7bc6b41a3c427e2a0a69b7ff

Request headers

Host: lyptogfposdirefdwe.azurewebsites.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length: 927
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Apache
X-Powered-By: PHP/7.3.15
Date: Mon, 14 Sep 2020 15:53:02 GMT

Redirect headers

Date: Mon, 14 Sep 2020 15:53:02 GMT
Server: Apache
location: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b#/qkjmb2VH-!&@QXwBaP4gtVmIqe8WnYS!@&FjrkJ7emBhM9dQ!&@-Andrew.C.Adamson@boeing.com-xuLGIT/ql1Zn3O1mg
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK dFZIVWpKTXhRTHJ0dHBNZzcyNmhNcmtsWlo1RWhHb3lJK1lsUzdHUlphMFFhdEd3RzBnTG85dnl5TVp3WENJUG83QkZkNVFidWdocGxpaEZGbWhoMHpMZ3l1T3dDTkhsU3h0NkpZelBoaklUdWlxaW1rQlB1MzFLbkQ0WWxjWmFPU0o1YzZxbTAwc3hzU09saFhNN... Show response
ameizoxposaewe.herokuapp.com/ 7 KB
4 KB 1303ms
976ms Script
application/javascript 52.200.39.230
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ameizoxposaewe.herokuapp.com/dFZIVWpKTXhRTHJ0dHBNZzcyNmhNcmtsWlo1RWhHb3lJK1lsUzdHUlphMFFhdEd3RzBnTG85dnl5TVp3WENJUG83QkZkNVFidWdocGxpaEZGbWhoMHpMZ3l1T3dDTkhsU3h0NkpZelBoaklUdWlxaW1rQlB1MzFLbkQ0WWxjWmFPU0o1YzZxbTAwc3hzU09saFhNNXdwMng0NE1DVTAwU1Jtd3FGQWVIR3o1Nkt2U3UxNjFWdXZSdVZnNWFtSHB2enFmZ2oyRkExWFFwWERZUVZ5dFNvM1ZseWN2UEVkNmhCd0kyOVd6RUZHR2djMXlBMUJHUjFwSzNiSUJYQk1xZg.js
Requested by: Host: lyptogfposdirefdwe.azurewebsites.net
URL: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.200.39.230 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-200-39-230.compute-1.amazonaws.com
Software: nginx /
Resource Hash: a2e7ba10d81aad3a8c520ab664e6350c29716cd9d59451bcd39d5d4861f23b2b

Request headers

Referer: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 14 Sep 2020 15:53:04 GMT
Via: 1.1 vegur
Server: nginx
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=31536000
Connection: keep-alive
Content-Encoding: gzip

GET
H2 200 fac43fa176eab3fc0db13444ca76b2dfnbr1599151020.css
vancndnewis.firebaseapp.com/itrpgox/themes/css/ 87 KB
12 KB 46ms
16ms Stylesheet
text/css 151.101.65.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://vancndnewis.firebaseapp.com/itrpgox/themes/css/fac43fa176eab3fc0db13444ca76b2dfnbr1599151020.css

Requested by

Host: lyptogfposdirefdwe.azurewebsites.net
URL: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

721b91520b6635b2fc2fd94ca0b2dbb19c39b942b181c62dbe2521b02faeca05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
last-modified: Tue, 08 Sep 2020 05:15:55 GMT
x-timer: S1600098785.605737,VS0,VE1
etag: "1b57d8d3d5b7904236f0e3a0ada398bb24c0b3a449a514b0f7fa7d8db8fa3444-br"
x-served-by: cache-ams21026-AMS
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/css; charset=utf-8
status: 200
cache-control: max-age=3600
date: Mon, 14 Sep 2020 15:53:04 GMT
accept-ranges: bytes
content-length: 12101
x-cache-hits: 1

GET
H2 200 8a761ccda2c2c304512d9c9bb8f915fbnbr1599151021.css
vancndnewis.firebaseapp.com/itrpgox/themes/css/ 35 KB
2 KB 17ms
16ms Stylesheet
text/css 151.101.65.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://vancndnewis.firebaseapp.com/itrpgox/themes/css/8a761ccda2c2c304512d9c9bb8f915fbnbr1599151021.css

Requested by

Host: lyptogfposdirefdwe.azurewebsites.net
URL: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

10ba1b57262133e4d0dc1a67dba1c5e0f2ee2cca5c78de35269ffe1b665ef18c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
last-modified: Tue, 08 Sep 2020 05:15:55 GMT
x-timer: S1600098785.684295,VS0,VE1
etag: "fa8a89176f49b7c4d6c0f83cb229b9ce6343e457c7c8b4ad2445aa3e5a2e1413-br"
x-served-by: cache-ams21026-AMS
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/css; charset=utf-8
status: 200
cache-control: max-age=3600
date: Mon, 14 Sep 2020 15:53:04 GMT
accept-ranges: bytes
content-length: 1615
x-cache-hits: 1

GET
H2 200 axios.min.js Show response
unpkg.com/axios@0.16.1/dist/ 34 KB
11 KB 27ms
15ms Script
application/javascript 2606:4700::6810:7eaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/axios@0.16.1/dist/axios.min.js

Requested by

Host: lyptogfposdirefdwe.azurewebsites.net
URL: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b2114a050aed49f4a24237d4d1f437b75ca10c6fc8623eae23c0558c53a7e21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 15:53:04 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 9768483
status: 200
vary: Accept-Encoding
cf-request-id: 052eeaeddf0000d6b1dd329200000001
last-modified: Sat, 08 Apr 2017 18:51:20 GMT
server: cloudflare
etag: W/"879a-StlLhYX39Pj2Qvz0O98NQPjvG9U"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: 46506d9a310e575c83ddf38d2b6e9439
cache-control: public, max-age=31536000
cf-ray: 5d2b475c9af3d6b1-FRA

GET
H2 200 fac43fa176eab3fc0db13444ca76b2dfnbr1599151020.js Show response
vancndnewis.firebaseapp.com/itrpgox/themes/ 74 KB
18 KB 17ms
17ms Script
text/javascript 151.101.65.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://vancndnewis.firebaseapp.com/itrpgox/themes/fac43fa176eab3fc0db13444ca76b2dfnbr1599151020.js

Requested by

Host: lyptogfposdirefdwe.azurewebsites.net
URL: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

74116901ac0ec12dd7af88a1e9ac55a5531f2dac5da8053cfa70042d738587e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
last-modified: Tue, 08 Sep 2020 05:15:55 GMT
x-timer: S1600098785.791078,VS0,VE1
etag: "18436deb674b50728be198a9912eab2947b4e3b5a74daafe8daf6805d969d6cf-br"
x-served-by: cache-ams21026-AMS
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
status: 200
cache-control: max-age=3600
date: Mon, 14 Sep 2020 15:53:04 GMT
accept-ranges: bytes
content-length: 18676
x-cache-hits: 1

GET
H2 200 vue.min.js Show response
unpkg.com/vue@2.6.11/dist/ 91 KB
33 KB 20ms
20ms Script
application/javascript 2606:4700::6810:7eaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/vue@2.6.11/dist/vue.min.js

Requested by

Host: lyptogfposdirefdwe.azurewebsites.net
URL: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e0156dd49c03744e79bbea60eebbbb94b5811c1b71b91f5fb38a8270dedfbaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 15:53:04 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 12397444
status: 200
vary: Accept-Encoding
cf-request-id: 052eeaee430000d6b1dd32f200000001
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"16de6-q9I58ClmstMksFEsIDvbr4Kk7Xo"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: 6729ae86e9d5940da12e3f9298409540
cache-control: public, max-age=31536000
cf-ray: 5d2b475d3c6ad6b1-FRA

GET
H2 200 vue-router.min.js Show response
unpkg.com/vue-router@2.7.0/dist/ 23 KB
8 KB 37ms
37ms Script
application/javascript 2606:4700::6810:7eaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/vue-router@2.7.0/dist/vue-router.min.js

Requested by

Host: lyptogfposdirefdwe.azurewebsites.net
URL: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a01a4f435ae1e511d874f1abc960898902b1d6d4731c3cf0f3383b1ec3ffd1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 15:53:04 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 19035316
status: 200
vary: Accept-Encoding
cf-request-id: 052eeaee7e0000d6b1dd333200000001
last-modified: Thu, 29 Jun 2017 03:57:37 GMT
server: cloudflare
etag: W/"5c5a-b2+xvLVNqK43WHk3Czwf1BAXaoI"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: 3ac2d6108d348d4cbddeec216c2fe598
cache-control: public, max-age=31536000
cf-ray: 5d2b475d9d22d6b1-FRA

GET
H2 200 vuex.min.js Show response
cdnjs.cloudflare.com/ajax/libs/vuex/2.3.1/ 10 KB
4 KB 27ms
14ms Script
application/javascript 2606:4700::6811:4e6b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/vuex/2.3.1/vuex.min.js

Requested by

Host: lyptogfposdirefdwe.azurewebsites.net
URL: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4e6b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f1597d8c4ad4932102d5f5fbb0c35b827d7ccfc58a30ff6cdfe9dd0c3e5efa7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 15:53:04 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 1620804
x-via: cfworker/kv
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3106
cf-request-id: 052eeaeecc00002488e23be200000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:51 GMT
server: cloudflare
etag: "5eb0402f-290d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5d2b475e1b5d2488-FRA
expires: Sat, 04 Sep 2021 15:53:04 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ 85 KB
30 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js

Requested by

Host: lyptogfposdirefdwe.azurewebsites.net
URL: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 09:04:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24545
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30306
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Sep 2021 09:04:00 GMT

GET
H2 200 vee-validate.min.js Show response
cdnjs.cloudflare.com/ajax/libs/vee-validate/2.0.0-rc.3/ 42 KB
11 KB 14ms
14ms Script
application/javascript 2606:4700::6811:4e6b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/vee-validate/2.0.0-rc.3/vee-validate.min.js

Requested by

Host: lyptogfposdirefdwe.azurewebsites.net
URL: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4e6b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7649e92aa760b806193241148e8b88f3bc12c4e6cffbc35622a99477db798242

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 15:53:05 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 1797898
x-via: cfworker/kv
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10691
cf-request-id: 052eeaef2100002488e23c3200000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:28 GMT
server: cloudflare
etag: "5eb04018-a668"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5d2b475e9c802488-FRA
expires: Sat, 04 Sep 2021 15:53:05 GMT

GET
H2 200 vue-i18n.min.js Show response
cdnjs.cloudflare.com/ajax/libs/vue-i18n/7.0.3/ 14 KB
4 KB 21ms
21ms Script
application/javascript 2606:4700::6811:4e6b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/vue-i18n/7.0.3/vue-i18n.min.js

Requested by

Host: lyptogfposdirefdwe.azurewebsites.net
URL: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4e6b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20527289ca6a43abafb1fa42079d6c68425c583d5f93960eae5b5737bf28493b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 15:53:05 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 468477
x-via: cfworker/kv
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3901
cf-request-id: 052eeaef5f00002488e23c8200000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:47 GMT
server: cloudflare
etag: "5eb0402b-379c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5d2b475efd722488-FRA
expires: Sat, 04 Sep 2021 15:53:05 GMT

GET
H2 200 lodash.min.js Show response
unpkg.com/lodash@4.17.4/ 71 KB
23 KB 20ms
20ms Script
application/javascript 2606:4700::6810:7eaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/lodash@4.17.4/lodash.min.js

Requested by

Host: lyptogfposdirefdwe.azurewebsites.net
URL: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23258114961c94563c3e7df66f059d487995e01f4ce666f2e5b84f1c499e63cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 15:53:05 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 19035315
status: 200
vary: Accept-Encoding
cf-request-id: 052eeaef990000d6b1dd346200000001
last-modified: Sat, 31 Dec 2016 22:32:41 GMT
server: cloudflare
etag: W/"11c44-YN5uQ8SiwzJidasS1P/ZCyWCruk"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: 0f89148d6d979298201f4436f36dcb5b
cache-control: public, max-age=31536000
cf-ray: 5d2b475f5921d6b1-FRA

GET
H2 200 mobile-detect.min.js Show response
cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.3.6/ 37 KB
13 KB 18ms
17ms Script
application/javascript 2606:4700::6811:4e6b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.3.6/mobile-detect.min.js

Requested by

Host: lyptogfposdirefdwe.azurewebsites.net
URL: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4e6b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc8b081ba3d5a5270fb663b4856ce474277a52421f98a3b8aa385100c342a3d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 15:53:05 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 1011111
x-via: cfworker/kv
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13328
cf-request-id: 052eeaefd000002488e23d1200000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:13:25 GMT
server: cloudflare
etag: "5eb03f25-9341"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5d2b475fbf8e2488-FRA
expires: Sat, 04 Sep 2021 15:53:05 GMT

GET
H2 200 6fa41b218ab849f130ca9efda9eab961.js Show response
vancndnewis.firebaseapp.com/itrpgox/themes/ 397 KB
130 KB 26ms
25ms Script
text/javascript 151.101.65.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://vancndnewis.firebaseapp.com/itrpgox/themes/6fa41b218ab849f130ca9efda9eab961.js

Requested by

Host: lyptogfposdirefdwe.azurewebsites.net
URL: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

214ec6c9b37502986ba736d77a2ce316d08e5af2b6a513268f55eabe611f5930

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
last-modified: Tue, 08 Sep 2020 05:15:55 GMT
x-timer: S1600098785.286120,VS0,VE10
etag: "2efaa71340c873dcf9ba3fca376eac9f09ee1383463e30c9d37a5946aac8e989-br"
x-served-by: cache-ams21026-AMS
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
status: 200
cache-control: max-age=3600
date: Mon, 14 Sep 2020 15:53:05 GMT
accept-ranges: bytes
content-length: 133370
x-cache-hits: 1

OPTIONS
H2 200 RmZ5eU1PNGtVcGErZmJ5aG1tWWlSd25LL1JFYjUxekNnVm5BczVHNURVZ3p4bS91QXFGaEFWeTh3SXBuUi9HODNXNzh1V0pIelhnZUtpTVRqdEFNTGc9PQ
thenewshot.com/ 0
0 402ms
384ms Other
text/html 2606:4700:3033::ac43:cf56
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thenewshot.com/RmZ5eU1PNGtVcGErZmJ5aG1tWWlSd25LL1JFYjUxekNnVm5BczVHNURVZ3p4bS91QXFGaEFWeTh3SXBuUi9HODNXNzh1V0pIelhnZUtpTVRqdEFNTGc9PQ?bbp=g1oebkhhVOl3xUpGgEuW
Protocol: H2
Server: 2606:4700:3033::ac43:cf56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authkey,authvalue
Origin: https://lyptogfposdirefdwe.azurewebsites.net
Sec-Fetch-Mode: cors

Response headers

status: 200
date: Mon, 14 Sep 2020 15:53:05 GMT
content-type: text/html; charset=UTF-8
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS
access-control-allow-headers: authkey,authvalue
access-control-allow-origin: https://lyptogfposdirefdwe.azurewebsites.net
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-request-id: 052eeaf0e200002c523dae2200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5d2b47616f5d2c52-FRA
content-encoding: br

GET
H2 200 RmZ5eU1PNGtVcGErZmJ5aG1tWWlSd25LL1JFYjUxekNnVm5BczVHNURVZ3p4bS91QXFGaEFWeTh3SXBuUi9HODNXNzh1V0pIelhnZUtpTVRqdEFNTGc9PQ Show response
thenewshot.com/ 12 B
486 B 381ms
365ms XHR
text/html 2606:4700:3033::ac43:cf56
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thenewshot.com/RmZ5eU1PNGtVcGErZmJ5aG1tWWlSd25LL1JFYjUxekNnVm5BczVHNURVZ3p4bS91QXFGaEFWeTh3SXBuUi9HODNXNzh1V0pIelhnZUtpTVRqdEFNTGc9PQ?bbp=g1oebkhhVOl3xUpGgEuW
Requested by: Host: unpkg.com
URL: https://unpkg.com/axios@0.16.1/dist/axios.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:cf56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0eb7033e5cb90e431a5907f51d54cf7918dd561fc6d34a60d71c7dd86ca98c86

Request headers

Accept: application/json, text/plain, */*
Referer: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
authvalue: false
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
authkey: false

Response headers

date: Mon, 14 Sep 2020 15:53:06 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://lyptogfposdirefdwe.azurewebsites.net
access-control-allow-credentials: true
cf-ray: 5d2b4763e9b0dfdb-FRA
cf-request-id: 052eeaf2720000dfdb11165200000001

GET
H2 200 a3107e4d4ae0ea783cd1177c52f1e6301599151005.js Show response
vancndnewis.firebaseapp.com/itrpgox/themes/js/ 34 KB
14 KB 15ms
15ms Script
text/javascript 151.101.65.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://vancndnewis.firebaseapp.com/itrpgox/themes/js/a3107e4d4ae0ea783cd1177c52f1e6301599151005.js

Requested by

Host: lyptogfposdirefdwe.azurewebsites.net
URL: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4afd0663d824e73f62b9633f4e76ab4ead42f863fb7feaf28734fac14385aa30

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
last-modified: Tue, 08 Sep 2020 05:15:55 GMT
x-timer: S1600098786.282207,VS0,VE1
etag: "4fb5cfd0f768bc51e6233e606a1710de702403aedee23b7d037d8eec5f359b4d-br"
x-served-by: cache-ams21026-AMS
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
status: 200
cache-control: max-age=3600
date: Mon, 14 Sep 2020 15:53:06 GMT
accept-ranges: bytes
content-length: 13833
x-cache-hits: 1

GET
H2 200 microsoft_logo.svg
vancndnewis.firebaseapp.com/itrpgox/themes/imgs/ 4 KB
1 KB 16ms
15ms Image
image/svg+xml 151.101.65.195
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vancndnewis.firebaseapp.com/itrpgox/themes/imgs/microsoft_logo.svg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
last-modified: Tue, 08 Sep 2020 05:15:55 GMT
x-timer: S1600098786.372499,VS0,VE1
etag: "a88f22478e52f27f6f24668e3ff397bf66ba51e21b2cc2375100de1d281417be-br"
x-served-by: cache-ams21026-AMS
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: image/svg+xml
status: 200
cache-control: max-age=3600
date: Mon, 14 Sep 2020 15:53:06 GMT
accept-ranges: bytes
content-length: 1274
x-cache-hits: 1

GET
H2 200 ellipsis_white.svg
vancndnewis.firebaseapp.com/itrpgox/themes/imgs/ 915 B
339 B 16ms
15ms Image
image/svg+xml 151.101.65.195
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vancndnewis.firebaseapp.com/itrpgox/themes/imgs/ellipsis_white.svg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
last-modified: Tue, 08 Sep 2020 05:15:55 GMT
x-timer: S1600098786.372489,VS0,VE1
etag: "b1336d85e1a0c89eea2a4969953d0326f0faedd47871ea522033f7f6e513ea57-br"
x-served-by: cache-ams21026-AMS
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: image/svg+xml
status: 200
cache-control: max-age=3600
date: Mon, 14 Sep 2020 15:53:06 GMT
accept-ranges: bytes
content-length: 228
x-cache-hits: 1

GET
H2 200 ellipsis_grey.svg
vancndnewis.firebaseapp.com/itrpgox/themes/imgs/ 915 B
342 B 16ms
16ms Image
image/svg+xml 151.101.65.195
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vancndnewis.firebaseapp.com/itrpgox/themes/imgs/ellipsis_grey.svg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
last-modified: Tue, 08 Sep 2020 05:15:55 GMT
x-timer: S1600098786.372576,VS0,VE1
etag: "8bd35fb6e43a52fbd3fac4f46b28b8cc71b6f00e2b06636395e54a9c210d997e-br"
x-served-by: cache-ams21026-AMS
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: image/svg+xml
status: 200
cache-control: max-age=3600
date: Mon, 14 Sep 2020 15:53:06 GMT
accept-ranges: bytes
content-length: 230
x-cache-hits: 1

GET
H2 200 2_bc3d32a696895f78c19df6c717586a5d.svg
aadcdn.msauth.net/ests/2.1/content/images/backgrounds/ 2 KB
1 KB 50ms
17ms Image
image/svg+xml 2620:1ec:bdf::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
Requested by: Host: lyptogfposdirefdwe.azurewebsites.net
URL: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Request headers

Referer: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 14 Sep 2020 15:53:06 GMT
content-encoding: gzip
x-azure-ref-originshield: 0a6ZeXwAAAAAlUhA9vBuZSbwojfpT7O4iTE9OMjFFREdFMDEyMAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
content-md5: DhdidjYrlCeaRJJRG/y9mA==
x-cache: TCP_HIT
status: 200
content-length: 673
x-ms-lease-status: unlocked
last-modified: Thu, 13 Feb 2020 02:05:12 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: 0x8D7B0292911C366
x-azure-ref: 04pFfXwAAAADmud8L32wDS5RS9j+BpPatQkVSMzBFREdFMDQxNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 39489b73-601e-0015-0c22-8a005b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19

GET
H2 200 arrow_left.svg
vancndnewis.firebaseapp.com/itrpgox/themes/imgs/ 513 B
363 B 15ms
14ms Image
image/svg+xml 151.101.65.195
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vancndnewis.firebaseapp.com/itrpgox/themes/imgs/arrow_left.svg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://lyptogfposdirefdwe.azurewebsites.net/YjGqyVtN/slgGe/Hl@bv6/rtydxds.php?bbre=cb3b0b
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
last-modified: Tue, 08 Sep 2020 05:15:55 GMT
x-timer: S1600098787.682718,VS0,VE1
etag: "cb628ea8b5a2dcbf70b932568b2144d735f8f2f6d3cc6934e421fd69543b65ae-br"
x-served-by: cache-ams21026-AMS
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: image/svg+xml
status: 200
cache-control: max-age=3600
date: Mon, 14 Sep 2020 15:53:06 GMT
accept-ranges: bytes
content-length: 251
x-cache-hits: 1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

26.67.106.34.bc.googleusercontent.com
aadcdn.msauth.net
ajax.googleapis.com
ameizoxposaewe.herokuapp.com
cdnjs.cloudflare.com
lyptogfposdirefdwe.azurewebsites.net
thenewshot.com
unpkg.com
vancndnewis.firebaseapp.com
13.71.170.130
151.101.65.195
2606:4700:3033::ac43:cf56
2606:4700::6810:7eaf
2606:4700::6811:4e6b
2620:1ec:bdf::10
2a00:1450:4001:800::200a
34.106.67.26
52.200.39.230
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e4f0770270e436d566f2133207ff8fb97d16ede7bc6b41a3c427e2a0a69b7ff
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
0eb7033e5cb90e431a5907f51d54cf7918dd561fc6d34a60d71c7dd86ca98c86
10ba1b57262133e4d0dc1a67dba1c5e0f2ee2cca5c78de35269ffe1b665ef18c
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
20527289ca6a43abafb1fa42079d6c68425c583d5f93960eae5b5737bf28493b
214ec6c9b37502986ba736d77a2ce316d08e5af2b6a513268f55eabe611f5930
23258114961c94563c3e7df66f059d487995e01f4ce666f2e5b84f1c499e63cc
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
4afd0663d824e73f62b9633f4e76ab4ead42f863fb7feaf28734fac14385aa30
5a01a4f435ae1e511d874f1abc960898902b1d6d4731c3cf0f3383b1ec3ffd1d
5f1597d8c4ad4932102d5f5fbb0c35b827d7ccfc58a30ff6cdfe9dd0c3e5efa7
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
6b2114a050aed49f4a24237d4d1f437b75ca10c6fc8623eae23c0558c53a7e21
721b91520b6635b2fc2fd94ca0b2dbb19c39b942b181c62dbe2521b02faeca05
74116901ac0ec12dd7af88a1e9ac55a5531f2dac5da8053cfa70042d738587e3
7649e92aa760b806193241148e8b88f3bc12c4e6cffbc35622a99477db798242
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
9e0156dd49c03744e79bbea60eebbbb94b5811c1b71b91f5fb38a8270dedfbaf
a2e7ba10d81aad3a8c520ab664e6350c29716cd9d59451bcd39d5d4861f23b2b
fc8b081ba3d5a5270fb663b4856ce474277a52421f98a3b8aa385100c342a3d8

lyptogfposdirefdwe.azurewebsites.net Open in urlscan Pro 13.71.170.130 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

23 Requests

100 %HTTPS

56 %IPv6

9 Domains

9 Subdomains

8 IPs

3 Countries

321 kBTransfer

1050 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

lyptogfposdirefdwe.azurewebsites.net Open in urlscan Pro
13.71.170.130 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

100 %
HTTPS

56 %
IPv6

9
Domains

9
Subdomains

8
IPs

3
Countries

321 kB
Transfer

1050 kB
Size

0
Cookies

23 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!