k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io Open in urlscan Pro
172.67.176.15 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/
Submission: On April 24 via api (April 24th 2024, 10:02:23 am UTC) from US — Scanned from DE

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 5 domains to perform 17 HTTP transactions. The main IP is 172.67.176.15, located in United States and belongs to CLOUDFLARENET, US. The main domain is k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io.
TLS certificate: Issued by E1 on April 22nd 2024. Valid for: 3 months.

This is the only time k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online) WeTransfer (Online) Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
2 9	172.67.176.15 172.67.176.15	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
2	2a04:4e42:400... 2a04:4e42:400::649	54113 (FASTLY) (FASTLY)
1	104.26.13.205 104.26.13.205	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.217.18.10 172.217.18.10	15169 (GOOGLE) (GOOGLE)
1	13.32.27.114 13.32.27.114	16509 (AMAZON-02) (AMAZON-02)
17	7

9 172.67.176.15 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

firebasestorage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.13.205 (None, )

ASN13335 (CLOUDFLARENET, US)

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.10 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f10.1e100.net

firebasestorage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.114 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-114.fra56.r.cloudfront.net

prod-cdn.wetransfer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	4everland.io 2 redirects k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io	17 KB
6	googleapis.com firebasestorage.googleapis.com — Cisco Umbrella Rank: 6259 ajax.googleapis.com — Cisco Umbrella Rank: 363	118 KB
2	jquery.com code.jquery.com — Cisco Umbrella Rank: 767	108 KB
1	wetransfer.net prod-cdn.wetransfer.net — Cisco Umbrella Rank: 59065	41 KB
1	ipify.org api.ipify.org — Cisco Umbrella Rank: 2959	154 B
17	5

	Domain	Requested by
9	k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io	2 redirects k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io
5	firebasestorage.googleapis.com	k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io firebasestorage.googleapis.com
2	code.jquery.com	k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io
1	prod-cdn.wetransfer.net
1	api.ipify.org	code.jquery.com
1	ajax.googleapis.com	k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io
17	6

This site contains no links.

Subject Issuer	Validity	Valid
*.ipns.4everland.io E1	`2024-04-22` - `2024-07-21`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-03-18` - `2024-06-10`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
ipify.org GTS CA 1P5	`2024-03-21` - `2024-06-19`	3 months	crt.sh
wetransfer.net Amazon RSA 2048 M01	`2023-07-30` - `2024-08-28`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/
Frame ID: 240D862E9481C6D1141F55857DB4D007
Requests: 15 HTTP requests in this frame

Frame: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js
Frame ID: 4FCD03716C89BBD6F5FCE62D97B8D4D9
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WeTransfer

Page URL History Show full URLs

https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/ Page URL
https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/cdn-cgi/phish-bypass?atok=rBtARizsqENd105kukQxxtsjyGz3Z07g5O6R3JHg9rQ-171395... HTTP 301
https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

94 %
HTTPS

43 %
IPv6

5
Domains

6
Subdomains

7
IPs

3
Countries

284 kB
Transfer

612 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/ Page URL
https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/cdn-cgi/phish-bypass?atok=rBtARizsqENd105kukQxxtsjyGz3Z07g5O6R3JHg9rQ-1713952933-0.0.1.1-%2F HTTP 301
https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13

https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 / Show response
k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/ 4 KB
2 KB 121ms
47ms Document
text/html 172.67.176.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.176.15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af2cd48eab0e9c29c9fb5d3fbcae76340ba8dc0e62e58dd526f8cb5d4f595fdc

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cf-ray: 879541ac6dfebb97-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 24 Apr 2024 10:02:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=itsht8vAcdt%2F16gMMWz8WZ18k%2BJwqPB3GUUQ45D3chZKVmtCtsAhL9AwElt3JGtxpkbLm%2BLSTzo9kWFHwC0eB2Qh%2FbIWZM29MZGWLafE37fhA9sM1zkuu1kfKnGOeEmIU29z5hSeIvldUjz62e7B4q09tNHKbjDqYLBXJBF0rlZPaHdYKziDzRKNFSsjiZ2GWSt9gVkrsp2ho%2F4Z2W3bdumVpw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H3 200 cf.errors.css
k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/cdn-cgi/styles/ 23 KB
5 KB 42ms
41ms Stylesheet
text/css 172.67.176.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/cdn-cgi/styles/cf.errors.css

Requested by

Host: k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io
URL: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.176.15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 24 Apr 2024 10:02:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Apr 2024 15:45:04 GMT
server: cloudflare
etag: W/"661e9d00-5df3"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 879541acbe52bb97-FRA
expires: Wed, 24 Apr 2024 12:02:13 GMT

GET
H3 200 icon-exclamation.png
k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/cdn-cgi/images/ 452 B
634 B 41ms
41ms Image
image/png 172.67.176.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io
URL: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.176.15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/cdn-cgi/styles/cf.errors.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 24 Apr 2024 10:02:13 GMT
x-content-type-options: nosniff
last-modified: Tue, 16 Apr 2024 15:45:04 GMT
server: cloudflare
etag: "661e9d00-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 879541ad0e90bb97-FRA
content-length: 452
expires: Wed, 24 Apr 2024 12:02:13 GMT

GET
H3 404 favicon.ico
k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/ 181 B
883 B 240ms
240ms Other
text/plain 172.67.176.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.176.15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

87e5b3f8c877444c14444bf89809888aa0d0b165eabc5d9e9da25d27d3500926

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 24 Apr 2024 10:02:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FQfpHAfq0%2BYbSuQM9xX%2BIqXPHDVOsI3Bmlx97T7aTNGEHwb%2Fs2r%2BSx1fgwmn%2BXsaA0hJfwe4B2xTsHv3lY%2BFDQtQlT2EDO3yMS7B8ZMOIlxKiuBQk0HO1VP%2BT36saWmv%2BYNGzigjqfwfZaLNMyqZI04MJJg3XUBHuMXd5s1%2BV%2FLDhyttlVik1HOXjRUI5BPyQmnC5vgMv09cIjFN59aWzTBmOg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: max-age=14400
x-ipfs-path: /ipns/k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm/favicon.ico
cf-ray: 879541ad4ed5bb97-FRA
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With

GET
H3

200

Primary Request / Show response
k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/
Redirect Chain

https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/cdn-cgi/phish-bypass?atok=rBtARizsqENd105kukQxxtsjyGz3Z07g5O6R3JHg9rQ-1713952933-0.0.1.1-%2F
https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/

15 KB
4 KB

360ms
360ms

Document
text/html

172.67.176.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45492181604745ec0703c1fe87a8a9c8b84d9a90cbd711dd7ee325e42d84ff80

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-headers: Content-Type Range User-Agent X-Requested-With
access-control-allow-methods: GET HEAD OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=3153599 max-age=300
cf-cache-status: DYNAMIC
cf-ray: 879541c39f6ebb97-FRA
content-encoding: br
content-type: text/html
date: Wed, 24 Apr 2024 10:02:17 GMT
last-modified: Sat, 06 Apr 2024 10:19:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O6GcwkA2mshJkEc3Zd388KrD9ovtnScoDz7S%2B6cAsmMPYNLwYxESnehlwMa9uHlOylbC1CvxicPVc4GienWIev0Wn6kXpwBD0XBj%2BrpW75Ify1ptVYUSlwHrjZT4gfiBVBOwIZjxG8z8tPgJU6suwJICm2n4SRY1Ss3Mx3207VTIAU%2FW15azrVMPHGoJ3qqtcWpheTaMvOmvdSXWdvfkIP8lNg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-ipfs-path: /ipns/k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm/
x-ipfs-roots: QmQ3q87gMsrz8xgjAxTToHfivckvSHFB9Fz2m8JRcgrSWB

Redirect headers

cache-control: private, no-cache
cf-ray: 879541c35f09bb97-FRA
content-length: 167
content-type: text/html
date: Wed, 24 Apr 2024 10:02:17 GMT
location: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 I050%2Fmain.css
firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/o/ 8 KB
8 KB 1058ms
941ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/o/I050%2Fmain.css?alt=media&token=cb848bcc-f8fe-4928-a77c-58e57a69dd40
Requested by: Host: k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io
URL: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: ece4cba0bb3fdc4d762a7e183d1fd34daeec817d4a87dcd488b31ae33e319328

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 24 Apr 2024 10:02:18 GMT
x-guploader-uploadid: ABPtcPrXRX3mrXm2wWI8GpTgxZDSRW28zWHvzgXjA7aFoeeXJIxgJR2Bo-oqDmn97nOAQ39EarM
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''main.css
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8044
last-modified: Mon, 07 Mar 2022 22:19:52 GMT
server: UploadServer
etag: "920dbe23f81e47a344a8d18be8c8caef"
x-goog-generation: 1646691592319341
content-type: text/css
x-goog-hash: crc32c=ufOHVw==, md5=kg2+I/geR6NEqNGL6MjK7w==
cache-control: private, max-age=0
x-goog-stored-content-length: 8044
x-goog-meta-firebasestoragedownloadtokens: cb848bcc-f8fe-4928-a77c-58e57a69dd40
accept-ranges: bytes
expires: Wed, 24 Apr 2024 10:02:18 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 84 KB
30 KB 137ms
41ms Script
text/javascript 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

Requested by

Host: k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io
URL: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 24 Apr 2024 04:14:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20884
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30028
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 24 Apr 2025 04:14:14 GMT

GET
H2 200 jquery-3.1.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 164ms
47ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.1.1.min.js
Requested by: Host: k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io
URL: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 24 Apr 2024 10:02:18 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 19152336
x-cache: HIT, HIT
content-length: 30070
x-served-by: cache-lga21947-LGA, cache-mxp6956-MXP
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1713952938.031240,VS0,VE0
etag: W/"28feccc0-152b5"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 95, 27102

GET
H2 200 jquery-3.3.1.js Show response
code.jquery.com/ 265 KB
79 KB 165ms
48ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.3.1.js
Requested by: Host: k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io
URL: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Origin: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
Referer: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 24 Apr 2024 10:02:18 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 19150735
x-cache: HIT, HIT
content-length: 80268
x-served-by: cache-lga21980-LGA, cache-mxp6978-MXP
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1713952938.031486,VS0,VE0
etag: W/"28feccc0-42587"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 64, 6584

GET
H2 200 I050%2Flogo.png
firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/o/ 9 KB
9 KB 518ms
515ms Image
image/png 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/o/I050%2Flogo.png?alt=media&token=75c8e702-5b9d-4134-bb5e-8b751b4f5f13
Requested by: Host: k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io
URL: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: ee77f6a227f8001e6e1c127bfe8f67d52dd42b77fc262904a058f23147f51d70

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 24 Apr 2024 10:02:18 GMT
x-guploader-uploadid: ABPtcPplqTj3HL0b8hBmOoN2saEXOSieNmOUaoFAJ_3fdLdSyX1fzM7INfpYkLpwGO3OMW5QdUs
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''logo.png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9385
last-modified: Mon, 07 Mar 2022 22:02:47 GMT
server: UploadServer
etag: "507019be54750ffb69077ba64a3cc089"
x-goog-generation: 1646690567798954
content-type: image/png
x-goog-hash: crc32c=Ad5Z6A==, md5=UHAZvlR1D/tpB3umSjzAiQ==
cache-control: private, max-age=0
x-goog-stored-content-length: 9385
x-goog-meta-firebasestoragedownloadtokens: 75c8e702-5b9d-4134-bb5e-8b751b4f5f13
accept-ranges: bytes
expires: Wed, 24 Apr 2024 10:02:18 GMT

GET
H2 200 veno%2Fmain.js Show response
firebasestorage.googleapis.com/v0/b/rssefe-7fa4d.appspot.com/o/ 5 KB
5 KB 639ms
522ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://firebasestorage.googleapis.com/v0/b/rssefe-7fa4d.appspot.com/o/veno%2Fmain.js?alt=media&token=3cd70645-7fe8-4ede-aef6-ff646e63b91b
Requested by: Host: k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io
URL: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 945cc030ca3cd2499c1db160177525e93be38a39026f9980b52bd77d78f316f4

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 24 Apr 2024 10:02:18 GMT
x-guploader-uploadid: ABPtcPq1qR-FJQNCRn0YL3CZhsp53jq3YOg5n5bgJ8_wY0Ns3wMazrYI9s16A2RxExu8Qr8M-F8
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''main.js
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5015
last-modified: Tue, 12 Mar 2024 16:25:17 GMT
server: UploadServer
etag: "4b6c7c113b9ac9b67f60bbc0e7cf8380"
x-goog-generation: 1710260717539903
content-type: text/javascript
x-goog-hash: crc32c=FbW05w==, md5=S2x8ETuaybZ/YLvA58+DgA==
cache-control: private, max-age=0
x-goog-stored-content-length: 5015
x-goog-meta-firebasestoragedownloadtokens: 3cd70645-7fe8-4ede-aef6-ff646e63b91b
accept-ranges: bytes
expires: Wed, 24 Apr 2024 10:02:18 GMT

GET
H2 200 / Show response
api.ipify.org/ 21 B
154 B 240ms
144ms XHR
application/json 104.26.13.205
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.3.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1d355a2635cf91a471018aa8dd3f11475641f3830b3d4afa7d103d0881b06581

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 24 Apr 2024 10:02:19 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin
content-type: application/json
access-control-allow-origin: *
cf-ray: 879541cd4a9f5d8c-FRA
content-length: 21

GET
H3 200 I050%2Fbg.png
firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/o/ 65 KB
65 KB 593ms
593ms Image
image/png 172.217.18.10
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/o/I050%2Fbg.png?alt=media&token=3b78ae90-4a27-49ab-a814-45026ba68427
Requested by: Host: firebasestorage.googleapis.com
URL: https://firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/o/I050%2Fmain.css?alt=media&token=cb848bcc-f8fe-4928-a77c-58e57a69dd40
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.18.10 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra15s28-in-f10.1e100.net
Software: UploadServer /
Resource Hash: 2dc6d25edaeca3041ce7dfbd184de4da16a2b240487a9ef7c5d5e2522173f483

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/o/I050%2Fmain.css?alt=media&token=cb848bcc-f8fe-4928-a77c-58e57a69dd40
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 24 Apr 2024 10:02:19 GMT
x-guploader-uploadid: ABPtcPomQznxxGtQo2Eocyp4hi7BOwld8Q9cE6wEx-RY23nhpRPbHHmpQnZi_huilAUhbj8WQ-F2Zk5IkQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''bg.png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66648
last-modified: Mon, 07 Mar 2022 22:04:56 GMT
server: UploadServer
etag: "8a5348c90c872a6c740b0347dafde418"
x-goog-generation: 1646690696395496
content-type: image/png
x-goog-hash: crc32c=hfhRMg==, md5=ilNIyQyHKmx0CwNH2v3kGA==
cache-control: private, max-age=0
x-goog-stored-content-length: 66648
x-goog-meta-firebasestoragedownloadtokens: 3b78ae90-4a27-49ab-a814-45026ba68427
accept-ranges: bytes
expires: Wed, 24 Apr 2024 10:02:19 GMT

GET
H3 400 Freight-Sans-Medium.otf
firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/fonts/ 0
0 130ms
50ms Font
application/json 172.217.18.10
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/fonts/Freight-Sans-Medium.otf

Requested by

Host: firebasestorage.googleapis.com
URL: https://firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/o/I050%2Fmain.css?alt=media&token=cb848bcc-f8fe-4928-a77c-58e57a69dd40

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.10 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f10.1e100.net

Software

UploadServer /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/o/I050%2Fmain.css?alt=media&token=cb848bcc-f8fe-4928-a77c-58e57a69dd40
Origin: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 24 Apr 2024 10:02:19 GMT
x-content-type-options: nosniff
server: UploadServer
x-guploader-uploadid: ABPtcPq723wh5tlkfveg7JoCsygbYVPMwN8nxxYjv8hWmqT4AsdMERTHGIuXuoYr0HCcgfyFng
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Content-Length, Content-Range, Date, Expires, Server, Transfer-Encoding, X-Firebase-Storage-XSRF, X-GUploader-UploadID, X-Google-Trace
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 84
expires: Wed, 24 Apr 2024 10:02:19 GMT

GET
H3

200

main.js Show response
k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/ Frame 4FCD
Redirect Chain

https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js

8 KB
4 KB

46ms
46ms

Script
application/javascript

172.67.176.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js

Requested by

Host: k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io
URL: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/

Protocol

Server

172.67.176.15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f033eb00f69661d378e1098b586b6bc95bc5f505b9bcdbbc56a70e37907029a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Apr 2024 10:02:19 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ozNaqc3axRWZsi%2BOYD3%2FZmyEy3OpY1%2Bei82HkyfS3eVwU7abEhd6aaPm11RlOPrzyHxkBXcZ2gQtRLxRCqL5FPNbWR%2Blr%2Bp2nWFx6Nbuz1PWLjyC%2FChbcJ%2BhiSE5A7uy%2FzpVb%2FpIhoYKrjtBFeh5s8viSIri8mmOjcg49yD%2FnH53VcHOmw0Xp5SXpphKu3PC5PwkNpSh5VGT53jZ6YAwywI1mA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 879541cd29d2bb97-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Wed, 24 Apr 2024 10:02:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SrVXwMX%2FOGbFdOxFX3kw8KkhxGioXcaLv3UYIvUC0vsWdTzOqQ3foSUDOPes1UOXvzX3f2L0WjCJj4rW3qEX5aHcGdqIgWe7loFLogCFlp73RGHIjJ6xoknL3n8vGiHnDGXG%2BtRzKldM4MJghBVh6IrLVPsmx%2FXsFzKC%2B9a0b2dvTD4CsPmNv35K4VOmBafsAJTdt96yXMkj9lqmhPJxm2Xnfw%3D%3D"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
cf-ray: 879541ccc962bb97-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H3 200 879541c39f6ebb97 Show response
k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 4FCD 0
664 B 66ms
64ms XHR
text/plain 172.67.176.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/cdn-cgi/challenge-platform/h/b/jsd/r/879541c39f6ebb97
Requested by: Host: k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io
URL: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.176.15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 24 Apr 2024 10:02:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=66AVkXJtg2ODQgH6NprKTQ%2Fd19E8%2FNcXLUdH6Z607NkPwhMROJvjGnwysvZxgqkRHw71lAEnZzzCLMPe08GBrjqYPXS3%2Bmkrx3qxE%2BykB6coqxVcTJmW0OghA%2FMJ7ojNghe%2Fp5DMVtSnvIyxpClA1itxu5Z%2F1CfdUUWrBS95btEkj05dXeggSbA6a9jaGxCPp7JTenJNrPDVzEmZS%2FN4QZoHyg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 879541cdca9bbb97-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 favicon-a34a7465.ico
prod-cdn.wetransfer.net/packs/media/images/ 41 KB
41 KB 138ms
44ms Other
image/vnd.microsoft.icon 13.32.27.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-cdn.wetransfer.net/packs/media/images/favicon-a34a7465.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-114.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d12161435ace47c6883360e08466508593325f134c1852b1d0e6e75d5f76adda

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 01:09:01 GMT
via: 1.1 bfa7dfbe8ca6d4eb3690c4c82ca6c0fa.cloudfront.net (CloudFront)
last-modified: Thu, 21 Dec 2023 14:25:56 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C2
age: 2451199
etag: "692e1c7339c359b6412f059c9c9a0474"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/vnd.microsoft.icon
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 41566
x-amz-cf-id: XaqAYFWPrD8BCn1YyiSWGsuMqrvX2A7YPxuK79HvH0vR-Ae7IVqQjg==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online) WeTransfer (Online) Generic Cloudflare (Online)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/	1970-01-20 20:07:19	Name: __cf_mw_byp Value: rBtARizsqENd105kukQxxtsjyGz3Z07g5O6R3JHg9rQ-1713952933-0.0.1.1-/
			.4everland.io/	1970-01-21 04:51:28	Name: cf_clearance Value: 5cGXNgbiawJxrYVVDkCmpPa6gq_PjPI7a7DHn.7fvTU-1713952939-1.0.1.1-RW5WWHJZvRtfV_BExcgowDUtzCIxhP5KZ8_0htrB28bkJoCUf5v3Xky8QDZ4zhzHK8xPO.BpDac9L170nSWpbQ

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()
javascript	warning	URL: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.1.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.3.1.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://firebasestorage.googleapis.com/v0/b/rssefe-7fa4d.appspot.com/o/veno%2Fmain.js?alt=media&token=3cd70645-7fe8-4ede-aef6-ff646e63b91b, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
recommendation	verbose	URL: https://k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/fonts/Freight-Sans-Medium.otf Message: Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
api.ipify.org
code.jquery.com
firebasestorage.googleapis.com
k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io
prod-cdn.wetransfer.net
104.26.13.205
13.32.27.114
172.217.18.10
172.67.176.15
2a00:1450:4001:80e::200a
2a00:1450:4001:82b::200a
2a04:4e42:400::649
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
1d355a2635cf91a471018aa8dd3f11475641f3830b3d4afa7d103d0881b06581
2dc6d25edaeca3041ce7dfbd184de4da16a2b240487a9ef7c5d5e2522173f483
45492181604745ec0703c1fe87a8a9c8b84d9a90cbd711dd7ee325e42d84ff80
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
87e5b3f8c877444c14444bf89809888aa0d0b165eabc5d9e9da25d27d3500926
945cc030ca3cd2499c1db160177525e93be38a39026f9980b52bd77d78f316f4
af2cd48eab0e9c29c9fb5d3fbcae76340ba8dc0e62e58dd526f8cb5d4f595fdc
d12161435ace47c6883360e08466508593325f134c1852b1d0e6e75d5f76adda
d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ece4cba0bb3fdc4d762a7e183d1fd34daeec817d4a87dcd488b31ae33e319328
ee77f6a227f8001e6e1c127bfe8f67d52dd42b77fc262904a058f23147f51d70
f033eb00f69661d378e1098b586b6bc95bc5f505b9bcdbbc56a70e37907029a5
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io Open in urlscan Pro 172.67.176.15 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

94 %HTTPS

43 %IPv6

5 Domains

6 Subdomains

7 IPs

3 Countries

284 kBTransfer

612 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

2 Cookies

8 Console Messages

Security Headers

Indicators

k51qzi5uqu5dk4qxieh7gsoyl5ps2p0fioy8k1i0jh48wj08qcqwmt8cfvihdm.ipns.4everland.io Open in urlscan Pro
172.67.176.15 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

94 %
HTTPS

43 %
IPv6

5
Domains

6
Subdomains

7
IPs

3
Countries

284 kB
Transfer

612 kB
Size

2
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!