hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net Open in urlscan Pro
52.239.221.231 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/
Effective URL:
https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/
Submission: On September 24 via manual (September 24th 2024, 5:50:43 pm UTC) from US — Scanned from DE

Summary HTTP 26 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 26 HTTP transactions. The main IP is 52.239.221.231, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net.
TLS certificate: Issued by Microsoft Azure RSA TLS Issuing CA 04 on August 23rd 2024. Valid for: a year.

This is the only time hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Tech Support Scam (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
5	52.239.221.231 52.239.221.231	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
15	2a02:4780:24:... 2a02:4780:24:211d:be97:9825:4d05:579e	47583 (AS-HOSTINGER) (AS-HOSTINGER)
1	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
26	6

5 52.239.221.231 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a02:4780:24:211d:be97:9825:4d05:579e (Meppel, Netherlands)

ASN47583 (AS-HOSTINGER, CY)

nerdinthebrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

userstatics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	nerdinthebrain.com nerdinthebrain.com	505 KB
5	windows.net hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net	41 KB
1	userstatics.com userstatics.com — Cisco Umbrella Rank: 177536	663 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 3391
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 57	103 KB
26	5

	Domain	Requested by
15	nerdinthebrain.com	hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net nerdinthebrain.com
5	hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net	hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net
1	userstatics.com	nerdinthebrain.com
1	region1.google-analytics.com	www.googletagmanager.com
1	www.googletagmanager.com	hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net
26	5

This site contains no links.

Subject Issuer	Validity	Valid
*.web.core.windows.net Microsoft Azure RSA TLS Issuing CA 04	`2024-08-23` - `2025-08-18`	a year	crt.sh
nerdinthebrain.com R10	`2024-07-27` - `2024-10-25`	3 months	crt.sh
*.google-analytics.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
userstatics.com WE1	`2024-09-21` - `2024-12-20`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/
Frame ID: 54E72716FA2232BF2B7628C0A0C7D9A0
Requests: 28 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Security center

Page URL History Show full URLs

http://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/ HTTP 307
https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

26
Requests

88 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

6
IPs

3
Countries

649 kB
Transfer

1130 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/ HTTP 307
https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/
Redirect Chain

http://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/
https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

39 KB
39 KB

392ms
97ms

Document
text/html

52.239.221.231
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 52.239.221.231 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: b44167a9dcff47714fc79f94c9d623fbe442313865bfd358358e9ad1bfb32527

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Content-Length: 39447
Content-MD5: bodqxYXE/f1en3nMDNzfUQ==
Content-Type: text/html
Date: Tue, 24 Sep 2024 17:50:37 GMT
ETag: "0x8DCDCAFE41FC6D1"
Last-Modified: Tue, 24 Sep 2024 15:45:18 GMT
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 93076b14-f01e-0000-23aa-0ec89f000000
x-ms-version: 2018-03-28

Redirect headers

Location: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 tapa.css
nerdinthebrain.com/drtz/t/css/ 18 KB
4 KB 512ms
443ms Stylesheet
text/css 2a02:4780:24:211d:be97:9825:4d05:579e
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://nerdinthebrain.com/drtz/t/css/tapa.css

Requested by

Host: hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net
URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:24:211d:be97:9825:4d05:579e Meppel, Netherlands, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

hcdn /

Resource Hash

e429cb154e56b90ec4f5179b1402f78f6dd73dda94198e5a1fa4d5003bdf6199

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Response headers

x-hcdn-request-id: 239d8b31319715abd8ec329c26589178-srv-edge3
content-encoding: br
x-hcdn-upstream-rt: 0.422
etag: "4973-66f11ee5-fde1aa653e86c485;br"
expires: Tue, 01 Oct 2024 17:50:37 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 24 Sep 2024 17:50:37 GMT
x-hcdn-cache-status: MISS
content-type: text/css
last-modified: Mon, 23 Sep 2024 07:55:17 GMT
platform: hostinger
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 4168
x-turbo-charged-by: LiteSpeed
server: hcdn
panel: hpanel

GET
H2 200 bootstrap.min.css
nerdinthebrain.com/drtz/t/css/ 216 KB
26 KB 652ms
583ms Stylesheet
text/css 2a02:4780:24:211d:be97:9825:4d05:579e
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://nerdinthebrain.com/drtz/t/css/bootstrap.min.css

Requested by

Host: hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net
URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:24:211d:be97:9825:4d05:579e Meppel, Netherlands, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

hcdn /

Resource Hash

932ea15108928991bcf0c0a46415fc652de5ffc0158c35205357b90c65eeb386

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Response headers

x-hcdn-request-id: 84285080e73019b8ed4be48546eae4c9-srv-edge3
content-encoding: br
x-hcdn-upstream-rt: 0.426
etag: "35e6c-66f11ee5-4c2661fa5496de8;br"
expires: Tue, 01 Oct 2024 17:50:37 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 24 Sep 2024 17:50:37 GMT
x-hcdn-cache-status: MISS
content-type: text/css
last-modified: Mon, 23 Sep 2024 07:55:17 GMT
platform: hostinger
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 26205
x-turbo-charged-by: LiteSpeed
server: hcdn
panel: hpanel

GET
H2 200 jquery.min.js Show response
nerdinthebrain.com/drtz/t/js/ 83 KB
29 KB 652ms
583ms Script
application/x-javascript 2a02:4780:24:211d:be97:9825:4d05:579e
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://nerdinthebrain.com/drtz/t/js/jquery.min.js

Requested by

Host: hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net
URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:24:211d:be97:9825:4d05:579e Meppel, Netherlands, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

hcdn /

Resource Hash

436ecc90fab5ed1034b68a4a0e924e0132d93d9e7fb59b4fe23018eb7d9242c1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Response headers

x-hcdn-request-id: 5b18766a14bdda48c73e1bc8c6dd6593-srv-edge3
content-encoding: br
x-hcdn-upstream-rt: 0.436
etag: "14b51-66f11ee5-1ea53dc6c2664c1b;br"
expires: Tue, 01 Oct 2024 17:50:37 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 24 Sep 2024 17:50:37 GMT
x-hcdn-cache-status: MISS
content-type: application/x-javascript
last-modified: Mon, 23 Sep 2024 07:55:17 GMT
platform: hostinger
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 28857
x-turbo-charged-by: LiteSpeed
server: hcdn
panel: hpanel

GET bootstrap.min.js
nerdinthebrain.com/drtz/t/js/ 0
0

GET
H2 200 font-awesome.min.css
nerdinthebrain.com/drtz/t/css/ 27 KB
6 KB 509ms
440ms Stylesheet
text/css 2a02:4780:24:211d:be97:9825:4d05:579e
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://nerdinthebrain.com/drtz/t/css/font-awesome.min.css

Requested by

Host: hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net
URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:24:211d:be97:9825:4d05:579e Meppel, Netherlands, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

hcdn /

Resource Hash

ce26d1b76dae2f3b5d0ccc8d0ecd88d2edb411101b8a4c5edc4d9aa7008c9b04

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Response headers

x-hcdn-request-id: fb5d7f345d3edb793c6e76616dc78af3-srv-edge3
content-encoding: br
x-hcdn-upstream-rt: 0.420
etag: "6b24-66f11ee5-ceca8421e5be0fe7;br"
expires: Tue, 01 Oct 2024 17:50:37 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 24 Sep 2024 17:50:37 GMT
x-hcdn-cache-status: MISS
content-type: text/css
last-modified: Mon, 23 Sep 2024 07:55:17 GMT
platform: hostinger
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5850
x-turbo-charged-by: LiteSpeed
server: hcdn
panel: hpanel

GET
H/1.1 404
The requested content does not exist. emojione.min.js
hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/js/ 0
0 96ms
95ms Script
text/html 52.239.221.231
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/js/emojione.min.js
Requested by: Host: hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net
URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 52.239.221.231 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Response headers

x-ms-request-id: 93076dfe-f01e-0000-22aa-0ec89f000000
Content-Length: 321
x-ms-version: 2018-03-28
Date: Tue, 24 Sep 2024 17:50:38 GMT
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound

GET
H3 200 script.compat.js Show response
nerdinthebrain.com/drtz/t/js/ 1 KB
1 KB 461ms
460ms Script
application/x-javascript 2a02:4780:24:211d:be97:9825:4d05:579e
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://nerdinthebrain.com/drtz/t/js/script.compat.js

Requested by

Host: hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net
URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:24:211d:be97:9825:4d05:579e Meppel, Netherlands, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

hcdn /

Resource Hash

63438ac53941d537540dd5687ab8c1f1319509a2f6c419731d5e21cd3a850796

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Response headers

x-hcdn-request-id: 750523bb734a6252b547c4c6486bd76c-srv-edge3
content-encoding: br
x-hcdn-upstream-rt: 0.430
etag: "56c-66f11ee5-3a3f1cc2a91a54e1;br"
expires: Tue, 01 Oct 2024 17:50:38 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 24 Sep 2024 17:50:38 GMT
x-hcdn-cache-status: MISS
content-type: application/x-javascript
last-modified: Mon, 23 Sep 2024 07:55:17 GMT
platform: hostinger
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 662
x-turbo-charged-by: LiteSpeed
server: hcdn
panel: hpanel

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 309 KB
103 KB 55ms
28ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-F9ZFHN0DV3

Requested by

Host: hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net
URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

08718839a61919c2593aaf6fbf50582775d12093d93e73b2d13a2a43487752c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: br
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Tue, 24 Sep 2024 17:50:38 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104920
date: Tue, 24 Sep 2024 17:50:38 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

GET
H2 200 background.png
nerdinthebrain.com/drtz/t/images/ 282 KB
283 KB 1477ms
1409ms Image
image/webp 2a02:4780:24:211d:be97:9825:4d05:579e
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nerdinthebrain.com/drtz/t/images/background.png
Requested by: Host: hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net
URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:4780:24:211d:be97:9825:4d05:579e Meppel, Netherlands, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: hcdn /
Resource Hash: a137d0c8bc48e94a6226e51450fba10238ca26d4dadc4afbf38faf473d1a1e8b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Response headers

x-hcdn-request-id: 15d09199c9691434506c4eee24508930-srv-edge3
cache-control: public, max-age=604800
x-hcdn-upstream-rt: 1.387
x-hcdn-image-optimizer: f:webp q:85 w:1600
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 289196
date: Tue, 24 Sep 2024 17:50:38 GMT
content-type: image/webp
x-hcdn-cache-status: MISS
server: hcdn

GET
H2 200 flip.png
nerdinthebrain.com/drtz/t/images/ 484 B
735 B 446ms
445ms Image
image/webp 2a02:4780:24:211d:be97:9825:4d05:579e
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nerdinthebrain.com/drtz/t/images/flip.png
Requested by: Host: hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net
URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:4780:24:211d:be97:9825:4d05:579e Meppel, Netherlands, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: hcdn /
Resource Hash: 48ff940e394fb1968b729c29a719aac4e64c6943e32a77d74f0ddd84db8ccfba

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Response headers

x-hcdn-request-id: 4f3718e525a3dde222802e769cd6568e-srv-edge3
cache-control: public, max-age=604800
x-hcdn-upstream-rt: 0.429
x-hcdn-image-optimizer: f:webp q:85 w:1600
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 484
date: Tue, 24 Sep 2024 17:50:38 GMT
content-type: image/webp
x-hcdn-cache-status: MISS
server: hcdn

GET
H3 200 bulb.png
nerdinthebrain.com/drtz/t/images/ 474 B
716 B 449ms
447ms Image
image/webp 2a02:4780:24:211d:be97:9825:4d05:579e
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nerdinthebrain.com/drtz/t/images/bulb.png
Requested by: Host: hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net
URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a02:4780:24:211d:be97:9825:4d05:579e Meppel, Netherlands, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: hcdn /
Resource Hash: 0b2ec8ec8e4677ed296b07891de45bbb1fb301eaa2840968462fb704f216bd07

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Response headers

x-hcdn-request-id: 3d8ea782078514088db3e7acb89d64a8-srv-edge3
cache-control: public, max-age=604800
x-hcdn-upstream-rt: 0.420
x-hcdn-image-optimizer: f:webp q:85 w:1600
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 474
date: Tue, 24 Sep 2024 17:50:38 GMT
content-type: image/webp
x-hcdn-cache-status: MISS
server: hcdn

GET
H3 200 scripo.png
nerdinthebrain.com/drtz/t/images/ 992 B
1 KB 452ms
450ms Image
image/webp 2a02:4780:24:211d:be97:9825:4d05:579e
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nerdinthebrain.com/drtz/t/images/scripo.png
Requested by: Host: hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net
URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a02:4780:24:211d:be97:9825:4d05:579e Meppel, Netherlands, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: hcdn /
Resource Hash: 33ccd8e22b64f8375988afca456e153a82a1f27d601b7bd40261edb4ae2a4c7d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Response headers

x-hcdn-request-id: 984d7e1d265a63290d8ebcf4199f1c6c-srv-edge3
cache-control: public, max-age=604800
x-hcdn-upstream-rt: 0.423
x-hcdn-image-optimizer: f:webp q:85 w:1600
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 992
date: Tue, 24 Sep 2024 17:50:38 GMT
content-type: image/webp
x-hcdn-cache-status: MISS
server: hcdn

GET
H3 200 timo.png
nerdinthebrain.com/drtz/t/images/ 364 B
606 B 451ms
449ms Image
image/webp 2a02:4780:24:211d:be97:9825:4d05:579e
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nerdinthebrain.com/drtz/t/images/timo.png
Requested by: Host: hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net
URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a02:4780:24:211d:be97:9825:4d05:579e Meppel, Netherlands, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: hcdn /
Resource Hash: f0cea24a9aa91f2a46a2b70f8f34d2837f57377d618dab0e4e08df8743016934

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Response headers

x-hcdn-request-id: 57410cce7091d361a37c0014637c676f-srv-edge3
cache-control: public, max-age=604800
x-hcdn-upstream-rt: 0.422
x-hcdn-image-optimizer: f:webp q:85 w:1600
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 364
date: Tue, 24 Sep 2024 17:50:38 GMT
content-type: image/webp
x-hcdn-cache-status: MISS
server: hcdn

GET
H3 200 m.png
nerdinthebrain.com/drtz/t/images/ 360 B
602 B 453ms
452ms Image
image/webp 2a02:4780:24:211d:be97:9825:4d05:579e
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nerdinthebrain.com/drtz/t/images/m.png
Requested by: Host: hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net
URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a02:4780:24:211d:be97:9825:4d05:579e Meppel, Netherlands, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: hcdn /
Resource Hash: 2595e57e581712bacbbb36e04af8eca3911068fc15fe527fd048ee5562ebc61e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Response headers

x-hcdn-request-id: dd912d50b965e4b4753062f8b090adc2-srv-edge3
cache-control: public, max-age=604800
x-hcdn-upstream-rt: 0.423
x-hcdn-image-optimizer: f:webp q:85 w:1600
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 360
date: Tue, 24 Sep 2024 17:50:38 GMT
content-type: image/webp
x-hcdn-cache-status: MISS
server: hcdn

GET
H3 200 shield.png
nerdinthebrain.com/drtz/t/images/ 20 KB
21 KB 710ms
709ms Image
image/webp 2a02:4780:24:211d:be97:9825:4d05:579e
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nerdinthebrain.com/drtz/t/images/shield.png
Requested by: Host: hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net
URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a02:4780:24:211d:be97:9825:4d05:579e Meppel, Netherlands, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: hcdn /
Resource Hash: 14905e7cca0f97afaf6274442793e060be809c5f50bb9756b8a6faa62a223276

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Response headers

x-hcdn-request-id: af1a7cd63bb759c410becb3d03de5dc0-srv-edge3
cache-control: public, max-age=604800
x-hcdn-upstream-rt: 0.681
x-hcdn-image-optimizer: f:webp q:85 w:1600
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 20926
date: Tue, 24 Sep 2024 17:50:38 GMT
content-type: image/webp
x-hcdn-cache-status: MISS
server: hcdn

GET
H3 200 buffer.gif
nerdinthebrain.com/drtz/t/images/ 14 KB
15 KB 455ms
455ms Image
image/gif 2a02:4780:24:211d:be97:9825:4d05:579e
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nerdinthebrain.com/drtz/t/images/buffer.gif

Requested by

Host: hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net
URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:24:211d:be97:9825:4d05:579e Meppel, Netherlands, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

hcdn /

Resource Hash

4b436b0b6a47db85c88f83dc3fe3fd9a96c0a4018b28832165df929dffe0bc86

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Response headers

x-hcdn-request-id: 0c47ba6728bb4d78337b705aa7c207b3-srv-edge3
x-hcdn-upstream-rt: 0.427
etag: "399f-66f11ee5-427f0dab7d0cc1d6;;;"
expires: Tue, 01 Oct 2024 17:50:38 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 24 Sep 2024 17:50:38 GMT
x-hcdn-cache-status: MISS
content-type: image/gif
last-modified: Mon, 23 Sep 2024 07:55:17 GMT
platform: hostinger
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 14751
x-turbo-charged-by: LiteSpeed
server: hcdn
panel: hpanel

GET bootstrap.min.js
nerdinthebrain.com/drtz/t/js/ 0
0

GET
DATA 200
OK truncated
/ 349 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H3 206 beep.mp3
nerdinthebrain.com/drtz/t/media/ 8 KB
9 KB 452ms
452ms Media
audio/mpeg 2a02:4780:24:211d:be97:9825:4d05:579e
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://nerdinthebrain.com/drtz/t/media/beep.mp3

Requested by

Host: hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net
URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:24:211d:be97:9825:4d05:579e Meppel, Netherlands, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

hcdn /

Resource Hash

0589be7715d2320e559eae6bd26f3528e97450c70293da2e1e8ce45f77f99ab1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Referer: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

x-hcdn-cache-status: MISS
content-security-policy: upgrade-insecure-requests
x-hcdn-request-id: cf7d2a1fd1d28bc4d3e5ceb37b0779e6-srv-edge3
x-hcdn-upstream-rt: 0.424
etag: "20d5-66f11ee5-748d0802b5e7c432;;;"
Content-Range: bytes 0-8404/8405
alt-svc: h3=":443"; ma=86400
Content-Length: 8405
date: Tue, 24 Sep 2024 17:50:38 GMT
x-turbo-charged-by: LiteSpeed
content-type: audio/mpeg
last-modified: Mon, 23 Sep 2024 07:55:17 GMT
server: hcdn
platform: hostinger
panel: hpanel

GET
H3 206 eng.mp3
nerdinthebrain.com/drtz/t/media/ 108 KB
108 KB 595ms
594ms Media
audio/mpeg 2a02:4780:24:211d:be97:9825:4d05:579e
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://nerdinthebrain.com/drtz/t/media/eng.mp3

Requested by

Host: hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net
URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:24:211d:be97:9825:4d05:579e Meppel, Netherlands, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

hcdn /

Resource Hash

9fa4f2ad709ff397d792afa42087c38ac2d13ac10ee104e557f594ffbf93a603

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Referer: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

x-hcdn-cache-status: MISS
content-security-policy: upgrade-insecure-requests
x-hcdn-request-id: e6123ee5dc38076f5abfbc97dcfb84d0-srv-edge3
x-hcdn-upstream-rt: 0.423
etag: "1ae95-66f11ee5-b693bee4727acb1e;;;"
Content-Range: bytes 0-110228/110229
alt-svc: h3=":443"; ma=86400
Content-Length: 110229
date: Tue, 24 Sep 2024 17:50:38 GMT
x-turbo-charged-by: LiteSpeed
content-type: audio/mpeg
last-modified: Mon, 23 Sep 2024 07:55:17 GMT
server: hcdn
platform: hostinger
panel: hpanel

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 43ms
16ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-F9ZFHN0DV3&gtm=45je49j0v9182508741za200&_p=1727200238148&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=1390552071.1727200238&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1727200238&sct=1&seg=0&dl=https%3A%2F%2Fhqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net%2F&dt=Security%20center&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1229
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-F9ZFHN0DV3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Tue, 24 Sep 2024 17:50:38 GMT
content-type: text/plain
server: Golfe2

POST event
nerdinthebrain.com/api/ 0
0

GET
H/1.1 404
The requested content does not exist. w3
hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/ 321 B
629 B 96ms
96ms Other
text/html 52.239.221.231
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/w3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 52.239.221.231 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 9a0fb631e7bcd65bdb8eda45b7f6f77280a490298e3bb39c000a055f45deb9ba

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Response headers

x-ms-request-id: 9307717d-f01e-0000-2faa-0ec89f000000
Content-Length: 321
x-ms-version: 2018-03-28
Date: Tue, 24 Sep 2024 17:50:38 GMT
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound

GET
H3 200 script.js Show response
userstatics.com/get/ 133 B
663 B 74ms
46ms Script
text/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://userstatics.com/get/script.js?referrer=https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/
Requested by: Host: nerdinthebrain.com
URL: https://nerdinthebrain.com/drtz/t/js/jquery.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.2.1
Resource Hash: df9690fea031319de38a437cb6d393026c4aae70642ed394c4254ed64f035b26

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JKcNAuOhxCqMAQLshboHOPhOUkK1%2F1GZa8Z91cI6qjhorcDE3JNQ30n8xSQZWQI%2BTfhyTuo55jtdDwg96XdiwajTJPjS5NHNfSWy3%2BoDWZiP8PnuWVPullzM37wPtYQ%2B%2BDU%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c849e36baeb923b-FRA
access-control-allow-origin: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net
date: Tue, 24 Sep 2024 17:50:39 GMT
content-type: text/javascript; charset=utf-8
x-powered-by: PHP/8.2.1
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: X-Requested-With,content-type

GET
H/1.1 404
The requested content does not exist. w3.html
hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/ 321 B
629 B 96ms
96ms Other
text/html 52.239.221.231
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/w3.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 52.239.221.231 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 8492704ec8f8b0e1328d5b3d116a9233609e9c20918455883fbe04813ef408cc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Response headers

x-ms-request-id: 93077252-f01e-0000-68aa-0ec89f000000
Content-Length: 321
x-ms-version: 2018-03-28
Date: Tue, 24 Sep 2024 17:50:39 GMT
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound

GET
H/1.1 404
The requested content does not exist. w1.html
hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/ 321 B
629 B 96ms
95ms Other
text/html 52.239.221.231
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/w1.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 52.239.221.231 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 4218a5f6a7509ab8cfaaf2f2ae49b132cb43850290ac9db067e9e08ac8b7cc05

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/

Response headers

x-ms-request-id: 9307767b-f01e-0000-2faa-0ec89f000000
Content-Length: 321
x-ms-version: 2018-03-28
Date: Tue, 24 Sep 2024 17:50:40 GMT
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound

GET
DATA 200
OK truncated
/ 181 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7fd467d27ef40cdaed73685e3d55006dd24a34223c2183d8d805f94f17b3aa1d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: nerdinthebrain.com
URL: https://nerdinthebrain.com/drtz/t/js/bootstrap.min.js

Domain: nerdinthebrain.com
URL: https://nerdinthebrain.com/drtz/t/js/bootstrap.min.js

Domain: nerdinthebrain.com
URL: https://nerdinthebrain.com/api/event

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Tech Support Scam (Consumer)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/	1970-01-20 23:47:20	Name: PHPREFS Value: full
.windows.net/	1970-01-21 09:22:40	Name: _ga_F9ZFHN0DV3 Value: GS1.1.1727200238.1.0.1727200238.0.0.0
.windows.net/	1970-01-21 09:22:40	Name: _ga Value: GA1.1.1390552071.1727200238

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/ Message: Access to script at 'https://nerdinthebrain.com/drtz/t/js/bootstrap.min.js' from origin 'https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://nerdinthebrain.com/drtz/t/js/bootstrap.min.js Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/ Message: Access to script at 'https://nerdinthebrain.com/drtz/t/js/bootstrap.min.js' from origin 'https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://nerdinthebrain.com/drtz/t/js/bootstrap.min.js Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/js/emojione.min.js Message: Failed to load resource: the server responded with a status of 404 (The requested content does not exist.)
javascript	error	URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/ Message: Access to XMLHttpRequest at 'https://nerdinthebrain.com/api/event' from origin 'https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://nerdinthebrain.com/api/event Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/w3 Message: Failed to load resource: the server responded with a status of 404 (The requested content does not exist.)
network	error	URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/w3.html Message: Failed to load resource: the server responded with a status of 404 (The requested content does not exist.)
network	error	URL: https://hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net/w1.html Message: Failed to load resource: the server responded with a status of 404 (The requested content does not exist.)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net
nerdinthebrain.com
region1.google-analytics.com
userstatics.com
www.googletagmanager.com
nerdinthebrain.com
188.114.97.3
2001:4860:4802:32::36
2a00:1450:4001:813::2008
2a02:4780:24:211d:be97:9825:4d05:579e
52.239.221.231
0589be7715d2320e559eae6bd26f3528e97450c70293da2e1e8ce45f77f99ab1
08718839a61919c2593aaf6fbf50582775d12093d93e73b2d13a2a43487752c6
0b2ec8ec8e4677ed296b07891de45bbb1fb301eaa2840968462fb704f216bd07
14905e7cca0f97afaf6274442793e060be809c5f50bb9756b8a6faa62a223276
2595e57e581712bacbbb36e04af8eca3911068fc15fe527fd048ee5562ebc61e
33ccd8e22b64f8375988afca456e153a82a1f27d601b7bd40261edb4ae2a4c7d
4218a5f6a7509ab8cfaaf2f2ae49b132cb43850290ac9db067e9e08ac8b7cc05
436ecc90fab5ed1034b68a4a0e924e0132d93d9e7fb59b4fe23018eb7d9242c1
44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7
48ff940e394fb1968b729c29a719aac4e64c6943e32a77d74f0ddd84db8ccfba
4b436b0b6a47db85c88f83dc3fe3fd9a96c0a4018b28832165df929dffe0bc86
63438ac53941d537540dd5687ab8c1f1319509a2f6c419731d5e21cd3a850796
7fd467d27ef40cdaed73685e3d55006dd24a34223c2183d8d805f94f17b3aa1d
8492704ec8f8b0e1328d5b3d116a9233609e9c20918455883fbe04813ef408cc
932ea15108928991bcf0c0a46415fc652de5ffc0158c35205357b90c65eeb386
9a0fb631e7bcd65bdb8eda45b7f6f77280a490298e3bb39c000a055f45deb9ba
9fa4f2ad709ff397d792afa42087c38ac2d13ac10ee104e557f594ffbf93a603
a137d0c8bc48e94a6226e51450fba10238ca26d4dadc4afbf38faf473d1a1e8b
b44167a9dcff47714fc79f94c9d623fbe442313865bfd358358e9ad1bfb32527
ce26d1b76dae2f3b5d0ccc8d0ecd88d2edb411101b8a4c5edc4d9aa7008c9b04
df9690fea031319de38a437cb6d393026c4aae70642ed394c4254ed64f035b26
e429cb154e56b90ec4f5179b1402f78f6dd73dda94198e5a1fa4d5003bdf6199
f0cea24a9aa91f2a46a2b70f8f34d2837f57377d618dab0e4e08df8743016934

hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net Open in urlscan Pro 52.239.221.231 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

26 Requests

88 %HTTPS

60 %IPv6

5 Domains

5 Subdomains

6 IPs

3 Countries

649 kBTransfer

1130 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

26 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

19 JavaScript Global Variables

3 Cookies

hqcg9462vu7dt801sj5lbzw.z13.web.core.windows.net Open in urlscan Pro
52.239.221.231 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

26
Requests

88 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

6
IPs

3
Countries

649 kB
Transfer

1130 kB
Size

3
Cookies

26 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!