urlscan.io logo urlscan.io
SecurityTrails logo

k-pr---l----cv-ad----ia1.icu Open in urlscan Pro
149.100.154.8  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://k-pr---l----cv-ad----ia1.icu/
Submission: On September 11 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 4 countries across 9 domains to perform 30 HTTP transactions. The main IP is 149.100.154.8, located in São Paulo, Brazil and belongs to AS-HOSTINGER, CY. The main domain is k-pr---l----cv-ad----ia1.icu.
TLS certificate: Issued by k-pr---l----cv-ad----ia1.icu on August 28th 2023. Valid for: 10 years.
This is the only time k-pr---l----cv-ad----ia1.icu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
10 149.100.154.8 47583 (AS-HOSTINGER)
2 3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 2620:1ec:46::40 8075 (MICROSOFT...)
4 104.18.5.98 13335 (CLOUDFLAR...)
3 2a03:2880:f01... 32934 (FACEBOOK)
2 2607:f8b0:400... 15169 (GOOGLE)
4 2a03:2880:f17... 32934 (FACEBOOK)
30 9
10    149.100.154.8 (São Paulo, Brazil)

ASN47583 (AS-HOSTINGER, CY)
k-pr---l----cv-ad----ia1.icu
3    2606:4700::6810:7aaf (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
1    2607:f8b0:4006:80f::200a (United States)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
4    2620:1ec:46::40 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
logincdn.msauth.net
acctcdn.msauth.net
4    104.18.5.98 (None, )

ASN13335 (CLOUDFLARENET, US)
www.paribu.com
3    2a03:2880:f012:10c:face:b00c:0:3 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2607:f8b0:4006:821::2003 (United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
4    2a03:2880:f171:81:face:b00c:0:25de (Apodaca, Mexico)

ASN32934 (FACEBOOK, US)
www.facebook.com
Apex Domain
Subdomains		 Transfer
10 k-pr---l----cv-ad----ia1.icu
k-pr---l----cv-ad----ia1.icu
642 KB
4 facebook.com
www.facebook.com — Cisco Umbrella Rank: 114
288 B
4 paribu.com
www.paribu.com
4 msauth.net
logincdn.msauth.net — Cisco Umbrella Rank: 3928
acctcdn.msauth.net — Cisco Umbrella Rank: 4142
5 KB
3 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 186
123 KB
3 unpkg.com
unpkg.com — Cisco Umbrella Rank: 1055
24 KB
2 gstatic.com
fonts.gstatic.com
27 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 249
24 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 406
31 KB
30 9
Domain Requested by
10 k-pr---l----cv-ad----ia1.icu k-pr---l----cv-ad----ia1.icu
4 www.facebook.com k-pr---l----cv-ad----ia1.icu
4 www.paribu.com k-pr---l----cv-ad----ia1.icu
3 connect.facebook.net k-pr---l----cv-ad----ia1.icu
connect.facebook.net
3 unpkg.com 2 redirects k-pr---l----cv-ad----ia1.icu
2 fonts.gstatic.com k-pr---l----cv-ad----ia1.icu
2 acctcdn.msauth.net k-pr---l----cv-ad----ia1.icu
2 logincdn.msauth.net k-pr---l----cv-ad----ia1.icu
1 cdnjs.cloudflare.com k-pr---l----cv-ad----ia1.icu
1 ajax.googleapis.com k-pr---l----cv-ad----ia1.icu
30 10

This site contains links to these domains. Also see Links.

Domain
support.google.com
accounts.google.com
account.live.com
www.paribu.com
Subject Issuer Validity Valid
k-pr---l----cv-ad----ia1.icu
k-pr---l----cv-ad----ia1.icu		 2023-08-28 -
2033-08-25		 10 years crt.sh
upload.video.google.com
GTS CA 1C3		 2023-08-14 -
2023-11-06		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh
identitycdn.msauth.net
Microsoft Azure TLS Issuing CA 02		 2023-06-24 -
2024-06-18		 a year crt.sh
paribu.com
Cloudflare Inc ECC CA-3		 2023-04-05 -
2024-04-04		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-06-20 -
2023-09-18		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-08-14 -
2023-11-06		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://k-pr---l----cv-ad----ia1.icu/
Frame ID: ECA4060A08EC6935FDB37888E8664E2B
Requests: 29 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: D1F1D77DC185DB6CDCE3227F5359A37A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Giriş yap - ParibuOturum açın - Google HesaplarıOturum açın - Google Hesapları

Detected technologies

Overall confidence: 100%
Detected patterns
  • socket\.io.*\.js
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

30
Requests

63 %
HTTPS

78 %
IPv6

9
Domains

10
Subdomains

9
IPs

4
Countries

877 kB
Transfer

3356 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://unpkg.com/imask HTTP 302
  • https://unpkg.com/imask@7.1.3 HTTP 302
  • https://unpkg.com/imask@7.1.3/dist/imask.js

30 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
k-pr---l----cv-ad----ia1.icu/ 		2 MB
270 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://k-pr---l----cv-ad----ia1.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
149.100.154.8 São Paulo, Brazil, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
07b74580dfc6383d9252e934c14ee887a3b43c190dcc10018a58e1c28e4efbf5

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 11 Sep 2023 03:35:08 GMT
server
LiteSpeed
vary
Accept-Encoding
chunk-vendors.83e128cd.css
k-pr---l----cv-ad----ia1.icu/css/ 		22 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://k-pr---l----cv-ad----ia1.icu/css/chunk-vendors.83e128cd.css
Requested by
Host: k-pr---l----cv-ad----ia1.icu
URL: https://k-pr---l----cv-ad----ia1.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
149.100.154.8 São Paulo, Brazil, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
c4f6c2c50964f40a66ca084c5647451a5f3aeb5e9de5a08d66ab041aca8ce138

Request headers

accept-language
en-US,en;q=0.9
Referer
https://k-pr---l----cv-ad----ia1.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Mon, 11 Sep 2023 03:35:09 GMT
content-encoding
br
last-modified
Thu, 27 Jul 2023 13:54:17 GMT
server
LiteSpeed
etag
"56ac-64c27709-a08e9;br"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
4128
expires
Mon, 18 Sep 2023 03:35:09 GMT
app.16d64c55.css
k-pr---l----cv-ad----ia1.icu/css/ 		225 KB
32 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://k-pr---l----cv-ad----ia1.icu/css/app.16d64c55.css
Requested by
Host: k-pr---l----cv-ad----ia1.icu
URL: https://k-pr---l----cv-ad----ia1.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
149.100.154.8 São Paulo, Brazil, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
e47ed18e51899d2d27e23331edaa5122d4ca80aedf7d4fbb51f5d8061e132682

Request headers

accept-language
en-US,en;q=0.9
Referer
https://k-pr---l----cv-ad----ia1.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Mon, 11 Sep 2023 03:35:09 GMT
content-encoding
br
last-modified
Thu, 27 Jul 2023 13:54:19 GMT
server
LiteSpeed
etag
"38424-64c2770b-a08ea;br"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
32687
expires
Mon, 18 Sep 2023 03:35:09 GMT
imask.js
unpkg.com/imask@7.1.3/dist/
Redirect Chain
  • https://unpkg.com/imask
  • https://unpkg.com/imask@7.1.3
  • https://unpkg.com/imask@7.1.3/dist/imask.js
108 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/imask@7.1.3/dist/imask.js
Requested by
Host: k-pr---l----cv-ad----ia1.icu
URL: https://k-pr---l----cv-ad----ia1.icu/
Protocol
H2
Server
2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
42e7a5c70376b125d470d570585ff230cd777cfbbd9e4fbedc18d2de0c8dc83d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://k-pr---l----cv-ad----ia1.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Mon, 11 Sep 2023 03:35:09 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
4737985
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01H5KYDH5QK7MCFXXMD3MXJF97-mia
server
cloudflare
etag
W/"1ae1d-r3wKbDdr0Tj2yWbqhqDgCO3SNrM"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
804cdbeb1d033dcd-MIA

Redirect headers

date
Mon, 11 Sep 2023 03:35:09 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
fly-request-id
01H5KYDH43H2VHE0JJ7DR1N123-mia
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
4737985
vary
Accept, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
location
/imask@7.1.3/dist/imask.js
cache-control
public, max-age=31536000
cf-ray
804cdbeadcd13dcd-MIA
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.3/ 		88 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js
Requested by
Host: k-pr---l----cv-ad----ia1.icu
URL: https://k-pr---l----cv-ad----ia1.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://k-pr---l----cv-ad----ia1.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Sat, 09 Sep 2023 03:22:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
173546
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31191
x-xss-protection
0
last-modified
Wed, 11 Jan 2023 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 08 Sep 2024 03:22:43 GMT
socket.io.js
cdnjs.cloudflare.com/ajax/libs/socket.io/4.6.1/ 		122 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.6.1/socket.io.js
Requested by
Host: k-pr---l----cv-ad----ia1.icu
URL: https://k-pr---l----cv-ad----ia1.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
54000ff14b964678f718f336056067b9ca90eae9d0148edf741199cbc77a7cd9
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://k-pr---l----cv-ad----ia1.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Mon, 11 Sep 2023 03:35:09 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
2680420
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
24022
last-modified
Thu, 22 Jun 2023 11:18:54 GMT
server
cloudflare
cf-cdnjs-via
cfworker/r2
etag
"64942e1e-5dd6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0sB%2FSXJBgMzJCykzHgJxXN4E8JDBc%2FzeQLP2gQB55cpJ9YJXrmjmJoQN7wcVPPwsPgPdDc5fGrkyTfvfRl5A8a8xN5xlm%2F56D42S%2BY6K5Wq4OY6o%2BEsV6hfDUHL%2BjzVZy4yB6JDwtKSQqwvSsCCQ5kzH"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
804cdbea8f28334d-MIA
expires
Sat, 31 Aug 2024 03:35:09 GMT
microsoft.css
k-pr---l----cv-ad----ia1.icu/css/ 		94 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://k-pr---l----cv-ad----ia1.icu/css/microsoft.css
Requested by
Host: k-pr---l----cv-ad----ia1.icu
URL: https://k-pr---l----cv-ad----ia1.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
149.100.154.8 São Paulo, Brazil, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
2518655800698c89ae0bbc34b3b362c13e558bcb3ea4bd6c2cf4bbcf9e87b927

Request headers

accept-language
en-US,en;q=0.9
Referer
https://k-pr---l----cv-ad----ia1.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Mon, 11 Sep 2023 03:35:09 GMT
content-encoding
br
last-modified
Thu, 27 Jul 2023 13:54:19 GMT
server
LiteSpeed
etag
"176a6-64c2770b-a08ed;br"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
16219
expires
Mon, 18 Sep 2023 03:35:09 GMT
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
logincdn.msauth.net/shared/1.0/content/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logincdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Requested by
Host: k-pr---l----cv-ad----ia1.icu
URL: https://k-pr---l----cv-ad----ia1.icu/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:46::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

accept-language
en-US,en;q=0.9
Referer
https://k-pr---l----cv-ad----ia1.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 11 Sep 2023 03:35:10 GMT
content-encoding
gzip
x-cache
TCP_HIT
content-length
1435
x-ms-lease-status
unlocked
last-modified
Wed, 22 Jan 2020 00:38:07 GMT
etag
0x8D79ED359808AB6
x-azure-ref
20230911T033510Z-9n5trkbys9307b9eheaa718v640000000mtg00000000exty
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
2d56b521-601e-0015-5b86-d5005b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
logincdn.msauth.net/shared/1.0/content/images/ 		513 B
798 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logincdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
Requested by
Host: k-pr---l----cv-ad----ia1.icu
URL: https://k-pr---l----cv-ad----ia1.icu/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:46::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Request headers

accept-language
en-US,en;q=0.9
Referer
https://k-pr---l----cv-ad----ia1.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 11 Sep 2023 03:35:10 GMT
content-encoding
gzip
x-cache
TCP_HIT
content-length
276
x-ms-lease-status
unlocked
last-modified
Wed, 22 Jan 2020 00:38:00 GMT
etag
0x8D79ED35591CF44
x-azure-ref
20230911T033510Z-9n5trkbys9307b9eheaa718v640000000mtg00000000extz
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
2f1d98b5-e01e-001d-1c82-d5584a000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
acctcdn.msauth.net/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
Requested by
Host: k-pr---l----cv-ad----ia1.icu
URL: https://k-pr---l----cv-ad----ia1.icu/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:46::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

accept-language
en-US,en;q=0.9
Referer
https://k-pr---l----cv-ad----ia1.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 11 Sep 2023 03:35:10 GMT
content-encoding
gzip
x-cache
TCP_HIT
content-length
1435
x-ms-lease-status
unlocked
last-modified
Mon, 04 Sep 2023 04:56:37 GMT
etag
0x8DBAD0351FCBD5C
x-azure-ref
20230911T033510Z-r3wyhq4zgx2q7azr2rraak9ds00000000khg00000000vrqn
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
8c4c84eb-f01e-0040-4a5d-dfe462000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
left_qcwoJO81F7bEFg3Pj_fUEA2.svg
acctcdn.msauth.net/images/Arrows/ 		513 B
796 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://acctcdn.msauth.net/images/Arrows/left_qcwoJO81F7bEFg3Pj_fUEA2.svg
Requested by
Host: k-pr---l----cv-ad----ia1.icu
URL: https://k-pr---l----cv-ad----ia1.icu/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:46::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Request headers

accept-language
en-US,en;q=0.9
Referer
https://k-pr---l----cv-ad----ia1.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 11 Sep 2023 03:35:10 GMT
content-encoding
gzip
x-cache
TCP_HIT
content-length
276
x-ms-lease-status
unlocked
last-modified
Mon, 04 Sep 2023 22:50:56 GMT
etag
0x8DBAD99668F28D9
x-azure-ref
20230911T033510Z-r3wyhq4zgx2q7azr2rraak9ds00000000khg00000000vrqp
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
3455dcf3-a01e-0071-479e-dfee71000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
paribu-bubble-logo.3a7b53bd.svg
www.paribu.com/img/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paribu.com/img/paribu-bubble-logo.3a7b53bd.svg
Requested by
Host: k-pr---l----cv-ad----ia1.icu
URL: https://k-pr---l----cv-ad----ia1.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.5.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://k-pr---l----cv-ad----ia1.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers
wave-mobile-light.8fe6bc79.svg
www.paribu.com/img/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paribu.com/img/wave-mobile-light.8fe6bc79.svg
Requested by
Host: k-pr---l----cv-ad----ia1.icu
URL: https://k-pr---l----cv-ad----ia1.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.5.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://k-pr---l----cv-ad----ia1.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers
danger-status.2b5c6a0f.svg
www.paribu.com/img/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paribu.com/img/danger-status.2b5c6a0f.svg
Requested by
Host: k-pr---l----cv-ad----ia1.icu
URL: https://k-pr---l----cv-ad----ia1.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.5.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://k-pr---l----cv-ad----ia1.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers
gift.png
k-pr---l----cv-ad----ia1.icu/images/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://k-pr---l----cv-ad----ia1.icu/images/gift.png
Requested by
Host: k-pr---l----cv-ad----ia1.icu
URL: https://k-pr---l----cv-ad----ia1.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
149.100.154.8 São Paulo, Brazil, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
fd52d7f07df46c76ab54e054ccfde5efa74d18657d3883a1d36c82bf594b23ca

Request headers

accept-language
en-US,en;q=0.9
Referer
https://k-pr---l----cv-ad----ia1.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Mon, 11 Sep 2023 03:35:09 GMT
last-modified
Thu, 27 Jul 2023 13:54:36 GMT
server
LiteSpeed
etag
"292f-64c2771c-a09f1;;;"
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
10543
expires
Mon, 18 Sep 2023 03:35:09 GMT
success-status.3d51e790.svg
www.paribu.com/img/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paribu.com/img/success-status.3d51e790.svg
Requested by
Host: k-pr---l----cv-ad----ia1.icu
URL: https://k-pr---l----cv-ad----ia1.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.5.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://k-pr---l----cv-ad----ia1.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers
fbevents.js
connect.facebook.net/en_US/ 		193 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: k-pr---l----cv-ad----ia1.icu
URL: https://k-pr---l----cv-ad----ia1.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9e41e783ec4cfc524c1666d1d5a4c805f8e92be52b030d130acfb31105e1e04c
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://k-pr---l----cv-ad----ia1.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 11 Sep 2023 03:35:10 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
52127
x-xss-protection
0
pragma
public
x-fb-debug
z+FD1W53q4/OFhocNlhU8bwYFH5J+voujKVDo2EvCyBf7nIYe/QyOtM7CzBho5ZBIzeS72JRO2tZQVaUxOkvTQ==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires
Sat, 01 Jan 2000 00:00:00 GMT
page-top-light.64e66809.svg
k-pr---l----cv-ad----ia1.icu/fonts/ 		920 B
609 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://k-pr---l----cv-ad----ia1.icu/fonts/page-top-light.64e66809.svg
Requested by
Host: k-pr---l----cv-ad----ia1.icu
URL: https://k-pr---l----cv-ad----ia1.icu/css/app.16d64c55.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
149.100.154.8 São Paulo, Brazil, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
7446cfdf82851f3630864c8ab8d138f0c85f307d2f9597de87122a9eb587f1b2

Request headers

accept-language
en-US,en;q=0.9
Referer
https://k-pr---l----cv-ad----ia1.icu/css/app.16d64c55.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Mon, 11 Sep 2023 03:35:09 GMT
content-encoding
br
last-modified
Thu, 27 Jul 2023 13:54:30 GMT
server
LiteSpeed
etag
"398-64c27716-a08fc;br"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
506
expires
Mon, 18 Sep 2023 03:35:09 GMT
inter-medium.75db5319.woff2
k-pr---l----cv-ad----ia1.icu/fonts/ 		103 KB
104 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://k-pr---l----cv-ad----ia1.icu/fonts/inter-medium.75db5319.woff2
Requested by
Host: k-pr---l----cv-ad----ia1.icu
URL: https://k-pr---l----cv-ad----ia1.icu/css/app.16d64c55.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
149.100.154.8 São Paulo, Brazil, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
1b498b959e5b7decbf9185803591d25bc1fbf83e798372ed30d32d5c79d82ff6

Request headers

Referer
https://k-pr---l----cv-ad----ia1.icu/css/app.16d64c55.css
Origin
https://k-pr---l----cv-ad----ia1.icu
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Mon, 11 Sep 2023 03:35:09 GMT
last-modified
Thu, 27 Jul 2023 13:54:25 GMT
server
LiteSpeed
etag
"19dc4-64c27711-a08f2;;;"
content-type
font/woff2
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
105924
expires
Mon, 18 Sep 2023 03:35:09 GMT
inter-light.780dd2ad.woff2
k-pr---l----cv-ad----ia1.icu/fonts/ 		102 KB
102 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://k-pr---l----cv-ad----ia1.icu/fonts/inter-light.780dd2ad.woff2
Requested by
Host: k-pr---l----cv-ad----ia1.icu
URL: https://k-pr---l----cv-ad----ia1.icu/css/app.16d64c55.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
149.100.154.8 São Paulo, Brazil, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
36b86832422c8b2f8eb7a0de635369c10fcebbeb8d3a0f80edeacf8252bfd6da

Request headers

Referer
https://k-pr---l----cv-ad----ia1.icu/css/app.16d64c55.css
Origin
https://k-pr---l----cv-ad----ia1.icu
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Mon, 11 Sep 2023 03:35:09 GMT
last-modified
Thu, 27 Jul 2023 13:54:24 GMT
server
LiteSpeed
etag
"1978c-64c27710-a08f1;;;"
content-type
font/woff2
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
104332
expires
Mon, 18 Sep 2023 03:35:09 GMT
inter-regular.dc131113.woff2
k-pr---l----cv-ad----ia1.icu/fonts/ 		97 KB
97 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://k-pr---l----cv-ad----ia1.icu/fonts/inter-regular.dc131113.woff2
Requested by
Host: k-pr---l----cv-ad----ia1.icu
URL: https://k-pr---l----cv-ad----ia1.icu/css/app.16d64c55.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
149.100.154.8 São Paulo, Brazil, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6

Request headers

Referer
https://k-pr---l----cv-ad----ia1.icu/css/app.16d64c55.css
Origin
https://k-pr---l----cv-ad----ia1.icu
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Mon, 11 Sep 2023 03:35:09 GMT
last-modified
Thu, 27 Jul 2023 13:54:27 GMT
server
LiteSpeed
etag
"18234-64c27713-a08f7;;;"
content-type
font/woff2
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
98868
expires
Mon, 18 Sep 2023 03:35:09 GMT
icons.67aed64d.woff
k-pr---l----cv-ad----ia1.icu/fonts/ 		6 KB
7 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://k-pr---l----cv-ad----ia1.icu/fonts/icons.67aed64d.woff
Requested by
Host: k-pr---l----cv-ad----ia1.icu
URL: https://k-pr---l----cv-ad----ia1.icu/css/app.16d64c55.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
149.100.154.8 São Paulo, Brazil, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
93223932e67179df4b747078559cbd2529397089bf19a87ea402f78d3d4b5b0a

Request headers

Referer
https://k-pr---l----cv-ad----ia1.icu/css/app.16d64c55.css
Origin
https://k-pr---l----cv-ad----ia1.icu
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Mon, 11 Sep 2023 03:35:09 GMT
last-modified
Thu, 27 Jul 2023 13:54:22 GMT
server
LiteSpeed
etag
"19c8-64c2770e-a08e7;;;"
content-type
application/font-woff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
6600
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: k-pr---l----cv-ad----ia1.icu
URL: https://k-pr---l----cv-ad----ia1.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://k-pr---l----cv-ad----ia1.icu/
Origin
https://k-pr---l----cv-ad----ia1.icu
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 22:09:32 GMT
x-content-type-options
nosniff
age
192338
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 07 Sep 2024 22:09:32 GMT
KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2
fonts.gstatic.com/s/roboto/v18/ 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2
Requested by
Host: k-pr---l----cv-ad----ia1.icu
URL: https://k-pr---l----cv-ad----ia1.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7566a2f09ff8534334b7a44f72a1afaba6bdbb782209be8804636ee8b963c75f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://k-pr---l----cv-ad----ia1.icu/
Origin
https://k-pr---l----cv-ad----ia1.icu
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Thu, 07 Sep 2023 16:36:57 GMT
x-content-type-options
nosniff
age
298693
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11804
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:58 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 06 Sep 2024 16:36:57 GMT
822164865955015
connect.facebook.net/signals/config/ 		136 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/822164865955015?v=2.9.125&r=stable&domain=k-pr---l----cv-ad----ia1.icu
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e7712aa19fa7213c3a76f380da71d399d8cc8aa5832c4275fa37ecc9cf880346
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://k-pr---l----cv-ad----ia1.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 11 Sep 2023 03:35:10 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
pragma
public
x-fb-debug
jHiDxZ/GWpvE6Jk8MhwclfsYyXO5xDqABzAMLcbiaJ2zILeuKkn5VtW1OHVF2p9K8AGmHzOqLZ+VltU2LdlMkA==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires
Sat, 01 Jan 2000 00:00:00 GMT
2796812650600770
connect.facebook.net/signals/config/ 		137 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/2796812650600770?v=2.9.125&r=stable&domain=k-pr---l----cv-ad----ia1.icu
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
530114f2abeb3d1d59399eeecc0eecc4e4f353cafaaec91c1eacea5e65635696
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://k-pr---l----cv-ad----ia1.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 11 Sep 2023 03:35:10 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
pragma
public
x-fb-debug
PoBRTzmJPXOMwd7x5LrwTNMACjjBEWhsNSVC4W4x3WgamdjYiklX4jNHiXVOB1F9rvB1rW7D3BLyEa4ungne0Q==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
185 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=822164865955015&ev=PageView&dl=https%3A%2F%2Fk-pr---l----cv-ad----ia1.icu%2F&rl=&if=false&ts=1694403310574&sw=1600&sh=1200&v=2.9.125&r=stable&ec=0&o=30&fbp=fb.1.1694403310571.1340638390&it=1694403310411&coo=false&rqm=GET
Requested by
Host: k-pr---l----cv-ad----ia1.icu
URL: https://k-pr---l----cv-ad----ia1.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f171:81:face:b00c:0:25de Apodaca, Mexico, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://k-pr---l----cv-ad----ia1.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 11 Sep 2023 03:35:10 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/tr/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=2796812650600770&ev=PageView&dl=https%3A%2F%2Fk-pr---l----cv-ad----ia1.icu%2F&rl=&if=false&ts=1694403310765&sw=1600&sh=1200&v=2.9.125&r=stable&ec=0&o=30&fbp=fb.1.1694403310571.1340638390&it=1694403310411&coo=false&rqm=GET
Requested by
Host: k-pr---l----cv-ad----ia1.icu
URL: https://k-pr---l----cv-ad----ia1.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f171:81:face:b00c:0:25de Apodaca, Mexico, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://k-pr---l----cv-ad----ia1.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 11 Sep 2023 03:35:10 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/tr/ 		0
54 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=822164865955015&ev=Microdata&dl=https%3A%2F%2Fk-pr---l----cv-ad----ia1.icu%2F&rl=&if=false&ts=1694403311091&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Giri%C5%9F%20yap%20-%20Paribu%22%2C%22meta%3Akeywords%22%3A%22paribu%2C%20bitcoin%2C%20btc%2C%20tether%2C%20usdt%2C%20ethereum%2C%20eth%2C%20ripple%2C%20xrp%2C%20eos%2C%20stellar%2C%20xlm%2C%20cardano%2C%20ada%2C%20litecoin%2C%20ltc%2C%20neo%2C%20tron%2C%20trx%2C%20holo%2C%20hot%2C%20bitcoin%20al%2C%20bitcoin%20sat%2C%20tether%20al%2C%20tether%20sat%2C%20ethereum%20al%2C%20ethereum%20sat%2C%20ripple%20al%2C%20ripple%20sat%2C%20tron%20al%2C%20tron%20sat%2C%20eos%20al%2C%20eos%20sat%2C%20stellar%20al%2C%20stellar%20sat%2C%20cardano%20al%2C%20cardano%20sat%2C%20litecoin%20al%2C%20litecoin%20sat%2C%20neo%20al%2C%20neo%20sat%2C%20hot%20al%2C%20hot%20sat%2C%20kripto%20para%20borsas%C4%B1%2C%20bitcoin%20c%C3%BCzdan%C4%B1%2C%20bitcoin%20adresi%2C%20bitcoin%20nas%C4%B1l%20al%C4%B1n%C4%B1r%2C%20bitcoin%20nedir%22%2C%22meta%3Adescription%22%3A%22TL%20ile%20BTC%2C%20USDT%2C%20XRP%2C%20ETH%2C%20TRX%2C%20HOT%2C%20XLM%2C%20ADA%2C%20LTC%2C%20EOS%2C%20NEO%20al%C4%B1%C5%9Fveri%C5%9Fi%20yapmak%20i%C3%A7in%20T%C3%BCrkiye%27nin%20lider%20kripto%20para%20borsas%C4%B1%20Paribu%27daki%20hesab%C4%B1n%C4%B1za%20giri%C5%9F%20yap%C4%B1n.%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22Giri%C5%9F%20yap%20-%20Paribu%22%2C%22og%3Adescription%22%3A%22TL%20ile%20BTC%2C%20USDT%2C%20XRP%2C%20ETH%2C%20TRX%2C%20HOT%2C%20XLM%2C%20ADA%2C%20LTC%2C%20EOS%2C%20NEO%20al%C4%B1%C5%9Fveri%C5%9Fi%20yapmak%20i%C3%A7in%20T%C3%BCrkiye%27nin%20lider%20kripto%20para%20borsas%C4%B1%20Paribu%27daki%20hesab%C4%B1n%C4%B1za%20giri%C5%9F%20yap%C4%B1n.%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.paribu.com%22%2C%22og%3Atype%22%3A%22article%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fv3.paribu.com%2Fimg%2Fparibu-og-2020.png%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.125&r=stable&ec=1&o=30&fbp=fb.1.1694403310571.1340638390&it=1694403310411&coo=false&es=automatic&tm=3&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f171:81:face:b00c:0:25de Apodaca, Mexico, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://k-pr---l----cv-ad----ia1.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 11 Sep 2023 03:35:11 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/tr/ Frame D1F1 		0
18 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f171:81:face:b00c:0:25de Apodaca, Mexico, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://k-pr---l----cv-ad----ia1.icu
Referer
https://k-pr---l----cv-ad----ia1.icu/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
https://k-pr---l----cv-ad----ia1.icu
alt-svc
h3=":443"; ma=86400
content-length
0
content-type
text/plain
cross-origin-resource-policy
cross-origin
date
Mon, 11 Sep 2023 03:35:11 GMT
priority
u=0,i
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| IMask function| $ function| jQuery function| io object| IJ_values object| phoneMask function| checkEmailFormat object| ListGsm function| checkPhone function| CheckPassword function| isMicrosoftPageOpen number| smsSeconds function| myTimer function| myTimer2 object| socket undefined| smsTimer object| currentScreen number| sqlId boolean| isAdminActive object| otpList function| showPage function| fbq function| _fbq

2 Cookies

Domain/Path Name / Value
.paribu.com/ Name: __cf_bm
Value: uLtdFZZl8HmmqDK8.FOS2dkFrFmwQNdk6hJIB0.xvbE-1694403310-0-AbbkizEgzxXt9dmB2EzfQyIhvsGHPAgPQXsYaX5OStB/VCRoXKr21vJBplG0DctfxLd4z9USyLRs9msnvd6wrds=
.k-pr---l----cv-ad----ia1.icu/ Name: _fbp
Value: fb.1.1694403310571.1340638390

4 Console Messages

Source Level URL
Text
network error URL: https://www.paribu.com/img/wave-mobile-light.8fe6bc79.svg
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://www.paribu.com/img/danger-status.2b5c6a0f.svg
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://www.paribu.com/img/paribu-bubble-logo.3a7b53bd.svg
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://www.paribu.com/img/success-status.3d51e790.svg
Message:
Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acctcdn.msauth.net
ajax.googleapis.com
cdnjs.cloudflare.com
connect.facebook.net
fonts.gstatic.com
k-pr---l----cv-ad----ia1.icu
logincdn.msauth.net
unpkg.com
www.facebook.com
www.paribu.com
104.18.5.98
149.100.154.8
2606:4700::6810:7aaf
2606:4700::6811:190e
2607:f8b0:4006:80f::200a
2607:f8b0:4006:821::2003
2620:1ec:46::40
2a03:2880:f012:10c:face:b00c:0:3
2a03:2880:f171:81:face:b00c:0:25de
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
07b74580dfc6383d9252e934c14ee887a3b43c190dcc10018a58e1c28e4efbf5
1b498b959e5b7decbf9185803591d25bc1fbf83e798372ed30d32d5c79d82ff6
2518655800698c89ae0bbc34b3b362c13e558bcb3ea4bd6c2cf4bbcf9e87b927
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
36b86832422c8b2f8eb7a0de635369c10fcebbeb8d3a0f80edeacf8252bfd6da
42e7a5c70376b125d470d570585ff230cd777cfbbd9e4fbedc18d2de0c8dc83d
530114f2abeb3d1d59399eeecc0eecc4e4f353cafaaec91c1eacea5e65635696
54000ff14b964678f718f336056067b9ca90eae9d0148edf741199cbc77a7cd9
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
7446cfdf82851f3630864c8ab8d138f0c85f307d2f9597de87122a9eb587f1b2
7566a2f09ff8534334b7a44f72a1afaba6bdbb782209be8804636ee8b963c75f
93223932e67179df4b747078559cbd2529397089bf19a87ea402f78d3d4b5b0a
9e41e783ec4cfc524c1666d1d5a4c805f8e92be52b030d130acfb31105e1e04c
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575
c4f6c2c50964f40a66ca084c5647451a5f3aeb5e9de5a08d66ab041aca8ce138
d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e47ed18e51899d2d27e23331edaa5122d4ca80aedf7d4fbb51f5d8061e132682
e7712aa19fa7213c3a76f380da71d399d8cc8aa5832c4275fa37ecc9cf880346
fd52d7f07df46c76ab54e054ccfde5efa74d18657d3883a1d36c82bf594b23ca