vici32.pagedemo.co Open in urlscan Pro
2606:4700:4400::ac40:961b  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response vici32.pagedemo.co/	35 KB 9 KB	229ms 84ms	Document text/html	2606:4700:4400::ac40:961b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://vici32.pagedemo.co/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:961b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dfb97ba6288a02bc3f98b826471c4db5d2b18fb0fdfc23ba0cd9c2f6e27e71d0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers access-control-allow-origin * cf-cache-status DYNAMIC cf-ray 80861d1b2b5e39e4-YYZ content-encoding gzip content-type text/html; charset=utf-8 date Mon, 18 Sep 2023 02:21:07 GMT etag W/"8c9c-Z6Te2x7C8LhedeHK0p7AE/MuPzI" server cloudflare vary Accept-Encoding via 1.1 google
GET H2	200	utils.b4c8feedb36b8ec3c007.js Show response g.fastcdn.co/js/	56 KB 20 KB	218ms 42ms	Script application/javascript	35.244.137.202 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://g.fastcdn.co/js/utils.b4c8feedb36b8ec3c007.js Requested by Host: vici32.pagedemo.co URL: https://vici32.pagedemo.co/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.244.137.202 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 202.137.244.35.bc.googleusercontent.com Software UploadServer / Resource Hash 5b593e7ab0339a6fa51df85b039fbf0c671ad227a47c34e9f06f4b2b27fe4105 Request headers accept-language en-CA,en;q=0.9 Referer https://vici32.pagedemo.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36 Response headers date Sat, 16 Sep 2023 10:04:36 GMT content-encoding gzip age 144991 x-guploader-uploadid ADPycdsk_nnY-YfcttL5qJrz1WwgXl3xrIr2IBqPs4J7HSw4370ZKZAsALULdn3fSdgU1sW5_uL9nzLfGhVDaKL-JA31Yg x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 x-goog-stored-content-encoding gzip alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 19563 last-modified Wed, 16 Aug 2023 13:40:31 GMT server UploadServer etag "3adfd30dd3e9db51e331049995899d6c" vary Accept-Encoding x-goog-generation 1692193231170938 x-goog-hash crc32c=ZAEvsQ==, md5=Ot/TDdPp21HjMQSZlYmdbA== content-type application/javascript cache-control public, max-age=31536000 x-goog-stored-content-length 19563 accept-ranges bytes expires Sun, 15 Sep 2024 10:04:36 GMT
GET H2	200	Cradle.c9144221d5b5d6147353.js Show response g.fastcdn.co/js/	15 KB 4 KB	245ms 70ms	Script application/javascript	35.244.137.202 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://g.fastcdn.co/js/Cradle.c9144221d5b5d6147353.js Requested by Host: vici32.pagedemo.co URL: https://vici32.pagedemo.co/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.244.137.202 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 202.137.244.35.bc.googleusercontent.com Software UploadServer / Resource Hash ecc3883f7b177edcd6a59dcdb4f957cba8a1df5180202fcd3f30bd33dd6f7d7b Request headers accept-language en-CA,en;q=0.9 Referer https://vici32.pagedemo.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36 Response headers date Sat, 16 Sep 2023 06:11:41 GMT content-encoding gzip age 158966 x-guploader-uploadid ADPycdthlDM8y3aGyrmgTiQk7Lmbgp53GUKHIn3BBJCnDcFZqu_MiwB2B8BRgaBeRbH3U0D7zg5BZ7wH-IAyQJEVN6ZIHw x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 x-goog-stored-content-encoding gzip alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4001 last-modified Thu, 17 Aug 2023 08:46:03 GMT server UploadServer etag "83131494fd187537d0742a06ac0791a9" vary Accept-Encoding x-goog-generation 1692248631878847 x-goog-hash crc32c=Tt9fJA==, md5=gxMUlP0YdTfQdCoGrAeRqQ== content-type application/javascript cache-control public, max-age=31536000 x-goog-stored-content-length 4001 accept-ranges bytes expires Sun, 15 Sep 2024 06:11:41 GMT
GET H2	200	it.js Show response cdn.instapagemetrics.com/t/js/3/	54 KB 54 KB	223ms 44ms	Script text/javascript	34.36.17.181 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://cdn.instapagemetrics.com/t/js/3/it.js Requested by Host: vici32.pagedemo.co URL: https://vici32.pagedemo.co/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.36.17.181 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 181.17.36.34.bc.googleusercontent.com Software UploadServer / Resource Hash 853d7ef6b54d838c009d01e4857b499d7ec4f71f6fced1e2e3c463fd393ccb29 Request headers accept-language en-CA,en;q=0.9 Referer https://vici32.pagedemo.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36 Response headers date Mon, 18 Sep 2023 01:57:35 GMT age 1413 x-guploader-uploadid ADPycds_cccydSomawFw-GGz8xbcoITKCnobKTaNft7AQlp1hWh8I39DFH8yKzEDTAxexNGt9ncBAn7Y167NwP0qihWV-c9Op0HM x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 x-goog-stored-content-encoding identity alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 55266 last-modified Tue, 13 Jun 2023 11:21:34 GMT server UploadServer etag "eee931187060719ab17a352de2424e0c" x-goog-generation 1686655294888925 x-goog-hash crc32c=JVvUKA==, md5=7ukxGHBgcZqxejUt4kJODA== content-type text/javascript cache-control public,max-age=3600 x-goog-stored-content-length 55266 accept-ranges bytes
GET H2	200	sptw.2ab2ac49302c4b984117.js Show response g.fastcdn.co/js/	60 KB 20 KB	40ms 39ms	Script application/javascript	35.244.137.202 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://g.fastcdn.co/js/sptw.2ab2ac49302c4b984117.js Requested by Host: vici32.pagedemo.co URL: https://vici32.pagedemo.co/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.244.137.202 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 202.137.244.35.bc.googleusercontent.com Software UploadServer / Resource Hash c1a80fb2192398e6c5ca97d4a7efc7bb92bb734dc8ee6fefc25399dc1d555a81 Request headers accept-language en-CA,en;q=0.9 Referer https://vici32.pagedemo.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36 Response headers date Sat, 16 Sep 2023 10:04:36 GMT content-encoding gzip age 144992 x-guploader-uploadid ADPycdsbHuSFerEqh9Bud1J2sHocSApYMclXLbXrP_4T_F2XHDZnEDd6z9dOhcZ8xcjazgt1Jh8NTfCtms5rK-Hqu33ldA x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 x-goog-stored-content-encoding gzip alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20036 last-modified Wed, 16 Aug 2023 13:40:31 GMT server UploadServer etag "f45dd54250d70fea6f62da3471aa05e9" vary Accept-Encoding x-goog-generation 1692193231030023 x-goog-hash crc32c=GfzCLA==, md5=9F3VQlDXD+pvYto0caoF6Q== content-type application/javascript cache-control public, max-age=31536000 x-goog-stored-content-length 20036 accept-ranges bytes expires Sun, 15 Sep 2024 10:04:36 GMT
GET H2	200	cm.js Show response g.fastcdn.co/js/	51 KB 18 KB	57ms 56ms	Script application/javascript	35.244.137.202 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://g.fastcdn.co/js/cm.js Requested by Host: vici32.pagedemo.co URL: https://vici32.pagedemo.co/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.244.137.202 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 202.137.244.35.bc.googleusercontent.com Software UploadServer / Resource Hash dd8625bfa35604f050e4dcc7ff10c2c31d7cdf1ce7bdf4cde0d0415dcc74e2fb Request headers accept-language en-CA,en;q=0.9 Referer https://vici32.pagedemo.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36 Response headers date Fri, 15 Sep 2023 15:27:54 GMT content-encoding gzip age 211994 x-guploader-uploadid ADPycdtbk3BI7doUcdENy0guovJOXQQCLOq1rsb3Ir1DHCDmlGIL5bJRbgQSspMsX-_pvdYUT7Tcagn722f6vB2k0tl8cSwSmNwa x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 x-goog-stored-content-encoding gzip alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 17906 last-modified Thu, 30 Jun 2022 02:12:17 GMT server UploadServer etag "8e466d98fa1f746c74b1b409d20a0cf3" vary Accept-Encoding x-goog-generation 1656555137097208 x-goog-hash crc32c=ZpZBfw==, md5=jkZtmPofdGx0sbQJ0goM8w== content-type application/javascript cache-control public, max-age=31536000 x-goog-stored-content-length 17906 accept-ranges bytes expires Sat, 14 Sep 2024 15:27:54 GMT
GET H2	200	64544297-0-11111.png v.fastcdn.co/u/1ae49012/	148 KB 149 KB	163ms 47ms	Image image/webp	2606:4700:4400::6812:2084 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://v.fastcdn.co/u/1ae49012/64544297-0-11111.png Requested by Host: vici32.pagedemo.co URL: https://vici32.pagedemo.co/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:2084 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d40fa367e0501a2c21671400fef2759d5806318448228a595c159c754656ff34 Request headers accept-language en-CA,en;q=0.9 Referer https://vici32.pagedemo.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36 Response headers date Mon, 18 Sep 2023 02:21:08 GMT cf-cache-status HIT age 13313 cf-polished origFmt=png, origSize=258873 x-guploader-uploadid ADPycdvYedbp40Pk9DQiRkdMg1L1b8_9uZDfOq8IXm-a1-FeEfZNc5PexDa45nK3uJ1cawptkmhcpSxzb4WiHLjGiwNpMw x-goog-meta-content-length 0 x-goog-storage-class STANDARD x-goog-metageneration 2 x-goog-stored-content-encoding identity content-disposition inline; filename="64544297-0-11111.webp" x-goog-meta-expires Thu, 07 Nov 2024 04:08:49 GMT content-length 151778 cf-bgj imgq:85,h2pri last-modified Sun, 17 Sep 2023 12:08:49 GMT server cloudflare etag "0d4da4745acfe0dcda0e1b8688ad2403" vary Accept x-goog-generation 1694952529261016 content-type image/webp x-goog-hash crc32c=zdNHRA==, md5=DU2kdFrP4NzaDhuGiK0kAw== cache-control public, max-age=315360000 x-goog-stored-content-length 258873 accept-ranges bytes cf-ray 80861d1e19f338e2-YYZ expires Thu, 15 Sep 2033 02:21:08 GMT
GET H2	200	64544306-0-Untitled.png v.fastcdn.co/u/1ae49012/	200 B 848 B	162ms 47ms	Image image/webp	2606:4700:4400::6812:2084 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://v.fastcdn.co/u/1ae49012/64544306-0-Untitled.png Requested by Host: vici32.pagedemo.co URL: https://vici32.pagedemo.co/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:2084 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f7834fd24590f807fd338a531d8897c758b2f4ed8988926f30cedb38d5a188a7 Request headers accept-language en-CA,en;q=0.9 Referer https://vici32.pagedemo.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36 Response headers date Mon, 18 Sep 2023 02:21:08 GMT cf-cache-status HIT age 13313 cf-polished origFmt=png, origSize=2938 x-guploader-uploadid ADPycdtWgWYhXOPEt7GshjBVVGNuzRz0hDT730BzNUpat6jX8_e-04xTqc7x8pWXZFw1Is4wA8p-bUSjByVshG7kx59QdGFZKoTv x-goog-meta-content-length 0 x-goog-storage-class STANDARD x-goog-metageneration 2 x-goog-stored-content-encoding identity content-disposition inline; filename="64544306-0-Untitled.webp" x-goog-meta-expires Thu, 07 Nov 2024 04:28:24 GMT content-length 200 cf-bgj imgq:85,h2pri last-modified Sun, 17 Sep 2023 12:28:25 GMT server cloudflare etag "7fac350137226bb1bdf23dbb54444142" vary Accept x-goog-generation 1694953705041462 content-type image/webp x-goog-hash crc32c=lQ8G9w==, md5=f6w1ATcia7G98j27VERBQg== cache-control public, max-age=315360000 x-goog-stored-content-length 2938 accept-ranges bytes cf-ray 80861d1e19f538e2-YYZ expires Thu, 15 Sep 2033 02:21:08 GMT
GET H2	200	LazyImage.59626ef3f961b8927cb6.js Show response g.fastcdn.co/js/	2 KB 1 KB	58ms 57ms	Script application/javascript	35.244.137.202 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://g.fastcdn.co/js/LazyImage.59626ef3f961b8927cb6.js Requested by Host: vici32.pagedemo.co URL: https://vici32.pagedemo.co/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.244.137.202 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 202.137.244.35.bc.googleusercontent.com Software UploadServer / Resource Hash 047794317b70504540fd8504bd67eec9a33e7e7b9558fb2f73a0a0de663a51c3 Request headers accept-language en-CA,en;q=0.9 Referer https://vici32.pagedemo.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36 Response headers date Fri, 15 Sep 2023 15:12:18 GMT content-encoding gzip age 212930 x-guploader-uploadid ADPycdssQy4W-jkLeTIcDZCxvN1b3WFNG5wmg2lAfHIscRN2HdTd09_WhIG5vlCU-vL7xHCKRzvlAhedCuLJrpofh8C_C9Y1FCV1 x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 x-goog-stored-content-encoding gzip alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1022 last-modified Thu, 17 Aug 2023 08:46:03 GMT server UploadServer etag "b0ae2275f5d011ac64917080661e4956" vary Accept-Encoding x-goog-generation 1692197940674420 x-goog-hash crc32c=ZP0ifA==, md5=sK4idfXQEaxkkXCAZh5JVg== content-type application/javascript cache-control public, max-age=31536000 x-goog-stored-content-length 1022 accept-ranges bytes expires Sat, 14 Sep 2024 15:12:18 GMT
GET H2	200	Form.cbe34601af62a2d8abaa.js Show response g.fastcdn.co/js/	90 KB 22 KB	41ms 40ms	Script application/javascript	35.244.137.202 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://g.fastcdn.co/js/Form.cbe34601af62a2d8abaa.js Requested by Host: vici32.pagedemo.co URL: https://vici32.pagedemo.co/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.244.137.202 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 202.137.244.35.bc.googleusercontent.com Software UploadServer / Resource Hash 7bef30ad2af623b1a03ce58ee3d21eff18411ec82c10f1375a1bb3a7df3ce38d Request headers accept-language en-CA,en;q=0.9 Referer https://vici32.pagedemo.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36 Response headers date Sat, 09 Sep 2023 22:44:04 GMT content-encoding gzip age 704224 x-guploader-uploadid ADPycdv99n1c3dijMlQ_Dhkrwx1fQGBgOK3T-kVx8U2AcDHxhGNBZjVPWqKr-52kkcNUyzlr50D17UVKLOSldXgG7EsTvg x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 x-goog-stored-content-encoding gzip alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 22769 last-modified Thu, 17 Aug 2023 08:46:03 GMT server UploadServer etag "4c474a21cc452dceea41f23e8dcf381f" vary Accept-Encoding x-goog-generation 1692261963647427 x-goog-hash crc32c=9dQn6A==, md5=TEdKIcxFLc7qQfI+jc84Hw== content-type application/javascript cache-control public, max-age=31536000 x-goog-stored-content-length 22769 accept-ranges bytes expires Sun, 08 Sep 2024 22:44:04 GMT
GET H2	200	ExternalConversion.b39a872733a378417a08.js Show response g.fastcdn.co/js/	13 KB 5 KB	40ms 40ms	Script application/javascript	35.244.137.202 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://g.fastcdn.co/js/ExternalConversion.b39a872733a378417a08.js Requested by Host: vici32.pagedemo.co URL: https://vici32.pagedemo.co/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.244.137.202 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 202.137.244.35.bc.googleusercontent.com Software UploadServer / Resource Hash 780e4645dc7a4fb5e6d8905d371508f7bf3dff8fc4f4a69362807773ac79516c Request headers accept-language en-CA,en;q=0.9 Referer https://vici32.pagedemo.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36 Response headers date Tue, 12 Sep 2023 23:08:28 GMT content-encoding gzip age 443560 x-guploader-uploadid ADPycdvpaii-5Z-4az0ca3k_0IINtN9bLQauGsdUg2Gpq-fyqGAOYiZ1rr6tWUeGTYPv90Zq5Uv68_yOJgiL2jhpmCquDtiPSqcn x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 x-goog-stored-content-encoding gzip alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4626 last-modified Thu, 17 Aug 2023 08:46:03 GMT server UploadServer etag "25e5d88906b5d8dec6bcc20e89cc03f3" vary Accept-Encoding x-goog-generation 1692261963418086 x-goog-hash crc32c=cobmhQ==, md5=JeXYiQa12N7GvMIOicwD8w== content-type application/javascript cache-control public, max-age=31536000 x-goog-stored-content-length 4626 accept-ranges bytes expires Wed, 11 Sep 2024 23:08:28 GMT
GET H/1.1	200 OK	index.html Show response d3mwhxgzltpnyp.cloudfront.net/local-storage/ Frame 3A52	2 KB 2 KB	294ms 76ms	Document text/html	18.160.0.79 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d3mwhxgzltpnyp.cloudfront.net/local-storage/index.html Requested by Host: vici32.pagedemo.co URL: https://vici32.pagedemo.co/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 18.160.0.79 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-160-0-79.iad12.r.cloudfront.net Software AmazonS3 / Resource Hash 677469f67de872a78409397267b20ffddc918a88f649ccd9f6a70b7bf2c52c6a Request headers Referer https://vici32.pagedemo.co/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers Accept-Ranges bytes Age 50810 Connection keep-alive Content-Length 2011 Content-Type text/html Date Sun, 17 Sep 2023 12:14:19 GMT ETag "96fe7591f6e1e7aa545b29cfb881532d" Last-Modified Tue, 16 Jan 2018 10:48:23 GMT Server AmazonS3 Via 1.1 68a3b1d5c75429221abc685a453afb60.cloudfront.net (CloudFront) X-Amz-Cf-Id pJzlBtT4k7u65ikT9Yc_DNEtIhSE9bYi1wjCuhjlNwP9ELS7B21e1Q== X-Amz-Cf-Pop IAD12-P3 X-Cache Hit from cloudfront
GET H2	200	prototype.js Show response ajax.googleapis.com/ajax/libs/prototype/1.7.1.0/ Frame 3A52	177 KB 40 KB	241ms 53ms	Script text/javascript	2607:f8b0:4004:c0b::5f GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/prototype/1.7.1.0/prototype.js Requested by Host: d3mwhxgzltpnyp.cloudfront.net URL: https://d3mwhxgzltpnyp.cloudfront.net/local-storage/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c0b::5f Ashburn, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 48a4fd51466ac55d081ff932371021b328f118f74ee6ba93c0ec8fd163e34a30 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-CA,en;q=0.9 Referer https://d3mwhxgzltpnyp.cloudfront.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36 Response headers date Sat, 16 Sep 2023 06:07:55 GMT content-encoding gzip x-content-type-options nosniff age 159193 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 40653 x-xss-protection 0 last-modified Tue, 03 Mar 2020 19:15:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Sun, 15 Sep 2024 06:07:55 GMT
GET H/1.1	200 OK	jstorage.js Show response d3mwhxgzltpnyp.cloudfront.net/local-storage/ Frame 3A52	8 KB 9 KB	82ms 82ms	Script application/x-javascript	18.160.0.79 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d3mwhxgzltpnyp.cloudfront.net/local-storage/jstorage.js Requested by Host: d3mwhxgzltpnyp.cloudfront.net URL: https://d3mwhxgzltpnyp.cloudfront.net/local-storage/index.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 18.160.0.79 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-160-0-79.iad12.r.cloudfront.net Software AmazonS3 / Resource Hash bae1d85f3e99612938b14da99b90e464095637cb8dd1e5a1f5c59a7f45f0f617 Request headers accept-language en-CA,en;q=0.9 Referer https://d3mwhxgzltpnyp.cloudfront.net/local-storage/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36 Response headers Date Sun, 17 Sep 2023 12:14:19 GMT Via 1.1 68a3b1d5c75429221abc685a453afb60.cloudfront.net (CloudFront) Last-Modified Mon, 12 Jan 2015 15:17:22 GMT Server AmazonS3 X-Amz-Cf-Pop IAD12-P3 Age 50810 ETag "56f6b434187fccf08256154dd41fc7da" X-Cache Hit from cloudfront Content-Type application/x-javascript Connection keep-alive Accept-Ranges bytes Content-Length 8335 X-Amz-Cf-Id aUW2YLV4xUkLjZEGz7PO67dow7MSuhhCIQpD1AlJ9q1qmxHONoMSEw==
OPTIONS H2	200	two ec.instapagemetrics.com/t/ Frame	0 0	342ms 97ms	Preflight	34.71.95.65 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://ec.instapagemetrics.com/t/two Protocol H2 Security TLS 1.3, , AES_256_GCM Server 34.71.95.65 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 65.95.71.34.bc.googleusercontent.com Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=15724800; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://vici32.pagedemo.co Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers Content-Type, SP-Anonymous access-control-allow-origin https://vici32.pagedemo.co access-control-max-age 5 content-length 0 date Mon, 18 Sep 2023 02:21:08 GMT referrer-policy strict-origin-when-cross-origin strict-transport-security max-age=15724800; includeSubDomains x-content-type-options nosniff x-frame-options sameorigin
POST H2	200	two Show response ec.instapagemetrics.com/t/	2 B 340 B	299ms 96ms	XHR text/plain	34.71.95.65 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://ec.instapagemetrics.com/t/two Requested by Host: cdn.instapagemetrics.com URL: https://cdn.instapagemetrics.com/t/js/3/it.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 34.71.95.65 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 65.95.71.34.bc.googleusercontent.com Software / Resource Hash 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df Security Headers Name Value Strict-Transport-Security max-age=15724800; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin Request headers Referer https://vici32.pagedemo.co/ accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36 Content-Type application/json; charset=UTF-8 Response headers date Mon, 18 Sep 2023 02:21:09 GMT strict-transport-security max-age=15724800; includeSubDomains referrer-policy strict-origin-when-cross-origin x-content-type-options nosniff x-frame-options sameorigin content-type text/plain; charset=UTF-8 access-control-allow-origin https://vici32.pagedemo.co p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" access-control-allow-credentials true content-length 2

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture object| __variantsData number| __page_id number| __customer_id number| __default_experience_id number| __version string| __variant number| __variant_id string| __variant_custom_name boolean| __preview number| __page_type string| __variant_hash string| __page_domain boolean| __page_generator object| __experiment_id object| _Translate object| trackingData object| GlobalSnowplowNamespace function| instapageSp function| _instapageSnowplow function| _instapageConsentManagement object| webpackChunk function| IMask object| __eventBus object| $ object| __config number| __workspaceWidth object| __session boolean| __cradleReady function| instapageForm object| __validators object| __forms object| __featuresReady object| _snowplowTrackerWrapper

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			vici32.pagedemo.co/	1970-01-20 14:50:05	Name: instap-spses.1604 Value: *
			vici32.pagedemo.co/	1970-01-21 00:26:03	Name: instap-spid.1604 Value: 2bdc2ece-c406-4f33-b443-661d70a1b430.1695003669.1.1695003669.1695003669.a6504649-c5f2-4980-98c4-7de989221a85

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn.instapagemetrics.com
d3mwhxgzltpnyp.cloudfront.net
ec.instapagemetrics.com
g.fastcdn.co
v.fastcdn.co
vici32.pagedemo.co
18.160.0.79
2606:4700:4400::6812:2084
2606:4700:4400::ac40:961b
2607:f8b0:4004:c0b::5f
34.36.17.181
34.71.95.65
35.244.137.202
047794317b70504540fd8504bd67eec9a33e7e7b9558fb2f73a0a0de663a51c3
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
48a4fd51466ac55d081ff932371021b328f118f74ee6ba93c0ec8fd163e34a30
5b593e7ab0339a6fa51df85b039fbf0c671ad227a47c34e9f06f4b2b27fe4105
677469f67de872a78409397267b20ffddc918a88f649ccd9f6a70b7bf2c52c6a
780e4645dc7a4fb5e6d8905d371508f7bf3dff8fc4f4a69362807773ac79516c
7bef30ad2af623b1a03ce58ee3d21eff18411ec82c10f1375a1bb3a7df3ce38d
853d7ef6b54d838c009d01e4857b499d7ec4f71f6fced1e2e3c463fd393ccb29
bae1d85f3e99612938b14da99b90e464095637cb8dd1e5a1f5c59a7f45f0f617
c1a80fb2192398e6c5ca97d4a7efc7bb92bb734dc8ee6fefc25399dc1d555a81
d40fa367e0501a2c21671400fef2759d5806318448228a595c159c754656ff34
dd8625bfa35604f050e4dcc7ff10c2c31d7cdf1ce7bdf4cde0d0415dcc74e2fb
dfb97ba6288a02bc3f98b826471c4db5d2b18fb0fdfc23ba0cd9c2f6e27e71d0
ecc3883f7b177edcd6a59dcdb4f957cba8a1df5180202fcd3f30bd33dd6f7d7b
f7834fd24590f807fd338a531d8897c758b2f4ed8988926f30cedb38d5a188a7