www.locked1.com Open in urlscan Pro
23.22.126.183  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://www.amongusmodmenu.skipverification.org/ Page URL
2. https://www.locked1.com/cl.php?id=bacd3346ad013bc124fbc82d5d5b8bca Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response www.amongusmodmenu.skipverification.org/	3 KB 3 KB	256ms 44ms	Document text/html	79.124.59.22 TAMATIYA-AS
General Check archive.org Show headers Download Go to Full URL https://www.amongusmodmenu.skipverification.org/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 79.124.59.22 , Bulgaria, ASN50360 (TAMATIYA-AS, BG), Reverse DNS ip-59-22.4vendeta.com Software Apache / Resource Hash 9599bb8bd77ab655cab161dfdbbcc9642b6c2927cc1e8b65c2c1620d9af70cd9 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers date Fri, 19 Nov 2021 06:31:22 GMT server Apache last-modified Fri, 19 Nov 2021 06:24:12 GMT accept-ranges bytes content-length 2644 content-type text/html
GET H2	200	Primary Request cl.php Show response www.locked1.com/	33 KB 13 KB	490ms 271ms	Document text/html	23.22.126.183 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://www.locked1.com/cl.php?id=bacd3346ad013bc124fbc82d5d5b8bca Requested by Host: www.amongusmodmenu.skipverification.org URL: https://www.amongusmodmenu.skipverification.org/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.22.126.183 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-22-126-183.compute-1.amazonaws.com Software nginx / Resource Hash 481a8923150c4db1a45be79bc3f1fe5afcd6d1551d2345b9d2dbf0d31b9e0a2b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains X-Content-Type-Options DENY nosniff X-Xss-Protection 1; mode=block 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.amongusmodmenu.skipverification.org/ Response headers server nginx date Fri, 19 Nov 2021 06:31:23 GMT content-type text/html; charset=UTF-8 vary Accept-Encoding cache-control no-cache, private strict-transport-security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains x-content-type-options DENY nosniff x-xss-protection 1; mode=block 1; mode=block x-robots-tag none content-encoding gzip
GET H2	200	meemkm Show response www.locked1.com/cl/v/	9 KB 4 KB	502ms 501ms	XHR text/html	23.22.126.183 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://www.locked1.com/cl/v/meemkm Requested by Host: www.locked1.com URL: https://www.locked1.com/cl.php?id=bacd3346ad013bc124fbc82d5d5b8bca Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.22.126.183 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-22-126-183.compute-1.amazonaws.com Software nginx / Resource Hash 9785468ebc5cdb348b8397a7c0eb96f00dc8b45df20a2dff9bf17cfdba8e5f84 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains X-Content-Type-Options DENY, nosniff X-Xss-Protection 1; mode=block, 1; mode=block Request headers X-NewRelic-ID VQcDVFRRDBABXFNVBAIEVFAE tracestate 1145224@nr=0-1-1145224-1834784183-08ed0b13f003b5be----1637303484070 traceparent 00-698020256e9096531b879c1aadfe3df0-08ed0b13f003b5be-01 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 newrelic eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjExNDUyMjQiLCJhcCI6IjE4MzQ3ODQxODMiLCJpZCI6IjA4ZWQwYjEzZjAwM2I1YmUiLCJ0ciI6IjY5ODAyMDI1NmU5MDk2NTMxYjg3OWMxYWFkZmUzZGYwIiwidGkiOjE2MzczMDM0ODQwNzB9fQ== Referer https://www.locked1.com/cl.php?id=bacd3346ad013bc124fbc82d5d5b8bca Response headers date Fri, 19 Nov 2021 06:31:24 GMT content-encoding gzip x-content-type-options DENY, nosniff x-newrelic-app-data PxQGUFJWCgEER1BXAAgDVFcABxFORDQHUjZKA1ZLVVFHDFYPbU5yARBfWA86TE9ER0oNDVRaUgJVH1VcD0gXDV8OS0xbV1pGVgtNTF0OUAkBRBkXDwZPERxUT1IHAQdWSAEYAFdXWlIcTwlOGgsHAwJWCVMJBFYBUg4BUgJBFFVRCBIHag== server nginx strict-transport-security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains content-type text/html; charset=UTF-8 access-control-allow-origin * cache-control no-cache, private x-robots-tag none vary Accept-Encoding x-xss-protection 1; mode=block, 1; mode=block
GET H2	200	nr-spa-1212.min.js Show response js-agent.newrelic.com/	44 KB 17 KB	23ms 7ms	Script application/javascript	151.101.130.137 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js-agent.newrelic.com/nr-spa-1212.min.js Requested by Host: www.locked1.com URL: https://www.locked1.com/cl.php?id=bacd3346ad013bc124fbc82d5d5b8bca Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.130.137 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash ebfe453394ff1be6ef75d380ab7c5535aea0b51832d045f0d5d0ef7e6535969c Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.locked1.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers x-amz-version-id wY72Ah.NJX5KzzqRFK3uhSo3Jh07tDe4 content-encoding gzip etag "8bd93bf0ecb2f4e971a2055a41402bb6" x-amz-request-id ANVX8WPYJ9NM99FD x-cache HIT cross-origin-resource-policy cross-origin content-length 16636 x-amz-id-2 //pISD16Bm7/1PDlW0ghswvgTyyOyXNw/emHSr2czJPEUE1eLcqp61M3L9P610qmdidTDtCabTk= x-served-by cache-hhn4042-HHN last-modified Thu, 04 Nov 2021 21:16:16 GMT server AmazonS3 x-timer S1637303484.092792,VS0,VE0 date Fri, 19 Nov 2021 06:31:24 GMT vary Accept-Encoding content-type application/javascript via 1.1 varnish cache-control public, max-age=7200, stale-if-error=604800 accept-ranges bytes x-cache-hits 6855
GET H/1.1	200 OK	c25b69ac34 Show response bam-cell.nr-data.net/1/	49 B 725 B	155ms 136ms	Script text/javascript	162.247.243.146 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bam-cell.nr-data.net/1/c25b69ac34?a=1827333245&v=1212.e95d35c&to=ZgFQYktXWUMCWkVZDV9Lc1VNX1heTE5GR0xdC1FdXFIGHgBWXB4WXgteRRc%3D&rst=619&ck=1&ref=https://www.locked1.com/cl.php&ap=168&be=581&fe=589&dc=589&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1637303483483,%22n%22:0,%22f%22:69,%22dn%22:70,%22dne%22:87,%22c%22:87,%22s%22:186,%22ce%22:288,%22rq%22:289,%22rp%22:559,%22rpe%22:560,%22dl%22:563,%22di%22:589,%22ds%22:589,%22de%22:589,%22dc%22:589,%22l%22:589,%22le%22:589%7D,%22navigation%22:%7B%7D%7D&at=SkZTFANNSk0%3D&jsonp=NREUM.setToken Requested by Host: www.locked1.com URL: https://www.locked1.com/cl.php?id=bacd3346ad013bc124fbc82d5d5b8bca Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.locked1.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Fri, 19 Nov 2021 06:31:24 GMT Content-Encoding gzip CF-Cache-Status DYNAMIC Server cloudflare Expect-CT max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Vary Accept-Encoding access-control-allow-methods GET, POST, PUT, HEAD, OPTIONS Content-Type text/javascript Access-Control-Allow-Origin * Transfer-Encoding chunked Cross-Origin-Resource-Policy cross-origin Connection keep-alive access-control-allow-credentials true CF-Ray 6b076537c9175ba4-FRA
GET H2	200	css fonts.googleapis.com/ Frame 65A6	0 0	1170ms 397ms	Stylesheet text/css	2a00:1450:4001:811::200a
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,700,300,200 Requested by Host: client URL: about:client Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::200a -, , ASN (), Reverse DNS Software ESF / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.locked1.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Fri, 19 Nov 2021 06:24:16 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Fri, 19 Nov 2021 06:31:25 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 19 Nov 2021 06:31:25 GMT
POST H/1.1	200 OK	c25b69ac34 Show response bam-cell.nr-data.net/events/1/	24 B 503 B	132ms 131ms	XHR image/gif	162.247.243.146 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bam-cell.nr-data.net/events/1/c25b69ac34?a=1827333245&v=1212.e95d35c&to=ZgFQYktXWUMCWkVZDV9Lc1VNX1heTE5GR0xdC1FdXFIGHgBWXB4WXgteRRc%3D&rst=1222&ck=1&ref=https://www.locked1.com/cl.php Requested by Host: www.locked1.com URL: https://www.locked1.com/cl.php?id=bacd3346ad013bc124fbc82d5d5b8bca Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300 Request headers Referer https://www.locked1.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 content-type text/plain Response headers Date Fri, 19 Nov 2021 06:31:24 GMT CF-Cache-Status DYNAMIC Server cloudflare Expect-CT max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Vary Accept-Encoding access-control-allow-methods GET, POST, PUT, HEAD, OPTIONS Content-Type image/gif Access-Control-Allow-Origin https://www.locked1.com access-control-allow-credentials true Connection keep-alive CF-Ray 6b07653b6e975ba4-FRA Content-Length 24

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| NREUM object| newrelic function| __nr_require string| locker_url string| iframecontents string| old_display function| og_load function| ogEditBody function| ogMakeLocker function| og_getScriptURL function| call_locker function| og_call boolean| ogblock

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: b310d5eeb005da9e
			www.locked1.com/	1970-01-19 22:49:35	Name: XSRF-TOKEN Value: eyJpdiI6ImY4WCtuL3QrOEVDMmQzSWMxZmpCUEE9PSIsInZhbHVlIjoiSHNNRUo3ZFo5NkZIRVM0NjMyd2NPVjQyZVdxUEVZbjZFaGJhbWh6bnVLU1RDam14Q2dkRFhHWVhEQTZNNnpUZGJKZG1CMHZId25yOTRVd1UwMEk5azBrem03eGJVSGVXNUpyYldRWnZOcSt0RmoySjJhRGhueWlEQ0t0OWxwYmQiLCJtYWMiOiI3MmNmZDFkNWVlOTExZDNiNTEyYzM4OTQyZDkxNDFhZjg3ZmU0NDk5OTRlODIzNzFjNTEzZDY5OTg0NjI5YmEyIiwidGFnIjoiIn0%3D
			www.locked1.com/	1970-01-19 22:49:35	Name: ogads_session Value: eyJpdiI6IklpVFJ0RXJMaEd2TmNUbXVMQ21Xanc9PSIsInZhbHVlIjoiL1Z1eHNyVWU4TUlIelhMeWk3ZWtXb3dMVlFyOHhqMEFocUs3K2xZdVBRd0JWWVpSRXg1YkVjaW9HcEc0Y2J5VFF0RFQ3Qk5WLzZLZ1k4SkRkQThHTnFJeExWVmo4aGhVR0RmVEc0Y3hKeFp6RkJJUkNHdzFOUVR2a0ZKOGhDMzQiLCJtYWMiOiJjMTA3Nzc0MjViZjI0YmY4NjNlNmNjZmMyMmZjMWJjOGM4NTFlZjdjMjhiZWRmNjU2Y2JmZjE0YmQ0MDJiNWJkIiwidGFnIjoiIn0%3D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bam-cell.nr-data.net
fonts.googleapis.com
js-agent.newrelic.com
www.amongusmodmenu.skipverification.org
www.locked1.com
151.101.130.137
162.247.243.146
23.22.126.183
2a00:1450:4001:811::200a
79.124.59.22
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
481a8923150c4db1a45be79bc3f1fe5afcd6d1551d2345b9d2dbf0d31b9e0a2b
9599bb8bd77ab655cab161dfdbbcc9642b6c2927cc1e8b65c2c1620d9af70cd9
9785468ebc5cdb348b8397a7c0eb96f00dc8b45df20a2dff9bf17cfdba8e5f84
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
ebfe453394ff1be6ef75d380ab7c5535aea0b51832d045f0d5d0ef7e6535969c