Submitted URL: http://vinted.com/sh/my-clothes/11579615-pinky-floral-dress
Effective URL: https://www.vinted.com/sh/my-clothes/11579615-pinky-floral-dress
Submission Tags: 0xscam
Submission: On December 10 via api from US — Scanned from IT

Summary

This website contacted 2 IPs in 2 countries across 1 domains to perform 6 HTTP transactions. The main IP is 104.16.207.80, located in and belongs to CLOUDFLARENET, US. The main domain is www.vinted.com. The Cisco Umbrella rank of the primary domain is 407315.
TLS certificate: Issued by WE1 on November 25th 2024. Valid for: 3 months.
This is the only time www.vinted.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 5 104.16.207.80 13335 (CLOUDFLAR...)
3 3.161.82.91 16509 (AMAZON-02)
6 2
Apex Domain
Subdomains
Transfer
8 vinted.com
vinted.com — Cisco Umbrella Rank: 41187
www.vinted.com — Cisco Umbrella Rank: 407315
static.vinted.com — Cisco Umbrella Rank: 145445
180 KB
6 1
Domain Requested by
4 www.vinted.com 1 redirects www.vinted.com
3 static.vinted.com static.vinted.com
1 vinted.com 1 redirects
6 3

This site contains no links.

Subject Issuer Validity Valid
vinted.com
WE1
2024-11-25 -
2025-02-23
3 months crt.sh
static.vinted.com
Amazon RSA 2048 M03
2024-06-24 -
2025-07-24
a year crt.sh

This page contains 2 frames:

Primary Page: https://www.vinted.com/sh/my-clothes/11579615-pinky-floral-dress
Frame ID: D7B21A376E2868AFB2C3012D7E21E19B
Requests: 4 HTTP requests in this frame

Frame: https://www.vinted.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js
Frame ID: 67315FAA91D7A95700379F7CD31F8493
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

Page does not exist

Page URL History Show full URLs

  1. http://vinted.com/sh/my-clothes/11579615-pinky-floral-dress HTTP 307
    https://vinted.com/sh/my-clothes/11579615-pinky-floral-dress HTTP 301
    https://www.vinted.com/sh/my-clothes/11579615-pinky-floral-dress Page URL

Page Statistics

6
Requests

83 %
HTTPS

0 %
IPv6

1
Domains

3
Subdomains

2
IPs

2
Countries

179 kB
Transfer

652 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://vinted.com/sh/my-clothes/11579615-pinky-floral-dress HTTP 307
    https://vinted.com/sh/my-clothes/11579615-pinky-floral-dress HTTP 301
    https://www.vinted.com/sh/my-clothes/11579615-pinky-floral-dress Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://www.vinted.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://www.vinted.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js

6 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request 11579615-pinky-floral-dress
www.vinted.com/sh/my-clothes/
Redirect Chain
  • http://vinted.com/sh/my-clothes/11579615-pinky-floral-dress
  • https://vinted.com/sh/my-clothes/11579615-pinky-floral-dress
  • https://www.vinted.com/sh/my-clothes/11579615-pinky-floral-dress
9 KB
4 KB
Document
General
Full URL
https://www.vinted.com/sh/my-clothes/11579615-pinky-floral-dress
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.207.80 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c102ce02558b4a8814a34f8ba36dab49acd9b0f463454036bb79238d67fd593
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
8efa1a2a3855a043-FRA
content-encoding
gzip
content-security-policy
frame-ancestors 'self'
content-type
text/html; charset=utf-8
date
Tue, 10 Dec 2024 03:20:59 GMT
link
<https://static.vinted.com/assets/application-2002ea1f47a756309433c54aa33dce38662e8080bcb133c59eb71f570ec47c17.css>; rel=preload; as=style; nopush
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
strict-transport-security
max-age=63072000; includeSubDomains
vary
Accept-Encoding Accept-Language
x-content-type-options
nosniff
x-download-options
noopen
x-envoy-upstream-service-time
32
x-frame-options
SAMEORIGIN
x-middleware-rewrite
http://core-int-unicorn.core.svc/sh/my-clothes/11579615-pinky-floral-dress
x-next-app
marketplace-web
x-permitted-cross-domain-policies
none
x-request-id
babb36662357c2b5a20f1d281e9041b3
x-runtime
0.031414
x-xss-protection
1; mode=block

Redirect headers

cf-cache-status
DYNAMIC
cf-ray
8efa1a29780ca043-FRA
content-type
text/html
date
Tue, 10 Dec 2024 03:20:59 GMT
location
https://www.vinted.com/sh/my-clothes/11579615-pinky-floral-dress
server
cloudflare
application-2002ea1f47a756309433c54aa33dce38662e8080bcb133c59eb71f570ec47c17.css
static.vinted.com/assets/
530 KB
66 KB
Stylesheet
General
Full URL
https://static.vinted.com/assets/application-2002ea1f47a756309433c54aa33dce38662e8080bcb133c59eb71f570ec47c17.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.161.82.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-161-82-91.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
466f9b673989ff04aebc9ac4cc567409c7130cd15999d9456b98e0ef5f6a4c3e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.vinted.com/

Response headers

x-amz-cf-pop
FRA56-P10
content-encoding
br
etag
W/"ef47aa7b88d592cf332a338e89fcb899"
age
46767
via
1.1 3adffce7dd03a16d055927ad5fa7671a.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
Ehlajv2dKfl9o3nq-itsE93LTyZWbEc9Xf0-5RDLweb55tozfbB4Gg==
date
Mon, 09 Dec 2024 14:21:33 GMT
content-type
text/css
vary
accept-encoding, Origin
server
AmazonS3
last-modified
Fri, 06 Dec 2024 19:09:15 GMT
x-amz-server-side-encryption
AES256
V-Inter-Regular-375-59c9297c44b5d9a32d2ee8c2a745f53e5b88f3fe636abc4ae8b4cecd2803980d.woff2
static.vinted.com/assets/
104 KB
104 KB
Font
General
Full URL
https://static.vinted.com/assets/V-Inter-Regular-375-59c9297c44b5d9a32d2ee8c2a745f53e5b88f3fe636abc4ae8b4cecd2803980d.woff2
Requested by
Host: static.vinted.com
URL: https://static.vinted.com/assets/application-2002ea1f47a756309433c54aa33dce38662e8080bcb133c59eb71f570ec47c17.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.161.82.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-161-82-91.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
41e5b436b2733a9a1b3afb01c92942800d7daacce6376556713a5851d3a8b2a9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.vinted.com
Referer
https://static.vinted.com/assets/application-2002ea1f47a756309433c54aa33dce38662e8080bcb133c59eb71f570ec47c17.css

Response headers

etag
"20e9d2234e2631239b7e4e6ec470db73"
age
56484
access-control-allow-methods
GET, HEAD
via
1.1 b61ff825a3ca0ff851caf7741034ca52.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
x-cache
Hit from cloudfront
content-length
106020
x-amz-cf-id
FWtkg5FqzAe1E4uXhVMdBJkToYFC50GBpNoAbBhNDt_qybBuCDK1tA==
date
Mon, 09 Dec 2024 11:39:37 GMT
content-type
font/woff2
last-modified
Mon, 09 Dec 2024 11:30:43 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P10
x-amz-server-side-encryption
AES256
main.js
www.vinted.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/ Frame 6731
Redirect Chain
  • https://www.vinted.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://www.vinted.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js?
9 KB
4 KB
Script
General
Full URL
https://www.vinted.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js?
Requested by
Host: www.vinted.com
URL: https://www.vinted.com/sh/my-clothes/11579615-pinky-floral-dress
Protocol
H2
Server
104.16.207.80 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8b1e3a140e3f6dadc3b0dfcc6cac282827d569e62d05262f085116ec8f57d8bb
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control
max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
content-encoding
gzip
x-content-type-options
nosniff
cf-ray
8efa1a2f5b0ca043-FRA
date
Tue, 10 Dec 2024 03:21:00 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare

Redirect headers

cache-control
max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js?
cf-ray
8efa1a2f0afca043-FRA
access-control-allow-origin
*
content-length
0
date
Tue, 10 Dec 2024 03:21:00 GMT
vary
Accept-Encoding
server
cloudflare
8efa1a2a3855a043
www.vinted.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 6731
0
610 B
XHR
General
Full URL
https://www.vinted.com/cdn-cgi/challenge-platform/h/g/jsd/r/8efa1a2a3855a043
Requested by
Host: www.vinted.com
URL: https://www.vinted.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.207.80 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json
Referer

Response headers

cf-ray
8efa1a2fdb73a043-FRA
content-length
0
date
Tue, 10 Dec 2024 03:21:00 GMT
content-type
text/plain; charset=UTF-8
server
cloudflare
favicon-07de5bb1414cfb5bdfe4d6dbf6a3bbb7c54cb6d54d784ce1594db8c5c712e055.ico
static.vinted.com/assets/favicon/default/
635 B
1001 B
Other
General
Full URL
https://static.vinted.com/assets/favicon/default/favicon-07de5bb1414cfb5bdfe4d6dbf6a3bbb7c54cb6d54d784ce1594db8c5c712e055.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.161.82.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-161-82-91.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9c4b3df134b4cad47023c0717e14fcfdd5116d9b3a9089ea404551dd57b54c8f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.vinted.com/

Response headers

vary
Origin
etag
"8a449da93891ca0b0299e933b8dd0c90"
age
80159
via
1.1 3adffce7dd03a16d055927ad5fa7671a.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
635
x-amz-cf-id
5vyEgLsEIvHbV_EiDFppyW7v8vPv8a6UtAgCHcndFraNm6g9_Y-UnA==
date
Mon, 09 Dec 2024 05:05:02 GMT
content-type
image/vnd.microsoft.icon
last-modified
Fri, 06 Dec 2024 19:09:20 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P10
x-amz-server-side-encryption
AES256

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| MD

4 Cookies

Domain/Path Name / Value
.vinted.com/ Name: __cf_bm
Value: JdN.JDlrLWQ_AaMl4rdWGFnybCB8iYUoTuCps0VFTsU-1733800859-1.0.1.1-XYxi2Wzvpq7xqvOFVHO95LqD3HSY9yBwqZJOgcS1w_5Du6o8lTPji2jOfKUcsRdqeoTCPfdu3eS6cliyzdUy8n16AboispwgufeWCfw.0NQ
www.vinted.com/ Name: anon_id
Value: fa690bf7-235f-44f2-ab70-4680ebd6f278
.www.vinted.com/ Name: _vinted_fr_session
Value: SmNwQ0xaMnhXenNuSVRNakx5cG11NENJTmV2QUQ3bmhBWmVPNm5YOER0MmFBNHZkTUxjTkxneHM3QXlZbDZFV2FEdWd6czZTYnVLVWdBcWpYeXFobnNGanZhSG8zUjJaelpEa1RZYk5TWFdGT25VaW0vWFYwSjNYUUF4UGxXMUI0R2haa0hPYnd5Y3Q5R3ZGdVFHdko4dmhWbitmYjJ0Sy9MR0pHMWdBUVhQOEo1eGNQQk9OZkQvNUg0V0FidjgvQlRWTzYxTURrZmRadmZBRW5PZGxyakoxa2xoRThabFI4SnBCTUQ3c3lRTnVDN3ZSZkg3d0pjUll4N2Z3VXNzd0g5MVl6K2tOa1QxOUdqSFo2RHI4REF3bFRYZUdZNm95VFdXSzJzZ1RvRllLYkJZK1dFVnFmL1Q5MkdHUS9DaytHWm9ISHZ2TEdCaHpnWXFCUkdqZWQ0ZWZxa0JEMUNCaVg3anZaMUdXVXFJWTgrN2luNTNRKzI4cWNMQnZpZHBQLS14OEIwb2h2Z3R6L3VhTjc2dXZoR2tBPT0%3D--6af080e9ea0b4eea239728800b5493e99707d8f5
.vinted.com/ Name: cf_clearance
Value: vsKrmNsXkzlgZjakn0pvOwPcfFlEaTVE6mI5QwK7gME-1733800860-1.2.1.1-Xzonbu2MSf.HqwWhuzprcEXBDdlz3.A_e7dmQHg8V_fVjxU9i9Ka_rsu0XekEchV8psF3efkRoP9zch9FF8rNwBqRvW3kba9.V08aKlgdrrPa_x83mAWBsiDllMW9RKVHfFfapLmUaubepalwYV8TC_P2Ugas1Klig37Iq1RBvC_DGZUH7RURd2tsfP6Kq6N08gSxhYv9WsKEfKHBq0.r_N7hLOQ8C7y.IQVXl359MwxwRS5KEqCL1naLytIHRSmxqcYpCzpLkEAhqy9pwzZxS4lJ1ZkCvU9dJGvi1DHIeQJifj5noWddNBxPqEQwEpWjopNrefSdJPXBWrm2dNeVRFAqF5O15PyECjJz_nnGDd4hCBx9XhGdtyAd9e4svBR

1 Console Messages

Source Level URL
Text
network error URL: https://www.vinted.com/sh/my-clothes/11579615-pinky-floral-dress
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block