ponzi.pages.dev Open in urlscan Pro
188.114.96.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://ponzi.pages.dev/
Effective URL:
https://ponzi.pages.dev/
Submission Tags: threatview.io malwar3ninja rule: suspected phishing scam automated-submission Search All
Submission: On August 26 via api (August 26th 2024, 9:13:43 am UTC) from DE — Scanned from NL

Summary HTTP 26 Redirects Behaviour Indicators

Summary

This website contacted 11 IPs in 5 countries across 10 domains to perform 26 HTTP transactions. The main IP is 188.114.96.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is ponzi.pages.dev.
TLS certificate: Issued by WE1 on August 7th 2024. Valid for: 3 months.

This is the only time ponzi.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 8	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	43.175.151.230 43.175.151.230	139341 (ACE-AS-AP...) (ACE-AS-AP ACE)
1	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
1 2	2606:4700::68... 2606:4700::6811:f6cb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:224... 2600:9000:2248:7600:5:57e9:e553:c21	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:400... 2a04:4e42:400::485	54113 (FASTLY) (FASTLY)
1	199.232.192.193 199.232.192.193	54113 (FASTLY) (FASTLY)
1	151.101.65.229 151.101.65.229	54113 (FASTLY) (FASTLY)
6	108.156.2.117 108.156.2.117	16509 (AMAZON-02) (AMAZON-02)
26	11

8 188.114.96.3 (Amsterdam, Netherlands) 1 redirects

ASN13335 (CLOUDFLARENET, US)

ponzi.pages.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 43.175.151.230 (Singapore)

ASN139341 (ACE-AS-AP ACE, SG)

res.wx.qq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:f6cb (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2248:7600:5:57e9:e553:c21 (United States)

ASN16509 (AMAZON-02, US)

cdn.ably.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.192.193 (United States)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.229 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 108.156.2.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-156-2-117.mxp63.r.cloudfront.net

rest.ably.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	pages.dev 1 redirects ponzi.pages.dev	43 KB
6	ably.io rest.ably.io — Cisco Umbrella Rank: 37816	2 KB
2	unpkg.com 1 redirects unpkg.com — Cisco Umbrella Rank: 1314	4 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 410 Failed	863 KB
1	imgur.com i.imgur.com — Cisco Umbrella Rank: 7108	107 KB
1	ably.com cdn.ably.com — Cisco Umbrella Rank: 352280	64 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 336	34 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 641	33 KB
1	qq.com res.wx.qq.com — Cisco Umbrella Rank: 9019	12 KB
0	to-day.io Failed chat.to-day.io Failed
26	10

	Domain	Requested by
8	ponzi.pages.dev	1 redirects ponzi.pages.dev
6	rest.ably.io	cdn.ably.com
2	unpkg.com	1 redirects ponzi.pages.dev
2	cdn.jsdelivr.net	ponzi.pages.dev
1	i.imgur.com	ponzi.pages.dev
1	cdn.ably.com	ponzi.pages.dev
1	cdnjs.cloudflare.com	ponzi.pages.dev
1	ajax.googleapis.com	ponzi.pages.dev
1	res.wx.qq.com	ponzi.pages.dev
0	chat.to-day.io Failed
26	10

This site contains no links.

Subject Issuer	Validity	Valid
ponzi.pages.dev WE1	`2024-08-07` - `2024-11-05`	3 months	crt.sh
res.wx.qq.com DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1	`2024-08-22` - `2025-09-06`	a year	crt.sh
upload.video.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
cdnjs.cloudflare.com WE1	`2024-07-31` - `2024-10-29`	3 months	crt.sh
cdn.ably.com Amazon RSA 2048 M03	`2024-04-14` - `2025-05-14`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
*.imgur.com Sectigo RSA Domain Validation Secure Server CA	`2024-02-15` - `2025-02-14`	a year	crt.sh
*.realtime.ably.net Amazon RSA 2048 M03	`2023-12-08` - `2025-01-05`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://ponzi.pages.dev/
Frame ID: 659B8A2C83E365C2F8D2820FC168FE56
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Channel

Page URL History Show full URLs

http://ponzi.pages.dev/ HTTP 307
https://ponzi.pages.dev/ Page URL
https://ponzi.pages.dev/cdn-cgi/phish-bypass?atok=dfAMqKMAnnpJ1X6U_Jb1tkJwyYGmpYqdoFxGJS_m550-172466... HTTP 301
https://ponzi.pages.dev/ Page URL

Detected technologies

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/vue(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

26
Requests

77 %
HTTPS

40 %
IPv6

10
Domains

10
Subdomains

11
IPs

5
Countries

1163 kB
Transfer

3418 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://ponzi.pages.dev/ HTTP 307
https://ponzi.pages.dev/ Page URL
https://ponzi.pages.dev/cdn-cgi/phish-bypass?atok=dfAMqKMAnnpJ1X6U_Jb1tkJwyYGmpYqdoFxGJS_m550-1724663607-0.0.1.1-%2F HTTP 301
https://ponzi.pages.dev/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://ponzi.pages.dev/ HTTP 307
https://ponzi.pages.dev/

Request Chain 7

https://unpkg.com/cross-fetch/dist/cross-fetch.js HTTP 302
https://unpkg.com/cross-fetch@4.0.0/dist/cross-fetch.js

26 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

/ Show response
ponzi.pages.dev/
Redirect Chain

http://ponzi.pages.dev/
https://ponzi.pages.dev/

5 KB
2 KB

2233ms
44ms

Document
text/html

188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ponzi.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

28728dddb9b40ed2c58c48c38e531908f54edbfe30c737d31f3ebab3c33ca248

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-ray: 8b92b4bac92003a0-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 26 Aug 2024 09:13:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sr%2FQFGq5KYR6YWxdFD%2FZGYlyh0UoOfOuC%2Bcir%2BKh16MELjtmbmb6Fy1NHhCVff5VsBK5vtDIBzczLWdIS1ZApHQoeJY17F5h69hBbAqGZN2kSN9jlD%2FTcyAhYnZwwK1D1dI%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://ponzi.pages.dev/
Non-Authoritative-Reason: HSTS

GET
H3 200 cf.errors.css
ponzi.pages.dev/cdn-cgi/styles/ 23 KB
5 KB 31ms
30ms Stylesheet
text/css 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ponzi.pages.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: ponzi.pages.dev
URL: https://ponzi.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ponzi.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 09:13:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 21 Aug 2024 12:07:35 GMT
server: cloudflare
etag: W/"66c5d887-5df3"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 8b92b4bbba6e03a0-FRA
expires: Mon, 26 Aug 2024 11:13:27 GMT

GET
H3 200 icon-exclamation.png
ponzi.pages.dev/cdn-cgi/images/ 452 B
635 B 24ms
24ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ponzi.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: ponzi.pages.dev
URL: https://ponzi.pages.dev/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ponzi.pages.dev/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 09:13:27 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Aug 2024 12:07:35 GMT
server: cloudflare
etag: "66c5d887-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 8b92b4bbfaae03a0-FRA
content-length: 452
expires: Mon, 26 Aug 2024 11:13:27 GMT

GET
H3 200 favicon.ico
ponzi.pages.dev/ 5 KB
2 KB 33ms
32ms Other
text/html 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ponzi.pages.dev/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc716d0cf4bcc55e0f96967d60ac472cdb9d2d89f7d593f959edf0b3252ccece

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://ponzi.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 09:13:27 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LQIa0RopyisJ1nm6M0uunbIzZzU6E5yS%2FiaHaMtZ2BoIj1t2JK1UMJ6pSs1zL7bP5szbYNdJhcs5Ujdwnzt6%2B3U%2FyR0f5FRBPyaXQYEhkwn0PFknGErEiwi0fJHTmyYl59I%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 8b92b4bc1ae203a0-FRA
alt-svc: h3=":443"; ma=86400

GET
H3

200

Primary Request / Show response
ponzi.pages.dev/
Redirect Chain

https://ponzi.pages.dev/cdn-cgi/phish-bypass?atok=dfAMqKMAnnpJ1X6U_Jb1tkJwyYGmpYqdoFxGJS_m550-1724663607-0.0.1.1-%2F
https://ponzi.pages.dev/

95 KB
16 KB

413ms
413ms

Document
text/html

188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ponzi.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f950e1ecfe71f5131c85f7c484bf04ce0a52480a68f078730bebce1966e955d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ponzi.pages.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, must-revalidate
cf-ray: 8b92b4d628ab03a0-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 26 Aug 2024 09:13:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tm5zzbRpismBT53I%2BBFlsQuJzMbJetiCBbXyEoWNTidyN5xFbDz%2Fw2XRplYzgT%2BtUaGjlx2jS2yfqt9cMH5EyAl%2BI%2F6evdorIEMOvDa21rKKTte8lvWNcMXdfkqLpdeJFIQ%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

Redirect headers

cache-control: private, no-cache
cf-ray: 8b92b4d54ff603a0-FRA
content-length: 167
content-type: text/html
date: Mon, 26 Aug 2024 09:13:31 GMT
location: https://ponzi.pages.dev/
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H/1.1 200
OK weui.min.css
res.wx.qq.com/open/libs/weui/2.0.1/ 56 KB
12 KB 1401ms
46ms Stylesheet
text/css 43.175.151.230
ACE-AS-AP ACE

General

Check archive.org

Show headers Download Go to

Full URL

https://res.wx.qq.com/open/libs/weui/2.0.1/weui.min.css

Requested by

Host: ponzi.pages.dev
URL: https://ponzi.pages.dev/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

43.175.151.230 , Singapore, ASN139341 (ACE-AS-AP ACE, SG),

Reverse DNS

Software

nginx/1.8.1 /

Resource Hash

568192c8eac236b770233e9a77a81e1b914b36e9439562e17bb660eaf7bc399e

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600

Request headers

Referer: https://ponzi.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Tue, 16 Jul 2024 16:00:16 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=3600
X-Cache-Lookup: Cache Hit
Connection: keep-alive
X-Verify-Code: 41b73f9aa65736b3646b0a3a411b5980
Content-Length: 11235
Last-Modified: Tue, 16 Jul 2024 16:00:00 GMT
Server: nginx/1.8.1
Vary: Origin
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: must-revalidate, max-age=31536000
X-Daa-Tunnel: hop_count=1
X-NWS-LOG-UUID: 15653413604939360765
Accept-Ranges: bytes
Expires: Wed, 16 Jul 2025 16:00:16 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.1/ 94 KB
33 KB 158ms
58ms Script
text/javascript 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js

Requested by

Host: ponzi.pages.dev
URL: https://ponzi.pages.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ponzi.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 07:50:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4962
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33434
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Aug 2025 07:50:50 GMT

GET lock.js
cdn.jsdelivr.net/gh/google-clouds/sdk/ 0
0

GET
H2

200

cross-fetch.js Show response
unpkg.com/cross-fetch@4.0.0/dist/
Redirect Chain

https://unpkg.com/cross-fetch/dist/cross-fetch.js
https://unpkg.com/cross-fetch@4.0.0/dist/cross-fetch.js

9 KB
4 KB

46ms
45ms

Script
application/javascript

2606:4700::6811:f6cb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/cross-fetch@4.0.0/dist/cross-fetch.js

Requested by

Host: ponzi.pages.dev
URL: https://ponzi.pages.dev/

Protocol

Server

2606:4700::6811:f6cb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c080ae537e7ad3aaa46c6801dd40c2a66d8ddf34bf8cb8be9582d96ae8411b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ponzi.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 09:13:32 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 13410035
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HSQAJQFKJ2NGTBTJXVFE98NV-fra
server: cloudflare
etag: "2404-QEbBNqqcXuFJEFnFrcpaHo4lpbE"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8b92b4d9ef99d411-FRA

Redirect headers

date: Mon, 26 Aug 2024 09:13:32 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
fly-request-id: 01J66ZA1CDH7C0DSRKWH5D5PP1-fra
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 81
server: cloudflare
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /cross-fetch@4.0.0/dist/cross-fetch.js
cache-control: public, s-maxage=600, max-age=60
cf-ray: 8b92b4d99e80d411-FRA

GET
H3 200 vue.min.js Show response
cdnjs.cloudflare.com/ajax/libs/vue/2.7.13/ 105 KB
34 KB 108ms
37ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/vue/2.7.13/vue.min.js

Requested by

Host: ponzi.pages.dev
URL: https://ponzi.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8420002621731ad5b96f42ba7b609cf4ff295bbb02e8fc0645c506b11106fb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://ponzi.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 09:13:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1170099
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 34590
last-modified: Fri, 14 Oct 2022 06:07:26 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6348fc9e-871e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bnfEO8mrE3XA6%2BY%2BIHvNg14lBvC1bxbTWqRayW6FOCKmq8tkNeeRTkw4icSTt9hwLoCWSMO7wj2OuVcskn4JULF4Pq8DESOVQMIdlslFN1U3%2BhxMT2CstihUy2qM%2BgMN5T3oz%2B16"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8b92b4d95949bb86-FRA
expires: Sat, 16 Aug 2025 09:13:32 GMT

GET
H2 200 ably.min-1.js Show response
cdn.ably.com/lib/ 234 KB
64 KB 231ms
58ms Script
application/javascript 2600:9000:2248:7600:5:57e9:e553:c21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ably.com/lib/ably.min-1.js
Requested by: Host: ponzi.pages.dev
URL: https://ponzi.pages.dev/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2248:7600:5:57e9:e553:c21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a64625eb9dfdc04e88c65f33f03521c11a96d2252e4e0f02e05de3de0624d16

Request headers

Referer: https://ponzi.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: 9KibkfBYfJHVxzcq7xOeOBhN_ZgOOMB1
content-encoding: gzip
via: 1.1 1d5093cd3f00b2814572ccd491aa6702.cloudfront.net (CloudFront)
date: Mon, 26 Aug 2024 00:48:10 GMT
x-amz-cf-pop: MXP63-P3
age: 30350
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 21 Mar 2024 17:32:15 GMT
server: AmazonS3
etag: W/"3c85a5ea0a6feab97592d32938de723d"
access-control-max-age: 3000
access-control-allow-methods: POST, GET, HEAD, DELETE, PUT
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding
x-amz-cf-id: Py4IWjP1VvRb9m3RCXblYEBZk6RH5QroWwk08d2DWYR_-2be3pBatQ==

GET
H3 200 workly.js Show response
ponzi.pages.dev/ 2 KB
1 KB 97ms
95ms Script
text/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ponzi.pages.dev/workly.js

Requested by

Host: ponzi.pages.dev
URL: https://ponzi.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3bbae465a724f38aa8b0f8e02ffbb46a413533197227412f1dd613202471632d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ponzi.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 09:13:32 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"b1e3d59e1aae7e99cae340b53371db15"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lKioM%2BVzkp0AoS5pDghiO14CfzHowamwdollsKsyk8g5AnRfdypXzDmf%2Fg9gdzefXuDxk0zRnQ1O8Z3%2BMu8oGCCL9YAhKfwZ4BWHc2L9J%2FBg5FDUhbihE28KKGrTS58LrgI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 8b92b4d8fb7103a0-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 vue2-sfc-loader.js Show response
cdn.jsdelivr.net/npm/vue3-sfc-loader@0.8.4/dist/ 2 MB
522 KB 216ms
57ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/vue3-sfc-loader@0.8.4/dist/vue2-sfc-loader.js

Requested by

Host: ponzi.pages.dev
URL: https://ponzi.pages.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0503d95a8c7f4e00d23a571d9a88ef772b8d608763989d80619b2134b578cb0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ponzi.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 26 Aug 2024 09:13:32 GMT
x-content-type-options: nosniff
content-encoding: br
age: 2940177
x-jsd-version: 0.8.4
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 533564
x-served-by: cache-fra-eddf8230096-FRA, cache-mad2200139-MAD
x-jsd-version-type: version
etag: W/"231c74-mjWaOb5V8Qoqlm1Ool4a8aMbxGc"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET weui.js
cdn.jsdelivr.net/gh/google-clouds/sdk/ 0
0

GET
H2 200 xY9W2jw.jpg
i.imgur.com/ 107 KB
107 KB 651ms
288ms Image
image/jpeg 199.232.192.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/xY9W2jw.jpg

Requested by

Host: ponzi.pages.dev
URL: https://ponzi.pages.dev/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.192.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

43ddb8ac3cf398c76e96e2b822813d5f8146cfd36e7f585eae0986e71edf0444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

Referer: https://ponzi.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 09:13:35 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD89-P1
age: 0
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront, MISS, MISS
content-length: 109399
x-served-by: cache-iad-kcgs7200148-IAD, cache-mad2200142-MAD
last-modified: Tue, 25 Oct 2022 10:58:58 GMT
server: cat factory 1.0
x-timer: S1724663616.714839,VS0,VE208
etag: "161500d739da5ef3b5425c9bbbec9112"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: hCMlGkZ9VQemZTwMMqWfgzxorMOUPv-ASrD1sIvoEsBZV5Pse1zyVg==
x-cache-hits: 0, 0

GET
H3 200 Happiness-Sans-Title.woff2
cdn.jsdelivr.net/gh/projectnoonnu/noonfonts_2205@1.0/ 341 KB
341 KB 522ms
187ms Font
font/woff2 151.101.65.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/projectnoonnu/noonfonts_2205@1.0/Happiness-Sans-Title.woff2

Requested by

Host: ponzi.pages.dev
URL: https://ponzi.pages.dev/

Protocol

Security

QUIC, , AES_256_GCM

Server

151.101.65.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

057e6821a062d9192964d99cf058fe6608230e9e4a464c9652b3756e02460e22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ponzi.pages.dev/
Origin: https://ponzi.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 26 Aug 2024 09:13:35 GMT
x-content-type-options: nosniff
age: 2426871
x-jsd-version: 1.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 348700
x-served-by: cache-fra-etou8220131-FRA, cache-mad2200144-MAD
x-jsd-version-type: version
etag: W/"5521c-14yNteS4rMH95CHDMe8lMY5Gl1A"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 connect Show response
rest.ably.io/comet/ 423 B
949 B 517ms
182ms XHR
application/json 108.156.2.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rest.ably.io/comet/connect?key=1G5jgw.aAN4CA%3AI8psJojzThaXoj0OQewqN3Y-99NtzWiz2IXggVx_0QQ&stream=false&heartbeats=true&v=2&agent=ably-js%2F1.2.50%20browser&rnd=23405585197019763
Requested by: Host: cdn.ably.com
URL: https://cdn.ably.com/lib/ably.min-1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.2.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-2-117.mxp63.r.cloudfront.net
Software: /
Resource Hash: a096ac03284af4de647ca608b363f5b34c048d1ddc50a0eb318423343a9ebd5a

Request headers

accept: application/json
Referer: https://ponzi.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 09:13:35 GMT
via: 1.1 e57379aeeaf825df3f0a6972a5cb719c.cloudfront.net (CloudFront)
x-ably-cluster: production
x-amz-cf-pop: MXP63-P4
vary: Origin
x-ably-serverid: frontend.c832.5.eu-central-1-A.i-0ec57223c4a553999.e91-89fTQBfeB4
content-type: application/json
access-control-allow-origin: https://ponzi.pages.dev
x-cache: Miss from cloudfront
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,X-Ably-Cluster,Server,X-Amz-Cf-Pop
access-control-allow-credentials: true
x-robots-tag: noindex
content-length: 423
x-amz-cf-id: zFTD2XGZl3VscJZlRwPkpcX6wTW4UG2SRDfgy-YJ7UVcsJHrIpIdPw==

GET 661f53c4-26d8-4fc3-bab6-4a8779f7143d
https://ponzi.pages.dev/ 0
0

OPTIONS getsms
chat.to-day.io/ 0
0

POST
H2 201 send Show response
rest.ably.io/comet/e91-89fTQBfeB4!ei3Kq2QMVeASXQOrk8-aGw-11db2/ 2 B
529 B 465ms
455ms XHR
application/json 108.156.2.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rest.ably.io/comet/e91-89fTQBfeB4!ei3Kq2QMVeASXQOrk8-aGw-11db2/send?key=1G5jgw.aAN4CA%3AI8psJojzThaXoj0OQewqN3Y-99NtzWiz2IXggVx_0QQ&rnd=34997357611025404
Requested by: Host: cdn.ably.com
URL: https://cdn.ably.com/lib/ably.min-1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.2.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-2-117.mxp63.r.cloudfront.net
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept: application/json
Referer: https://ponzi.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Mon, 26 Aug 2024 09:13:36 GMT
via: 1.1 e57379aeeaf825df3f0a6972a5cb719c.cloudfront.net (CloudFront)
x-ably-cluster: production
x-amz-cf-pop: MXP63-P4
vary: Origin
x-ably-serverid: frontend.c832.5.eu-central-1-A.i-0ec57223c4a553999.e91-89fTQBfeB4
content-type: application/json
access-control-allow-origin: https://ponzi.pages.dev
x-cache: Miss from cloudfront
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,X-Ably-Cluster,Server,X-Amz-Cf-Pop
access-control-allow-credentials: true
x-robots-tag: noindex
content-length: 2
x-amz-cf-id: 4VYgzO4eKfvrFgJjWgRnyyx63_MUUJKS_YOOZSSa50dW7KSzinDHOw==

GET
H2 200 connect
rest.ably.io/comet/ 359 B
0 71ms
71ms XHR
application/json 108.156.2.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rest.ably.io/comet/connect?key=1G5jgw.aAN4CA%3AI8psJojzThaXoj0OQewqN3Y-99NtzWiz2IXggVx_0QQ&upgrade=e91-89fTQBfeB4!ei3Kq2QMVeASXQOrk8-aGw-11db2&heartbeats=true&v=2&agent=ably-js%2F1.2.50%20browser&rnd=0516256612239383

Requested by

Host: cdn.ably.com
URL: https://cdn.ably.com/lib/ably.min-1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.156.2.117 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-156-2-117.mxp63.r.cloudfront.net

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://ponzi.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 09:13:35 GMT
via: 1.1 e57379aeeaf825df3f0a6972a5cb719c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-ably-cluster: production
x-amz-cf-pop: MXP63-P4
vary: Origin
x-ably-serverid: frontend.c832.5.eu-central-1-A.i-0ec57223c4a553999.e91-89fTQBfeB4
content-type: application/json
access-control-allow-origin: https://ponzi.pages.dev
x-cache: Miss from cloudfront
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,X-Ably-Cluster,Server,X-Amz-Cf-Pop
access-control-allow-credentials: true
x-robots-tag: noindex
x-amz-cf-id: 0Y9hZd9qNEMd2F7QDjuIjtwFtoZ-fWmC1okaVD26ctXr5pSKAkKMiw==

GET recv
rest.ably.io/comet/e91-89fTQBfeB4!ei3Kq2QMVeASXQOrk8-aGw-11db2/ 0
0

OPTIONS
H2 204 send
rest.ably.io/comet/e91-89fTQBfeB4!ei3Kq2QMVeASXQOrk8-aGw-11db2/ 0
0 57ms
56ms Preflight 108.156.2.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rest.ably.io/comet/e91-89fTQBfeB4!ei3Kq2QMVeASXQOrk8-aGw-11db2/send?key=1G5jgw.aAN4CA%3AI8psJojzThaXoj0OQewqN3Y-99NtzWiz2IXggVx_0QQ&rnd=34997357611025404
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.2.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-2-117.mxp63.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://ponzi.pages.dev
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Content-Length,Accept,Authorization,X-Ably-Version,X-Ably-Lib,X-Ably-ClientId,Ably-Agent,X-Ably-DeviceToken
access-control-allow-methods: GET, POST, DELETE, PUT, PATCH, OPTIONS
access-control-allow-origin: https://ponzi.pages.dev
access-control-max-age: 3600
date: Mon, 26 Aug 2024 09:13:35 GMT
via: 1.1 e57379aeeaf825df3f0a6972a5cb719c.cloudfront.net (CloudFront)
x-ably-cluster: production
x-ably-serverid: frontdoor.effd.eu-central-1-A.i-0f8e3dd7873430fe5.e91yMf6LgwpjBp
x-amz-cf-id: Ipx898UOeAp091_ajrt3ZGFXwJx2Ny45TQ2KG2YeIRpj2ZrjIrWlNQ==
x-amz-cf-pop: MXP63-P4
x-cache: Miss from cloudfront

GET
H3 200 favicon.ico
ponzi.pages.dev/ 95 KB
16 KB 85ms
82ms Other
text/html 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ponzi.pages.dev/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f950e1ecfe71f5131c85f7c484bf04ce0a52480a68f078730bebce1966e955d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ponzi.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 09:13:36 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lIFS2wz43hxmYSYy5nITrn55t69lFA2aL%2BMz9x3GqWT2ZZeNDAOD1aHqIhRAX1mVj062X12VfULfXCqRbovDDM4G%2FwmEHU9m5qI7kEjj446yVpuX2KpWdLV0hGwvvTUq6UY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 8b92b4f1ac3403a0-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 204 disconnect Show response
rest.ably.io/comet/e91-89fTQBfeB4!ei3Kq2QMVeASXQOrk8-aGw-11db2/ 0
487 B 82ms
78ms XHR
text/plain 108.156.2.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rest.ably.io/comet/e91-89fTQBfeB4!ei3Kq2QMVeASXQOrk8-aGw-11db2/disconnect?key=1G5jgw.aAN4CA%3AI8psJojzThaXoj0OQewqN3Y-99NtzWiz2IXggVx_0QQ&rnd=4065764932455658
Requested by: Host: cdn.ably.com
URL: https://cdn.ably.com/lib/ably.min-1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.2.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-2-117.mxp63.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept: application/json
Referer: https://ponzi.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 09:13:36 GMT
via: 1.1 e57379aeeaf825df3f0a6972a5cb719c.cloudfront.net (CloudFront)
x-ably-cluster: production
x-amz-cf-pop: MXP63-P4
vary: Origin
x-ably-serverid: frontend.c832.5.eu-central-1-A.i-0ec57223c4a553999.e91-89fTQBfeB4
x-cache: Miss from cloudfront
access-control-allow-origin: https://ponzi.pages.dev
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,X-Ably-Cluster,Server,X-Amz-Cf-Pop
access-control-allow-credentials: true
x-robots-tag: noindex
x-amz-cf-id: 62n75K7iaz5xoGU0oGfSPWNtzeY1JGJ2NYv03fYZFCDtci3YXDv8SA==

GET
H2 204 disconnect Show response
rest.ably.io/comet/e91-89fTQBfeB4!ei3Kq2QMVeASXQOrk8-aGw-11db3/ 0
489 B 84ms
81ms XHR
text/plain 108.156.2.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rest.ably.io/comet/e91-89fTQBfeB4!ei3Kq2QMVeASXQOrk8-aGw-11db3/disconnect?key=1G5jgw.aAN4CA%3AI8psJojzThaXoj0OQewqN3Y-99NtzWiz2IXggVx_0QQ&rnd=0886469825072993
Requested by: Host: cdn.ably.com
URL: https://cdn.ably.com/lib/ably.min-1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.2.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-2-117.mxp63.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept: application/json
Referer: https://ponzi.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 09:13:36 GMT
via: 1.1 e57379aeeaf825df3f0a6972a5cb719c.cloudfront.net (CloudFront)
x-ably-cluster: production
x-amz-cf-pop: MXP63-P4
vary: Origin
x-ably-serverid: frontend.c832.5.eu-central-1-A.i-0ec57223c4a553999.e91-89fTQBfeB4
x-cache: Miss from cloudfront
access-control-allow-origin: https://ponzi.pages.dev
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,X-Ably-Cluster,Server,X-Amz-Cf-Pop
access-control-allow-credentials: true
x-robots-tag: noindex
x-amz-cf-id: j4yWilTuLRHbC03Z7KaXJ7R6DNMZ3GUH4Squ7NQBR90w7K0lC0zoTg==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/google-clouds/sdk/lock.js

Domain: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/google-clouds/sdk/weui.js

Domain: ponzi.pages.dev
URL: blob:https://ponzi.pages.dev/661f53c4-26d8-4fc3-bab6-4a8779f7143d

Domain: chat.to-day.io
URL: https://chat.to-day.io/getsms

Domain: rest.ably.io
URL: https://rest.ably.io/comet/e91-89fTQBfeB4!ei3Kq2QMVeASXQOrk8-aGw-11db2/recv?key=1G5jgw.aAN4CA%3AI8psJojzThaXoj0OQewqN3Y-99NtzWiz2IXggVx_0QQ&rnd=7178592548684508

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.ponzi.pages.dev/	1970-01-20 23:05:50	Name: __cf_mw_byp Value: dfAMqKMAnnpJ1X6U_Jb1tkJwyYGmpYqdoFxGJS_m550-1724663607-0.0.1.1-/

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn.ably.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
chat.to-day.io
i.imgur.com
ponzi.pages.dev
res.wx.qq.com
rest.ably.io
unpkg.com
cdn.jsdelivr.net
chat.to-day.io
ponzi.pages.dev
rest.ably.io
104.17.24.14
108.156.2.117
151.101.65.229
188.114.96.3
199.232.192.193
2600:9000:2248:7600:5:57e9:e553:c21
2606:4700::6811:f6cb
2a00:1450:4001:80e::200a
2a04:4e42:400::485
43.175.151.230
0503d95a8c7f4e00d23a571d9a88ef772b8d608763989d80619b2134b578cb0d
057e6821a062d9192964d99cf058fe6608230e9e4a464c9652b3756e02460e22
28728dddb9b40ed2c58c48c38e531908f54edbfe30c737d31f3ebab3c33ca248
3bbae465a724f38aa8b0f8e02ffbb46a413533197227412f1dd613202471632d
43ddb8ac3cf398c76e96e2b822813d5f8146cfd36e7f585eae0986e71edf0444
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
568192c8eac236b770233e9a77a81e1b914b36e9439562e17bb660eaf7bc399e
5c080ae537e7ad3aaa46c6801dd40c2a66d8ddf34bf8cb8be9582d96ae8411b9
6f950e1ecfe71f5131c85f7c484bf04ce0a52480a68f078730bebce1966e955d
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
9a64625eb9dfdc04e88c65f33f03521c11a96d2252e4e0f02e05de3de0624d16
a096ac03284af4de647ca608b363f5b34c048d1ddc50a0eb318423343a9ebd5a
a8420002621731ad5b96f42ba7b609cf4ff295bbb02e8fc0645c506b11106fb7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
fc716d0cf4bcc55e0f96967d60ac472cdb9d2d89f7d593f959edf0b3252ccece

ponzi.pages.dev Open in urlscan Pro 188.114.96.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

26 Requests

77 %HTTPS

40 %IPv6

10 Domains

10 Subdomains

11 IPs

5 Countries

1163 kBTransfer

3418 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

26 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

17 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

ponzi.pages.dev Open in urlscan Pro
188.114.96.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

26
Requests

77 %
HTTPS

40 %
IPv6

10
Domains

10
Subdomains

11
IPs

5
Countries

1163 kB
Transfer

3418 kB
Size

1
Cookies

26 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!