vipsupport.festivalmarqueecompany.cyou Open in urlscan Pro
2606:4700:3034::6815:45b2  Malicious Activity! Public Scan

2 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://goo.googoodee.com/metaref?tag_id=blitz.gg&tag=103 Page URL
2. https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/index.html?info=103&crid=blitz.gg&uid=75e3c3a2-1219-4c39-9f4e-046cd27d71be Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	metaref Show response goo.googoodee.com/	225 B 412 B	151ms 44ms	Document text/html	208.85.23.154 AS-CHOOPA
General Check archive.org Show headers Download Go to Full URL https://goo.googoodee.com/metaref?tag_id=blitz.gg&tag=103 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 208.85.23.154 Madrid, Spain, ASN20473 (AS-CHOOPA, US), Reverse DNS 208.85.23.154.vultrusercontent.com Software nginx/1.18.0 (Ubuntu) / Resource Hash 0f241b121b1b609269fb59e5947fa15b58b752d254e70cace5a7baf40b1afdf7 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 accept-language it-IT,it;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=utf-8 Date Sat, 27 May 2023 19:07:53 GMT Server nginx/1.18.0 (Ubuntu) Transfer-Encoding chunked
GET H2	200	Primary Request index.html Show response vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/	26 KB 7 KB	282ms 231ms	Document text/html	2606:4700:3034::6815:45b2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/index.html?info=103&crid=blitz.gg&uid=75e3c3a2-1219-4c39-9f4e-046cd27d71be Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::6815:45b2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f5cf5e7f9228e1b434fdbf0ce8860a3b33e9c754aebf8f7ceba2f2345a9e8839 Request headers Referer https://goo.googoodee.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 accept-language it-IT,it;q=0.9 Response headers access-control-allow-headers DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7ce08b195f420e4a-MXP content-encoding br content-type text/html date Sat, 27 May 2023 19:07:53 GMT last-modified Wed, 08 Mar 2023 03:41:56 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OVgsKf0EJca1nnbD5VXKN9Op03DtcukbxC1sCLb618PdXUGc9XWdaRgFlMZNUqVS471FFx6mf8i9jUBX5RtyhiPqTpMCdzuFUVFK0jYPihv4mnvR%2F8eRa4wh%2FNydF9h3E9cOKKX5zLZLu1VqN1%2F5gFispXREXP7jrzTky%2Fn7yFn9lpaNAQ%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H2	200	language-1.0.0.js Show response vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/	160 KB 39 KB	29ms 28ms	Script application/javascript	2606:4700:3034::6815:45b2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/language-1.0.0.js Requested by Host: vipsupport.festivalmarqueecompany.cyou URL: https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/index.html?info=103&crid=blitz.gg&uid=75e3c3a2-1219-4c39-9f4e-046cd27d71be Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::6815:45b2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 536198292f4879073fade2e624e3e62d0991540d29b51441076efeeb4de51317 Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sat, 27 May 2023 19:07:53 GMT content-encoding br cf-cache-status HIT last-modified Wed, 08 Mar 2023 08:53:44 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 20455 etag W/"64084d18-27eb5" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R%2FjzsNIOhjbAXobB6eMawVo80miv3L%2BYfkH0FuuHcN92mmNrHAkyv4dpV%2BiNI0BqKugwe9S0LddzJ3LDvtPFuxG85c%2FotSCl4YyTqQrpnH0kz8iLrv2s5kjOHi13ysfnCw549iXrjrVI3bpNSnH4j4Mu4l%2BX28Zx%2F%2B9n%2F5VHnZ1E6rbrOw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control public, max-age=2592000 cf-ray 7ce08b1ad93f0e4a-MXP alt-svc h3=":443"; ma=86400 expires Mon, 26 Jun 2023 13:26:58 GMT
GET H2	200	main.css vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/	14 KB 3 KB	24ms 23ms	Stylesheet text/css	2606:4700:3034::6815:45b2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/main.css Requested by Host: vipsupport.festivalmarqueecompany.cyou URL: https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/index.html?info=103&crid=blitz.gg&uid=75e3c3a2-1219-4c39-9f4e-046cd27d71be Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::6815:45b2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 014b7fc01567794e161ee99ad65acb8e741d1027e38e8959af170b59799fddcd Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sat, 27 May 2023 19:07:53 GMT content-encoding br cf-cache-status HIT last-modified Wed, 08 Mar 2023 03:09:04 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 20455 etag W/"6407fc50-3957" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rBegJPYPZfLbCx%2BG%2Fu9305xqHG4B%2FNG%2Bm9DAS4gYjsWQohDJyrtZ65%2B%2FOJCVZchEeI2hlsafJLwk%2BtU4uHHF9QS8xD1wljRNx4358amj1hblYTzrBGYpttZTsP8O%2FWs3qnhjQL7tWVUYYzfG5iPWjQsEP0YtqtKGiQBFu3e4j9xUw3IKYQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=21600 cf-ray 7ce08b1ad9400e4a-MXP alt-svc h3=":443"; ma=86400 expires Sat, 27 May 2023 19:26:58 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	171 KB 63 KB	100ms 40ms	Script application/javascript	2a00:1450:4001:809::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-259459715-1 Requested by Host: vipsupport.festivalmarqueecompany.cyou URL: https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/index.html?info=103&crid=blitz.gg&uid=75e3c3a2-1219-4c39-9f4e-046cd27d71be Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 84a1a4259bff861694d601cb3790bbdf3829b24c2ae7158c09787eb0ffdfb632 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sat, 27 May 2023 19:07:53 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 63840 x-xss-protection 0 last-modified Sat, 27 May 2023 18:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Sat, 27 May 2023 19:07:53 GMT
GET H3	200	arrow_animation.gif vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/	8 KB 8 KB	42ms 41ms	Image image/gif	2606:4700:3034::6815:45b2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/arrow_animation.gif Requested by Host: vipsupport.festivalmarqueecompany.cyou URL: https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/index.html?info=103&crid=blitz.gg&uid=75e3c3a2-1219-4c39-9f4e-046cd27d71be Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:45b2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5b51195b8674efdfbf920a779f9eb0ab2761a44c1d634ac7fb5bb0a19800aaa5 Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sat, 27 May 2023 19:07:53 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 20453 alt-svc h3=":443"; ma=86400 content-length 7944 last-modified Wed, 08 Mar 2023 03:09:04 GMT server cloudflare etag "6407fc50-1f08" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x9bNLv1Gm8AUtLDHrKYMfxEASDpb2quPS2vrtaV05tQWB5lsdoWfZtOLzPhJp%2FEsi4YORmqS9USxCodCD4SC%2BTxVC%2FC6XtgVAm1FUOor8uHMRjk%2F7j3pLW69eBBGdcl0kQkUUgkZNySj3LVgB5tfKjnNfx7X1rTpakxhFOLzjuXleFddzQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control public, max-age=2592000 accept-ranges bytes cf-ray 7ce08b1b1aef0d65-MXP expires Mon, 26 Jun 2023 13:27:00 GMT
GET H3	200	icon_saf.png vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/	487 B 1 KB	24ms 22ms	Image image/png	2606:4700:3034::6815:45b2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/icon_saf.png Requested by Host: vipsupport.festivalmarqueecompany.cyou URL: https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/index.html?info=103&crid=blitz.gg&uid=75e3c3a2-1219-4c39-9f4e-046cd27d71be Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:45b2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 36f016b0cf55a9ec191762f78060fd203ee96aff86407e0612982f09a3b2faee Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sat, 27 May 2023 19:07:53 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 20453 alt-svc h3=":443"; ma=86400 content-length 487 last-modified Wed, 08 Mar 2023 03:09:04 GMT server cloudflare etag "6407fc50-1e7" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wCFnogwXjmJJ2c5JU9Ofga%2Bpj1pIYwUAnnAwNEeknvOPUknxTgEC8NQDZAeAX1SDBTjAy70m9VQmcIOeg%2B05ERJuT7%2Bb1doxafTbS7oljaoUhyQY0cKDuBCQUFz%2FBPxhpSUGkKsEXJIl91lT7b%2BmxHqW83%2B%2BgqyPuTaQ27tmdqfTwGIA5w%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=2592000 accept-ranges bytes cf-ray 7ce08b1b1af10d65-MXP expires Mon, 26 Jun 2023 13:27:00 GMT
GET H3	200	arrow_animation2.gif vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/	8 KB 8 KB	42ms 41ms	Image image/gif	2606:4700:3034::6815:45b2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/arrow_animation2.gif Requested by Host: vipsupport.festivalmarqueecompany.cyou URL: https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/index.html?info=103&crid=blitz.gg&uid=75e3c3a2-1219-4c39-9f4e-046cd27d71be Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:45b2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3daba949a682d184ffb892cd8b1a1ce4e4e9b13cb8d8e70334110a3c62a142cd Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sat, 27 May 2023 19:07:53 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 20453 alt-svc h3=":443"; ma=86400 content-length 7948 last-modified Wed, 08 Mar 2023 03:09:04 GMT server cloudflare etag "6407fc50-1f0c" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=isxsiV8MX23sLZbCH6NRN7%2FVNUcW1%2FeAsTHTsKEsl8EUhAttmB%2BW7l3D4zvWHLP5tjyQGt5CXejX0wggMfrDIuSeQ24BgypR2kwLZOcnsptWiEPoJp4EUhyXjCDvAjDoSUKZDAgvsf8sgKTJIUUp3CBUUwbNh4DKuzceWeQRemWozikU8Q%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control public, max-age=2592000 accept-ranges bytes cf-ray 7ce08b1b1af20d65-MXP expires Mon, 26 Jun 2023 13:27:00 GMT
GET H3	200	header_w.png vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/	44 KB 45 KB	28ms 26ms	Image image/png	2606:4700:3034::6815:45b2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/header_w.png Requested by Host: vipsupport.festivalmarqueecompany.cyou URL: https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/index.html?info=103&crid=blitz.gg&uid=75e3c3a2-1219-4c39-9f4e-046cd27d71be Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:45b2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0006a2792440ad020ffbd13961b641c8ca2144812e0b27c56fd2e766edf3ab99 Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sat, 27 May 2023 19:07:53 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 20453 alt-svc h3=":443"; ma=86400 content-length 45210 last-modified Wed, 08 Mar 2023 03:09:04 GMT server cloudflare etag "6407fc50-b09a" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YHjC0vI83mOr9WjBRJX1pJJBPkFvJY2Go4wd964vXhANEuNBNFlnnqzKZ9fDSHpqTv26Qj07g8daxi%2Fv%2BpxP7i5QTISvApYArTrTNTeH76oqTFjORFADFS1f%2FHaMzxzTUg0plU9tTImZe7%2FKRnVa0%2F8rRJaro6xg2FLWxOxyQ4WDGwHcVA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=2592000 accept-ranges bytes cf-ray 7ce08b1b1af30d65-MXP expires Mon, 26 Jun 2023 13:27:00 GMT
GET H3	200	microsoft.jpeg vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/	10 KB 10 KB	25ms 23ms	Image image/jpeg	2606:4700:3034::6815:45b2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/microsoft.jpeg Requested by Host: vipsupport.festivalmarqueecompany.cyou URL: https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/index.html?info=103&crid=blitz.gg&uid=75e3c3a2-1219-4c39-9f4e-046cd27d71be Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:45b2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6d26708d427902b82f121730725daf3fc119b6e0a43e9615f9b247a7f38ed359 Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sat, 27 May 2023 19:07:53 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 20453 alt-svc h3=":443"; ma=86400 content-length 9883 last-modified Wed, 08 Mar 2023 03:09:04 GMT server cloudflare etag "6407fc50-269b" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6xDf9QhOYDMP2Q0CQK3b%2F7p5Xt1zDGI%2B4SunVDJ5mM66ZmICmul7kDoXgd5eqe0siTqdclJekXTO6Jqz6y2gYzgIPX4rGIC%2BO0qU2rmoEJ1ytJgKz7vmJlojhiy1jKVGQQB1srCkYDM%2FAz85FkbSC3x8UD2bomN1wUNf6fTV3x8IhGs6dQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control public, max-age=2592000 accept-ranges bytes cf-ray 7ce08b1b1af50d65-MXP expires Mon, 26 Jun 2023 13:27:00 GMT
GET H3	200	ajax2.svg vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/	3 KB 941 B	58ms 57ms	Image image/svg+xml	2606:4700:3034::6815:45b2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/ajax2.svg Requested by Host: vipsupport.festivalmarqueecompany.cyou URL: https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/index.html?info=103&crid=blitz.gg&uid=75e3c3a2-1219-4c39-9f4e-046cd27d71be Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:45b2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4ad738321cad0b03983ba16220d04889539780210de03f1661c08f9adc9aad78 Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sat, 27 May 2023 19:07:53 GMT content-encoding br cf-cache-status HIT last-modified Wed, 08 Mar 2023 03:09:04 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 20453 etag W/"6407fc50-c00" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R7%2BJ6Ir%2BoP%2BdkxnWtzcKR%2FXePhdQVPfkFOzPWQ7%2BNrvnG9oH9bEPwnyukxVMZugjywR6bN2AJsJ7XZ%2F1JIVx4atO97RKeKwNlEahcIkm%2Fbqb23TetywxzEJNhEHnYx7TGmdR4156cy3Ksux354FpALLlxT54jvjeA9fnVkbhGQOEdKJ4fw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=2592000 cf-ray 7ce08b1b1af70d65-MXP alt-svc h3=":443"; ma=86400 expires Mon, 26 Jun 2023 13:27:00 GMT
GET H3	200	dreq.png vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/	720 B 1 KB	58ms 57ms	Image image/png	2606:4700:3034::6815:45b2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/dreq.png Requested by Host: vipsupport.festivalmarqueecompany.cyou URL: https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/index.html?info=103&crid=blitz.gg&uid=75e3c3a2-1219-4c39-9f4e-046cd27d71be Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:45b2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b62f1a81bfc0d281c853d7d1169c8866e33b58c7a990734cb6d6d91b2dbaf49a Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sat, 27 May 2023 19:07:53 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 20453 alt-svc h3=":443"; ma=86400 content-length 720 last-modified Wed, 08 Mar 2023 03:09:04 GMT server cloudflare etag "6407fc50-2d0" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VRtHL0ueHENysCIZDGSOvs2Wj3tSlKw2E82mx4EK4ayF7h90eLwFP5aLZxg4BR%2Fe0kNouuuzGX2Pmc9v%2FTlsSQHkS0odU1rdUwaSccz0deHRQTjU7RcaLQGB1RZp71pzTo1l7NjwFWe7UjaWiQJEfTSr0e%2BedGFI07bvqfCRXhPZQdonTA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=2592000 accept-ranges bytes cf-ray 7ce08b1b1af90d65-MXP expires Mon, 26 Jun 2023 13:27:00 GMT
GET H3	200	cross.png vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/	344 B 875 B	59ms 58ms	Image image/png	2606:4700:3034::6815:45b2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/cross.png Requested by Host: vipsupport.festivalmarqueecompany.cyou URL: https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/index.html?info=103&crid=blitz.gg&uid=75e3c3a2-1219-4c39-9f4e-046cd27d71be Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:45b2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9b1192a77adc835c1665f249fd08384d10a447271925e6d81fcdc8fdfba7771e Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sat, 27 May 2023 19:07:53 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 20453 alt-svc h3=":443"; ma=86400 content-length 344 last-modified Wed, 08 Mar 2023 03:09:04 GMT server cloudflare etag "6407fc50-158" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lui9vW8NjI29Zwm8qkSBt1B%2F0fv9svqG1sWK3shR9glSJVLzdhP6UhLZd7sWixicBdXAoGupddOlsBcXcKm2GwBX3kGZndz%2F%2BnmdBk7SlDg1DjXQWkWrr%2B1fy3bYo7cgRx4uw%2F7GAuTr0Wdv83QbbCaWY7eC64KmZxSs%2FLn3uBLTvFWhkw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=2592000 accept-ranges bytes cf-ray 7ce08b1b1afa0d65-MXP expires Mon, 26 Jun 2023 13:27:00 GMT
GET H3	200	tick.png vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/	381 B 915 B	59ms 58ms	Image image/png	2606:4700:3034::6815:45b2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/tick.png Requested by Host: vipsupport.festivalmarqueecompany.cyou URL: https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/index.html?info=103&crid=blitz.gg&uid=75e3c3a2-1219-4c39-9f4e-046cd27d71be Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::6815:45b2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 562b29e08c7d623d3604b9fce91a6715c5f3d14ce62fee4e3c806b72528402ce Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sat, 27 May 2023 19:07:53 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 20453 alt-svc h3=":443"; ma=86400 content-length 381 last-modified Wed, 08 Mar 2023 03:09:04 GMT server cloudflare etag "6407fc50-17d" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SXbgEPGYbNxyiMFNXxewaF0%2BMoPDZFobSsKBrCfGDdLAsDuputhsesQYn%2FKPKdt0KqScUXfVAwXIqVa0%2FaIInj9uc55pZkijXS1W6kmQ3tE0d%2FIOOjz8kC%2B4Zh6c1Osvwe6u5o1VZk5s%2BfxwyAx3oyGj%2FLw5gdIQKTo8DRSRUCfYWXvRTg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=2592000 accept-ranges bytes cf-ray 7ce08b1b1afd0d65-MXP expires Mon, 26 Jun 2023 13:27:00 GMT
GET H2	200	moment-with-locales.min.js Show response vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/	361 KB 73 KB	34ms 34ms	Script application/javascript	2606:4700:3034::6815:45b2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/moment-with-locales.min.js Requested by Host: vipsupport.festivalmarqueecompany.cyou URL: https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/index.html?info=103&crid=blitz.gg&uid=75e3c3a2-1219-4c39-9f4e-046cd27d71be Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::6815:45b2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1374a7c31e85e2dec3880fcbdc380f93a227d8cd7be3b2526aefb73d68ed4b92 Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sat, 27 May 2023 19:07:53 GMT content-encoding br cf-cache-status HIT last-modified Wed, 08 Mar 2023 03:09:04 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 20454 etag W/"6407fc50-5a218" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3rvNmSOEIZ43Jt4nukiYdBESYFWxnA9Cpp%2FCFI%2Bk0jmj8eLgKruy1w%2B1%2BkE3KuOBp3pCmopcDa2ktHrXFKxOeOWvcFqRGn3TVBWy0KG8VuIDwGwSZeuCu3jjSFA%2BZ1LWP4ar1JO19Pf2rCYpfCf06FoC%2BmoS7puIWTy7wB1qejJzgi7Nig%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control public, max-age=2592000 cf-ray 7ce08b1af9770e4a-MXP alt-svc h3=":443"; ma=86400 expires Mon, 26 Jun 2023 13:26:59 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	203 KB 73 KB	38ms 37ms	Script application/javascript	2a00:1450:4001:809::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-N6K3DQ9QRS&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-259459715-1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 325b2180517f9c903f5a5e66dda94e2177611ca8612f8b5c8374d0d6007875a3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sat, 27 May 2023 19:07:53 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 74780 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Sat, 27 May 2023 19:07:53 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	51 KB 21 KB	94ms 28ms	Script text/javascript	2a00:1450:4001:812::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-259459715-1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Sat, 27 May 2023 18:35:34 GMT last-modified Mon, 17 Apr 2023 22:36:01 GMT server Golfe2 age 1939 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20737 expires Sat, 27 May 2023 20:35:34 GMT
POST H2	204	collect region1.google-analytics.com/g/	0 270 B	84ms 34ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-N6K3DQ9QRS&gtm=45je35o0&_p=798610812&cid=877599221.1685214474&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1685214473&sct=1&seg=0&dl=https%3A%2F%2Fvipsupport.festivalmarqueecompany.cyou%2Fmacfeeus%2Fmcafeewint1%2Findex.html%3Finfo%3D103%26crid%3Dblitz.gg%26uid%3D75e3c3a2-1219-4c39-9f4e-046cd27d71be&dr=https%3A%2F%2Fgoo.googoodee.com%2F&dt=Virus%20Found%20-%20Windows&en=page_view&_fv=1&_nsi=1&_ss=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-N6K3DQ9QRS&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers pragma no-cache date Sat, 27 May 2023 19:07:53 GMT server Golfe2 content-type text/plain access-control-allow-origin https://vipsupport.festivalmarqueecompany.cyou cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response www.google-analytics.com/j/	1 B 222 B	37ms 36ms	XHR text/plain	2a00:1450:4001:812::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j100&a=798610812&t=pageview&_s=1&dl=https%3A%2F%2Fvipsupport.festivalmarqueecompany.cyou%2Fmacfeeus%2Fmcafeewint1%2Findex.html%3Finfo%3D103%26crid%3Dblitz.gg%26uid%3D75e3c3a2-1219-4c39-9f4e-046cd27d71be&dr=https%3A%2F%2Fgoo.googoodee.com%2F&ul=en-us&de=UTF-8&dt=Virus%20Found%20-%20Windows&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1533104510&gjid=1815404793&cid=877599221.1685214474&tid=UA-259459715-1&_gid=1262419113.1685214474&_r=1&gtm=457e35o0&jsscut=1&z=1819057969 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Sat, 27 May 2023 19:07:53 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://vipsupport.festivalmarqueecompany.cyou cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1 expires Fri, 01 Jan 1990 00:00:00 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Apple Software Update (Online)

37 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| i18nUpdate object| params string| prod object| userLanguages string| useLanguage object| supportedLangauges object| esmxMapping object| zhtwMapping number| alertDelay boolean| redirect string| url string| product function| next_step function| goto function| setredirect function| getredirect function| gtag object| dataLayer function| moment function| beep function| countdown object| audioCtx number| x object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaGlobal object| gaplugins object| gaData number| volume number| duration string| type number| frequency number| nmins number| nsecs

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.festivalmarqueecompany.cyou/	1970-01-20 21:42:54	Name: _ga_N6K3DQ9QRS Value: GS1.1.1685214473.1.0.1685214473.0.0.0
			.festivalmarqueecompany.cyou/	1970-01-20 21:42:54	Name: _ga Value: GA1.2.877599221.1685214474
			.festivalmarqueecompany.cyou/	1970-01-20 12:08:20	Name: _gid Value: GA1.2.1262419113.1685214474
			.festivalmarqueecompany.cyou/	1970-01-20 12:06:54	Name: _gat_gtag_UA_259459715_1 Value: 1

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/index.html?info=103&crid=blitz.gg&uid=75e3c3a2-1219-4c39-9f4e-046cd27d71be(Line 302) Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
other	warning	URL: https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/index.html?info=103&crid=blitz.gg&uid=75e3c3a2-1219-4c39-9f4e-046cd27d71be(Line 315) Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
other	warning	URL: https://vipsupport.festivalmarqueecompany.cyou/macfeeus/mcafeewint1/index.html?info=103&crid=blitz.gg&uid=75e3c3a2-1219-4c39-9f4e-046cd27d71be(Line 315) Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

goo.googoodee.com
region1.google-analytics.com
vipsupport.festivalmarqueecompany.cyou
www.google-analytics.com
www.googletagmanager.com
2001:4860:4802:32::36
208.85.23.154
2606:4700:3034::6815:45b2
2a00:1450:4001:809::2008
2a00:1450:4001:812::200e
0006a2792440ad020ffbd13961b641c8ca2144812e0b27c56fd2e766edf3ab99
014b7fc01567794e161ee99ad65acb8e741d1027e38e8959af170b59799fddcd
0f241b121b1b609269fb59e5947fa15b58b752d254e70cace5a7baf40b1afdf7
1374a7c31e85e2dec3880fcbdc380f93a227d8cd7be3b2526aefb73d68ed4b92
325b2180517f9c903f5a5e66dda94e2177611ca8612f8b5c8374d0d6007875a3
36f016b0cf55a9ec191762f78060fd203ee96aff86407e0612982f09a3b2faee
3daba949a682d184ffb892cd8b1a1ce4e4e9b13cb8d8e70334110a3c62a142cd
4ad738321cad0b03983ba16220d04889539780210de03f1661c08f9adc9aad78
536198292f4879073fade2e624e3e62d0991540d29b51441076efeeb4de51317
562b29e08c7d623d3604b9fce91a6715c5f3d14ce62fee4e3c806b72528402ce
5b51195b8674efdfbf920a779f9eb0ab2761a44c1d634ac7fb5bb0a19800aaa5
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d26708d427902b82f121730725daf3fc119b6e0a43e9615f9b247a7f38ed359
84a1a4259bff861694d601cb3790bbdf3829b24c2ae7158c09787eb0ffdfb632
9b1192a77adc835c1665f249fd08384d10a447271925e6d81fcdc8fdfba7771e
b62f1a81bfc0d281c853d7d1169c8866e33b58c7a990734cb6d6d91b2dbaf49a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
f5cf5e7f9228e1b434fdbf0ce8860a3b33e9c754aebf8f7ceba2f2345a9e8839