facebooklooker.pages.dev Open in urlscan Pro
2606:4700:310c::ac42:2f68  Malicious Activity! Public Scan

2 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response facebooklooker.pages.dev/	8 KB 2 KB	204ms 106ms	Document text/html	2606:4700:310c::ac42:2f68 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://facebooklooker.pages.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:310c::ac42:2f68 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2c3048c178b597d009b9d0586fe1a6e788b8e835a80c0a2dbc7ca46f15e38303 Security Headers Name Value X-Content-Type-Options nosniff Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-origin * alt-svc h3=":443"; ma=86400 cache-control public, max-age=0, must-revalidate cf-ray 813887bf0ec32bce-FRA content-encoding br content-type text/html; charset=utf-8 date Mon, 09 Oct 2023 18:01:41 GMT etag W/"ae53fc0503b75007a43c5bd88d520bba" nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} referrer-policy strict-origin-when-cross-origin report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UfBJ1oUbElBk687zmu%2F74io6lcklSsZYQGXO3S9tpLeLFsSZXmoZYyOev%2BKAz9TFTNc7Tb%2FZ2QHPJF%2FUR1lKgmot08EjQ0%2B9GTVigpmsGogFkkvZHbGHmdRFXIkij9CypTHHM4pWYq3zhlrzbEUNKDg6ClPztvI%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-content-type-options nosniff
GET H2	200	ssastyle.css facebooklooker.pages.dev/css/	5 KB 2 KB	107ms 107ms	Stylesheet text/css	2606:4700:310c::ac42:2f68 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://facebooklooker.pages.dev/css/ssastyle.css Requested by Host: facebooklooker.pages.dev URL: https://facebooklooker.pages.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:310c::ac42:2f68 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 44be5bdc2b34bd09f429e5e9e5b34d6177eae815c80f2b2013a3d1108387373d Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://facebooklooker.pages.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 18:01:41 GMT content-encoding br referrer-policy strict-origin-when-cross-origin x-content-type-options nosniff nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"6e4dca17361d03804b3706c723a8c9c2" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V3otIPAN2n7gsKU8WFuhKWcqm7Ylfwju7s5dqG%2FcKySpaTWSQIxyCcDizRqujM6bBflFvkl5PlREJY3J%2Bu4DNstanQUV%2B2E%2BJaac8kNzHveycvaznKnyiZPloFY34gABFS6ny6EeI27I1BMbj2l0Yw38mfNZMJM%3D"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * cache-control public, max-age=0, must-revalidate cf-ray 813887bfbfda2bce-FRA alt-svc h3=":443"; ma=86400
GET H2	200	81k3q Show response appinstallcheck.com/cp/js/	262 KB 263 KB	401ms 158ms	Script text/javascript	23.22.126.183 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://appinstallcheck.com/cp/js/81k3q Requested by Host: facebooklooker.pages.dev URL: https://facebooklooker.pages.dev/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.22.126.183 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-22-126-183.compute-1.amazonaws.com Software nginx / Resource Hash 1f1e2a3771bff92dd98580480fcbe3342742b99471be4f11a75246a2dbffc0f7 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains X-Content-Type-Options DENY, nosniff X-Xss-Protection 1; mode=block, 1; mode=block Request headers Referer https://facebooklooker.pages.dev/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Mon, 09 Oct 2023 18:01:41 GMT strict-transport-security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains x-content-type-options DENY, nosniff server nginx content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control no-cache, private x-robots-tag none x-xss-protection 1; mode=block, 1; mode=block
GET H3	200	Facebook-Logo-PNG-Clipart.png facebooklooker.pages.dev/img/	79 KB 79 KB	148ms 147ms	Image image/png	2606:4700:310c::ac42:2f68 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://facebooklooker.pages.dev/img/Facebook-Logo-PNG-Clipart.png Requested by Host: facebooklooker.pages.dev URL: https://facebooklooker.pages.dev/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:310c::ac42:2f68 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1471cc727502133d1eec36368a868ddd84019312c8586cc9d01b7a8ac23e39f0 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://facebooklooker.pages.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 18:01:41 GMT referrer-policy strict-origin-when-cross-origin x-content-type-options nosniff nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "24b89dacb7497e25e4eebe46761fe408" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AP8Qog2f5iaG6dBuPEvAnc93EIs%2F1%2BBuhM6ca9OaeqHhC3BIy%2B4VaXLEJjlxyTVGXZ8COMiCjrOSuiSbmTDq9m%2FccC4dl5rxUprT3QWCH1%2FSuS9hSXNDbyXKATDQLP0ZbXJajk1l0RVsvwgXXXGraTjFoYjYTwY%3D"}],"group":"cf-nel","max_age":604800} content-type image/png access-control-allow-origin * cache-control public, max-age=0, must-revalidate cf-ray 813887c08b4f1cc9-FRA alt-svc h3=":443"; ma=86400 content-length 80595
GET H3	200	loding.gif facebooklooker.pages.dev/img/	44 KB 45 KB	109ms 108ms	Image image/gif	2606:4700:310c::ac42:2f68 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://facebooklooker.pages.dev/img/loding.gif Requested by Host: facebooklooker.pages.dev URL: https://facebooklooker.pages.dev/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:310c::ac42:2f68 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ba67f5cbb26d1c913527475815f0c8d4c4519b092a7544f015cc021360240275 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://facebooklooker.pages.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 18:01:41 GMT referrer-policy strict-origin-when-cross-origin x-content-type-options nosniff nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "5da43181b40c17d4651b38d4432ba8ae" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XIjoZvIeOHU%2Bs1Pors42KEg9R6VFACtxCBlOKVaAL7DdpSZbCYtHGnQUy%2BjEFETO4M2C0qaBOcDAvnA7tZAO7jWrAHF17JeYeKTgj6uxSX5h%2Fd2O6IN1JGM%2BJsvxq1K45E6VGon3qoTUhYJ4MvI5ZRBzo5Dc88w%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif access-control-allow-origin * cache-control public, max-age=0, must-revalidate cf-ray 813887c08b511cc9-FRA alt-svc h3=":443"; ma=86400 content-length 45404
GET H3	200	Stunning-Blur-Image.jpg facebooklooker.pages.dev/img/	74 KB 75 KB	227ms 226ms	Image image/jpeg	2606:4700:310c::ac42:2f68 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://facebooklooker.pages.dev/img/Stunning-Blur-Image.jpg Requested by Host: facebooklooker.pages.dev URL: https://facebooklooker.pages.dev/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:310c::ac42:2f68 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 183b899f204ad33979ac729b9b3cde2dc3137b5c7ec0ddce4c18e0485bc46604 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://facebooklooker.pages.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 18:01:41 GMT referrer-policy strict-origin-when-cross-origin x-content-type-options nosniff nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "66db921071d16a2ff9a339d0d1761abe" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hq93l5LCDSr5RXzVSEZovI4rmWVYIKn3B3tTvCsgdwhUzpCFo0T3qkOk0c57nJ69JrdzAxf4zAmKU0t180UijQF4Xvr6N1dHV1WxQL383R6eJ4VvpUqGVnvuNZaUu3hidzDr%2BaH3fW2l8AKmcyfcB69sd3x7ecA%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg access-control-allow-origin * cache-control public, max-age=0, must-revalidate cf-ray 813887c08b551cc9-FRA alt-svc h3=":443"; ma=86400 content-length 75892
GET H3	200	ssascript.js Show response facebooklooker.pages.dev/js/	5 KB 2 KB	304ms 303ms	Script application/javascript	2606:4700:310c::ac42:2f68 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://facebooklooker.pages.dev/js/ssascript.js Requested by Host: facebooklooker.pages.dev URL: https://facebooklooker.pages.dev/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:310c::ac42:2f68 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 70cd8ca19102407caaa300e98f8ac1587d6967310863720e6618c2c2e60dcb85 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://facebooklooker.pages.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 18:01:41 GMT content-encoding br referrer-policy strict-origin-when-cross-origin x-content-type-options nosniff nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"cf3af9a0787fc8bd3b678179ff83c1c1" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HobFykl9CfVMqYZ%2FM00fI5%2FJXbY%2BBlPhkA0JKnRBDZTNyIVL4BTI%2Fc81tVRHf%2BaSlv5RGTp3FBm97VhO7AAArQwEyPESV5UFUWRhH05F%2BU%2F%2BUnsUwncnFSSaIK5a5iKWX8ULXp46n2QgIzOd5KTdoluuzwj1rnE%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript access-control-allow-origin * cache-control public, max-age=0, must-revalidate cf-ray 813887c08b561cc9-FRA alt-svc h3=":443"; ma=86400
GET H2	200	ak Show response appinstallcheck.com/ Frame 2440	57 KB 20 KB	140ms 140ms	Document text/html	23.22.126.183 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://appinstallcheck.com/ak Requested by Host: appinstallcheck.com URL: https://appinstallcheck.com/cp/js/81k3q Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.22.126.183 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-22-126-183.compute-1.amazonaws.com Software nginx / Resource Hash ac16cc291a71ac8782233603e5ddfe39ecf847d4bad12b442d1c497028c7a7a4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains X-Content-Type-Options DENY nosniff X-Xss-Protection 1; mode=block 1; mode=block Request headers Referer https://facebooklooker.pages.dev/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control no-cache, private content-encoding gzip content-type text/html; charset=UTF-8 date Mon, 09 Oct 2023 18:01:42 GMT server nginx strict-transport-security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains vary Accept-Encoding x-content-type-options DENY nosniff x-robots-tag none x-xss-protection 1; mode=block 1; mode=block
GET H2	200	EjPu396.png i.imgur.com/	3 KB 3 KB	128ms 41ms	Image image/png	146.75.120.193 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://i.imgur.com/EjPu396.png Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software cat factory 1.0 / Resource Hash 9463786261a387907ed51538e899bd31f84ebbdf03daa7e5da9d43cc46934998 Security Headers Name Value Strict-Transport-Security max-age=300 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://facebooklooker.pages.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 18:01:42 GMT strict-transport-security max-age=300 x-content-type-options nosniff x-amz-cf-pop IAD12-P2 age 2693290 x-amz-server-side-encryption AES256 x-cache Miss from cloudfront, HIT, HIT content-length 2746 x-served-by cache-iad-kcgs7200030-IAD, cache-fra-etou8220098-FRA last-modified Fri, 24 Feb 2023 14:08:12 GMT server cat factory 1.0 x-timer S1696874503.646179,VS0,VE2 etag "2247841ceefe02d60f299d8693381d2e" access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id zITblVDGTj2gDnbUuhfk5rCbuWgKvsuGVPUEC5nTns4Fu7KOAe9qQg== x-cache-hits 3084, 1
GET H2	200	rocket-loader.min.js Show response cdn.appinstallcheck.com/js/ak/ Frame 2440	12 KB 4 KB	135ms 42ms	Script application/javascript	2600:9000:214f:4800:f:ef4c:ed00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.appinstallcheck.com/js/ak/rocket-loader.min.js Requested by Host: appinstallcheck.com URL: https://appinstallcheck.com/ak Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:214f:4800:f:ef4c:ed00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142 Request headers accept-language de-DE,de;q=0.9 Referer https://appinstallcheck.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 07:39:08 GMT content-encoding br via 1.1 269bfdd288bfea5423a4e9e701777da6.cloudfront.net (CloudFront) last-modified Mon, 09 Oct 2023 07:30:03 GMT server AmazonS3 x-amz-cf-pop FRA53-C1 age 37355 etag W/"88a769d2fe35899fd45a332a0a032cc0" x-amz-server-side-encryption AES256 vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=2628000 x-amz-cf-id TyvkkSCKwIr3wxwyudrUnNI4PreAXev8as3Go9Tw_mrRaoUm6gnxrg== expires Mon, 09 Oct 2028 07:30:02 GMT
GET H2	200	loadArkose.js Show response cdn.appinstallcheck.com/js/ak/ Frame 2440	329 B 735 B	40ms 40ms	Script application/javascript	2600:9000:214f:4800:f:ef4c:ed00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.appinstallcheck.com/js/ak/loadArkose.js Requested by Host: appinstallcheck.com URL: https://appinstallcheck.com/ak Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:214f:4800:f:ef4c:ed00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash d48e0508062453ef4cd5e34037ead4b63789e382b64caf4c7022b63f2db2a60e Request headers accept-language de-DE,de;q=0.9 Referer https://appinstallcheck.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 07:39:09 GMT via 1.1 269bfdd288bfea5423a4e9e701777da6.cloudfront.net (CloudFront) last-modified Mon, 09 Oct 2023 07:30:03 GMT server AmazonS3 x-amz-cf-pop FRA53-C1 age 37354 etag "c495d30d91e868f09da14a4f7a0511be" x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-type application/javascript cache-control max-age=2628000 accept-ranges bytes content-length 329 x-amz-cf-id CPWWK5FtLoie2oFBJx2eksTVk6qKUO7np9CUygA8Tzhpmba_B8VpDA== expires Mon, 09 Oct 2028 07:30:02 GMT
GET H2	200	nr-spa-1.243.1.min.js Show response js-agent.newrelic.com/ Frame 2440	84 KB 28 KB	134ms 46ms	Script application/javascript	151.101.66.137 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js-agent.newrelic.com/nr-spa-1.243.1.min.js Requested by Host: appinstallcheck.com URL: https://appinstallcheck.com/ak Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.66.137 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash 9ef0edfb2eef055dfcde88261ee353ad4c59223c237baa7b0932b6e22e395605 Security Headers Name Value Strict-Transport-Security max-age=300 Request headers accept-language de-DE,de;q=0.9 Referer https://appinstallcheck.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers x-amz-version-id sPjzyZQA8au75jY5MmpZO1XwTkOpsQJb content-encoding br via 1.1 varnish date Mon, 09 Oct 2023 18:01:42 GMT strict-transport-security max-age=300 x-amz-request-id ETA3S7GGQ2KMB2G1 x-amz-server-side-encryption AES256 x-cache HIT cross-origin-resource-policy cross-origin content-length 28406 x-amz-id-2 7tRd7P91EUmlYBi4Jk1k5TTgT8lUQs1mOCmNX3Gd9SkW6z7FjbkABSRRTCscc7tzfmQbkRm1IC4= x-served-by cache-fra-eddf8230051-FRA last-modified Wed, 04 Oct 2023 19:55:57 GMT server AmazonS3 x-timer S1696874503.935050,VS0,VE0 etag "7bd279314c82935ec9edc75f99b190f9" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400 accept-ranges bytes x-cache-hits 15625
GET H2	200	funcaptcha.js Show response cdn.appinstallcheck.com/js/ak/ Frame 2440	228 KB 51 KB	52ms 52ms	Script application/javascript	2600:9000:214f:4800:f:ef4c:ed00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.appinstallcheck.com/js/ak/funcaptcha.js Requested by Host: appinstallcheck.com URL: https://appinstallcheck.com/ak Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:214f:4800:f:ef4c:ed00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 66e434c24b49bee7db942e9d0f3e6335d66f928a503a3c62fbd28ee9792d0666 Request headers accept-language de-DE,de;q=0.9 Referer https://appinstallcheck.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 07:39:09 GMT content-encoding br via 1.1 269bfdd288bfea5423a4e9e701777da6.cloudfront.net (CloudFront) last-modified Mon, 09 Oct 2023 07:30:03 GMT server AmazonS3 x-amz-cf-pop FRA53-C1 age 37354 etag W/"09d4bc6bcd756a5f2b0325cb5ff74689" x-amz-server-side-encryption AES256 vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=2628000 x-amz-cf-id M1AWmPCk0tuY_zWMRe8GOEQL6BYEWHAb5qP_05s6KGelGSqRnsciLA== expires Mon, 09 Oct 2028 07:30:02 GMT
GET H2	200	1 Show response stats.pusher.com/timeline/v2/jsonp/	0 75 B	366ms 116ms	Script application/javascript	52.2.21.120 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://stats.pusher.com/timeline/v2/jsonp/1?session=OTYwOTAyMTUx&bundle=MQ%3D%3D&key=NDk3MWRlMjY2NjZhNmZlZGU1MGE%3D&lib=anM%3D&version=NC40LjA%3D&cluster=dXMy&features=WyJ3cyJd&timeline=W3siaW5zdGFuY2VzIjoxLCJ0aW1lc3RhbXAiOjE2OTY4NzQ1MDI1MjJ9LHsic3RhdGUiOiJjb25uZWN0aW5nIiwidGltZXN0YW1wIjoxNjk2ODc0NTAyNTIyfSx7ImNpZCI6MSwidHJhbnNwb3J0Ijoid3NzIiwidGltZXN0YW1wIjoxNjk2ODc0NTAyNTIyfSx7ImNpZCI6MSwic3RhdGUiOiJpbml0aWFsaXplZCIsInRpbWVzdGFtcCI6MTY5Njg3NDUwMjUyM30seyJjaWQiOjEsInN0YXRlIjoiY29ubmVjdGluZyIsInRpbWVzdGFtcCI6MTY5Njg3NDUwMjUyM30seyJjaWQiOjEsInN0YXRlIjoib3BlbiIsInRpbWVzdGFtcCI6MTY5Njg3NDUwMjkxOX0seyJzdGF0ZSI6ImNvbm5lY3RlZCIsInBhcmFtcyI6eyJzb2NrZXRfaWQiOiI3MzI1NC4xNzkwODYifSwidGltZXN0YW1wIjoxNjk2ODc0NTAyOTIxfV0%3D Requested by Host: appinstallcheck.com URL: https://appinstallcheck.com/cp/js/81k3q Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.2.21.120 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-2-21-120.compute-1.amazonaws.com Software awselb/2.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://facebooklooker.pages.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 18:01:43 GMT server awselb/2.0 content-length 0 content-type application/javascript; charset=utf-8
POST H/1.1	200 OK	c25b69ac34 Show response bam.nr-data.net/1/ Frame 2440	40 B 409 B	638ms 487ms	XHR text/plain	162.247.243.29 FASTLY
General Check archive.org Show headers Download Go to Full URL https://bam.nr-data.net/1/c25b69ac34?a=735603990&v=1.243.1&to=ZgFQYktXWUMCWkVZDV9LcUNKQlhdTE1eXw5CSlNEUllEVQ%3D%3D&rst=504&ck=0&s=deacdb13ad4d72c1&ref=https://appinstallcheck.com/ak&af=err,xhr,stn,ins,spa&ap=21&be=141&fe=146&dc=143&at=SkZTFANNSk0%3D&perf=%7B%22timing%22:%7B%22of%22:1696874502537,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:1,%22rp%22:141,%22rpe%22:142,%22di%22:166,%22ds%22:284,%22de%22:284,%22dc%22:284,%22l%22:284,%22le%22:287%7D,%22navigation%22:%7B%7D%7D Requested by Host: appinstallcheck.com URL: https://appinstallcheck.com/ak Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.247.243.29 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash ed59ee4d04819c48c1bb60b3ef6928c621cd5cd86d7103957de3eebba9910b0d Request headers Referer https://appinstallcheck.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 content-type text/plain Response headers date Mon, 09 Oct 2023 18:01:43 GMT access-control-allow-methods GET, POST, PUT, HEAD, OPTIONS content-type text/plain access-control-allow-origin https://appinstallcheck.com access-control-allow-credentials true cross-origin-resource-policy cross-origin Connection keep-alive Content-Length 40 x-served-by cache-fra-eddf8230089-FRA
POST H/1.1	200 OK	c25b69ac34 Show response bam.nr-data.net/1/ Frame 2440	40 B 409 B	616ms 465ms	XHR text/plain	162.247.243.29 FASTLY
General Check archive.org Show headers Download Go to Full URL https://bam.nr-data.net/1/c25b69ac34?a=735603990&v=1.243.1&to=ZgFQYktXWUMCWkVZDV9LcUNKQlhdTE1eXw5CSlNEUllEVQ%3D%3D&rst=506&ck=0&s=deacdb13ad4d72c1&ref=https://appinstallcheck.com/ak&af=err,xhr,stn,ins,spa&ap=21&be=141&fe=146&dc=143&at=SkZTFANNSk0%3D&perf=%7B%22timing%22:%7B%22of%22:1696874502537,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:1,%22rp%22:141,%22rpe%22:142,%22di%22:166,%22ds%22:284,%22de%22:284,%22dc%22:284,%22l%22:284,%22le%22:287%7D,%22navigation%22:%7B%7D%7D Requested by Host: appinstallcheck.com URL: https://appinstallcheck.com/ak Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.247.243.29 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash ed59ee4d04819c48c1bb60b3ef6928c621cd5cd86d7103957de3eebba9910b0d Request headers Referer https://appinstallcheck.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 content-type text/plain Response headers date Mon, 09 Oct 2023 18:01:43 GMT access-control-allow-methods GET, POST, PUT, HEAD, OPTIONS content-type text/plain access-control-allow-origin https://appinstallcheck.com access-control-allow-credentials true cross-origin-resource-policy cross-origin Connection keep-alive Content-Length 40 x-served-by cache-fra-eddf8230135-FRA
OPTIONS H2	200	dump fps.webscrape.ai/api/ Frame	0 0	436ms 140ms	Preflight text/plain	165.227.188.220 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://fps.webscrape.ai/api/dump Protocol H2 Security TLS 1.3, , AES_128_GCM Server 165.227.188.220 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software uvicorn / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://appinstallcheck.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers content-type access-control-allow-methods DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT access-control-allow-origin https://appinstallcheck.com access-control-max-age 600 content-length 2 content-type text/plain; charset=utf-8 date Mon, 09 Oct 2023 18:01:42 GMT server uvicorn vary Origin
POST H2	200	dump Show response fps.webscrape.ai/api/ Frame 2440	31 B 96 B	642ms 642ms	XHR application/json	165.227.188.220 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://fps.webscrape.ai/api/dump Requested by Host: appinstallcheck.com URL: https://appinstallcheck.com/ak Protocol H2 Security TLS 1.3, , AES_128_GCM Server 165.227.188.220 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software uvicorn / Resource Hash 4f26537955b69aa4c0576b36dac1539f1a136dfa0c0d0fd5231217ba6ebb902e Request headers Referer https://appinstallcheck.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Content-Type application/json Response headers access-control-allow-origin * date Mon, 09 Oct 2023 18:01:43 GMT access-control-allow-credentials true server uvicorn content-length 31 content-type application/json

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| contentLoaded function| Pusher object| Echo function| jQuery function| $ function| Motio function| checkForConversions function| startConversionChecker

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			appinstallcheck.com/	1970-01-20 15:22:26	Name: XSRF-TOKEN Value: eyJpdiI6IldpL29VUG9YN3BEZWgyMnl5SWhoZFE9PSIsInZhbHVlIjoiNDJjb0k5LytNZTlzTmFhRmtlNUp3TVkrc0FCV0tmNmtMQ2M2U2l5Z1NvYU50WVpXR1BLczg5aHVvdFJlZkpoc00wYlE5MGIvdjZCU29UVlMrTzVCQ21QbVNJUVdCYmI5TWgvRm5pOUlwaWtkd1R5T1RNZE9td3lRUnphTWtsRGUiLCJtYWMiOiJlMzY5MTU4ZGNlNTBmNjQ0MDI1NmEzOWRjNjUxM2MxMDE5MTNiNGIyOTkzMWU4MjFlNzFmZDhmMjRlYzY3ODhjIiwidGFnIjoiIn0%3D
			appinstallcheck.com/	1970-01-20 15:22:26	Name: ogads_session Value: eyJpdiI6Ijc5M2dqZjdibFUyd09aN0Y5NTlqRFE9PSIsInZhbHVlIjoibHNQeERoV0hUelBMT2RYTnRJTWdZZ3laOExiYkFZWU4xSHA3RExNanM4VUZKNzgxeUY0QVZFVHc5ekwzcEhsT1B1VmwydlhxeFhMY3F5TVpGMmtpZmd2S1A2WW9RWkpzVjFkaFE4UFUrTVNyMHE0dmg4Ukt1M1JOK1ZqQktGTkwiLCJtYWMiOiI0NDI0ZGUwMGE5YmZiMzgzMWZjNzBjZTI2YjNkMGE0MWRkNTVkZDMzMWY4MDhlZjAwZWUyNzNmNzk2MGEwZDI5IiwidGFnIjoiIn0%3D

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://facebooklooker.pages.dev/(Line 34) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://appinstallcheck.com/cp/js/81k3q, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://facebooklooker.pages.dev/(Line 34) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://appinstallcheck.com/cp/js/81k3q, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
deprecation	warning	URL: https://appinstallcheck.com/cp/js/81k3q Message: The keyword 'push-button' specified to an 'appearance' property is not standardized. It will be removed in the future.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

appinstallcheck.com
bam.nr-data.net
cdn.appinstallcheck.com
facebooklooker.pages.dev
fps.webscrape.ai
i.imgur.com
js-agent.newrelic.com
stats.pusher.com
146.75.120.193
151.101.66.137
162.247.243.29
165.227.188.220
23.22.126.183
2600:9000:214f:4800:f:ef4c:ed00:93a1
2606:4700:310c::ac42:2f68
52.2.21.120
1471cc727502133d1eec36368a868ddd84019312c8586cc9d01b7a8ac23e39f0
183b899f204ad33979ac729b9b3cde2dc3137b5c7ec0ddce4c18e0485bc46604
1f1e2a3771bff92dd98580480fcbe3342742b99471be4f11a75246a2dbffc0f7
2c3048c178b597d009b9d0586fe1a6e788b8e835a80c0a2dbc7ca46f15e38303
44be5bdc2b34bd09f429e5e9e5b34d6177eae815c80f2b2013a3d1108387373d
4f26537955b69aa4c0576b36dac1539f1a136dfa0c0d0fd5231217ba6ebb902e
66e434c24b49bee7db942e9d0f3e6335d66f928a503a3c62fbd28ee9792d0666
70cd8ca19102407caaa300e98f8ac1587d6967310863720e6618c2c2e60dcb85
9463786261a387907ed51538e899bd31f84ebbdf03daa7e5da9d43cc46934998
9ef0edfb2eef055dfcde88261ee353ad4c59223c237baa7b0932b6e22e395605
ac16cc291a71ac8782233603e5ddfe39ecf847d4bad12b442d1c497028c7a7a4
ba67f5cbb26d1c913527475815f0c8d4c4519b092a7544f015cc021360240275
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d48e0508062453ef4cd5e34037ead4b63789e382b64caf4c7022b63f2db2a60e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed59ee4d04819c48c1bb60b3ef6928c621cd5cd86d7103957de3eebba9910b0d