urlscan.io logo urlscan.io
SecurityTrails logo

demo.site4clientdemo.com Open in urlscan Pro
185.199.220.80  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://link.sbstck.com/redirect/45834840-3c14-4374-8f51-bbcadebab762?j=eyJ1IjoiNGRnZ2x2In0.IkG1h6SLHR3lrFyuSAoQTcZBzKZH...
Effective URL: https://demo.site4clientdemo.com/ok/validatecookies/login.php
Submission: On September 11 via manual from SG — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 5 countries across 6 domains to perform 12 HTTP transactions. The main IP is 185.199.220.80, located in United Kingdom and belongs to KRYSTAL, GB. The main domain is demo.site4clientdemo.com.
TLS certificate: Issued by R11 on August 7th 2024. Valid for: 3 months.
This is the only time demo.site4clientdemo.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 188.114.97.3 13335 (CLOUDFLAR...)
1 1 2606:4700::68... 13335 (CLOUDFLAR...)
1 1 103.53.40.62 394695 (PUBLIC-DO...)
9 185.199.220.80 12488 (KRYSTAL)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a04:4e42::649 54113 (FASTLY)
12 4
1    188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
link.sbstck.com
1    2606:4700::6812:4428 (United States)

ASN13335 (CLOUDFLARENET, US)
link.mail.beehiiv.com
1    103.53.40.62 (India)

ASN394695 (PUBLIC-DOMAIN-REGISTRY, US)
almaasalhaya.com
9    185.199.220.80 (United Kingdom)

ASN12488 (KRYSTAL, GB)
PTR: logan-lon.cloudhosting.uk
demo.site4clientdemo.com
1    2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
Apex Domain
Subdomains		 Transfer
9 site4clientdemo.com
demo.site4clientdemo.com
43 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 1211
30 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 641
84 KB
1 almaasalhaya.com
almaasalhaya.com
571 B
1 beehiiv.com
link.mail.beehiiv.com — Cisco Umbrella Rank: 93950
606 B
1 sbstck.com
link.sbstck.com
2 KB
12 6
Domain Requested by
9 demo.site4clientdemo.com link.sbstck.com
demo.site4clientdemo.com
1 code.jquery.com demo.site4clientdemo.com
1 ajax.googleapis.com demo.site4clientdemo.com
1 almaasalhaya.com 1 redirects
1 link.mail.beehiiv.com 1 redirects
1 link.sbstck.com
12 6

This site contains no links.

Subject Issuer Validity Valid
sbstck.com
WE1		 2024-08-17 -
2024-11-15		 3 months crt.sh
demo.site4clientdemo.com
R11		 2024-08-07 -
2024-11-05		 3 months crt.sh
upload.video.google.com
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
*.jquery.com
Sectigo ECC Domain Validation Secure Server CA		 2024-06-25 -
2025-06-25		 a year crt.sh

This page contains 1 frames:

Primary Page: https://demo.site4clientdemo.com/ok/validatecookies/login.php
Frame ID: EBCAF6D1DDE5FDA9DB44D2B707A2BDD1
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

WlNdVEVsyN1RYIMLn6EIH9d3mCJMh3de2HcBSqiU8QNh6

Page URL History Show full URLs

  1. https://link.sbstck.com/redirect/45834840-3c14-4374-8f51-bbcadebab762?j=eyJ1IjoiNGRnZ2x2In0.IkG1h6SL... Page URL
  2. https://link.mail.beehiiv.com/ss/c/u001.8wYt92wbli2kVl8G50DyoYIVTb3BmkKPOrEWLsM4Zr1_nrvUP69TvM285Rvx5XAyOp... HTTP 302
    https://almaasalhaya.com/?utm_source=davids-newsletter-7b2d25.beehiiv.com&utm_medium=newsletter&utm_c... HTTP 301
    https://demo.site4clientdemo.com/ok/validatecookies/?utm_source=davids-newsletter-7b2d25.beehiiv.com&utm_medi... Page URL
  3. https://demo.site4clientdemo.com/ok/validatecookies/login.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

4
IPs

5
Countries

159 kB
Transfer

517 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://link.sbstck.com/redirect/45834840-3c14-4374-8f51-bbcadebab762?j=eyJ1IjoiNGRnZ2x2In0.IkG1h6SLHR3lrFyuSAoQTcZBzKZHtH4uVLaC9IQ4Uu8 Page URL
  2. https://link.mail.beehiiv.com/ss/c/u001.8wYt92wbli2kVl8G50DyoYIVTb3BmkKPOrEWLsM4Zr1_nrvUP69TvM285Rvx5XAyOpDthQfKCm34ptnlLWfb3IOZVRkFr4-ccVJkVex7nxyQ2Ilps2HFUgpAl4fjavvVsC8vzWbNYaEfV776kNd5VAQ4DVgd2psoP5DSKNLnFR3fvFnH4-Y49AJDuUcWmWHm/49m/96edC1UvQ1enDiHqlpk45A/h6/h001.KbE0EpErFVWk-oqtffuD5xTBHnBHdr1d5dziV0Zf8bA?utm_source=substack&utm_medium=email HTTP 302
    https://almaasalhaya.com/?utm_source=davids-newsletter-7b2d25.beehiiv.com&utm_medium=newsletter&utm_campaign=weekly-newsletter889 HTTP 301
    https://demo.site4clientdemo.com/ok/validatecookies/?utm_source=davids-newsletter-7b2d25.beehiiv.com&utm_medium=newsletter&utm_campaign=weekly-newsletter889 Page URL
  3. https://demo.site4clientdemo.com/ok/validatecookies/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://link.mail.beehiiv.com/ss/c/u001.8wYt92wbli2kVl8G50DyoYIVTb3BmkKPOrEWLsM4Zr1_nrvUP69TvM285Rvx5XAyOpDthQfKCm34ptnlLWfb3IOZVRkFr4-ccVJkVex7nxyQ2Ilps2HFUgpAl4fjavvVsC8vzWbNYaEfV776kNd5VAQ4DVgd2psoP5DSKNLnFR3fvFnH4-Y49AJDuUcWmWHm/49m/96edC1UvQ1enDiHqlpk45A/h6/h001.KbE0EpErFVWk-oqtffuD5xTBHnBHdr1d5dziV0Zf8bA?utm_source=substack&utm_medium=email HTTP 302
  • https://almaasalhaya.com/?utm_source=davids-newsletter-7b2d25.beehiiv.com&utm_medium=newsletter&utm_campaign=weekly-newsletter889 HTTP 301
  • https://demo.site4clientdemo.com/ok/validatecookies/?utm_source=davids-newsletter-7b2d25.beehiiv.com&utm_medium=newsletter&utm_campaign=weekly-newsletter889

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
45834840-3c14-4374-8f51-bbcadebab762
link.sbstck.com/redirect/ 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://link.sbstck.com/redirect/45834840-3c14-4374-8f51-bbcadebab762?j=eyJ1IjoiNGRnZ2x2In0.IkG1h6SLHR3lrFyuSAoQTcZBzKZHtH4uVLaC9IQ4Uu8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options sameorigin

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
8c1382032b50d22f-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 11 Sep 2024 00:23:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qBGvrXJLjzCK0NJmzxuav1n3hZL%2FW5M4KPb4KjIvmjAHkH%2BfyZuXwb%2F3Np9QnMKj1YWjxxNX6Z2WtelfkvXHiySLho49l4hg18SY%2Fjj5N7gJeFhLAd1WHOW%2FEEYmHbI6%2BUM%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-cluster
substack
x-deploy
aceae4efbb
x-frame-options
sameorigin
x-powered-by
Express
x-robots-tag
noindex, noarchive, nofollow
x-served-by
Substack
x-service
web
/
demo.site4clientdemo.com/ok/validatecookies/
Redirect Chain
  • https://link.mail.beehiiv.com/ss/c/u001.8wYt92wbli2kVl8G50DyoYIVTb3BmkKPOrEWLsM4Zr1_nrvUP69TvM285Rvx5XAyOpDthQfKCm34ptnlLWfb3IOZVRkFr4-ccVJkVex7nxyQ2Ilps2HFUgpAl4fjavvVsC8vzWbNYaEfV776kNd5VAQ4DVgd2...
  • https://almaasalhaya.com/?utm_source=davids-newsletter-7b2d25.beehiiv.com&utm_medium=newsletter&utm_campaign=weekly-newsletter889
  • https://demo.site4clientdemo.com/ok/validatecookies/?utm_source=davids-newsletter-7b2d25.beehiiv.com&utm_medium=newsletter&utm_campaign=weekly-newsletter889
2 KB
870 B 		Document
General
Check archive.org
Download Go to
Full URL
https://demo.site4clientdemo.com/ok/validatecookies/?utm_source=davids-newsletter-7b2d25.beehiiv.com&utm_medium=newsletter&utm_campaign=weekly-newsletter889
Requested by
Host: link.sbstck.com
URL: https://link.sbstck.com/redirect/45834840-3c14-4374-8f51-bbcadebab762?j=eyJ1IjoiNGRnZ2x2In0.IkG1h6SLHR3lrFyuSAoQTcZBzKZHtH4uVLaC9IQ4Uu8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.220.80 , United Kingdom, ASN12488 (KRYSTAL, GB),
Reverse DNS
logan-lon.cloudhosting.uk
Software
LiteSpeed /
Resource Hash
13fe1fda5e53478506417a7653d68a99f4b92a67a6ba3a92968142e8ec2dc3be

Request headers

Referer
https://link.sbstck.com/redirect/45834840-3c14-4374-8f51-bbcadebab762?j=eyJ1IjoiNGRnZ2x2In0.IkG1h6SLHR3lrFyuSAoQTcZBzKZHtH4uVLaC9IQ4Uu8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
br
content-length
618
content-type
text/html; charset=UTF-8
date
Wed, 11 Sep 2024 00:23:27 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent

Redirect headers

content-length
372
content-type
text/html; charset=iso-8859-1
date
Wed, 11 Sep 2024 00:23:27 GMT
location
https://demo.site4clientdemo.com/ok/validatecookies/?utm_source=davids-newsletter-7b2d25.beehiiv.com&utm_medium=newsletter&utm_campaign=weekly-newsletter889
server
Apache
jquery.js
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ 		282 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.js
Requested by
Host: demo.site4clientdemo.com
URL: https://demo.site4clientdemo.com/ok/validatecookies/?utm_source=davids-newsletter-7b2d25.beehiiv.com&utm_medium=newsletter&utm_campaign=weekly-newsletter889
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1fe2bb5390a75e5d61e72c107cab528fc3c29a837d69aab7d200e1dbb5dcd239
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://demo.site4clientdemo.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 11:55:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
44849
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
85110
x-xss-protection
0
last-modified
Wed, 10 Mar 2021 14:28:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 10 Sep 2025 11:55:58 GMT
favicon.ico
demo.site4clientdemo.com/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://demo.site4clientdemo.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.220.80 , United Kingdom, ASN12488 (KRYSTAL, GB),
Reverse DNS
logan-lon.cloudhosting.uk
Software
LiteSpeed /
Resource Hash

Request headers

Referer
https://demo.site4clientdemo.com/ok/validatecookies/?utm_source=davids-newsletter-7b2d25.beehiiv.com&utm_medium=newsletter&utm_campaign=weekly-newsletter889
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 11 Sep 2024 00:23:28 GMT
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
server
LiteSpeed
content-length
1251
vary
User-Agent
content-type
text/html
Primary Request login.php
demo.site4clientdemo.com/ok/validatecookies/ 		30 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://demo.site4clientdemo.com/ok/validatecookies/login.php
Requested by
Host: demo.site4clientdemo.com
URL: https://demo.site4clientdemo.com/ok/validatecookies/?utm_source=davids-newsletter-7b2d25.beehiiv.com&utm_medium=newsletter&utm_campaign=weekly-newsletter889
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.220.80 , United Kingdom, ASN12488 (KRYSTAL, GB),
Reverse DNS
logan-lon.cloudhosting.uk
Software
LiteSpeed /
Resource Hash
8ea62194a73010960dd2c5b2bc86f7a386d307d617bba4c7943d0b79124aaf6d

Request headers

Referer
https://demo.site4clientdemo.com/ok/validatecookies/?utm_source=davids-newsletter-7b2d25.beehiiv.com&utm_medium=newsletter&utm_campaign=weekly-newsletter889
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-encoding
br
content-length
5766
content-type
text/html; charset=UTF-8
date
Wed, 11 Sep 2024 00:23:28 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent
style3.css
demo.site4clientdemo.com/ok/validatecookies/css/ 		91 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://demo.site4clientdemo.com/ok/validatecookies/css/style3.css
Requested by
Host: demo.site4clientdemo.com
URL: https://demo.site4clientdemo.com/ok/validatecookies/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.220.80 , United Kingdom, ASN12488 (KRYSTAL, GB),
Reverse DNS
logan-lon.cloudhosting.uk
Software
LiteSpeed /
Resource Hash
6bdc8c185127736e5944fdee2d4e291585742eecdc9305c9149491f4dc9782c3

Request headers

Referer
https://demo.site4clientdemo.com/ok/validatecookies/login.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 11 Sep 2024 00:23:28 GMT
content-encoding
br
last-modified
Mon, 03 Apr 2023 06:58:26 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
15552
expires
Wed, 18 Sep 2024 00:23:28 GMT
jquery-3.3.1.min.js
code.jquery.com/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.3.1.min.js
Requested by
Host: demo.site4clientdemo.com
URL: https://demo.site4clientdemo.com/ok/validatecookies/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

Referer
https://demo.site4clientdemo.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 11 Sep 2024 00:23:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
2141457
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
content-length
30288
x-served-by
cache-lga21927-LGA, cache-mad22057-MAD
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1726014208.276426,VS0,VE0
etag
W/"28feccc0-1538f"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
19344, 104295
lg.svg
demo.site4clientdemo.com/ok/validatecookies/imgs/ 		4 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://demo.site4clientdemo.com/ok/validatecookies/imgs/lg.svg?x=ee5c8d9fb6248c938fd0dc19370e90bd
Requested by
Host: demo.site4clientdemo.com
URL: https://demo.site4clientdemo.com/ok/validatecookies/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.220.80 , United Kingdom, ASN12488 (KRYSTAL, GB),
Reverse DNS
logan-lon.cloudhosting.uk
Software
LiteSpeed /
Resource Hash
d068bd0ee7b5054ac761e71dc8c43fb2fce8b1dfc5c88cfbe3367b543c3855ed

Request headers

Referer
https://demo.site4clientdemo.com/ok/validatecookies/login.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 11 Sep 2024 00:23:28 GMT
content-encoding
br
last-modified
Sun, 02 Apr 2023 18:26:04 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent
content-type
image/svg+xml
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
1398
expires
Wed, 18 Sep 2024 00:23:28 GMT
e.svg
demo.site4clientdemo.com/ok/validatecookies/imgs/ 		658 B
320 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://demo.site4clientdemo.com/ok/validatecookies/imgs/e.svg
Requested by
Host: demo.site4clientdemo.com
URL: https://demo.site4clientdemo.com/ok/validatecookies/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.220.80 , United Kingdom, ASN12488 (KRYSTAL, GB),
Reverse DNS
logan-lon.cloudhosting.uk
Software
LiteSpeed /
Resource Hash
e3b7b0a32ecb9fe05910712cadf5862ba2710d23357dfd427d6f29b6cb12fdd8

Request headers

Referer
https://demo.site4clientdemo.com/ok/validatecookies/login.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 11 Sep 2024 00:23:28 GMT
content-encoding
br
last-modified
Mon, 03 Apr 2023 07:13:12 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent
content-type
image/svg+xml
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
264
expires
Wed, 18 Sep 2024 00:23:28 GMT
sig-op.svg
demo.site4clientdemo.com/ok/validatecookies/imgs/ 		2 KB
880 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://demo.site4clientdemo.com/ok/validatecookies/imgs/sig-op.svg
Requested by
Host: demo.site4clientdemo.com
URL: https://demo.site4clientdemo.com/ok/validatecookies/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
185.199.220.80 , United Kingdom, ASN12488 (KRYSTAL, GB),
Reverse DNS
logan-lon.cloudhosting.uk
Software
LiteSpeed /
Resource Hash
09f62889f243b62bb80d2cd5a54b32e4e95c49e4cb0292ca8bf6ef18849872e3

Request headers

Referer
https://demo.site4clientdemo.com/ok/validatecookies/login.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 11 Sep 2024 00:23:28 GMT
content-encoding
br
last-modified
Sun, 02 Apr 2023 10:30:04 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent
content-type
image/svg+xml
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
586
expires
Wed, 18 Sep 2024 00:23:28 GMT
bg.svg
demo.site4clientdemo.com/ok/validatecookies/imgs/ 		3 KB
700 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://demo.site4clientdemo.com/ok/validatecookies/imgs/bg.svg
Requested by
Host: demo.site4clientdemo.com
URL: https://demo.site4clientdemo.com/ok/validatecookies/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
185.199.220.80 , United Kingdom, ASN12488 (KRYSTAL, GB),
Reverse DNS
logan-lon.cloudhosting.uk
Software
LiteSpeed /
Resource Hash
ab6f4a25d28385487044994ba47455445477b32730bddf55cd0796068418d20e

Request headers

Referer
https://demo.site4clientdemo.com/ok/validatecookies/login.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 11 Sep 2024 00:23:28 GMT
content-encoding
br
last-modified
Sun, 02 Apr 2023 19:36:00 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent
content-type
image/svg+xml
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
655
expires
Wed, 18 Sep 2024 00:23:28 GMT
fi.ico
demo.site4clientdemo.com/ok/validatecookies/imgs/ 		17 KB
17 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://demo.site4clientdemo.com/ok/validatecookies/imgs/fi.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
185.199.220.80 , United Kingdom, ASN12488 (KRYSTAL, GB),
Reverse DNS
logan-lon.cloudhosting.uk
Software
LiteSpeed /
Resource Hash
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Request headers

Referer
https://demo.site4clientdemo.com/ok/validatecookies/login.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 11 Sep 2024 00:23:28 GMT
last-modified
Wed, 25 Jan 2023 18:48:40 GMT
server
LiteSpeed
vary
User-Agent
content-type
image/x-icon
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
17174
expires
Wed, 18 Sep 2024 00:23:28 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery string| href string| url_string object| url string| dir function| goNext function| closeBox function| checkSubmit function| isEmail function| isfuderror function| isSuccess

7 Cookies

Domain/Path Name / Value
link.sbstck.com/ Name: AWSALBTG
Value: 8al+gqDoGyYQBsRCzG1p2oO/WLs+UTlLcARHu6y0ixcJljpUA/J+3eon5En43vNicNRnIqeYgTK6QGFJGdUPIF+UwkJEvp4OHvPTN48J9dQGnAZ/KQpvjQbUKqCZGXnX5SgW38fuCBfEZ47eGTWF/mjNR1y67gUV1jtHr7Rm8gLW
link.sbstck.com/ Name: AWSALBTGCORS
Value: 8al+gqDoGyYQBsRCzG1p2oO/WLs+UTlLcARHu6y0ixcJljpUA/J+3eon5En43vNicNRnIqeYgTK6QGFJGdUPIF+UwkJEvp4OHvPTN48J9dQGnAZ/KQpvjQbUKqCZGXnX5SgW38fuCBfEZ47eGTWF/mjNR1y67gUV1jtHr7Rm8gLW
.link.sbstck.com/ Name: cookie_storage_key
Value: 4f023b8b-d5ef-4b33-90f1-bb90c1420314
.link.sbstck.com/ Name: ajs_anonymous_id
Value: %22bd0cbf6a-e56a-4d0c-aa87-9c0a3ac55e82%22
.link.sbstck.com/ Name: visit_id
Value: %7B%22id%22%3A%22f5876f25-284e-4cb7-96e0-cbd1e467dac3%22%2C%22timestamp%22%3A%222024-09-11T00%3A23%3A13.474Z%22%7D
.link.sbstck.com/ Name: ab_testing_id
Value: %22or-f7068bf1-dff5-4f78-8a49-67553fc39f70%22
.beehiiv.com/ Name: __cf_bm
Value: 1IB.4LtKHflF8vxwSygaqAuGS1YBqXtkGTZlldi.Og8-1726014194-1.0.1.1-vTu2u7N.gxAhc_0ovNoXxR62L9YWewxdALspUZOy57m9whqKaXaiZCydtfmYepOIpjIxxpbDHg7guv_joSctig

3 Console Messages

Source Level URL
Text
network error URL: https://demo.site4clientdemo.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()
recommendation warning URL: https://demo.site4clientdemo.com/ok/validatecookies/login.php
Message:
[DOM] Found 2 elements with non-unique id #idBtn_Back: (More info: https://goo.gl/9p2vKq) %o %o
recommendation verbose URL: https://demo.site4clientdemo.com/ok/validatecookies/login.php
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000
X-Frame-Options sameorigin