2-em7.pages.dev Open in urlscan Pro
2606:4700:310c::ac42:2c9c  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response 2-em7.pages.dev/	10 KB 4 KB	64ms 33ms	Document text/html	2606:4700:310c::ac42:2c9c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2-em7.pages.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:310c::ac42:2c9c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3221ebe27840ac3d78d00a58dba3eaed0295d042bdb9de6abfc63e1fb3919454 Security Headers Name Value X-Content-Type-Options nosniff Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers access-control-allow-origin * alt-svc h3=":443"; ma=86400 cache-control public, max-age=0, must-revalidate cf-ray 81e82764a859e0a4-NRT content-encoding br content-type text/html; charset=utf-8 date Tue, 31 Oct 2023 01:34:08 GMT etag W/"2dd0ba56dac529bae5861b6f4c660e8c" nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} referrer-policy strict-origin-when-cross-origin report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RoZ52mgbSiOp8cswuV6wTl4SK5AfRnWXRDHnmlWrh50ELhG6DR%2B86reiGtFZYkCG3JfDpUgt41CUOjdp8Zxl9NWCgCgFg82Tyo%2FTLCWaLJkpEi9Y%2BAbk3RfhbTTnz5%2Fh9%2Fipoxlc%2FfPZoK7n1hw%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-content-type-options nosniff
GET H2	200	Adobe-logo.png 1000logos.net/wp-content/uploads/2021/04/	30 KB 30 KB	26ms 16ms	Image image/png	2606:4700:20::681a:9af CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://1000logos.net/wp-content/uploads/2021/04/Adobe-logo.png Requested by Host: 2-em7.pages.dev URL: https://2-em7.pages.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:9af , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 28aa18481ceb503773f948f8ceb77b1b88ce05689b5e0a6957af6bd5eb01eef3 Request headers accept-language jp-JP,jp;q=0.9 Referer https://2-em7.pages.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Tue, 31 Oct 2023 01:34:08 GMT cf-cache-status HIT last-modified Wed, 16 Feb 2022 14:08:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 5 etag "620d054e-769e" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lew2dHnp1%2Foon8Z3ZE1tmFK73bBV1Ys4tsocNNleqXz6Ousl3TTTHdqBOHYWNVksa8cFVAu4s4OZmOT2I9ALhn9%2BiBmGJ4%2BjkR3hRyS9G9cngARK5lzHdx4Up9PuWKth3cgL1w35gi%2BvVgI%3D"}],"group":"cf-nel","max_age":604800} content-type image/png accept-ranges bytes cf-ray 81e827651eae263b-NRT content-length 30366
GET H2	400	[[_domain]] logo.clearbit.com/	0 0	471ms 448ms	Image text/plain	143.204.86.8 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://logo.clearbit.com/[[_domain]] Requested by Host: 2-em7.pages.dev URL: https://2-em7.pages.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 143.204.86.8 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-86-8.nrt12.r.cloudfront.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language jp-JP,jp;q=0.9 Referer https://2-em7.pages.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers
GET H2	200	adobe-security-patch.png thehackernews.com/images/-8YcaVavNgEU/Xw3EDfS1gCI/AAAAAAAAAzE/f2He_zpi6YIe4ENJ0SbadyVr-O8fpXFHACLcBGAsYHQ/s728-rw-ft-e30/	17 KB 17 KB	42ms 31ms	Image image/webp	2606:4700:20::681a:396 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://thehackernews.com/images/-8YcaVavNgEU/Xw3EDfS1gCI/AAAAAAAAAzE/f2He_zpi6YIe4ENJ0SbadyVr-O8fpXFHACLcBGAsYHQ/s728-rw-ft-e30/adobe-security-patch.png Requested by Host: 2-em7.pages.dev URL: https://2-em7.pages.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:396 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash aea226bde2f8781b06557d8c42c67997d64f242e215c317ef7d791f2deebf078 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language jp-JP,jp;q=0.9 Referer https://2-em7.pages.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Tue, 31 Oct 2023 01:34:08 GMT strict-transport-security max-age=15552000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT age 5 content-disposition inline;filename="adobe-security-patch.webp" alt-svc h3=":443"; ma=86400 content-length 17242 cf-placement local-NRT x-xss-protection 0 server cloudflare etag "v332" vary Accept-Encoding content-type image/webp access-control-allow-origin * access-control-expose-headers Content-Length cache-control public, max-age=2592000, immutable, s-maxage=2592000 accept-ranges bytes cf-ray 81e827651d2c8145-NRT timing-allow-origin * expires Thu, 30 Nov 2023 01:34:03 GMT
GET H/1.1	200 OK	WEBMAILAPS-720x285.jpg somber-science.surge.sh/	19 KB 19 KB	361ms 143ms	Image image/jpeg	139.59.195.30 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://somber-science.surge.sh/WEBMAILAPS-720x285.jpg Requested by Host: 2-em7.pages.dev URL: https://2-em7.pages.dev/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 139.59.195.30 Singapore, Singapore, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Surge / Resource Hash 0d3dec82afd0b786a9937fab97fbb10d7444ba2b7c84992f38fdba0a354f04fa Request headers accept-language jp-JP,jp;q=0.9 Referer https://2-em7.pages.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Tue, 31 Oct 2023 01:34:08 GMT Surge-Stamp 27688::1698668572277-f7117535f25e95c4b038e6a4a8d85fec Server Surge Age 2990 ETag "0d3dec82afd0b786a9937fab97fbb10d7444ba2b7c84992f38fdba0a354f04fa" Content-Type image/jpeg Response-Time 1ms Cache-Control public, max-age=0, must-revalidate Connection close Accept-Ranges bytes Content-Length 19562 Surge-Cache HIT
GET H/1.1	200 OK	outlook.png possessive-ducks.surge.sh//	5 KB 5 KB	334ms 111ms	Image image/png	138.197.235.123 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://possessive-ducks.surge.sh//outlook.png Requested by Host: 2-em7.pages.dev URL: https://2-em7.pages.dev/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.197.235.123 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Surge / Resource Hash 6b1af85883b2ab64690488468bf9fb0699b82e0b8c3239129847e726bcd79c1b Request headers accept-language jp-JP,jp;q=0.9 Referer https://2-em7.pages.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Tue, 31 Oct 2023 01:34:08 GMT Surge-Stamp 24819::1698243513025-4901cfc069f5d64ec8d47550486cb420 Server Surge Age 467867 ETag "6b1af85883b2ab64690488468bf9fb0699b82e0b8c3239129847e726bcd79c1b" Content-Type image/png Response-Time 0ms Cache-Control public, max-age=0, must-revalidate Connection close Accept-Ranges bytes Content-Length 5104 Surge-Cache HIT
GET H/1.1	200 OK	netease_png.png possessive-ducks.surge.sh/	992 B 1 KB	334ms 112ms	Image image/png	138.197.235.123 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://possessive-ducks.surge.sh/netease_png.png Requested by Host: 2-em7.pages.dev URL: https://2-em7.pages.dev/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.197.235.123 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Surge / Resource Hash 821ed71ac4fb691c086ddb9e6453f3317c083413428f98271c2f52f3b170044b Request headers accept-language jp-JP,jp;q=0.9 Referer https://2-em7.pages.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Tue, 31 Oct 2023 01:34:08 GMT Surge-Stamp 18111::1698243513025-dd047422863fbf769906668bcb3c0ad9 Server Surge Age 467866 ETag "821ed71ac4fb691c086ddb9e6453f3317c083413428f98271c2f52f3b170044b" Content-Type image/png Response-Time 0ms Cache-Control public, max-age=0, must-revalidate Connection close Accept-Ranges bytes Content-Length 992 Surge-Cache HIT
GET H/1.1	200 OK	aol.jpg possessive-ducks.surge.sh/	36 KB 37 KB	447ms 222ms	Image image/jpeg	138.197.235.123 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://possessive-ducks.surge.sh/aol.jpg Requested by Host: 2-em7.pages.dev URL: https://2-em7.pages.dev/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.197.235.123 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Surge / Resource Hash 41e23888abf246fb2529e360179d8312cef0921fa0631136d332afbaee7992ad Request headers accept-language jp-JP,jp;q=0.9 Referer https://2-em7.pages.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Tue, 31 Oct 2023 01:34:08 GMT Surge-Stamp 18111::1698243513025-0ae6254cdb0e0bf52c6711319bb9deb6 Server Surge Age 467866 ETag "41e23888abf246fb2529e360179d8312cef0921fa0631136d332afbaee7992ad" Content-Type image/jpeg Response-Time 1ms Cache-Control public, max-age=0, must-revalidate Connection close Accept-Ranges bytes Content-Length 37211 Surge-Cache HIT
GET H2	200	005d93f25fcf357443b2278707b552c5.png i.gyazo.com/	327 KB 328 KB	397ms 388ms	Image image/png	2606:4700::6812:18a3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://i.gyazo.com/005d93f25fcf357443b2278707b552c5.png Requested by Host: 2-em7.pages.dev URL: https://2-em7.pages.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:18a3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bb38a385e0c0c4e5a538080726fc5578982a3540a16f07ffd2d779a598f79f0e Request headers accept-language jp-JP,jp;q=0.9 Referer https://2-em7.pages.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Tue, 31 Oct 2023 01:34:08 GMT via 1.1 google cf-cache-status MISS content-length 334662 server cloudflare etag "005d" vary Accept-Encoding content-type image/png access-control-allow-origin https://gyazo.com cache-control public, max-age=31536000 access-control-allow-credentials true content-dpr 1.000000 x-cache-level ZS accept-ranges bytes cf-ray 81e827651e90e07e-NRT expires Wed, 30 Oct 2024 01:34:08 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture string| m string| d function| cc function| cd function| step1 function| step2 function| se function| validate

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			i.gyazo.com/	1970-01-21 01:27:56	Name: Gyazo_cfwoker Value: i

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://logo.clearbit.com/[[_domain]] Message: Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1000logos.net
2-em7.pages.dev
i.gyazo.com
logo.clearbit.com
possessive-ducks.surge.sh
somber-science.surge.sh
thehackernews.com
138.197.235.123
139.59.195.30
143.204.86.8
2606:4700:20::681a:396
2606:4700:20::681a:9af
2606:4700:310c::ac42:2c9c
2606:4700::6812:18a3
0d3dec82afd0b786a9937fab97fbb10d7444ba2b7c84992f38fdba0a354f04fa
28aa18481ceb503773f948f8ceb77b1b88ce05689b5e0a6957af6bd5eb01eef3
3221ebe27840ac3d78d00a58dba3eaed0295d042bdb9de6abfc63e1fb3919454
41e23888abf246fb2529e360179d8312cef0921fa0631136d332afbaee7992ad
6b1af85883b2ab64690488468bf9fb0699b82e0b8c3239129847e726bcd79c1b
821ed71ac4fb691c086ddb9e6453f3317c083413428f98271c2f52f3b170044b
aea226bde2f8781b06557d8c42c67997d64f242e215c317ef7d791f2deebf078
bb38a385e0c0c4e5a538080726fc5578982a3540a16f07ffd2d779a598f79f0e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855