walletcsapi.pages.dev Open in urlscan Pro
172.66.47.11 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/phishing_feeds.html%25252525...
Effective URL:
https://walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/phishing_feeds.html%25252525...
Submission: On August 11 via api (August 11th 2024, 9:57:22 am UTC) from US — Scanned from US

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 12 HTTP transactions. The main IP is 172.66.47.11, located in United States and belongs to CLOUDFLARENET, US. The main domain is walletcsapi.pages.dev.
TLS certificate: Issued by WE1 on August 3rd 2024. Valid for: 3 months.

This is the only time walletcsapi.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Crypto (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
4	172.66.47.11 172.66.47.11	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.129.229 151.101.129.229	54113 (FASTLY) (FASTLY)
1	18.160.18.52 18.160.18.52	16509 (AMAZON-02) (AMAZON-02)
1 2	172.67.41.16 172.67.41.16	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	6

4 172.66.47.11 (United States)

ASN13335 (CLOUDFLARENET, US)

walletcsapi.pages.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.229 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.160.18.52 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-18-52.iad12.r.cloudfront.net

cdn.ethers.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.41.16 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cdn.tailwindcss.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	pages.dev walletcsapi.pages.dev	23 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 336	35 KB
2	tailwindcss.com 1 redirects cdn.tailwindcss.com — Cisco Umbrella Rank: 23119	110 KB
1	ethers.io cdn.ethers.io — Cisco Umbrella Rank: 289171	200 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 410	314 KB
12	5

	Domain	Requested by
4	walletcsapi.pages.dev	walletcsapi.pages.dev
3	cdnjs.cloudflare.com	walletcsapi.pages.dev
2	cdn.tailwindcss.com	1 redirects walletcsapi.pages.dev
1	cdn.ethers.io	walletcsapi.pages.dev
1	cdn.jsdelivr.net	walletcsapi.pages.dev
12	5

This site contains no links.

Subject Issuer	Validity	Valid
walletcsapi.pages.dev WE1	`2024-08-03` - `2024-11-01`	3 months	crt.sh
cdnjs.cloudflare.com WE1	`2024-07-31` - `2024-10-29`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
ethers.io Amazon RSA 2048 M03	`2023-09-30` - `2024-10-27`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/phishing_feeds.html%2525252525252C5-Aug-24%2525252525252CLow%252525252525252
Frame ID: 7A1B64CECE4E502F7504B0A96DF576DE
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WalletConnect

Page URL History Show full URLs

http://walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/phishing... HTTP 307
https://walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/phishing... Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

12
Requests

75 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

6
IPs

2
Countries

681 kB
Transfer

2462 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/phishing_feeds.html%2525252525252C5-Aug-24%2525252525252CLow%252525252525252 HTTP 307
https://walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/phishing_feeds.html%2525252525252C5-Aug-24%2525252525252CLow%252525252525252 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9

https://cdn.tailwindcss.com/ HTTP 302
https://cdn.tailwindcss.com/3.4.5

12 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request phishing_feeds.html%2525252525252C5-Aug-24%2525252525252CLow%252525252525252 Show response
walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/
Redirect Chain

http://walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/phishing_feeds.html%2525252525252C5-Aug-24%2525252525252CLow%252525252525252
https://walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/phishing_feeds.html%2525252525252C5-Aug-24%2525252525252CLow%252525252525252

6 KB
3 KB

455ms
67ms

Document
text/html

172.66.47.11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/phishing_feeds.html%2525252525252C5-Aug-24%2525252525252CLow%252525252525252

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.47.11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e32bba4b6e4d053e7420b629dfb762fbcf33ebf919aa307759952897a5e5f898

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, must-revalidate
cf-ray: 8b175c4ede768c87-EWR
content-encoding: br
content-type: text/html; charset=utf-8
date: Sun, 11 Aug 2024 09:57:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SZhUrW0jqS8%2FE9GhZYn3FmBxEMmxpniKF15aHaR5DOBWLdqHUjTYYnj1Fyq9QtBpIPHNL1yeMUR9IvpZrF9hx2mlG5ntmlKWmvPh8pl8bDH19G22HZmLC73CHY2Vm0cON%2Fi1PzKznqs%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/phishing_feeds.html%2525252525252C5-Aug-24%2525252525252CLow%252525252525252
Non-Authoritative-Reason: HSTS

GET class.css
walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/css/ 0
0

GET style.css
walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/css/ 0
0

GET
H2 200 aes.js Show response
cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/ 13 KB
4 KB 361ms
25ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/aes.js

Requested by

Host: walletcsapi.pages.dev
URL: https://walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/phishing_feeds.html%2525252525252C5-Aug-24%2525252525252CLow%252525252525252

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://walletcsapi.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 09:57:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 744299
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4256
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-3430"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4Y%2FQIePrXOdBJ38h9dkkip9W8Zm9LJy4V7Ld47dFeH%2BH5HI0AKgPK3kceVx89gP5WBlmyIZgGgOo%2BOcdijSdmDyNi0VLhNXv3Lewh%2BY6dWURD%2BNnq8pLL62dH%2FZmxyjfGWbPcjZi"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8b175c51aca441de-EWR
expires: Fri, 01 Aug 2025 09:57:17 GMT

GET
H2 200 pbkdf2.js Show response
cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/ 5 KB
3 KB 355ms
20ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/pbkdf2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f8034781ba252e676db2ada75cb3d98df874aa3747830223141fefbed71c906

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://walletcsapi.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 09:57:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 232412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 2051
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-1596"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e99spm8w8Qx%2FnY5lNCjoZES0%2ByRYWPv4nWduQoVuhpei6dIDp%2B8VuyJJucO7GfjDEDOQmtYimi4FUn5A6%2FGF%2FGGkSrXWNZg6z3e2n73L4BpqZsRcsKbu3ElNYb8arrKsYLoluB4g"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8b175c51aca941de-EWR
expires: Fri, 01 Aug 2025 09:57:17 GMT

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/ 88 KB
28 KB 358ms
22ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://walletcsapi.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 09:57:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1524981
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27990
last-modified: Fri, 26 Aug 2022 18:34:13 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "63091225-6d56"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=peh9VBKnmv0KiY%2FNhfCwynpjk%2FD6L%2FPBuRmWusAuNYRHyPiv7qzTS9zjNF2GpwE7Mz%2BSlz3K7wqBDkRlxp14DTcnqkct1rmcfV8ZIkO2ZSUkYv6WFOs0%2BwbdncYVxhvYezTUAYWW"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8b175c51acac41de-EWR
expires: Fri, 01 Aug 2025 09:57:17 GMT

GET
H2 200 web3.min.js Show response
cdn.jsdelivr.net/npm/web3@1.10.0/dist/ 1 MB
314 KB 341ms
9ms Script
application/javascript 151.101.129.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/web3@1.10.0/dist/web3.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8cdcd2aa68c68480d5180ca0cd64f190c7064fdecff596ea34042eba5ff181db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://walletcsapi.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sun, 11 Aug 2024 09:57:17 GMT
x-content-type-options: nosniff
content-encoding: br
age: 2859367
x-jsd-version: 1.10.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 320850
x-served-by: cache-fra-eddf8230114-FRA, cache-lga21977-LGA
x-jsd-version-type: version
etag: W/"12146e-oONT4AbBzjmMwosGXJ4nVPn21lU"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 ethers-5.2.umd.min.js Show response
cdn.ethers.io/lib/ 716 KB
200 KB 141ms
15ms Script
application/javascript 18.160.18.52
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ethers.io/lib/ethers-5.2.umd.min.js
Requested by: Host: walletcsapi.pages.dev
URL: https://walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/phishing_feeds.html%2525252525252C5-Aug-24%2525252525252CLow%252525252525252
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-18-52.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c2bcdc085e0557a379a6056c629be748d22a3c1dbe539a48ae02de7d69c95eff

Request headers

Referer: https://walletcsapi.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 10 Aug 2024 12:29:40 GMT
content-encoding: gzip
via: 1.1 a7a07e0b0db92670f70b5d65da05ed76.cloudfront.net (CloudFront)
x-amz-version-id: 3StspTE73ijjMFvXMjx4rHtfrweE9frC
last-modified: Thu, 20 May 2021 21:33:05 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P4
age: 77258
etag: W/"50ed955cf32ac8e4e1daa0fac8fcde98"
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-cf-id: nmxujQWvg2kZBVmNqi4hvYyKAwBsqquXVsXHXztd6GYjCiK5HeTR4g==

GET
H2 200 525f69d1-7f6b-4982-a2d6-a1cdb64afdc6.js Show response
walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/ 6 KB
3 KB 62ms
61ms Script
text/html 172.66.47.11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/525f69d1-7f6b-4982-a2d6-a1cdb64afdc6.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.47.11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e32bba4b6e4d053e7420b629dfb762fbcf33ebf919aa307759952897a5e5f898

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/phishing_feeds.html%2525252525252C5-Aug-24%2525252525252CLow%252525252525252
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 09:57:17 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hewbtfjQCqjv4CCvXRuuUJ3cEnX%2BXMXbZ8VgKyaAXk5E4tJwL0czVVqLLfUGf9sNjy3%2FFT2GrNGS2GLSygkuQs4Vux9kle%2F1EtyRgeUAK%2FLwlbMVulRGSDAFzE0FP9jsxxymkil0%2BVQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 8b175c4f9ee18c87-EWR
alt-svc: h3=":443"; ma=86400

GET
H2 200 index.js Show response
walletcsapi.pages.dev/scripts/ 4 KB
2 KB 16ms
15ms Script
text/html 172.66.47.11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://walletcsapi.pages.dev/scripts/index.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.47.11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ac31b8350a6a0530b084cb5688d1db34f6b0f7fca2019b225a137f8adc7d18c

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/phishing_feeds.html%2525252525252C5-Aug-24%2525252525252CLow%252525252525252
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 09:57:17 GMT
content-encoding: gzip
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LvEEFP0XuG21prGb0%2F5eSQYz%2BP7JaCv8eQp7L3NGDQfcnsS55TEfg0qZZGiMDKFH0LG9YlybgpW9qplSoQxLXwbb7rJki9A3F7GBpNtrKcfGG4VDeUqVA80rddexavnjg0Jrc4n7RJo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 8b175c4f9ee38c87-EWR

GET
H2

200

3.4.5 Show response
cdn.tailwindcss.com/
Redirect Chain

https://cdn.tailwindcss.com/
https://cdn.tailwindcss.com/3.4.5

358 KB
110 KB

15ms
15ms

Script
text/javascript

172.67.41.16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.tailwindcss.com/3.4.5

Requested by

Protocol

Server

172.67.41.16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f0570ef81afaa4194fa4ffe80fb291971f0ce27cecd0a1100fdcb4865703364

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://walletcsapi.pages.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 09:57:17 GMT
content-encoding: br
strict-transport-security: max-age=63072000
last-modified: Mon, 15 Jul 2024 15:34:05 GMT
x-vercel-id: cle1::iad1::rxrqj-1721057644624-6d3492af5914
cf-cache-status: HIT
age: 2312567
server: cloudflare
x-vercel-cache: MISS
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=31536000
cf-ray: 8b175c520eec1825-EWR

Redirect headers

date: Sun, 11 Aug 2024 09:57:17 GMT
strict-transport-security: max-age=63072000
cf-cache-status: HIT
x-vercel-id: cle1::iad1::6l5qr-1723369551085-2d1f5cfbaafc
server: cloudflare
age: 312
x-vercel-cache: MISS
vary: Accept-Encoding
location: /3.4.5
cache-control: max-age=14400
cf-ray: 8b175c51eee31825-EWR
content-length: 0

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8eee49e3d0f4e651f9f40adfd661861997715b99d5b88103ae44d248ca6b1751

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 favicon.ico
walletcsapi.pages.dev/ 107 KB
16 KB 32ms
32ms Other
image/x-icon 172.66.47.11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://walletcsapi.pages.dev/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.47.11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ee6b740b6e4c0fb4cdba492690ade325c9e0df8eadc33d7fbe9743a848d9fd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/phishing_feeds.html%2525252525252C5-Aug-24%2525252525252CLow%252525252525252
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 09:57:18 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"7a577eb7fd152c3924075417f27c4940"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TXrPVColMgb9I20aP3rq8GACg64gj1k%2F6qDPgCFVucExhdSvpEiLAlRH3S8pzaxkElM0ZR0aAOl5B1DyXZ3F457lxmSAwx5TCn%2FLA%2F7NKS1T%2BlKlmGSSEO%2Bn10RjphfcowmBh0lj3eE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 8b175c548b488c87-EWR
alt-svc: h3=":443"; ma=86400

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: walletcsapi.pages.dev
URL: https://walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/css/class.css

Domain: walletcsapi.pages.dev
URL: https://walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/css/style.css

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Crypto (Crypto Exchange)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/phishing_feeds.html%2525252525252C5-Aug-24%2525252525252CLow%252525252525252 Message: Refused to apply style from 'https://walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/css/style.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security	error	URL: https://walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/phishing_feeds.html%2525252525252C5-Aug-24%2525252525252CLow%252525252525252 Message: Refused to apply style from 'https://walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/css/class.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security	error	URL: https://walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/phishing_feeds.html%2525252525252C5-Aug-24%2525252525252CLow%252525252525252 Message: Refused to execute script from 'https://walletcsapi.pages.dev/%2525252525252CN/A%2525252525252Chttps%2525252525253A/openphish.com/525f69d1-7f6b-4982-a2d6-a1cdb64afdc6.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.ethers.io
cdn.jsdelivr.net
cdn.tailwindcss.com
cdnjs.cloudflare.com
walletcsapi.pages.dev
walletcsapi.pages.dev
104.17.24.14
151.101.129.229
172.66.47.11
172.67.41.16
18.160.18.52
2f0570ef81afaa4194fa4ffe80fb291971f0ce27cecd0a1100fdcb4865703364
3ac31b8350a6a0530b084cb5688d1db34f6b0f7fca2019b225a137f8adc7d18c
5ee6b740b6e4c0fb4cdba492690ade325c9e0df8eadc33d7fbe9743a848d9fd6
5f8034781ba252e676db2ada75cb3d98df874aa3747830223141fefbed71c906
8cdcd2aa68c68480d5180ca0cd64f190c7064fdecff596ea34042eba5ff181db
8eee49e3d0f4e651f9f40adfd661861997715b99d5b88103ae44d248ca6b1751
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
c2bcdc085e0557a379a6056c629be748d22a3c1dbe539a48ae02de7d69c95eff
e32bba4b6e4d053e7420b629dfb762fbcf33ebf919aa307759952897a5e5f898
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

walletcsapi.pages.dev Open in urlscan Pro 172.66.47.11 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

75 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

6 IPs

2 Countries

681 kBTransfer

2462 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

0 Cookies

3 Console Messages

Security Headers

Indicators

walletcsapi.pages.dev Open in urlscan Pro
172.66.47.11 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

75 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

6
IPs

2
Countries

681 kB
Transfer

2462 kB
Size

0
Cookies

12 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!