659276027437291ar-1ay.pages.dev
Open in
urlscan Pro
2606:4700:310c::ac42:2fb3
Malicious Activity!
Public Scan
Effective URL: https://659276027437291ar-1ay.pages.dev/
Submission: On June 07 via manual from PT — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on June 7th 2023. Valid for: 3 months.
This is the only time 659276027437291ar-1ay.pages.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 2606:4700:310... 2606:4700:310c::ac42:2fb3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a04:4e42:200... 2a04:4e42:200::485 | 54113 (FASTLY) (FASTLY) | |
1 | 2a00:1450:400... 2a00:1450:4001:80b::200a | 15169 (GOOGLE) (GOOGLE) | |
10 | 3 |
ASN13335 (CLOUDFLARENET, US)
659276027437291ar-1ay.pages.dev |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
pages.dev
659276027437291ar-1ay.pages.dev |
185 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 377 |
54 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 422 |
31 KB |
10 | 3 |
Domain | Requested by | |
---|---|---|
7 | 659276027437291ar-1ay.pages.dev |
659276027437291ar-1ay.pages.dev
|
2 | cdn.jsdelivr.net |
659276027437291ar-1ay.pages.dev
|
1 | ajax.googleapis.com |
659276027437291ar-1ay.pages.dev
|
10 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
isilinknysdisini.duckdns.org |
Subject Issuer | Validity | Valid | |
---|---|---|---|
659276027437291ar-1ay.pages.dev GTS CA 1P5 |
2023-06-07 - 2023-09-05 |
3 months | crt.sh |
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4 |
2022-12-23 - 2024-01-24 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-05-19 - 2023-08-11 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://659276027437291ar-1ay.pages.dev/
Frame ID: 3E80F4D537A2DC4535F11224535B5017
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
Page Help Support TeamPage URL History Show full URLs
-
http://659276027437291ar-1ay.pages.dev/
HTTP 307
https://659276027437291ar-1ay.pages.dev/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: VERIFY ACCOUNT
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://659276027437291ar-1ay.pages.dev/
HTTP 307
https://659276027437291ar-1ay.pages.dev/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
659276027437291ar-1ay.pages.dev/ Redirect Chain
|
8 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/css/ |
189 KB 30 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3.css
659276027437291ar-1ay.pages.dev/citutbesar87/ |
52 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.css
659276027437291ar-1ay.pages.dev/citutbesar87/ |
620 KB 146 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1.css
659276027437291ar-1ay.pages.dev/citutbesar87/ |
963 B 776 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
intro.png
659276027437291ar-1ay.pages.dev/citutbesar87/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Locked.png
659276027437291ar-1ay.pages.dev/citutbesar87/ |
20 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/js/ |
78 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
popup.js
659276027437291ar-1ay.pages.dev/citutbesar87/ |
8 KB 4 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend function| mousedwn string| tanggallengkap object| namahari object| namabulan object| tgl number| hari number| tanggal number| bulan number| tahun number| uidEvent object| bootstrap function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
659276027437291ar-1ay.pages.dev
ajax.googleapis.com
cdn.jsdelivr.net
2606:4700:310c::ac42:2fb3
2a00:1450:4001:80b::200a
2a04:4e42:200::485
2515e37eee31f5ef3d659b21dcc84dc6ea732b06872da51078b5b526de34c0c1
5b1f89c63b9a87f0a0b2737a0789cf18c8b3786302e2c7dd56fa1d2ebc7bfde2
70e82b9c91dab7f2b599dc205d0bbcad1dcf51bd656f14ff3165c8a3997fe645
9fc2fe17fa35dc50cbac42366d82e564d0a6e29a6b18f966ba78641b92850514
d172391fdcadde1606ff4cb88cf8b389f84b35c8913569b64e60baa8d72b8e56
d79aaf3f68954b2ff64615055ddd7d35bc415fb8f36c1e3702316de1cf90c512
fb1763b59f9f5764294b5af9fa5250835ae608282fe6f2f2213a5952aacf1fbf
fdc117056d902a3eb647b96b0e4a2146cf857f8526f7ee9fa389e4ac3832f7f0
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e