urlscan.io logo urlscan.io
SecurityTrails logo

659276027437291ar-1ay.pages.dev Open in urlscan Pro
2606:4700:310c::ac42:2fb3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://659276027437291ar-1ay.pages.dev/
Effective URL: https://659276027437291ar-1ay.pages.dev/
Submission: On June 07 via manual from PT — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 10 HTTP transactions. The main IP is 2606:4700:310c::ac42:2fb3, located in United States and belongs to CLOUDFLARENET, US. The main domain is 659276027437291ar-1ay.pages.dev.
TLS certificate: Issued by GTS CA 1P5 on June 7th 2023. Valid for: 3 months.
This is the only time 659276027437291ar-1ay.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
7 2606:4700:310... 13335 (CLOUDFLAR...)
2 2a04:4e42:200... 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
10 3
Apex Domain
Subdomains		 Transfer
7 pages.dev
659276027437291ar-1ay.pages.dev
185 KB
2 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 377
54 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 422
31 KB
10 3
Domain Requested by
7 659276027437291ar-1ay.pages.dev 659276027437291ar-1ay.pages.dev
2 cdn.jsdelivr.net 659276027437291ar-1ay.pages.dev
1 ajax.googleapis.com 659276027437291ar-1ay.pages.dev
10 3

This site contains links to these domains. Also see Links.

Domain
isilinknysdisini.duckdns.org
Subject Issuer Validity Valid
659276027437291ar-1ay.pages.dev
GTS CA 1P5		 2023-06-07 -
2023-09-05		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2022 Q4		 2022-12-23 -
2024-01-24		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-05-19 -
2023-08-11		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://659276027437291ar-1ay.pages.dev/
Frame ID: 3E80F4D537A2DC4535F11224535B5017
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Page Help Support Team

Page URL History Show full URLs

  1. http://659276027437291ar-1ay.pages.dev/ HTTP 307
    https://659276027437291ar-1ay.pages.dev/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

10
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

270 kB
Transfer

1066 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://659276027437291ar-1ay.pages.dev/ HTTP 307
    https://659276027437291ar-1ay.pages.dev/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
659276027437291ar-1ay.pages.dev/
Redirect Chain
  • http://659276027437291ar-1ay.pages.dev/
  • https://659276027437291ar-1ay.pages.dev/
8 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://659276027437291ar-1ay.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:310c::ac42:2fb3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d172391fdcadde1606ff4cb88cf8b389f84b35c8913569b64e60baa8d72b8e56
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0, must-revalidate
cf-ray
7d39b57fd84b39d9-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 07 Jun 2023 14:50:42 GMT
etag
W/"e0ec0c0c36205335ebcbb0cd1eee7680"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b6C3%2BWY13LJ0atv6WflKqSc0HSCZN9IqfxfqcMXlJH%2FV2uHmnT4wore7Wgay6uUF5BOsKANiiSuUhepdDC%2BFWarOOkuCLj0UUNeh4xO88rPWQgsIrdbJ8zIhgkxX8lAZeY5dO2HuAccgUE%2FvkHuPG0eiZoDzut2UX%2Ft%2F0hqA"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://659276027437291ar-1ay.pages.dev/
Non-Authoritative-Reason
HSTS
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/css/ 		189 KB
30 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/css/bootstrap.min.css
Requested by
Host: 659276027437291ar-1ay.pages.dev
URL: https://659276027437291ar-1ay.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
fb1763b59f9f5764294b5af9fa5250835ae608282fe6f2f2213a5952aacf1fbf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://659276027437291ar-1ay.pages.dev/
Origin
https://659276027437291ar-1ay.pages.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 07 Jun 2023 14:50:42 GMT
x-content-type-options
nosniff
content-encoding
br
age
52055
x-jsd-version
5.2.0-beta1
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
30281
x-served-by
cache-fra-eddf8230097-FRA
x-jsd-version-type
version
etag
W/"2f3f9-YnOsGiPXmhIvAi9qh8W3XCz6/Do"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
3.css
659276027437291ar-1ay.pages.dev/citutbesar87/ 		52 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://659276027437291ar-1ay.pages.dev/citutbesar87/3.css
Requested by
Host: 659276027437291ar-1ay.pages.dev
URL: https://659276027437291ar-1ay.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:310c::ac42:2fb3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d79aaf3f68954b2ff64615055ddd7d35bc415fb8f36c1e3702316de1cf90c512
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://659276027437291ar-1ay.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 14:50:42 GMT
content-encoding
br
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1f3f4a99a9e1db2e6dede173e8b8cc6f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yhfBVXLMAZbFAxlVHVrzdz%2FLmWJdrF2RM%2FPrIE1OCy%2FFqQprjo6E0k9M1Moh4UoWy%2B8bhblIxky1viNtIg9ATs7zXwNcM%2FUS8k8WQwWpOokvkd694cusCusxEtzyTypOsKgQkrNUmtz36fTKuxHfBoRf8ikXydYNoqLdFLcq"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
7d39b580189739d9-FRA
alt-svc
h3=":443"; ma=86400
2.css
659276027437291ar-1ay.pages.dev/citutbesar87/ 		620 KB
146 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://659276027437291ar-1ay.pages.dev/citutbesar87/2.css
Requested by
Host: 659276027437291ar-1ay.pages.dev
URL: https://659276027437291ar-1ay.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:310c::ac42:2fb3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70e82b9c91dab7f2b599dc205d0bbcad1dcf51bd656f14ff3165c8a3997fe645
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://659276027437291ar-1ay.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 14:50:42 GMT
content-encoding
br
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"07652fb11de9ab1c505ae3c17de275aa"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TWA%2FQw8pPEgrPfaC2lhn452fLLS4zy558W%2FgY79vcWu2RHfMkLvyzO5TYHG0ibqhpfAL8ySb%2Bc6BgV1tPedg6O7INeXVS7DOUQ0ruDcEHxdCRHL0QjGmQa7gCs3gOV1UViatrKDNIn7hMauQYn8yoZWmeIfDt4mVB5THKM09"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
7d39b580189939d9-FRA
alt-svc
h3=":443"; ma=86400
1.css
659276027437291ar-1ay.pages.dev/citutbesar87/ 		963 B
776 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://659276027437291ar-1ay.pages.dev/citutbesar87/1.css
Requested by
Host: 659276027437291ar-1ay.pages.dev
URL: https://659276027437291ar-1ay.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:310c::ac42:2fb3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fdc117056d902a3eb647b96b0e4a2146cf857f8526f7ee9fa389e4ac3832f7f0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://659276027437291ar-1ay.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 14:50:42 GMT
content-encoding
br
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"2d0acec188512125ec3c91bc5e22339f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JVbgAE%2FeQ5Tmyb95s9FmnG1j%2FPogmt%2FRvYJ9CJcF8e1m50Mk4TzOpGp%2FaHicDmlBBaKMTquH2j0E2G2ysYAqbCwBnZydbLZti4jKZ0p%2BUo5sOqTSnen68hbklY8hf%2FODEb9x0RGJ5yXAdRnPveNv%2BPdfBXW%2FbXKMuqoXpWDe"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
7d39b580189a39d9-FRA
alt-svc
h3=":443"; ma=86400
intro.png
659276027437291ar-1ay.pages.dev/citutbesar87/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://659276027437291ar-1ay.pages.dev/citutbesar87/intro.png
Requested by
Host: 659276027437291ar-1ay.pages.dev
URL: https://659276027437291ar-1ay.pages.dev/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:310c::ac42:2fb3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9fc2fe17fa35dc50cbac42366d82e564d0a6e29a6b18f966ba78641b92850514
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://659276027437291ar-1ay.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 14:50:42 GMT
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"7d04217601f68f4e0b4555b48ced9db3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ATCHyxSvKNB0RIiox7kjoSsvwOvFaRdePrZ25EtdOTaud%2F1tdmu6DfKa8dq80xwMewmeijBM9AOenoL3UrzZWXbxO%2FekIBMLMDraAXYMwsbSVdJB8og2mn71Xq0PbD1K0ZKGoOHwGJe2mzzk%2B%2BtVCcBuCzocJ7aRlAwViMFy"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
7d39b5809e163a7c-FRA
alt-svc
h3=":443"; ma=86400
content-length
2987
Locked.png
659276027437291ar-1ay.pages.dev/citutbesar87/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://659276027437291ar-1ay.pages.dev/citutbesar87/Locked.png
Requested by
Host: 659276027437291ar-1ay.pages.dev
URL: https://659276027437291ar-1ay.pages.dev/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:310c::ac42:2fb3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b1f89c63b9a87f0a0b2737a0789cf18c8b3786302e2c7dd56fa1d2ebc7bfde2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://659276027437291ar-1ay.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 14:50:42 GMT
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"374c0f7e59bf6d91c489aaf25aa6ba1d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VskpfakAkZoLp7YNeR7mhjYlXngR8mNlTIiXmVOl34T0XH5%2Fgfp6Vf9jVRGX842ynbFzknmKbBI%2B8QWa9v%2B4ruEaSq5q%2BFTat6sFVZRviBoxkXWclkqOYVb3KlTC7FdNFrYKEGEVaRLzLVmiPLT142orpPAu87mj606z9WtN"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
7d39b5809e173a7c-FRA
alt-svc
h3=":443"; ma=86400
content-length
20176
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/js/ 		78 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/js/bootstrap.bundle.min.js
Requested by
Host: 659276027437291ar-1ay.pages.dev
URL: https://659276027437291ar-1ay.pages.dev/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2515e37eee31f5ef3d659b21dcc84dc6ea732b06872da51078b5b526de34c0c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://659276027437291ar-1ay.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 07 Jun 2023 14:50:42 GMT
x-content-type-options
nosniff
content-encoding
br
age
4982449
x-jsd-version
5.2.0-beta1
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
24445
x-served-by
cache-fra-eddf8230099-FRA
x-jsd-version-type
version
etag
W/"1377e-a0uYWpCr16scLjX/O4dNB8+EEO4"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
Requested by
Host: 659276027437291ar-1ay.pages.dev
URL: https://659276027437291ar-1ay.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://659276027437291ar-1ay.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 08:00:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
24622
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31017
x-xss-protection
0
last-modified
Wed, 10 Mar 2021 14:28:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 06 Jun 2024 08:00:20 GMT
popup.js
659276027437291ar-1ay.pages.dev/citutbesar87/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://659276027437291ar-1ay.pages.dev/citutbesar87/popup.js
Requested by
Host: 659276027437291ar-1ay.pages.dev
URL: https://659276027437291ar-1ay.pages.dev/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:310c::ac42:2fb3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d172391fdcadde1606ff4cb88cf8b389f84b35c8913569b64e60baa8d72b8e56
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://659276027437291ar-1ay.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 14:50:42 GMT
content-encoding
br
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"e0ec0c0c36205335ebcbb0cd1eee7680"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M%2Ft1K69HBo0CbXJ99xORk5Z%2FWBuCzmvGloQz0eww8qlTchp5z013lfn8SkFrCVKh18jTUfyuy%2F6fxtDWwoC4aUldBP8zpXDVNYT3lCFmMSwrL2uMBG2S5LwPbXlUWOFPXGR1K9QdlrW88CAMmGjPr8vgmNUpEoQuj0zBRbn9"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
7d39b5809e143a7c-FRA
alt-svc
h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend function| mousedwn string| tanggallengkap object| namahari object| namabulan object| tgl number| hari number| tanggal number| bulan number| tahun number| uidEvent object| bootstrap function| $ function| jQuery

0 Cookies

1 Console Messages

Source Level URL
Text
security error URL: https://659276027437291ar-1ay.pages.dev/
Message:
Refused to execute script from 'https://659276027437291ar-1ay.pages.dev/citutbesar87/popup.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff