majbuiwlmfry.pages.dev
Open in
urlscan Pro
172.66.47.176
Malicious Activity!
Public Scan
Effective URL: https://majbuiwlmfry.pages.dev/Wi0n0ErrAbh000New72/
Submission Tags: @ecarlesi threat scam Search All
Submission: On July 31 via api from IT — Scanned from IT
Summary
TLS certificate: Issued by WE1 on July 31st 2024. Valid for: 3 months.
This is the only time majbuiwlmfry.pages.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Tech Support Scam (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 2606:4700:310... 2606:4700:310c::ac42:2c50 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
17 | 172.66.47.176 172.66.47.176 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:803::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 188.114.96.3 188.114.96.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
20 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
pages.dev
1 redirects
majbuiwlmfry.pages.dev |
1 MB |
1 |
userstatics.com
userstatics.com — Cisco Umbrella Rank: 303208 |
661 B |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 110 |
811 B |
20 | 3 |
Domain | Requested by | |
---|---|---|
19 | majbuiwlmfry.pages.dev |
1 redirects
majbuiwlmfry.pages.dev
|
1 | userstatics.com |
majbuiwlmfry.pages.dev
|
1 | fonts.googleapis.com |
majbuiwlmfry.pages.dev
|
20 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
majbuiwlmfry.pages.dev WE1 |
2024-07-31 - 2024-10-29 |
3 months | crt.sh |
upload.video.google.com WR2 |
2024-07-30 - 2024-10-22 |
3 months | crt.sh |
userstatics.com WE1 |
2024-07-24 - 2024-10-22 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://majbuiwlmfry.pages.dev/Wi0n0ErrAbh000New72/
Frame ID: 73381E715599A0D26FCCC6F89873EC87
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
Security Require ActionPage URL History Show full URLs
- https://majbuiwlmfry.pages.dev/ Page URL
-
https://majbuiwlmfry.pages.dev/Wi0n0ErrAbh000New72/index.html
HTTP 308
https://majbuiwlmfry.pages.dev/Wi0n0ErrAbh000New72/ Page URL
Detected technologies
Google Font API (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://majbuiwlmfry.pages.dev/ Page URL
-
https://majbuiwlmfry.pages.dev/Wi0n0ErrAbh000New72/index.html
HTTP 308
https://majbuiwlmfry.pages.dev/Wi0n0ErrAbh000New72/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
majbuiwlmfry.pages.dev/ |
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
/
majbuiwlmfry.pages.dev/Wi0n0ErrAbh000New72/ Redirect Chain
|
16 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pstyle.css
majbuiwlmfry.pages.dev/Wi0n0ErrAbh000New72/css/ |
15 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
windows_11_logo_by_rejaneappel_dfpbq6p-fullview.png
majbuiwlmfry.pages.dev/Wi0n0ErrAbh000New72/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
wall.png
majbuiwlmfry.pages.dev/Wi0n0ErrAbh000New72/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
631 B 811 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pscript.js
majbuiwlmfry.pages.dev/Wi0n0ErrAbh000New72/js/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
script1.js
majbuiwlmfry.pages.dev/Wi0n0ErrAbh000New72/js/ |
515 B 709 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
script2.js
majbuiwlmfry.pages.dev/Wi0n0ErrAbh000New72/js/ |
1 KB 922 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
script3.js
majbuiwlmfry.pages.dev/Wi0n0ErrAbh000New72/js/ |
334 B 608 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery-3.2.1.min.js
majbuiwlmfry.pages.dev/Wi0n0ErrAbh000New72/js/ |
85 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
5f205bb74a5eb_v.css
majbuiwlmfry.pages.dev/Wi0n0ErrAbh000New72/css/ |
215 B 678 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
froala_style.min.css
majbuiwlmfry.pages.dev/Wi0n0ErrAbh000New72/css/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
5f205bb63ccd2_v.css
majbuiwlmfry.pages.dev/Wi0n0ErrAbh000New72/css/ |
215 B 664 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
5f205bc497791_v.css
majbuiwlmfry.pages.dev/Wi0n0ErrAbh000New72/css/ |
215 B 671 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
website2.png
majbuiwlmfry.pages.dev/Wi0n0ErrAbh000New72/images/ |
111 KB 111 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Pop.png
majbuiwlmfry.pages.dev/Wi0n0ErrAbh000New72/images/ |
12 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
audio1.wav
majbuiwlmfry.pages.dev/Wi0n0ErrAbh000New72/media/ |
1 MB 1 MB |
Media
audio/wav |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
windows_11_logo_by_rejaneappel_dfpbq6p-fullview.png
majbuiwlmfry.pages.dev/Wi0n0ErrAbh000New72/images/ |
1 KB 418 B |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
script.js
userstatics.com/get/ |
133 B 661 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Tech Support Scam (Consumer)26 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| showBlueDescriptionPopupWithDelay function| showerrorTelecast function| closeFirstPopup function| changeBackground function| showDisclaimerPopup function| cancelFirstPopup function| okFirstPopup function| simulateF11Key function| showBlueDescriptionPopup function| showSecondPopup function| showSupportNotificationWithDelay function| hideSecondPopup function| showKeyCodePopup function| submitKeyCode function| closeSecondPopup function| getRandomSupportResponse function| handleSuggestion function| getSupportResponse number| isNS function| mischandler function| mousehandler number| e function| $ function| jQuery function| myFunction function| addEvent1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
majbuiwlmfry.pages.dev/Wi0n0ErrAbh000New72 | Name: PHPREFS Value: full |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
majbuiwlmfry.pages.dev
userstatics.com
172.66.47.176
188.114.96.3
2606:4700:310c::ac42:2c50
2a00:1450:4001:803::200a
1cfc73a6db9523c12b6b7f5d009bed19c8799eed001f607bd891a1fd838b7739
2cf70b50931cbdf7d28545f7da162983cf5a4bdb7fbaa08f02087fc725a4c9e0
3a1a373579863f216f833865df4c6e002560599bf2a52f9cbff1663758fcb743
4ef01e4af70d28c3a12c54ed17c9ca0b8d1a5b39b42dde46ce7206000f947edf
61c5d3e5e4f718568768d5e274cb2ddd90d5877f4260c139b067ed9d67781ded
650f55598e1607e8369abad5a79e72852a3043dafc19f4be5e69801a9da13ae9
8014a26da533388083c1aba430334ab7862e6ae61c48b2fa4520594359053372
948b1331677d0f9991d50376bfba436033c5a9cc5919cf9f74c03424b6f3e342
b2e3bab239ceeccef12af09a16dad170ced312a26e918b8b6ee808e150dc598f
b4aebe935b69b0e1728874c3a71f9a341b102fafb9ba87c338599cb36eb75e22
ba2a8e0e05fd4b666e404981470fc5bc59b2d9654b1c025a339e3cefdac6308c
ba7d154e5ef77906946f6ae267c919a96df47cf7abbb1f7f4fb36a434493ee65
bcec506234a4c754757c32ce0858889f0aa998d565299c2341a748dc19475ae8
bde6a5369760d9427c6d72a624f3087740cfbe00cb421f381cff78733d0fe52e
caf426458eae5d386a33752b566355131e3811524fcbac3fd88b7f6f7a936b2e
df9690fea031319de38a437cb6d393026c4aae70642ed394c4254ed64f035b26
ee4bc5fe81fa7c1e8497d79c9c8a96485df217092d334e9b48fa8840fed11d03
eeea3053ace1602a6f2582bcccb90fac1191ecce1c49a0370bef53299a7b44a6