urlscan.io logo urlscan.io
SecurityTrails logo

24903674pj.pages.dev Open in urlscan Pro
2606:4700:310c::ac42:2fa9  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://24903674pj.pages.dev/
Effective URL: https://24903674pj.pages.dev/
Submission: On June 07 via manual from PT — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 4 HTTP transactions. The main IP is 2606:4700:310c::ac42:2fa9, located in United States and belongs to CLOUDFLARENET, US. The main domain is 24903674pj.pages.dev.
TLS certificate: Issued by GTS CA 1P5 on June 7th 2023. Valid for: 3 months.
This is the only time 24903674pj.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
2 2606:4700:310... 13335 (CLOUDFLAR...)
1 2a04:4e42:200... 54113 (FASTLY)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 3
Apex Domain
Subdomains		 Transfer
2 pages.dev
24903674pj.pages.dev
30 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 263
28 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 377
25 KB
4 3
Domain Requested by
2 24903674pj.pages.dev 24903674pj.pages.dev
1 cdnjs.cloudflare.com 24903674pj.pages.dev
1 cdn.jsdelivr.net 24903674pj.pages.dev
4 3

This site contains no links.

Subject Issuer Validity Valid
24903674pj.pages.dev
GTS CA 1P5		 2023-06-07 -
2023-09-05		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2022 Q4		 2022-12-23 -
2024-01-24		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-08-03 -
2023-08-02		 a year crt.sh

This page contains 1 frames:

Primary Page: https://24903674pj.pages.dev/
Frame ID: 784290019BC9D8653416F1C578F5DD67
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

page will be suspended

Page URL History Show full URLs

  1. http://24903674pj.pages.dev/ HTTP 307
    https://24903674pj.pages.dev/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

4
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

83 kB
Transfer

271 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://24903674pj.pages.dev/ HTTP 307
    https://24903674pj.pages.dev/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
24903674pj.pages.dev/
Redirect Chain
  • http://24903674pj.pages.dev/
  • https://24903674pj.pages.dev/
5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://24903674pj.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:310c::ac42:2fa9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
da3bb2befac55e1ed079454919ea4385a0c61483ff329ec48f5cff0757bda53b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0, must-revalidate
cf-ray
7d39750aedc63621-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 07 Jun 2023 14:06:42 GMT
etag
W/"4a86b06d9257ddbbd97990cc0ee15999"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XLXh1yjmwHOyY9fTqdyRjmpic5Xp9PofJsl5vCPnZ0sRLG2ooGuCYIpsJCX75yNIGi3rVqYRUUrr9eTKLXkAWZrY2OIPDXsQZ%2FMIzcTGwJcVGanbMLXOy6h3I6O2o5A2AG9eDTR79AWPM1zAHtoRGyvTZA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://24903674pj.pages.dev/
Non-Authoritative-Reason
HSTS
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/ 		152 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css?q=%3C?=date(%27U%27)?%3E
Requested by
Host: 24903674pj.pages.dev
URL: https://24903674pj.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://24903674pj.pages.dev/
Origin
https://24903674pj.pages.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 07 Jun 2023 14:06:42 GMT
x-content-type-options
nosniff
content-encoding
br
age
7261619
x-jsd-version
5.0.2
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
25360
x-served-by
cache-fra-eddf8230097-FRA, cache-ams21083-AMS
x-jsd-version-type
version
etag
W/"260c5-fByeBXPlzqi603M74vxjqoxo6o0"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.4/ 		88 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.4/jquery.min.js?q=%3C?=date(%27U%27)?%3E
Requested by
Host: 24903674pj.pages.dev
URL: https://24903674pj.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://24903674pj.pages.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 14:06:42 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
2571503
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
28035
last-modified
Wed, 08 Mar 2023 16:05:42 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"6408b256-6d83"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CUXfAYqMG34SAefvxtHhwMEW7kQEJFDoDgbVGxyBoIVZ0yKryDCZHjYgdtNzffv53a%2BGhxz05f5T9x89e7rWz5XeyVKCEm8NEXkdmwGSOp%2FBiC7kP0cXnm5cjszC5wtaQazMbQp7PEkQS1hzA2sEeUz8"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7d39750bfd175bf5-FRA
expires
Mon, 27 May 2024 14:06:42 GMT
iii.jpg
24903674pj.pages.dev/ 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://24903674pj.pages.dev/iii.jpg
Requested by
Host: 24903674pj.pages.dev
URL: https://24903674pj.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:310c::ac42:2fa9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7797f50bf6ef52f271a5778e973ef9a725b5f50de60f4f60cfd7db7f4e395d54
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://24903674pj.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 14:06:42 GMT
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"438b064fcfde3c32770c78e62364800b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zaYTGcwAon%2FaKGN8HrWjj8MDCYoqH1SqNy4K1ru2EjqNY2EmrzO6G0GF8%2BZ%2F68SQsHYBFaTFi%2BmmSLQoQkbuYhzZ8BXV4nZoROni9MrIAJebobJbwg8T%2Bqvqg9DKC0I3Ul7hiUK8FTYqhdtDiq7%2BWDemLA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
7d39750c5f8d3621-FRA
alt-svc
h3=":443"; ma=86400
content-length
27597

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend function| $ function| jQuery function| setDtSuspended function| makeid object| arrbulan object| date number| dd number| mm number| yy

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff