paling-cuan.pages.dev
Open in
urlscan Pro
2606:4700:310c::ac42:2c51
Malicious Activity!
Public Scan
Effective URL: https://paling-cuan.pages.dev/
Submission Tags: threatview.io malwar3ninja rule: suspected phishing scam automated-submission Search All
Submission: On September 02 via api from DE — Scanned from DE
Summary
TLS certificate: Issued by WE1 on August 17th 2024. Valid for: 3 months.
This is the only time paling-cuan.pages.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 6 | 2606:4700:310... 2606:4700:310c::ac42:2c51 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 2a00:1450:400... 2a00:1450:4001:831::2001 | 15169 (GOOGLE) (GOOGLE) | |
1 | 192.0.77.3 192.0.77.3 | 2635 (AUTOMATTIC) (AUTOMATTIC) | |
1 | 198.252.110.95 198.252.110.95 | 59253 (LEASEWEB-...) (LEASEWEB-APAC-SIN-11 LEASEWEB SINGAPORE PTE. LTD.) | |
1 | 162.159.152.17 162.159.152.17 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 45.55.44.167 45.55.44.167 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
1 | 162.19.58.156 162.19.58.156 | 16276 (OVH) (OVH) | |
1 | 2620:127:f00f... 2620:127:f00f:e:: | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
16 | 9 |
ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com
64.media.tumblr.com |
ASN59253 (LEASEWEB-APAC-SIN-11 LEASEWEB SINGAPORE PTE. LTD., SG)
PTR: 198.252.110.95-static.reverse.arandomserver.com
aibechienpau.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
pages.dev
1 redirects
paling-cuan.pages.dev |
22 KB |
5 |
ampproject.org
cdn.ampproject.org — Cisco Umbrella Rank: 382 |
88 KB |
1 |
myshopify.com
31b1e4.myshopify.com |
9 KB |
1 |
ibb.co
i.ibb.co — Cisco Umbrella Rank: 9712 |
41 KB |
1 |
quoracdn.net
qph.cf2.quoracdn.net — Cisco Umbrella Rank: 14124 |
540 KB |
1 |
aibechienpau.com
aibechienpau.com |
109 KB |
1 |
tumblr.com
64.media.tumblr.com — Cisco Umbrella Rank: 17876 |
297 KB |
16 | 7 |
Domain | Requested by | |
---|---|---|
6 | paling-cuan.pages.dev |
1 redirects
paling-cuan.pages.dev
|
5 | cdn.ampproject.org |
paling-cuan.pages.dev
cdn.ampproject.org |
1 | 31b1e4.myshopify.com | |
1 | i.ibb.co |
paling-cuan.pages.dev
|
1 | qph.cf2.quoracdn.net |
paling-cuan.pages.dev
|
1 | aibechienpau.com |
paling-cuan.pages.dev
|
1 | 64.media.tumblr.com |
paling-cuan.pages.dev
|
16 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
cq5c.short.gy |
Subject Issuer | Validity | Valid | |
---|---|---|---|
paling-cuan.pages.dev WE1 |
2024-08-17 - 2024-11-15 |
3 months | crt.sh |
misc-sni.google.com WR2 |
2024-08-05 - 2024-10-28 |
3 months | crt.sh |
*.media.tumblr.com Sectigo ECC Domain Validation Secure Server CA |
2024-01-03 - 2025-02-02 |
a year | crt.sh |
*.aibechienpau.com R11 |
2024-08-21 - 2024-11-19 |
3 months | crt.sh |
quora.com R10 |
2024-07-29 - 2024-10-27 |
3 months | crt.sh |
45.55.44.167 ZeroSSL RSA Domain Secure Site CA |
2023-12-08 - 2024-12-07 |
a year | crt.sh |
ibb.co E5 |
2024-08-22 - 2024-11-20 |
3 months | crt.sh |
myshopify.com E6 |
2024-08-09 - 2024-11-07 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://paling-cuan.pages.dev/
Frame ID: 4756403DE7822BBE10A15662C0FB9DDF
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
SITUS JUDI SLOT GACOR TERBARU 2024 PALING POPULERPage URL History Show full URLs
-
http://paling-cuan.pages.dev/
HTTP 307
https://paling-cuan.pages.dev/ Page URL
-
https://paling-cuan.pages.dev/cdn-cgi/phish-bypass?atok=ILOlVvNQB4H60Of_bdrOwdwZWPXFWq1VgkVc9Yc2hO0-172525...
HTTP 301
https://paling-cuan.pages.dev/ Page URL
Detected technologies
Lightbox (JavaScript Libraries) ExpandDetected patterns
- lightbox(?:-plus-jquery)?.{0,32}\.js
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: DAFTAR
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://paling-cuan.pages.dev/
HTTP 307
https://paling-cuan.pages.dev/ Page URL
-
https://paling-cuan.pages.dev/cdn-cgi/phish-bypass?atok=ILOlVvNQB4H60Of_bdrOwdwZWPXFWq1VgkVc9Yc2hO0-1725253860-0.0.1.1-%2F
HTTP 301
https://paling-cuan.pages.dev/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://paling-cuan.pages.dev/ HTTP 307
- https://paling-cuan.pages.dev/
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
paling-cuan.pages.dev/ Redirect Chain
|
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cf.errors.css
paling-cuan.pages.dev/cdn-cgi/styles/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-exclamation.png
paling-cuan.pages.dev/cdn-cgi/images/ |
452 B 540 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
paling-cuan.pages.dev/ |
39 KB 7 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
/
paling-cuan.pages.dev/ Redirect Chain
|
39 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v0.js
cdn.ampproject.org/ |
278 KB 72 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
amp-anim-0.1.js
cdn.ampproject.org/v0/ |
6 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
amp-accordion-0.1.js
cdn.ampproject.org/v0/ |
17 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tumblr_paqhc18jmD1xp1j77o1_640.gif
64.media.tumblr.com/f816c9430a4851bb196e559ade3a99ad/ |
296 KB 297 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
84 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
84 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
82 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
84 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
slotgacor.png
aibechienpau.com/amp/images/ |
109 KB 109 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main-qimg-ce7fcdbd0cf03a553d5a575ef907e01e
qph.cf2.quoracdn.net/ |
539 KB 540 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fav.png
45.55.44.167/img/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Pngtree-qr-code-scanning-line-5932493.png
i.ibb.co/84FzYdJ/ |
41 KB 41 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
amp-auto-lightbox-0.1.js
cdn.ampproject.org/rtv/012406131415000/v0/ |
8 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
amp-loader-0.1.js
cdn.ampproject.org/rtv/012406131415000/v0/ |
12 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.png
31b1e4.myshopify.com/cdn/shop/files/ |
8 KB 9 KB |
Other
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| AMP object| AMP_CONFIG object| AMP_EXP object| __AMP_LOG function| HTMLElementOrig object| __AMP_ERRORS object| __AMP_MODE function| __AMP_REPORT_ERROR object| __AMP_TOP object| __AMP_SERVICES object| __AMP__EXPERIMENT_TOGGLES object| __AMP_URL_CACHE boolean| __AMP_TAG object| __AMP_EXTENDED_ELEMENTS function| __AMP_BASE_CE_CLASS1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.paling-cuan.pages.dev/ | Name: __cf_mw_byp Value: ILOlVvNQB4H60Of_bdrOwdwZWPXFWq1VgkVc9Yc2hO0-1725253860-0.0.1.1-/ |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
31b1e4.myshopify.com
64.media.tumblr.com
aibechienpau.com
cdn.ampproject.org
i.ibb.co
paling-cuan.pages.dev
qph.cf2.quoracdn.net
162.159.152.17
162.19.58.156
192.0.77.3
198.252.110.95
2606:4700:310c::ac42:2c51
2620:127:f00f:e::
2a00:1450:4001:831::2001
45.55.44.167
00f37df92f173405ddce0054baa2efbf809b670228a11831c7007c1fa242d876
045b6bc71bdea1865aa633013e990099200473acb01fe6d0025690a65e88e29d
08c034b981c8dbe7aace6c041f2b7dec193b2aff8d219ae8c3fc80f1aceda1de
0ee3b47153fa12aa7de01b4eccfdc747f5be7c315804ebb9f1f7bd6ea55e2340
30ba4c46e675273e8f734220ed4ae052967d497a0ac8b7a2a5b116ed7ddfe2a2
3793000352d420399c60f71c371e1e4fa6a13370abe23ffdd59da1356948d1c0
416484b2217e26d94420e4f75f62d3fbdb07a81058e6468042ce2542d016340d
6cfee30ce3e55ce3054f711f54ad7627185998b731aea71f58fc61a2b51fe84c
77b32c775db2e0d034e30e4e3237bb58f4d746319e97bdfc3aa2b116d44d075d
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
9f0f2be0a2f7f589280ff15da3877fa7c620ed9dd6322c7ae4e2d14a51de1fd9
b0ffad006a7139490c42aa5e430569ee9a92fc695c47dc77365e4ab386e9ba54
b3aca4ac4be36a73f6a16eef5e90d89da2af8ee6c17a3346c9c9405059789bfe
c00cd1d88628ed8712b048f4cc0dfaf73a81b7299d40c09c265f529d70de180c
d744264352ef5431e1783ecb6c6af1b0382de7ad411b776dd89f1d12f8fe3a7b
e4a0b30928c7d7d1d18cd4c7f43d23f2615cbcc92a0457a4e5bf04b9e3e73353
ecc9a646c8fecfa4e12f32a06800977bd039ce2e91d1cc7c94b3c7b7b0999979
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
fc4f8977a88c766f201137149a9cd77d9b588975de8b416c6cca798314c34457