ken-brass-eocurs-auth02.pages.dev Open in urlscan Pro
2606:4700:310c::ac42:2f2d  Malicious Activity! Public Scan

Submitted URL: http://ken-brass-eocurs-auth02.pages.dev/
Effective URL: https://ken-brass-eocurs-auth02.pages.dev/
Submission: On February 26 via api from SA — Scanned from DE

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 1 HTTP transactions. The main IP is 2606:4700:310c::ac42:2f2d, located in United States and belongs to CLOUDFLARENET, US. The main domain is ken-brass-eocurs-auth02.pages.dev.
TLS certificate: Issued by GTS CA 1P5 on January 28th 2024. Valid for: 3 months.
This is the only time ken-brass-eocurs-auth02.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Optimum (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:310... 13335 (CLOUDFLAR...)
1 2
Apex Domain
Subdomains
Transfer
1 pages.dev
ken-brass-eocurs-auth02.pages.dev
406 KB
1 1
Domain Requested by
1 ken-brass-eocurs-auth02.pages.dev
1 1
Subject Issuer Validity Valid
ken-brass-eocurs-auth02.pages.dev
GTS CA 1P5
2024-01-28 -
2024-04-27
3 months crt.sh

This page contains 2 frames:

Primary Page: https://ken-brass-eocurs-auth02.pages.dev/
Frame ID: 3054E4BCD37A6E6A8308C0D5CAA53B2F
Requests: 10 HTTP requests in this frame

Frame: data://truncated
Frame ID: C45DB4D8665FA8C9F9736804C9B0A91D
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Sign In to Manage Your Services | Optimum

Page URL History Show full URLs

  1. http://ken-brass-eocurs-auth02.pages.dev/ HTTP 307
    https://ken-brass-eocurs-auth02.pages.dev/ Page URL

Page Statistics

1
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

617 kB
Transfer

1122 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ken-brass-eocurs-auth02.pages.dev/ HTTP 307
    https://ken-brass-eocurs-auth02.pages.dev/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
ken-brass-eocurs-auth02.pages.dev/
Redirect Chain
  • http://ken-brass-eocurs-auth02.pages.dev/
  • https://ken-brass-eocurs-auth02.pages.dev/
699 KB
406 KB
Document
General
Full URL
https://ken-brass-eocurs-auth02.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:310c::ac42:2f2d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b87958def342882ce01e0708142557be5f276169bd796185d1ce29797a3ccba8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0, must-revalidate
cf-ray
85b873d7db7a195e-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Mon, 26 Feb 2024 13:14:41 GMT
etag
W/"3e49a17969c13e6c163736e0a7dbc516"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ioEg59eAIuLf8aoFHB3eG9ufKWI%2B9slgKrelmh1%2FEMmugL95z62xWcR887DP1TOv1gq9wUYxW75%2Baqo4o%2FuqOhkP8H3ZYcu4eBguwou1PNIxhqaxNRFDADOYLj3JluGpZEGXABvfzHoJF4rcGYMyoITmacx2NRXZrmAt9AFmx1o%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://ken-brass-eocurs-auth02.pages.dev/
Non-Authoritative-Reason
HSTS
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a80363e3aaefdfbf02c3ab9906d83f9bbf80821b0c1a04df69c8a0f97fbc7453

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
405 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
24b1b0fc642753fc6e693eae5cde6fd56366fad297e2915b3e9f63774f3aa1fb

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
441 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6d57340d92cb2e9557a1cc3ac96c86ca86b0c8323c851a55573a3a2488ef84ff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
249 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dda50837373135f2515c7ed1216d1cb8c79aa12786d8512e3400a9cd665e1d88

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
146 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0fde4c9c87c9e7b45f2edee970396be68320f3762a1a7998aff4b7f7517fcfe4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
61 KB
61 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5b85f5f5732534318102cd1b76600be50148a28b8ddf10bc845c43702f2a5fa5

Request headers

Referer
Origin
https://ken-brass-eocurs-auth02.pages.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type
font/woff
truncated
/
61 KB
61 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6956ea2e1d93df622505b666c2987433a0f5546e4037f0a185c133b20a9a783b

Request headers

Referer
Origin
https://ken-brass-eocurs-auth02.pages.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type
font/woff
truncated
/
29 KB
29 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a6fb906942932de53852ee244ee3fec27bca0bf63a96421672aa4784851b8d4b

Request headers

Referer
Origin
https://ken-brass-eocurs-auth02.pages.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type
font/woff
truncated
/
60 KB
60 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
878a83f4ffa56c09d18f71c29755fdd6f93c2e9702845ec7c83c1da4754d2650

Request headers

Referer
Origin
https://ken-brass-eocurs-auth02.pages.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type
font/woff
truncated
/ Frame C45D
61 KB
0
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
Origin
null
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type
font/woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Optimum (Telecommunication)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff