674586534.cf Open in urlscan Pro
2606:4700:30::6812:26fa Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://674586534.cf/facebook-page/
Effective URL:
https://674586534.cf/facebook-page/nb1/
Submission: On August 28 via manual (August 28th 2019, 1:45:37 am UTC) from TW

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 15 HTTP transactions. The main IP is 2606:4700:30::6812:26fa, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is 674586534.cf.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on August 22nd 2019. Valid for: a year.

This is the only time 674586534.cf was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online) Tech Support Scam (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 11	2606:4700:30:... 2606:4700:30::6812:26fa	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:81a::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:815::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:1a	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
2	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
15	6

11 2606:4700:30::6812:26fa (United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

674586534.cf	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:815::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:1a (Netherlands)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	674586534.cf 1 redirects 674586534.cf	929 KB
2	google-analytics.com www.google-analytics.com	18 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	10 KB
1	googleapis.com ajax.googleapis.com	30 KB
1	googletagmanager.com www.googletagmanager.com	26 KB
15	5

	Domain	Requested by
11	674586534.cf	1 redirects 674586534.cf
2	www.google-analytics.com	www.googletagmanager.com 674586534.cf
1	maxcdn.bootstrapcdn.com	674586534.cf
1	ajax.googleapis.com	674586534.cf
1	www.googletagmanager.com	674586534.cf
15	5

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-08-22` - `2020-08-21`	a year	crt.sh
*.google-analytics.com Google Internet Authority G3	`2019-07-29` - `2019-10-21`	3 months	crt.sh
*.googleapis.com Google Internet Authority G3	`2019-07-29` - `2019-10-21`	3 months	crt.sh
*.bootstrapcdn.com COMODO RSA Domain Validation Secure Server CA	`2018-10-03` - `2019-10-12`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://674586534.cf/facebook-page/nb1/
Frame ID: 5E040C97014326256AFDB37743206D0C
Requests: 14 HTTP requests in this frame

Frame: https://674586534.cf/facebook-page/nb1/err.mp3
Frame ID: 601B4B5B71D804E51DA77C7B1A7844BC
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://674586534.cf/facebook-page/ HTTP 301
https://674586534.cf/facebook-page/ Page URL
https://674586534.cf/facebook-page/nb1/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

15
Requests

100 %
HTTPS

100 %
IPv6

5
Domains

5
Subdomains

6
IPs

3
Countries

1012 kB
Transfer

1173 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://674586534.cf/facebook-page/ HTTP 301
https://674586534.cf/facebook-page/ Page URL
https://674586534.cf/facebook-page/nb1/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://674586534.cf/facebook-page/ HTTP 301
https://674586534.cf/facebook-page/

15 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
674586534.cf/facebook-page/
Redirect Chain

http://674586534.cf/facebook-page/
https://674586534.cf/facebook-page/

1 KB
747 B

388ms
341ms

Document
text/html

2606:4700:30::6812:26fa
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://674586534.cf/facebook-page/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:26fa , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae33c2d3b479cd7a66d101c29018dad96f669a22bab2aa94c7ff07776bb4f74b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: 674586534.cf
:scheme: https
:path: /facebook-page/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Wed, 28 Aug 2019 01:45:20 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d16d15bf8e62eb8e6f8110a03ec28000f1566956719; expires=Thu, 27-Aug-20 01:45:19 GMT; path=/; domain=.674586534.cf; HttpOnly
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 50d29aea180d8caa-VIE
content-encoding: br

Redirect headers

Date: Wed, 28 Aug 2019 01:45:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 28 Aug 2019 02:45:19 GMT
Location: https://674586534.cf/facebook-page/
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 50d29ae9ada9cbc0-VIE

GET
H2 200 Primary Request / Show response
674586534.cf/facebook-page/nb1/ 11 KB
4 KB 339ms
338ms Document
text/html 2606:4700:30::6812:26fa
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://674586534.cf/facebook-page/nb1/

Requested by

Host: 674586534.cf
URL: https://674586534.cf/facebook-page/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:26fa , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e488264fda6313225c4b08e2a94b053dfee4576d666ebe349a8ea6043ce6f614

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: 674586534.cf
:scheme: https
:path: /facebook-page/nb1/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: same-origin
referer: https://674586534.cf/facebook-page/
accept-encoding: gzip, deflate, br
cookie: __cfduid=d16d15bf8e62eb8e6f8110a03ec28000f1566956719
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Referer: https://674586534.cf/facebook-page/

Response headers

status: 200
date: Wed, 28 Aug 2019 01:45:20 GMT
content-type: text/html
vary: Accept-Encoding
last-modified: Tue, 27 Aug 2019 21:54:55 GMT
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 50d29aec48598caa-VIE
content-encoding: br

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 68 KB
26 KB 52ms
50ms Script
application/javascript 2a00:1450:4001:81a::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=1-844-517-3777

Requested by

Host: 674586534.cf
URL: https://674586534.cf/facebook-page/nb1/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bf04b2dab5099898e673c0c7aac942f1428b0d28a9c1b516dd95f8b5d3a2a3bf

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://674586534.cf/facebook-page/nb1/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 28 Aug 2019 01:45:20 GMT
content-encoding: br
last-modified: Wed, 28 Aug 2019 00:00:00 GMT
server: Google Tag Manager
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 26612
x-xss-protection: 0
expires: Wed, 28 Aug 2019 01:45:20 GMT

GET
H2 200 style.min.css
674586534.cf/facebook-page/nb1/ 4 KB
1 KB 337ms
335ms Stylesheet
text/css 2606:4700:30::6812:26fa
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://674586534.cf/facebook-page/nb1/style.min.css

Requested by

Host: 674586534.cf
URL: https://674586534.cf/facebook-page/nb1/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:26fa , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a74d6b33324b196502c0736ad5237f9f4a4fe1707aee8f7c916d3828a1ccca5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://674586534.cf/facebook-page/nb1/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 28 Aug 2019 01:45:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
x-xss-protection: 1; mode=block
last-modified: Tue, 27 Aug 2019 21:54:54 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5d65a6ae-11d3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=2592000
cf-ray: 50d29aee68a48caa-VIE
expires: Fri, 27 Sep 2019 01:45:20 GMT

GET
H2 200 index.css
674586534.cf/facebook-page/nb1/ 2 KB
688 B 335ms
334ms Stylesheet
text/css 2606:4700:30::6812:26fa
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://674586534.cf/facebook-page/nb1/index.css

Requested by

Host: 674586534.cf
URL: https://674586534.cf/facebook-page/nb1/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:26fa , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

96ebd43ad060daa3755cd441a936cd36371732d7a74b2ae4df30183eb128df9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://674586534.cf/facebook-page/nb1/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 28 Aug 2019 01:45:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
x-xss-protection: 1; mode=block
last-modified: Tue, 27 Aug 2019 21:54:57 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5d65a6b1-7bf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=2592000
cf-ray: 50d29aee68a58caa-VIE
expires: Fri, 27 Sep 2019 01:45:20 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ 85 KB
30 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:815::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

Requested by

Host: 674586534.cf
URL: https://674586534.cf/facebook-page/nb1/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://674586534.cf/facebook-page/nb1/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 26 Aug 2019 10:27:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 141483
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 30399
x-xss-protection: 0
last-modified: Thu, 25 Jan 2018 15:33:24 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 25 Aug 2020 10:27:17 GMT

GET
H2 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/3.4.0/js/ 37 KB
10 KB 23ms
7ms Script
text/javascript 2001:4de0:ac19::1:b:1a
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://maxcdn.bootstrapcdn.com/bootstrap/3.4.0/js/bootstrap.min.js
Requested by: Host: 674586534.cf
URL: https://674586534.cf/facebook-page/nb1/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac19::1:b:1a , Netherlands, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software: /
Resource Hash: 909ae563eb34f7e4285a3a643ab5d7c21c5e6a80f3f455b949ac45f08d0389b4

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://674586534.cf/facebook-page/nb1/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 28 Aug 2019 01:45:20 GMT
content-encoding: gzip
last-modified: Fri, 14 Dec 2018 05:14:43 GMT
status: 200
etag: "1544764483"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-hello-human: Say hello back! @getBootstrapCDN on Twitter
accept-ranges: bytes
timing-allow-origin: *
content-length: 10035

GET
H2 200 apple.png
674586534.cf/facebook-page/nb1/ 2 KB
2 KB 333ms
332ms Image
image/png 2606:4700:30::6812:26fa
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://674586534.cf/facebook-page/nb1/apple.png

Requested by

Host: 674586534.cf
URL: https://674586534.cf/facebook-page/nb1/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:26fa , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

67f4718a280de85fd20b8b17405884ed53339c568c762b0ac83dc019193c40d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://674586534.cf/facebook-page/nb1/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 28 Aug 2019 01:45:20 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
content-length: 2353
x-xss-protection: 1; mode=block
last-modified: Tue, 27 Aug 2019 21:54:58 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5d65a6b2-931"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 50d29aee68a68caa-VIE
expires: Fri, 27 Sep 2019 01:45:20 GMT

GET
H2 200 main.js Show response
674586534.cf/facebook-page/nb1/js/ 3 KB
1 KB 331ms
330ms Script
application/javascript 2606:4700:30::6812:26fa
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://674586534.cf/facebook-page/nb1/js/main.js

Requested by

Host: 674586534.cf
URL: https://674586534.cf/facebook-page/nb1/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:26fa , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

035f18de6a2e149d4d657accc183abff4e1b1dc1526190123123d1ec5d3574ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://674586534.cf/facebook-page/nb1/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 28 Aug 2019 01:45:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
x-xss-protection: 1; mode=block
last-modified: Tue, 27 Aug 2019 21:55:03 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5d65a6b7-ccf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=2592000
cf-ray: 50d29aeee8ba8caa-VIE
expires: Fri, 27 Sep 2019 01:45:20 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80b::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=1-844-517-3777

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://674586534.cf/facebook-page/nb1/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 1163
date: Wed, 28 Aug 2019 01:25:57 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 17803
expires: Wed, 28 Aug 2019 03:25:57 GMT

GET
H2 200 background.png
674586534.cf/facebook-page/nb1/ 524 KB
524 KB 751ms
751ms Image
image/png 2606:4700:30::6812:26fa
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://674586534.cf/facebook-page/nb1/background.png

Requested by

Host: 674586534.cf
URL: https://674586534.cf/facebook-page/nb1/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:26fa , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

60920b5c430c8decf6913a6912373fcff8141b17a68661e867fbbea0d4bc685a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://674586534.cf/facebook-page/nb1/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 28 Aug 2019 01:45:21 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
content-length: 536301
x-xss-protection: 1; mode=block
last-modified: Tue, 27 Aug 2019 22:48:37 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5d65b345-82eed"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 50d29af0d8fa8caa-VIE
expires: Fri, 27 Sep 2019 01:45:21 GMT

GET
DATA 200
OK truncated
/ 239 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd08b9849632e73574f62ca80572a17f9bbd9bb1010fe8c6380e641460abd96c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 206 err.mp3
674586534.cf/facebook-page/nb1/ 196 KB
197 KB 331ms
331ms Media
audio/mpeg 2606:4700:30::6812:26fa
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://674586534.cf/facebook-page/nb1/err.mp3

Requested by

Host: 674586534.cf
URL: https://674586534.cf/facebook-page/nb1/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:26fa , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc59bbb18f923747b9cd3f3b23537ff09c5ad2fdfc1505a4800a3f269a234e65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://674586534.cf/facebook-page/nb1/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 28 Aug 2019 01:45:21 GMT
x-content-type-options: nosniff
last-modified: Tue, 27 Aug 2019 21:54:56 GMT
server: cloudflare
status: 206
etag: "31080-5912052bf8276"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: audio/mpeg
Content-Range: bytes 0-200831/200832
accept-ranges: bytes
cf-ray: 50d29af0e9028caa-VIE
Content-Length: 200832
x-xss-protection: 1; mode=block

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
103 B 16ms
16ms Image
image/gif 2a00:1450:4001:80b::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=257977515&t=pageview&_s=1&dl=https%3A%2F%2F674586534.cf%2Ffacebook-page%2Fnb1%2F&ul=en-us&de=UTF-8&dt=Official%20Facebook%20Support&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=1001683663&gjid=214433136&cid=156242344.1566956721&tid=UA-xxx-x&_gid=1408470342.1566956721&_r=1&gtm=2oi8l2&z=999020659

Requested by

Host: 674586534.cf
URL: https://674586534.cf/facebook-page/nb1/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://674586534.cf/facebook-page/nb1/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Aug 2019 01:45:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 err.mp3
674586534.cf/facebook-page/nb1/ Frame 601B 0
0 176ms
176ms Document
audio/mpeg 2606:4700:30::6812:26fa
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://674586534.cf/facebook-page/nb1/err.mp3

Requested by

Host: 674586534.cf
URL: https://674586534.cf/facebook-page/nb1/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:26fa , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: 674586534.cf
:scheme: https
:path: /facebook-page/nb1/err.mp3
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: nested-navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: same-origin
referer: https://674586534.cf/facebook-page/nb1/
accept-encoding: gzip, deflate, br
cookie: __cfduid=d16d15bf8e62eb8e6f8110a03ec28000f1566956719; _ga=GA1.2.156242344.1566956721; _gid=GA1.2.1408470342.1566956721; _gat_gtag_UA_xxx_x=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://674586534.cf/facebook-page/nb1/

Response headers

status: 200
date: Wed, 28 Aug 2019 01:45:20 GMT
content-type: audio/mpeg
content-length: 200832
last-modified: Tue, 27 Aug 2019 21:54:56 GMT
etag: "31080-5912052bf8276"
accept-ranges: bytes
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 50d29af0f9088caa-VIE

GET
H2 206 err.mp3
674586534.cf/facebook-page/nb1/ Frame 601B 196 KB
197 KB 335ms
335ms Media
audio/mpeg 2606:4700:30::6812:26fa
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://674586534.cf/facebook-page/nb1/err.mp3

Requested by

Host: 674586534.cf
URL: https://674586534.cf/facebook-page/nb1/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:26fa , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc59bbb18f923747b9cd3f3b23537ff09c5ad2fdfc1505a4800a3f269a234e65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://674586534.cf/facebook-page/nb1/err.mp3
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 28 Aug 2019 01:45:21 GMT
x-content-type-options: nosniff
last-modified: Tue, 27 Aug 2019 21:54:56 GMT
server: cloudflare
status: 206
etag: "31080-5912052bf8276"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: audio/mpeg
Content-Range: bytes 0-200831/200832
accept-ranges: bytes
cf-ray: 50d29af219368caa-VIE
Content-Length: 200832
x-xss-protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online) Tech Support Scam (Consumer)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.674586534.cf/	1970-01-19 03:15:56	Name: _gat_gtag_UA_xxx_x Value: 1
.674586534.cf/	1970-01-19 03:17:23	Name: _gid Value: GA1.2.1408470342.1566956721
.674586534.cf/	1970-01-19 20:47:08	Name: _ga Value: GA1.2.156242344.1566956721
.674586534.cf/	1970-01-19 12:01:32	Name: __cfduid Value: d16d15bf8e62eb8e6f8110a03ec28000f1566956719

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

674586534.cf
ajax.googleapis.com
maxcdn.bootstrapcdn.com
www.google-analytics.com
www.googletagmanager.com
2001:4de0:ac19::1:b:1a
2606:4700:30::6812:26fa
2a00:1450:4001:80b::200e
2a00:1450:4001:815::200a
2a00:1450:4001:81a::2008
035f18de6a2e149d4d657accc183abff4e1b1dc1526190123123d1ec5d3574ff
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
4a74d6b33324b196502c0736ad5237f9f4a4fe1707aee8f7c916d3828a1ccca5
60920b5c430c8decf6913a6912373fcff8141b17a68661e867fbbea0d4bc685a
67f4718a280de85fd20b8b17405884ed53339c568c762b0ac83dc019193c40d0
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
909ae563eb34f7e4285a3a643ab5d7c21c5e6a80f3f455b949ac45f08d0389b4
96ebd43ad060daa3755cd441a936cd36371732d7a74b2ae4df30183eb128df9a
ae33c2d3b479cd7a66d101c29018dad96f669a22bab2aa94c7ff07776bb4f74b
bd08b9849632e73574f62ca80572a17f9bbd9bb1010fe8c6380e641460abd96c
bf04b2dab5099898e673c0c7aac942f1428b0d28a9c1b516dd95f8b5d3a2a3bf
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
e488264fda6313225c4b08e2a94b053dfee4576d666ebe349a8ea6043ce6f614
fc59bbb18f923747b9cd3f3b23537ff09c5ad2fdfc1505a4800a3f269a234e65

674586534.cf Open in urlscan Pro 2606:4700:30::6812:26fa Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

100 %IPv6

5 Domains

5 Subdomains

6 IPs

3 Countries

1012 kBTransfer

1173 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

18 JavaScript Global Variables

4 Cookies

Security Headers

Indicators

674586534.cf Open in urlscan Pro
2606:4700:30::6812:26fa Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

100 %
IPv6

5
Domains

5
Subdomains

6
IPs

3
Countries

1012 kB
Transfer

1173 kB
Size

4
Cookies

15 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!