urlscan.io logo urlscan.io
SecurityTrails logo

testing-1g0.pages.dev Open in urlscan Pro
172.66.47.157  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://testing-1g0.pages.dev/
Submission: On April 07 via automatic, source phishtank — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 7 HTTP transactions. The main IP is 172.66.47.157, located in United States and belongs to CLOUDFLARENET, US. The main domain is testing-1g0.pages.dev.
TLS certificate: Issued by GTS CA 1P5 on April 6th 2024. Valid for: 3 months.
This is the only time testing-1g0.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: AOL (Online)

Domain & IP information

IP Address AS Autonomous System
1 172.66.47.157 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1288:80:... 203220 (YAHOO-DEB)
7 4
Apex Domain
Subdomains		 Transfer
5 yimg.com
s.yimg.com — Cisco Umbrella Rank: 649
24 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 372
31 KB
1 pages.dev
testing-1g0.pages.dev
333 KB
7 3
Domain Requested by
5 s.yimg.com testing-1g0.pages.dev
1 ajax.googleapis.com testing-1g0.pages.dev
1 testing-1g0.pages.dev
7 3

This site contains links to these domains. Also see Links.

Domain
www.aol.com
help.aol.com
www.verizonmedia.com
Subject Issuer Validity Valid
testing-1g0.pages.dev
GTS CA 1P5		 2024-04-06 -
2024-07-05		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-03-04 -
2024-05-27		 3 months crt.sh
*.fantasysports.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2024-04-02 -
2024-05-22		 2 months crt.sh

This page contains 1 frames:

Primary Page: https://testing-1g0.pages.dev/
Frame ID: D71BBE30598AAF3D809866364E66125F
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

AOL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

387 kB
Transfer

1207 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
testing-1g0.pages.dev/ 		847 KB
333 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://testing-1g0.pages.dev/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.47.157 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1ce09c2cd8c4b9ecdc0dae24c800c16c7c04de4e8394f1379e59a6ca4303a94d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0, must-revalidate
cf-ray
8706a944dfd3266d-TXL
content-encoding
br
content-type
text/html; charset=utf-8
date
Sun, 07 Apr 2024 02:41:53 GMT
etag
W/"897bdeda05c5e739b01598eb8431e8c9"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lNtRZllCB6ht%2BvikDAc80a2GycpmWQ%2BoJHibrtvemyNx3UzqUaTxezu9AyZU7fkzAUziEuuSvb871uIzAZZEz%2F3MDqr9uAGayzl0MPlqkA8c0tUiSAaLAGKOdqqhDtcWb%2FT3yiNNFqg%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ 		86 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
Requested by
Host: testing-1g0.pages.dev
URL: https://testing-1g0.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://testing-1g0.pages.dev/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 06 Apr 2024 09:39:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
61334
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30774
x-xss-protection
0
last-modified
Mon, 13 May 2019 14:37:17 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 06 Apr 2025 09:39:39 GMT
aol-logo-black-v.0.0.2.png
s.yimg.com/wm/assets/images/ns/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.yimg.com/wm/assets/images/ns/aol-logo-black-v.0.0.2.png
Requested by
Host: testing-1g0.pages.dev
URL: https://testing-1g0.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
f3e22262b472ee52e51e9f053856daf9a3f7ce59dd66d51f201f1ee7faaf5690
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://testing-1g0.pages.dev/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

ats-carp-promotion
1, 1
date
Tue, 19 Mar 2024 06:34:48 GMT
strict-transport-security
max-age=31536000
x-amz-meta-created-date
Thu, 16 Nov 2017 19:59:27 GMT
x-content-type-options
nosniff
x-amz-request-id
AXV37Y9QHNW1HXT7
age
1627626
x-amz-server-side-encryption
AES256
x-amz-meta-x-ysws-mbst-vtime
1510862367682930
content-length
16340
x-amz-id-2
DdBffOR7nzSPfXNlg+G8FmjOrZcfOJ5rWXerMQkJNViPe8oMonZ5yPADvOxnyTKK6ckg6DlBY+Y=
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 04 May 2018 01:23:57 GMT
server
ATS
etag
"f9e0f24b60732cd95150a37fb003b871"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin
content-type
image/png
cache-control
max-age=31536000; public
accept-ranges
bytes
x-amz-meta-mbst-etag
"YM:1:3570f846-88d6-4c90-bd91-179d937c363c00055e1f0ebaf172"
x-amz-meta-x-ysws-access
public
expires
Sat, 04 May 2019 01:23:56 GMT
aol-logo-white-v0.0.4.png
s.yimg.com/wm/assets/images/ybar/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.yimg.com/wm/assets/images/ybar/aol-logo-white-v0.0.4.png
Requested by
Host: testing-1g0.pages.dev
URL: https://testing-1g0.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
d0ecaea4f4b91a678f16b572dbe3c9dc7212d1437a97a31f84ae74c167d5a4db
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://testing-1g0.pages.dev/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

ats-carp-promotion
1, 1
date
Sat, 02 Mar 2024 09:08:59 GMT
strict-transport-security
max-age=31536000
x-amz-meta-created-date
Wed, 18 Apr 2018 19:01:42 GMT
x-content-type-options
nosniff
x-amz-request-id
EZ666H3YJZ3X3A1Z
age
3087175
x-amz-server-side-encryption
AES256
x-amz-meta-x-ysws-mbst-vtime
1524078102670246
content-length
4314
x-amz-id-2
LzMt/c3hPsJmZSv0BR2zhDLM2oGvm3Q1b7fgHBbPPzGaJkpfxaxK0oT4CEkQyKeHotSBV0c5Lx8=
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 03 May 2018 20:51:15 GMT
server
ATS
etag
"f0d2ba5c63ab03f3b53158f293f651c7"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin
content-type
image/png
cache-control
public,max-age=31536000
accept-ranges
bytes
x-amz-meta-mbst-etag
"YM:1:d32351c9-ea78-46c0-b7a5-1066118ae37d00056a2415eb6ba6"
x-amz-meta-x-ysws-access
public
expires
Fri, 03 May 2019 20:51:13 GMT
truncated
/ 		252 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a9d5e95149ce1810bf959feaa4607d123648f327a7cada16354b3d9014f290da

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/jpeg
checkbox-unchecked.svg
s.yimg.com/wm/mbr/images/ 		733 B
999 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.yimg.com/wm/mbr/images/checkbox-unchecked.svg
Requested by
Host: testing-1g0.pages.dev
URL: https://testing-1g0.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
c25f3a57f7858de738e2f3cd49ae322e7d02d70484cf7b6dde7de302eb033aa8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://testing-1g0.pages.dev/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

ats-carp-promotion
1, 1
date
Thu, 21 Mar 2024 02:35:51 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-amz-request-id
7DNJJY05WPQ0KFXQ
age
1469163
x-amz-server-side-encryption
AES256
content-length
733
x-amz-id-2
O7ltklYpBz/SXLLgupgChCRqP216fOvBb/vTGuMp28x0NS5ayX4odW08cui7v2P3hassj6B2bhptXUf9OncVwf1KUUweHC22
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 24 Apr 2020 17:13:52 GMT
server
ATS
etag
"f456007284e4510464d9dfddabd3fb0e"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin
content-type
image/svg+xml
cache-control
public,max-age=315360000
accept-ranges
bytes
aol-favicon.png
s.yimg.com/wm/login/ 		706 B
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/wm/login/aol-favicon.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
f6747270db8ca343f3a491fc790d6dfb6fb051723bc222566a7d292e6f4a8726
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://testing-1g0.pages.dev/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

ats-carp-promotion
1, 1
date
Thu, 14 Mar 2024 10:28:32 GMT
strict-transport-security
max-age=31536000
x-amz-meta-created-date
Thu, 30 Nov 2017 22:26:41 GMT
x-content-type-options
nosniff
x-amz-request-id
SWMJFJJPA8W2XNFV
age
2045602
x-amz-server-side-encryption
AES256
x-amz-meta-x-ysws-mbst-vtime
1512080801894162
content-length
706
x-amz-id-2
FvUpNWrOTpdc9cErOtjWuvBxelCdgOlndgamJzM9RDRvuQMAdgmpL5VgXxgy5fAAjQ+C7kvuNmQ=
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 04 May 2018 04:41:39 GMT
server
ATS
etag
"b12b87cffdae1bc42b921fcf2bd9cf4c"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin
content-type
image/png
cache-control
max-age=31536000; public
accept-ranges
bytes
x-amz-meta-mbst-etag
"YM:1:460c7d58-a304-4b5e-b4cc-bb4ea9f291d500055f3abf118f12"
x-amz-meta-x-ysws-access
public
expires
Sat, 04 May 2019 04:41:38 GMT
aol-favicon.png
s.yimg.com/wm/login/ 		706 B
750 B 		Other
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/wm/login/aol-favicon.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
f6747270db8ca343f3a491fc790d6dfb6fb051723bc222566a7d292e6f4a8726
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://testing-1g0.pages.dev/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

ats-carp-promotion
1, 1
date
Thu, 14 Mar 2024 10:28:32 GMT
strict-transport-security
max-age=31536000
x-amz-meta-created-date
Thu, 30 Nov 2017 22:26:41 GMT
x-content-type-options
nosniff
x-amz-request-id
SWMJFJJPA8W2XNFV
age
2045602
x-amz-server-side-encryption
AES256
x-amz-meta-x-ysws-mbst-vtime
1512080801894162
content-length
706
x-amz-id-2
FvUpNWrOTpdc9cErOtjWuvBxelCdgOlndgamJzM9RDRvuQMAdgmpL5VgXxgy5fAAjQ+C7kvuNmQ=
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 04 May 2018 04:41:39 GMT
server
ATS
etag
"b12b87cffdae1bc42b921fcf2bd9cf4c"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin
content-type
image/png
cache-control
max-age=31536000; public
accept-ranges
bytes
x-amz-meta-mbst-etag
"YM:1:460c7d58-a304-4b5e-b4cc-bb4ea9f291d500055f3abf118f12"
x-amz-meta-x-ysws-access
public
expires
Sat, 04 May 2019 04:41:38 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AOL (Online)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery number| counter

0 Cookies

2 Console Messages

Source Level URL
Text
recommendation verbose URL: https://testing-1g0.pages.dev/
Message:
[DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o
recommendation verbose URL: https://testing-1g0.pages.dev/
Message:
[DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff