privatepagesupport.net Open in urlscan Pro
104.21.46.195 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://privatepagesupport.net/business-help-center
Submission: On November 24 via api (November 24th 2023, 12:27:57 pm UTC) from US — Scanned from IT

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 16 HTTP transactions. The main IP is 104.21.46.195, located in and belongs to CLOUDFLARENET, US. The main domain is privatepagesupport.net.
TLS certificate: Issued by E1 on October 17th 2023. Valid for: 3 months.

This is the only time privatepagesupport.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
6	104.21.46.195 104.21.46.195	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.186.42 142.250.186.42	15169 (GOOGLE) (GOOGLE)
3	142.250.186.100 142.250.186.100	15169 (GOOGLE) (GOOGLE)
4	142.250.186.163 142.250.186.163	15169 (GOOGLE) (GOOGLE)
2	142.250.185.67 142.250.185.67	15169 (GOOGLE) (GOOGLE)
16	5

6 104.21.46.195 (None, )

ASN13335 (CLOUDFLARENET, US)

privatepagesupport.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.42 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.100 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	gstatic.com www.gstatic.com fonts.gstatic.com	423 KB
6	privatepagesupport.net privatepagesupport.net	177 KB
3	google.com www.google.com — Cisco Umbrella Rank: 2	35 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	873 B
16	4

	Domain	Requested by
6	privatepagesupport.net	privatepagesupport.net
4	www.gstatic.com	www.google.com www.gstatic.com
3	www.google.com	privatepagesupport.net www.google.com
2	fonts.gstatic.com	www.google.com
1	fonts.googleapis.com	privatepagesupport.net
16	5

This site contains no links.

Subject Issuer	Validity	Valid
privatepagesupport.net E1	`2023-10-17` - `2024-01-15`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://privatepagesupport.net/business-help-center
Frame ID: A7A3DFBE404D8FF28AAA03BC3DAEA9A0
Requests: 9 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeP0L8oAAAAADsQGr5CNOeKUdytWn_YDK3yvpll&co=aHR0cHM6Ly9wcml2YXRlcGFnZXN1cHBvcnQubmV0OjQ0Mw..&hl=it&type=image&v=-QbJqHfGOUB8nuVRLvzFLVed&theme=light&size=invisible&badge=bottomright&cb=2wyp9d9mjj1
Frame ID: 7F3C0F62C5B883CE40184C1506091D01
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Privacy Policy

Detected technologies

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

16
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

636 kB
Transfer

1453 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request business-help-center Show response
privatepagesupport.net/ 458 B
674 B 381ms
330ms Document
text/html 104.21.46.195
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://privatepagesupport.net/business-help-center
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.46.195 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d40089ba61241a7b1a05cc52a200382c96a8d0e5d2285dab03663558760d71a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: it-IT,it;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 82b1a602eb6e0d65-MXP
content-encoding: br
content-type: text/html
date: Fri, 24 Nov 2023 12:27:52 GMT
last-modified: Mon, 23 Oct 2023 06:36:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sf4K1FYwaVGwk8stJAu03lzwUZ%2Fsta8zc0z46LqUONZLHXORkt%2FhJjtpo7TcD374cuD9642jO0K4mh7PRyAIuogPEpl3vKS0XKwb65AFp21V0xfSATFScvLyaxSGnP7qUhB6Ofv29ZIH"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 index-1817e2a8.js Show response
privatepagesupport.net/assets/ 270 KB
90 KB 33ms
32ms Script
application/javascript 104.21.46.195
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://privatepagesupport.net/assets/index-1817e2a8.js
Requested by: Host: privatepagesupport.net
URL: https://privatepagesupport.net/business-help-center
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.46.195 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d6910fb69e3deebc69bfa0ecbbf59ef15d2d12cdd7cad973538b8c89286345a3

Request headers

Referer: https://privatepagesupport.net/business-help-center
Origin: https://privatepagesupport.net
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 24 Nov 2023 12:27:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 23 Oct 2023 06:36:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4008
etag: W/"65361483-4390c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UxPrxX%2Fk8bgAu6mpw52x%2FTfh6OzgAnyRBEGgjZ12v14xG%2B1I6TddM4pJGyRJWOufQuRpooF8ZF0pJG9DTvENk8as%2BSN1CDvEngJzvooUHuZWhtaDCjgIxVcdUNTmmdKr9Ph1UbmYNPCH"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 82b1a604fe530d65-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 index-2896eb1b.css
privatepagesupport.net/assets/ 9 KB
3 KB 25ms
25ms Stylesheet
text/css 104.21.46.195
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://privatepagesupport.net/assets/index-2896eb1b.css
Requested by: Host: privatepagesupport.net
URL: https://privatepagesupport.net/business-help-center
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.46.195 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2896eb1b3e74c18a7ca5d78c74fb3a5d38710ab66fbd39b1b447ed2b23a8f6cf

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://privatepagesupport.net/business-help-center
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 24 Nov 2023 12:27:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 23 Oct 2023 06:36:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4008
etag: W/"65361483-2373"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8qwbLzKC0zLCDteKo2fAeE6bZ7TuMDdI22cNNNKE018G3rCjvkAlTTvjMzamPKh84qpyCoIM36NmWnz3Dm2FSFY6daqL4FOdwnL3FoTfiT4AJacDfpcfiJX4mwYHs71nmSFWWcnorAOH"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 82b1a604fe4f0d65-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
873 B 103ms
38ms Stylesheet
text/css 142.250.186.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@300&display=swap

Requested by

Host: privatepagesupport.net
URL: https://privatepagesupport.net/assets/index-2896eb1b.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.42 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f10.1e100.net

Software

ESF /

Resource Hash

be41a11d97715baab9b3eeb8627f457b328b36275d83a88b5ffe40e147d51e0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://privatepagesupport.net/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security: max-age=31536000
date: Fri, 24 Nov 2023 12:27:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
expires: Fri, 24 Nov 2023 12:27:52 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 909 B
904 B 131ms
45ms Script
text/javascript 142.250.186.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit

Requested by

Host: privatepagesupport.net
URL: https://privatepagesupport.net/assets/index-1817e2a8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f4.1e100.net

Software

GSE /

Resource Hash

4a9e61d98a8def9f02459b4e1db10cc0b831b0cf07880656a868ff3e24ae5702

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://privatepagesupport.net/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 24 Nov 2023 12:27:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Fri, 24 Nov 2023 12:27:52 GMT

GET
H3 200 metalogo-0c038058.svg
privatepagesupport.net/assets/ 4 KB
2 KB 45ms
43ms Image
image/svg+xml 104.21.46.195
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://privatepagesupport.net/assets/metalogo-0c038058.svg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.46.195 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c038058600a811b8a96de485a224bcc30eb673972fe39954075bcf70ce74e04

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://privatepagesupport.net/business-help-center
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 24 Nov 2023 12:27:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 23 Oct 2023 06:36:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4002
etag: W/"65361483-eba"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n%2BoK6yBafBu6Lfzp8qScOj9RmvgnFM%2FCQnG58p2C0KgPVVVTooLY3IVNLLXX1cN6TwSyeSJ%2FopmwMCtF6uqU9WmBC%2FtZI1Dqwrff9G4tCKMBfNcGHEtbCPBuFJG9UAb8kSukNiqbRMl5"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 82b1a605f81059dd-MXP
alt-svc: h3=":443"; ma=86400

GET
H3 200 search-55717da5.ico
privatepagesupport.net/assets/ 17 KB
2 KB 28ms
27ms Image
image/x-icon 104.21.46.195
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://privatepagesupport.net/assets/search-55717da5.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.46.195 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55717da5f0bc7b97c87e7abdc4e097054048bc1c23998d5cc4b83a960d691062

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://privatepagesupport.net/business-help-center
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 24 Nov 2023 12:27:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 23 Oct 2023 06:36:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4002
etag: W/"65361483-423e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tRrbDlIKisKV5Aot59iGAfOZSer%2BWukh7eM1Vbdggp2FnUSXzajP7VtX%2Flfdz1HkEUEBB44ej6yC4O64ZI4riNv7CIxeirWZHvSg%2BC4zCjStpfU7X4JLMXPFU5LwXm%2BwACiKUz6DSLtd"}],"group":"cf-nel","max_age":604800}
content-type: image/x-icon
cache-control: max-age=14400
cf-ray: 82b1a605f81259dd-MXP
alt-svc: h3=":443"; ma=86400

GET
H3 200 background.jpg
privatepagesupport.net/ 79 KB
79 KB 29ms
28ms Image
image/jpeg 104.21.46.195
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://privatepagesupport.net/background.jpg
Requested by: Host: privatepagesupport.net
URL: https://privatepagesupport.net/assets/index-2896eb1b.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.46.195 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 289d99b21fae145c868238c0c499dcf8e84bea445b63e47e3406acfe98e20a34

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://privatepagesupport.net/assets/index-2896eb1b.css
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 24 Nov 2023 12:27:52 GMT
cf-cache-status: HIT
last-modified: Mon, 23 Oct 2023 06:36:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4002
etag: "65361483-13af6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=daKy3fZigEByCFKuWvLGxL4QAzWljb91oo9A9rq%2FgujE2KhF7GH5BBiJbqEwRZsWo5KpUXSDByrLSy%2FyVHcfCsC04%2BkLANDVhAQncMIHGjV%2BXEQShGXVfCW5qkffW66D6PWvA9lPNcI1"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 82b1a605f81359dd-MXP
alt-svc: h3=":443"; ma=86400
content-length: 80630

GET
H2 200 recaptcha__it.js Show response
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ 467 KB
188 KB 87ms
28ms Script
text/javascript 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__it.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

eb1371492a89bc275ca743e324e4f46587b31f89e99d14c686a59e88829a903c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://privatepagesupport.net/
Origin: https://privatepagesupport.net
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 17 Nov 2023 20:50:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 574652
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 191854
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 16 Nov 2024 20:50:20 GMT

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 7F3C 59 KB
34 KB 58ms
57ms Document
text/html 142.250.186.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeP0L8oAAAAADsQGr5CNOeKUdytWn_YDK3yvpll&co=aHR0cHM6Ly9wcml2YXRlcGFnZXN1cHBvcnQubmV0OjQ0Mw..&hl=it&type=image&v=-QbJqHfGOUB8nuVRLvzFLVed&theme=light&size=invisible&badge=bottomright&cb=2wyp9d9mjj1

Requested by

Host: privatepagesupport.net
URL: https://privatepagesupport.net/assets/index-1817e2a8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f4.1e100.net

Software

GSE /

Resource Hash

81b87c9a17e606b43d90e3768df284514fe57127cb17ae2d8585a78aa0b35a3d

Security Headers

Name	Value
Content-Security-Policy	script-src 'nonce-ArBDeM6PAxUPPrc8d2lMXg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'self';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://privatepagesupport.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: it-IT,it;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'nonce-ArBDeM6PAxUPPrc8d2lMXg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'self';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 24 Nov 2023 12:27:52 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame 7F3C 55 KB
24 KB 87ms
29ms Stylesheet
text/css 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeP0L8oAAAAADsQGr5CNOeKUdytWn_YDK3yvpll&co=aHR0cHM6Ly9wcml2YXRlcGFnZXN1cHBvcnQubmV0OjQ0Mw..&hl=it&type=image&v=-QbJqHfGOUB8nuVRLvzFLVed&theme=light&size=invisible&badge=bottomright&cb=2wyp9d9mjj1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 24 Nov 2023 11:25:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3768
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 23 Nov 2024 11:25:05 GMT

GET
H3 200 recaptcha__it.js Show response
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame 7F3C 467 KB
187 KB 72ms
29ms Script
text/javascript 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__it.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

eb1371492a89bc275ca743e324e4f46587b31f89e99d14c686a59e88829a903c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 17 Nov 2023 20:50:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 574653
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 191854
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 16 Nov 2024 20:50:20 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 7F3C 2 KB
2 KB 28ms
28ms Image
image/png 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 20 Nov 2023 20:04:28 GMT
x-content-type-options: nosniff
age: 318205
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Mon, 27 Nov 2023 20:04:28 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 7F3C 10 KB
11 KB 92ms
28ms Font
font/woff2 142.250.185.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f3.1e100.net

Software

sffe /

Resource Hash

4352380f92ce7f9a4a4a23306b992bed10055dbfffe90987cc72083e583fc280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Sat, 18 Nov 2023 08:30:50 GMT
x-content-type-options: nosniff
age: 532623
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10748
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:51 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 17 Nov 2024 08:30:50 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 7F3C 11 KB
11 KB 95ms
31ms Font
font/woff2 142.250.185.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f3.1e100.net

Software

sffe /

Resource Hash

b79781efede37903be212fcdf63955e41c8649e678b6b83adf824459d240a188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 24 Nov 2023 02:37:44 GMT
x-content-type-options: nosniff
age: 35409
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10788
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 02:37:44 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 7F3C 102 B
135 B 45ms
45ms Other
text/javascript 142.250.186.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=it&v=-QbJqHfGOUB8nuVRLvzFLVed

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f4.1e100.net

Software

GSE /

Resource Hash

499c12ccdea55292125e16faa6b7c68071af01b46555b0cab8dfcf1a92651c1b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeP0L8oAAAAADsQGr5CNOeKUdytWn_YDK3yvpll&co=aHR0cHM6Ly9wcml2YXRlcGFnZXN1cHBvcnQubmV0OjQ0Mw..&hl=it&type=image&v=-QbJqHfGOUB8nuVRLvzFLVed&theme=light&size=invisible&badge=bottomright&cb=2wyp9d9mjj1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 24 Nov 2023 12:27:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Fri, 24 Nov 2023 12:27:53 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
privatepagesupport.net
www.google.com
www.gstatic.com
104.21.46.195
142.250.185.67
142.250.186.100
142.250.186.163
142.250.186.42
0c038058600a811b8a96de485a224bcc30eb673972fe39954075bcf70ce74e04
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
2896eb1b3e74c18a7ca5d78c74fb3a5d38710ab66fbd39b1b447ed2b23a8f6cf
289d99b21fae145c868238c0c499dcf8e84bea445b63e47e3406acfe98e20a34
2d40089ba61241a7b1a05cc52a200382c96a8d0e5d2285dab03663558760d71a
4352380f92ce7f9a4a4a23306b992bed10055dbfffe90987cc72083e583fc280
499c12ccdea55292125e16faa6b7c68071af01b46555b0cab8dfcf1a92651c1b
4a9e61d98a8def9f02459b4e1db10cc0b831b0cf07880656a868ff3e24ae5702
55717da5f0bc7b97c87e7abdc4e097054048bc1c23998d5cc4b83a960d691062
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
81b87c9a17e606b43d90e3768df284514fe57127cb17ae2d8585a78aa0b35a3d
b79781efede37903be212fcdf63955e41c8649e678b6b83adf824459d240a188
be41a11d97715baab9b3eeb8627f457b328b36275d83a88b5ffe40e147d51e0d
d6910fb69e3deebc69bfa0ecbbf59ef15d2d12cdd7cad973538b8c89286345a3
eb1371492a89bc275ca743e324e4f46587b31f89e99d14c686a59e88829a903c

privatepagesupport.net Open in urlscan Pro 104.21.46.195 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

0 %IPv6

4 Domains

5 Subdomains

5 IPs

2 Countries

636 kBTransfer

1453 kBSize

0 Cookies

0 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

0 Cookies

Indicators

privatepagesupport.net Open in urlscan Pro
104.21.46.195 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

636 kB
Transfer

1453 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!