20240328-dp7.pages.dev Open in urlscan Pro
2606:4700:310c::ac42:2c88 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://20240328-dp7.pages.dev/
Effective URL:
https://20240328-dp7.pages.dev/?wid=1732414347149
Submission Tags: threatview.io malwar3ninja rule: suspected phishing scam automated-submission Search All
Submission: On November 24 via api (November 24th 2024, 2:12:29 am UTC) from DE — Scanned from CA

Summary HTTP 18 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 18 HTTP transactions. The main IP is 2606:4700:310c::ac42:2c88, located in United States and belongs to CLOUDFLARENET, US. The main domain is 20240328-dp7.pages.dev.
TLS certificate: Issued by WE1 on November 19th 2024. Valid for: 3 months.

This is the only time 20240328-dp7.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 10	2606:4700:310... 2606:4700:310c::ac42:2c88	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	8.45.52.199 8.45.52.199	24429 (TAOBAO Zh...) (TAOBAO Zhejiang Taobao Network Co.)
2	163.181.66.240 163.181.66.240	24429 (TAOBAO Zh...) (TAOBAO Zhejiang Taobao Network Co.)
1	2408:8748:a10... 2408:8748:a102:2001:64::e	4837 (CHINA169-...) (CHINA169-BACKBONE CHINA UNICOM China169 Backbone)
1	47.246.23.229 47.246.23.229	24429 (TAOBAO Zh...) (TAOBAO Zhejiang Taobao Network Co.)
18	6

10 2606:4700:310c::ac42:2c88 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

20240328-dp7.pages.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.45.52.199 (United States)

ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)

unpkg.byted-static.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 163.181.66.240 (United States)

ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)

lf3-short.ibytedapm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2408:8748:a102:2001:64::e (China)

ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN)

mon.zijieapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 47.246.23.229 (United States)

ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)

sf3-cdn-tos.douyinstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	pages.dev 1 redirects 20240328-dp7.pages.dev	17 KB
2	ibytedapm.com lf3-short.ibytedapm.com — Cisco Umbrella Rank: 39985	26 KB
1	douyinstatic.com sf3-cdn-tos.douyinstatic.com — Cisco Umbrella Rank: 14238	9 KB
1	zijieapi.com mon.zijieapi.com — Cisco Umbrella Rank: 24563
1	byted-static.com unpkg.byted-static.com — Cisco Umbrella Rank: 113129	27 KB
0	bytedance.com Failed ttwid.bytedance.com Failed
18	6

	Domain	Requested by
10	20240328-dp7.pages.dev	1 redirects 20240328-dp7.pages.dev
2	lf3-short.ibytedapm.com	20240328-dp7.pages.dev lf3-short.ibytedapm.com
1	sf3-cdn-tos.douyinstatic.com
1	mon.zijieapi.com	lf3-short.ibytedapm.com
1	unpkg.byted-static.com	20240328-dp7.pages.dev
0	ttwid.bytedance.com Failed	lf3-short.ibytedapm.com
18	6

This site contains links to these domains. Also see Links.

Domain
www.cloudflare.com

Subject Issuer	Validity	Valid
20240328-dp7.pages.dev WE1	`2024-11-19` - `2025-02-17`	3 months	crt.sh
*.byted-static.com RapidSSL TLS RSA CA G1	`2024-05-21` - `2025-05-21`	a year	crt.sh
*.ibytedapm.com RapidSSL TLS RSA CA G1	`2024-05-21` - `2025-05-21`	a year	crt.sh
*.zijieapi.com RapidSSL TLS RSA CA G1	`2024-05-21` - `2025-05-21`	a year	crt.sh
*.douyinstatic.com RapidSSL TLS RSA CA G1	`2024-05-21` - `2025-05-20`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://20240328-dp7.pages.dev/?wid=1732414347149
Frame ID: 7429780F61D7F323E2965C9E248CF303
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Suspected phishing site | Cloudflare

Page URL History Show full URLs

http://20240328-dp7.pages.dev/ HTTP 307
https://20240328-dp7.pages.dev/ Page URL
https://20240328-dp7.pages.dev/cdn-cgi/phish-bypass?atok=ZIVUHr0MvWSAO.52o15jNwpwgPYJ17H9L79LZO8PqAY-173241... HTTP 301
https://20240328-dp7.pages.dev/ Page URL
https://20240328-dp7.pages.dev/?wid=1732414347149 Page URL

Page Statistics

18
Requests

78 %
HTTPS

40 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

79 kB
Transfer

240 kB
Size

2
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cloudflare.com/learning/access-management/phishing-attack/
Title: Learn More

Search URL Search Domain Scan URL

URL: https://www.cloudflare.com/5xx-error-landing
Title: Cloudflare

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://20240328-dp7.pages.dev/ HTTP 307
https://20240328-dp7.pages.dev/ Page URL
https://20240328-dp7.pages.dev/cdn-cgi/phish-bypass?atok=ZIVUHr0MvWSAO.52o15jNwpwgPYJ17H9L79LZO8PqAY-1732414335-0.0.1.1-%2F HTTP 301
https://20240328-dp7.pages.dev/ Page URL
https://20240328-dp7.pages.dev/?wid=1732414347149 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://20240328-dp7.pages.dev/ HTTP 307
https://20240328-dp7.pages.dev/

Request Chain 4

https://20240328-dp7.pages.dev/cdn-cgi/phish-bypass?atok=ZIVUHr0MvWSAO.52o15jNwpwgPYJ17H9L79LZO8PqAY-1732414335-0.0.1.1-%2F HTTP 301
https://20240328-dp7.pages.dev/

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

403

/ Show response
20240328-dp7.pages.dev/
Redirect Chain

http://20240328-dp7.pages.dev/
https://20240328-dp7.pages.dev/

4 KB
2 KB

202ms
53ms

Document
text/html

2606:4700:310c::ac42:2c88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://20240328-dp7.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2c88 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90ce6f820d2346718d917416e8ffa456f7622aedb05efc1c406fba065a0fc705

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cf-ray: 8e75df7d6ee69e02-EWR
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 24 Nov 2024 02:12:15 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zUTLucz64qKv8d9VFnGvQCz5tOehgfIJuyVAxGiow2fq3fS%2FcW9YZDbqqjA7APdme%2BBwn9V9UgBbIpag88aF6aMSvQoxcI7wev35H0nEz6IOUMc4uNN4eGFsMQxhnEpUnT4Je3SjawlBB26uu5JWH9ZqRPKK"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://20240328-dp7.pages.dev/
Non-Authoritative-Reason: HSTS

GET
H3 200 cf.errors.css
20240328-dp7.pages.dev/cdn-cgi/styles/ 23 KB
5 KB 46ms
44ms Stylesheet
text/css 2606:4700:310c::ac42:2c88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://20240328-dp7.pages.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: 20240328-dp7.pages.dev
URL: https://20240328-dp7.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2c88 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://20240328-dp7.pages.dev/

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
content-encoding: gzip
etag: W/"673dd3b7-5df3"
x-content-type-options: nosniff
cf-ray: 8e75df7ddf559e02-EWR
expires: Sun, 24 Nov 2024 04:12:15 GMT
date: Sun, 24 Nov 2024 02:12:15 GMT
content-type: text/css
last-modified: Wed, 20 Nov 2024 12:19:03 GMT
server: cloudflare
x-frame-options: DENY

GET
H3 200 icon-exclamation.png
20240328-dp7.pages.dev/cdn-cgi/images/ 452 B
635 B 56ms
56ms Image
image/png 2606:4700:310c::ac42:2c88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://20240328-dp7.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: 20240328-dp7.pages.dev
URL: https://20240328-dp7.pages.dev/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2c88 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://20240328-dp7.pages.dev/cdn-cgi/styles/cf.errors.css

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
etag: "673dd3b7-1c4"
x-content-type-options: nosniff
cf-ray: 8e75df7e3f929e02-EWR
expires: Sun, 24 Nov 2024 04:12:15 GMT
accept-ranges: bytes
content-length: 452
date: Sun, 24 Nov 2024 02:12:15 GMT
content-type: image/png
last-modified: Wed, 20 Nov 2024 12:19:03 GMT
server: cloudflare
x-frame-options: DENY

GET
H3 200 favicon.ico
20240328-dp7.pages.dev/ 1 KB
1 KB 1717ms
1716ms Other
image/x-icon 2606:4700:310c::ac42:2c88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://20240328-dp7.pages.dev/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:310c::ac42:2c88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9c304be5abfb9083f98491b7c91b40f4c441274d50219c71a7b9e5412409d0e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://20240328-dp7.pages.dev/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vkD7wLMh9xy%2BKllVlta3XFcBUYMHGqdpZYVppNbNKaownsiyGfNPRs4OiHyAcv1rrPRb5JrPdZWmlbtlBqvP1GREsDPh3CsZB2hzTtJ7b5m2T0g0A4fmbd9XnAgfOHL0mR9n5p9kyYCfHn1IDahaMSh0VnsF"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e75df7e8ffb9e02-EWR
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=51450&sent=22&recv=16&lost=0&retrans=0&sent_bytes=12011&recv_bytes=5631&delivery_rate=11351&cwnd=12000&unsent_bytes=0&cid=748808af426fc11d&ts=1911&x=1", cfHdrFlush;dur=0
content-length: 691
date: Sun, 24 Nov 2024 02:12:17 GMT
content-type: image/x-icon
last-modified: Sun, 24 Nov 2024 02:12:17 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3

200

/ Show response
20240328-dp7.pages.dev/
Redirect Chain

https://20240328-dp7.pages.dev/cdn-cgi/phish-bypass?atok=ZIVUHr0MvWSAO.52o15jNwpwgPYJ17H9L79LZO8PqAY-1732414335-0.0.1.1-%2F
https://20240328-dp7.pages.dev/

5 KB
6 KB

1032ms
1031ms

Document
text/html

2606:4700:310c::ac42:2c88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://20240328-dp7.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2c88 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70844598764cb0be6c7878ef442fac32d399ad5ea703b0a7d6abddca502d08a1

Security Headers

Name	Value
Content-Security-Policy	script-src 'unsafe-eval' 'wasm-unsafe-eval' 'report-sample' 'strict-dynamic' 'nonce-sYCRoNx5inE0IxlQZiT4y' .bytescm.com .bytednsdoc.com .ibytedapm.com .snssdk.com .yhgfb-cn-static.com .bytetos.com .byte-gslb.com .bytegoofy.com .bytecdn.cn .toutiaostatic.com;style-src 'self' 'unsafe-inline' .toutiaoimg.com .bdxiguaimg.com .bytescm.com .bytegoofy.com .douyinstatic.com .toutiao.com .toutiaostatic.com .bytedance.net cdn.bootcss.com;upgrade-insecure-requests;frame-ancestors 'self' .bytedance.net .snssdk.com shiqu.cn .shiqu.cn zhan.vivo.com wukong.vivo.com.cn .feishuapp.cn .toutiao.com .bytescm.com .jiyunhudong.com .bytedance.com *.feishu.cn;report-uri https://mon.zijieapi.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=toutiao_web_pc;report-to main-endpoint
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://20240328-dp7.pages.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8e75df9c3ee69e02-EWR
content-encoding: br
content-security-policy: script-src 'unsafe-eval' 'wasm-unsafe-eval' 'report-sample' 'strict-dynamic' 'nonce-sYCRoNx5inE0IxlQZiT4y' *.bytescm.com *.bytednsdoc.com *.ibytedapm.com *.snssdk.com *.yhgfb-cn-static.com *.bytetos.com *.byte-gslb.com *.bytegoofy.com *.bytecdn.cn *.toutiaostatic.com;style-src 'self' 'unsafe-inline' *.toutiaoimg.com *.bdxiguaimg.com *.bytescm.com *.bytegoofy.com *.douyinstatic.com *.toutiao.com *.toutiaostatic.com *.bytedance.net cdn.bootcss.com;upgrade-insecure-requests;frame-ancestors 'self' *.bytedance.net *.snssdk.com shiqu.cn *.shiqu.cn zhan.vivo.com wukong.vivo.com.cn *.feishuapp.cn *.toutiao.com *.bytescm.com *.jiyunhudong.com *.bytedance.com *.feishu.cn;report-uri https://mon.zijieapi.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=toutiao_web_pc;report-to main-endpoint
content-security-policy-report-only: script-src 'unsafe-eval' 'wasm-unsafe-eval' 'report-sample' 'strict-dynamic' 'nonce-sYCRoNx5inE0IxlQZiT4y' *.bytescm.com *.bytednsdoc.com *.ibytedapm.com *.snssdk.com *.yhgfb-cn-static.com *.bytetos.com *.byte-gslb.com *.bytegoofy.com *.bytecdn.cn *.toutiaostatic.com;style-src 'self' 'unsafe-inline' *.toutiaoimg.com *.bdxiguaimg.com *.bytescm.com *.bytegoofy.com *.douyinstatic.com *.toutiao.com *.toutiaostatic.com *.bytedance.net cdn.bootcss.com;connect-src 'self' wss: ws: data: blob: http://localhost:* toutiao.govwza.cn *.bytedance.net *.bytedance.com *.snssdk.com *.toutiaostatic.com *.bytescm.com *.toutiao.com *.bytetcc.com *.zijieapi.com *.yhgfb-cn-static.com *.toutiaovod.com *.bytednsdoc.com *.ibytedapm.com *.bytedanceapi.com *.google-analytics.com *.douyinstatic.com *.douyinvod.com *.bytegoofy.com *.bytetos.com *.toutiaoimg.com *.huoshanstatic.com *.idouyinvod.com:* *.volcsiriusbd.com:* *.volcsirius.com:* *.tt.x.bsgslb.cn:* *.dy.zzcdnx.com:* *.qc.bsccdn.net:* *.smtcdns.com:* *.ugslb.com:* *.livehwc3.cn:* *.smtcdns.net:* *.bytefcdnrd.com:* *.ksyungslb.com:* *.ksyungslb2.com:* *.ourdvsss.com:* *.tbcache.com:* *.jomodns.com:* *.douyincdn.com:* *.ixigua.com:* *.bdxigualive.com:* *.pstatp.com:* *.douyinliving.com:* *.picovr.com:* *.huoshanlive.com:* *.ihuoshanlive.com:* *.volccdn.com:* *.bestv.com.cn:* *.bytefcdn.com:* *.qnqcdn.net:* *.jomoxc.com *.jomoxd.com *.a.bdycdn.cn *.hiecheimaetu.com:* *.ppio.cloud:* *.weilayun.com:* *.saxysec.com:* *.saxyit.com:* *.saxydc.com:* *.sjxysec.com:* *.sjxydc.com:* *.vegslb.com:*;upgrade-insecure-requests;frame-ancestors 'self' *.bytedance.net *.snssdk.com shiqu.cn *.shiqu.cn zhan.vivo.com wukong.vivo.com.cn *.feishuapp.cn *.toutiao.com *.bytescm.com *.jiyunhudong.com *.bytedance.com *.feishu.cn;report-uri https://mon.zijieapi.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=toutiao_web_pc;report-to main-endpoint
content-type: text/html; charset=utf-8
date: Sun, 24 Nov 2024 02:12:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XANufRIqOt93OVFYQT58YiSXj1c%2BYgcHNGtcabk6d8neDyouaoNvRiPHQ421R7i090XgC2jZH%2FrqTZW3d%2ByL5O3LVgN0PwfDWun4ZBpd1Q0nt4RxiP%2BG5uZjFOUIUHYbl%2F3w09SgLoDN3aBAPrBmCHJSml57"}],"group":"cf-nel","max_age":604800}
reporting-endpoints: main-endpoint="https://mon.zijieapi.com/monitor_browser/collect/batch/security/?bid=toutiao_web_pc", default="https://mon.zijieapi.com/monitor_browser/collect/batch/security/?bid=toutiao_web_pc"
server: cloudflare
server-timing: cdn-cache; desc=MISS, edge; dur=805, origin; dur=50 inner; dur=34,tt_agw; dur=24 cfL4;desc="?proto=QUIC&rtt=50754&sent=28&recv=21&lost=0&retrans=0&sent_bytes=13867&recv_bytes=6707&delivery_rate=386&cwnd=12000&unsent_bytes=0&cid=748808af426fc11d&ts=5972&x=1" cfHdrFlush;dur=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-agw-info: QCeO7B6XGf9hzfwLfEQMxB0uaDuntW_661Oqz0pmU_7BRfuBQOuSc6FSVE1jAmqzLiNFe226m6EAZ7sKJnXBknD6SGwmFTVyHSME7nq7_4WuBlB29rTk1piL0MKd9evd5JhZn2BlgrK9Vb9gUSqU2cQc_iRQrEAr0cgRXw==
x-akamai-request-id: 422aa8b.12e3e543
x-cache: TCP_MISS from a23-55-235-215.deploy.akamaitechnologies.com (AkamaiGHost/11.7.1-5564540792473a75b19a89fcf1e2a34b) (-)
x-cache-remote: TCP_MISS from a60-210-22-167.deploy.akamaitechnologies.com (AkamaiGHost/11.7.1-5564540792473a75b19a89fcf1e2a34b) (-)
x-content-type-options: nosniff
x-download-options: noopen
x-origin-response-time: 50,60.210.22.167
x-parent-response-time: 855,23.55.235.215
x-tt-agw-login: 0
x-tt-logid: 20241124101221FBB2CB789174AF241F5C
x-tt-trace-host: 01ae3485c412db67097a2fefa88ba0f9722f266b940ffe2ecb4b5aba607358a57c221b0671c93e0cface7bafecae896dc0935e64949766490203547c93c96a2b6b13fa96a93073f94e36b919deb7604e026172dbd0e0536f78e25deeaab268e0b5b53d357eac17081a058b133614865fd54013afe849c50939e5c685b62ac9d058
x-tt-trace-id: 00-241124101221FBB2CB789174AF241F5C-5E6D3E46739952B2-00
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-xss-protection: 1; mode=block

Redirect headers

cache-control: private, no-cache
cf-ray: 8e75df9bee7f9e02-EWR
content-length: 167
content-type: text/html
date: Sun, 24 Nov 2024 02:12:20 GMT
location: https://20240328-dp7.pages.dev/
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 index.umd.production.js Show response
unpkg.byted-static.com/byted-ucenter/ttwid-js/1.0.1/dist/ 102 KB
27 KB 2681ms
178ms Script
application/javascript 8.45.52.199
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to

Full URL: https://unpkg.byted-static.com/byted-ucenter/ttwid-js/1.0.1/dist/index.umd.production.js
Requested by: Host: 20240328-dp7.pages.dev
URL: https://20240328-dp7.pages.dev/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 8.45.52.199 , United States, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software: Tengine /
Resource Hash: 8ca93806242fcf868f434ee49ae71ec7c72e86a8f946f42567a0746cd5b1491a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://20240328-dp7.pages.dev/

Response headers

x-request-ip: fdbd:dc02:22:211::136
content-md5: tSH+3Yv8+H8EPSD59VGDlw==
x-bdcdn-cache-status: TCP_HIT
content-encoding: gzip
etag: W/"b521fedd8bfcf87f043d20f9f5518397"
age: 1985199
x-tos-request-id: 65324d239ce72fd367239ce7-a891049-a804522
server-timing: cdn-cache;desc=HIT,edge;dur=1
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
date: Fri, 01 Nov 2024 02:45:45 GMT
x-kfc-cachekey: http://pinner-imgserver.byted.org/unpkg/byted-ucenter/ttwid-js/1.0.1/dist/index.umd.production.js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 29 Mar 2022 14:33:02 GMT
x-tos-storage-class: STANDARD
x-tt-trace-host: 014fe3fa52c8c52b39d992b38f59c8672c20b4335ebf89fa4a2fb6274ca8e06d7162b13596ae0f5079838293af3fa68a98302342ebe7fd203af60f63b783750a47a6f985c292e2a671409dcec5ae2b5c357ccdaa5dd05f5fa99da6ae9b65f0852c
cache-control: max-age=3153600
x-swift-cachetime: 3153600
timing-allow-origin: *
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
via: n128-137-165, cache6.l2us2[194,193,304-0,H], cache31.l2us2[195,0], ens-cache6.us19[0,0,200-0,H], ens-cache17.us19[1,0]
ali-swift-global-savetime: 1730429145
x-tos-response-time: Thu, 31 Oct 2024 15:06:15 GMT
x-swift-savetime: Fri, 01 Nov 2024 02:45:45 GMT
access-control-allow-origin: *
x-tt-trace-id: 00-2411011045452E5EFF73740BECFEC9E6-33946F454FEF9343-00
eagleid: 082d34a517324143441988248e
x-response-cache: edge_hit
server: Tengine
x-response-cinfo: fdbd:dc02:22:211::136
x-tt-logid: 202411011045452E5EFF73740BECFEC9E6

GET
H2 200 browser.cn.js Show response
lf3-short.ibytedapm.com/slardar/fe/sdk-web/ 43 KB
16 KB 1031ms
147ms Script
application/javascript 163.181.66.240
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to

Full URL: https://lf3-short.ibytedapm.com/slardar/fe/sdk-web/browser.cn.js?bid=toutiao_web_pc&globalName=Slardar
Requested by: Host: 20240328-dp7.pages.dev
URL: https://20240328-dp7.pages.dev/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 163.181.66.240 , United States, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software: Tengine /
Resource Hash: 69ca6d77ca4dcceb2d2c4ab97718971aa6b0bb61c3d820089f1883b0c00cc8a4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://20240328-dp7.pages.dev
Referer: https://20240328-dp7.pages.dev/

Response headers

content-md5: BesFGkkvlNEDerGUqG2Mpw==
content-encoding: br
etag: W/"05eb051a492f94d1037ab194a86d8ca7"
age: 187
x-tos-request-id: 754669428acbbc5e67428acb-a9b4a1d
server-timing: cdn-cache;desc=HIT,edge;dur=2
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
content-type: application/javascript
last-modified: Thu, 21 Nov 2024 06:09:45 GMT
x-server: goofy
x-tt-trace-host: 010c01acba7286f6e0e5de25c9b7854ae8992ea19cf14ed18340c0be5eceef20b66f887ea88f4607cc39ca5bf525b50984d2f27de27cf0de53754431c3f1c1086541bd7fa1d6d0e54bac666cd26c22183a2cf78d05eed53456fcace842e694229d
cache-control: max-age=300
access-control-request-methods: OPTIONS, HEAD, GET
x-swift-cachetime: 300
ali-swift-global-savetime: 1732414155
x-swift-savetime: Sun, 24 Nov 2024 02:09:15 GMT
x-tt-trace-id: 00-241124100915B279F5738E7C1EEC6EEE-4C2CD10B54AC2553-00
content-length: 15780
eagleid: a3b5429817324143425304100e
x-response-cache: edge_hit
server: Tengine
access-control-allow-methods: OPTIONS, HEAD, GET
date: Sun, 24 Nov 2024 02:09:15 GMT
x-tos-storage-class: STANDARD
vary: Accept-Encoding
timing-allow-origin: *
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
via: ens-cache11.l2us3[312,85,304-0,C], ens-cache11.l2us3[86,0], ens-cache2.us30[0,0,200-0,H], ens-cache4.us30[2,0]
x-tos-response-time: Sun, 24 Nov 2024 02:09:15 GMT
x-tos-hash-crc64ecma: 11649619949111119170
access-control-allow-origin: *
x-tt-logid: 20241124100915B279F5738E7C1EEC6EEE

OPTIONS
H2 200 browser-settings
mon.zijieapi.com/monitor_web/settings/ 0
0 4242ms
450ms Preflight
application/json 2408:8748:a102:2001:64::e
CHINA169-BACKBONE...

General

Check archive.org

Show headers Download Go to

Full URL: https://mon.zijieapi.com/monitor_web/settings/browser-settings?bid=toutiao_web_pc&store=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2408:8748:a102:2001:64::e , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software: TLB /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://20240328-dp7.pages.dev
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-origin: https://20240328-dp7.pages.dev
access-control-max-age: 600
access-control-request-method: POST,GET,OPTIONS
cache-control: public, max-age=600
content-encoding: br
content-type: application/json; charset=utf-8
date: Sun, 24 Nov 2024 02:12:26 GMT
server: TLB
server-timing: inner; dur=12 cdn-cache;desc=miss, edge;dur=1, origin;dur=65
vary: Accept-Encoding Origin
x-tt-logid: 20241124101226B84E192F46374C1B24BD
x-tt-trace-host: 017182303f33667bdffaee3d51ce3680e5db5cc5ffa5d5b2f04f7cf92f6f6fa0c3e895882c8590eaec15ab3c16312994ad8b105d9513aac0b445767da1be777a728d28dbea799254bb9e42d626e5d057f7d8eb725c4b8f4714199942affa05c26be5d9b8ca6467b5451d47ac987c756b5b5fb77db783e11c882800875c9944314a
x-tt-trace-id: 00-241124101226B84E192F46374C1B24BD-3508CA234998CBE3-00
x-tt-trace-tag: id=11;cdn-cache=miss;type=dyn

GET browser-settings
mon.zijieapi.com/monitor_web/settings/ 0
0

POST /
ttwid.bytedance.com/ttwid/union/register/ 0
0

GET
H2 200 common-monitors.1.14.1.js Show response
lf3-short.ibytedapm.com/slardar/fe/sdk-web/plugins/ 23 KB
10 KB 106ms
105ms Script
application/javascript 163.181.66.240
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to

Full URL: https://lf3-short.ibytedapm.com/slardar/fe/sdk-web/plugins/common-monitors.1.14.1.js
Requested by: Host: lf3-short.ibytedapm.com
URL: https://lf3-short.ibytedapm.com/slardar/fe/sdk-web/browser.cn.js?bid=toutiao_web_pc&globalName=Slardar
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 163.181.66.240 , United States, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software: Tengine /
Resource Hash: 0fc080cd485b4e2f53ba8058bc21fb2d13e7aab8c1b933e16b2eab622b2ec1a6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://20240328-dp7.pages.dev
Referer: https://20240328-dp7.pages.dev/

Response headers

content-md5: PDIJt+aHotOQA8cqCpyxRA==
content-encoding: br
etag: W/"3c3209b7e687a2d39003c72a0a9cb144"
age: 285
x-tos-request-id: e3d737428a6b376b67428a6b-a922c2f
server-timing: cdn-cache;desc=HIT,edge;dur=1
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
content-type: application/javascript
last-modified: Thu, 21 Nov 2024 06:09:45 GMT
x-server: goofy
x-tt-trace-host: 01ba829a2d635ea427e29fd5c59350b1ea6642b6372417d0f44a4c4972d272db1c145b2eeeb0d24efec2ef13073576821152141cd72ccb5320eeb779a6fcec195312bd9efa2a576e000953635f0c3b713cda7f6f7a4606797fdf1f5c5bd6bfcba1
cache-control: max-age=300
access-control-request-methods: OPTIONS, HEAD, GET
x-swift-cachetime: 300
ali-swift-global-savetime: 1732414059
x-swift-savetime: Sun, 24 Nov 2024 02:07:39 GMT
x-tt-trace-id: 00-24112410073997C58210720C62472B86-4D6955906928C796-00
content-length: 9291
eagleid: a3b5429817324143442927647e
x-response-cache: edge_hit
server: Tengine
access-control-allow-methods: OPTIONS, HEAD, GET
date: Sun, 24 Nov 2024 02:07:39 GMT
x-tos-storage-class: STANDARD
vary: Accept-Encoding
timing-allow-origin: *
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
via: ens-cache9.l2us3[273,273,304-0,M], ens-cache21.l2us3[274,0], ens-cache9.us30[0,0,200-0,H], ens-cache4.us30[1,0]
x-tos-response-time: Sun, 24 Nov 2024 02:07:39 GMT
x-tos-hash-crc64ecma: 1467762376278308747
access-control-allow-origin: *
x-tt-logid: 2024112410073997C58210720C62472B86

GET
H2 200 toutiao_favicon.ico
sf3-cdn-tos.douyinstatic.com/obj/eden-cn/uhbfnupkbps/ 8 KB
9 KB 1413ms
208ms Other
image/vnd.microsoft.icon 47.246.23.229
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to

Full URL: https://sf3-cdn-tos.douyinstatic.com/obj/eden-cn/uhbfnupkbps/toutiao_favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 47.246.23.229 , United States, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software: Tengine /
Resource Hash: dc7b9705741e9fbc9a1a201cdc29d5e4de01329d09403df0a537f3c9599e0f85

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://20240328-dp7.pages.dev/

Response headers

x-request-ip: fdbd:dc03:11:546::68
content-md5: bSQP3ZBtDIvp/g12+a/ZIA==
x-bdcdn-cache-status: TCP_HIT
etag: "6d240fdd906d0c8be9fe0d76f9afd920"
age: 1629491
x-tos-request-id: 9d821227326c5b226727326c-a9e9124-a181885
server-timing: cdn-cache;desc=HIT,edge;dur=2
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
content-type: image/vnd.microsoft.icon
last-modified: Fri, 13 May 2022 02:54:54 GMT
x-tt-trace-host: 01e8fa50ddf3cbe2ef0d890a5de78ab5cc21560b41859be183fd3d21efceec99463c82c220a78991ff04e86ee1815e91cf0408c0f4199ce75d068bcb666fc378288f4b77dc87669f6dd057e1c283d35b7f2200bee7999b1cfe8dc6f14f34c0bb5e
cache-control: max-age=2592000
x-swift-cachetime: 2538811
ali-swift-global-savetime: 1730784854
x-swift-savetime: Tue, 05 Nov 2024 20:20:43 GMT
accept-ranges: bytes
x-tt-trace-id: 00-241105133414F06A73E802D59070F047-45844DA53FE787D5-00
content-length: 7888
eagleid: 2ff6179917324143455878520e
x-response-cache: edge_hit
server: Tengine
x-response-cinfo: 166.0.205.186
access-control-allow-methods: GET, POST, OPTIONS, HEAD
date: Tue, 05 Nov 2024 05:34:14 GMT
x-kfc-cachekey: http://sf3-cdn-tos.douyinstatic.com/eden-cn/uhbfnupkbps/toutiao_favicon.ico
x-tos-storage-class: STANDARD
access-control-allow-headers: *
timing-allow-origin: *
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
via: fdbd:dc02:24:10a::33, cache3.l2us2[0,0,304-0,H], cache18.l2us2[1,0], cache18.l2us2[1,0], ens-cache4.us22[0,0,200-0,H], ens-cache5.us22[2,0]
x-tos-response-time: Sun, 03 Nov 2024 08:21:00 GMT
access-control-allow-origin: *
x-tt-logid: 20241105133414F06A73E802D59070F047

POST /
ttwid.bytedance.com/ttwid/union/register/ 0
0

GET
H3 403 Primary Request / Show response
20240328-dp7.pages.dev/ 4 KB
2 KB 163ms
162ms Document
text/html 2606:4700:310c::ac42:2c88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://20240328-dp7.pages.dev/?wid=1732414347149

Requested by

Host: 20240328-dp7.pages.dev
URL: https://20240328-dp7.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2c88 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d0001158ef52a41575d3589f50a233d1a5af524ad8491961372e04acec3b606

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://20240328-dp7.pages.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cf-ray: 8e75dfc5ec289e02-EWR
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 24 Nov 2024 02:12:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SzMir1cgW3EsnUQnrdWlo9yJBcn5YWMjQCOGX17Sow7EfWkoz8V8O5Ud8Awn05nVuSzc53CwFXMaW0bvkIiOXUQUisDt3ouMcfOModc757UdUmXjzz7ESLzAcsD5MgyWDHGvqvEQ5%2Fgf51n4Hyl5YKoI0%2FyS"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H3 200 cf.errors.css
20240328-dp7.pages.dev/cdn-cgi/styles/ 23 KB
0 0ms
0ms Stylesheet
text/css 2606:4700:310c::ac42:2c88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://20240328-dp7.pages.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: 20240328-dp7.pages.dev
URL: https://20240328-dp7.pages.dev/?wid=1732414347149

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2c88 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://20240328-dp7.pages.dev/?wid=1732414347149

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
content-encoding: gzip
etag: W/"673dd3b7-5df3"
x-content-type-options: nosniff
cf-ray: 8e75df7ddf559e02-EWR
expires: Sun, 24 Nov 2024 04:12:15 GMT
date: Sun, 24 Nov 2024 02:12:15 GMT
content-type: text/css
last-modified: Wed, 20 Nov 2024 12:19:03 GMT
server: cloudflare
x-frame-options: DENY

GET
H3 200 icon-exclamation.png
20240328-dp7.pages.dev/cdn-cgi/images/ 452 B
0 0ms
0ms Image
image/png 2606:4700:310c::ac42:2c88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://20240328-dp7.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: 20240328-dp7.pages.dev
URL: https://20240328-dp7.pages.dev/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2c88 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://20240328-dp7.pages.dev/cdn-cgi/styles/cf.errors.css

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
etag: "673dd3b7-1c4"
x-content-type-options: nosniff
cf-ray: 8e75df7e3f929e02-EWR
expires: Sun, 24 Nov 2024 04:12:15 GMT
accept-ranges: bytes
content-length: 452
date: Sun, 24 Nov 2024 02:12:15 GMT
content-type: image/png
last-modified: Wed, 20 Nov 2024 12:19:03 GMT
server: cloudflare
x-frame-options: DENY

GET
H3 200 favicon.ico
20240328-dp7.pages.dev/ 1 KB
605 B 78ms
77ms Other
image/x-icon 2606:4700:310c::ac42:2c88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://20240328-dp7.pages.dev/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:310c::ac42:2c88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9c304be5abfb9083f98491b7c91b40f4c441274d50219c71a7b9e5412409d0e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://20240328-dp7.pages.dev/?wid=1732414347149

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
age: 10
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3anrzkhA2BU3GXaJ5RkuEq5ck74tz%2BC1aRDCSzQ1ctG0FBqznrXegCXUhnf%2FJa7mcIDEKbrZ%2Fqdvb8MIYqtD0CERXcSOIEPmf7nEQCKG%2BK%2FudNiGkNXWY6tteHvtxdvSfxksgZfJwOXjtPo0EzVI4wSQlcGD"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e75dfc70d299e02-EWR
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=66472&sent=43&recv=30&lost=0&retrans=1&sent_bytes=23311&recv_bytes=7940&delivery_rate=22713&cwnd=12000&unsent_bytes=0&cid=748808af426fc11d&ts=11861&x=1", cfHdrFlush;dur=0
content-length: 691
date: Sun, 24 Nov 2024 02:12:27 GMT
last-modified: Sun, 24 Nov 2024 02:12:17 GMT
vary: Accept-Encoding
server: cloudflare
content-type: image/x-icon

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: mon.zijieapi.com
URL: https://mon.zijieapi.com/monitor_web/settings/browser-settings?bid=toutiao_web_pc&store=1

Domain: ttwid.bytedance.com
URL: https://ttwid.bytedance.com/ttwid/union/register/

Domain: ttwid.bytedance.com
URL: https://ttwid.bytedance.com/ttwid/union/register/

Domain: ttwid.bytedance.com
URL: https://ttwid.bytedance.com/ttwid/union/register/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _cf_translation

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.20240328-dp7.pages.dev/	1970-01-21 01:15:00	Name: __cf_mw_byp Value: ZIVUHr0MvWSAO.52o15jNwpwgPYJ17H9L79LZO8PqAY-1732414335-0.0.1.1-/
			.bytedance.com/	1970-01-21 09:59:10	Name: ttwid Value: 1%7CYpbgB-U1ixWDMQAF6AZnMm-QLXnyouBCkNYAv49oXFs%7C1732414346%7C928f744e94b30b4fa38f0d090a832912cf92a2222516d173b7c80fdc35cb4a56

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://20240328-dp7.pages.dev/ Message: Failed to load resource: the server responded with a status of 403 ()
security	error	URL: https://20240328-dp7.pages.dev/ Message: The Content Security Policy directive 'upgrade-insecure-requests' is ignored when delivered in a report-only policy.
javascript	error	URL: https://20240328-dp7.pages.dev/ Message: Access to XMLHttpRequest at 'https://ttwid.bytedance.com/ttwid/union/register/' from origin 'https://20240328-dp7.pages.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://ttwid.bytedance.com/ttwid/union/register/ Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://20240328-dp7.pages.dev/ Message: Access to XMLHttpRequest at 'https://ttwid.bytedance.com/ttwid/union/register/' from origin 'https://20240328-dp7.pages.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://ttwid.bytedance.com/ttwid/union/register/ Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://20240328-dp7.pages.dev/ Message: Access to XMLHttpRequest at 'https://ttwid.bytedance.com/ttwid/union/register/' from origin 'https://20240328-dp7.pages.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://ttwid.bytedance.com/ttwid/union/register/ Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://20240328-dp7.pages.dev/?wid=1732414347149 Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20240328-dp7.pages.dev
lf3-short.ibytedapm.com
mon.zijieapi.com
sf3-cdn-tos.douyinstatic.com
ttwid.bytedance.com
unpkg.byted-static.com
mon.zijieapi.com
ttwid.bytedance.com
163.181.66.240
2408:8748:a102:2001:64::e
2606:4700:310c::ac42:2c88
47.246.23.229
8.45.52.199
0fc080cd485b4e2f53ba8058bc21fb2d13e7aab8c1b933e16b2eab622b2ec1a6
2d0001158ef52a41575d3589f50a233d1a5af524ad8491961372e04acec3b606
69ca6d77ca4dcceb2d2c4ab97718971aa6b0bb61c3d820089f1883b0c00cc8a4
70844598764cb0be6c7878ef442fac32d399ad5ea703b0a7d6abddca502d08a1
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
8ca93806242fcf868f434ee49ae71ec7c72e86a8f946f42567a0746cd5b1491a
90ce6f820d2346718d917416e8ffa456f7622aedb05efc1c406fba065a0fc705
d9c304be5abfb9083f98491b7c91b40f4c441274d50219c71a7b9e5412409d0e
dc7b9705741e9fbc9a1a201cdc29d5e4de01329d09403df0a537f3c9599e0f85
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

20240328-dp7.pages.dev Open in urlscan Pro 2606:4700:310c::ac42:2c88 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

18 Requests

78 %HTTPS

40 %IPv6

6 Domains

6 Subdomains

6 IPs

2 Countries

79 kBTransfer

240 kBSize

2 Cookies

2 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

2 Cookies

9 Console Messages

Security Headers

Indicators

20240328-dp7.pages.dev Open in urlscan Pro
2606:4700:310c::ac42:2c88 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

78 %
HTTPS

40 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

79 kB
Transfer

240 kB
Size

2
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!