privatepagesupport.net Open in urlscan Pro
2606:4700:3035::6815:2ec3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://privatepagesupport.net/business-help-center
Submission: On November 28 via manual (November 28th 2023, 5:17:00 pm UTC) from US — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 16 HTTP transactions. The main IP is 2606:4700:3035::6815:2ec3, located in United States and belongs to CLOUDFLARENET, US. The main domain is privatepagesupport.net.
TLS certificate: Issued by E1 on October 17th 2023. Valid for: 3 months.

This is the only time privatepagesupport.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
6	2606:4700:303... 2606:4700:3035::6815:2ec3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
16	5

6 2606:4700:3035::6815:2ec3 (United States)

ASN13335 (CLOUDFLARENET, US)

privatepagesupport.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	gstatic.com www.gstatic.com fonts.gstatic.com	433 KB
6	privatepagesupport.net privatepagesupport.net	177 KB
3	google.com www.google.com — Cisco Umbrella Rank: 2	35 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	996 B
16	4

	Domain	Requested by
6	privatepagesupport.net	privatepagesupport.net
4	www.gstatic.com	www.google.com www.gstatic.com
3	www.google.com	privatepagesupport.net www.google.com
2	fonts.gstatic.com	www.google.com
1	fonts.googleapis.com	privatepagesupport.net
16	5

This site contains no links.

Subject Issuer	Validity	Valid
privatepagesupport.net E1	`2023-10-17` - `2024-01-15`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://privatepagesupport.net/business-help-center
Frame ID: 13AE074C58C50513C53D72FF2708EA9B
Requests: 9 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeP0L8oAAAAADsQGr5CNOeKUdytWn_YDK3yvpll&co=aHR0cHM6Ly9wcml2YXRlcGFnZXN1cHBvcnQubmV0OjQ0Mw..&hl=de&type=image&v=-QbJqHfGOUB8nuVRLvzFLVed&theme=light&size=invisible&badge=bottomright&cb=f7b6rovhawx5
Frame ID: C86670CD4528A12E4E44B0FA593CC799
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Privacy Policy

Detected technologies

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

16
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

646 kB
Transfer

1466 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request business-help-center Show response
privatepagesupport.net/ 458 B
693 B 704ms
658ms Document
text/html 2606:4700:3035::6815:2ec3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://privatepagesupport.net/business-help-center
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:2ec3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d40089ba61241a7b1a05cc52a200382c96a8d0e5d2285dab03663558760d71a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 82d442e78bdb19af-FRA
content-encoding: br
content-type: text/html
date: Tue, 28 Nov 2023 17:16:54 GMT
last-modified: Mon, 23 Oct 2023 06:36:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YHw%2FfsTdREPRghPsQljV29fePFXyYI13wkMFl%2FmJEHbhitkDGjgDnyb%2BvFc0WfU3TCRcZciID1EdzX4xP%2FFtI24sSLG9sMy97nXHywTbiMnSTcpz9wv2MaG9CuwX8V4y1UJ1YsYY2Hm67r%2FaShWFLgfXXNuk"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 index-1817e2a8.js Show response
privatepagesupport.net/assets/ 270 KB
90 KB 520ms
519ms Script
application/javascript 2606:4700:3035::6815:2ec3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://privatepagesupport.net/assets/index-1817e2a8.js
Requested by: Host: privatepagesupport.net
URL: https://privatepagesupport.net/business-help-center
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:2ec3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d6910fb69e3deebc69bfa0ecbbf59ef15d2d12cdd7cad973538b8c89286345a3

Request headers

Referer: https://privatepagesupport.net/business-help-center
Origin: https://privatepagesupport.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:16:55 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Mon, 23 Oct 2023 06:36:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65361483-4390c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D5O78n8CvaQGKn2rbjvsjaOm4ZthenIZWG4dt6Qq8Xp2nFUM%2FCoMJ3abogxGaOPBvA%2FbY%2BZjBTU1GbQaSRkpR5yC6od8m18K72yaW%2FGKuo3JucSJXVxAUWkaWtjZynVYMC1vKSnzgdWV1TAuAzClVNgKKI04"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 82d442ebaa7d19af-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 index-2896eb1b.css
privatepagesupport.net/assets/ 9 KB
3 KB 508ms
508ms Stylesheet
text/css 2606:4700:3035::6815:2ec3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://privatepagesupport.net/assets/index-2896eb1b.css
Requested by: Host: privatepagesupport.net
URL: https://privatepagesupport.net/business-help-center
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:2ec3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2896eb1b3e74c18a7ca5d78c74fb3a5d38710ab66fbd39b1b447ed2b23a8f6cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://privatepagesupport.net/business-help-center
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:16:55 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Mon, 23 Oct 2023 06:36:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65361483-2373"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DHkGAjHeng0UT6zte9qZ0hS5f3whG8W9QY41d4HYtV1pArqcUtq%2FP8%2Flr%2FUfNAIH7ju4xxNdiK9Ns2Vh8GsYa7MZ7eSOwOaF9iDFcqFEDKzu4oLVbsWXouL6Hm4MzWrCmxWv0w08cKRxTi66j4jniKA9XcC8"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 82d442ebaa7919af-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
996 B 40ms
18ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@300&display=swap

Requested by

Host: privatepagesupport.net
URL: https://privatepagesupport.net/assets/index-2896eb1b.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2e32c476f8c66151541b113edf89560601e02f8b21d559bd1ee880e8337c57d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://privatepagesupport.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 28 Nov 2023 17:16:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 16:24:08 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 28 Nov 2023 17:16:55 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 1 KB
1 KB 40ms
18ms Script
text/javascript 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit

Requested by

Host: privatepagesupport.net
URL: https://privatepagesupport.net/assets/index-1817e2a8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5d01fc2497363c70614d58d06c3566432089530f7f7ba7ee231d4a8c1ecd5903

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://privatepagesupport.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:16:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 28 Nov 2023 17:16:55 GMT

GET
H3 200 metalogo-0c038058.svg
privatepagesupport.net/assets/ 4 KB
2 KB 657ms
657ms Image
image/svg+xml 2606:4700:3035::6815:2ec3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://privatepagesupport.net/assets/metalogo-0c038058.svg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:2ec3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c038058600a811b8a96de485a224bcc30eb673972fe39954075bcf70ce74e04

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://privatepagesupport.net/business-help-center
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:16:56 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Mon, 23 Oct 2023 06:36:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65361483-eba"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FCJlqekT8IIAKG6nOusoJD6AIBDR8X1XB6C1qRTfX2gn8wLSd4E6DVPdKEI96XaOheIaAdanyPv3qFr5tTn2cugdE1dCXB62NUalEsLJZ9XYfkdIIHz5w0au4yB6UivnUMvRtXUt%2FMO%2BFNJ8Ibg29rn6IKEQ"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 82d442ef4eff9b5b-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 search-55717da5.ico
privatepagesupport.net/assets/ 17 KB
2 KB 501ms
500ms Image
image/x-icon 2606:4700:3035::6815:2ec3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://privatepagesupport.net/assets/search-55717da5.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:2ec3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55717da5f0bc7b97c87e7abdc4e097054048bc1c23998d5cc4b83a960d691062

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://privatepagesupport.net/business-help-center
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:16:56 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Mon, 23 Oct 2023 06:36:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65361483-423e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LdMFn2YgJhnRN6xY8B2ee8sL9d7gWO2wX92NoM6KNhFEaUhNWvj07XYX%2FYt9xXyxsfhS7DSULzNiRFnowFdpGVPLVc%2FFC6d2ivg0dem6KbtkWRvpgz%2B2vvKC5mCA5K79o8xHlkJjMlLIPNfjaeYb2M%2FVPON3"}],"group":"cf-nel","max_age":604800}
content-type: image/x-icon
cache-control: max-age=14400
cf-ray: 82d442ef4f039b5b-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 background.jpg
privatepagesupport.net/ 79 KB
79 KB 663ms
662ms Image
image/jpeg 2606:4700:3035::6815:2ec3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://privatepagesupport.net/background.jpg
Requested by: Host: privatepagesupport.net
URL: https://privatepagesupport.net/assets/index-2896eb1b.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:2ec3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 289d99b21fae145c868238c0c499dcf8e84bea445b63e47e3406acfe98e20a34

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://privatepagesupport.net/assets/index-2896eb1b.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:16:56 GMT
cf-cache-status: REVALIDATED
last-modified: Mon, 23 Oct 2023 06:36:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "65361483-13af6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x9ZfogvPqP8YIqPcsiBSKgRzZ8DOEwAkAT9nRw6fDq6UtxqshUvRxJLcOaoVZx600a36efL2vhJRH8SnX1EjUCCeiT40tcl0h8l%2ByxptfzATloLmTFuQadbnB8ZqSZjA1iHLU6hp2ZgMxYHEmd2fzpqHXodS"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 82d442ef4f049b5b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 80630

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ 468 KB
188 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

983871cac9e719263fcecaa540c4e1597c8ece1805845830ec21fef0e71d9f88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://privatepagesupport.net/
Origin: https://privatepagesupport.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 09:10:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29206
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 192016
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Nov 2024 09:10:09 GMT

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame C866 60 KB
34 KB 35ms
34ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeP0L8oAAAAADsQGr5CNOeKUdytWn_YDK3yvpll&co=aHR0cHM6Ly9wcml2YXRlcGFnZXN1cHBvcnQubmV0OjQ0Mw..&hl=de&type=image&v=-QbJqHfGOUB8nuVRLvzFLVed&theme=light&size=invisible&badge=bottomright&cb=f7b6rovhawx5

Requested by

Host: privatepagesupport.net
URL: https://privatepagesupport.net/assets/index-1817e2a8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

2acc16a1851a5f25dce68fbf6ecb409a4dab668f794dcd250553adeda2a1a72a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-tFZVttlSyRJYBWc_XpqS_w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://privatepagesupport.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-tFZVttlSyRJYBWc_XpqS_w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 17:16:55 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame C866 55 KB
24 KB 23ms
8ms Stylesheet
text/css 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeP0L8oAAAAADsQGr5CNOeKUdytWn_YDK3yvpll&co=aHR0cHM6Ly9wcml2YXRlcGFnZXN1cHBvcnQubmV0OjQ0Mw..&hl=de&type=image&v=-QbJqHfGOUB8nuVRLvzFLVed&theme=light&size=invisible&badge=bottomright&cb=f7b6rovhawx5

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 08:46:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30633
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Nov 2024 08:46:22 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame C866 468 KB
188 KB 18ms
10ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

983871cac9e719263fcecaa540c4e1597c8ece1805845830ec21fef0e71d9f88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 09:10:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29206
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 192016
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Nov 2024 09:10:09 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame C866 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 12:32:18 GMT
x-content-type-options: nosniff
age: 276277
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Sat, 02 Dec 2023 12:32:18 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame C866 15 KB
16 KB 31ms
8ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 02:58:03 GMT
x-content-type-options: nosniff
age: 310732
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 02:58:03 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame C866 15 KB
15 KB 32ms
9ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 18:52:48 GMT
x-content-type-options: nosniff
age: 339847
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 18:52:48 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame C866 102 B
135 B 18ms
18ms Other
text/javascript 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=-QbJqHfGOUB8nuVRLvzFLVed

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f3706dd9e175fdadc2a564238f1ddc64afea19e67aefd5b922f33040d5f94540

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeP0L8oAAAAADsQGr5CNOeKUdytWn_YDK3yvpll&co=aHR0cHM6Ly9wcml2YXRlcGFnZXN1cHBvcnQubmV0OjQ0Mw..&hl=de&type=image&v=-QbJqHfGOUB8nuVRLvzFLVed&theme=light&size=invisible&badge=bottomright&cb=f7b6rovhawx5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:16:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 28 Nov 2023 17:16:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
privatepagesupport.net
www.google.com
www.gstatic.com
2606:4700:3035::6815:2ec3
2a00:1450:4001:801::2003
2a00:1450:4001:827::2004
2a00:1450:4001:828::2003
2a00:1450:4001:82a::200a
0c038058600a811b8a96de485a224bcc30eb673972fe39954075bcf70ce74e04
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
2896eb1b3e74c18a7ca5d78c74fb3a5d38710ab66fbd39b1b447ed2b23a8f6cf
289d99b21fae145c868238c0c499dcf8e84bea445b63e47e3406acfe98e20a34
2acc16a1851a5f25dce68fbf6ecb409a4dab668f794dcd250553adeda2a1a72a
2d40089ba61241a7b1a05cc52a200382c96a8d0e5d2285dab03663558760d71a
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
55717da5f0bc7b97c87e7abdc4e097054048bc1c23998d5cc4b83a960d691062
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5d01fc2497363c70614d58d06c3566432089530f7f7ba7ee231d4a8c1ecd5903
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
983871cac9e719263fcecaa540c4e1597c8ece1805845830ec21fef0e71d9f88
c2e32c476f8c66151541b113edf89560601e02f8b21d559bd1ee880e8337c57d
d6910fb69e3deebc69bfa0ecbbf59ef15d2d12cdd7cad973538b8c89286345a3
f3706dd9e175fdadc2a564238f1ddc64afea19e67aefd5b922f33040d5f94540

privatepagesupport.net Open in urlscan Pro 2606:4700:3035::6815:2ec3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

100 %IPv6

4 Domains

5 Subdomains

5 IPs

2 Countries

646 kBTransfer

1466 kBSize

0 Cookies

0 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

0 Cookies

Indicators

privatepagesupport.net Open in urlscan Pro
2606:4700:3035::6815:2ec3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

646 kB
Transfer

1466 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!