web.s23terms.us Open in urlscan Pro
172.67.212.213 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://web.s23terms.us/
Submission: On August 30 via automatic, source certstream-suspicious (August 30th 2024, 1:09:27 pm UTC) — Scanned from US

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 15 HTTP transactions. The main IP is 172.67.212.213, located in United States and belongs to CLOUDFLARENET, US. The main domain is web.s23terms.us.
TLS certificate: Issued by WE1 on August 19th 2024. Valid for: 3 months.

This is the only time web.s23terms.us was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 14	172.67.212.213 172.67.212.213	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:bb1f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:400... 2a04:4e42:400::649	54113 (FASTLY) (FASTLY)
15	3

14 172.67.212.213 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

web.s23terms.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bb1f (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	s23terms.us 1 redirects web.s23terms.us	494 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 1211	30 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 410	35 KB
15	3

	Domain	Requested by
14	web.s23terms.us	1 redirects web.s23terms.us
1	code.jquery.com	web.s23terms.us
1	cdn.jsdelivr.net	web.s23terms.us
15	3

This site contains no links.

Subject Issuer	Validity	Valid
s23terms.us WE1	`2024-08-19` - `2024-11-17`	3 months	crt.sh
*.jsdelivr.net Sectigo RSA Domain Validation Secure Server CA	`2024-05-04` - `2025-05-04`	a year	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://web.s23terms.us/
Frame ID: FFBF1AFD85D4004039778D5ED0561739
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Meta for Business - Page Appeal

Page URL History Show full URLs

https://web.s23terms.us/ Page URL
https://web.s23terms.us/cdn-cgi/phish-bypass?atok=cABRLDbzkvhQHUgbBR10rsjbRASQ89kcFFFbsAH1Fs8-172502... HTTP 301
https://web.s23terms.us/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

15
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

559 kB
Transfer

839 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://web.s23terms.us/ Page URL
https://web.s23terms.us/cdn-cgi/phish-bypass?atok=cABRLDbzkvhQHUgbBR10rsjbRASQ89kcFFFbsAH1Fs8-1725023355-0.0.1.1-%2F HTTP 301
https://web.s23terms.us/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 / Show response
web.s23terms.us/ 4 KB
2 KB 188ms
91ms Document
text/html 172.67.212.213
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://web.s23terms.us/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.212.213 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

abe715ec927f1dfd95f21d70cd9b16a454b70ebb512c9505c9b0ce7236bb0140

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cf-ray: 8bb503a30af7534f-LAX
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 30 Aug 2024 13:09:15 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M1nCOmKfQR3FyIRG0lVHUuS2CQPSpftIKPoP1HpRi9zV7b6ylAn903fHU49J8n5jwEKwsPBxdHkRhvTrKlTumW3YkeDszambfv%2BzKTs%2BhEYZoyToguPC3v93gfUfYAoSTA8%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H3 200 cf.errors.css
web.s23terms.us/cdn-cgi/styles/ 23 KB
5 KB 75ms
75ms Stylesheet
text/css 172.67.212.213
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://web.s23terms.us/cdn-cgi/styles/cf.errors.css

Requested by

Host: web.s23terms.us
URL: https://web.s23terms.us/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.212.213 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://web.s23terms.us/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 30 Aug 2024 13:09:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 27 Aug 2024 19:10:22 GMT
server: cloudflare
etag: W/"66ce249e-5df3"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 8bb503a3cbc5534f-LAX
expires: Fri, 30 Aug 2024 15:09:15 GMT

GET
H3 200 icon-exclamation.png
web.s23terms.us/cdn-cgi/images/ 452 B
634 B 75ms
74ms Image
image/png 172.67.212.213
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://web.s23terms.us/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: web.s23terms.us
URL: https://web.s23terms.us/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.212.213 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://web.s23terms.us/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 30 Aug 2024 13:09:15 GMT
x-content-type-options: nosniff
last-modified: Tue, 27 Aug 2024 19:10:22 GMT
server: cloudflare
etag: "66ce249e-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 8bb503a48c85534f-LAX
content-length: 452
expires: Fri, 30 Aug 2024 15:09:15 GMT

GET
H3 404 favicon.ico
web.s23terms.us/ 1 KB
1 KB 287ms
287ms Other
text/html 172.67.212.213
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://web.s23terms.us/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.212.213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 679e7e62b81267c93d0778083ae0fd0efe24172ff0ac581835b54165b3d9ed43

Request headers

Referer: https://web.s23terms.us/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Aug 2024 13:09:15 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u6t4yMjvoeNlMiis5TenNmuA%2BlBm5Ha%2FZIbTEW9SSCMp%2FOjaXorWAAOI3W7%2B0NRtc%2B2YeWntAMdQRNZxfdpwlIVbNHpq%2BkFiGeeBO3TRg%2BUZ5LfLS5VD60yJjRVlQ%2BHBL9o%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: private, no-cache, max-age=0
cf-ray: 8bb503a4fcdf534f-LAX
alt-svc: h3=":443"; ma=86400

GET
H3

200

Primary Request / Show response
web.s23terms.us/
Redirect Chain

https://web.s23terms.us/cdn-cgi/phish-bypass?atok=cABRLDbzkvhQHUgbBR10rsjbRASQ89kcFFFbsAH1Fs8-1725023355-0.0.1.1-%2F
https://web.s23terms.us/

9 KB
3 KB

644ms
643ms

Document
text/html

172.67.212.213
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://web.s23terms.us/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.212.213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c64e8ee205eef03852aa98c7ffba5317f8fea8154ec403973c83a118b9922a0

Request headers

Referer: https://web.s23terms.us/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8bb503c59a96534f-LAX
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 30 Aug 2024 13:09:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5ZIZA7s9DaLrGjnUaUNJQaOBXwor8Uy3K1VBjy9WHfwN2CxZQupjyIuuCaCKhd1OyCe3F4Iv3XNq9HsVbMz2H3RWyL5o4Z7tcqaHERT%2F82J4v8FQFjA2BV0HHIf79MyQzXw%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

cache-control: private, no-cache
cf-ray: 8bb503c50a23534f-LAX
content-length: 167
content-type: text/html
date: Fri, 30 Aug 2024 13:09:20 GMT
location: https://web.s23terms.us/
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/ 227 KB
35 KB 372ms
87ms Stylesheet
text/css 2606:4700::6812:bb1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css

Requested by

Host: web.s23terms.us
URL: https://web.s23terms.us/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bb1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c8f27e6009ccfd710a905e6dcf12d0ee3c6f2ac7da05b0572d3e0d12e736fc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://web.s23terms.us/
Origin: https://web.s23terms.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 30 Aug 2024 13:09:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 7847833
x-jsd-version: 5.3.3
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 34908
x-served-by: cache-fra-eddf8230118-FRA, cache-lga21937-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"38d63-xawd7pYctZoEUlbsID9p4xeHL3w"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q8E5E40FB9w1HrSSJQbtg0ZbgTKxlohVJZVeROefwGPj3NwPvRFlGnyH53oTReAjDH%2FMF81%2Bqiarf4bfuSmi7wdvOtfSJJu4vy%2BMIF0miV4rOaYCQB6yKL1F5SqieuxsPN%2FjyC9q4eoMiLoHqZQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8bb503cba8147c77-LAX

GET
H3 200 index.css
web.s23terms.us/assets/css/ 3 KB
1 KB 98ms
96ms Stylesheet
text/css 172.67.212.213
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://web.s23terms.us/assets/css/index.css
Requested by: Host: web.s23terms.us
URL: https://web.s23terms.us/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.212.213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 597eb3a9aa06de29445c85f996d8f383e5cd88e3e0ce40d2f6677a5041ff7d4a

Request headers

Referer: https://web.s23terms.us/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 30 Aug 2024 13:09:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 27 May 2024 16:46:42 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 19188
etag: W/"cc9-6654b8f2-13b433;br"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FLgL05bc241RXLGAHeAjHgqqLry2znzs9Aq41CPlwfhiCPkTPZXCMC7if04fXL2yBjxUmrvDQGuWafPGulK44c9W%2BgLz7Kt1pwGmPVY9TKguUGUkAlbnXKpJXRvt5963rIc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 8bb503c9ef26534f-LAX
alt-svc: h3=":443"; ma=86400
expires: Fri, 06 Sep 2024 07:46:57 GMT

GET
H3 200 pass.css
web.s23terms.us/assets/css/ 783 B
795 B 88ms
86ms Stylesheet
text/css 172.67.212.213
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://web.s23terms.us/assets/css/pass.css
Requested by: Host: web.s23terms.us
URL: https://web.s23terms.us/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.212.213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a045cbc54598d16c3fde04c6b68ffe8c73c47c32fcc3f4cdbf6185acfc48d4ae

Request headers

Referer: https://web.s23terms.us/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 30 Aug 2024 13:09:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 27 May 2024 16:46:42 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 19188
etag: W/"30f-6654b8f2-13b434;br"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PSXrXKAZBntZ3tVDIIdT6FdvYPFOdaNfSqE%2BVjpvfCdFB5GB%2FAjq3Z0iGw0L%2FDC5lZOJEirDNpLJaiB0vpZg5u62tuYVNrfkorDk6%2FhD8FZLcJD0ToAo43COBBgV7D8EX4w%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 8bb503c9ef28534f-LAX
alt-svc: h3=":443"; ma=86400
expires: Fri, 06 Sep 2024 07:46:57 GMT

GET
H3 200 logo.d42fe85024cd6936fb43.png
web.s23terms.us/assets/img/ 31 KB
32 KB 93ms
91ms Image
image/png 172.67.212.213
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://web.s23terms.us/assets/img/logo.d42fe85024cd6936fb43.png
Requested by: Host: web.s23terms.us
URL: https://web.s23terms.us/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.212.213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5da69e13d11124b421ba77038093fcf8196e57bbede9a640190cad9e5c2c1717

Request headers

Referer: https://web.s23terms.us/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 30 Aug 2024 13:09:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 19188
alt-svc: h3=":443"; ma=86400
content-length: 31947
last-modified: Mon, 27 May 2024 16:46:44 GMT
server: cloudflare
etag: "7ccb-6654b8f4-13b42f;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zkz5F5MtAaBbfJtKOfbIfqtFqP9oz6UwyNX%2Bs5ANwGlMQMukVcc8ist87OwRAGDAYULiukRoJCrB%2FxSh8yxCQA2SmuPE5%2Bu83t74c1F7rK26rONHfyy3deqn0ESW%2BmwVn0I%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8bb503c9ef2a534f-LAX
expires: Fri, 06 Sep 2024 07:46:57 GMT

GET
H3 200 download.png
web.s23terms.us/assets/img/ 2 KB
2 KB 158ms
157ms Image
image/png 172.67.212.213
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://web.s23terms.us/assets/img/download.png
Requested by: Host: web.s23terms.us
URL: https://web.s23terms.us/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.212.213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b33cb32e30cf5aff200a5d6c3a60e95521bd82aecac352f9e8f1a9734503559c

Request headers

Referer: https://web.s23terms.us/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 30 Aug 2024 13:09:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 19188
alt-svc: h3=":443"; ma=86400
content-length: 2004
last-modified: Mon, 27 May 2024 16:46:42 GMT
server: cloudflare
etag: "7d4-6654b8f2-13b42c;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T1mK7DvN57yDgokRBHjk3DZYQfAA1J0lB5zC40JioRF%2BoE3%2BNxQptq07TbbgH3nG%2Bce0t%2FljliYP3eW4LUkBw0KSacC3Ru9qfykGhTqCCl1yfZ615dO5KHODDe17rXKDoro%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8bb503c9ef2c534f-LAX
expires: Fri, 06 Sep 2024 07:46:57 GMT

GET
H3 200 background.1f85623d06212e6d3ed4.png
web.s23terms.us/assets/img/ 361 KB
362 KB 186ms
184ms Image
image/png 172.67.212.213
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://web.s23terms.us/assets/img/background.1f85623d06212e6d3ed4.png
Requested by: Host: web.s23terms.us
URL: https://web.s23terms.us/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.212.213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f83d8067197a3421cebdad0a99baf4119a6146e84a11a468db279f57270784e

Request headers

Referer: https://web.s23terms.us/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 30 Aug 2024 13:09:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 19188
alt-svc: h3=":443"; ma=86400
content-length: 369629
last-modified: Mon, 27 May 2024 16:46:42 GMT
server: cloudflare
etag: "5a3dd-6654b8f2-13b41c;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cmanbPB5btziAuh%2BhG4Wu7QQSpy%2F6CMAEBB464nRAIDuOr3EE6nM%2FLmIAdnl6ZEb7vFV8UN0QhAuCEPHsXDjbGsQKa8083bgfhQNBAIx3W4uhwJ4Yp2E%2FxL%2FtNw7JrYuTMs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8bb503ca3f6d534f-LAX
expires: Fri, 06 Sep 2024 07:46:57 GMT

GET
H3 200 IMG_20240425_182854.jpg
web.s23terms.us/assets/img/ 22 KB
22 KB 401ms
399ms Image
image/jpeg 172.67.212.213
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://web.s23terms.us/assets/img/IMG_20240425_182854.jpg
Requested by: Host: web.s23terms.us
URL: https://web.s23terms.us/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.212.213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f746a8879ebed9fa23ec12e7ad0aa12e2c4206ea5e52e4a2c1052ae5f45969e4

Request headers

Referer: https://web.s23terms.us/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 30 Aug 2024 13:09:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 19188
alt-svc: h3=":443"; ma=86400
content-length: 22516
last-modified: Mon, 27 May 2024 16:46:42 GMT
server: cloudflare
etag: "57f4-6654b8f2-13b424;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4U%2BlqjlP%2BqkOlfojxbuTACV2P5booAktHX3GCxreezPi4M%2Fs2ZUzzIGk7wWfqihjKaU4uG8rZiXXaMeslvaKIsKMqmB8oc%2FmKRSNTSrF8yHwlsgeUnhGDULvgCCTzV5Dg5c%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8bb503ca3f70534f-LAX
expires: Fri, 06 Sep 2024 07:46:57 GMT

GET
H3 200 meta.png
web.s23terms.us/assets/img/ 58 KB
58 KB 402ms
400ms Image
image/png 172.67.212.213
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://web.s23terms.us/assets/img/meta.png
Requested by: Host: web.s23terms.us
URL: https://web.s23terms.us/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.212.213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e30aec61e5fc0fe900350c69e036584241666eccd240f04fbbb4584cddee788a

Request headers

Referer: https://web.s23terms.us/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 30 Aug 2024 13:09:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 19188
alt-svc: h3=":443"; ma=86400
content-length: 59256
last-modified: Mon, 27 May 2024 16:46:44 GMT
server: cloudflare
etag: "e778-6654b8f4-13b42d;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H2m7EEyVWa01J3a747Mc83BfTO4G%2FFZMOfo4ncqJDia9qu0z4xc4tx9CnRMQaAyQwQrn%2FhKqXr7e8BcAi9FrkVdKOx3eUY9AXZuuPvRUkkHQ9TP2%2Fb2ucfJTqyhfZFCCksU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8bb503ca3f71534f-LAX
expires: Fri, 06 Sep 2024 07:46:57 GMT

GET
H2 200 jquery-3.5.1.min.js Show response
code.jquery.com/ 87 KB
30 KB 357ms
73ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.5.1.min.js
Requested by: Host: web.s23terms.us
URL: https://web.s23terms.us/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer: https://web.s23terms.us/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 30 Aug 2024 13:09:21 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 6392630
x-cache: HIT, HIT
content-length: 30879
x-served-by: cache-lga21981-LGA, cache-lax-kwhp1940130-LAX
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1725023362.913353,VS0,VE0
etag: W/"28feccc0-15d84"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 545896, 160467

GET
H3 200 jquery.mask.min.js Show response
web.s23terms.us/assets/js/ 8 KB
4 KB 405ms
404ms Script
text/javascript 172.67.212.213
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://web.s23terms.us/assets/js/jquery.mask.min.js
Requested by: Host: web.s23terms.us
URL: https://web.s23terms.us/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.212.213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a65fdd4c44fa96ef232acb2a308ca73a3f17d6accc399d0c7a28a21d532d9

Request headers

Referer: https://web.s23terms.us/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 30 Aug 2024 13:09:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 27 May 2024 16:46:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"1ef0-6654b8f4-13b431;br"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YzrA9EKFPHt1qM7LJ6DsLptErKVkHBQLCyxk3k70R21EOffdTrKg0vdz9le6uq1CXbVUDgrBklgXSvWiGc85UaJzTj%2FoBe0CzRoUbJptsqEommwz0Z9kL8Izz1b70BtdEnw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
cf-ray: 8bb503ca3f72534f-LAX
alt-svc: h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.web.s23terms.us/	1970-01-20 23:11:49	Name: __cf_mw_byp Value: cABRLDbzkvhQHUgbBR10rsjbRASQ89kcFFFbsAH1Fs8-1725023355-0.0.1.1-/

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://web.s23terms.us/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()
recommendation	warning	URL: https://web.s23terms.us/ Message: [DOM] Found 2 elements with non-unique id #nohp: (More info: https://goo.gl/9p2vKq) %o %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
code.jquery.com
web.s23terms.us
172.67.212.213
2606:4700::6812:bb1f
2a04:4e42:400::649
3c8f27e6009ccfd710a905e6dcf12d0ee3c6f2ac7da05b0572d3e0d12e736fc8
470a65fdd4c44fa96ef232acb2a308ca73a3f17d6accc399d0c7a28a21d532d9
4f83d8067197a3421cebdad0a99baf4119a6146e84a11a468db279f57270784e
597eb3a9aa06de29445c85f996d8f383e5cd88e3e0ce40d2f6677a5041ff7d4a
5c64e8ee205eef03852aa98c7ffba5317f8fea8154ec403973c83a118b9922a0
5da69e13d11124b421ba77038093fcf8196e57bbede9a640190cad9e5c2c1717
679e7e62b81267c93d0778083ae0fd0efe24172ff0ac581835b54165b3d9ed43
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
a045cbc54598d16c3fde04c6b68ffe8c73c47c32fcc3f4cdbf6185acfc48d4ae
abe715ec927f1dfd95f21d70cd9b16a454b70ebb512c9505c9b0ce7236bb0140
b33cb32e30cf5aff200a5d6c3a60e95521bd82aecac352f9e8f1a9734503559c
e30aec61e5fc0fe900350c69e036584241666eccd240f04fbbb4584cddee788a
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f746a8879ebed9fa23ec12e7ad0aa12e2c4206ea5e52e4a2c1052ae5f45969e4
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

web.s23terms.us Open in urlscan Pro 172.67.212.213 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

559 kBTransfer

839 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

1 Cookies

2 Console Messages

Security Headers

Indicators

web.s23terms.us Open in urlscan Pro
172.67.212.213 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

559 kB
Transfer

839 kB
Size

1
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!