dis24.pages.dev Open in urlscan Pro
2606:4700:310c::ac42:2cfb Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://dis24.pages.dev/
Effective URL:
https://dis24.pages.dev/
Submission: On February 17 via api (February 17th 2023, 11:44:20 pm UTC) from US — Scanned from US

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 4 domains to perform 13 HTTP transactions. The main IP is 2606:4700:310c::ac42:2cfb, located in United States and belongs to CLOUDFLARENET, US. The main domain is dis24.pages.dev.
TLS certificate: Issued by GTS CA 1P5 on February 6th 2023. Valid for: 3 months.

This is the only time dis24.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Discover (Financial)

Domain & IP information

	IP Address	AS Autonomous System
10	2606:4700:310... 2606:4700:310c::ac42:2cfb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:81e::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3030::6815:5284	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:81f::2003	15169 (GOOGLE) (GOOGLE)
13	5

10 2606:4700:310c::ac42:2cfb (United States)

ASN13335 (CLOUDFLARENET, US)

dis24.pages.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81e::200a (Nutley, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3030::6815:5284 (United States)

ASN13335 (CLOUDFLARENET, US)

freeipapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81f::2003 (Nutley, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	pages.dev dis24.pages.dev	260 KB
1	gstatic.com fonts.gstatic.com	39 KB
1	freeipapi.com freeipapi.com — Cisco Umbrella Rank: 814343	744 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 43	893 B
13	4

	Domain	Requested by
10	dis24.pages.dev	dis24.pages.dev
1	fonts.gstatic.com	fonts.googleapis.com
1	freeipapi.com	dis24.pages.dev
1	fonts.googleapis.com	dis24.pages.dev
13	4

This site contains no links.

Subject Issuer	Validity	Valid
*.dis24.pages.dev GTS CA 1P5	`2023-02-06` - `2023-05-07`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.freeipapi.com E1	`2022-12-22` - `2023-03-22`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://dis24.pages.dev/
Frame ID: 1E184F69570F107121C5EE892CC09F34
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Credit Card Login | Discover Card

Page URL History Show full URLs

http://dis24.pages.dev/ HTTP 307
https://dis24.pages.dev/ Page URL

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

13
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

5
IPs

1
Countries

301 kB
Transfer

464 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://dis24.pages.dev/ HTTP 307
https://dis24.pages.dev/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
dis24.pages.dev/
Redirect Chain

http://dis24.pages.dev/
https://dis24.pages.dev/

1 KB
1 KB

81ms
43ms

Document
text/html

2606:4700:310c::ac42:2cfb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dis24.pages.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:310c::ac42:2cfb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55e9810e7852fa1cc39ba91337850b1dc02aec4c521c93906b8ed9050f84fb2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=0, must-revalidate
cf-ray: 79b263c83d298c69-EWR
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 17 Feb 2023 23:44:14 GMT
etag: W/"ef035a9e919b8d66ea6d4ee72de0f4dc"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FdtifwDR8uX2gYHv0hvvLHzLoz3w6Vtt2ymPCLuW4Gi3C1pkh9z0vjYYdsqwbD1J0TiZICaFpRA3cWc%2FTosrun3vzaua%2BgxehjFBPvZFJ1339of13r%2FidhH05WRf%2BHLM8SQtbpl1V8WHIMbZF%2Fo%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://dis24.pages.dev/
Non-Authoritative-Reason: HSTS

GET
H2 200 css2
fonts.googleapis.com/ 4 KB
893 B 28ms
22ms Stylesheet
text/css 2607:f8b0:4006:81e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Signika:wght@300;400;500;700&display=swap

Requested by

Host: dis24.pages.dev
URL: https://dis24.pages.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::200a Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7d024987a9506bc3a22ff1b434707cba29199fcbf5b45ca855014826bc91820b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://dis24.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 17 Feb 2023 23:44:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 17 Feb 2023 23:44:14 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 17 Feb 2023 23:44:14 GMT

GET
H2 200 index.1d6b8f7e.js Show response
dis24.pages.dev/assets/ 275 KB
135 KB 293ms
287ms Script
application/javascript 2606:4700:310c::ac42:2cfb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dis24.pages.dev/assets/index.1d6b8f7e.js

Requested by

Host: dis24.pages.dev
URL: https://dis24.pages.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:310c::ac42:2cfb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fa5f53dcbd6b32cbbbd52f0e2759946b76a023d380c487f2bbc1fbbef98df600

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://dis24.pages.dev/
Origin: https://dis24.pages.dev
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 23:44:14 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"e765d1d2db96c1dd8f36eba62703da3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UKnVrt2CfQl70uS1Y4lE3N3wN6e1OtNUsQ9CoN9dWRxnoKav5TF5qVxpGfD09DQJsQ%2BWrb7i%2Bojzt4MUOwRo5CC%2Fk2x8ETp2TTb0BRM11jKilLK1%2F6L1Jv%2BCJ%2FlKgQoVCaB%2BrsEj%2FBIZe7CJ1aQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 79b263c89e198c69-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 index.f663e4cc.css
dis24.pages.dev/assets/ 23 KB
5 KB 48ms
42ms Stylesheet
text/css 2606:4700:310c::ac42:2cfb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dis24.pages.dev/assets/index.f663e4cc.css

Requested by

Host: dis24.pages.dev
URL: https://dis24.pages.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:310c::ac42:2cfb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e871393663e7c2f99b9f4a883fafac1a1cf7d23c4c06fe718b022cbd31c012d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://dis24.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 23:44:14 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"0b5ba684315693647f1c809eae7bce7f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jze9zVBwVwV8%2BaG1P%2B5FHSDrXQwsSG8WcERAl%2FigDdR4x%2Bc4lWRBgvW6C6VDtCWxczhuf%2FZif8v16NM8h%2F0Or3JHwlR3uxTZdhIxVkEJaA6akDTJJQd3Oc6biElfgBskt937hECQF7XYAYiJmxo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 79b263c89e168c69-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 json Show response
freeipapi.com/api/ 260 B
744 B 202ms
166ms Fetch
application/json 2606:4700:3030::6815:5284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://freeipapi.com/api/json

Requested by

Host: dis24.pages.dev
URL: https://dis24.pages.dev/assets/index.1d6b8f7e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:5284 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c76ea572c8dd89f9cce6e4b3f9e826aae142b019b0d11be8572143faafb1d915

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-US,en;q=0.9
Referer: https://dis24.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 23:44:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-ratelimit-remaining: 60
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7HR2%2BiO9seoCxXD3n7volDkxpD9VoR%2FGrV%2FI1NvTMXy76DgN4gaNCAia1eo5D45XRTUImOdCQjtjKn8LrY49ESbmMkxRi5BpjaUBX4hHOfg5wJWQyT%2BoBtWeMIJJP45yshnYN7%2FpHeK8Up3G"}],"group":"cf-nel","max_age":604800}
cache-control: no-cache, private
x-ratelimit-limit: 60
cf-ray: 79b263cabdfc17e1-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90ff61e1180bef924c563843bba2edc5f5e726c8f7495e896d99765aadb72d74

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 twitter.b9049e83.svg
dis24.pages.dev/assets/ 1 KB
1 KB 84ms
79ms Image
image/svg+xml 2606:4700:310c::ac42:2cfb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis24.pages.dev/assets/twitter.b9049e83.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2cfb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9049e8383f6a4a119d04a5c9baad547a832911564ee46e6e1a34f01346cb74d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://dis24.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 23:44:14 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"16d63673193493240fc8d3ca3451017f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z65t3HM4vmdSNJnJs89rFByjuSoZZD%2FvOMy%2B%2FE9YtjSTYJxENTXvIL3BTzKeFzxsVUtx2vvxxnexGds1JbKXVcEHLydK9rRc5Etkfx6RpnM7heK5qaVDUQFaWX8SYbRfOa%2FnCqxVirjxgydZPYs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 79b263cbf84b8c78-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 facebook.9091caf2.svg
dis24.pages.dev/assets/ 710 B
899 B 86ms
74ms Image
image/svg+xml 2606:4700:310c::ac42:2cfb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis24.pages.dev/assets/facebook.9091caf2.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2cfb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9091caf2ebc41ea232983bc546c2762ce3271b2947970c3c601cb072c492e414

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://dis24.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 23:44:14 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"66bfd5efdc513fdc07002d48cfee298f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0vuZ1kMmuB84Yyi3vJHd6QEmOJPiSzDaOrkUdtrPz0dDOOXHK9LCwcWLAZLQpjRn5QHTmDYlicxkG4X5CriF0dWedkRokLvHYfkeIxRBIUlDj69tJyLM1bwyte1KAF6gprZmcM1Z6bU7ms1c9Q8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 79b263cc08708c78-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 instagram.251a46dd.svg
dis24.pages.dev/assets/ 2 KB
1 KB 56ms
43ms Image
image/svg+xml 2606:4700:310c::ac42:2cfb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis24.pages.dev/assets/instagram.251a46dd.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2cfb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

251a46dd26dd4775830c98920fcb1d6d38f0f0a4f1369281720ad99f7521e146

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://dis24.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 23:44:14 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"917cf9a489a4fbaaea818cfa001ff027"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wdEFWEbc2WkqAMqARUAk0NhG5IpdXk1gHUfLr9fOe4peROwseoBhvsDtgcPjIn7iaso61tEvRSlIo4UohgXpi0GiwxxqFNO3ezao51P75vjDwCtRsBJyFJR9Jo1eaRILM0UcgFs0dsLxnEgpupg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 79b263cc08748c78-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 linkedin.6d2f5133.svg
dis24.pages.dev/assets/ 1 KB
1 KB 72ms
60ms Image
image/svg+xml 2606:4700:310c::ac42:2cfb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis24.pages.dev/assets/linkedin.6d2f5133.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2cfb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d2f51339b71990cbf713f9da388d3515c9987f7d2bb2b02fab7ac8160d170f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://dis24.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 23:44:14 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"298808207dc89c4cb0143fca12d31409"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TpC5zvpJRXmNJdvlaezhpO%2BPkGDomJpnANwi3cQD3lp9fZqa3Y9mwKqHHa4%2F7K0wAb8MWKphTvCvIW2zLmc9DkTg6Jbmebu%2FlTa%2FvNOJAbhtgW3XpHMtDUj56xu4cJib31WxDw7VKuLKc9TpqAQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 79b263cc08788c78-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 app-icon.e603a824.png
dis24.pages.dev/assets/ 24 KB
24 KB 87ms
75ms Image
image/png 2606:4700:310c::ac42:2cfb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis24.pages.dev/assets/app-icon.e603a824.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2cfb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e603a8249e2d58affccc3e06e93161663d6c6e1deb5a0a89659fbcab82f95fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://dis24.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 23:44:14 GMT
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "b5c3644361309d2d4f44548b10573052"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tIhRY4If7J81Mht4%2B0AinybN9sbIt0F5EalMbMigA3k%2BvijQLXc4APUCvEh5HNRUUEbLBls06O6lcqlry%2F8cfEVd0o925gMASbyuJKJl7ORek4IGof0TPAVmMA5omu0aOPTqTq71T3M%2F%2Fap%2BWCw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 79b263cc087a8c78-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 24381

GET
H3 200 certification.d49919b4.png
dis24.pages.dev/assets/ 22 KB
23 KB 88ms
76ms Image
image/png 2606:4700:310c::ac42:2cfb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis24.pages.dev/assets/certification.d49919b4.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2cfb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d49919b48a53a771b0bfcbca9ac3338a7dbd46b758082c5cc02f1ca9d08b6959

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://dis24.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 23:44:14 GMT
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "b6e6e4bb8ddf5c35ed9dc401f33c8e63"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eLbVmzU9WTI9t6WRaOSW8Ik3OjLHE1jRtem3LIkF7Iv3w7jhVvSJbBW3vU%2B5u6L48z97Gaov8weqH5jqmGnWnkSyUkLV0lnLuby9VV4t7HYMNyhnr3TmtiFzybFvUJUCFFZWz0mcNEYavvOs1Gw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 79b263cc087c8c78-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 22698

GET
H3 200 intro.a24e2227.jpg
dis24.pages.dev/assets/ 67 KB
67 KB 80ms
72ms Image
image/jpeg 2606:4700:310c::ac42:2cfb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis24.pages.dev/assets/intro.a24e2227.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2cfb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a24e222776c2ed30341277982bb4a37cb9df02476e0f4b881f5f052a9e492d53

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://dis24.pages.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 23:44:14 GMT
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "e5dcec5acdb0b6882ab441f202cf7f18"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k3sct1US3AQqTtkztPI86fT66B5H5t5NcFOvInUWgvzFHu2gy%2B0xOvlHZvxZs2%2B8iKIJI8vJs2Yv1U7V0lLfSbvh1I6LD7wzPmtzOqCvP5nKmksqFzHAna7MqW40N8yXZGP3N3syxBL9AXe4KRw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 79b263cc087d8c78-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 68190

GET
H2 200 vEFR2_JTCgwQ5ejvG1EmBg.woff2
fonts.gstatic.com/s/signika/v20/ 39 KB
39 KB 61ms
5ms Font
font/woff2 2607:f8b0:4006:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/signika/v20/vEFR2_JTCgwQ5ejvG1EmBg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Signika:wght@300;400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e36ecb4b8f63375fe634496441f39c6165c5504f3d4dbe8ae47caae8d7730e38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://dis24.pages.dev
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:19:54 GMT
x-content-type-options: nosniff
age: 188660
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39776
x-xss-protection: 0
last-modified: Tue, 23 Aug 2022 18:45:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Feb 2024 19:19:54 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Discover (Financial)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange function| IMask

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dis24.pages.dev
fonts.googleapis.com
fonts.gstatic.com
freeipapi.com
2606:4700:3030::6815:5284
2606:4700:310c::ac42:2cfb
2607:f8b0:4006:81e::200a
2607:f8b0:4006:81f::2003
251a46dd26dd4775830c98920fcb1d6d38f0f0a4f1369281720ad99f7521e146
55e9810e7852fa1cc39ba91337850b1dc02aec4c521c93906b8ed9050f84fb2d
6d2f51339b71990cbf713f9da388d3515c9987f7d2bb2b02fab7ac8160d170f1
7d024987a9506bc3a22ff1b434707cba29199fcbf5b45ca855014826bc91820b
9091caf2ebc41ea232983bc546c2762ce3271b2947970c3c601cb072c492e414
90ff61e1180bef924c563843bba2edc5f5e726c8f7495e896d99765aadb72d74
a24e222776c2ed30341277982bb4a37cb9df02476e0f4b881f5f052a9e492d53
b9049e8383f6a4a119d04a5c9baad547a832911564ee46e6e1a34f01346cb74d
c76ea572c8dd89f9cce6e4b3f9e826aae142b019b0d11be8572143faafb1d915
d49919b48a53a771b0bfcbca9ac3338a7dbd46b758082c5cc02f1ca9d08b6959
e36ecb4b8f63375fe634496441f39c6165c5504f3d4dbe8ae47caae8d7730e38
e603a8249e2d58affccc3e06e93161663d6c6e1deb5a0a89659fbcab82f95fb0
e871393663e7c2f99b9f4a883fafac1a1cf7d23c4c06fe718b022cbd31c012d7
fa5f53dcbd6b32cbbbd52f0e2759946b76a023d380c487f2bbc1fbbef98df600

dis24.pages.dev Open in urlscan Pro 2606:4700:310c::ac42:2cfb Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

100 %IPv6

4 Domains

4 Subdomains

5 IPs

1 Countries

301 kBTransfer

464 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

dis24.pages.dev Open in urlscan Pro
2606:4700:310c::ac42:2cfb Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

5
IPs

1
Countries

301 kB
Transfer

464 kB
Size

0
Cookies

13 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!