urlscan.io logo urlscan.io
SecurityTrails logo

pub-c7119d8cef5d4359861e1426cf37c62c.r2.dev Open in urlscan Pro
2606:4700::6812:323  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://pub-c7119d8cef5d4359861e1426cf37c62c.r2.dev/New09876/98654ERFGHJIOP0987T6R54E5R6T7Y8U9I0KOJIUYFTD6RT7Y89U8T76R5DRT/FR5678IJOU8Y7T6RFTGHIJOU9...
Submission: On January 30 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 4 domains to perform 6 HTTP transactions. The main IP is 2606:4700::6812:323, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-c7119d8cef5d4359861e1426cf37c62c.r2.dev.
TLS certificate: Issued by E1 on December 9th 2023. Valid for: 3 months.
This is the only time pub-c7119d8cef5d4359861e1426cf37c62c.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2620:12a:8001::4 54113 (FASTLY)
2 2a00:d0c0:200... 205766 (UBERSPACE)
6 6
1    2606:4700::6812:323 (United States)

ASN13335 (CLOUDFLARENET, US)
pub-c7119d8cef5d4359861e1426cf37c62c.r2.dev
1    2607:f8b0:4004:c08::5f (Ashburn, United States)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2606:4700::6812:223 (United States)

ASN13335 (CLOUDFLARENET, US)
pub-93a733239eb745d48630a659f724f964.r2.dev
1    2620:12a:8001::4 (United States)

ASN54113 (FASTLY, US)
dev-myspacedaown876.pantheonsite.io
2    2a00:d0c0:200:0:b496:96ff:fe96:831a (Germany)

ASN205766 (UBERSPACE, DE)
lakumis.uber.space
Domain Requested by
2 lakumis.uber.space
1 dev-myspacedaown876.pantheonsite.io ajax.googleapis.com
1 pub-93a733239eb745d48630a659f724f964.r2.dev pub-c7119d8cef5d4359861e1426cf37c62c.r2.dev
1 ajax.googleapis.com pub-c7119d8cef5d4359861e1426cf37c62c.r2.dev
1 pub-c7119d8cef5d4359861e1426cf37c62c.r2.dev
6 5

This site contains no links.

Subject Issuer Validity Valid
*.r2.dev
E1		 2023-12-09 -
2024-03-08		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-01-02 -
2024-03-26		 3 months crt.sh
pantheonsite.io
R3		 2024-01-24 -
2024-04-23		 3 months crt.sh
lakumis.uber.space
R3		 2024-01-29 -
2024-04-28		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://pub-c7119d8cef5d4359861e1426cf37c62c.r2.dev/New09876/98654ERFGHJIOP0987T6R54E5R6T7Y8U9I0KOJIUYFTD6RT7Y89U8T76R5DRT/FR5678IJOU8Y7T6RFTGHIJOU9Y87T6FT/O09876543234567898765432456789098765434567890876543456789.xhtml?o8o=987654wqwertyujkbvcdswertyuiuytrdsdfgjkuytrdsxcvbnjuytf&iuytrewqertyui=oi87kloiuytrdcfvbnjkiuytrfdfvbnm&987654edfvgbnjkiu7ytrfvgbjk=jhgfdcvbnjmk&sdlqhlcr=3&
Frame ID: 7459C08B8EE5222D32077E618D1C2C62
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in to continue

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

6
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

5
Subdomains

6
IPs

2
Countries

457 kB
Transfer

515 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request O09876543234567898765432456789098765434567890876543456789.xhtml
pub-c7119d8cef5d4359861e1426cf37c62c.r2.dev/New09876/98654ERFGHJIOP0987T6R54E5R6T7Y8U9I0KOJIUYFTD6RT7Y89U8T76R5DRT/FR5678IJOU8Y7T6RFTGHIJOU9Y87T6FT/ 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pub-c7119d8cef5d4359861e1426cf37c62c.r2.dev/New09876/98654ERFGHJIOP0987T6R54E5R6T7Y8U9I0KOJIUYFTD6RT7Y89U8T76R5DRT/FR5678IJOU8Y7T6RFTGHIJOU9Y87T6FT/O09876543234567898765432456789098765434567890876543456789.xhtml?o8o=987654wqwertyujkbvcdswertyuiuytrdsdfgjkuytrdsxcvbnjuytf&iuytrewqertyui=oi87kloiuytrdcfvbnjkiuytrfdfvbnm&987654edfvgbnjkiu7ytrfvgbjk=jhgfdcvbnjmk&sdlqhlcr=3&
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
763109a03655ec06f2d13eb684f42ed5ae3608222e658bd419414b9457baac8f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Accept-Ranges
bytes
CF-RAY
84dac2e66eda25e3-MIA
Connection
keep-alive
Content-Length
1480
Content-Type
application/xhtml+xml
Date
Tue, 30 Jan 2024 15:31:21 GMT
ETag
"1071ba2418dc18d8057a4714d800a8ac"
Last-Modified
Thu, 18 Jan 2024 14:02:01 GMT
Server
cloudflare
Vary
Accept-Encoding
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ 		90 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Requested by
Host: pub-c7119d8cef5d4359861e1426cf37c62c.r2.dev
URL: https://pub-c7119d8cef5d4359861e1426cf37c62c.r2.dev/New09876/98654ERFGHJIOP0987T6R54E5R6T7Y8U9I0KOJIUYFTD6RT7Y89U8T76R5DRT/FR5678IJOU8Y7T6RFTGHIJOU9Y87T6FT/O09876543234567898765432456789098765434567890876543456789.xhtml?o8o=987654wqwertyujkbvcdswertyuiuytrdsdfgjkuytrdsxcvbnjuytf&iuytrewqertyui=oi87kloiuytrdcfvbnjkiuytrfdfvbnm&987654edfvgbnjkiu7ytrfvgbjk=jhgfdcvbnjmk&sdlqhlcr=3&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c08::5f Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://pub-c7119d8cef5d4359861e1426cf37c62c.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 27 Jan 2024 05:15:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
296172
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33018
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 26 Jan 2025 05:15:09 GMT
king.js
pub-93a733239eb745d48630a659f724f964.r2.dev/ 		52 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pub-93a733239eb745d48630a659f724f964.r2.dev/king.js?hijiji=dGVzdEBtYWlsLmNvbQ--
Requested by
Host: pub-c7119d8cef5d4359861e1426cf37c62c.r2.dev
URL: https://pub-c7119d8cef5d4359861e1426cf37c62c.r2.dev/New09876/98654ERFGHJIOP0987T6R54E5R6T7Y8U9I0KOJIUYFTD6RT7Y89U8T76R5DRT/FR5678IJOU8Y7T6RFTGHIJOU9Y87T6FT/O09876543234567898765432456789098765434567890876543456789.xhtml?o8o=987654wqwertyujkbvcdswertyuiuytrdsdfgjkuytrdsxcvbnjuytf&iuytrewqertyui=oi87kloiuytrdcfvbnjkiuytrfdfvbnm&987654edfvgbnjkiu7ytrfvgbjk=jhgfdcvbnjmk&sdlqhlcr=3&
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
668bfcc50c706afc22e23e52ba6597a70a7faf42111e5d0d783d237c5c13eee0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://pub-c7119d8cef5d4359861e1426cf37c62c.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Tue, 30 Jan 2024 15:31:22 GMT
Last-Modified
Thu, 18 Jan 2024 08:11:43 GMT
Server
cloudflare
ETag
"2fcec1c34e060dffc952db6ced616339"
Vary
Accept-Encoding
Content-Type
text/javascript
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
84dac2ec7a863dd2-MIA
Content-Length
53460
/
dev-myspacedaown876.pantheonsite.io//mind-blower/ 		488 B
694 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dev-myspacedaown876.pantheonsite.io//mind-blower/
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2d6a83c47486d3b4b508dd63a9903cceeb62a28ad0973a93e336b320149a4365
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept
*/*
Referer
https://pub-c7119d8cef5d4359861e1426cf37c62c.r2.dev/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

expires
Thu, 19 Nov 1981 08:52:00 GMT
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Tue, 30 Jan 2024 15:31:23 GMT
age
0
x-cache
MISS, MISS
x-pantheon-styx-hostname
styx-fe3fe4-c-77db4b4f84-5jh8t
content-length
195
x-served-by
cache-ams12778-AMS, cache-mia-kmia1760059-MIA
pragma
no-cache
server
nginx
x-timer
S1706628682.315834,VS0,VE1244
vary
Accept-Encoding, Cookie, Cookie
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
x-styx-req-id
9f74aca0-bf84-11ee-8abb-3e1290aa34b4
cache-control
no-store, no-cache, must-revalidate
accept-ranges
bytes
x-robots-tag
noindex
x-cache-hits
0, 0
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a32558a8e67bd48e551fb110df2607d396d314c296e277a76d32e0fcce3624af

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/gif
download_35.jpeg
lakumis.uber.space/123456yhvfdew34567ujhgfdertyhji8765rdcvhju765rfg/pics/ 		367 KB
367 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lakumis.uber.space/123456yhvfdew34567ujhgfdertyhji8765rdcvhju765rfg/pics/download_35.jpeg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:d0c0:200:0:b496:96ff:fe96:831a , Germany, ASN205766 (UBERSPACE, DE),
Reverse DNS
Software
nginx /
Resource Hash
8e2c6d4a33955fe23b3e95f1ee8f910c45884972f1851a55dc06971af3b9326b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://pub-c7119d8cef5d4359861e1426cf37c62c.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 30 Jan 2024 15:31:24 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 29 Jan 2024 16:04:42 GMT
server
nginx
etag
"5bb35-61017cdc4d6b1"
x-frame-options
SAMEORIGIN
content-type
image/jpeg
accept-ranges
bytes
content-length
375605
x-xss-protection
1; mode=block
download02.png
lakumis.uber.space/123456yhvfdew34567ujhgfdertyhji8765rdcvhju765rfg/pics/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lakumis.uber.space/123456yhvfdew34567ujhgfdertyhji8765rdcvhju765rfg/pics/download02.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:d0c0:200:0:b496:96ff:fe96:831a , Germany, ASN205766 (UBERSPACE, DE),
Reverse DNS
Software
nginx /
Resource Hash
f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://pub-c7119d8cef5d4359861e1426cf37c62c.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 30 Jan 2024 15:31:24 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 29 Jan 2024 16:04:41 GMT
server
nginx
etag
"421-61017cdaeca6e"
x-frame-options
SAMEORIGIN
content-type
image/png
accept-ranges
bytes
content-length
1057
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery string| result function| importScript function| makeid function| getScriptName function| createElementHtml function| CHTMLElement function| cvalide function| CreateHtml function| errorshow function| clear function| ssetbrand function| setbrand function| Passcheck function| checkofficemeial function| GetIMG function| getUrlVars function| submit function| ReplaT function| validateEmail function| isValidHttpUrl undefined| header undefined| text string| qqr object| qjson function| sendDataP function| displayDate object| displayName object| pdiv object| codediv object| Codemsg object| codeinput object| passwinput

0 Cookies