pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev
Open in
urlscan Pro
2606:4700::6812:223
Malicious Activity!
Public Scan
Submission: On August 15 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by E1 on August 13th 2023. Valid for: 3 months.
This is the only time pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700::68... 2606:4700::6812:223 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:1b | 20446 (STACKPATH...) (STACKPATH-CDN) | |
1 3 | 2606:4700::68... 2606:4700::6811:2b8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
10 | 2606:4700:303... 2606:4700:3035::6815:366e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:2800:247... 2606:2800:247:8f3c:39fe:2753:7a35:e3da | 15133 (EDGECAST) (EDGECAST) | |
1 | 2620:1ec:bdf::46 2620:1ec:bdf::46 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2620:1ec:46::46 2620:1ec:46::46 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
19 | 8 |
ASN13335 (CLOUDFLARENET, US)
pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev |
ASN15133 (EDGECAST, US)
aadcdn.msftauth.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
codecrafters.su
codecrafters.su |
18 KB |
3 |
cloudflare.com
1 redirects
challenges.cloudflare.com — Cisco Umbrella Rank: 6372 |
10 KB |
2 |
msauth.net
logincdn.msauth.net — Cisco Umbrella Rank: 3754 aadcdn.msauth.net — Cisco Umbrella Rank: 1038 |
2 KB |
2 |
msftauth.net
aadcdn.msftauth.net — Cisco Umbrella Rank: 1064 |
4 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 752 |
30 KB |
1 |
r2.dev
pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev |
3 KB |
19 | 6 |
Domain | Requested by | |
---|---|---|
10 | codecrafters.su |
pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev
codecrafters.su code.jquery.com |
3 | challenges.cloudflare.com |
1 redirects
pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev
challenges.cloudflare.com |
2 | aadcdn.msftauth.net |
pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev
|
1 | aadcdn.msauth.net |
codecrafters.su
|
1 | logincdn.msauth.net |
pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev
|
1 | code.jquery.com |
pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev
|
1 | pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev | |
19 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.r2.dev E1 |
2023-08-13 - 2023-11-11 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
codecrafters.su GTS CA 1P5 |
2023-08-06 - 2023-11-04 |
3 months | crt.sh |
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA |
2023-01-31 - 2024-01-31 |
a year | crt.sh |
identitycdn.msauth.net Microsoft Azure TLS Issuing CA 02 |
2023-06-24 - 2024-06-18 |
a year | crt.sh |
aadcdn.msauth.net DigiCert SHA2 Secure Server CA |
2023-07-29 - 2024-07-29 |
a year | crt.sh |
challenges.cloudflare.com Cloudflare Inc ECC CA-3 |
2022-09-18 - 2023-09-17 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/index.html
Frame ID: B0DBFB4595F054790A7F0FFE9C218FDF
Requests: 17 HTTP requests in this frame
Frame:
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/b7421/0x4AAAAAAAIusqjsglEnG8LP/auto/normal
Frame ID: A5A34F22885BBC55E16E01080B2F4A0E
Requests: 1 HTTP requests in this frame
Frame:
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/m13ya/0x4AAAAAAAIusqjsglEnG8LP/auto/normal
Frame ID: F9416D3F769DA11B4BD4E2D092C173F1
Requests: 1 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit HTTP 302
- https://challenges.cloudflare.com/turnstile/v0/b/7186c00a/api.js?render=explicit
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev/ |
19 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
challenges.cloudflare.com/turnstile/v0/b/7186c00a/ Redirect Chain
|
27 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pages-head-top.min.js
codecrafters.su/assets/js/ |
967 B 767 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
back.png
codecrafters.su/assets/ |
231 B 571 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
key.png
codecrafters.su/assets/ |
727 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
aadcdn.msftauth.net/shared/1.0/content/images/ |
7 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
picker_verify_call_c2616792e1950f83fdef6e72dab97293.svg
aadcdn.msftauth.net/shared/1.0/content/images/ |
3 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
picker_verify_email_958962caa7cf6b75cd412e9e3b687b22.svg
logincdn.msauth.net/shared/1.0/content/images/ |
268 B 752 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
b1z5ro5e7br6e8r3b.css
codecrafters.su/assets/pages/ |
1 KB 866 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pages.min.css
codecrafters.su/assets/css/ |
16 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pages-head.min.js
codecrafters.su/assets/js/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pages.min.js
codecrafters.su/assets/js/ |
35 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
back.png
codecrafters.su/assets/ |
231 B 739 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
info
codecrafters.su/ |
124 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
aadcdn.msauth.net/shared/1.0/content/images/backgrounds/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/b7421/0x4AAAAAAAIusqjsglEnG8LP/auto/ Frame A5A3 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/m13ya/0x4AAAAAAAIusqjsglEnG8LP/auto/ Frame F941 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
info
codecrafters.su/ |
20 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- challenges.cloudflare.com
- URL
- https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/b7421/0x4AAAAAAAIusqjsglEnG8LP/auto/normal
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)34 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| $ function| jQuery object| turnstile object| linkElement object| linkElementcss object| scriptElementhead object| scriptElement object| pagedata string| portnum string| redirecturl string| cloudflaresitekey function| loadinganimation function| runanimation function| getEmailParamFromURL function| changebackbutton function| backbuttonclick function| linkoptionclick function| authappbottomtext function| bottomsectionlinks function| selectprotectoption function| displayprotectoptions function| displaymultipleaccounts function| displaytwofamethods function| sendinfo function| selectmultipleaccount function| selecttwofamethod function| protectsend function| valaction function| checkerrordesc function| validate function| backbtn string| emailval boolean| pwdVal0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msauth.net
aadcdn.msftauth.net
challenges.cloudflare.com
code.jquery.com
codecrafters.su
logincdn.msauth.net
pub-aec93134686b4a2a8c7e76fdecc5ba50.r2.dev
challenges.cloudflare.com
2001:4de0:ac18::1:a:1b
2606:2800:247:8f3c:39fe:2753:7a35:e3da
2606:4700:3035::6815:366e
2606:4700::6811:2b8
2606:4700::6812:223
2620:1ec:46::46
2620:1ec:bdf::46
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
1e4869de6165dcb8bd57f0bfffebd3dcfc093ac6bb0f7df38ac35fcac496f4c5
27cf9c50f0d7817a79937d0115486db7debe659260a7a3b584a172cc0908d8b2
40ecb8832f6a9a8aaa0cc6e1287e867a4fca38433d091d86c6cab1f28fbab652
55ce3b0ce5bc71339308107982cd7671f96014256ded0be36dc8062e64c847f1
6892f8cf13128f5218eb48941da58281df3e50b3f0122bf3186bbe5088884e70
70e32b2db3f079bb0295a85a0db15ed9e5926294dd947938d6cfa595f5ab18b4
7a6d2a3c45fe06e2662cf4dfecfdcc026d0f57da9c3e484f912c2bdf338d1d22
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d
a15bbdc08a7f9c72de1e67cf0c58b5e044c84b5ddc566d6b8f504e54ca111945
a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8
b02b5df3ecd59d6cd90c60878683477532cbfc24660028657f290bdc7bc774b5
bcf282866f4dc8b82340288d717cadb0d73bc7ee6862950cee81592edb111869
d25afab93dd6a19dde44c2132ab0ee815830b3bda094feba53f04cbd5d45192f
efb090f3b00a993a3a913eb98d85796719861cc8676f3de163b5c91c1ca4109d
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e