pub-93e561647637432db1b9d69246c7b21e.r2.dev Open in urlscan Pro
2606:4700:7::eb Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://alvaranamao.com.br/Golfo/imemail/majest/
Effective URL:
https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html
Submission: On November 14 via automatic, source openphish (November 14th 2024, 3:05:06 am UTC) — Scanned from DE

Summary HTTP 34 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 34 HTTP transactions. The main IP is 2606:4700:7::eb, located in United States and belongs to . The main domain is pub-93e561647637432db1b9d69246c7b21e.r2.dev.
TLS certificate: Issued by E5 on September 29th 2024. Valid for: 3 months.

This is the only time pub-93e561647637432db1b9d69246c7b21e.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: USAA (Banking) Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
2	50.116.87.168 50.116.87.168	() ()
1 10	2606:4700:7::eb 2606:4700:7::eb	() ()
1	172.66.0.235 172.66.0.235	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	152.199.19.160 152.199.19.160	15133 (EDGECAST) (EDGECAST)
1	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
34	6

2 50.116.87.168 (United States)

ASN- ()
PTR: 50-116-87-168.unifiedlayer.com

alvaranamao.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700:7::eb (United States) 1 redirects

ASN- ()

pub-93e561647637432db1b9d69246c7b21e.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.66.0.235 (United States)

ASN13335 (CLOUDFLARENET, US)

pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.19.160 (United States)

ASN15133 (EDGECAST, US)

ajax.aspnetcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	r2.dev 1 redirects pub-93e561647637432db1b9d69246c7b21e.r2.dev pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev Failed	263 KB
2	alvaranamao.com.br alvaranamao.com.br	327 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 275	5 KB
1	aspnetcdn.com ajax.aspnetcdn.com — Cisco Umbrella Rank: 2723	30 KB
0	usaa.com Failed content.usaa.com Failed
34	5

	Domain	Requested by
6	pub-93e561647637432db1b9d69246c7b21e.r2.dev	1 redirects pub-93e561647637432db1b9d69246c7b21e.r2.dev
5	pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev	pub-93e561647637432db1b9d69246c7b21e.r2.dev
2	alvaranamao.com.br
1	cdnjs.cloudflare.com	pub-93e561647637432db1b9d69246c7b21e.r2.dev
1	ajax.aspnetcdn.com	pub-93e561647637432db1b9d69246c7b21e.r2.dev
0	content.usaa.com Failed	pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev
34	6

This site contains links to these domains. Also see Links.

Domain
www.usaa.com

Subject Issuer	Validity	Valid
*.alvaranamao.com.br R10	`2024-10-01` - `2024-12-30`	3 months	crt.sh
*.r2.dev E5	`2024-09-29` - `2024-12-28`	3 months	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2024-06-06` - `2025-06-06`	a year	crt.sh
cdnjs.cloudflare.com WE1	`2024-09-28` - `2024-12-27`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html
Frame ID: 96687B96B67D371BD4BB16B3201C8B83
Requests: 35 HTTP requests in this frame

Frame: https://pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/a.html
Frame ID: B47E87FDD984FEFF1B9662623B7962A8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Member Account Login | USAA

Page URL History Show full URLs

https://alvaranamao.com.br/Golfo/imemail/majest/ Page URL
https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html Page URL
https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/cdn-cgi/phish-bypass?atok=2S6XkNBgrfvDA3nUNAekJTjXYc10t_t44uKP76krW2I-173155... HTTP 301
https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html Page URL

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

34
Requests

41 %
HTTPS

20 %
IPv6

5
Domains

6
Subdomains

6
IPs

2
Countries

297 kB
Transfer

395 kB
Size

1
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.usaa.com/
Title: USAA logo. Redirects to USAA home. USAA logo

Search URL Search Domain Scan URL

URL: https://www.usaa.com/join/get-started/
Title: Join USAA

Search URL Search Domain Scan URL

URL: https://www.usaa.com/inet/ent_proof/proofingEvent?action=Init&event=registration
Title: Register for access

Search URL Search Domain Scan URL

URL: https://www.usaa.com/inet/wc/security_center?0&wa_ref=logon_jump_security_center
Title: Security Center

Search URL Search Domain Scan URL

URL: https://www.usaa.com/privacy
Title: Privacy Center

Search URL Search Domain Scan URL

URL: https://www.usaa.com/inet/pages/accessibility_at_usaa_main?wa_ref=pub_subglobal_footer_accessibility
Title: Accessibility at USAA

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://alvaranamao.com.br/Golfo/imemail/majest/ Page URL
https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html Page URL
https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/cdn-cgi/phish-bypass?atok=2S6XkNBgrfvDA3nUNAekJTjXYc10t_t44uKP76krW2I-1731553486-0.0.1.1-%2Findex2.html HTTP 301
https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

34 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
alvaranamao.com.br/Golfo/imemail/majest/ 213 B
286 B 654ms
156ms Document
text/html 50.116.87.168

General

Check archive.org

Show headers Download Go to

Full URL: https://alvaranamao.com.br/Golfo/imemail/majest/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.87.168 , United States, ASN (),
Reverse DNS: 50-116-87-168.unifiedlayer.com
Software: Apache /
Resource Hash: 27d0867969475eef81274dbe99838698f47ac37af03fca7418bbe8a33127bd22

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-length: 188
content-type: text/html; charset=UTF-8
date: Thu, 14 Nov 2024 03:04:45 GMT
server: Apache
vary: Accept-Encoding

GET
H/1.1 403
Forbidden index2.html Show response
pub-93e561647637432db1b9d69246c7b21e.r2.dev/ 4 KB
5 KB 209ms
47ms Document
text/html 2606:4700:7::eb

General

Check archive.org

Show headers Download Go to

Full URL

https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::eb , United States, ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

52ebfa7cf752dbca9c313f239f60acc7d2c15373e5715fbeb9798011e9cac2c9

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://alvaranamao.com.br/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

CF-RAY: 8e23c6a8bd019a17-FRA
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Thu, 14 Nov 2024 03:04:46 GMT
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN

GET
H2 200 favicon.ico
alvaranamao.com.br/ 0
41 B 154ms
153ms Other
text/html 50.116.87.168

General

Check archive.org

Show headers Download Go to

Full URL: https://alvaranamao.com.br/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.87.168 , United States, ASN (),
Reverse DNS: 50-116-87-168.unifiedlayer.com
Software: Apache /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://alvaranamao.com.br/Golfo/imemail/majest/

Response headers

content-length: 0
date: Thu, 14 Nov 2024 03:04:46 GMT
content-type: text/html; charset=UTF-8
server: Apache

GET
H/1.1 200
OK cf.errors.css
pub-93e561647637432db1b9d69246c7b21e.r2.dev/cdn-cgi/styles/ 23 KB
5 KB 87ms
44ms Stylesheet
text/css 2606:4700:7::eb

General

Check archive.org

Show headers Download Go to

Full URL

https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: pub-93e561647637432db1b9d69246c7b21e.r2.dev
URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::eb , United States, ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html

Response headers

Transfer-Encoding: chunked
Vary: Accept-Encoding
Cache-Control: max-age=7200, public
Content-Encoding: gzip
ETag: W/"672e2352-5df3"
Connection: keep-alive
X-Content-Type-Options: nosniff
CF-RAY: 8e23c6a99d2d9a17-FRA
Expires: Thu, 14 Nov 2024 05:04:46 GMT
Date: Thu, 14 Nov 2024 03:04:46 GMT
Content-Type: text/css
Last-Modified: Fri, 08 Nov 2024 14:42:26 GMT
Server: cloudflare
X-Frame-Options: DENY

GET
H/1.1 200
OK icon-exclamation.png
pub-93e561647637432db1b9d69246c7b21e.r2.dev/cdn-cgi/images/ 452 B
889 B 55ms
55ms Image
image/png 2606:4700:7::eb

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: pub-93e561647637432db1b9d69246c7b21e.r2.dev
URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/cdn-cgi/styles/cf.errors.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::eb , United States, ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/cdn-cgi/styles/cf.errors.css

Response headers

Vary: Accept-Encoding
Cache-Control: max-age=7200, public
ETag: "672e2352-1c4"
Connection: keep-alive
X-Content-Type-Options: nosniff
CF-RAY: 8e23c6a9ed469a17-FRA
Expires: Thu, 14 Nov 2024 05:04:46 GMT
Accept-Ranges: bytes
Content-Length: 452
Date: Thu, 14 Nov 2024 03:04:46 GMT
Content-Type: image/png
Last-Modified: Fri, 08 Nov 2024 14:42:26 GMT
Server: cloudflare
X-Frame-Options: DENY

GET
H/1.1 404
Not Found favicon.ico
pub-93e561647637432db1b9d69246c7b21e.r2.dev/ 27 KB
27 KB 192ms
191ms Other
text/html 2606:4700:7::eb

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::eb , United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html

Response headers

CF-RAY: 8e23c6aa4d5b9a17-FRA
Content-Length: 27150
Date: Thu, 14 Nov 2024 03:04:46 GMT
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive
Server: cloudflare

GET
H/1.1

200
OK

Primary Request index2.html Show response
pub-93e561647637432db1b9d69246c7b21e.r2.dev/
Redirect Chain

https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/cdn-cgi/phish-bypass?atok=2S6XkNBgrfvDA3nUNAekJTjXYc10t_t44uKP76krW2I-1731553486-0.0.1.1-%2Findex2.html
https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html

68 KB
68 KB

208ms
207ms

Document
text/html

2606:4700:7::eb

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::eb , United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 09a82ce069fbce8b393fbc9325baf5394d03b7560c79807e83b4d2153cafc60b

Request headers

Referer: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
CF-RAY: 8e23c6c9fd199a17-FRA
Connection: keep-alive
Content-Length: 69486
Content-Type: text/html
Date: Thu, 14 Nov 2024 03:04:51 GMT
ETag: "13938179c7511231c9eba36d859f2b27"
Last-Modified: Wed, 13 Nov 2024 12:38:15 GMT
Server: cloudflare
Vary: Accept-Encoding

Redirect headers

CF-RAY: 8e23c6c99ced9a17-FRA
Cache-Control: private, no-cache
Connection: keep-alive
Content-Length: 167
Content-Type: text/html
Date: Thu, 14 Nov 2024 03:04:51 GMT
Location: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html
Server: cloudflare
X-Content-Type-Options: nosniff
X-Frame-Options: DENY

GET tag.js
pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/ 0
0

GET
H/1.1 200
OK linkid.js Show response
pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/ 2 KB
2 KB 495ms
346ms Script
application/x-javascript 2606:4700:7::eb

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/linkid.js
Requested by: Host: pub-93e561647637432db1b9d69246c7b21e.r2.dev
URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::eb , United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/

Response headers

ETag: "0cc3a63fe10060af4a349e5df666eefe"
Connection: keep-alive
CF-RAY: 8e23c6cc4ec01e45-FRA
Accept-Ranges: bytes
Content-Length: 1569
Date: Thu, 14 Nov 2024 03:04:52 GMT
Content-Type: application/x-javascript
Last-Modified: Thu, 24 Oct 2024 13:56:37 GMT
Vary: Accept-Encoding
Server: cloudflare

GET
H/1.1 200
OK analytics.js Show response
pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/ 49 KB
49 KB 482ms
333ms Script
application/x-javascript 2606:4700:7::eb

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/analytics.js
Requested by: Host: pub-93e561647637432db1b9d69246c7b21e.r2.dev
URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::eb , United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/

Response headers

ETag: "fda30e8a22c9bcd954fd8d0fadd0e77c"
Connection: keep-alive
CF-RAY: 8e23c6cc4f7c9733-FRA
Accept-Ranges: bytes
Content-Length: 50230
Date: Thu, 14 Nov 2024 03:04:52 GMT
Content-Type: application/x-javascript
Last-Modified: Thu, 24 Oct 2024 13:56:36 GMT
Vary: Accept-Encoding
Server: cloudflare

GET
H/1.1 200
OK ent-unified-logon-web.562afa512e4a38e235af.css
pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/ 105 KB
105 KB 712ms
563ms Stylesheet
text/css 2606:4700:7::eb

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/ent-unified-logon-web.562afa512e4a38e235af.css
Requested by: Host: pub-93e561647637432db1b9d69246c7b21e.r2.dev
URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::eb , United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: f426675307979177d431528d09aef43dd4979d5c52b64c8310432769c54d12a0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/

Response headers

ETag: "2cc976fd990c44df26fae54444a4beb8"
Connection: keep-alive
CF-RAY: 8e23c6cc495030ea-FRA
Accept-Ranges: bytes
Content-Length: 107173
Date: Thu, 14 Nov 2024 03:04:52 GMT
Content-Type: text/css
Last-Modified: Thu, 24 Oct 2024 13:56:36 GMT
Vary: Accept-Encoding
Server: cloudflare

GET utag.js
pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/ 0
0

GET
H/1.1 200
OK ent-unified-logon-web.js Show response
pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/ 273 B
597 B 1280ms
912ms Script
application/x-javascript 172.66.0.235
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/ent-unified-logon-web.js
Requested by: Host: pub-93e561647637432db1b9d69246c7b21e.r2.dev
URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.0.235 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 12823479e57e579d5eb7af45a060336db24bfb84bf0af53a1099d6ca016973f2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/

Response headers

ETag: "1a6e4c1aade1d02a22faec181b827e84"
Connection: keep-alive
CF-RAY: 8e23c6cdbdeee508-TXL
Accept-Ranges: bytes
Content-Length: 273
Date: Thu, 14 Nov 2024 03:04:52 GMT
Content-Type: application/x-javascript
Last-Modified: Thu, 24 Oct 2024 13:56:36 GMT
Vary: Accept-Encoding
Server: cloudflare

GET utag.318.js
pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/ 0
0

GET utag.272.js
pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/ 0
0

GET utag.233.js
pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/ 0
0

GET utag.288.js
pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/ 0
0

GET utag.417.js
pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/ 0
0

GET utag.327.js
pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/ 0
0

GET
H/1.1 200
OK a.html
pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/ Frame B47E 0
0 459ms
330ms Document
text/html 2606:4700:7::eb

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/a.html
Requested by: Host: pub-93e561647637432db1b9d69246c7b21e.r2.dev
URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::eb , United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
CF-RAY: 8e23c6cc49fe71d7-FRA
Connection: keep-alive
Content-Length: 297
Content-Type: text/html
Date: Thu, 14 Nov 2024 03:04:52 GMT
ETag: "bb25d5c5137fdd5ff71f8129fe607fbc"
Last-Modified: Thu, 24 Oct 2024 13:56:35 GMT
Server: cloudflare
Vary: Accept-Encoding

GET
H2 200 jquery-3.3.1.min.js Show response
ajax.aspnetcdn.com/ajax/jQuery/ 85 KB
30 KB 198ms
45ms Script
application/javascript 152.199.19.160
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js

Requested by

Host: pub-93e561647637432db1b9d69246c7b21e.r2.dev
URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.160 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4C8F) /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/

Response headers

content-encoding: gzip
etag: "80288516b793d31:0"
age: 10821343
x-content-type-options: nosniff
x-cache: HIT
date: Thu, 14 Nov 2024 03:04:51 GMT
content-type: application/javascript
last-modified: Mon, 22 Jan 2018 19:27:49 GMT
vary: Accept-Encoding
cache-control: public,max-age=31536000
timing-allow-origin: *
accept-ranges: bytes
access-control-allow-origin: *
content-length: 30394
x-xss-protection: 1; mode=block
server: ECAcc (frc/4C8F)

GET
H3 200 jquery.mask.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/ 20 KB
5 KB 107ms
59ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js

Requested by

Host: pub-93e561647637432db1b9d69246c7b21e.r2.dev
URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5eb03ec3-4e98"
age: 36170
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JXfZGjL4fKxj8Nw0IESewQw2kEmcwgRPspqCW9wtYnTDY1j1I%2FsNfpuR77GeO2IP%2BgWMLJtmL2M3ctHoT%2BaOWwVmkXkNRHQ%2FoL1ukRapQKcxuFZ%2B9JCbcnf%2Fnw70IWvED%2BM9%2BFyq"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Tue, 04 Nov 2025 03:04:51 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 14 Nov 2024 03:04:51 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 04 May 2020 16:11:47 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8e23c6cbecda9732-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 4517
server: cloudflare

GET
DATA 200
OK truncated
/ 12 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ddb4133f601fa817524466b7bad394bb2330decf57c99762ba9c2cbd34e9e0e2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 155 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ceec846322efec91a63ccd7c7d369661a99347961bc00e4396d528d9b080f31c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml;charset=utf8

GET 9C7F15704715916A9.woff2
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET E83D71A074DF776F4.woff2
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET F68DD4439278D0467.woff2
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET 12C383965421BC56F.woff2
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET 9ECBC8FFB535D0532.woff2
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET C1B705B7AD8D5B4C6.woff2
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET 9ECBC8FFB535D0532.woff
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET E83D71A074DF776F4.woff
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET 12C383965421BC56F.woff
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET C1B705B7AD8D5B4C6.woff
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET 9C7F15704715916A9.woff
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET F68DD4439278D0467.woff
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev
URL: https://pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/tag.js

Domain: pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev
URL: https://pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/utag.js

Domain: pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev
URL: https://pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/utag.318.js

Domain: pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev
URL: https://pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/utag.272.js

Domain: pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev
URL: https://pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/utag.233.js

Domain: pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev
URL: https://pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/utag.288.js

Domain: pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev
URL: https://pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/utag.417.js

Domain: pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev
URL: https://pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev/files/utag.327.js

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/9C7F15704715916A9.woff2

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/E83D71A074DF776F4.woff2

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/F68DD4439278D0467.woff2

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/12C383965421BC56F.woff2

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/9ECBC8FFB535D0532.woff2

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/C1B705B7AD8D5B4C6.woff2

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/9ECBC8FFB535D0532.woff

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/E83D71A074DF776F4.woff

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/12C383965421BC56F.woff

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/C1B705B7AD8D5B4C6.woff

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/9C7F15704715916A9.woff

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/F68DD4439278D0467.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: USAA (Banking) Generic Cloudflare (Online)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.pub-93e561647637432db1b9d69246c7b21e.r2.dev/	1970-01-21 01:00:39	Name: __cf_mw_byp Value: 2S6XkNBgrfvDA3nUNAekJTjXYc10t_t44uKP76krW2I-1731553486-0.0.1.1-/index2.html

28 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)
recommendation	warning	URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html Message: [DOM] Found 4 elements with non-unique id #usaa-form-v5-6-1-input-7fnje8h8eml9: (More info: https://goo.gl/9p2vKq) %o %o %o %o
recommendation	warning	URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html Message: [DOM] Found 2 elements with non-unique id #usaa-form-v5-9-0-input-xq7wwfy5r5ls: (More info: https://goo.gl/9p2vKq) %o %o
javascript	error	URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/9ECBC8FFB535D0532.woff2' from origin 'https://pub-93e561647637432db1b9d69246c7b21e.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/9ECBC8FFB535D0532.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/E83D71A074DF776F4.woff2' from origin 'https://pub-93e561647637432db1b9d69246c7b21e.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/E83D71A074DF776F4.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/12C383965421BC56F.woff2' from origin 'https://pub-93e561647637432db1b9d69246c7b21e.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/12C383965421BC56F.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/C1B705B7AD8D5B4C6.woff2' from origin 'https://pub-93e561647637432db1b9d69246c7b21e.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/C1B705B7AD8D5B4C6.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/9C7F15704715916A9.woff2' from origin 'https://pub-93e561647637432db1b9d69246c7b21e.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/9C7F15704715916A9.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/F68DD4439278D0467.woff2' from origin 'https://pub-93e561647637432db1b9d69246c7b21e.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/F68DD4439278D0467.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/9ECBC8FFB535D0532.woff' from origin 'https://pub-93e561647637432db1b9d69246c7b21e.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/9ECBC8FFB535D0532.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/E83D71A074DF776F4.woff' from origin 'https://pub-93e561647637432db1b9d69246c7b21e.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/E83D71A074DF776F4.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/12C383965421BC56F.woff' from origin 'https://pub-93e561647637432db1b9d69246c7b21e.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/12C383965421BC56F.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/C1B705B7AD8D5B4C6.woff' from origin 'https://pub-93e561647637432db1b9d69246c7b21e.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/C1B705B7AD8D5B4C6.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/9C7F15704715916A9.woff' from origin 'https://pub-93e561647637432db1b9d69246c7b21e.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/9C7F15704715916A9.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pub-93e561647637432db1b9d69246c7b21e.r2.dev/index2.html Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/F68DD4439278D0467.woff' from origin 'https://pub-93e561647637432db1b9d69246c7b21e.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/F68DD4439278D0467.woff Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.aspnetcdn.com
alvaranamao.com.br
cdnjs.cloudflare.com
content.usaa.com
pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev
pub-93e561647637432db1b9d69246c7b21e.r2.dev
content.usaa.com
pub-8efc0de7d3fe47a6ae844c7877fec9e1.r2.dev
104.17.24.14
152.199.19.160
172.66.0.235
2606:4700:7::eb
50.116.87.168
09a82ce069fbce8b393fbc9325baf5394d03b7560c79807e83b4d2153cafc60b
12823479e57e579d5eb7af45a060336db24bfb84bf0af53a1099d6ca016973f2
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
27d0867969475eef81274dbe99838698f47ac37af03fca7418bbe8a33127bd22
52ebfa7cf752dbca9c313f239f60acc7d2c15373e5715fbeb9798011e9cac2c9
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
ceec846322efec91a63ccd7c7d369661a99347961bc00e4396d528d9b080f31c
ddb4133f601fa817524466b7bad394bb2330decf57c99762ba9c2cbd34e9e0e2
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f426675307979177d431528d09aef43dd4979d5c52b64c8310432769c54d12a0

pub-93e561647637432db1b9d69246c7b21e.r2.dev Open in urlscan Pro 2606:4700:7::eb Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

34 Requests

41 %HTTPS

20 %IPv6

5 Domains

6 Subdomains

6 IPs

2 Countries

297 kBTransfer

395 kBSize

1 Cookies

6 Outgoing links

Page URL History

Redirected requests

34 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

1 Cookies

28 Console Messages

Indicators

pub-93e561647637432db1b9d69246c7b21e.r2.dev Open in urlscan Pro
2606:4700:7::eb Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

34
Requests

41 %
HTTPS

20 %
IPv6

5
Domains

6
Subdomains

6
IPs

2
Countries

297 kB
Transfer

395 kB
Size

1
Cookies

34 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!