pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev Open in urlscan Pro
2606:4700::6812:323 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://webmail-spectrum.duckdns.org/
Effective URL:
https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/index.html
Submission: On September 18 via automatic, source openphish (September 18th 2024, 2:25:14 pm UTC) — Scanned from US

Summary HTTP 18 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 9 IPs in 2 countries across 10 domains to perform 18 HTTP transactions. The main IP is 2606:4700::6812:323, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev.
TLS certificate: Issued by E6 on August 1st 2024. Valid for: 3 months.

This is the only time pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Spectrum (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
1 1	76.76.21.21 76.76.21.21	16509 (AMAZON-02) (AMAZON-02)
1	76.76.21.241 76.76.21.241	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6812:323	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	35.172.154.148 35.172.154.148	14618 (AMAZON-AES) (AMAZON-AES)
1	104.18.10.207 104.18.10.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.217.165.132 172.217.165.132	15169 (GOOGLE) (GOOGLE)
1	152.199.4.33 152.199.4.33	15133 (EDGECAST) (EDGECAST)
1	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:821::2003	15169 (GOOGLE) (GOOGLE)
18	9

1 76.76.21.21 (Walnut, United States) 1 redirects

ASN16509 (AMAZON-02, US)

webmail-spectrum.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.76.21.241 (Walnut, United States)

ASN16509 (AMAZON-02, US)

webmail-spectrum.vercel.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:323 (United States)

ASN13335 (CLOUDFLARENET, US)

pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.172.154.148 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-172-154-148.compute-1.amazonaws.com

webmail.spectrum.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.10.207 (None, )

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.165.132 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s70-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.4.33 (United States)

ASN15133 (EDGECAST, US)

ajax.aspnetcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:821::2003 (United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	spectrum.net webmail.spectrum.net — Cisco Umbrella Rank: 92369	152 KB
2	r2.dev pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev	37 KB
1	gstatic.com www.gstatic.com	213 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 215	5 KB
1	aspnetcdn.com ajax.aspnetcdn.com — Cisco Umbrella Rank: 2720	38 KB
1	google.com www.google.com — Cisco Umbrella Rank: 3	967 B
1	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1134	7 KB
1	vercel.app webmail-spectrum.vercel.app	668 B
1	duckdns.org 1 redirects webmail-spectrum.duckdns.org	365 B
0	cloudfront.net Failed d1ff979u6gd5fc.cloudfront.net Failed
18	10

	Domain	Requested by
5	webmail.spectrum.net	pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev
2	pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev	webmail-spectrum.vercel.app
1	www.gstatic.com	www.google.com
1	cdnjs.cloudflare.com	pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev
1	ajax.aspnetcdn.com	pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev
1	www.google.com	pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev
1	maxcdn.bootstrapcdn.com	pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev
1	webmail-spectrum.vercel.app
1	webmail-spectrum.duckdns.org	1 redirects
0	d1ff979u6gd5fc.cloudfront.net Failed	webmail.spectrum.net
18	10

This site contains links to these domains. Also see Links.

Domain
www.spectrum.net
watch.spectrum.net
urt.rr.com
pt.rr.com
www.spectrumreach.com
www.spectrum.com
spectrum.com

Subject Issuer	Validity	Valid
*.vercel.app R11	`2024-08-14` - `2024-11-12`	3 months	crt.sh
*.r2.dev E6	`2024-08-01` - `2024-10-30`	3 months	crt.sh
*.spectrum.net Amazon RSA 2048 M02	`2024-03-08` - `2025-04-05`	a year	crt.sh
bootstrapcdn.com WE1	`2024-07-23` - `2024-10-21`	3 months	crt.sh
*.google.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2024-06-06` - `2025-06-06`	a year	crt.sh
cdnjs.cloudflare.com WE1	`2024-07-31` - `2024-10-29`	3 months	crt.sh
*.gstatic.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/index.html
Frame ID: D53EE87B79BC0B884B4B96AAA708F9B5
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log In - Webmail

Page URL History Show full URLs

https://webmail-spectrum.duckdns.org/ HTTP 308
https://webmail-spectrum.vercel.app/ Page URL
https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/index.html Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

18
Requests

72 %
HTTPS

22 %
IPv6

10
Domains

10
Subdomains

9
IPs

2
Countries

453 kB
Transfer

857 kB
Size

1
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://www.spectrum.net/login/
Title: Manage Account

Search URL Search Domain Scan URL

URL: https://www.spectrum.net/support/
Title: Get Support

Search URL Search Domain Scan URL

URL: https://watch.spectrum.net/
Title: Watch TV

Search URL Search Domain Scan URL

URL: https://www.spectrum.net/hoh
Title: Create an Email Address

Search URL Search Domain Scan URL

URL: https://urt.rr.com/
Title: Forgot Email Address?

Search URL Search Domain Scan URL

URL: https://pt.rr.com/
Title: Forgot Email Password?

Search URL Search Domain Scan URL

URL: https://www.spectrumreach.com/
Title: Advertise with Us

Search URL Search Domain Scan URL

URL: https://www.spectrum.com/policies/your-privacy-rights
Title: Your Privacy Rights

Search URL Search Domain Scan URL

URL: https://www.spectrum.com/policies/website-privacy-policy.html
Title: Web Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.spectrum.com/policies/california
Title: California Consumer Privacy Rights

Search URL Search Domain Scan URL

URL: https://spectrum.com/policies/your-privacy-rights-opt-out
Title: California Consumer Do Not Sell My Personal Information

Search URL Search Domain Scan URL

URL: https://www.spectrum.com/policies/terms-of-service.html
Title: Spectrum Subscriber Policies

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://webmail-spectrum.duckdns.org/ HTTP 308
https://webmail-spectrum.vercel.app/ Page URL
https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://webmail-spectrum.duckdns.org/ HTTP 308
https://webmail-spectrum.vercel.app/

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
webmail-spectrum.vercel.app/
Redirect Chain

https://webmail-spectrum.duckdns.org/
https://webmail-spectrum.vercel.app/

415 B
668 B

212ms
81ms

Document
text/html

76.76.21.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://webmail-spectrum.vercel.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.241 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

fd613174fabb8d4f2d461de2ee7f3591a4376ff509aa1d4f531761a7cd854b72

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 66213
cache-control: public, max-age=0, must-revalidate
content-disposition: inline
content-length: 415
content-type: text/html; charset=utf-8
date: Wed, 18 Sep 2024 14:25:07 GMT
etag: "bf40765c77bd987de94577c0a83f0d8a"
server: Vercel
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-vercel-cache: HIT
x-vercel-id: iad1::gp2ss-1726669507808-0f1b6f596033

Redirect headers

cache-control: public, max-age=0, must-revalidate
content-type: text/html
date: Wed, 18 Sep 2024 14:25:07 GMT
location: https://webmail-spectrum.vercel.app/
refresh: 0;url=https://webmail-spectrum.vercel.app/
server: Vercel
strict-transport-security: max-age=63072000
x-vercel-id: iad1::gp2ss-1726669507586-e6456f32c410

GET
H/1.1 200
OK Primary Request index.html Show response
pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/ 10 KB
10 KB 431ms
341ms Document
text/html 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/index.html
Requested by: Host: webmail-spectrum.vercel.app
URL: https://webmail-spectrum.vercel.app/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8b0b9762ec5492fe4bfea7ac5596cdc90aab04fbb951fb71127c19cbab3a427

Request headers

Referer: https://webmail-spectrum.vercel.app/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
CF-RAY: 8c5200e938ec74a2-MIA
Connection: keep-alive
Content-Length: 10226
Content-Type: text/html
Date: Wed, 18 Sep 2024 14:25:08 GMT
ETag: "3452ba8c92648fff8eb7eca7dca46eb8"
Last-Modified: Tue, 17 Sep 2024 19:13:36 GMT
Server: cloudflare
Vary: Accept-Encoding

GET
H2 200 rutledge.css
webmail.spectrum.net/application/modules/mail/views/scripts/mail/css/ 5 KB
5 KB 398ms
217ms Stylesheet
text/css 35.172.154.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://webmail.spectrum.net/application/modules/mail/views/scripts/mail/css/rutledge.css?v=2.11.1_3
Requested by: Host: pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev
URL: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.172.154.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-172-154-148.compute-1.amazonaws.com
Software: nginx /
Resource Hash: d0ccab8c62e3914173619ccb183a8bbe6df396a5e7bc788c8c28c1f7b2182d66

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/

Response headers

cache-control: max-age=2592000
etag: "6390d7c2-138f"
expires: Fri, 18 Oct 2024 14:25:08 GMT
accept-ranges: bytes
content-length: 5007
date: Wed, 18 Sep 2024 14:25:08 GMT
content-type: text/css
last-modified: Wed, 07 Dec 2022 18:13:22 GMT
server: nginx

GET
H2 200 sb-icons.css
webmail.spectrum.net/application/modules/mail/views/scripts/mail/css/ 1 KB
2 KB 398ms
219ms Stylesheet
text/css 35.172.154.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://webmail.spectrum.net/application/modules/mail/views/scripts/mail/css/sb-icons.css?v=2.11.1_3
Requested by: Host: pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev
URL: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.172.154.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-172-154-148.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 72c04351fd3ed71e3b3fe5f37632335085798fa886f1afd30cc5398b6c6cd552

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/

Response headers

cache-control: max-age=2592000
etag: "6390d7c2-4b9"
expires: Fri, 18 Oct 2024 14:25:08 GMT
accept-ranges: bytes
content-length: 1209
date: Wed, 18 Sep 2024 14:25:08 GMT
content-type: text/css
last-modified: Wed, 07 Dec 2022 18:13:22 GMT
server: nginx

GET
H3 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ 27 KB
7 KB 215ms
41ms Stylesheet
text/css 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css

Requested by

Host: pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev
URL: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/

Response headers

cdn-status: 200
content-encoding: br
cf-cache-status: HIT
etag: W/"4fbd15cb6047af93373f4f895639c8bf"
age: 6904254
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
date: Wed, 18 Sep 2024 14:25:08 GMT
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-cache: HIT
cdn-cachedat: 03/18/2024 12:53:39
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
timing-allow-origin: *
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 534cd5308c1e3efdb08d71efb2bcbc5f
cross-origin-resource-policy: cross-origin
cdn-pullzone: 252412
cdn-proxyver: 1.04
cf-ray: 8c5200ec88b00a2e-MIA
access-control-allow-origin: *
cdn-edgestorageid: 625
server: cloudflare
cdn-requestcountrycode: US

GET
H2 200 login.css
webmail.spectrum.net/application/modules/mail/views/scripts/auth/css/ 6 KB
6 KB 234ms
57ms Stylesheet
text/css 35.172.154.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://webmail.spectrum.net/application/modules/mail/views/scripts/auth/css/login.css?v=2.11.1_3
Requested by: Host: pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev
URL: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.172.154.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-172-154-148.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 0e7844897e2ad91585d7ae76659691df8b8044fd2d92979b007997a13816d0a3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/

Response headers

cache-control: max-age=2592000
etag: "6390d7c2-1683"
expires: Fri, 18 Oct 2024 14:25:08 GMT
accept-ranges: bytes
content-length: 5763
date: Wed, 18 Sep 2024 14:25:08 GMT
content-type: text/css
last-modified: Wed, 07 Dec 2022 18:13:22 GMT
server: nginx

GET
H2 200 spectrum.css
webmail.spectrum.net/application/modules/mail/views/scripts/mail/css/ 127 KB
128 KB 288ms
111ms Stylesheet
text/css 35.172.154.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://webmail.spectrum.net/application/modules/mail/views/scripts/mail/css/spectrum.css?v=2.11.1_3
Requested by: Host: pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev
URL: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.172.154.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-172-154-148.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b5d9d0bcbd16baa63ee4dc99794948f69487ccf6fc4daa23b20827f83f4ef88e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/

Response headers

cache-control: max-age=2592000
etag: "6390d7c2-1fd50"
expires: Fri, 18 Oct 2024 14:25:08 GMT
accept-ranges: bytes
content-length: 130384
date: Wed, 18 Sep 2024 14:25:08 GMT
content-type: text/css
last-modified: Wed, 07 Dec 2022 18:13:22 GMT
server: nginx

GET
H2 200 spectrum-logo.svg
webmail.spectrum.net/application/modules/mail/views/scripts/mail/images/logos/ 10 KB
10 KB 397ms
219ms Image
image/svg+xml 35.172.154.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webmail.spectrum.net/application/modules/mail/views/scripts/mail/images/logos/spectrum-logo.svg?v=2.11.1_3
Requested by: Host: pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev
URL: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.172.154.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-172-154-148.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 059197cdfcc9b8f79681f308720087c5e803bd1ac207fe501f99ed3fd1778088

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/

Response headers

cache-control: max-age=2592000
etag: "6390d7c2-277b"
expires: Fri, 18 Oct 2024 14:25:08 GMT
accept-ranges: bytes
content-length: 10107
date: Wed, 18 Sep 2024 14:25:08 GMT
content-type: image/svg+xml
last-modified: Wed, 07 Dec 2022 18:13:22 GMT
server: nginx

GET
H3 200 api.js Show response
www.google.com/recaptcha/ 1 KB
967 B 216ms
88ms Script
text/javascript 172.217.165.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev
URL: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.165.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s70-in-f4.1e100.net

Software

ESF /

Resource Hash

7cb7b3e07675cd1ed331968cdc8e63cade8b8cff7bb3a60a7b8d74129e8dbfda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/

Response headers

cache-control: private, max-age=300
content-encoding: gzip
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options: nosniff
expires: Wed, 18 Sep 2024 14:25:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date: Wed, 18 Sep 2024 14:25:08 GMT
x-xss-protection: 0
content-type: text/javascript; charset=utf-8
server: ESF
x-frame-options: SAMEORIGIN

GET
H2 200 jquery-3.3.1.min.js Show response
ajax.aspnetcdn.com/ajax/jQuery/ 85 KB
38 KB 208ms
32ms Script
application/javascript 152.199.4.33
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js

Requested by

Host: pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev
URL: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.4.33 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (mid/8720) /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/

Response headers

content-encoding: gzip
etag: "af301a17b793d31:0"
age: 14526157
x-content-type-options: nosniff
x-cache: HIT
date: Wed, 18 Sep 2024 14:25:08 GMT
content-type: application/javascript
last-modified: Mon, 22 Jan 2018 19:27:49 GMT
vary: Accept-Encoding
cache-control: public,max-age=31536000
timing-allow-origin: *
accept-ranges: bytes
access-control-allow-origin: *
content-length: 38892
x-xss-protection: 1; mode=block
server: ECAcc (mid/8720)

GET
H3 200 jquery.mask.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/ 20 KB
5 KB 82ms
42ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js

Requested by

Host: pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev
URL: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5eb03ec3-4e98"
age: 78610
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hYM8YfRe0gHgFcup30GO%2FaPEsZgDNCJoJ83TS85Yk6molrWglaAy6D2g83O76GaAqzsoM%2B6ujClNqELxuvU8HMFJe7MNW7OXKMMZutz9QpL%2B%2Fm50KBKlBDG7VmfpavkZgk%2Bnb9Ub"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Mon, 08 Sep 2025 14:25:08 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 18 Sep 2024 14:25:08 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 04 May 2020 16:11:47 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8c5200ecdf4431e0-MIA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 4517
server: cloudflare

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/EGbODne6buzpTnWrrBprcfAY/ 538 KB
213 KB 310ms
61ms Script
text/javascript 2607:f8b0:4006:821::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/EGbODne6buzpTnWrrBprcfAY/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4943e91f7f53318d481ca07297395abbc52541c2be55d7276ecda152cd7ad9c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev
Referer: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/

Response headers

content-encoding: gzip
age: 1296
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options: nosniff
expires: Thu, 18 Sep 2025 14:03:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 18 Sep 2024 14:03:33 GMT
last-modified: Tue, 03 Sep 2024 02:00:38 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges: bytes
access-control-allow-origin: *
content-length: 217247
x-xss-protection: 0
server: sffe

GET rutledge-medium.woff
d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/medium/ 0
0

GET sb-icons.woff
d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/sb-icons/ 0
0

GET rutledge-regular.woff
d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/regular/ 0
0

GET rutledge-light.woff
d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/light/ 0
0

GET sb-icons.ttf
d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/sb-icons/ 0
0

GET
H/1.1 404
Not Found favicon.ico
pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/ 27 KB
27 KB 311ms
310ms Other
text/html 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/index.html

Response headers

CF-RAY: 8c5200f1dd0a74a2-MIA
Content-Length: 27150
Date: Wed, 18 Sep 2024 14:25:09 GMT
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive
Server: cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: d1ff979u6gd5fc.cloudfront.net
URL: https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/medium/rutledge-medium.woff

Domain: d1ff979u6gd5fc.cloudfront.net
URL: https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/sb-icons/sb-icons.woff

Domain: d1ff979u6gd5fc.cloudfront.net
URL: https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/regular/rutledge-regular.woff

Domain: d1ff979u6gd5fc.cloudfront.net
URL: https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/light/rutledge-light.woff

Domain: d1ff979u6gd5fc.cloudfront.net
URL: https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/sb-icons/sb-icons.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Spectrum (Telecommunication)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			webmail.spectrum.net/	1970-01-20 23:47:54	Name: AWSALBCORS Value: 72vd19u4FEzMrW0vGf5eQITQRiXRN34zEv5U/4sljicsWKK87lZdRKu8kNNXqorJ1npClaMNE1lFudR6V+D3+RBw2/kj+bSas0Q9hT6mNG0Ss2kZjYJIAT7RxDTd

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/index.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
javascript	error	URL: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/index.html Message: Access to font at 'https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/medium/rutledge-medium.woff' from origin 'https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/medium/rutledge-medium.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/index.html Message: Access to font at 'https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/sb-icons/sb-icons.woff' from origin 'https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/sb-icons/sb-icons.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/index.html Message: Access to font at 'https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/regular/rutledge-regular.woff' from origin 'https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/regular/rutledge-regular.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/index.html Message: Access to font at 'https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/light/rutledge-light.woff' from origin 'https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/light/rutledge-light.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/index.html Message: Access to font at 'https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/sb-icons/sb-icons.ttf' from origin 'https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/sb-icons/sb-icons.ttf Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.aspnetcdn.com
cdnjs.cloudflare.com
d1ff979u6gd5fc.cloudfront.net
maxcdn.bootstrapcdn.com
pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev
webmail-spectrum.duckdns.org
webmail-spectrum.vercel.app
webmail.spectrum.net
www.google.com
www.gstatic.com
d1ff979u6gd5fc.cloudfront.net
104.17.25.14
104.18.10.207
152.199.4.33
172.217.165.132
2606:4700::6812:323
2607:f8b0:4006:821::2003
35.172.154.148
76.76.21.21
76.76.21.241
059197cdfcc9b8f79681f308720087c5e803bd1ac207fe501f99ed3fd1778088
0e7844897e2ad91585d7ae76659691df8b8044fd2d92979b007997a13816d0a3
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
4943e91f7f53318d481ca07297395abbc52541c2be55d7276ecda152cd7ad9c3
72c04351fd3ed71e3b3fe5f37632335085798fa886f1afd30cc5398b6c6cd552
7cb7b3e07675cd1ed331968cdc8e63cade8b8cff7bb3a60a7b8d74129e8dbfda
9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66
b5d9d0bcbd16baa63ee4dc99794948f69487ccf6fc4daa23b20827f83f4ef88e
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
d0ccab8c62e3914173619ccb183a8bbe6df396a5e7bc788c8c28c1f7b2182d66
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
e8b0b9762ec5492fe4bfea7ac5596cdc90aab04fbb951fb71127c19cbab3a427
fd613174fabb8d4f2d461de2ee7f3591a4376ff509aa1d4f531761a7cd854b72

pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev Open in urlscan Pro 2606:4700::6812:323 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

72 %HTTPS

22 %IPv6

10 Domains

10 Subdomains

9 IPs

2 Countries

453 kBTransfer

857 kBSize

1 Cookies

12 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

1 Cookies

12 Console Messages

Security Headers

Indicators

pub-ac95e388694c4b218cb0d275b84cb27b.r2.dev Open in urlscan Pro
2606:4700::6812:323 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

72 %
HTTPS

22 %
IPv6

10
Domains

10
Subdomains

9
IPs

2
Countries

453 kB
Transfer

857 kB
Size

1
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!