pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev Open in urlscan Pro
2606:4700::6812:323 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://snap.berkeley.edu//apps.ajdconsultoria.com.br/system/???68769220-42445
Effective URL:
https://pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev/OWAOutlook.html
Submission: On June 08 via api (June 8th 2023, 8:46:24 pm UTC) from CA — Scanned from DE

Summary HTTP 7 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 7 HTTP transactions. The main IP is 2606:4700::6812:323, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev.
TLS certificate: Issued by E1 on April 17th 2023. Valid for: 3 months.

This is the only time pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook Web Access (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	138.197.63.88 138.197.63.88	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 2	65.111.172.219 65.111.172.219	15083 (INFOLINK-...) (INFOLINK-MIA-)
1 2	2602:fea2:2::1 2602:fea2:2::1	40680 (PROTOCOL) (PROTOCOL)
1	2606:4700::68... 2606:4700::6812:323	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a02:26f0:350... 2a02:26f0:3500:594::356e	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7	6

1 138.197.63.88 (Clifton, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

snap.berkeley.edu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.111.172.219 (Miami, United States) 1 redirects

ASN15083 (INFOLINK-MIA-, US)
PTR: email.registercompass.com

apps.ajdconsultoria.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2602:fea2:2::1 (United States) 1 redirects

ASN40680 (PROTOCOL, US)

dweb.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
bafybeiff57ypozd42nio2bix4e75zmnofshvmjfiexhbz534pg45vsgod4.ipfs.dweb.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:323 (United States)

ASN13335 (CLOUDFLARENET, US)

pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:594::356e (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

c.s-microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	s-microsoft.com c.s-microsoft.com — Cisco Umbrella Rank: 5764	62 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 993 stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2712	28 KB
2	dweb.link 1 redirects dweb.link — Cisco Umbrella Rank: 30620 bafybeiff57ypozd42nio2bix4e75zmnofshvmjfiexhbz534pg45vsgod4.ipfs.dweb.link	2 KB
2	ajdconsultoria.com.br 1 redirects apps.ajdconsultoria.com.br	1 KB
1	r2.dev pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev	10 KB
1	berkeley.edu 1 redirects snap.berkeley.edu — Cisco Umbrella Rank: 821534	304 B
7	6

	Domain	Requested by
2	c.s-microsoft.com	pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev
2	apps.ajdconsultoria.com.br	1 redirects
1	stackpath.bootstrapcdn.com	pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev
1	maxcdn.bootstrapcdn.com	pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev
1	pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev
1	bafybeiff57ypozd42nio2bix4e75zmnofshvmjfiexhbz534pg45vsgod4.ipfs.dweb.link
1	dweb.link	1 redirects
1	snap.berkeley.edu	1 redirects
7	8

This site contains no links.

Subject Issuer	Validity	Valid
apps.ajdconsultoria.com.br R3	`2023-04-23` - `2023-07-22`	3 months	crt.sh
*.i.ipfs.io R3	`2023-03-27` - `2023-06-25`	3 months	crt.sh
*.r2.dev E1	`2023-04-17` - `2023-07-16`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-12-30` - `2023-12-30`	a year	crt.sh
www.microsoft.com Microsoft Azure TLS Issuing CA 06	`2022-10-04` - `2023-09-29`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev/OWAOutlook.html
Frame ID: 507576AF283916EAF96E165B83669E41
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Outlook Web Access - Secure Login

Page URL History Show full URLs

https://snap.berkeley.edu//apps.ajdconsultoria.com.br/system/???68769220-42445 HTTP 301
https://apps.ajdconsultoria.com.br/system HTTP 301
https://apps.ajdconsultoria.com.br/system/ Page URL
https://dweb.link/ipfs/QmZWQBgRHRbytv9jhLihfQhGoTVF62hKJSyDtoh2ANBc7Q?filename=0wa.html HTTP 301
https://bafybeiff57ypozd42nio2bix4e75zmnofshvmjfiexhbz534pg45vsgod4.ipfs.dweb.link/?filename=0wa.html Page URL
https://pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev/OWAOutlook.html Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

7
Requests

100 %
HTTPS

67 %
IPv6

6
Domains

8
Subdomains

6
IPs

2
Countries

103 kB
Transfer

236 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://snap.berkeley.edu//apps.ajdconsultoria.com.br/system/???68769220-42445 HTTP 301
https://apps.ajdconsultoria.com.br/system HTTP 301
https://apps.ajdconsultoria.com.br/system/ Page URL
https://dweb.link/ipfs/QmZWQBgRHRbytv9jhLihfQhGoTVF62hKJSyDtoh2ANBc7Q?filename=0wa.html HTTP 301
https://bafybeiff57ypozd42nio2bix4e75zmnofshvmjfiexhbz534pg45vsgod4.ipfs.dweb.link/?filename=0wa.html Page URL
https://pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev/OWAOutlook.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://snap.berkeley.edu//apps.ajdconsultoria.com.br/system/???68769220-42445 HTTP 301
https://apps.ajdconsultoria.com.br/system HTTP 301
https://apps.ajdconsultoria.com.br/system/

Request Chain 1

https://dweb.link/ipfs/QmZWQBgRHRbytv9jhLihfQhGoTVF62hKJSyDtoh2ANBc7Q?filename=0wa.html HTTP 301
https://bafybeiff57ypozd42nio2bix4e75zmnofshvmjfiexhbz534pg45vsgod4.ipfs.dweb.link/?filename=0wa.html

7 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

/ Show response
apps.ajdconsultoria.com.br/system/
Redirect Chain

https://snap.berkeley.edu//apps.ajdconsultoria.com.br/system/???68769220-42445
https://apps.ajdconsultoria.com.br/system
https://apps.ajdconsultoria.com.br/system/

908 B
1007 B

126ms
125ms

Document
text/html

65.111.172.219
INFOLINK-MIA-

General

Check archive.org

Show headers Download Go to

Full URL

https://apps.ajdconsultoria.com.br/system/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

65.111.172.219 Miami, United States, ASN15083 (INFOLINK-MIA-, US),

Reverse DNS

email.registercompass.com

Software

Apache/2.4.38 (Debian) /

Resource Hash

b726d4a3163a7e73991683f12b38cf44009e83b6e31ef3e07e1f0c39b9683925

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 625
Content-Type: text/html
Date: Thu, 08 Jun 2023 20:46:19 GMT
Keep-Alive: timeout=5, max=99
Last-Modified: Tue, 06 Jun 2023 18:36:07 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=15768000
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block

Redirect headers

Connection: Keep-Alive
Content-Length: 250
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 08 Jun 2023 20:46:19 GMT
Keep-Alive: timeout=5, max=100
Location: https://apps.ajdconsultoria.com.br/system/
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=15768000

GET
H2

200

/
bafybeiff57ypozd42nio2bix4e75zmnofshvmjfiexhbz534pg45vsgod4.ipfs.dweb.link/
Redirect Chain

https://dweb.link/ipfs/QmZWQBgRHRbytv9jhLihfQhGoTVF62hKJSyDtoh2ANBc7Q?filename=0wa.html
https://bafybeiff57ypozd42nio2bix4e75zmnofshvmjfiexhbz534pg45vsgod4.ipfs.dweb.link/?filename=0wa.html

788 B
1 KB

485ms
475ms

Document
text/html

2602:fea2:2::1
PROTOCOL

General

Check archive.org

Show headers Download Go to

Full URL

https://bafybeiff57ypozd42nio2bix4e75zmnofshvmjfiexhbz534pg45vsgod4.ipfs.dweb.link/?filename=0wa.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US),

Reverse DNS

Software

openresty /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://apps.ajdconsultoria.com.br/system/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
access-control-allow-methods: GET GET, POST, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output
cache-control: public, max-age=29030400, immutable
content-disposition: inline; filename="0wa.html"; filename*=UTF-8''0wa.html
content-encoding: gzip
content-type: text/html
date: Thu, 08 Jun 2023 20:46:20 GMT
etag: W/"bafybeiff57ypozd42nio2bix4e75zmnofshvmjfiexhbz534pg45vsgod4"
server: openresty
strict-transport-security: max-age=31536000; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
x-ipfs-gateway-host: ipfs-bank15-fr2
x-ipfs-lb-pop: gateway-bank1-fr2
x-ipfs-path: /ipfs/bafybeiff57ypozd42nio2bix4e75zmnofshvmjfiexhbz534pg45vsgod4/
x-ipfs-pop: ipfs-bank15-fr2
x-ipfs-roots: bafybeiff57ypozd42nio2bix4e75zmnofshvmjfiexhbz534pg45vsgod4
x-proxy-cache: MISS

Redirect headers

access-control-allow-headers: X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
access-control-allow-methods: GET GET, POST, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output
cache-control: public, max-age=29030400, immutable
content-disposition: inline; filename="0wa.html"; filename*=UTF-8''0wa.html
content-length: 788
content-type: text/html
date: Thu, 08 Jun 2023 20:46:20 GMT
etag: "QmZWQBgRHRbytv9jhLihfQhGoTVF62hKJSyDtoh2ANBc7Q"
location: https://bafybeiff57ypozd42nio2bix4e75zmnofshvmjfiexhbz534pg45vsgod4.ipfs.dweb.link/?filename=0wa.html
server: openresty
strict-transport-security: max-age=31536000; includeSubDomains; preload
timing-allow-origin: *
x-ipfs-gateway-host: ipfs-bank10-fr2
x-ipfs-lb-pop: gateway-bank1-fr2
x-ipfs-path: /ipfs/QmZWQBgRHRbytv9jhLihfQhGoTVF62hKJSyDtoh2ANBc7Q
x-ipfs-pop: ipfs-bank10-fr2
x-ipfs-roots: QmZWQBgRHRbytv9jhLihfQhGoTVF62hKJSyDtoh2ANBc7Q
x-proxy-cache: MISS

GET
H/1.1 200
OK Primary Request OWAOutlook.html Show response
pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev/ 17 KB
10 KB 726ms
691ms Document
text/html 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev/OWAOutlook.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 928deab03447edb4276fb709195477943eddf88f6a73d6c127cf0edcf9f284ce

Request headers

Referer: https://bafybeiff57ypozd42nio2bix4e75zmnofshvmjfiexhbz534pg45vsgod4.ipfs.dweb.link/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

CF-RAY: 7d43fbd458a13a43-FRA
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Thu, 08 Jun 2023 20:46:21 GMT
ETag: W/"3a17094d2e290d34425bb9176d203c11"
Last-Modified: Tue, 06 Jun 2023 18:13:03 GMT
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ 118 KB
20 KB 49ms
19ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css

Requested by

Host: pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev
URL: https://pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev/OWAOutlook.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev/
Origin: https://pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Thu, 08 Jun 2023 20:46:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 1082
age: 99815
cdn-cachedat: 01/05/2023 13:19:14
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-proxyver: 1.03
cdn-requestpullcode: 200
server: cloudflare
etag: W/"ec3bb52a00e176a7181d454dffaea219"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 0ce2ac627f18d5972a785ad9b2e46b7c
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 7d43fbd8eb3318fd-FRA
cdn-requestpullsuccess: True

GET
H2 200 font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
7 KB 58ms
28ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev
URL: https://pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev/OWAOutlook.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev/
Origin: https://pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Thu, 08 Jun 2023 20:46:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 722
age: 173485
cdn-cachedat: 05/01/2023 15:40:29
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-proxyver: 1.03
cdn-requestpullcode: 200
server: cloudflare
etag: W/"269550530cc127b6aa5a35925a7de6ce"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: e1874f0257564e15d956d2ce1204dd7f
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 7d43fbd8e8f65c85-FRA
cdn-requestpullsuccess: True

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0c80a0cfc4f6340664dfaa60d10f25e8d127c47825265f112347b0dcfa90d1fe

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/ 33 KB
34 KB 67ms
7ms Font
font/woff2 2a02:26f0:3500:594::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
Requested by: Host: pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev
URL: https://pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev/OWAOutlook.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:594::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b

Request headers

Referer: https://pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev/
Origin: https://pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Thu, 08 Jun 2023 20:46:21 GMT
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
etag: "588d483e9c7d51:0"
access-control-allow-methods: GET,POST
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=215732
accept-ranges: bytes
content-length: 34052
expires: Sun, 11 Jun 2023 08:41:53 GMT

GET
H2 200 latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/semibold/ 29 KB
29 KB 73ms
13ms Font
font/woff2 2a02:26f0:3500:594::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/semibold/latest.woff2
Requested by: Host: pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev
URL: https://pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev/OWAOutlook.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:594::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: d87d0a7a7fe2c36d1dc093bfe56e9b81b311988789dbd3b65abf811d551ef02f

Request headers

Referer: https://pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev/
Origin: https://pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Thu, 08 Jun 2023 20:46:21 GMT
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
etag: "5b68d583e9c7d51:0"
access-control-allow-methods: GET,POST
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=223105
accept-ranges: bytes
content-length: 29388
expires: Sun, 11 Jun 2023 10:44:46 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook Web Access (Online)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			snap.berkeley.edu/	1970-01-20 21:09:53	Name: snapsession Value: eyJ1c2VybmFtZSI6IiJ9%0a%2d%2dnwrh6uX4%2fTn2sho%2bpTb5ga6i5Mo%3d

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

apps.ajdconsultoria.com.br
bafybeiff57ypozd42nio2bix4e75zmnofshvmjfiexhbz534pg45vsgod4.ipfs.dweb.link
c.s-microsoft.com
dweb.link
maxcdn.bootstrapcdn.com
pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev
snap.berkeley.edu
stackpath.bootstrapcdn.com
138.197.63.88
2602:fea2:2::1
2606:4700::6812:323
2606:4700::6812:acf
2a02:26f0:3500:594::356e
65.111.172.219
0c80a0cfc4f6340664dfaa60d10f25e8d127c47825265f112347b0dcfa90d1fe
4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
928deab03447edb4276fb709195477943eddf88f6a73d6c127cf0edcf9f284ce
b726d4a3163a7e73991683f12b38cf44009e83b6e31ef3e07e1f0c39b9683925
d87d0a7a7fe2c36d1dc093bfe56e9b81b311988789dbd3b65abf811d551ef02f
d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev Open in urlscan Pro 2606:4700::6812:323 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

67 %IPv6

6 Domains

8 Subdomains

6 IPs

2 Countries

103 kBTransfer

236 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

pub-9b0c4b61dcdb4349b13b6e0f0902a227.r2.dev Open in urlscan Pro
2606:4700::6812:323 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

67 %
IPv6

6
Domains

8
Subdomains

6
IPs

2
Countries

103 kB
Transfer

236 kB
Size

1
Cookies

7 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!