pub-0b316cc45e6a4c88ade025b013d98aee.r2.dev Open in urlscan Pro
2606:4700::6812:223  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
5 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request GOdaddy.html Show response pub-0b316cc45e6a4c88ade025b013d98aee.r2.dev/	688 KB 688 KB	378ms 256ms	Document text/html	2606:4700::6812:223 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pub-0b316cc45e6a4c88ade025b013d98aee.r2.dev/GOdaddy.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4a8aebb0c57de5899232b8a1c23815c9176e782e141fc48c9d3107470107bc04 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges bytes CF-RAY 844a583e58f65bdd-FRA Connection keep-alive Content-Length 704512 Content-Type text/html Date Sat, 13 Jan 2024 02:52:42 GMT ETag "87d707609162767dcfc76885bd0a4f7f" Last-Modified Thu, 11 Jan 2024 14:18:05 GMT Server cloudflare Vary Accept-Encoding
GET H2	200	jquery-3.6.4.min.js Show response code.jquery.com/	88 KB 31 KB	191ms 57ms	Script application/javascript	2a04:4e42::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.6.4.min.js Requested by Host: pub-0b316cc45e6a4c88ade025b013d98aee.r2.dev URL: https://pub-0b316cc45e6a4c88ade025b013d98aee.r2.dev/GOdaddy.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af Request headers accept-language de-DE,de;q=0.9 Referer https://pub-0b316cc45e6a4c88ade025b013d98aee.r2.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers date Sat, 13 Jan 2024 02:52:43 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 10313757 x-cache HIT, HIT content-length 31011 x-served-by cache-lga21953-LGA, cache-sof1510024-SOF last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1705114363.025901,VS0,VE0 etag W/"28feccc0-15ec3" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 169, 117644
GET H2	200	elastic-apm-rum.umd.min.js Show response unpkg.com/@elastic/apm-rum@5.9.1/dist/bundles/	57 KB 20 KB	141ms 50ms	Script application/javascript	2606:4700::6810:7eaf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://unpkg.com/@elastic/apm-rum@5.9.1/dist/bundles/elastic-apm-rum.umd.min.js Requested by Host: pub-0b316cc45e6a4c88ade025b013d98aee.r2.dev URL: https://pub-0b316cc45e6a4c88ade025b013d98aee.r2.dev/GOdaddy.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8d79c92638e9125038fb1faad3896558febee2ed0c34f87e9d01c6f161999342 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://pub-0b316cc45e6a4c88ade025b013d98aee.r2.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers date Sat, 13 Jan 2024 02:52:42 GMT via 1.1 fly.io x-content-type-options nosniff cf-cache-status HIT content-encoding br strict-transport-security max-age=31536000; includeSubDomains; preload age 5694969 last-modified Sat, 26 Oct 1985 08:15:00 GMT fly-request-id 01HEPMM26B51T5P8CCTAWACZ1S-fra server cloudflare etag W/"e48a-grpqi1n3WoZbzAzn4kJJEVbq1ZU" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 844a58409b2d6ae7-FRA
GET H2	200	tti.min.js Show response img6.wsimg.com/wrhs/ce554d2333f3801abafb32da18213ff7/	24 KB 8 KB	175ms 41ms	Script application/javascript	23.38.98.78 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://img6.wsimg.com/wrhs/ce554d2333f3801abafb32da18213ff7/tti.min.js Requested by Host: pub-0b316cc45e6a4c88ade025b013d98aee.r2.dev URL: https://pub-0b316cc45e6a4c88ade025b013d98aee.r2.dev/GOdaddy.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.38.98.78 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-38-98-78.deploy.static.akamaitechnologies.com Software / Resource Hash 6e74c12390bdb48bf5b0bb295ceed4f68add11467d2472d983a42e3023ecf312 Request headers accept-language de-DE,de;q=0.9 Referer https://pub-0b316cc45e6a4c88ade025b013d98aee.r2.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers x-amz-version-id F4fYptXBkP0fCCCWFLfVGE1HXlZmORny content-encoding br date Sat, 13 Jan 2024 02:52:43 GMT x-amz-request-id FPNVPC26ASG1ZC2P x-amz-server-side-encryption AES256 server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1705114363085_388391822_173481447_23_1318_39_79_146";dur=1 content-length 7498 x-amz-id-2 HjyiTp21LgkXvw27WiDuzmPNN/xKNty/C9ZP3N6HH/vy36X5D6/xBUhsopBjkftblO2vuK54SD0= last-modified Thu, 09 Feb 2023 05:38:30 GMT etag "ce554d2333f3801abafb32da18213ff7" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes timing-allow-origin *
GET DATA	200 OK	truncated /	197 KB 0		Stylesheet text/css
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 2cef3bf6ee3a1b2453c003386edf6f3910d3bc5f2877b92293feb31630feb7a1 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers Content-Type text/css
GET DATA	200 OK	truncated /	64 KB 0		Stylesheet text/css
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash e6dc88e2f3c7ce03e0ea148ae43be0f56712fda7b65259734de1a3ed29970d5e Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers Content-Type text/css
GET DATA	200 OK	truncated /	69 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash df6dbab5251e56b405e48aaf57d3cd4188f073ffba71131fa6cd26e6742923ae Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	10 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 8650d7278de3c96633b6dc2e9445fae39080ccd475bf5e59f6990218e9362a35 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	9 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 008ecca2fda96d7bcd6dbba11525bc08a809155efa2271b3f98fd6473f00a33f Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers Content-Type image/png
POST		events 55c74eee6fcf46b1a0517a610f8d289a.apm.vpce.gdw55e.elastic-cloud.com/intake/v2/rum/	0 0
OPTIONS H2	410	events 55c74eee6fcf46b1a0517a610f8d289a.apm.vpce.gdw55e.elastic-cloud.com/intake/v2/rum/	0 0	677ms 207ms	Preflight application/json	54.189.80.227 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://55c74eee6fcf46b1a0517a610f8d289a.apm.vpce.gdw55e.elastic-cloud.com/intake/v2/rum/events Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.189.80.227 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-189-80-227.us-west-2.compute.amazonaws.com Software / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-encoding,content-type Access-Control-Request-Method POST Origin https://pub-0b316cc45e6a4c88ade025b013d98aee.r2.dev Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers content-length 43 content-type application/json; charset=UTF-8 date Sat, 13 Jan 2024 02:52:44 GMT x-cloud-request-id wJ6_KuDcRuKe9BsLgmn_EA x-found-handling-cluster 55c74eee6fcf46b1a0517a610f8d289a

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

55c74eee6fcf46b1a0517a610f8d289a.apm.vpce.gdw55e.elastic-cloud.com

URL

https://55c74eee6fcf46b1a0517a610f8d289a.apm.vpce.gdw55e.elastic-cloud.com/intake/v2/rum/events

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: GoDaddy (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| elasticApm object| ux string| url function| submitFormAndToggleClass function| loading function| sendData function| ttext object| tti

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://pub-0b316cc45e6a4c88ade025b013d98aee.r2.dev/GOdaddy.html Message: Access to XMLHttpRequest at 'https://55c74eee6fcf46b1a0517a610f8d289a.apm.vpce.gdw55e.elastic-cloud.com/intake/v2/rum/events' from origin 'https://pub-0b316cc45e6a4c88ade025b013d98aee.r2.dev' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://55c74eee6fcf46b1a0517a610f8d289a.apm.vpce.gdw55e.elastic-cloud.com/intake/v2/rum/events Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

55c74eee6fcf46b1a0517a610f8d289a.apm.vpce.gdw55e.elastic-cloud.com
code.jquery.com
img6.wsimg.com
pub-0b316cc45e6a4c88ade025b013d98aee.r2.dev
unpkg.com
55c74eee6fcf46b1a0517a610f8d289a.apm.vpce.gdw55e.elastic-cloud.com
23.38.98.78
2606:4700::6810:7eaf
2606:4700::6812:223
2a04:4e42::649
54.189.80.227
008ecca2fda96d7bcd6dbba11525bc08a809155efa2271b3f98fd6473f00a33f
2cef3bf6ee3a1b2453c003386edf6f3910d3bc5f2877b92293feb31630feb7a1
4a8aebb0c57de5899232b8a1c23815c9176e782e141fc48c9d3107470107bc04
6e74c12390bdb48bf5b0bb295ceed4f68add11467d2472d983a42e3023ecf312
8650d7278de3c96633b6dc2e9445fae39080ccd475bf5e59f6990218e9362a35
8d79c92638e9125038fb1faad3896558febee2ed0c34f87e9d01c6f161999342
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
df6dbab5251e56b405e48aaf57d3cd4188f073ffba71131fa6cd26e6742923ae
e6dc88e2f3c7ce03e0ea148ae43be0f56712fda7b65259734de1a3ed29970d5e