pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev Open in urlscan Pro
2606:4700::6812:323 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/kzix4AgJZ1
Effective URL:
https://pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev/indexnewoffice.html
Submission: On August 15 via manual (August 15th 2024, 10:15:45 pm UTC) from US — Scanned from GB

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 5 domains to perform 10 HTTP transactions. The main IP is 2606:4700::6812:323, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev.
TLS certificate: Issued by E6 on August 1st 2024. Valid for: 3 months.

This is the only time pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1	93.184.221.165 93.184.221.165	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6812:323	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:223	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1		() ()
1	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	104.18.94.41 104.18.94.41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.128.157 172.67.128.157	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:200... 2a04:4e42:200::649	54113 (FASTLY) (FASTLY)
10	9

1 93.184.221.165 (London, United Kingdom)

ASN15133 (EDGECAST, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:323 (United States)

ASN13335 (CLOUDFLARENET, US)

pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:223 (United States)

ASN13335 (CLOUDFLARENET, US)

pub-0c6f72f0758545c093781cc5b2f09f6b.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pub-f1dad0984a074a89a32cbd757579bae3.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 (None, )

ASN- ()

pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.94.41 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

challenges.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.128.157 (United States)

ASN13335 (CLOUDFLARENET, US)

synthcrest.com.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	r2.dev pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev pub-0c6f72f0758545c093781cc5b2f09f6b.r2.dev pub-f1dad0984a074a89a32cbd757579bae3.r2.dev	294 KB
3	cloudflare.com 1 redirects cdnjs.cloudflare.com — Cisco Umbrella Rank: 336 challenges.cloudflare.com — Cisco Umbrella Rank: 3877	30 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 1211	31 KB
1	com.ru synthcrest.com.ru	125 KB
1	t.co t.co — Cisco Umbrella Rank: 979	588 B
10	5

	Domain	Requested by
2	challenges.cloudflare.com	1 redirects pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev
2	pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev	t.co pub-f1dad0984a074a89a32cbd757579bae3.r2.dev
1	code.jquery.com	pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev
1	synthcrest.com.ru	pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev
1	cdnjs.cloudflare.com	pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev
1	pub-f1dad0984a074a89a32cbd757579bae3.r2.dev	pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev
1	pub-0c6f72f0758545c093781cc5b2f09f6b.r2.dev	pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev
1	t.co
10	8

This site contains no links.

Subject Issuer	Validity	Valid
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-08` - `2025-05-07`	a year	crt.sh
*.r2.dev E6	`2024-08-01` - `2024-10-30`	3 months	crt.sh
cdnjs.cloudflare.com WE1	`2024-07-31` - `2024-10-29`	3 months	crt.sh
synthcrest.com.ru WE1	`2024-07-29` - `2024-10-27`	3 months	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev/indexnewoffice.html
Frame ID: F6D36B827F4F73588807BADED421ECC4
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

radium

Page URL History Show full URLs

https://t.co/kzix4AgJZ1 Page URL
https://pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev/indexnewoffice.html Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

80 %
HTTPS

38 %
IPv6

5
Domains

8
Subdomains

9
IPs

3
Countries

479 kB
Transfer

658 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/kzix4AgJZ1 Page URL
https://pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev/indexnewoffice.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://challenges.cloudflare.com/turnstile/v0/api.js HTTP 302
https://challenges.cloudflare.com/turnstile/v0/g/ba7376691753/api.js

10 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 kzix4AgJZ1 Show response
t.co/ 368 B
588 B 336ms
169ms Document
text/html 93.184.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/kzix4AgJZ1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.221.165 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ad357f7e14d7d3a167cec0eb3d9f838f1fe3fb866cad2b3f65486cb53aba7970

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

cache-control: private,max-age=300
content-encoding: gzip
content-length: 218
content-type: text/html; charset=utf-8
date: Thu, 15 Aug 2024 22:15:39 GMT
expires: Thu, 15 Aug 2024 22:20:39 GMT
perf: 7402827104
server: tsa_o
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: 57387b97ca2f57ac024471dfea5692c7ea41c452cde798b0e9013d2f457c5334
x-response-time: 110
x-transaction-id: 08560e506562d290
x-xss-protection: 0

GET
H/1.1 200
OK Primary Request indexnewoffice.html Show response
pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev/ 622 B
931 B 295ms
190ms Document
text/html 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev/indexnewoffice.html
Requested by: Host: t.co
URL: https://t.co/kzix4AgJZ1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 225daf836efdac71089226b53c8671982da1b70145320b0bb0166070a765f2cd

Request headers

Referer: https://t.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
CF-RAY: 8b3c8b6c3a34bd8b-LHR
Connection: keep-alive
Content-Length: 622
Content-Type: text/html
Date: Thu, 15 Aug 2024 22:15:40 GMT
ETag: "3bbb1dde42cde68fe68178a566109d59"
Last-Modified: Thu, 15 Aug 2024 15:43:45 GMT
Server: cloudflare
Vary: Accept-Encoding

GET
H/1.1 200
OK jquery.js Show response
pub-0c6f72f0758545c093781cc5b2f09f6b.r2.dev/ 284 KB
284 KB 297ms
184ms Script
application/x-javascript 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-0c6f72f0758545c093781cc5b2f09f6b.r2.dev/jquery.js
Requested by: Host: pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev
URL: https://pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev/indexnewoffice.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0aa1d17e3f9cd70114e5325ae1515fa8a7e737c49b00c05cae4e42ef281ae669

Request headers

Referer: https://pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Thu, 15 Aug 2024 22:15:40 GMT
Last-Modified: Wed, 14 Aug 2024 19:58:04 GMT
Server: cloudflare
ETag: "0cd89736d5be7b4ae82e4328ab6dfa16"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 8b3c8b6e2affbebc-LHR
Content-Length: 290962

GET
H/1.1 200
OK basicblob.js Show response
pub-f1dad0984a074a89a32cbd757579bae3.r2.dev/ 8 KB
9 KB 589ms
482ms Script
application/x-javascript 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-f1dad0984a074a89a32cbd757579bae3.r2.dev/basicblob.js
Requested by: Host: pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev
URL: https://pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev/indexnewoffice.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe9dd2e43cfef5469c9fcbd2839ccb1f7c1230d8b0d2842db269034c8c73f5f5

Request headers

Referer: https://pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Thu, 15 Aug 2024 22:15:40 GMT
Last-Modified: Wed, 14 Aug 2024 20:00:48 GMT
Server: cloudflare
ETag: "27bbe3137ad90871366aacba8a540d2c"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 8b3c8b6e2dfb9490-LHR
Content-Length: 8667

GET
BLOB 200
OK ea812d0d-5006-458b-abac-3d831509fd1c Show response
https://pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev/ 6 KB
0 Document
text/html

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev/ea812d0d-5006-458b-abac-3d831509fd1c
Requested by: Host: pub-f1dad0984a074a89a32cbd757579bae3.r2.dev
URL: https://pub-f1dad0984a074a89a32cbd757579bae3.r2.dev/basicblob.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 715261cde385955f301316be67a9c2e3ae0f04f7f3044994c24d19f725183932

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Length: 5966
Content-Type: text/html

GET favicon.ico
pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev/ 0
0

GET
H3 200 crypto-js.min.js Show response
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/ 47 KB
14 KB 115ms
58ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js

Requested by

Host: pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev
URL: blob:https://pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev/ea812d0d-5006-458b-abac-3d831509fd1c

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eab5d90a71736f267af39fdf32caa8c71673fd06703279b01e0f92b0d7be0bfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 15 Aug 2024 22:15:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 85503
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 14107
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-bb78"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6CcaRomUnO06m0zfY7KKXSBJ60w8LFfPRByNen1X8YzIoP9QNzwtvCkEp12eakmaGrtQKMNUKYYDeI71rI%2BD0mrAyGIEvxwoD%2BFRo8MotYcIQioHDM5QSngmh1tlSXOsEPSSXV1Z"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8b3c8b71a87b9485-LHR
expires: Tue, 05 Aug 2025 22:15:41 GMT

GET
H3

200

api.js Show response
challenges.cloudflare.com/turnstile/v0/g/ba7376691753/
Redirect Chain

https://challenges.cloudflare.com/turnstile/v0/api.js
https://challenges.cloudflare.com/turnstile/v0/g/ba7376691753/api.js

44 KB
15 KB

50ms
49ms

Script
application/javascript

104.18.94.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/g/ba7376691753/api.js
Requested by: Host: pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev
URL: blob:https://pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev/ea812d0d-5006-458b-abac-3d831509fd1c
Protocol: H3
Server: 104.18.94.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c378a64a8916499372b3021c07797d63fc3914efd9ec6ab15ba69e6fc5c1efd

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 15 Aug 2024 22:15:41 GMT
content-encoding: br
last-modified: Tue, 13 Aug 2024 23:33:59 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
cross-origin-resource-policy: cross-origin
cf-ray: 8b3c8b71f94471f2-LHR
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Thu, 15 Aug 2024 22:15:41 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-origin: *
location: /turnstile/v0/g/ba7376691753/api.js
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
cf-ray: 8b3c8b7198e571f2-LHR
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H3 200 / Show response
synthcrest.com.ru// 164 KB
125 KB 1496ms
1342ms Fetch
application/json 172.67.128.157
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://synthcrest.com.ru//
Requested by: Host: pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev
URL: blob:https://pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev/ea812d0d-5006-458b-abac-3d831509fd1c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.128.157 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: f165fecf0da31093d4fe3ddba4d91506f5be24677a9d69ce73c2e3edee53e460

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 15 Aug 2024 22:15:42 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DBl27vIV76Su%2B1Os14XiYjJXGW3MTVNc5GmA1SdizQysQx8YnGIUaGTPdgWdT3L%2F3QE2DybEuy12f7ALnjKPP0UE%2F%2FeLqQN4DwPrkiaK5htZ9rIYUz36durhDH9YqjXH5QMIHA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
cf-ray: 8b3c8b74283d63e3-LHR
alt-svc: h3=":443"; ma=86400

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
31 KB 145ms
43ms Script
application/javascript 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev
URL: blob:https://pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev/ea812d0d-5006-458b-abac-3d831509fd1c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Thu, 15 Aug 2024 22:15:43 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 2187883
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 30875
x-served-by: cache-lga21931-LGA, cache-lcy-eglc8600099-LCY
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1723760143.142827,VS0,VE0
etag: W/"28feccc0-15d9d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 13, 515925

GET
DATA 200
OK truncated
/ 496 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4623ca999744624a837f54806a96901fb05352c84addb1208c382e12733bbe6f

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 7 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e9e7b808d5f429a2f704eeb999d572fe2884ce9f763823c021723d7b3ac90fbc

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4d88618abd8d28ca19625380b7ae28a1e1086063ce7c66fc3257464f5f5b4c71

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 231 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 906f71d6d2948b4ac632811cce156c73e0d73a9045ee83a42822824de2b0bb3f

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 18fb69e74d40c9203eb732e5ba423b45fcf1d2b48f6d38efe87a08bb686fd94e

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fe4c1d8917b395d0f058f165778769d4dd7a214f2b3d226c50b992d593f602e7

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev
URL: https://pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev/favicon.ico

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.t.co/	1970-01-21 08:19:34	Name: muc Value: cead0cbc-f438-4973-9b33-a50d1d915a00

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: blob:https://pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev/ea812d0d-5006-458b-abac-3d831509fd1c(Line 23) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.6.0.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: blob:https://pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev/ea812d0d-5006-458b-abac-3d831509fd1c(Line 23) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.6.0.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
challenges.cloudflare.com
code.jquery.com
pub-0c6f72f0758545c093781cc5b2f09f6b.r2.dev
pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev
pub-f1dad0984a074a89a32cbd757579bae3.r2.dev
synthcrest.com.ru
t.co
pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev

104.17.25.14
104.18.94.41
172.67.128.157
2606:4700::6812:223
2606:4700::6812:323
2a04:4e42:200::649
93.184.221.165
0aa1d17e3f9cd70114e5325ae1515fa8a7e737c49b00c05cae4e42ef281ae669
18fb69e74d40c9203eb732e5ba423b45fcf1d2b48f6d38efe87a08bb686fd94e
225daf836efdac71089226b53c8671982da1b70145320b0bb0166070a765f2cd
4623ca999744624a837f54806a96901fb05352c84addb1208c382e12733bbe6f
4d88618abd8d28ca19625380b7ae28a1e1086063ce7c66fc3257464f5f5b4c71
715261cde385955f301316be67a9c2e3ae0f04f7f3044994c24d19f725183932
7c378a64a8916499372b3021c07797d63fc3914efd9ec6ab15ba69e6fc5c1efd
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
906f71d6d2948b4ac632811cce156c73e0d73a9045ee83a42822824de2b0bb3f
ad357f7e14d7d3a167cec0eb3d9f838f1fe3fb866cad2b3f65486cb53aba7970
e9e7b808d5f429a2f704eeb999d572fe2884ce9f763823c021723d7b3ac90fbc
eab5d90a71736f267af39fdf32caa8c71673fd06703279b01e0f92b0d7be0bfc
f165fecf0da31093d4fe3ddba4d91506f5be24677a9d69ce73c2e3edee53e460
fe4c1d8917b395d0f058f165778769d4dd7a214f2b3d226c50b992d593f602e7
fe9dd2e43cfef5469c9fcbd2839ccb1f7c1230d8b0d2842db269034c8c73f5f5
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev Open in urlscan Pro 2606:4700::6812:323 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

80 %HTTPS

38 %IPv6

5 Domains

8 Subdomains

9 IPs

3 Countries

479 kBTransfer

658 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

15 JavaScript Global Variables

1 Cookies

2 Console Messages

Security Headers

Indicators

pub-3a2d5a6d602347d8919f5d2b3a3c663b.r2.dev Open in urlscan Pro
2606:4700::6812:323 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

80 %
HTTPS

38 %
IPv6

5
Domains

8
Subdomains

9
IPs

3
Countries

479 kB
Transfer

658 kB
Size

1
Cookies

10 HTTP transactions
7 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!