pub-05079ce790804fce971f41eb0a025aad.r2.dev Open in urlscan Pro
2606:4700:7::eb Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/index.htm
Submission: On October 24 via api (October 24th 2024, 12:59:38 pm UTC) from CA — Scanned from CA

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 5 domains to perform 14 HTTP transactions. The main IP is 2606:4700:7::eb, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-05079ce790804fce971f41eb0a025aad.r2.dev.
TLS certificate: Issued by E5 on September 29th 2024. Valid for: 3 months.

This is the only time pub-05079ce790804fce971f41eb0a025aad.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 6	2606:4700:7::eb 2606:4700:7::eb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:400d:c1d::5f	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:400d:c0d::79	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:400d:c07::5f	15169 (GOOGLE) (GOOGLE)
1	104.18.10.207 104.18.10.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	173.194.66.94 173.194.66.94	15169 (GOOGLE) (GOOGLE)
14	7

6 2606:4700:7::eb (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

pub-05079ce790804fce971f41eb0a025aad.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:400d:c1d::5f (Morganton, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:400d:c0d::79 (Morganton, United States)

ASN15169 (GOOGLE, US)

code.getmdl.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:400d:c07::5f (Morganton, United States)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.10.207 (None, )

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 173.194.66.94 (United States)

ASN15169 (GOOGLE, US)
PTR: qo-in-f94.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	r2.dev 1 redirects pub-05079ce790804fce971f41eb0a025aad.r2.dev	47 KB
3	gstatic.com fonts.gstatic.com	162 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 30 ajax.googleapis.com — Cisco Umbrella Rank: 412	31 KB
2	getmdl.io code.getmdl.io — Cisco Umbrella Rank: 10021	200 KB
1	bootstrapcdn.com stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 3270	15 KB
14	5

	Domain	Requested by
6	pub-05079ce790804fce971f41eb0a025aad.r2.dev	1 redirects pub-05079ce790804fce971f41eb0a025aad.r2.dev
3	fonts.gstatic.com	fonts.googleapis.com
2	code.getmdl.io	pub-05079ce790804fce971f41eb0a025aad.r2.dev
2	fonts.googleapis.com	pub-05079ce790804fce971f41eb0a025aad.r2.dev
1	stackpath.bootstrapcdn.com	pub-05079ce790804fce971f41eb0a025aad.r2.dev
1	ajax.googleapis.com	pub-05079ce790804fce971f41eb0a025aad.r2.dev
14	6

This site contains no links.

Subject Issuer	Validity	Valid
*.r2.dev E5	`2024-09-29` - `2024-12-28`	3 months	crt.sh
upload.video.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
code.getmdl.io WR3	`2024-09-28` - `2024-12-27`	3 months	crt.sh
bootstrapcdn.com WE1	`2024-09-20` - `2024-12-19`	3 months	crt.sh
*.gstatic.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/index.htm
Frame ID: D1C85C6F2076A86CD39D1476D91DFC3D
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cloud

Page URL History Show full URLs

https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/index.htm Page URL
https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/cdn-cgi/phish-bypass?atok=LHxW0eSAehF9jSFq9MMigJa.A1moVtBkme3xMMiUwC8-172977... HTTP 301
https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/index.htm Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Material Design Lite (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href="[^"]*material(?:\.[\w]+-[\w]+)?(?:\.min)?\.css
(?:/([\d.]+))?/material(?:\.min)?\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

100 %
HTTPS

67 %
IPv6

5
Domains

6
Subdomains

7
IPs

2
Countries

454 kB
Transfer

564 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/index.htm Page URL
https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/cdn-cgi/phish-bypass?atok=LHxW0eSAehF9jSFq9MMigJa.A1moVtBkme3xMMiUwC8-1729774768-0.0.1.1-%2Findex.htm HTTP 301
https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/index.htm Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 403
Forbidden index.htm Show response
pub-05079ce790804fce971f41eb0a025aad.r2.dev/ 4 KB
5 KB 165ms
24ms Document
text/html 2606:4700:7::eb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/index.htm

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::eb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

019ed100c1a42aea5667ae76be5b6b5fa7a677439734bd88ea4496f91d27f7c5

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

CF-RAY: 8d7a24ee1ec0a2d5-YUL
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Thu, 24 Oct 2024 12:59:28 GMT
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN

GET
H/1.1 200
OK cf.errors.css
pub-05079ce790804fce971f41eb0a025aad.r2.dev/cdn-cgi/styles/ 23 KB
5 KB 25ms
25ms Stylesheet
text/css 2606:4700:7::eb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: pub-05079ce790804fce971f41eb0a025aad.r2.dev
URL: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/index.htm

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::eb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/index.htm

Response headers

Transfer-Encoding: chunked
Vary: Accept-Encoding
Cache-Control: max-age=7200, public
Content-Encoding: gzip
ETag: W/"67180f5f-5df3"
Connection: keep-alive
X-Content-Type-Options: nosniff
CF-RAY: 8d7a24ee5eeea2d5-YUL
Expires: Thu, 24 Oct 2024 14:59:28 GMT
Date: Thu, 24 Oct 2024 12:59:28 GMT
Content-Type: text/css
Last-Modified: Tue, 22 Oct 2024 20:47:27 GMT
Server: cloudflare
X-Frame-Options: DENY

GET
H/1.1 200
OK icon-exclamation.png
pub-05079ce790804fce971f41eb0a025aad.r2.dev/cdn-cgi/images/ 452 B
889 B 22ms
22ms Image
image/png 2606:4700:7::eb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: pub-05079ce790804fce971f41eb0a025aad.r2.dev
URL: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/cdn-cgi/styles/cf.errors.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::eb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/cdn-cgi/styles/cf.errors.css

Response headers

Vary: Accept-Encoding
Cache-Control: max-age=7200, public
ETag: "67180f5f-1c4"
Connection: keep-alive
X-Content-Type-Options: nosniff
CF-RAY: 8d7a24ee8f17a2d5-YUL
Expires: Thu, 24 Oct 2024 14:59:28 GMT
Accept-Ranges: bytes
Content-Length: 452
Date: Thu, 24 Oct 2024 12:59:28 GMT
Content-Type: image/png
Last-Modified: Tue, 22 Oct 2024 20:47:27 GMT
Server: cloudflare
X-Frame-Options: DENY

GET
H/1.1 404
Not Found favicon.ico
pub-05079ce790804fce971f41eb0a025aad.r2.dev/ 27 KB
27 KB 149ms
149ms Other
text/html 2606:4700:7::eb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/index.htm

Response headers

CF-RAY: 8d7a24eebf3ba2d5-YUL
Content-Length: 27150
Date: Thu, 24 Oct 2024 12:59:28 GMT
Content-Type: text/html
Vary: Accept-Encoding
Connection: keep-alive
Server: cloudflare

GET
H/1.1

200
OK

Primary Request index.htm Show response
pub-05079ce790804fce971f41eb0a025aad.r2.dev/
Redirect Chain

https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/cdn-cgi/phish-bypass?atok=LHxW0eSAehF9jSFq9MMigJa.A1moVtBkme3xMMiUwC8-1729774768-0.0.1.1-%2Findex.htm
https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/index.htm

9 KB
9 KB

152ms
151ms

Document
text/html

2606:4700:7::eb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/index.htm
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ddbecef72a594b67310755a813761e0c756917755e81aef1c50275236574fae4

Request headers

Referer: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/index.htm
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
CF-RAY: 8d7a250a9f53a2d5-YUL
Connection: keep-alive
Content-Length: 8877
Content-Type: text/html
Date: Thu, 24 Oct 2024 12:59:33 GMT
ETag: "d3b927b43a93ab61972c8e054ef768c8"
Last-Modified: Thu, 17 Oct 2024 21:39:08 GMT
Server: cloudflare
Vary: Accept-Encoding

Redirect headers

CF-RAY: 8d7a250a7f2ea2d5-YUL
Cache-Control: private, no-cache
Connection: keep-alive
Content-Length: 167
Content-Type: text/html
Date: Thu, 24 Oct 2024 12:59:32 GMT
Location: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/index.htm
Server: cloudflare
X-Content-Type-Options: nosniff
X-Frame-Options: DENY

GET
H2 200 icon
fonts.googleapis.com/ 569 B
811 B 168ms
82ms Stylesheet
text/css 2607:f8b0:400d:c1d::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons

Requested by

Host: pub-05079ce790804fce971f41eb0a025aad.r2.dev
URL: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/index.htm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c1d::5f Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

36b2057eb5eef261a2cbb8c149dcf3a11edaa15ccd8e3d462eb34999f5ff8f2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 24 Oct 2024 12:59:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 24 Oct 2024 12:59:33 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 24 Oct 2024 12:59:33 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 material.indigo-pink.min.css
code.getmdl.io/1.3.0/ 138 KB
139 KB 195ms
49ms Stylesheet
text/css 2607:f8b0:400d:c0d::79
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://code.getmdl.io/1.3.0/material.indigo-pink.min.css

Requested by

Host: pub-05079ce790804fce971f41eb0a025aad.r2.dev
URL: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/index.htm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0d::79 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

4ec6a69515ce33ae4f7faf7e30cf4622b90f510b1c2c3bd08e05fad04a6e59f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
cache-control: public,max-age=2592000
etag: W/"fd6826a57ce3e61f8ebce9c06c7d692e"
age: 515361
allow: GET, HEAD, OPTIONS
x-appengine-log-flush-count: 0
access-control-allow-origin: *
content-length: 141295
date: Fri, 18 Oct 2024 13:50:12 GMT
x-cloud-trace-context: 182a4a0bd7ec070a92bfae8a2849c3ad
last-modified: Wed, 21 Dec 2016 13:18:49 GMT
server: Google Frontend
content-type: text/css

GET
H2 200 css
fonts.googleapis.com/ 4 KB
755 B 167ms
82ms Stylesheet
text/css 2607:f8b0:400d:c1d::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400%22

Requested by

Host: pub-05079ce790804fce971f41eb0a025aad.r2.dev
URL: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/index.htm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c1d::5f Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

71a7d80995d742a26196e7af621a50daa08e0812fbb07c32b4d0374f42af0e13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 24 Oct 2024 12:59:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 24 Oct 2024 12:59:33 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 24 Oct 2024 12:59:33 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 material.min.js Show response
code.getmdl.io/1.3.0/ 61 KB
61 KB 200ms
54ms Script
application/javascript 2607:f8b0:400d:c0d::79
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://code.getmdl.io/1.3.0/material.min.js

Requested by

Host: pub-05079ce790804fce971f41eb0a025aad.r2.dev
URL: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/index.htm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0d::79 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

3c27eee3e7e742ba78c0d9956e337579a5f82db3af39e8da6f450e8632decebc

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
cache-control: public,max-age=2592000
etag: W/"61f516d4a1b479b23761090038965bb0"
age: 525285
allow: GET, HEAD, OPTIONS
x-appengine-log-flush-count: 0
access-control-allow-origin: *
content-length: 62491
date: Fri, 18 Oct 2024 11:04:48 GMT
x-cloud-trace-context: 21906245ebbc2bcd0479088999041791
last-modified: Wed, 21 Dec 2016 13:18:50 GMT
server: Google Frontend
content-type: application/javascript

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 84 KB
30 KB 126ms
41ms Script
text/javascript 2607:f8b0:400d:c07::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

Requested by

Host: pub-05079ce790804fce971f41eb0a025aad.r2.dev
URL: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/index.htm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c07::5f Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/

Response headers

content-encoding: gzip
age: 38306
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options: nosniff
expires: Fri, 24 Oct 2025 02:21:07 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 24 Oct 2024 02:21:07 GMT
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges: bytes
access-control-allow-origin: *
content-length: 30028
x-xss-protection: 0
server: sffe

GET
H3 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ 50 KB
15 KB 68ms
35ms Script
application/javascript 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

Requested by

Host: pub-05079ce790804fce971f41eb0a025aad.r2.dev
URL: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/index.htm

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/

Response headers

cdn-status: 200
content-encoding: br
cf-cache-status: HIT
etag: "67176c242e1bdc20603c878dee836df3"
age: 228324
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
date: Thu, 24 Oct 2024 12:59:33 GMT
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-cache: HIT
cdn-cachedat: 10/04/2024 02:53:43
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
timing-allow-origin: *
cdn-requesttime: 0
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: e91c2640b4ae056de948031f7176693c
cross-origin-resource-policy: cross-origin
cdn-pullzone: 252412
cdn-proxyver: 1.04
cf-ray: 8d7a250bd8aba222-YYZ
access-control-allow-origin: *
cdn-edgestorageid: 1029
server: cloudflare
cdn-requestcountrycode: US

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v32/ 18 KB
18 KB 101ms
57ms Font
font/woff2 173.194.66.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400%22

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.66.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qo-in-f94.1e100.net

Software

sffe /

Resource Hash

4dbd328e347e890a801d51f9a5f8d38a3efd51ec34c0aa22cc83d0a95d6d9d71

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev
Referer: https://fonts.googleapis.com/

Response headers

age: 546594
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 18 Oct 2025 05:09:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 18 Oct 2024 05:09:39 GMT
last-modified: Thu, 01 Aug 2024 20:41:19 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18492
x-xss-protection: 0
server: sffe

GET
H3 200 flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v142/ 125 KB
125 KB 116ms
73ms Font
font/woff2 173.194.66.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/icon?family=Material+Icons

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.66.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qo-in-f94.1e100.net

Software

sffe /

Resource Hash

8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev
Referer: https://fonts.googleapis.com/

Response headers

age: 158682
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 22 Oct 2025 16:54:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 22 Oct 2024 16:54:51 GMT
last-modified: Mon, 08 Apr 2024 19:04:47 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 128352
x-xss-protection: 0
server: sffe

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v32/ 18 KB
18 KB 83ms
40ms Font
font/woff2 173.194.66.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400%22

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.66.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qo-in-f94.1e100.net

Software

sffe /

Resource Hash

89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev
Referer: https://fonts.googleapis.com/

Response headers

age: 158691
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 22 Oct 2025 16:54:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 22 Oct 2024 16:54:42 GMT
last-modified: Thu, 01 Aug 2024 20:41:24 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18536
x-xss-protection: 0
server: sffe

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2b4fbdc82f135a08fab5643804fc02fcedfe59da66d27949525c9f3c09f7fca8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev
Referer

Response headers

Content-Type: image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.pub-05079ce790804fce971f41eb0a025aad.r2.dev/	1970-01-21 00:31:01	Name: __cf_mw_byp Value: LHxW0eSAehF9jSFq9MMigJa.A1moVtBkme3xMMiUwC8-1729774768-0.0.1.1-/index.htm

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/index.htm Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)
recommendation	verbose	URL: https://pub-05079ce790804fce971f41eb0a025aad.r2.dev/index.htm Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
code.getmdl.io
fonts.googleapis.com
fonts.gstatic.com
pub-05079ce790804fce971f41eb0a025aad.r2.dev
stackpath.bootstrapcdn.com
104.18.10.207
173.194.66.94
2606:4700:7::eb
2607:f8b0:400d:c07::5f
2607:f8b0:400d:c0d::79
2607:f8b0:400d:c1d::5f
019ed100c1a42aea5667ae76be5b6b5fa7a677439734bd88ea4496f91d27f7c5
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
2b4fbdc82f135a08fab5643804fc02fcedfe59da66d27949525c9f3c09f7fca8
36b2057eb5eef261a2cbb8c149dcf3a11edaa15ccd8e3d462eb34999f5ff8f2a
3c27eee3e7e742ba78c0d9956e337579a5f82db3af39e8da6f450e8632decebc
4dbd328e347e890a801d51f9a5f8d38a3efd51ec34c0aa22cc83d0a95d6d9d71
4ec6a69515ce33ae4f7faf7e30cf4622b90f510b1c2c3bd08e05fad04a6e59f9
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
71a7d80995d742a26196e7af621a50daa08e0812fbb07c32b4d0374f42af0e13
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66
ddbecef72a594b67310755a813761e0c756917755e81aef1c50275236574fae4
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

pub-05079ce790804fce971f41eb0a025aad.r2.dev Open in urlscan Pro 2606:4700:7::eb Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

67 %IPv6

5 Domains

6 Subdomains

7 IPs

2 Countries

454 kBTransfer

564 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

21 JavaScript Global Variables

1 Cookies

3 Console Messages

Security Headers

Indicators

pub-05079ce790804fce971f41eb0a025aad.r2.dev Open in urlscan Pro
2606:4700:7::eb Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

67 %
IPv6

5
Domains

6
Subdomains

7
IPs

2
Countries

454 kB
Transfer

564 kB
Size

1
Cookies

14 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!