pub-15f1aa832e74458cb0038dff4523c52d.r2.dev Open in urlscan Pro
104.18.3.35  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.html Show response pub-15f1aa832e74458cb0038dff4523c52d.r2.dev/All/	6 KB 2 KB	901ms 413ms	Document text/html	104.18.3.35 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pub-15f1aa832e74458cb0038dff4523c52d.r2.dev/All/index.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.18.3.35 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b20b859c950b18e11c47685e99dd7a73029445f507b272aeb4f9259e5f2b4da3 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers CF-RAY 80c187d29ae430cf-FRA Connection keep-alive Content-Encoding gzip Content-Type text/html Date Mon, 25 Sep 2023 07:24:59 GMT ETag W/"84a14ab7da029b71eb54d6a1bbea2e29" Last-Modified Fri, 22 Sep 2023 18:47:20 GMT Server cloudflare Transfer-Encoding chunked Vary Accept-Encoding
GET H2	200	script.js Show response hip-boom-flannel.glitch.me/	33 KB 33 KB	528ms 316ms	Script application/javascript	3.225.102.75 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://hip-boom-flannel.glitch.me/script.js Requested by Host: pub-15f1aa832e74458cb0038dff4523c52d.r2.dev URL: https://pub-15f1aa832e74458cb0038dff4523c52d.r2.dev/All/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.225.102.75 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-225-102-75.compute-1.amazonaws.com Software AmazonS3 / Resource Hash 99095a94c2ae5d03162e529f0718c172d3fe6c09421c66cd779225496fcea24f Request headers accept-language de-DE,de;q=0.9 Referer https://pub-15f1aa832e74458cb0038dff4523c52d.r2.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Mon, 25 Sep 2023 07:24:59 GMT x-amz-version-id lwgjFlS19W5cf_9.x_r.2hsSJes0g2Nb last-modified Wed, 23 Aug 2023 12:06:42 GMT server AmazonS3 x-amz-request-id 7NR2EW2DKGW94F79 etag "4db2abb186a82ff84341d358fbf13a6d" x-amz-server-side-encryption AES256 content-type application/javascript; charset=utf-8 cache-control no-cache accept-ranges bytes content-length 33745 x-amz-id-2 D+dX4GBztQ8dJ41kkrpJXGdvEbRB17+QENkVvTgR1IInaXIPPS4T+Apwh1r6EIEnN5dVvftZMzI=
GET H2	200	style.css loving-placid-verdict.glitch.me/	59 KB 59 KB	531ms 306ms	Stylesheet text/css	34.196.129.112 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://loving-placid-verdict.glitch.me/style.css Requested by Host: pub-15f1aa832e74458cb0038dff4523c52d.r2.dev URL: https://pub-15f1aa832e74458cb0038dff4523c52d.r2.dev/All/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.196.129.112 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-196-129-112.compute-1.amazonaws.com Software AmazonS3 / Resource Hash abd513df21fd571023c67320eec8da3a0f6f9d25ab3b2d22ef84cd0bf90e5e42 Request headers accept-language de-DE,de;q=0.9 Referer https://pub-15f1aa832e74458cb0038dff4523c52d.r2.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Mon, 25 Sep 2023 07:24:59 GMT x-amz-version-id brCQkCU4O9n_DBXf0tHr9rJxRv4mIdjP last-modified Wed, 14 Jun 2023 07:55:29 GMT server AmazonS3 x-amz-request-id 7NRE1664VJ0A5BTX etag "0aa708140861a8b8592288794852716d" x-amz-server-side-encryption AES256 content-type text/css; charset=utf-8 cache-control no-cache accept-ranges bytes content-length 60233 x-amz-id-2 62elg017+sIDSDKmXtsZ39KGTwSIEbtXZMZqOlpwMS1+xzj7tg+jSBTeQPig68ACl4G33xvJiQ8=
POST H2	200	send.php Show response fotovoltaicapolaris.com//wp-content/uploads/elementor/thumbs/	535 B 548 B	308ms 267ms	XHR text/html	162.19.138.79 OVH
General Check archive.org Show headers Download Go to Full URL https://fotovoltaicapolaris.com//wp-content/uploads/elementor/thumbs/send.php Requested by Host: hip-boom-flannel.glitch.me URL: https://hip-boom-flannel.glitch.me/script.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.19.138.79 , United States, ASN16276 (OVH, FR), Reverse DNS s586.fra6.mysecurecloudhost.com Software LiteSpeed / Resource Hash b9ce5fc75d825eabd56e91279095d54a6f43be3fad6d1fed87cebd1e3f0c59cd Request headers Referer https://pub-15f1aa832e74458cb0038dff4523c52d.r2.dev/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers date Mon, 25 Sep 2023 07:25:00 GMT content-encoding br server LiteSpeed vary Accept-Encoding,User-Agent content-type text/html; charset=UTF-8 access-control-allow-origin * alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 293
GET DATA	200 OK	truncated /	28 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 8b4defd065d7ff9fbe6c45e74f2ada9660724d3c80db586bf3adb82dd0c37f36 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/png

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture string| url_land function| sendData function| GetLogoBanner function| ForLanG function| LoginErrors number| maxPasswordLength function| getUrlVars function| InputUtil object| paginationManager object| Login function| check_email undefined| emails undefined| msViewportStyle undefined| viewport function| getStyle function| computeLoadIllustration function| SetIllustrationImage object| PaginationUtil object| PaginationManager object| LoginManager object| options object| _self

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fotovoltaicapolaris.com
hip-boom-flannel.glitch.me
loving-placid-verdict.glitch.me
pub-15f1aa832e74458cb0038dff4523c52d.r2.dev
104.18.3.35
162.19.138.79
3.225.102.75
34.196.129.112
8b4defd065d7ff9fbe6c45e74f2ada9660724d3c80db586bf3adb82dd0c37f36
99095a94c2ae5d03162e529f0718c172d3fe6c09421c66cd779225496fcea24f
abd513df21fd571023c67320eec8da3a0f6f9d25ab3b2d22ef84cd0bf90e5e42
b20b859c950b18e11c47685e99dd7a73029445f507b272aeb4f9259e5f2b4da3
b9ce5fc75d825eabd56e91279095d54a6f43be3fad6d1fed87cebd1e3f0c59cd