pub-700c721bab0f4b4a8f5f0c8865b0de59.r2.dev
Open in
urlscan Pro
2606:4700::6812:323
Public Scan
Submitted URL: https://takkycolors.uk/wq.PDF%3E
Effective URL: https://pub-700c721bab0f4b4a8f5f0c8865b0de59.r2.dev/Invoice%20Number%20INV23491-1.html
Submission: On April 29 via automatic, source openphish — Scanned from DE
Effective URL: https://pub-700c721bab0f4b4a8f5f0c8865b0de59.r2.dev/Invoice%20Number%20INV23491-1.html
Submission: On April 29 via automatic, source openphish — Scanned from DE
Summary
This website contacted 2 IPs
in 2 countries
across 4 domains to perform 5 HTTP transactions.
The main IP is 2606:4700::6812:323, located in
United States and
belongs to CLOUDFLARENET, US.
The main domain is pub-700c721bab0f4b4a8f5f0c8865b0de59.r2.dev.
TLS certificate: Issued by E1 on April 5th 2024. Valid for: 3 months.
This is the only time pub-700c721bab0f4b4a8f5f0c8865b0de59.r2.dev was scanned on urlscan.io!
TLS certificate: Issued by E1 on April 5th 2024. Valid for: 3 months.
This is the only time pub-700c721bab0f4b4a8f5f0c8865b0de59.r2.dev was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 2606:4700:303... 2606:4700:3035::6815:b50 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 2 | 2606:4700::68... 2606:4700::6812:323 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 3 6 | 45.94.31.91 45.94.31.91 | 210558 (SERVICES-...) (SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK) | |
| 5 | 2 |
2
2606:4700::6812:323
(United States)
ASN13335 (CLOUDFLARENET, US)
ASN13335 (CLOUDFLARENET, US)
| pub-700c721bab0f4b4a8f5f0c8865b0de59.r2.dev |
6
45.94.31.91
(Amsterdam, Netherlands)
ASN210558 (SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK, DE)
ASN210558 (SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK, DE)
| camoandfinchltd.com | |
| mqfo84j2ecr.nanoproductionsinc.click |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 4 |
nanoproductionsinc.click
3 redirects
mqfo84j2ecr.nanoproductionsinc.click |
9 KB |
| 2 |
camoandfinchltd.com
camoandfinchltd.com |
751 B |
| 2 |
r2.dev
pub-700c721bab0f4b4a8f5f0c8865b0de59.r2.dev |
89 KB |
| 1 |
takkycolors.uk
1 redirects
takkycolors.uk |
482 B |
| 5 | 4 |
| Domain | Requested by | |
|---|---|---|
| 4 | mqfo84j2ecr.nanoproductionsinc.click |
3 redirects
pub-700c721bab0f4b4a8f5f0c8865b0de59.r2.dev
|
| 2 | camoandfinchltd.com |
pub-700c721bab0f4b4a8f5f0c8865b0de59.r2.dev
|
| 2 | pub-700c721bab0f4b4a8f5f0c8865b0de59.r2.dev | |
| 1 | takkycolors.uk | 1 redirects |
| 5 | 4 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.r2.dev E1 |
2024-04-05 - 2024-07-04 |
3 months | crt.sh |
| camoandfinchltd.com R3 |
2024-02-14 - 2024-05-14 |
3 months | crt.sh |
| nanoproductionsinc.click R3 |
2024-02-17 - 2024-05-17 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://pub-700c721bab0f4b4a8f5f0c8865b0de59.r2.dev/Invoice%20Number%20INV23491-1.html
Frame ID: E7186809F325A369D0F1D829BCBD8278
Requests: 3 HTTP requests in this frame
Frame:
https://mqfo84j2ecr.nanoproductionsinc.click/?dsmsmfmdp=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ODE1YmY1N2QtMTFiYS03ZWU3LTJiOTYtNzZmYTAyZGM4MmMzJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5OTkyODg1MjU0NjA3Ny40YjVhNTZiZi1jNmNkLTQ3YWYtOTkxOS02ZGNlMDNjODE4ZGImc3RhdGU9RGNzNUZvQWdEQUJSME9keElsdkljaHdJMGxwNmZWUDg2U2FHRUU1M3VKZzlnYWtKcW1vVjZiVWpaZVliWngtZDVnWWpXNEE4TnFnV0JWcjI1R1pTWk0zbzc1WGViNlFm
Frame ID: FE6EF52A2291359F1707C02369F7C6C9
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
OutlookPage URL History Show full URLs
-
https://takkycolors.uk/wq.PDF%3E
HTTP 301
https://pub-700c721bab0f4b4a8f5f0c8865b0de59.r2.dev/Invoice%20Number%20INV23491-1.html Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://takkycolors.uk/wq.PDF%3E
HTTP 301
https://pub-700c721bab0f4b4a8f5f0c8865b0de59.r2.dev/Invoice%20Number%20INV23491-1.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 3- https://mqfo84j2ecr.nanoproductionsinc.click/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL21xZm84NGoyZWNyLm5hbm9wcm9kdWN0aW9uc2luYy5jbGljayIsImRvbWFpbiI6Im1xZm84NGoyZWNyLm5hbm9wcm9kdWN0aW9uc2luYy5jbGljayIsImtleSI6IlFwN0hlNURaQ0tweCIsInFyYyI6bnVsbCwiaWF0IjoxNzE0Mzk2MDg0LCJleHAiOjE3MTQzOTYyMDR9.kcDy9NaWkFwNLfkLennEruyibFakl3A-Ce1rM0UruX0 HTTP 302
- https://mqfo84j2ecr.nanoproductionsinc.click/ HTTP 301
- https://mqfo84j2ecr.nanoproductionsinc.click/owa/ HTTP 302
- https://mqfo84j2ecr.nanoproductionsinc.click/?dsmsmfmdp=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ODE1YmY1N2QtMTFiYS03ZWU3LTJiOTYtNzZmYTAyZGM4MmMzJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5OTkyODg1MjU0NjA3Ny40YjVhNTZiZi1jNmNkLTQ3YWYtOTkxOS02ZGNlMDNjODE4ZGImc3RhdGU9RGNzNUZvQWdEQUJSME9keElsdkljaHdJMGxwNmZWUDg2U2FHRUU1M3VKZzlnYWtKcW1vVjZiVWpaZVliWngtZDVnWWpXNEE4TnFnV0JWcjI1R1pTWk0zbzc1WGViNlFm
5 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
Invoice%20Number%20INV23491-1.html
pub-700c721bab0f4b4a8f5f0c8865b0de59.r2.dev/ Redirect Chain
|
62 KB 62 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
camoandfinchltd.com/ |
381 B 751 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
OPTIONS H/1.1 |
/
camoandfinchltd.com/ Frame |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
favicon.ico
pub-700c721bab0f4b4a8f5f0c8865b0de59.r2.dev/ |
27 KB 27 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
mqfo84j2ecr.nanoproductionsinc.click/ Frame FE6E Redirect Chain
|
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| pemToUint8Array function| _0xe1b3 function| arrayBufferToBase64 function| _0xf7da7 function| _0x2793 function| _0xecdb5 function| _0x3d64f5 function| _0x17775417 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| mqfo84j2ecr.nanoproductionsinc.click/ | Name: qPdM Value: Qp7He5DZCKpx |
|
| mqfo84j2ecr.nanoproductionsinc.click/ | Name: qPdM.sig Value: Bj6AyXi-9J71dcGGvp3ZcXjWVtU |
|
| mqfo84j2ecr.nanoproductionsinc.click/ | Name: ClientId Value: ACD0F2067CEE466ABCF2AB851BFC20AF |
|
| mqfo84j2ecr.nanoproductionsinc.click/ | Name: OIDC Value: 1 |
|
| mqfo84j2ecr.nanoproductionsinc.click/ | Name: OpenIdConnect.nonce.v3.lNk5oVmQd5nTCxZXmRWIiX8Pt-q1Jfhhp8_UdLWdCGo Value: 638499928852546077.4b5a56bf-c6cd-47af-9919-6dce03c818db |
|
| mqfo84j2ecr.nanoproductionsinc.click/ | Name: X-OWA-RedirectHistory Value: ArLym14BHUJeaE1o3Ag |
|
| .mqfo84j2ecr.nanoproductionsinc.click/ | Name: esctx-kzyTnRhS8iA Value: AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8_nUzEyVPpO-M1_qpOornu8GJZi2le2OePF7DrFsp3n9Y0i-HqE659PdlvAuAK2-WqZpgPpllDyC0v9VtZT5owolI99HiK_DoksvCzvUvfAa8rv1mxd2OTOkSkyQjvfwEh297I5ktsaEMYxoWuLWE-iAA |
|
| mqfo84j2ecr.nanoproductionsinc.click/ | Name: x-ms-gateway-slice Value: estsfd |
|
| mqfo84j2ecr.nanoproductionsinc.click/ | Name: stsservicecookie Value: estsfd |
|
| .mqfo84j2ecr.nanoproductionsinc.click/ | Name: AADSSO Value: NA|NoExtension |
|
| mqfo84j2ecr.nanoproductionsinc.click/ | Name: SSOCOOKIEPULLED Value: 1 |
|
| mqfo84j2ecr.nanoproductionsinc.click/ | Name: buid Value: 0.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8DVc1fBsjtR9vbReRCtrJReS8lI_XBhb74EI9LpdXGXhgXbzuFvcIrzf1HLJOh5ZA7__vPsqFTwTscICom7qnjh6g5YOSt-snEFd88PqvOKggAA |
|
| .mqfo84j2ecr.nanoproductionsinc.click/ | Name: esctx Value: PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8OGRLejjVrJ131aBUmQ7dVh_zUPf3g4KBLC_vPSxfnm4KNAkFu-QUMDrex7m6ilGeKXR1i3dFOucdY-NnRr2_rcCKu-yVTRAMdR3hOQyGysXIne4H4K-hCvyClU4yIVV3P5ILwMXiJuDGuMZ5WzATAjukxcBfOYecJrMIH3UN98IgAA |
|
| .mqfo84j2ecr.nanoproductionsinc.click/ | Name: esctx-uZZW6RNk Value: AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8j6oZKICf0t_fuDIE1fOwmq7A2MojNmjZwqBLWjgsyzngB-rRnPv-1WcmnpCNH0ta__t_U65c5j-eooKdoci8Yzvp2xTX-2IcwI8K7ABEKd8rofu57Mn6KqwzkCnVnSGgFI8O1bxFUtnVfJz6IF_OXiAA |
|
| mqfo84j2ecr.nanoproductionsinc.click/ | Name: fpc Value: AtkVa6uHI7tGoXdFZ_-mzfyerOTJAQAAALaSwd0OAAAA |
|
| .login.live.com/ | Name: uaid Value: c4d11c463dc54267800411de060120e5 |
|
| .login.live.com/ | Name: MSPRequ Value: id=N<=1714396087&co=1 |
90 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
camoandfinchltd.com
mqfo84j2ecr.nanoproductionsinc.click
pub-700c721bab0f4b4a8f5f0c8865b0de59.r2.dev
takkycolors.uk
2606:4700:3035::6815:b50
2606:4700::6812:323
45.94.31.91
4b0ab69781df369864ab5f3f05f401d15841f7e555a45cc9c684aabb107f7f65
570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499
d521cd343dd979273107f8b61083bbc7f24ac50369f003e4f563432da1871db9