pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev Open in urlscan Pro
2606:4700::6812:223 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/index.html
Submission: On August 18 via api (August 18th 2023, 3:29:53 pm UTC) from US — Scanned from US

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 2 countries across 6 domains to perform 19 HTTP transactions. The main IP is 2606:4700::6812:223, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev.
TLS certificate: Issued by E1 on August 13th 2023. Valid for: 3 months.

This is the only time pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700::68... 2606:4700::6812:223	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2b	20446 (STACKPATH...) (STACKPATH-CDN)
1 3	2606:4700::68... 2606:4700::6811:2b8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2606:4700:303... 2606:4700:3035::6815:366e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:2800:21f... 2606:2800:21f:1b88:6342:f8de:86c:e98b	15133 (EDGECAST) (EDGECAST)
1	2606:2800:21f... 2606:2800:21f:506b:a2a0:d716:4ee1:a9bc	15133 (EDGECAST) (EDGECAST)
1	2620:1ec:bdf::40 2620:1ec:bdf::40	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
19	8

1 2606:4700::6812:223 (United States)

ASN13335 (CLOUDFLARENET, US)

pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:2b8 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

challenges.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700:3035::6815:366e (United States)

ASN13335 (CLOUDFLARENET, US)

codecrafters.su	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:21f:1b88:6342:f8de:86c:e98b (United States)

ASN15133 (EDGECAST, US)

aadcdn.msftauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:21f:506b:a2a0:d716:4ee1:a9bc (United States)

ASN15133 (EDGECAST, US)

logincdn.msauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:bdf::40 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

aadcdn.msauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	codecrafters.su codecrafters.su	17 KB
3	cloudflare.com 1 redirects challenges.cloudflare.com — Cisco Umbrella Rank: 6270	10 KB
2	msauth.net logincdn.msauth.net — Cisco Umbrella Rank: 4343 aadcdn.msauth.net — Cisco Umbrella Rank: 1262	2 KB
2	msftauth.net aadcdn.msftauth.net — Cisco Umbrella Rank: 1277	4 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 985	30 KB
1	r2.dev pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev	3 KB
19	6

	Domain	Requested by
10	codecrafters.su	pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev codecrafters.su code.jquery.com
3	challenges.cloudflare.com	1 redirects pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev challenges.cloudflare.com
2	aadcdn.msftauth.net	pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev
1	aadcdn.msauth.net	codecrafters.su
1	logincdn.msauth.net	pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev
1	code.jquery.com	pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev
1	pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev
19	7

This site contains no links.

Subject Issuer	Validity	Valid
*.r2.dev E1	`2023-08-13` - `2023-11-11`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
codecrafters.su GTS CA 1P5	`2023-08-06` - `2023-11-04`	3 months	crt.sh
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA	`2023-01-31` - `2024-01-31`	a year	crt.sh
identitycdn.msauth.net Microsoft Azure TLS Issuing CA 02	`2023-08-10` - `2024-06-27`	a year	crt.sh
aadcdn.msauth.net DigiCert SHA2 Secure Server CA	`2023-07-29` - `2024-07-29`	a year	crt.sh
challenges.cloudflare.com Cloudflare Inc ECC CA-3	`2023-08-18` - `2024-08-17`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/index.html
Frame ID: DAD36B008B88754A5E09C6C7D6586AE8
Requests: 17 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ioqra/0x4AAAAAAAIu5ceVmwm2mc0y/auto/normal
Frame ID: 5B570F4160769996818C58AE1CF133DC
Requests: 1 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/76nwe/0x4AAAAAAAIu5ceVmwm2mc0y/auto/normal
Frame ID: 591EAEDF1B5326CD65065C0C76A8B8BD
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to your Microsoft account

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

89 %
HTTPS

100 %
IPv6

6
Domains

7
Subdomains

8
IPs

2
Countries

67 kB
Transfer

208 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit HTTP 302
https://challenges.cloudflare.com/turnstile/v0/g/313d8a27/api.js?render=explicit

19 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request index.html Show response
pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/ 19 KB
3 KB 509ms
272ms Document
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf083679f5475bf246a4835cbaf06d8fb3f99a40b448af03a9a69b20a38015d0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

CF-RAY: 7f8b31be2d2fb3eb-MIA
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Fri, 18 Aug 2023 15:29:47 GMT
ETag: W/"c47bc6e9396629b70d37731a5cf17c9e"
Last-Modified: Mon, 14 Aug 2023 12:25:30 GMT
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 122ms
46ms Script
application/javascript 2001:4de0:ac18::1:a:2b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev
URL: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 15:29:47 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-15d9d"
surrogate-control: max-age=315360000;hw-h2proxy
vary: Accept-Encoding
x-hw: 1692372587.cdn4-pxy220-mia02.mi1.evs,1692372587.cds223.mi1.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000,public
accept-ranges: bytes
content-length: 30875

GET
H2

200

api.js Show response
challenges.cloudflare.com/turnstile/v0/g/313d8a27/
Redirect Chain

https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit
https://challenges.cloudflare.com/turnstile/v0/g/313d8a27/api.js?render=explicit

29 KB
10 KB

70ms
70ms

Script
application/javascript

2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/g/313d8a27/api.js?render=explicit
Requested by: Host: pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev
URL: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/index.html
Protocol: H2
Server: 2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ae488283b6cebf52b5bd97cd3dbe44e84ab7e87234525258a07e59a1904c2ed

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 15:29:47 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cf-ray: 7f8b31c17bba31e0-MIA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Fri, 18 Aug 2023 15:29:47 GMT
server: cloudflare
vary: accept-encoding
location: /turnstile/v0/g/313d8a27/api.js?render=explicit
access-control-allow-origin: *
cache-control: max-age=300, public
cf-ray: 7f8b31c12b1331e0-MIA
alt-svc: h3=":443"; ma=86400

GET
H2 200 pages-head-top.min.js Show response
codecrafters.su/assets/js/ 967 B
767 B 446ms
344ms Script
application/javascript 2606:4700:3035::6815:366e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://codecrafters.su/assets/js/pages-head-top.min.js
Requested by: Host: pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev
URL: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:366e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: efb090f3b00a993a3a913eb98d85796719861cc8676f3de163b5c91c1ca4109d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 15:29:48 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Wed, 09 Aug 2023 18:13:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"3c7-602816e9ea467"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ImbX7UK6CAgJQf%2BoxQPMPjro5WVcuhOe8omaZtdQR0JCmvaf43G8lOwYGPJScBv08fiMZa1bgySbt408mGYHYO7bH3wHLj2wnoa17mNXzsy%2BtTNVn0wexlqzG2eQm3VvLBeXGEzxn393BPPYZyU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 7f8b31c14c4431f5-MIA
alt-svc: h3=":443"; ma=86400

GET
H2 200 back.png
codecrafters.su/assets/ 231 B
564 B 331ms
331ms Image
image/png 2606:4700:3035::6815:366e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://codecrafters.su/assets/back.png
Requested by: Host: pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev
URL: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:366e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70e32b2db3f079bb0295a85a0db15ed9e5926294dd947938d6cfa595f5ab18b4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 15:29:48 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 19 Mar 2023 15:20:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "e7-5f7425905ae40"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sg06p5gSeLz0tMTz2VeChhOOXApMFGS7iAThElVGUC2Ni5IXlltNadPCk8sjEyPvG3ZBi4NxTnisKmgDHhIp8TRx3b0whmukuJHqlGSJ8OnXFlXRFjrdIBhVmUSKsujwEopNloIkyAQ7flZ2c3M%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7f8b31c1ed5831f5-MIA
alt-svc: h3=":443"; ma=86400
content-length: 231

GET
H2 200 key.png
codecrafters.su/assets/ 727 B
1 KB 336ms
324ms Image
image/png 2606:4700:3035::6815:366e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://codecrafters.su/assets/key.png
Requested by: Host: pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev
URL: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:366e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40ecb8832f6a9a8aaa0cc6e1287e867a4fca38433d091d86c6cab1f28fbab652

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 15:29:48 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 19 Mar 2023 15:20:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "2d7-5f7425905ae40"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pdot%2Fq4T5xQ5aaDBmwwmsdZbltzFkIcg0Mm9jgrPsxBGjeTcZuRbMQWXM7XXsk4ECN9kEk4P3BbL6iAjYTLIooH%2BwfsgAv5sBLfCc8X%2BNL3t7aKcZKm6ynuiBcezNWuBLzCCnmQeAdgLfp1HcZg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7f8b31c38fb831f5-MIA
alt-svc: h3=":443"; ma=86400
content-length: 727

GET
H2 200 picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
aadcdn.msftauth.net/shared/1.0/content/images/ 7 KB
2 KB 152ms
37ms Image
image/svg+xml 2606:2800:21f:1b88:6342:f8de:86c:e98b
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
Requested by: Host: pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev
URL: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/index.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:21f:1b88:6342:f8de:86c:e98b , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (mib/5B09) /
Resource Hash: a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 18 Aug 2023 15:29:48 GMT
content-encoding: gzip
content-md5: nTculR1Fom7eLci0F6rk+A==
age: 5354610
x-cache: HIT
content-length: 2407
x-ms-lease-status: unlocked
last-modified: Wed, 24 May 2023 10:11:51 GMT
server: ECAcc (mib/5B09)
etag: 0x8DB5C3F4ADC079A
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 4e825b31-401e-004a-0235-a10865000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 picker_verify_call_c2616792e1950f83fdef6e72dab97293.svg
aadcdn.msftauth.net/shared/1.0/content/images/ 3 KB
2 KB 148ms
33ms Image
image/svg+xml 2606:2800:21f:1b88:6342:f8de:86c:e98b
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_call_c2616792e1950f83fdef6e72dab97293.svg
Requested by: Host: pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev
URL: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/index.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:21f:1b88:6342:f8de:86c:e98b , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (mib/5B7E) /
Resource Hash: 55ce3b0ce5bc71339308107982cd7671f96014256ded0be36dc8062e64c847f1

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 18 Aug 2023 15:29:48 GMT
content-encoding: gzip
content-md5: XHrPYKKsqlxUvysuxtSE2A==
age: 5354572
x-cache: HIT
content-length: 1173
x-ms-lease-status: unlocked
last-modified: Wed, 24 May 2023 10:11:50 GMT
server: ECAcc (mib/5B7E)
etag: 0x8DB5C3F4A98E9BB
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 581bafb3-701e-0052-6e35-a19062000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 picker_verify_email_958962caa7cf6b75cd412e9e3b687b22.svg
logincdn.msauth.net/shared/1.0/content/images/ 268 B
689 B 150ms
35ms Image
image/svg+xml 2606:2800:21f:506b:a2a0:d716:4ee1:a9bc
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://logincdn.msauth.net/shared/1.0/content/images/picker_verify_email_958962caa7cf6b75cd412e9e3b687b22.svg
Requested by: Host: pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev
URL: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/index.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:21f:506b:a2a0:d716:4ee1:a9bc , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (mib/5AED) /
Resource Hash: b02b5df3ecd59d6cd90c60878683477532cbfc24660028657f290bdc7bc774b5

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 18 Aug 2023 15:29:48 GMT
content-encoding: gzip
content-md5: pFQUXilUkzYtIbvSwGgVBQ==
age: 5997636
x-cache: HIT
content-length: 212
x-ms-lease-status: unlocked
last-modified: Wed, 24 May 2023 10:21:22 GMT
server: ECAcc (mib/5AED)
etag: 0x8DB5C409F549E50
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 07b4f1a5-d01e-008c-0d5c-9bea43000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 625mblh453zinlmg0.css
codecrafters.su/assets/pages/ 1 KB
752 B 341ms
330ms Stylesheet
text/css 2606:4700:3035::6815:366e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://codecrafters.su/assets/pages/625mblh453zinlmg0.css?cb=1692372588054
Requested by: Host: codecrafters.su
URL: https://codecrafters.su/assets/js/pages-head-top.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:366e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7a6d2a3c45fe06e2662cf4dfecfdcc026d0f57da9c3e484f912c2bdf338d1d22

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 15:29:48 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 16 Aug 2023 20:51:37 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"4a3-603107629e3a5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fgCwCVDyNC%2B2uxiq8rbmUsctNqXMDHFTY%2BWf7txy09D634DIcZ7980Hw5Fac8MVrV%2F%2BVd%2B80TEHO3wanD4y42tzYhBpkv%2BzVKhAo%2FBrgcnQ%2BjOihFfZgsKIZrbKpI9foc3nhZSlaGEjE4jyJ1%2FI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 7f8b31c38fb631f5-MIA
alt-svc: h3=":443"; ma=86400

GET
H2 200 pages.min.css
codecrafters.su/assets/css/ 16 KB
4 KB 496ms
485ms Stylesheet
text/css 2606:4700:3035::6815:366e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://codecrafters.su/assets/css/pages.min.css?cb=1692372588054
Requested by: Host: codecrafters.su
URL: https://codecrafters.su/assets/js/pages-head-top.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:366e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a15bbdc08a7f9c72de1e67cf0c58b5e044c84b5ddc566d6b8f504e54ca111945

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 15:29:48 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 10 Aug 2023 14:47:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"3f37-60292acb6f793"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2cAC2Zypg5GgqonaJDOibSJkkUyRlFv9WMkW76GIPG%2Bmf0GLAfJe3g6Zu1x%2FW3ipkFXR4PyXlYgsB%2BocPRGI7XyIgRM3vx%2FCrYkQ9Px6y0kQ82kMiaObiy%2FBTLFNMWK4Ll29pAxpynY9xapjJB8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 7f8b31c38fb731f5-MIA
alt-svc: h3=":443"; ma=86400

GET
H2 200 pages-head.min.js Show response
codecrafters.su/assets/js/ 7 KB
2 KB 340ms
334ms Script
application/javascript 2606:4700:3035::6815:366e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://codecrafters.su/assets/js/pages-head.min.js?cb=1692372588054
Requested by: Host: codecrafters.su
URL: https://codecrafters.su/assets/js/pages-head-top.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:366e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 708d6a38f72f18642cff7c54c0c76cdb306be28b2d35a145e2e7ce358f01b8fa

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 15:29:48 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 16 Aug 2023 15:18:56 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"1b91-6030bd070b9b8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=djVKAluMwHfCs%2FAyyq9MbpuaKwRejsBLP1N1zCOXaxerpfuT0srTZ%2B1MPw1k2AYTpiAzvPJa6tqGxKgiKf42xW2veYpPrV%2FkHyVHjybsiQ3wW4NRn9BSQK73b6fZNpNRLzhfYdN7QjWTOWmRhcc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 7f8b31c38fba31f5-MIA
alt-svc: h3=":443"; ma=86400

GET
H2 200 pages.min.js Show response
codecrafters.su/assets/js/ 35 KB
5 KB 489ms
484ms Script
application/javascript 2606:4700:3035::6815:366e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://codecrafters.su/assets/js/pages.min.js?cb=1692372588054
Requested by: Host: codecrafters.su
URL: https://codecrafters.su/assets/js/pages-head-top.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:366e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22ac5e25944052bc495baaa6540f0ea6049a10122273c3cb073a8cc4cc4932e2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 15:29:48 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 18 Aug 2023 14:19:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"8b6e-603333839cdcf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u2mnXOX%2B1wsi3OxQWMNLBtHJ64eTrZwoV41h8FFGOLhn0snks%2Bz78ITu6zFXl07DfgBwIyGZT96pLWiEAjrhWJMB%2BZbGcxAv%2FKnDf2hCgbl7h4k6%2B6VEA04Lj0kW1O1EafsMPNnw626piDWLhMk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 7f8b31c38fbb31f5-MIA
alt-svc: h3=":443"; ma=86400

GET
H2 200 back.png
codecrafters.su/assets/ 231 B
514 B 330ms
325ms Image
image/png 2606:4700:3035::6815:366e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://codecrafters.su/assets/back.png
Requested by: Host: pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev
URL: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:366e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70e32b2db3f079bb0295a85a0db15ed9e5926294dd947938d6cfa595f5ab18b4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 15:29:48 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 19 Mar 2023 15:20:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "e7-5f7425905ae40"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mFxU4INfLhE2JZ9ra4TZIBvcXOc6pmsWbxhgNXSHT8tQp7H404lQCEbRpmHGwe9WLhAed7Fa4OwJ3Cmh1MKzuvTMOjpDEMTNR%2FnIhXNCxpmv2veCpW6m974awFxlIPrWvUQg%2BOaaz4UMCHqRg7A%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7f8b31c38fbc31f5-MIA
alt-svc: h3=":443"; ma=86400
content-length: 231

GET
H2 200 2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
aadcdn.msauth.net/shared/1.0/content/images/backgrounds/ 2 KB
1 KB 120ms
33ms Image
image/svg+xml 2620:1ec:bdf::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
Requested by: Host: codecrafters.su
URL: https://codecrafters.su/assets/pages/625mblh453zinlmg0.css?cb=1692372588054
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:bdf::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Request headers

accept-language: en-US,en;q=0.9
Referer: https://codecrafters.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 18 Aug 2023 15:29:48 GMT
content-encoding: gzip
x-cache: TCP_HIT
content-length: 673
x-ms-lease-status: unlocked
last-modified: Wed, 24 May 2023 10:11:46 GMT
etag: 0x8DB5C3F47E260FD
x-azure-ref: 20230818T152948Z-pf7yd12u7x4vh4vcyrv3fygmdc0000000a4000000000ehm8
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: d7a62673-901e-0046-1579-cb1e6e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

POST
H3 200 info Show response
codecrafters.su/ 124 B
1 KB 624ms
548ms XHR
application/json 2606:4700:3035::6815:366e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://codecrafters.su/info
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.0.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:366e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.1.10
Resource Hash: 53972126f2babbeaf66dc2689843266527eff7eff672cfb9ecfb4874e5de5df3

Request headers

Accept: */*
Referer: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Fri, 18 Aug 2023 15:29:49 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/8.1.10
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xTw883airAWHzXSosRfMnjkU6EqJvyl%2BHZg1LqoPyY2xDx4X1je51a1Z%2FrkK0vquvqHuYbiJVZ%2FPDkhmiuQDcGE6hQk2lW9lmlQWLWH8KXiG%2Fx9DYXan2fqzw8b1SoFRiHP1xr1KBWCaNAVdwmw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
cf-ray: 7f8b31c61d15d9e5-MIA
alt-svc: h3=":443"; ma=86400

GET normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ioqra/0x4AAAAAAAIu5ceVmwm2mc0y/auto/ Frame 5B57 0
0

GET
H3 200 normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/76nwe/0x4AAAAAAAIu5ceVmwm2mc0y/auto/ Frame 591E 0
0 52ms
45ms Document
text/html 2606:4700::6811:2b8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/76nwe/0x4AAAAAAAIu5ceVmwm2mc0y/auto/normal

Requested by

Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-src https://challenges.cloudflare.com/; base-uri 'self'

Request headers

Referer: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 7f8b31c9ab5e228a-MIA
content-encoding: br
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Fri, 18 Aug 2023 15:29:49 GMT
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare

POST
H3 200 info Show response
codecrafters.su/ 20 B
1 KB 558ms
557ms XHR
application/json 2606:4700:3035::6815:366e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://codecrafters.su/info
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.0.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:366e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.1.10
Resource Hash: 912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d

Request headers

Accept: */*
Referer: https://pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Fri, 18 Aug 2023 15:29:50 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/8.1.10
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ATOafnfupO9A%2BRvyyWhUri881AuVD6Xm2gsyGygg508CxJcjFyxU0KcHRAvNjHGI6w8kDtC%2FH1jt4wBJlyUG0Mhz0gtf7Qfa5CEgsmgS7vD0%2FT5oB3I3fBBEfTVRQKwtYQuCDFYcf5IABhhxgdU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
cf-ray: 7f8b31ce081bd9e5-MIA
alt-svc: h3=":443"; ma=86400

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ioqra/0x4AAAAAAAIu5ceVmwm2mc0y/auto/normal

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msauth.net
aadcdn.msftauth.net
challenges.cloudflare.com
code.jquery.com
codecrafters.su
logincdn.msauth.net
pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev
challenges.cloudflare.com
2001:4de0:ac18::1:a:2b
2606:2800:21f:1b88:6342:f8de:86c:e98b
2606:2800:21f:506b:a2a0:d716:4ee1:a9bc
2606:4700:3035::6815:366e
2606:4700::6811:2b8
2606:4700::6812:223
2620:1ec:bdf::40
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
1ae488283b6cebf52b5bd97cd3dbe44e84ab7e87234525258a07e59a1904c2ed
22ac5e25944052bc495baaa6540f0ea6049a10122273c3cb073a8cc4cc4932e2
40ecb8832f6a9a8aaa0cc6e1287e867a4fca38433d091d86c6cab1f28fbab652
53972126f2babbeaf66dc2689843266527eff7eff672cfb9ecfb4874e5de5df3
55ce3b0ce5bc71339308107982cd7671f96014256ded0be36dc8062e64c847f1
708d6a38f72f18642cff7c54c0c76cdb306be28b2d35a145e2e7ce358f01b8fa
70e32b2db3f079bb0295a85a0db15ed9e5926294dd947938d6cfa595f5ab18b4
7a6d2a3c45fe06e2662cf4dfecfdcc026d0f57da9c3e484f912c2bdf338d1d22
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d
a15bbdc08a7f9c72de1e67cf0c58b5e044c84b5ddc566d6b8f504e54ca111945
a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8
b02b5df3ecd59d6cd90c60878683477532cbfc24660028657f290bdc7bc774b5
bf083679f5475bf246a4835cbaf06d8fb3f99a40b448af03a9a69b20a38015d0
efb090f3b00a993a3a913eb98d85796719861cc8676f3de163b5c91c1ca4109d
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev Open in urlscan Pro 2606:4700::6812:223 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

19 Requests

89 %HTTPS

100 %IPv6

6 Domains

7 Subdomains

8 IPs

2 Countries

67 kBTransfer

208 kBSize

0 Cookies

0 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

35 JavaScript Global Variables

0 Cookies

Indicators

pub-840a85e8f59843b3a0dd2d7552d5c170.r2.dev Open in urlscan Pro
2606:4700::6812:223 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

89 %
HTTPS

100 %
IPv6

6
Domains

7
Subdomains

8
IPs

2
Countries

67 kB
Transfer

208 kB
Size

0
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!