pub-a3871999e8544291bcffa7cbef4f2826.r2.dev Open in urlscan Pro
2606:4700:7::eb  Malicious Activity! Public Scan

5 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request docs-login.html Show response pub-a3871999e8544291bcffa7cbef4f2826.r2.dev/	21 KB 21 KB	83ms 58ms	Document text/html	2606:4700:7::eb CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pub-a3871999e8544291bcffa7cbef4f2826.r2.dev/docs-login.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2606:4700:7::eb , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4d799fad6ad69ca9322df7da6c56b91bc2f7eba42d041f508ca9bb3b6951cf39 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers Accept-Ranges bytes CF-RAY 8df1d7d7fd3d9f42-FRA Connection keep-alive Content-Length 21304 Content-Type text/html Date Fri, 08 Nov 2024 01:38:22 GMT ETag "9a9e89e8a74fe1a3a6bc3dcc4dff2ad9" Last-Modified Fri, 07 Jun 2024 11:21:05 GMT Server cloudflare Vary Accept-Encoding
GET H/1.1	200 OK	common,login,zhtml,skin.css mail.tc3net.com/css/	58 KB 12 KB	680ms 118ms	Stylesheet text/css	97.107.80.9 DPCOM-ASN05222010
General Check archive.org Show headers Download Go to Full URL https://mail.tc3net.com/css/common,login,zhtml,skin.css?skin=harmony&v=170531154501 Requested by Host: pub-a3871999e8544291bcffa7cbef4f2826.r2.dev URL: https://pub-a3871999e8544291bcffa7cbef4f2826.r2.dev/docs-login.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 97.107.80.9 Blissfield, United States, ASN13728 (DPCOM-ASN05222010, US), Reverse DNS mail.tc3net.com Software Apache/2.4.6 (CentOS) / Resource Hash 3b36eae37bdba9fe6e03f97078d283cd611bfc4585ec755d12572511e2ca8e31 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://pub-a3871999e8544291bcffa7cbef4f2826.r2.dev/ Response headers Transfer-Encoding chunked Cache-Control public, max-age=2595600 Content-Encoding gzip Connection close Expires Sun, 08 Dec 2024 02:38:22 GMT Date Fri, 08 Nov 2024 01:38:22 GMT Content-Type text/css Vary User-Agent,Accept-Encoding Server Apache/2.4.6 (CentOS) X-Frame-Options SAMEORIGIN
GET H2	200	jquery-3.1.1.min.js Show response code.jquery.com/	85 KB 30 KB	103ms 33ms	Script application/javascript	2a04:4e42:600::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.1.1.min.js Requested by Host: pub-a3871999e8544291bcffa7cbef4f2826.r2.dev URL: https://pub-a3871999e8544291bcffa7cbef4f2826.r2.dev/docs-login.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://pub-a3871999e8544291bcffa7cbef4f2826.r2.dev/ Response headers content-encoding gzip etag W/"28feccc0-152b5" age 5149617 x-cache HIT, HIT date Fri, 08 Nov 2024 01:38:22 GMT content-type application/javascript; charset=utf-8 last-modified Fri, 18 Oct 1991 12:00:00 GMT x-cache-hits 46144, 4653 x-served-by cache-lga21947-LGA, cache-mad2200130-MAD vary Accept-Encoding cache-control public, max-age=31536000, stale-while-revalidate=604800 x-timer S1731029902.225506,VS0,VE0 cross-origin-resource-policy cross-origin via 1.1 varnish, 1.1 varnish accept-ranges bytes access-control-allow-origin * content-length 30070 server nginx
GET H/1.1	200 OK	LoginBanner_white.png mail.tc3net.com/skins/_base/logos/	3 KB 4 KB	339ms 113ms	Image image/png	97.107.80.9 DPCOM-ASN05222010
General Check archive.org Show headers Download Go to Show image Full URL https://mail.tc3net.com/skins/_base/logos/LoginBanner_white.png?v=170531154502 Requested by Host: mail.tc3net.com URL: https://mail.tc3net.com/css/common,login,zhtml,skin.css?skin=harmony&v=170531154501 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 97.107.80.9 Blissfield, United States, ASN13728 (DPCOM-ASN05222010, US), Reverse DNS mail.tc3net.com Software Apache/2.4.6 (CentOS) / Resource Hash 8db258b55ceabeb5c9c8bf41f59a2743c579cfcee58c34cacc945ad9c01d6ef1 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://mail.tc3net.com/css/common,login,zhtml,skin.css?skin=harmony&v=170531154501 Response headers Cache-Control public, max-age=2595600 Connection close Expires Sun, 08 Dec 2024 02:38:23 GMT Accept-Ranges bytes Content-Length 3299 Date Fri, 08 Nov 2024 01:38:23 GMT Last-Modified Wed, 31 May 2017 19:41:16 GMT Content-Type image/png Server Apache/2.4.6 (CentOS) X-Frame-Options SAMEORIGIN
GET H/1.1	200 OK	favicon.ico mail.tc3net.com/img/logo/	1 KB 1 KB	348ms 116ms	Other image/x-icon	97.107.80.9 DPCOM-ASN05222010
General Check archive.org Show headers Download Go to Full URL https://mail.tc3net.com/img/logo/favicon.ico Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 97.107.80.9 Blissfield, United States, ASN13728 (DPCOM-ASN05222010, US), Reverse DNS mail.tc3net.com Software Apache/2.4.6 (CentOS) / Resource Hash 1afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://pub-a3871999e8544291bcffa7cbef4f2826.r2.dev/ Response headers Cache-Control public, max-age=2595600 Connection close Expires Sun, 08 Dec 2024 02:38:23 GMT Accept-Ranges bytes Content-Length 1150 Date Fri, 08 Nov 2024 01:38:23 GMT Last-Modified Wed, 31 May 2017 19:41:16 GMT Content-Type image/x-icon Server Apache/2.4.6 (CentOS) X-Frame-Options SAMEORIGIN

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| getEmail function| getPassword function| showError function| hideError function| doRedirect function| ZmSkin object| link function| clientChange function| showWhatsThis function| onLoad function| BaseSkin object| skin

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
mail.tc3net.com
pub-a3871999e8544291bcffa7cbef4f2826.r2.dev
2606:4700:7::eb
2a04:4e42:600::649
97.107.80.9
1afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637
3b36eae37bdba9fe6e03f97078d283cd611bfc4585ec755d12572511e2ca8e31
4d799fad6ad69ca9322df7da6c56b91bc2f7eba42d041f508ca9bb3b6951cf39
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8db258b55ceabeb5c9c8bf41f59a2743c579cfcee58c34cacc945ad9c01d6ef1