urlscan.io logo urlscan.io
SecurityTrails logo

pub-955632e4390540afaed0aebbbb434c14.r2.dev Open in urlscan Pro
2606:4700::6812:323  Public Scan

Go To Rescan Add Verdict Report
URL: https://pub-955632e4390540afaed0aebbbb434c14.r2.dev/00055369901.html
Submission: On August 16 via automatic, source phishtank — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 8 HTTP transactions. The main IP is 2606:4700::6812:323, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-955632e4390540afaed0aebbbb434c14.r2.dev.
TLS certificate: Issued by E6 on August 1st 2024. Valid for: 3 months.
This is the only time pub-955632e4390540afaed0aebbbb434c14.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 23.52.166.64 16625 (AKAMAI-AS)
1 172.67.130.6 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
1 104.26.12.205 13335 (CLOUDFLAR...)
8 6
1    2606:4700::6812:323 (United States)

ASN13335 (CLOUDFLARENET, US)
pub-955632e4390540afaed0aebbbb434c14.r2.dev
4    23.52.166.64 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-166-64.deploy.static.akamaitechnologies.com
www.aircanada.com
1    172.67.130.6 (United States)

ASN13335 (CLOUDFLARENET, US)
mksport.pro
1    2607:f8b0:4006:822::200a (United States)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    104.26.12.205 (None, )

ASN13335 (CLOUDFLARENET, US)
api.ipify.org
Apex Domain
Subdomains		 Transfer
4 aircanada.com
www.aircanada.com — Cisco Umbrella Rank: 91035
144 KB
1 ipify.org
api.ipify.org — Cisco Umbrella Rank: 2512
157 B
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 641
30 KB
1 mksport.pro
mksport.pro
959 B
1 r2.dev
pub-955632e4390540afaed0aebbbb434c14.r2.dev
278 KB
8 5
Domain Requested by
4 www.aircanada.com pub-955632e4390540afaed0aebbbb434c14.r2.dev
1 api.ipify.org ajax.googleapis.com
1 ajax.googleapis.com pub-955632e4390540afaed0aebbbb434c14.r2.dev
1 mksport.pro pub-955632e4390540afaed0aebbbb434c14.r2.dev
1 pub-955632e4390540afaed0aebbbb434c14.r2.dev
8 5

This site contains no links.

Subject Issuer Validity Valid
*.r2.dev
E6		 2024-08-01 -
2024-10-30		 3 months crt.sh
www.aircanada.com
COMODO RSA Organization Validation Secure Server CA		 2024-07-31 -
2025-07-31		 a year crt.sh
mksport.pro
WE1		 2024-07-18 -
2024-10-16		 3 months crt.sh
upload.video.google.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
ipify.org
WE1		 2024-07-18 -
2024-10-16		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://pub-955632e4390540afaed0aebbbb434c14.r2.dev/00055369901.html
Frame ID: 98536CFCB3677053A623A2BDC59209A5
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in

Detected technologies

Overall confidence: 100%
Detected patterns
  • /etc/designs/
Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

100 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

6
IPs

2
Countries

453 kB
Transfer

513 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 00055369901.html
pub-955632e4390540afaed0aebbbb434c14.r2.dev/ 		277 KB
278 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pub-955632e4390540afaed0aebbbb434c14.r2.dev/00055369901.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
94b97d7cfe291a8348191e9b7f3d111c89beae4becc16d95a9456acaf80df2e3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
CF-RAY
8b3fb815fedfa2ba-YUL
Connection
keep-alive
Content-Length
283898
Content-Type
text/html
Date
Fri, 16 Aug 2024 07:30:27 GMT
ETag
"1d24555f7467529eeb71b84b0b527bc4"
Last-Modified
Thu, 15 Aug 2024 18:27:38 GMT
Server
cloudflare
Vary
Accept-Encoding
aeroplan-logo.svg
www.aircanada.com/content/dam/aircanada/portal/images/content-images/altitude/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aircanada.com/content/dam/aircanada/portal/images/content-images/altitude/aeroplan-logo.svg
Requested by
Host: pub-955632e4390540afaed0aebbbb434c14.r2.dev
URL: https://pub-955632e4390540afaed0aebbbb434c14.r2.dev/00055369901.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.166.64 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-166-64.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
a3d42319c8ba284a5ed3c0d6411ba1ffa3864fea73feb58732f4c4b283c15430
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://pub-955632e4390540afaed0aebbbb434c14.r2.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

geoprovincecode
VA, QC
date
Fri, 16 Aug 2024 07:30:27 GMT
content-encoding
gzip
geocountrycode
US, CA, CA
x-content-type-options
nosniff
x-server-name
wbr18
strict-transport-security
max-age=31536000 ; includeSubDomains
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1723793427471_388099599_129471649_83_26509_29_72_219";dur=1
content-length
1353
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
strict-origin-when-cross-origin, strict-origin-when-cross-origin
last-modified
Mon, 12 Aug 2024 20:52:52 GMT
server
Akamai Resource Optimizer
etag
"b6a-61e9d63000fbf"
x-req
23.15.240.164:2963f41e, 23.33.238.15:7b794a1
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=1800
accept-ranges
bytes
expires
Fri, 16 Aug 2024 08:00:27 GMT
truncated
/ 		650 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
72816ba9e5eec9547220480a4752b9f54de83f21acb8c853ad50b160f109fd28

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
OpenSans-Regular.woff
www.aircanada.com/etc/designs/aircanada/fonts/OpenSans/Regular/ 		62 KB
66 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.aircanada.com/etc/designs/aircanada/fonts/OpenSans/Regular/OpenSans-Regular.woff
Requested by
Host: pub-955632e4390540afaed0aebbbb434c14.r2.dev
URL: https://pub-955632e4390540afaed0aebbbb434c14.r2.dev/00055369901.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.166.64 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-166-64.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
2e1587380141daff4e10a8e3db8f7ae5887102ab7576bff43049590f637ac20b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://pub-955632e4390540afaed0aebbbb434c14.r2.dev/
Origin
https://pub-955632e4390540afaed0aebbbb434c14.r2.dev
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

geoprovincecode
QC
date
Fri, 16 Aug 2024 07:30:27 GMT
content-encoding
gzip
geocountrycode
CA, CA
x-content-type-options
nosniff
x-server-name
wbr17
strict-transport-security
max-age=31536000 ; includeSubDomains
server-timing
cdn-cache; desc=HIT, edge; dur=8, dtSInfo;desc="0", dtRpid;desc="-49396093", ak_p; desc="1723793427535_388099599_129471693_2298_21562_26_0_255";dur=1
content-length
66823
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 01 Aug 2024 10:27:20 GMT
server
etag
"f8e0-61e9ca7e8be22:dtagent10243220606153550N91X"
x-req
23.33.238.15:7b794cd
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/font-woff
access-control-allow-origin
https://pub-955632e4390540afaed0aebbbb434c14.r2.dev
cache-control
max-age=1800
access-control-allow-credentials
true
accept-ranges
bytes
expires
Fri, 16 Aug 2024 08:00:27 GMT
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
48becd94706a2829897250bdf76f1a2caed50c806c0cf156d56623947ad0674a

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
OpenSans-Semibold.woff
www.aircanada.com/etc/designs/aircanada/fonts/OpenSans/Semibold/ 		68 KB
72 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.aircanada.com/etc/designs/aircanada/fonts/OpenSans/Semibold/OpenSans-Semibold.woff
Requested by
Host: pub-955632e4390540afaed0aebbbb434c14.r2.dev
URL: https://pub-955632e4390540afaed0aebbbb434c14.r2.dev/00055369901.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.166.64 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-166-64.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b0390aa3e137e3e49d7d6ed5d86c208fec1dd45ff8a56836c3f86c2e32cd2d7a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://pub-955632e4390540afaed0aebbbb434c14.r2.dev/
Origin
https://pub-955632e4390540afaed0aebbbb434c14.r2.dev
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

geoprovincecode
QC
date
Fri, 16 Aug 2024 07:30:27 GMT
content-encoding
gzip
geocountrycode
CA, CA
x-content-type-options
nosniff
x-server-name
wbr11
strict-transport-security
max-age=31536000 ; includeSubDomains
server-timing
cdn-cache; desc=HIT, edge; dur=1, dtSInfo;desc="0", dtRpid;desc="-1978460058", dtTao;desc="1", ak_p; desc="1723793427611_388099599_129471694_127_20994_24_68_255";dur=1
content-length
73234
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 01 Aug 2024 10:27:12 GMT
server
etag
"11100-61e9ca771a44a:dtagent10243220606153550N91X"
x-req
23.33.238.15:7b794ce
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/font-woff
access-control-allow-origin
https://pub-955632e4390540afaed0aebbbb434c14.r2.dev
cache-control
max-age=1800
access-control-allow-credentials
true
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 16 Aug 2024 08:00:27 GMT
wp.js
mksport.pro/wp-includes/css/dist/patterns/ 		882 B
959 B 		Script
General
Check archive.org
Download Go to
Full URL
https://mksport.pro/wp-includes/css/dist/patterns/wp.js
Requested by
Host: pub-955632e4390540afaed0aebbbb434c14.r2.dev
URL: https://pub-955632e4390540afaed0aebbbb434c14.r2.dev/00055369901.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.130.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
06426d734130ff135a54b013a0ab3f8d01dac674cfb1282a5abc6a2d168468f6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://pub-955632e4390540afaed0aebbbb434c14.r2.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 16 Aug 2024 07:30:27 GMT
strict-transport-security
max-age=31536000
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
8848
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 14 Feb 2024 13:57:39 GMT
server
cloudflare
etag
W/"65ccc6d3-372"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qeAXqlcKr%2BdEAj%2BHKm7HYEF010V96%2FOFO0ggsWqat4X%2FcnHVYetEWOheBqQiW1qDkq33IpSYVWcdy5T7ILlSn52j6xAQwufbArinlH0%2BvCic%2BCX8wVBp40TqpXwvBA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
8b3fb81aeae239ef-YYZ
expires
Fri, 16 Aug 2024 17:02:59 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Requested by
Host: pub-955632e4390540afaed0aebbbb434c14.r2.dev
URL: https://pub-955632e4390540afaed0aebbbb434c14.r2.dev/00055369901.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://pub-955632e4390540afaed0aebbbb434c14.r2.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 14 Aug 2024 12:05:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
156305
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30306
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 14 Aug 2025 12:05:22 GMT
/
api.ipify.org/ 		24 B
157 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.12.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d42963d04775f09b1f7834b7fc62019aca171c718b81f5b895ccafa44b20fcda

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://pub-955632e4390540afaed0aebbbb434c14.r2.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 16 Aug 2024 07:30:28 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
application/json
access-control-allow-origin
*
cf-ray
8b3fb81d3e5cac6f-YYZ
content-length
24
favicon.ico
www.aircanada.com/etc/designs/aircanada/images/ 		15 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.aircanada.com/etc/designs/aircanada/images/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.166.64 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-166-64.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4c00f3abaaed1adddc3d1d018d2fdedf17db32e5034d82fdcee44bd59763b09f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://pub-955632e4390540afaed0aebbbb434c14.r2.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

geoprovincecode
QC
date
Fri, 16 Aug 2024 07:30:27 GMT
content-encoding
gzip
geocountrycode
CA, CA
x-content-type-options
nosniff
x-server-name
wbr13
strict-transport-security
max-age=31536000 ; includeSubDomains
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1723793427929_388099599_129471839_173_20448_28_0_219";dur=1
content-length
2960
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 01 Aug 2024 10:27:08 GMT
server
etag
W/"3aee-61e9ca7265077"
x-req
23.33.238.15:7b7955f
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/vnd.microsoft.icon
cache-control
max-age=299872
accept-ranges
bytes
expires
Mon, 19 Aug 2024 18:48:19 GMT

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| Email function| sendEmail function| sendEmail2 function| sendEmail3 function| sendEmail4 function| sendEmail5 function| $ function| jQuery

0 Cookies

3 Console Messages

Source Level URL
Text
rendering warning URL: https://pub-955632e4390540afaed0aebbbb434c14.r2.dev/00055369901.html(Line 4)
Message:
The value "1maximum-scale" for key "initial-scale" was truncated to its numeric prefix.
rendering warning URL: https://pub-955632e4390540afaed0aebbbb434c14.r2.dev/00055369901.html(Line 4)
Message:
The key "1" is not recognized and ignored.
recommendation verbose URL: https://pub-955632e4390540afaed0aebbbb434c14.r2.dev/00055369901.html
Message:
[DOM] Multiple forms should be contained in their own form elements; break up complex forms into ones that represent a single action: (More info: https://goo.gl/9p2vKq) %o