urlscan.io logo urlscan.io
SecurityTrails logo

pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev Open in urlscan Pro
104.18.2.35  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/AUTOREDIRECT.htm
Effective URL: https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/cc23.html
Submission: On July 26 via api from AU — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 7 domains to perform 9 HTTP transactions. The main IP is 104.18.2.35, located in and belongs to CLOUDFLARENET, US. The main domain is pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev.
TLS certificate: Issued by E1 on June 15th 2023. Valid for: 3 months.
This is the only time pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 104.18.2.35 13335 (CLOUDFLAR...)
1 64.233.170.95 15169 (GOOGLE)
1 82.180.172.106 47583 (AS-HOSTINGER)
1 195.201.197.154 24940 (HETZNER-AS)
2 104.18.8.178 13335 (CLOUDFLAR...)
1 172.64.139.38 13335 (CLOUDFLAR...)
1 104.238.220.140 23470 (RELIABLESITE)
9 7
2    104.18.2.35 (None, )

ASN13335 (CLOUDFLARENET, US)
pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev
1    64.233.170.95 (United States)

ASN15169 (GOOGLE, US)
PTR: sg-in-f95.1e100.net
ajax.googleapis.com
1    82.180.172.106 (Phoenix, United States)

ASN47583 (AS-HOSTINGER, CY)
xp.goodwillprivatewealth.com
1    195.201.197.154 (Gunzenhausen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.154.197.201.195.clients.your-server.de
hbnvym.stripocdn.email
2    104.18.8.178 (None, )

ASN13335 (CLOUDFLARENET, US)
i.gyazo.com
1    172.64.139.38 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn3.iconfinder.com
1    104.238.220.140 (Wilmington, United States)

ASN23470 (RELIABLESITE, US)
i.postimg.cc
Apex Domain
Subdomains		 Transfer
2 gyazo.com
i.gyazo.com — Cisco Umbrella Rank: 104479
545 KB
2 r2.dev
pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev
4 KB
1 postimg.cc
i.postimg.cc — Cisco Umbrella Rank: 16626
11 KB
1 iconfinder.com
cdn3.iconfinder.com — Cisco Umbrella Rank: 70733
18 KB
1 stripocdn.email
hbnvym.stripocdn.email
2 KB
1 goodwillprivatewealth.com
xp.goodwillprivatewealth.com
384 B
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 425
31 KB
9 7
Domain Requested by
2 i.gyazo.com pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev
2 pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev
1 i.postimg.cc pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev
1 cdn3.iconfinder.com pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev
1 hbnvym.stripocdn.email pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev
1 xp.goodwillprivatewealth.com ajax.googleapis.com
1 ajax.googleapis.com pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev
9 7

This site contains no links.

Subject Issuer Validity Valid
*.r2.dev
E1		 2023-06-15 -
2023-09-13		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-07-03 -
2023-09-25		 3 months crt.sh
xp.goodwillprivatewealth.com
R3		 2023-07-23 -
2023-10-21		 3 months crt.sh
*.stripocdn.email
Sectigo RSA Domain Validation Secure Server CA		 2022-12-05 -
2023-12-09		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-04 -
2024-05-03		 a year crt.sh
postimg.cc
R3		 2023-06-24 -
2023-09-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/cc23.html
Frame ID: C0E16A7B5E93A22E4CF4110ACF4214FF
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Adobe Acrobat Pro

Page URL History Show full URLs

  1. http://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/AUTOREDIRECT.htm HTTP 307
    https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/AUTOREDIRECT.htm Page URL
  2. https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/cc23.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

7
IPs

3
Countries

611 kB
Transfer

670 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/AUTOREDIRECT.htm HTTP 307
    https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/AUTOREDIRECT.htm Page URL
  2. https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/cc23.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/AUTOREDIRECT.htm HTTP 307
  • https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/AUTOREDIRECT.htm

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
AUTOREDIRECT.htm
pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/
Redirect Chain
  • http://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/AUTOREDIRECT.htm
  • https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/AUTOREDIRECT.htm
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/AUTOREDIRECT.htm
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.18.2.35 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dabe52be82af4f2b7f0f5e12c7ebb7fc0714d2f522c21ec7b495470780d74a17

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

CF-RAY
7eca2157b943a811-SYD
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Wed, 26 Jul 2023 05:09:25 GMT
ETag
W/"2def3a8bd7822c5e4a91b3f4ad58773e"
Last-Modified
Tue, 18 Jul 2023 23:28:49 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/AUTOREDIRECT.htm
Non-Authoritative-Reason
HSTS
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.4/ 		88 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js
Requested by
Host: pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev
URL: https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/AUTOREDIRECT.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
64.233.170.95 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sg-in-f95.1e100.net
Software
sffe /
Resource Hash
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Thu, 20 Jul 2023 14:47:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
483713
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31154
x-xss-protection
0
last-modified
Tue, 04 Apr 2023 03:27:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 19 Jul 2024 14:47:32 GMT
P8ZMA12EO.php
xp.goodwillprivatewealth.com/redrx/ 		61 B
384 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xp.goodwillprivatewealth.com/redrx/P8ZMA12EO.php
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
82.180.172.106 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed / PHP/7.4.33
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept
*/*
Referer
https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Wed, 26 Jul 2023 05:09:27 GMT
content-encoding
br
content-security-policy
upgrade-insecure-requests
server
LiteSpeed
x-powered-by
PHP/7.4.33
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
platform
hostinger
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
65
Primary Request cc23.html
pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/ 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/cc23.html
Requested by
Host: pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev
URL: https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/AUTOREDIRECT.htm
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.18.2.35 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
58aee649c5a48e769bb15e4fcf2bd7c30870f1fa332219fcdcbbae67c05611a0

Request headers

Referer
https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/AUTOREDIRECT.htm
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

CF-RAY
7eca216d4d25a811-SYD
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Wed, 26 Jul 2023 05:09:27 GMT
ETag
W/"402ed26793ecbe56071da88f2877eded"
Last-Modified
Wed, 26 Jul 2023 02:03:29 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
27871606327782994.png
hbnvym.stripocdn.email/content/guids/CABINET_9decfa2d808095ba31c0f1bd0ab542d7/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hbnvym.stripocdn.email/content/guids/CABINET_9decfa2d808095ba31c0f1bd0ab542d7/images/27871606327782994.png
Requested by
Host: pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev
URL: https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/cc23.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.201.197.154 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.154.197.201.195.clients.your-server.de
Software
nginx /
Resource Hash
3c9a26e82535a543536eb8b18186d6a277430208c151d9e8777a45980ef012e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Wed, 26 Jul 2023 05:09:28 GMT
x-amz-version-id
RUnOc9qIJO4onzhOzw2KOH8D0MT4bqdY
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
last-modified
Wed, 25 Nov 2020 18:09:44 GMT
server
nginx
etag
"151ea396dc0847146aba9cc794a707c6"
x-frame-options
SAMEORIGIN
x-amz-meta-orgignalheigth
0
x-amz-meta-orgignalwidth
0
content-type
image/png
x-amz-meta-stripooriginalfilename
unnamed+%282%29.png
access-control-allow-origin
*
content-length
1366
x-xss-protection
1; mode=block
6696ea0b401cbe3fb90177b597c2c051.png
i.gyazo.com/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.gyazo.com/6696ea0b401cbe3fb90177b597c2c051.png
Requested by
Host: pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev
URL: https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/cc23.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.8.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ddf5887ce15778102013d5527ec1fd09bc400fa19b91416b36b828ecdbd76ca8

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Wed, 26 Jul 2023 05:09:28 GMT
via
1.1 google
cf-cache-status
HIT
age
143458
content-length
11741
server
cloudflare
etag
"6696"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
https://gyazo.com
cache-control
public, max-age=31536000
access-control-allow-credentials
true
x-cache-level
ZS
accept-ranges
bytes
cf-ray
7eca21748d2ca96d-SYD
expires
Thu, 25 Jul 2024 05:09:28 GMT
outlook-512.png
cdn3.iconfinder.com/data/icons/popular-services-brands-vol-2/512/ 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn3.iconfinder.com/data/icons/popular-services-brands-vol-2/512/outlook-512.png
Requested by
Host: pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev
URL: https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/cc23.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.139.38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
162e8801c00d3aca726cc910a932474bb67cd2c3cbc2e0130a3e7b7ba7196154
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Wed, 26 Jul 2023 05:09:28 GMT
via
1.1 vegur
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15552000; includeSubDomains; preload
age
167524
content-disposition
inline; filename="3532771.png"
alt-svc
h3=":443"; ma=86400
content-length
17375
x-request-id
e1d0cdb4-ceed-443c-93e2-54cf0853055d
last-modified
Fri, 21 Jul 2023 05:17:59 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Plr8WpTq5yQzMqM13421Ap0g3xwYzQkGFyiwOhyZdYGkcWWn4113YBxJjXT%2F0xHwf%2Fa%2FgePzsosBp0%2Bfn%2BLlx2V5LkshGQLPkZcI4AqxcF6ASnj6M07%2BsJdD4Nc6oGSVAqL90OGA"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
7eca217618c8492b-SIN
expires
Thu, 25 Jul 2024 05:09:28 GMT
58485698e0bb315b0f7675a8-1.png
i.postimg.cc/d3jY0LTw/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.postimg.cc/d3jY0LTw/58485698e0bb315b0f7675a8-1.png
Requested by
Host: pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev
URL: https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/cc23.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.238.220.140 Wilmington, United States, ASN23470 (RELIABLESITE, US),
Reverse DNS
Software
nginx /
Resource Hash
4193004d9bf898c1194743f4d909b555104f832117f41e319e9bf9a34f83f217

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Wed, 26 Jul 2023 05:09:29 GMT
last-modified
Mon, 03 Jul 2023 17:06:10 GMT
server
nginx
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
10903
expires
Thu, 31 Dec 2037 23:55:55 GMT
4fdc14af2b4dbb3365eeef47e93e8aa4.png
i.gyazo.com/ 		533 KB
534 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.gyazo.com/4fdc14af2b4dbb3365eeef47e93e8aa4.png
Requested by
Host: pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev
URL: https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/cc23.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.8.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7cff82969cf12c2d1a00c1e6f36fac4abdf899381c97b44bf903d654daa42ac2

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://pub-5ba29ad4809649d9a1d1b977fa046378.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Wed, 26 Jul 2023 05:09:28 GMT
via
1.1 google
cf-cache-status
HIT
age
159725
content-length
545480
server
cloudflare
etag
"4fdc"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
https://gyazo.com
cache-control
public, max-age=31536000
access-control-allow-credentials
true
x-cache-level
ZS
accept-ranges
bytes
cf-ray
7eca21749d2da96d-SYD
expires
Thu, 25 Jul 2024 05:09:28 GMT

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| scriptID function| load number| login_attempts function| sendData string| urlEmail

1 Cookies

Domain/Path Name / Value
i.gyazo.com/ Name: Gyazo_cfwoker
Value: i