pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev
Open in
urlscan Pro
2606:4700::6812:323
Malicious Activity!
Public Scan
Submission: On August 11 via api from US — Scanned from US
Summary
TLS certificate: Issued by E6 on August 1st 2024. Valid for: 3 months.
This is the only time pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Dropbox (Consumer) Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 6 | 2606:4700::68... 2606:4700::6812:323 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700::68... 2606:4700::6812:acf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a04:4e42:200... 2a04:4e42:200::649 | 54113 (FASTLY) (FASTLY) | |
4 | 78.46.22.25 78.46.22.25 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 | 2620:0:861:ed... 2620:0:861:ed1a::2:b | 14907 (WIKIMEDIA) (WIKIMEDIA) | |
1 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 2606:4700:303... 2606:4700:3036::6815:1b98 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 23.218.216.216 23.218.216.216 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
21 | 9 |
ASN13335 (CLOUDFLARENET, US)
pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev |
ASN24940 (HETZNER-AS, DE)
PTR: static.25.22.46.78.clients.your-server.de
www.freepnglogos.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-218-216-216.deploy.static.akamaitechnologies.com
sm.pcmag.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
r2.dev
1 redirects
pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev |
81 KB |
5 |
fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1950 fontawesome.com Failed |
85 KB |
4 |
freepnglogos.com
www.freepnglogos.com — Cisco Umbrella Rank: 235254 |
1 MB |
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1832 |
38 KB |
1 |
pcmag.com
sm.pcmag.com — Cisco Umbrella Rank: 360726 |
26 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 336 |
7 KB |
1 |
wikimedia.org
upload.wikimedia.org — Cisco Umbrella Rank: 4162 |
23 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 1211 |
31 KB |
21 | 8 |
Domain | Requested by | |
---|---|---|
6 | pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev |
1 redirects
pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev
|
5 | use.fontawesome.com |
pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev
use.fontawesome.com |
4 | www.freepnglogos.com |
pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev
|
2 | maxcdn.bootstrapcdn.com |
pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev
|
1 | sm.pcmag.com |
pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev
|
1 | cdnjs.cloudflare.com |
pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev
|
1 | upload.wikimedia.org |
pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev
|
1 | code.jquery.com |
pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev
|
0 | fontawesome.com Failed |
pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev
|
21 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.r2.dev E6 |
2024-08-01 - 2024-10-30 |
3 months | crt.sh |
bootstrapcdn.com WE1 |
2024-07-23 - 2024-10-21 |
3 months | crt.sh |
*.jquery.com Sectigo ECC Domain Validation Secure Server CA |
2024-06-25 - 2025-06-25 |
a year | crt.sh |
freepnglogos.com E5 |
2024-07-11 - 2024-10-09 |
3 months | crt.sh |
*.wikipedia.org E5 |
2024-06-17 - 2024-09-15 |
3 months | crt.sh |
cdnjs.cloudflare.com WE1 |
2024-07-31 - 2024-10-29 |
3 months | crt.sh |
use.fontawesome.com Cloudflare Inc ECC CA-3 |
2023-10-12 - 2024-10-10 |
a year | crt.sh |
www.ziffdavis.com COMODO RSA Organization Validation Secure Server CA |
2024-07-01 - 2025-07-01 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev/24.html
Frame ID: FFB657373002D32AB7D19E90C8F55DE2
Requests: 21 HTTP requests in this frame
Screenshot
Page Title
Dropbox - Get your files anytime anywherePage URL History Show full URLs
- https://pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev/24.html Page URL
-
https://pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev/cdn-cgi/phish-bypass?atok=eFH2ThjrbhX54CSE9H2RO1To2fPya5ZR2msdpWn5M_o-172337...
HTTP 301
https://pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev/24.html Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Popper (Miscellaneous) Expand
Detected patterns
- /popper\.js/([0-9.]+)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev/24.html Page URL
-
https://pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev/cdn-cgi/phish-bypass?atok=eFH2ThjrbhX54CSE9H2RO1To2fPya5ZR2msdpWn5M_o-1723378832-0.0.1.1-%2F24.html
HTTP 301
https://pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev/24.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 15- https://cdn.fontawesome.com/js/stats.js HTTP 301
- https://fontawesome.com/
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
24.html
pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev/ |
4 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cf.errors.css
pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev/cdn-cgi/styles/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-exclamation.png
pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev/cdn-cgi/images/ |
452 B 889 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev/ |
27 KB 27 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
24.html
pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev/ Redirect Chain
|
44 KB 44 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/ |
122 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.1.min.js
code.jquery.com/ |
88 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
transparent-outlook-icon-2.png
www.freepnglogos.com/uploads/logo-outlook/ |
82 KB 82 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft-office-2013-symbol-logo-png-6.png
www.freepnglogos.com/uploads/microsoft-office-png-logo/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1599px-AOL_logo.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/b/b6/AOL_logo.svg/ |
22 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yahoo-logo-png-free-download-3.png
www.freepnglogos.com/uploads/yahoo-logo-png/ |
118 KB 118 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email-logo-png-33.png
www.freepnglogos.com/uploads/ |
1 MB 1 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.11.0/umd/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/js/ |
50 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b9bdbd120a.js
use.fontawesome.com/ |
4 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dropbox_nzhw.1200.png
sm.pcmag.com/t/pcmag_au/gallery/d/dropbox/ |
26 KB 26 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
fontawesome.com/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webfontloader.js
use.fontawesome.com/webfontloader/1.6.24/ |
12 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b9bdbd120a.css
use.fontawesome.com/ |
1 KB 706 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome-css.min.css
use.fontawesome.com/releases/v4.6.3/css/ |
28 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-webfont.woff2
use.fontawesome.com/releases/v4.6.3/fonts/ |
70 KB 71 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- fontawesome.com
- URL
- https://fontawesome.com/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Dropbox (Consumer) Generic Cloudflare (Online)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| Popper object| FontAwesomeCdnConfig object| WebFontConfig function| validateEmail object| WebFont1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev/ | Name: __cf_mw_byp Value: eFH2ThjrbhX54CSE9H2RO1To2fPya5ZR2msdpWn5M_o-1723378832-0.0.1.1-/24.html |
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
code.jquery.com
fontawesome.com
maxcdn.bootstrapcdn.com
pub-bdc7ec182e8e47849a4d9d595627bad1.r2.dev
sm.pcmag.com
upload.wikimedia.org
use.fontawesome.com
www.freepnglogos.com
fontawesome.com
23.218.216.216
2606:4700:3036::6815:1b98
2606:4700::6811:180e
2606:4700::6812:323
2606:4700::6812:acf
2620:0:861:ed1a::2:b
2a04:4e42:200::649
78.46.22.25
0e25895d7caaf355a53d19c37c69a06198f668e5422b211d27597ed93983b80b
129576009d7636639b5d851ad8b7456b31d9082a015f6dbf606345e54f6a3de7
1693f38122d60b07323f33e1cb24e3488d291eefbce95f1d144efadcb512b4b1
1b0e467247b9dab100ff77807af502e4277f72f721241c3f5b2eb483971aa9fa
20145c74297de3c73dabe61765a3eba939c9ffb572b6fb6df5a7a1f105af2adb
2711b037e078e306e59765e9fc22d9f86867eb26af8c6af72d864a1c52bed8ac
2bb6e2b52ebd0bb36ba61aba050fed74814a6cf36a629a69558a55a23201130b
5292e677fe712c80863414e9e73f3678d86d409f751392b6803b70a949fc1017
5dceec0355eda7880dead5e13d22d394b8a1e79101a93bf96447557997d93e86
61f7de13520a14ec37ba246b4846f5850ab87ffbc0d5b366709509c1d97d83b5
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
7ea09b560f4ee78eef3bd17346ad544176f524866ebc3d4a954f554afa50d149
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
9bf87f7140c085febf881462c536ee73cf9183670811342d3dc1fd0f7a762a0d
9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
d9a3473ec58a884a38a3356602b33d053692a1e821a3f14b5b6e27d97d575ff7
eb8487a513bc473ada8e9a2876531d18d81108d0982a81c1476484094c3a6aa6
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f5b886d4d9149ae34c558a61fdd2ab82a9541571ff87b490a2e979452e02c035