pub-cb99e8f486f749718b5ea5871644fa13.r2.dev Open in urlscan Pro
104.18.3.35  Public Scan

Submitted URL: http://accountspayable-911607653.mendeseflor.com.br/connect/911607653911607653911607653/redacted_email
Effective URL: https://pub-cb99e8f486f749718b5ea5871644fa13.r2.dev/ADOBE-Auto.html
Submission: On February 28 via api from US — Scanned from US

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 7 HTTP transactions. The main IP is 104.18.3.35, located in and belongs to CLOUDFLARENET, US. The main domain is pub-cb99e8f486f749718b5ea5871644fa13.r2.dev.
TLS certificate: Issued by E1 on February 6th 2024. Valid for: 3 months.
This is the only time pub-cb99e8f486f749718b5ea5871644fa13.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 162.241.203.20 19871 (NETWORK-S...)
1 104.18.3.35 13335 (CLOUDFLAR...)
1 46.4.12.120 24940 (HETZNER-AS)
2 104.18.25.163 13335 (CLOUDFLAR...)
1 172.66.42.211 13335 (CLOUDFLAR...)
1 162.249.168.129 26548 (PUREVOLTA...)
7 6
Apex Domain
Subdomains
Transfer
2 gyazo.com
i.gyazo.com — Cisco Umbrella Rank: 93783
545 KB
1 postimg.cc
i.postimg.cc — Cisco Umbrella Rank: 19265
11 KB
1 iconfinder.com
cdn3.iconfinder.com — Cisco Umbrella Rank: 82906
9 KB
1 stripocdn.email
hbnvym.stripocdn.email
2 KB
1 r2.dev
pub-cb99e8f486f749718b5ea5871644fa13.r2.dev
7 KB
1 mendeseflor.com.br
accountspayable-911607653.mendeseflor.com.br
337 B
7 6
Domain Requested by
2 i.gyazo.com pub-cb99e8f486f749718b5ea5871644fa13.r2.dev
1 i.postimg.cc pub-cb99e8f486f749718b5ea5871644fa13.r2.dev
1 cdn3.iconfinder.com pub-cb99e8f486f749718b5ea5871644fa13.r2.dev
1 hbnvym.stripocdn.email pub-cb99e8f486f749718b5ea5871644fa13.r2.dev
1 pub-cb99e8f486f749718b5ea5871644fa13.r2.dev
1 accountspayable-911607653.mendeseflor.com.br
7 6

This site contains no links.

Subject Issuer Validity Valid
*.r2.dev
E1
2024-02-06 -
2024-05-06
3 months crt.sh
*.stripocdn.email
Sectigo RSA Domain Validation Secure Server CA
2023-12-01 -
2024-12-09
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-05-04 -
2024-05-03
a year crt.sh
iconfinder.com
E1
2024-01-31 -
2024-04-30
3 months crt.sh
postimg.cc
R3
2024-02-21 -
2024-05-21
3 months crt.sh

This page contains 1 frames:

Primary Page: https://pub-cb99e8f486f749718b5ea5871644fa13.r2.dev/ADOBE-Auto.html
Frame ID: D1D3A18EE990D479D7CBC630273F1839
Requests: 7 HTTP requests in this frame

Screenshot

Page Title

Adobe Acrobat Pro

Page Statistics

7
Requests

86 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

6
IPs

3
Countries

575 kB
Transfer

571 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
redacted_email
accountspayable-911607653.mendeseflor.com.br/connect/911607653911607653911607653/
0
337 B
Document
General
Full URL
http://accountspayable-911607653.mendeseflor.com.br/connect/911607653911607653911607653/redacted_email
Protocol
HTTP/1.1
Server
162.241.203.20 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
162-241-203-20.unifiedlayer.com
Software
Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Accept-Ranges
none
Connection
Upgrade, Keep-Alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Wed, 28 Feb 2024 16:45:05 GMT
Keep-Alive
timeout=5, max=75
Server
Apache
Upgrade
h2,h2c
refresh
0;url=https://pub-cb99e8f486f749718b5ea5871644fa13.r2.dev/ADOBE-Auto.html#nani?redacted_email
Primary Request ADOBE-Auto.html
pub-cb99e8f486f749718b5ea5871644fa13.r2.dev/
7 KB
7 KB
Document
General
Full URL
https://pub-cb99e8f486f749718b5ea5871644fa13.r2.dev/ADOBE-Auto.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.18.3.35 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
014387cc1937834375c0b7c27020d7c3e5a79a6fbc041cc52f0e3035ff5a86ac

Request headers

Referer
http://accountspayable-911607653.mendeseflor.com.br/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Accept-Ranges
bytes
CF-RAY
85ca22cb4ca44295-EWR
Connection
keep-alive
Content-Length
7202
Content-Type
text/html
Date
Wed, 28 Feb 2024 16:45:05 GMT
ETag
"8a96a270070cc134cb67b0a583284bee"
Last-Modified
Tue, 21 Nov 2023 16:23:28 GMT
Server
cloudflare
Vary
Accept-Encoding
27871606327782994.png
hbnvym.stripocdn.email/content/guids/CABINET_9decfa2d808095ba31c0f1bd0ab542d7/images/
1 KB
2 KB
Image
General
Full URL
https://hbnvym.stripocdn.email/content/guids/CABINET_9decfa2d808095ba31c0f1bd0ab542d7/images/27871606327782994.png
Requested by
Host: pub-cb99e8f486f749718b5ea5871644fa13.r2.dev
URL: https://pub-cb99e8f486f749718b5ea5871644fa13.r2.dev/ADOBE-Auto.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.4.12.120 Bad Muenstereifel, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.120.12.4.46.clients.your-server.de
Software
nginx /
Resource Hash
3c9a26e82535a543536eb8b18186d6a277430208c151d9e8777a45980ef012e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://pub-cb99e8f486f749718b5ea5871644fa13.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 28 Feb 2024 16:45:05 GMT
x-amz-version-id
RUnOc9qIJO4onzhOzw2KOH8D0MT4bqdY
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-node-name
cdn8.stripocdn.email
x-cache-status
HIT
x-amz-meta-orgignalwidth
0
content-length
1366
x-xss-protection
1; mode=block
last-modified
Wed, 25 Nov 2020 18:09:44 GMT
server
nginx
etag
"151ea396dc0847146aba9cc794a707c6"
x-frame-options
SAMEORIGIN
x-amz-meta-orgignalheigth
0
content-type
image/png
access-control-allow-origin
*
x-amz-meta-stripooriginalfilename
unnamed+%282%29.png
6696ea0b401cbe3fb90177b597c2c051.png
i.gyazo.com/
11 KB
12 KB
Image
General
Full URL
https://i.gyazo.com/6696ea0b401cbe3fb90177b597c2c051.png
Requested by
Host: pub-cb99e8f486f749718b5ea5871644fa13.r2.dev
URL: https://pub-cb99e8f486f749718b5ea5871644fa13.r2.dev/ADOBE-Auto.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.25.163 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ddf5887ce15778102013d5527ec1fd09bc400fa19b91416b36b828ecdbd76ca8

Request headers

accept-language
en-US,en;q=0.9
Referer
https://pub-cb99e8f486f749718b5ea5871644fa13.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 28 Feb 2024 16:45:05 GMT
via
1.1 google
cf-cache-status
HIT
age
2349886
content-length
11741
server
cloudflare
etag
"6696"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
https://gyazo.com
cache-control
public, max-age=31536000
access-control-allow-credentials
true
x-cache-level
ZS
accept-ranges
bytes
cf-ray
85ca22cc6bc942cb-EWR
expires
Thu, 27 Feb 2025 16:45:05 GMT
outlook-512.png
cdn3.iconfinder.com/data/icons/popular-services-brands-vol-2/512/
8 KB
9 KB
Image
General
Full URL
https://cdn3.iconfinder.com/data/icons/popular-services-brands-vol-2/512/outlook-512.png
Requested by
Host: pub-cb99e8f486f749718b5ea5871644fa13.r2.dev
URL: https://pub-cb99e8f486f749718b5ea5871644fa13.r2.dev/ADOBE-Auto.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.66.42.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bff981e2a9636569e63edcc694b8699110221f2be0f3da32e231aa0b4a88d2c9
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://pub-cb99e8f486f749718b5ea5871644fa13.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 28 Feb 2024 16:45:05 GMT
via
1.1 vegur
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
strict-transport-security
max-age=15552000; includeSubDomains; preload
age
188900
cf-polished
origFmt=png, origSize=17375
content-disposition
inline; filename="outlook-512.webp"
alt-svc
h3=":443"; ma=86400
content-length
8450
x-request-id
84f83b0d-3f06-43c3-8977-0391ad269ca8
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1707073797&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&s=StdYfYZ2TbZG2%2B%2BR1pTRUmMvcKRyKfqBzw%2FR4xCfcTE%3D
cf-bgj
imgq:100,h2pri
last-modified
Sun, 25 Feb 2024 19:39:14 GMT
server
cloudflare
vary
Accept
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1707073797&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&s=StdYfYZ2TbZG2%2B%2BR1pTRUmMvcKRyKfqBzw%2FR4xCfcTE%3D"}]}
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
85ca22cc8937335a-EWR
expires
Thu, 27 Feb 2025 16:45:05 GMT
58485698e0bb315b0f7675a8-1.png
i.postimg.cc/d3jY0LTw/
11 KB
11 KB
Image
General
Full URL
https://i.postimg.cc/d3jY0LTw/58485698e0bb315b0f7675a8-1.png
Requested by
Host: pub-cb99e8f486f749718b5ea5871644fa13.r2.dev
URL: https://pub-cb99e8f486f749718b5ea5871644fa13.r2.dev/ADOBE-Auto.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.249.168.129 , United States, ASN26548 (PUREVOLTAGE-INC, US),
Reverse DNS
Software
nginx /
Resource Hash
4193004d9bf898c1194743f4d909b555104f832117f41e319e9bf9a34f83f217

Request headers

accept-language
en-US,en;q=0.9
Referer
https://pub-cb99e8f486f749718b5ea5871644fa13.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 28 Feb 2024 16:45:05 GMT
last-modified
Mon, 03 Jul 2023 17:06:10 GMT
server
nginx
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
10903
expires
Thu, 31 Dec 2037 23:55:55 GMT
4fdc14af2b4dbb3365eeef47e93e8aa4.png
i.gyazo.com/
533 KB
533 KB
Image
General
Full URL
https://i.gyazo.com/4fdc14af2b4dbb3365eeef47e93e8aa4.png
Requested by
Host: pub-cb99e8f486f749718b5ea5871644fa13.r2.dev
URL: https://pub-cb99e8f486f749718b5ea5871644fa13.r2.dev/ADOBE-Auto.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.25.163 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7cff82969cf12c2d1a00c1e6f36fac4abdf899381c97b44bf903d654daa42ac2

Request headers

accept-language
en-US,en;q=0.9
Referer
https://pub-cb99e8f486f749718b5ea5871644fa13.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Wed, 28 Feb 2024 16:45:05 GMT
via
1.1 google
cf-cache-status
HIT
age
575457
content-length
545480
server
cloudflare
etag
"4fdc"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
https://gyazo.com
cache-control
public, max-age=31536000
access-control-allow-credentials
true
x-cache-level
ZS
accept-ranges
bytes
cf-ray
85ca22cc7bd642cb-EWR
expires
Thu, 27 Feb 2025 16:45:05 GMT

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| scriptID function| load number| login_attempts function| sendData string| urlEmail

1 Cookies

Domain/Path Name / Value
i.gyazo.com/ Name: Gyazo_cfwoker
Value: i

2 Console Messages

Source Level URL
Text
other warning URL: https://pub-cb99e8f486f749718b5ea5871644fa13.r2.dev/ADOBE-Auto.html#nani?redacted_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://pub-cb99e8f486f749718b5ea5871644fa13.r2.dev/ADOBE-Auto.html#nani?redacted_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.