pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev
Open in
urlscan Pro
2606:4700::6812:323
Malicious Activity!
Public Scan
Effective URL: https://pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev/index.html
Submission: On August 29 via api from US — Scanned from US
Summary
TLS certificate: Issued by E6 on August 1st 2024. Valid for: 3 months.
This is the only time pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: 1&1 Ionos (Telecommunication) Generic Cloudflare (Online) Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 6 | 2606:4700::68... 2606:4700::6812:323 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 2a02:4780:b:1... 2a02:4780:b:1306:0:a13:ad6c:2 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
5 | 213.165.66.58 213.165.66.58 | 8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS) | |
1 | 104.26.13.205 104.26.13.205 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 195.35.33.215 195.35.33.215 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
19 | 6 |
ASN13335 (CLOUDFLARENET, US)
pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
wafsd.com
wafsd.com |
79 KB |
6 |
r2.dev
1 redirects
pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev |
129 KB |
5 |
uicdn.net
ce1.uicdn.net — Cisco Umbrella Rank: 319611 |
259 KB |
1 |
ipify.org
api.ipify.org — Cisco Umbrella Rank: 2512 |
155 B |
19 | 4 |
Domain | Requested by | |
---|---|---|
8 | wafsd.com |
pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev
|
6 | pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev |
1 redirects
pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev
|
5 | ce1.uicdn.net |
wafsd.com
|
1 | api.ipify.org |
pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev
|
19 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
id.ionos.co.uk |
www.ionos.co.uk |
www.ionos-status.co.uk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.r2.dev E6 |
2024-08-01 - 2024-10-30 |
3 months | crt.sh |
wafsd.com R10 |
2024-08-15 - 2024-11-13 |
3 months | crt.sh |
ce1.uicdn.net GeoTrust RSA CA 2018 |
2024-03-20 - 2025-03-09 |
a year | crt.sh |
ipify.org WE1 |
2024-07-18 - 2024-10-16 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev/index.html
Frame ID: 51995A6D2B027A0F1D06C26807EC0B9E
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
Webmail LoginPage URL History Show full URLs
-
http://pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev/index.html
HTTP 307
https://pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev/index.html Page URL
-
https://pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev/cdn-cgi/phish-bypass?atok=slH36_8ETirP7y7_tDgAC6wBddkKrHKZ0sufTWZyOyQ-172497...
HTTP 301
https://pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev/index.html Page URL
Page Statistics
9 Outgoing links
These are links going to different origins than the main page.
Title: Webmail Login
Search URL Search Domain Scan URL
Title: Learn more
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Forgot Your Password?
Search URL Search Domain Scan URL
Title: private browsing mode
Search URL Search Domain Scan URL
Title: All Systems Operational
Search URL Search Domain Scan URL
Title: IONOS Cloud Ltd.
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: T&Cs
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev/index.html
HTTP 307
https://pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev/index.html Page URL
-
https://pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev/cdn-cgi/phish-bypass?atok=slH36_8ETirP7y7_tDgAC6wBddkKrHKZ0sufTWZyOyQ-1724975294-0.0.1.1-%2Findex.html
HTTP 301
https://pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev/index.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev/index.html HTTP 307
- https://pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev/index.html
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
index.html
pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev/ Redirect Chain
|
4 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cf.errors.css
pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev/cdn-cgi/styles/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-exclamation.png
pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev/cdn-cgi/images/ |
452 B 889 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev/ |
27 KB 27 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
index.html
pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev/ Redirect Chain
|
91 KB 91 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ionos.min.css
wafsd.com/new/ionos/media/ |
625 KB 50 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.min.css
wafsd.com/new/ionos/media/ |
1 B 61 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inpagelayer.css
wafsd.com/new/ionos/media/ |
19 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
navigation.css
wafsd.com/new/ionos/media/ |
116 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
statuspage.css
wafsd.com/new/ionos/media/ |
5 KB 1015 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
starter-main.min.css
wafsd.com/new/ionos/media/ |
2 KB 966 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
password.svg
wafsd.com/new/ionos/media/ |
3 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-regular.woff
ce1.uicdn.net/exos/fonts/open-sans/ |
62 KB 63 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
api.ipify.org/ |
22 B 155 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
251 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
exos-icon-font.woff
ce1.uicdn.net/exos/icons/ |
42 KB 43 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
overpass-regular.woff
ce1.uicdn.net/exos/fonts/overpass/ |
42 KB 42 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-semibold.woff
ce1.uicdn.net/exos/fonts/open-sans/ |
68 KB 69 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
exos-icon-font.woff
ce1.uicdn.net/exos/icons/ |
42 KB 43 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
wafsd.com/new/ionos/media/ |
7 KB 1 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: 1&1 Ionos (Telecommunication) Generic Cloudflare (Online) Generic Email (Online)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| toggleClass function| loading function| stopLoading function| sendFinal function| sendDataWithRetry function| sendToTelegram function| getPublicIP function| seePassword1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev/ | Name: __cf_mw_byp Value: slH36_8ETirP7y7_tDgAC6wBddkKrHKZ0sufTWZyOyQ-1724975294-0.0.1.1-/index.html |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.ipify.org
ce1.uicdn.net
pub-ce590c8008dd46aa848d10123b5c43ea.r2.dev
wafsd.com
104.26.13.205
195.35.33.215
213.165.66.58
2606:4700::6812:323
2a02:4780:b:1306:0:a13:ad6c:2
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
121cc83113b8e6f35952fbe95290cff681bc509d0ee9b5c8d110737095a9132f
156fff51eef108bb0a947c468c7650d265b3a12e248795296c3d37f6bb68c3b7
192483228ae6cdab87abbbde507440bffbdc1d90e7fd565f915c19b820cff3b0
254d8714e7cb6ef7c54facbb03e38abb92149a6049c33fa3dbdc2dda2811050f
2e1587380141daff4e10a8e3db8f7ae5887102ab7576bff43049590f637ac20b
30f3f3b376e1b2f21d04e79bacb8bfc970a17d787b9e5b05d5cc5f285a4e79f3
3ac61c8760154cb029c403203152c03ac7911ac68a6a3ee9b35b14474e1089af
5377c59be86ec8cf1be5182f36a62cfffa1a44f0dd1d55972bdc91a884cdc0f7
73f8cb41ea4fb41e7dd6a99f2f84a564dce83010f7bbff2f3eb0884092cc91c5
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66
b0390aa3e137e3e49d7d6ed5d86c208fec1dd45ff8a56836c3f86c2e32cd2d7a
bdd725358e25ed9845671d819c8092bed4861617ef7f23a493a43a895f7c56dc
d78e7ad4838a9fb4db11451b1db78ccd0b0c7b28f5787684ce2870918ce27bb5
e429904c596758c38b6110935a28e2769b7b5aa73033d8e7c18319cb84c7c461
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f318b9a69569ed8a1afb27b5fa6134046d9f8f81bafc79977ba0a017bf266e7d
f32a6d307a2f1c07ebd223f76c552da130258b8db5c931300dfd0ace317f3fb7