urlscan.io logo urlscan.io
SecurityTrails logo

pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev Open in urlscan Pro
2606:4700::6812:223  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/push.html
Submission Tags: @phish_report
Submission: On June 15 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 11 HTTP transactions. The main IP is 2606:4700::6812:223, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev.
TLS certificate: Issued by E1 on June 3rd 2024. Valid for: 3 months.
This is the only time pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

IP Address AS Autonomous System
1 5 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2620:127:f00f... 13335 (CLOUDFLAR...)
2 142.250.186.33 15169 (GOOGLE)
1 2600:9000:236... 16509 (AMAZON-02)
11 6
5    2606:4700::6812:223 (United States)

ASN13335 (CLOUDFLARENET, US)
pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev
2    2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cdn.ampproject.org
1    2606:4700::6813:a641 (United States)

ASN13335 (CLOUDFLARENET, US)
res.cloudinary.com
1    2620:127:f00f:e:: (Canada)

ASN13335 (CLOUDFLARENET, US)
ijoonline.myshopify.com
2    142.250.186.33 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f1.1e100.net
cdn.ampproject.org
1    2600:9000:236e:e00:3:5f39:2780:93a1 (United States)

ASN16509 (AMAZON-02, US)
static-00.iconduck.com
Apex Domain
Subdomains		 Transfer
5 r2.dev
pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev
42 KB
4 ampproject.org
cdn.ampproject.org — Cisco Umbrella Rank: 472
82 KB
1 iconduck.com
static-00.iconduck.com — Cisco Umbrella Rank: 198190
106 KB
1 myshopify.com
ijoonline.myshopify.com
239 KB
1 cloudinary.com
res.cloudinary.com — Cisco Umbrella Rank: 3342
210 KB
11 5
Domain Requested by
5 pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev 1 redirects pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev
4 cdn.ampproject.org pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev
cdn.ampproject.org
1 static-00.iconduck.com
1 ijoonline.myshopify.com pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev
1 res.cloudinary.com pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev
11 5

This site contains no links.

Subject Issuer Validity Valid
*.r2.dev
E1		 2024-06-03 -
2024-09-01		 3 months crt.sh
misc-sni.google.com
WR2		 2024-05-27 -
2024-08-19		 3 months crt.sh
*.cloudinary.com
Go Daddy Secure Certificate Authority - G2		 2023-12-14 -
2024-06-22		 6 months crt.sh
myshopify.com
E5		 2024-06-11 -
2024-09-09		 3 months crt.sh
static-00.iconduck.com
Amazon RSA 2048 M01		 2023-07-19 -
2024-08-16		 a year crt.sh

This page contains 1 frames:

Primary Page: https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/push.html
Frame ID: E1E8A87976514EB7BE431CD79A949F95
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

SLOTGACOR ยป Daftar Link Judi Slot Online Resmi Mudah Maxwin

Page URL History Show full URLs

  1. https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/push.html Page URL
  2. https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/cdn-cgi/phish-bypass?atok=L4UR.0Og2OEKNuCnStEOb2qEvThW3jxBZAo768S13gg-171842... HTTP 301
    https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/push.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • lightbox(?:-plus-jquery)?.{0,32}\.js

Page Statistics

11
Requests

100 %
HTTPS

83 %
IPv6

5
Domains

5
Subdomains

6
IPs

3
Countries

679 kB
Transfer

916 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/push.html Page URL
  2. https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/cdn-cgi/phish-bypass?atok=L4UR.0Og2OEKNuCnStEOb2qEvThW3jxBZAo768S13gg-1718428746-0.0.1.1-%2Fpush.html HTTP 301
    https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/push.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
push.html
pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/ 		4 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/push.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9791107768fc2e3fc3d2782a9bdc7b2714de2d2cb03042fb7c39c8490affecd7
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
fi-FI,fi;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

CF-RAY
89401a70e923b4f1-OSL
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Sat, 15 Jun 2024 05:19:06 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
cf.errors.css
pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/cdn-cgi/styles/ 		23 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/cdn-cgi/styles/cf.errors.css
Requested by
Host: pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev
URL: https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/push.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/push.html
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 15 Jun 2024 05:19:06 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 11 Jun 2024 17:31:42 GMT
Server
cloudflare
ETag
W/"666889fe-5df3"
Transfer-Encoding
chunked
X-Frame-Options
DENY
Content-Type
text/css
Vary
Accept-Encoding
Cache-Control
max-age=7200, public
Connection
keep-alive
CF-RAY
89401a715968b4f1-OSL
Expires
Sat, 15 Jun 2024 07:19:06 GMT
icon-exclamation.png
pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/cdn-cgi/images/ 		452 B
889 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/cdn-cgi/images/icon-exclamation.png?1376755637
Requested by
Host: pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev
URL: https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/cdn-cgi/styles/cf.errors.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/cdn-cgi/styles/cf.errors.css
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 15 Jun 2024 05:19:06 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 11 Jun 2024 17:31:42 GMT
Server
cloudflare
ETag
"666889fe-1c4"
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=7200, public
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
89401a71b9a1b4f1-OSL
Content-Length
452
Expires
Sat, 15 Jun 2024 07:19:06 GMT
Primary Request push.html
pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/
Redirect Chain
  • https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/cdn-cgi/phish-bypass?atok=L4UR.0Og2OEKNuCnStEOb2qEvThW3jxBZAo768S13gg-1718428746-0.0.1.1-%2Fpush.html
  • https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/push.html
31 KB
32 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/push.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a799a12f853ca83e2629d777431f01a2af0fbf58db2b5919e573a76e1a2fc0d

Request headers

Accept-Language
fi-FI,fi;q=0.9;q=0.9
Referer
https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/push.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Accept-Ranges
bytes
CF-RAY
89401a916d52b4f1-OSL
Connection
keep-alive
Content-Length
32055
Content-Type
text/html
Date
Sat, 15 Jun 2024 05:19:11 GMT
ETag
"fe3b111ac694a8ebf1b2abca76c80406"
Last-Modified
Sat, 08 Jun 2024 19:37:18 GMT
Server
cloudflare
Vary
Accept-Encoding

Redirect headers

CF-RAY
89401a910d14b4f1-OSL
Cache-Control
private, no-cache
Connection
keep-alive
Content-Length
167
Content-Type
text/html
Date
Sat, 15 Jun 2024 05:19:11 GMT
Location
https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/push.html
Server
cloudflare
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
v0.js
cdn.ampproject.org/ 		278 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/v0.js
Requested by
Host: pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev
URL: https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/push.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9d5e2003f798252335c0faf032c62d6cb9b2c6ef4756e301b868398a8346b236
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
date
Sat, 15 Jun 2024 05:19:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
73073
x-xss-protection
0
server
sffe
etag
"a97eff4b207291bf"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3000, stale-while-revalidate=1206600
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sat, 15 Jun 2024 05:19:12 GMT
amp-anim-0.1.js
cdn.ampproject.org/v0/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/v0/amp-anim-0.1.js
Requested by
Host: pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev
URL: https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/push.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
aad4a38a6d4a642ec9ab4200dda2601baf8e481d45909f4a271d46597bb91019
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
date
Sat, 15 Jun 2024 05:19:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2466
x-xss-protection
0
server
sffe
etag
"c06b629613dcf06b"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=604800, stale-while-revalidate=604800
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sat, 15 Jun 2024 05:19:12 GMT
s9t8uYW_m5iv3i.png
res.cloudinary.com/dytrxbfnl/image/upload/v1707022235/samples/ 		209 KB
210 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://res.cloudinary.com/dytrxbfnl/image/upload/v1707022235/samples/s9t8uYW_m5iv3i.png
Requested by
Host: pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev
URL: https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/push.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:a641 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea75170d6239aed92808a546f3a27631d2f78b6758bf6fb4951df76a38353fc2
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 15 Jun 2024 05:19:12 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
server-timing
cld-cloudflare;dur=17;start=2024-06-15T05:19:12.612Z;desc=hit,rtt;dur=54,content-info;desc="width=1000,height=224,bytes=214400,o=1,ef=(17);"
content-length
214400
last-modified
Sun, 04 Feb 2024 04:50:36 GMT
server
cloudflare
etag
"d81f78ddf43ea7b3314abdd4246d24bf"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
cache-control
public, no-transform, immutable, max-age=2592000
accept-ranges
bytes
cf-ray
89401a97cba256cb-OSL
timing-allow-origin
*
slot-gacor.jpg
ijoonline.myshopify.com/cdn/shop/files/ 		238 KB
239 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ijoonline.myshopify.com/cdn/shop/files/slot-gacor.jpg
Requested by
Host: pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev
URL: https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/push.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02aff5f212657ab8d5f83a5a8a0069224cf48cad5cd15690a1315c2fc66e84f1
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 15 Jun 2024 05:19:12 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
age
148874
x-permitted-cross-domain-policies
none
source-type
image/jpeg
server-timing
imagery;dur=447.022, imageryFetch;dur=101.506, imageryProcess;dur=344.745;desc="image", cfRequestDuration;dur=13.000011, ipv6
source-length
275035
content-length
243656
x-xss-protection
1; mode=block
x-sorting-hat-shopid
86837559594
x-request-id
b7468c5c-c040-4f62-a921-1c02dd6754d1-1717450582
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 03 Jun 2024 21:36:22 GMT
server
cloudflare
x-shopid
86837559594
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5S1XgAY4GU4IOSVqVKJ95NX6mUa5niQVxvoA6xTA%2B2YR1T%2BpYoJZ9DdVj8fGrn9pTpHaHg7J3cRSjfT7oykZk4%2FpRF7DLCZbZhwjFVw61qpTa1B5DYfGUZ68rifXp0A2h19p3n0KYIIWNqbpD6A3Ga91zSpX"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
x-download-options
noopen
accept-ranges
bytes
timing-allow-origin
*
cf-ray
89401a975de08d73-HEL
x-sorting-hat-podid
297
amp-auto-lightbox-0.1.js
cdn.ampproject.org/rtv/012405300626000/v0/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012405300626000/v0/amp-auto-lightbox-0.1.js
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.33 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f1.1e100.net
Software
sffe /
Resource Hash
74b2ab7f9b09d5a6f6ccd6e5f03f360b33f0f1f143f531b2b359a52954c8ee75
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/
Origin
https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Fri, 14 Jun 2024 16:40:06 GMT
age
45546
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2974
x-xss-protection
0
server
sffe
etag
"d78510ac2b65c95f"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sat, 14 Jun 2025 16:40:06 GMT
amp-loader-0.1.js
cdn.ampproject.org/rtv/012405300626000/v0/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012405300626000/v0/amp-loader-0.1.js
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.33 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f1.1e100.net
Software
sffe /
Resource Hash
c0c64baec3fdd695a191ae75c458d5f69b826e2279ca9f350cd5bbe1974c534a
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/
Origin
https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Sat, 15 Jun 2024 00:25:00 GMT
age
17652
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3938
x-xss-protection
0
server
sffe
etag
"d6baacf2ffc164c5"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sun, 15 Jun 2025 00:25:00 GMT
slots-icon-2048x2048-jqawu1y0.png
static-00.iconduck.com/assets.00/ 		106 KB
106 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://static-00.iconduck.com/assets.00/slots-icon-2048x2048-jqawu1y0.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:236e:e00:3:5f39:2780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5c37e64c25880d68b799036dbcf656aee9e2d4f09ddf180a8a85996832a34126

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 15 Jun 2024 04:33:13 GMT
via
1.1 bf791e1829ff18782cd9837fbba03616.cloudfront.net (CloudFront)
last-modified
Mon, 24 Oct 2022 14:01:54 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
age
2760
etag
"7320ee88e908aa8b85f6cf4901b12062"
x-amz-server-side-encryption
AES256
vary
Origin
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
108175
x-amz-cf-id
kGqup7Kdj-Ch7EhF5Rg2yC1C2TNsZEs1DRzCEjHA9Nl8-f-z1FwLqQ==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage object| AMP object| AMP_CONFIG object| AMP_EXP object| __AMP_LOG function| HTMLElementOrig object| __AMP_ERRORS object| __AMP_MODE function| __AMP_REPORT_ERROR object| __AMP_TOP object| __AMP_SERVICES object| __AMP__EXPERIMENT_TOGGLES object| __AMP_URL_CACHE boolean| __AMP_TAG object| __AMP_EXTENDED_ELEMENTS function| __AMP_BASE_CE_CLASS

1 Cookies

Domain/Path Name / Value
.pub-bb4310a6d52845648f0979f7bf6c9d9b.r2.dev/ Name: __cf_mw_byp
Value: L4UR.0Og2OEKNuCnStEOb2qEvThW3jxBZAo768S13gg-1718428746-0.0.1.1-/push.html

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN