pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev Open in urlscan Pro
2606:4700::6812:223 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html
Submission: On July 04 via automatic, source phishtank (July 4th 2024, 2:15:42 am UTC) — Scanned from DE

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 12 IPs in 5 countries across 12 domains to perform 18 HTTP transactions. The main IP is 2606:4700::6812:223, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev.
TLS certificate: Issued by E1 on June 3rd 2024. Valid for: 3 months.

This is the only time pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 6	2606:4700::68... 2606:4700::6812:223	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:81d::200a	15169 (GOOGLE) (GOOGLE)
1	104.26.6.17 104.26.6.17	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a02:ec80:300... 2a02:ec80:300:ed1a::2:b	14907 (WIKIMEDIA) (WIKIMEDIA)
2	104.21.233.157 104.21.233.157	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.190.76 172.67.190.76	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	66.29.143.149 66.29.143.149	22612 (NAMECHEAP...) (NAMECHEAP-NET)
1	199.193.204.233 199.193.204.233	16406 (AS-INTERM...) (AS-INTERMEDIA)
1	103.146.112.110 103.146.112.110	136557 (HOST-AS-A...) (HOST-AS-AP Host Universal Pty Ltd)
1	2600:9000:267... 2600:9000:2670:be00:e:7f4a:8900:93a1	16509 (AMAZON-02) (AMAZON-02)
1	144.76.109.178 144.76.109.178	24940 (HETZNER-AS) (HETZNER-AS)
1	162.19.58.156 162.19.58.156	16276 (OVH) (OVH)
18	12

6 2606:4700::6812:223 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.6.17 (None, )

ASN13335 (CLOUDFLARENET, US)

logodownload.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:ec80:300:ed1a::2:b (United States)

ASN14907 (WIKIMEDIA, US)

upload.wikimedia.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.21.233.157 (None, )

ASN13335 (CLOUDFLARENET, US)

toppng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.190.76 (United States)

ASN13335 (CLOUDFLARENET, US)

seeklogo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.29.143.149 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: mail.kindpng.com

www.kindpng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.193.204.233 (United States)

ASN16406 (AS-INTERMEDIA, US)
PTR: serverdata.net

controlpanel.serverdata.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.146.112.110 (Australia)

ASN136557 (HOST-AS-AP Host Universal Pty Ltd, AU)
PTR: cp52.hosting-cloud.net

www.in2tech.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2670:be00:e:7f4a:8900:93a1 (United States)

ASN16509 (AMAZON-02, US)

asset.brandfetch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 144.76.109.178 (Hamm, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.178.109.76.144.clients.your-server.de

www.freeiconspng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.58.156 (France)

ASN16276 (OVH, FR)
PTR: ns3096358.ip-162-19-58.eu

i.ibb.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	r2.dev 1 redirects pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev	53 KB
2	toppng.com toppng.com — Cisco Umbrella Rank: 298114	28 KB
2	wikimedia.org upload.wikimedia.org — Cisco Umbrella Rank: 3915	58 KB
1	ibb.co i.ibb.co — Cisco Umbrella Rank: 10821	187 KB
1	freeiconspng.com www.freeiconspng.com — Cisco Umbrella Rank: 168484	45 KB
1	brandfetch.io asset.brandfetch.io — Cisco Umbrella Rank: 142011	18 KB
1	in2tech.com.au www.in2tech.com.au	41 KB
1	serverdata.net controlpanel.serverdata.net	2 KB
1	kindpng.com www.kindpng.com — Cisco Umbrella Rank: 196641	28 KB
1	seeklogo.com seeklogo.com — Cisco Umbrella Rank: 111930	8 KB
1	logodownload.org logodownload.org — Cisco Umbrella Rank: 175075	165 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 469	31 KB
18	12

	Domain	Requested by
6	pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev	1 redirects pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
2	toppng.com	pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
2	upload.wikimedia.org	pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
1	i.ibb.co	pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
1	www.freeiconspng.com	pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
1	asset.brandfetch.io	pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
1	www.in2tech.com.au	pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
1	controlpanel.serverdata.net	pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
1	www.kindpng.com	pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
1	seeklogo.com	pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
1	logodownload.org	pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
1	ajax.googleapis.com	pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
18	12

This site contains no links.

Subject Issuer	Validity	Valid
*.r2.dev E1	`2024-06-03` - `2024-09-01`	3 months	crt.sh
upload.video.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
logodownload.org GTS CA 1P5	`2024-05-15` - `2024-08-13`	3 months	crt.sh
*.wikipedia.org DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-10-18` - `2024-10-16`	a year	crt.sh
toppng.com GTS CA 1P5	`2024-05-29` - `2024-08-27`	3 months	crt.sh
seeklogo.com E1	`2024-05-29` - `2024-08-27`	3 months	crt.sh
kindpng.com R3	`2024-05-16` - `2024-08-14`	3 months	crt.sh
*.serverdata.net GeoTrust TLS RSA CA G1	`2023-08-01` - `2024-08-31`	a year	crt.sh
in2tech.com.au E6	`2024-06-17` - `2024-09-15`	3 months	crt.sh
*.brandfetch.io Amazon RSA 2048 M02	`2024-06-22` - `2025-07-21`	a year	crt.sh
freeiconspng.com Sectigo RSA Domain Validation Secure Server CA	`2024-02-12` - `2025-03-13`	a year	crt.sh
ibb.co R10	`2024-06-21` - `2024-09-19`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html
Frame ID: 59DA1C00EEA03DCE07CB80ABE770222C
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Document

Page URL History Show full URLs

https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html Page URL
https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/cdn-cgi/phish-bypass?atok=jtvCkRVCo2k6lF7uhc8StWZGfyxLjpk7Q66TQeg2eGs-172005... HTTP 301
https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

100 %
HTTPS

33 %
IPv6

12
Domains

12
Subdomains

12
IPs

5
Countries

663 kB
Transfer

733 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html Page URL
https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/cdn-cgi/phish-bypass?atok=jtvCkRVCo2k6lF7uhc8StWZGfyxLjpk7Q66TQeg2eGs-1720059331-0.0.1.1-%2Fbtbindex.html HTTP 301
https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK btbindex.html Show response
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/ 4 KB
5 KB 276ms
25ms Document
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

178c50e388674189f0c51ef72c042164260a16a7877694c1a565d4b543cb401e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

CF-RAY: 89db9ba71b161c9b-FRA
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Thu, 04 Jul 2024 02:15:31 GMT
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN

GET
H/1.1 200
OK cf.errors.css
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/cdn-cgi/styles/ 23 KB
5 KB 20ms
19ms Stylesheet
text/css 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
URL: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 04 Jul 2024 02:15:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Fri, 28 Jun 2024 11:25:31 GMT
Server: cloudflare
ETag: W/"667e9dab-5df3"
Transfer-Encoding: chunked
X-Frame-Options: DENY
Content-Type: text/css
Vary: Accept-Encoding
Cache-Control: max-age=7200, public
Connection: keep-alive
CF-RAY: 89db9ba74b341c9b-FRA
Expires: Thu, 04 Jul 2024 04:15:31 GMT

GET
H/1.1 200
OK icon-exclamation.png
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/cdn-cgi/images/ 452 B
889 B 20ms
20ms Image
image/png 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
URL: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/cdn-cgi/styles/cf.errors.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/cdn-cgi/styles/cf.errors.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 04 Jul 2024 02:15:31 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 28 Jun 2024 11:25:31 GMT
Server: cloudflare
ETag: "667e9dab-1c4"
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: max-age=7200, public
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 89db9ba77b481c9b-FRA
Content-Length: 452
Expires: Thu, 04 Jul 2024 04:15:31 GMT

GET
H/1.1 404
Not Found favicon.ico
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/ 27 KB
27 KB 519ms
519ms Other
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 04 Jul 2024 02:15:32 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 89db9ba7fb9b1c9b-FRA
Content-Length: 27150
Vary: Accept-Encoding
Content-Type: text/html

GET
H/1.1

200
OK

Primary Request btbindex.html Show response
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/
Redirect Chain

https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/cdn-cgi/phish-bypass?atok=jtvCkRVCo2k6lF7uhc8StWZGfyxLjpk7Q66TQeg2eGs-1720059331-0.0.1.1-%2Fbtbindex.html
https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html

15 KB
15 KB

498ms
498ms

Document
text/html

2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 32a03b1f31120036d5edda46317f39625b3a5d6797f68aba201d61c35e70ec2b

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Accept-Ranges: bytes
CF-RAY: 89db9bbe18ac1c9b-FRA
Connection: keep-alive
Content-Length: 15317
Content-Type: text/html
Date: Thu, 04 Jul 2024 02:15:35 GMT
ETag: "499806126b7c9b6ec4a0c3bde0bfc548"
Last-Modified: Fri, 29 Dec 2023 12:29:17 GMT
Server: cloudflare
Vary: Accept-Encoding

Redirect headers

CF-RAY: 89db9bbdf8921c9b-FRA
Cache-Control: private, no-cache
Connection: keep-alive
Content-Length: 167
Content-Type: text/html
Date: Thu, 04 Jul 2024 02:15:35 GMT
Location: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html
Server: cloudflare
X-Content-Type-Options: nosniff
X-Frame-Options: DENY

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ 87 KB
31 KB 71ms
18ms Script
text/javascript 2a00:1450:4001:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
URL: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 14:13:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 561706
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31017
x-xss-protection: 0
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Jun 2025 14:13:49 GMT

GET
H2 200 adobe-acrobat-reader-logo-0.png
logodownload.org/wp-content/uploads/2021/05/ 165 KB
165 KB 746ms
538ms Image
image/png 104.26.6.17
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://logodownload.org/wp-content/uploads/2021/05/adobe-acrobat-reader-logo-0.png
Requested by: Host: pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
URL: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6884be73e0381139216b8c8956f134c05d1db6c303360311eaa1586eec21843e

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:15:36 GMT
cf-cache-status: MISS
last-modified: Wed, 12 May 2021 15:12:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3PIkuUQz6KlBZqXnx5iDq%2FSkLa9DG9ZL7zreGp6HcPq1Ga14wx1TeqObM925axIAtDd%2FOFmakVIHSFSK7O5M%2B05ZBJLwZc5KXrZavCcWyH3GowIojpqmPIGyarTfPxLXEvI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 89db9bc2891991e1-FRA
content-length: 168488

GET
H2 200 1101px-Microsoft_Office_Outlook_%282018%E2%80%93present%29.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/d/df/Microsoft_Office_Outlook_%282018%E2%80%93present%29.svg/ 55 KB
56 KB 263ms
50ms Image
image/png 2a02:ec80:300:ed1a::2:b
WIKIMEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://upload.wikimedia.org/wikipedia/commons/thumb/d/df/Microsoft_Office_Outlook_%282018%E2%80%93present%29.svg/1101px-Microsoft_Office_Outlook_%282018%E2%80%93present%29.svg.png

Requested by

Host: pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
URL: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:ec80:300:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US),

Reverse DNS

Software

ATS/9.1.4 /

Resource Hash

7da1d67ed07d6954c2ada89dc274ad9eb209f5aa2bc9b3f7692ca5ace7949e2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Jul 2024 15:18:54 GMT
x-content-type-options: nosniff
age: 39401
x-cache-status: hit-front
x-cache: cp3079 miss, cp3079 hit/18
content-disposition: inline;filename*=UTF-8''Microsoft_Office_Outlook_%282018%E2%80%93present%29.svg.png
server-timing: cache;desc="hit-front", host;desc="cp3079"
content-length: 56818
x-client-ip: 2001:1b60:2:240:3247::8
last-modified: Sun, 23 Jun 2024 07:59:24 GMT
server: ATS/9.1.4
etag: 26a7c1bc443b8cee58f00edb6828a297
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
accept-ranges: bytes
timing-allow-origin: *

GET
H3 200 office-365-icon-microsoft-office-logo-11563405007przwxfunpr.png
toppng.com/public/uploads/thumbnail/ 17 KB
17 KB 155ms
41ms Image
image/png 104.21.233.157
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://toppng.com/public/uploads/thumbnail/office-365-icon-microsoft-office-logo-11563405007przwxfunpr.png

Requested by

Host: pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
URL: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.233.157 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25f90a4f798d4bec59d1bd5a52ca0faab1890b4f226db6bf7902f22f6ab4eb56

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:15:36 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 17132
last-modified: Wed, 17 Jul 2019 23:10:13 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dEtBX68J72Dvlfl7ajE9TG%2Fsg9ZNvF3by12o%2FnHxmq43Zh5aPUvETFgM3R8%2B40OGHU%2FdbwOfJIaL8In2df0mDgVSByDxO%2BxCiiOi37XLgBpmHGmbcSsq8Sna7tge"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=9984600
accept-ranges: bytes
cf-ray: 89db9bc29f7d9b51-FRA
expires: Fri, 04 Jul 2025 02:15:36 GMT

GET
H3 200 rackspace-logo-0D6979FEF6-seeklogo.com.png
seeklogo.com/images/R/ 7 KB
8 KB 149ms
35ms Image
image/png 172.67.190.76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seeklogo.com/images/R/rackspace-logo-0D6979FEF6-seeklogo.com.png

Requested by

Host: pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
URL: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.190.76 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6659cedf0baa76ed974eb4cf410285964e8491e5db8b6621be5308033ad12515

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:15:36 GMT
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: MISS
x-permitted-cross-domain-policies: none
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 7485
x-xss-protection: 1; mode=block
last-modified: Sat, 26 Nov 2022 17:24:36 GMT
server: cloudflare
etag: "1d901bbf4b2bf3d"
x-download-options: noopen
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gfC8Ub9genCOYeZP0lHrbV0i%2B4SlwXbfL6ptKxVOfHF%2BCP5VFRYjjmkvLxqU1yRGoldxqtaC9P5ZdE7JnI0Lj5IPf35j2PUhqGdExoP%2Bf10uaX%2FReDLE1nnuk%2Ff3TKE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
cf-ray: 89db9bc298136997-FRA

GET
H/1.1 200
OK 716-7162953_aol-logo-png.png
www.kindpng.com/picc/b/ 29 KB
28 KB 983ms
611ms Image
image/png 66.29.143.149
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.kindpng.com/picc/b/716-7162953_aol-logo-png.png
Requested by: Host: pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
URL: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 66.29.143.149 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: mail.kindpng.com
Software: nginx/1.14.0 /
Resource Hash: 3626bc98f1df5f582c8c378e5e159ee21f2512ce2cb5cae4b2ac9f27ba85f547

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 04 Jul 2024 02:15:36 GMT
Content-Encoding: gzip
Last-Modified: Sat, 10 Dec 2022 12:35:05 GMT
Server: nginx/1.14.0
ETag: W/"63947cf9-7217"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: image/png
Connection: keep-alive

GET
H3 200 yahoo-y-vector-logo-download-free-11574118306iiwnvlzexj.png
toppng.com/public/uploads/thumbnail/ 10 KB
10 KB 152ms
40ms Image
image/png 104.21.233.157
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://toppng.com/public/uploads/thumbnail/yahoo-y-vector-logo-download-free-11574118306iiwnvlzexj.png

Requested by

Host: pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
URL: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.233.157 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3d49fb3952dd8ed34b05555cffd0921e2797c21314571fc1e4bc0b5aa4bbd32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:15:36 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 10118
last-modified: Mon, 18 Nov 2019 23:05:06 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=exK39mf7CYtpPZ3xtW%2F87dmPc6bOk2rH66yepgSP0l1t0Jmpz7iN8%2FrUxP4DQ%2FVoxSXdWDjOjYcBm%2FYtfreS0qfXkYalAkMzine4KbgL3mRLGHys%2BMoCXgwed7w6"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=9984600
accept-ranges: bytes
cf-ray: 89db9bc29f7c9b51-FRA
expires: Fri, 04 Jul 2025 02:15:36 GMT

GET
H2 200 aduser.svg
controlpanel.serverdata.net/content/images/icons/custom/ 1 KB
2 KB 1606ms
152ms Image
image/svg+xml 199.193.204.233
AS-INTERMEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://controlpanel.serverdata.net/content/images/icons/custom/aduser.svg

Requested by

Host: pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
URL: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

199.193.204.233 , United States, ASN16406 (AS-INTERMEDIA, US),

Reverse DNS

serverdata.net

Software

Microsoft-IIS/10.0 / ASP.NET, ARR/3.0

Resource Hash

36f53d513f4ade6962ea9b5342113dfb07037c5c22252338ebecc6d20d4dd11e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 04 Jul 2024 02:15:37 GMT
last-modified: Tue, 18 Jun 2024 20:41:46 GMT
server: Microsoft-IIS/10.0
etag: "0e162efbfc1da1:0"
x-powered-by: ASP.NET, ARR/3.0
x-frame-options: SAMEORIGIN
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
content-type: image/svg+xml
cache-control: max-age=172800
accept-ranges: bytes
content-length: 1256

GET
H2 200 owa.png
www.in2tech.com.au/wp-content/uploads/2019/01/ 41 KB
41 KB 2139ms
285ms Image
image/png 103.146.112.110
HOST-AS-AP Host U...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.in2tech.com.au/wp-content/uploads/2019/01/owa.png
Requested by: Host: pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
URL: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 103.146.112.110 , Australia, ASN136557 (HOST-AS-AP Host Universal Pty Ltd, AU),
Reverse DNS: cp52.hosting-cloud.net
Software: nginx /
Resource Hash: 74f5a3fbfa87ce7333aefde497bc7bff81c5e1aaa21d2a7fd93dd0847ddc15f4

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:15:37 GMT
last-modified: Mon, 11 Feb 2019 00:27:10 GMT
server: nginx
etag: "a26e-5c60c15e-bfd3c44315819b92;;;"
vary: User-Agent
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 41582
expires: Thu, 11 Jul 2024 02:15:37 GMT

GET
H2 200 idDUrfzUIn.png
asset.brandfetch.io/idu0JRNI4Q/ 18 KB
18 KB 549ms
417ms Image
image/png 2600:9000:2670:be00:e:7f4a:8900:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://asset.brandfetch.io/idu0JRNI4Q/idDUrfzUIn.png

Requested by

Host: pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
URL: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2670:be00:e:7f4a:8900:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

263b489226d5de00389be959a3d5fe4ddbd6c4e21b39fd01d218252f406dc91b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:15:37 GMT
via: 1.1 43b9d5592d1dc6a44adc7ebaaf183280.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P9
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 17931
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 19 Jun 2023 08:19:03 GMT
server: AmazonS3
etag: "5c81f81264f99d63f5621123da7eba4f"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: -ytBd9GX5H-ojRW1HcCjtzA235hEmdrYgkLMphClpE54aQfNa2P3Rw==

GET
H2 200 webmail-icon-15.png
www.freeiconspng.com/uploads/ 45 KB
45 KB 156ms
43ms Image
image/png 144.76.109.178
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.freeiconspng.com/uploads/webmail-icon-15.png
Requested by: Host: pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
URL: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.109.178 Hamm, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.178.109.76.144.clients.your-server.de
Software: nginx /
Resource Hash: f7af6ac19feb9a23cdfd1a06dd6d48aec7aab1b91370c4a84ba9b59ab60e214c

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:15:36 GMT
last-modified: Tue, 14 Mar 2017 23:16:09 GMT
server: nginx
etag: "b392-54ab903572040"
content-type: image/png
cache-control: max-age=3600, no-cache, must-revalidate
accept-ranges: bytes
content-length: 45970
expires: Thu, 04 Jul 2024 03:15:36 GMT

GET
H2 200 GoDaddy_Logo_-_The_GO.svg
upload.wikimedia.org/wikipedia/commons/d/da/ 3 KB
2 KB 241ms
134ms Image
image/svg+xml 2a02:ec80:300:ed1a::2:b
WIKIMEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://upload.wikimedia.org/wikipedia/commons/d/da/GoDaddy_Logo_-_The_GO.svg

Requested by

Host: pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
URL: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:ec80:300:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US),

Reverse DNS

Software

envoy /

Resource Hash

0fb9ee73f361cabd6f4fb132f2d5eb5e8eeb74474fcbd975f8c8208530be9e39

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:15:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
x-cache-status: miss
x-cache: cp3079 miss, cp3079 miss
server-timing: cache;desc="miss", host;desc="cp3079"
x-client-ip: 2001:1b60:2:240:3247::8
x-object-meta-sha1base36: jawgt7shpgxoh9c5t0arap5zb58g6y5
last-modified: Sun, 21 Aug 2022 12:55:31 GMT
server: envoy
etag: W/a3419a7babc6604800eb39cbf7dbe79a
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 blurred-bg.jpg
i.ibb.co/cg5XSyS/ 186 KB
187 KB 502ms
357ms Image
image/jpeg 162.19.58.156
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.ibb.co/cg5XSyS/blurred-bg.jpg
Requested by: Host: pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
URL: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.19.58.156 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3096358.ip-162-19-58.eu
Software: nginx /
Resource Hash: ccfcc08bcc47330678dfa3ae89b38381deea22a86af8b765d41616ad8cec3c3b

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:15:36 GMT
last-modified: Wed, 13 Jul 2022 02:13:33 GMT
server: nginx
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 190875
expires: Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/	1970-01-20 21:49:05	Name: __cf_mw_byp Value: jtvCkRVCo2k6lF7uhc8StWZGfyxLjpk7Q66TQeg2eGs-1720059331-0.0.1.1-/btbindex.html

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)
recommendation	verbose	URL: https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
asset.brandfetch.io
controlpanel.serverdata.net
i.ibb.co
logodownload.org
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
seeklogo.com
toppng.com
upload.wikimedia.org
www.freeiconspng.com
www.in2tech.com.au
www.kindpng.com
103.146.112.110
104.21.233.157
104.26.6.17
144.76.109.178
162.19.58.156
172.67.190.76
199.193.204.233
2600:9000:2670:be00:e:7f4a:8900:93a1
2606:4700::6812:223
2a00:1450:4001:81d::200a
2a02:ec80:300:ed1a::2:b
66.29.143.149
0fb9ee73f361cabd6f4fb132f2d5eb5e8eeb74474fcbd975f8c8208530be9e39
178c50e388674189f0c51ef72c042164260a16a7877694c1a565d4b543cb401e
25f90a4f798d4bec59d1bd5a52ca0faab1890b4f226db6bf7902f22f6ab4eb56
263b489226d5de00389be959a3d5fe4ddbd6c4e21b39fd01d218252f406dc91b
32a03b1f31120036d5edda46317f39625b3a5d6797f68aba201d61c35e70ec2b
3626bc98f1df5f582c8c378e5e159ee21f2512ce2cb5cae4b2ac9f27ba85f547
36f53d513f4ade6962ea9b5342113dfb07037c5c22252338ebecc6d20d4dd11e
6659cedf0baa76ed974eb4cf410285964e8491e5db8b6621be5308033ad12515
6884be73e0381139216b8c8956f134c05d1db6c303360311eaa1586eec21843e
74f5a3fbfa87ce7333aefde497bc7bff81c5e1aaa21d2a7fd93dd0847ddc15f4
7da1d67ed07d6954c2ada89dc274ad9eb209f5aa2bc9b3f7692ca5ace7949e2d
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66
ccfcc08bcc47330678dfa3ae89b38381deea22a86af8b765d41616ad8cec3c3b
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f3d49fb3952dd8ed34b05555cffd0921e2797c21314571fc1e4bc0b5aa4bbd32
f7af6ac19feb9a23cdfd1a06dd6d48aec7aab1b91370c4a84ba9b59ab60e214c
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev Open in urlscan Pro 2606:4700::6812:223 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

100 %HTTPS

33 %IPv6

12 Domains

12 Subdomains

12 IPs

5 Countries

663 kBTransfer

733 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

1 Cookies

2 Console Messages

Security Headers

Indicators

pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev Open in urlscan Pro
2606:4700::6812:223 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

33 %
IPv6

12
Domains

12
Subdomains

12
IPs

5
Countries

663 kB
Transfer

733 kB
Size

1
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!