pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
Open in
urlscan Pro
2606:4700::6812:223
Malicious Activity!
Public Scan
Submission: On July 04 via automatic, source phishtank — Scanned from DE
Summary
TLS certificate: Issued by E1 on June 3rd 2024. Valid for: 3 months.
This is the only time pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 6 | 2606:4700::68... 2606:4700::6812:223 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:81d::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 104.26.6.17 104.26.6.17 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a02:ec80:300... 2a02:ec80:300:ed1a::2:b | 14907 (WIKIMEDIA) (WIKIMEDIA) | |
2 | 104.21.233.157 104.21.233.157 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 172.67.190.76 172.67.190.76 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 66.29.143.149 66.29.143.149 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 | 199.193.204.233 199.193.204.233 | 16406 (AS-INTERM...) (AS-INTERMEDIA) | |
1 | 103.146.112.110 103.146.112.110 | 136557 (HOST-AS-A...) (HOST-AS-AP Host Universal Pty Ltd) | |
1 | 2600:9000:267... 2600:9000:2670:be00:e:7f4a:8900:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 144.76.109.178 144.76.109.178 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 | 162.19.58.156 162.19.58.156 | 16276 (OVH) (OVH) | |
18 | 12 |
ASN13335 (CLOUDFLARENET, US)
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev |
ASN16406 (AS-INTERMEDIA, US)
PTR: serverdata.net
controlpanel.serverdata.net |
ASN136557 (HOST-AS-AP Host Universal Pty Ltd, AU)
PTR: cp52.hosting-cloud.net
www.in2tech.com.au |
ASN24940 (HETZNER-AS, DE)
PTR: static.178.109.76.144.clients.your-server.de
www.freeiconspng.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
r2.dev
1 redirects
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev |
53 KB |
2 |
toppng.com
toppng.com — Cisco Umbrella Rank: 298114 |
28 KB |
2 |
wikimedia.org
upload.wikimedia.org — Cisco Umbrella Rank: 3915 |
58 KB |
1 |
ibb.co
i.ibb.co — Cisco Umbrella Rank: 10821 |
187 KB |
1 |
freeiconspng.com
www.freeiconspng.com — Cisco Umbrella Rank: 168484 |
45 KB |
1 |
brandfetch.io
asset.brandfetch.io — Cisco Umbrella Rank: 142011 |
18 KB |
1 |
in2tech.com.au
www.in2tech.com.au |
41 KB |
1 |
serverdata.net
controlpanel.serverdata.net |
2 KB |
1 |
kindpng.com
www.kindpng.com — Cisco Umbrella Rank: 196641 |
28 KB |
1 |
seeklogo.com
seeklogo.com — Cisco Umbrella Rank: 111930 |
8 KB |
1 |
logodownload.org
logodownload.org — Cisco Umbrella Rank: 175075 |
165 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 469 |
31 KB |
18 | 12 |
Domain | Requested by | |
---|---|---|
6 | pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev |
1 redirects
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
|
2 | toppng.com |
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
|
2 | upload.wikimedia.org |
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
|
1 | i.ibb.co |
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
|
1 | www.freeiconspng.com |
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
|
1 | asset.brandfetch.io |
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
|
1 | www.in2tech.com.au |
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
|
1 | controlpanel.serverdata.net |
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
|
1 | www.kindpng.com |
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
|
1 | seeklogo.com |
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
|
1 | logodownload.org |
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
|
1 | ajax.googleapis.com |
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
|
18 | 12 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.r2.dev E1 |
2024-06-03 - 2024-09-01 |
3 months | crt.sh |
upload.video.google.com WR2 |
2024-06-13 - 2024-09-05 |
3 months | crt.sh |
logodownload.org GTS CA 1P5 |
2024-05-15 - 2024-08-13 |
3 months | crt.sh |
*.wikipedia.org DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2023-10-18 - 2024-10-16 |
a year | crt.sh |
toppng.com GTS CA 1P5 |
2024-05-29 - 2024-08-27 |
3 months | crt.sh |
seeklogo.com E1 |
2024-05-29 - 2024-08-27 |
3 months | crt.sh |
kindpng.com R3 |
2024-05-16 - 2024-08-14 |
3 months | crt.sh |
*.serverdata.net GeoTrust TLS RSA CA G1 |
2023-08-01 - 2024-08-31 |
a year | crt.sh |
in2tech.com.au E6 |
2024-06-17 - 2024-09-15 |
3 months | crt.sh |
*.brandfetch.io Amazon RSA 2048 M02 |
2024-06-22 - 2025-07-21 |
a year | crt.sh |
freeiconspng.com Sectigo RSA Domain Validation Secure Server CA |
2024-02-12 - 2025-03-13 |
a year | crt.sh |
ibb.co R10 |
2024-06-21 - 2024-09-19 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html
Frame ID: 59DA1C00EEA03DCE07CB80ABE770222C
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
DocumentPage URL History Show full URLs
- https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html Page URL
-
https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/cdn-cgi/phish-bypass?atok=jtvCkRVCo2k6lF7uhc8StWZGfyxLjpk7Q66TQeg2eGs-172005...
HTTP 301
https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html Page URL
-
https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/cdn-cgi/phish-bypass?atok=jtvCkRVCo2k6lF7uhc8StWZGfyxLjpk7Q66TQeg2eGs-1720059331-0.0.1.1-%2Fbtbindex.html
HTTP 301
https://pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/btbindex.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
btbindex.html
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/ |
4 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cf.errors.css
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/cdn-cgi/styles/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-exclamation.png
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/cdn-cgi/images/ |
452 B 889 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/ |
27 KB 27 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
btbindex.html
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/ Redirect Chain
|
15 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adobe-acrobat-reader-logo-0.png
logodownload.org/wp-content/uploads/2021/05/ |
165 KB 165 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1101px-Microsoft_Office_Outlook_%282018%E2%80%93present%29.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/d/df/Microsoft_Office_Outlook_%282018%E2%80%93present%29.svg/ |
55 KB 56 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
office-365-icon-microsoft-office-logo-11563405007przwxfunpr.png
toppng.com/public/uploads/thumbnail/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
rackspace-logo-0D6979FEF6-seeklogo.com.png
seeklogo.com/images/R/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
716-7162953_aol-logo-png.png
www.kindpng.com/picc/b/ |
29 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
yahoo-y-vector-logo-download-free-11574118306iiwnvlzexj.png
toppng.com/public/uploads/thumbnail/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aduser.svg
controlpanel.serverdata.net/content/images/icons/custom/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owa.png
www.in2tech.com.au/wp-content/uploads/2019/01/ |
41 KB 41 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
idDUrfzUIn.png
asset.brandfetch.io/idu0JRNI4Q/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webmail-icon-15.png
www.freeiconspng.com/uploads/ |
45 KB 45 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
GoDaddy_Logo_-_The_GO.svg
upload.wikimedia.org/wikipedia/commons/d/da/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
blurred-bg.jpg
i.ibb.co/cg5XSyS/ |
186 KB 187 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| event object| fence object| sharedStorage function| $ function| jQuery function| showForm function| closeForm function| callPhp1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev/ | Name: __cf_mw_byp Value: jtvCkRVCo2k6lF7uhc8StWZGfyxLjpk7Q66TQeg2eGs-1720059331-0.0.1.1-/btbindex.html |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
asset.brandfetch.io
controlpanel.serverdata.net
i.ibb.co
logodownload.org
pub-5a13fac9dd20472fa33b3a70ca4dce24.r2.dev
seeklogo.com
toppng.com
upload.wikimedia.org
www.freeiconspng.com
www.in2tech.com.au
www.kindpng.com
103.146.112.110
104.21.233.157
104.26.6.17
144.76.109.178
162.19.58.156
172.67.190.76
199.193.204.233
2600:9000:2670:be00:e:7f4a:8900:93a1
2606:4700::6812:223
2a00:1450:4001:81d::200a
2a02:ec80:300:ed1a::2:b
66.29.143.149
0fb9ee73f361cabd6f4fb132f2d5eb5e8eeb74474fcbd975f8c8208530be9e39
178c50e388674189f0c51ef72c042164260a16a7877694c1a565d4b543cb401e
25f90a4f798d4bec59d1bd5a52ca0faab1890b4f226db6bf7902f22f6ab4eb56
263b489226d5de00389be959a3d5fe4ddbd6c4e21b39fd01d218252f406dc91b
32a03b1f31120036d5edda46317f39625b3a5d6797f68aba201d61c35e70ec2b
3626bc98f1df5f582c8c378e5e159ee21f2512ce2cb5cae4b2ac9f27ba85f547
36f53d513f4ade6962ea9b5342113dfb07037c5c22252338ebecc6d20d4dd11e
6659cedf0baa76ed974eb4cf410285964e8491e5db8b6621be5308033ad12515
6884be73e0381139216b8c8956f134c05d1db6c303360311eaa1586eec21843e
74f5a3fbfa87ce7333aefde497bc7bff81c5e1aaa21d2a7fd93dd0847ddc15f4
7da1d67ed07d6954c2ada89dc274ad9eb209f5aa2bc9b3f7692ca5ace7949e2d
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66
ccfcc08bcc47330678dfa3ae89b38381deea22a86af8b765d41616ad8cec3c3b
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f3d49fb3952dd8ed34b05555cffd0921e2797c21314571fc1e4bc0b5aa4bbd32
f7af6ac19feb9a23cdfd1a06dd6d48aec7aab1b91370c4a84ba9b59ab60e214c
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e