pub-320778df5f504f5389d38ac70216cf19.r2.dev Open in urlscan Pro
104.18.2.35 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pub-320778df5f504f5389d38ac70216cf19.r2.dev/index.html
Submission Tags: @phish_report
Submission: On May 29 via api (May 29th 2024, 6:06:38 am UTC) from FI — Scanned from FI

Summary HTTP 2 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 1 domains to perform 2 HTTP transactions. The main IP is 104.18.2.35, located in and belongs to CLOUDFLARENET, US. The main domain is pub-320778df5f504f5389d38ac70216cf19.r2.dev.
TLS certificate: Issued by E1 on April 5th 2024. Valid for: 3 months.

This is the only time pub-320778df5f504f5389d38ac70216cf19.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
1	104.18.2.35 104.18.2.35		13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2

1 104.18.2.35 (None, )

ASN13335 (CLOUDFLARENET, US)

pub-320778df5f504f5389d38ac70216cf19.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	r2.dev pub-320778df5f504f5389d38ac70216cf19.r2.dev pub-ac7c2ee2784d41ac91a1feef98615b2c.r2.dev Failed	436 B
2	1

	Domain	Requested by
1	pub-320778df5f504f5389d38ac70216cf19.r2.dev
0	pub-ac7c2ee2784d41ac91a1feef98615b2c.r2.dev Failed
2	2

This site contains no links.

Subject Issuer	Validity	Valid
*.r2.dev E1	`2024-04-05` - `2024-07-04`	3 months	crt.sh

This page contains 1 frames:

Frame: https://pub-ac7c2ee2784d41ac91a1feef98615b2c.r2.dev/index.html
Frame ID: 1C21C91433A0B8C2647604943AEC0AD0
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

2
Requests

50 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

2
Countries

0 kB
Transfer

0 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://t.ly/Jivb6 HTTP 302
http://tly.mrusco.com/hogiak HTTP 307
https://tly.mrusco.com/hogiak HTTP 302
https://ma-seok-do.xyz/ HTTP 301
https://ma-dongseok.xyz/ HTTP 307
http://tly.mrusco.com/hogiak HTTP 302
https://ma-seok-do.xyz/ HTTP 301
https://ma-dongseok.xyz/ HTTP 301
https://pub-ac7c2ee2784d41ac91a1feef98615b2c.r2.dev/index.html

2 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.html pub-320778df5f504f5389d38ac70216cf19.r2.dev/	127 B 436 B	1497ms 640ms	Document text/html	104.18.2.35 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pub-320778df5f504f5389d38ac70216cf19.r2.dev/index.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.18.2.35 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Accept-Language fi-FI,fi;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers Accept-Ranges bytes CF-RAY 88b44c5649288d7e-HEL Connection keep-alive Content-Length 127 Content-Type text/html Date Wed, 29 May 2024 06:06:24 GMT ETag "7c40829259dd78a020ea1afb5851dabf" Last-Modified Wed, 01 May 2024 00:33:48 GMT Server cloudflare Vary Accept-Encoding
GET		index.html pub-ac7c2ee2784d41ac91a1feef98615b2c.r2.dev/ Redirect Chain https://t.ly/Jivb6 http://tly.mrusco.com/hogiak https://tly.mrusco.com/hogiak https://ma-seok-do.xyz/ https://ma-dongseok.xyz/ http://tly.mrusco.com/hogiak https://ma-seok-do.xyz/ https://ma-dongseok.xyz/ https://pub-ac7c2ee2784d41ac91a1feef98615b2c.r2.dev/index.html	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pub-ac7c2ee2784d41ac91a1feef98615b2c.r2.dev
URL: https://pub-ac7c2ee2784d41ac91a1feef98615b2c.r2.dev/index.html

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.t.ly/	1970-01-20 21:16:12	Name: XSRF-TOKEN Value: eyJpdiI6IkVsdVB5Qm0zUUJGNXBENlVSNzZBQVE9PSIsInZhbHVlIjoiclJXa2s0VVlGRi9ldVZZcTB3VEN2ZUZPdHhyOTFXZ0ZJQVhOYTAzMTRkZG5XN2l5SVFtQTUydnFZSXM3Ukx0V2F2ZldnM3I1dDdJNUE2MW0yd0RxVld4RHVYTG93Y3UzNXo1SW9LRWIyeitRRHFyN0ptUDJ5UEhpRkY3OWd2VzUiLCJtYWMiOiIzMGUxOWY2MmQ4ZmE5Y2Y1YzZiNGM1NzY2MDRmNWQ2Yjk1ZTVlZjVlYzI1YzY0YmY5MDViNGE4ZjM2NjQyYjYyIiwidGFnIjoiIn0%3D
			.t.ly/	1970-01-20 21:16:12	Name: tly_session Value: eyJpdiI6InNqbEtNVU9Dd3ZwQVRpeTh0aFpOZHc9PSIsInZhbHVlIjoiOXZJclVidFJUN09iOVpRcTA0SVRYYTdCWG1VY3o1MHZwYnE0dGx2TjRRSzA2MjE3azd1WlZ1ZWt3dS9NM2U1bkJVOEdxSEJkeWdPWUxZZE9BNFNTS1F1b1RaenROV1pqODNQVEIwRkdNc1hJSDQyYUE5MFNhUUlNS3dCWlNpWXIiLCJtYWMiOiI0NmI3N2NmODA5OTk5Mjk1OTc1OTcxNDZmMWU0MDcyOTVlYmU0OGE1MTljZDY0M2FjNjFkMGQxZDJkMjQ4MTAyIiwidGFnIjoiIn0%3D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

pub-320778df5f504f5389d38ac70216cf19.r2.dev
pub-ac7c2ee2784d41ac91a1feef98615b2c.r2.dev
pub-ac7c2ee2784d41ac91a1feef98615b2c.r2.dev
104.18.2.35

pub-320778df5f504f5389d38ac70216cf19.r2.dev Open in urlscan Pro 104.18.2.35 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

2 Requests

50 %HTTPS

0 %IPv6

1 Domains

2 Subdomains

2 IPs

2 Countries

0 kBTransfer

0 kBSize

2 Cookies

0 Outgoing links

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

2 Cookies

Indicators

pub-320778df5f504f5389d38ac70216cf19.r2.dev Open in urlscan Pro
104.18.2.35 Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

50 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

2
Countries

0 kB
Transfer

0 kB
Size

2
Cookies

2 HTTP transactions
0 data transactions