pub-320778df5f504f5389d38ac70216cf19.r2.dev
Open in
urlscan Pro
104.18.2.35
Public Scan
Submission Tags: @phish_report
Submission: On May 29 via api from FI — Scanned from FI
Summary
TLS certificate: Issued by E1 on April 5th 2024. Valid for: 3 months.
This is the only time pub-320778df5f504f5389d38ac70216cf19.r2.dev was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 104.18.2.35 104.18.2.35 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
1 |
r2.dev
pub-320778df5f504f5389d38ac70216cf19.r2.dev pub-ac7c2ee2784d41ac91a1feef98615b2c.r2.dev Failed |
436 B |
2 | 1 |
Domain | Requested by | |
---|---|---|
1 | pub-320778df5f504f5389d38ac70216cf19.r2.dev | |
0 | pub-ac7c2ee2784d41ac91a1feef98615b2c.r2.dev Failed | |
2 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.r2.dev E1 |
2024-04-05 - 2024-07-04 |
3 months | crt.sh |
This page contains 1 frames:
Frame:
https://pub-ac7c2ee2784d41ac91a1feef98615b2c.r2.dev/index.html
Frame ID: 1C21C91433A0B8C2647604943AEC0AD0
Requests: 2 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://t.ly/Jivb6 HTTP 302
- http://tly.mrusco.com/hogiak HTTP 307
- https://tly.mrusco.com/hogiak HTTP 302
- https://ma-seok-do.xyz/ HTTP 301
- https://ma-dongseok.xyz/ HTTP 307
- http://tly.mrusco.com/hogiak HTTP 302
- https://ma-seok-do.xyz/ HTTP 301
- https://ma-dongseok.xyz/ HTTP 301
- https://pub-ac7c2ee2784d41ac91a1feef98615b2c.r2.dev/index.html
2 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
pub-320778df5f504f5389d38ac70216cf19.r2.dev/ |
127 B 436 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
index.html
pub-ac7c2ee2784d41ac91a1feef98615b2c.r2.dev/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- pub-ac7c2ee2784d41ac91a1feef98615b2c.r2.dev
- URL
- https://pub-ac7c2ee2784d41ac91a1feef98615b2c.r2.dev/index.html
Verdicts & Comments Add Verdict or Comment
0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.t.ly/ | Name: XSRF-TOKEN Value: eyJpdiI6IkVsdVB5Qm0zUUJGNXBENlVSNzZBQVE9PSIsInZhbHVlIjoiclJXa2s0VVlGRi9ldVZZcTB3VEN2ZUZPdHhyOTFXZ0ZJQVhOYTAzMTRkZG5XN2l5SVFtQTUydnFZSXM3Ukx0V2F2ZldnM3I1dDdJNUE2MW0yd0RxVld4RHVYTG93Y3UzNXo1SW9LRWIyeitRRHFyN0ptUDJ5UEhpRkY3OWd2VzUiLCJtYWMiOiIzMGUxOWY2MmQ4ZmE5Y2Y1YzZiNGM1NzY2MDRmNWQ2Yjk1ZTVlZjVlYzI1YzY0YmY5MDViNGE4ZjM2NjQyYjYyIiwidGFnIjoiIn0%3D |
|
.t.ly/ | Name: tly_session Value: eyJpdiI6InNqbEtNVU9Dd3ZwQVRpeTh0aFpOZHc9PSIsInZhbHVlIjoiOXZJclVidFJUN09iOVpRcTA0SVRYYTdCWG1VY3o1MHZwYnE0dGx2TjRRSzA2MjE3azd1WlZ1ZWt3dS9NM2U1bkJVOEdxSEJkeWdPWUxZZE9BNFNTS1F1b1RaenROV1pqODNQVEIwRkdNc1hJSDQyYUE5MFNhUUlNS3dCWlNpWXIiLCJtYWMiOiI0NmI3N2NmODA5OTk5Mjk1OTc1OTcxNDZmMWU0MDcyOTVlYmU0OGE1MTljZDY0M2FjNjFkMGQxZDJkMjQ4MTAyIiwidGFnIjoiIn0%3D |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
pub-320778df5f504f5389d38ac70216cf19.r2.dev
pub-ac7c2ee2784d41ac91a1feef98615b2c.r2.dev
pub-ac7c2ee2784d41ac91a1feef98615b2c.r2.dev
104.18.2.35