![](/screenshots/1a21a226-6d91-497c-bbea-9231351e6f29.png)
1devie2o.pages.dev
Open in
urlscan Pro
2606:4700:310c::ac42:2f24
Malicious Activity!
Private Scan
Effective URL: https://1devie2o.pages.dev/?5eed73f951f394=%2Fe09852838439a39d4accaa40930b524fd2c92049ed9b0cfbaa9339b4e80d0004%2Fc2hhMzg0Nz...
Submission: On December 02 via api from DE — Scanned from DE
Summary
TLS certificate: Issued by E1 on November 6th 2022. Valid for: 3 months.
This is the only time 1devie2o.pages.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OneDrive (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 2606:4700:310... 2606:4700:310c::ac42:2f24 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700:303... 2606:4700:3037::6815:3eea | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700::68... 2606:4700::6810:5614 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2001:4860:480... 2001:4860:4802:36::36 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:831::200a | 15169 (GOOGLE) (GOOGLE) | |
8 | 185.143.233.5 185.143.233.5 | 205585 (ARVANCLOU...) (ARVANCLOUD-CDN-) | |
3 | 2a00:1450:400... 2a00:1450:4001:808::2003 | 15169 (GOOGLE) (GOOGLE) | |
25 | 9 |
ASN13335 (CLOUDFLARENET, US)
onedrive_js_loader.rukkibospa5287.workers.dev |
ASN15169 (GOOGLE, US)
us-central1-cloud-app-php-mysql.cloudfunctions.net |
ASN205585 (ARVANCLOUD-CDN-, IR)
jmtech.s3.ir-thr-at1.arvanstorage.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
arvanstorage.com
jmtech.s3.ir-thr-at1.arvanstorage.com |
113 KB |
4 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 203 |
69 KB |
3 |
gstatic.com
fonts.gstatic.com |
47 KB |
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 37 |
3 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 381 |
3 KB |
2 |
workers.dev
onedrive_js_loader.rukkibospa5287.workers.dev |
98 KB |
2 |
pages.dev
1devie2o.pages.dev |
2 KB |
1 |
cloudfunctions.net
us-central1-cloud-app-php-mysql.cloudfunctions.net |
363 B |
25 | 8 |
Domain | Requested by | |
---|---|---|
8 | jmtech.s3.ir-thr-at1.arvanstorage.com |
1devie2o.pages.dev
jmtech.s3.ir-thr-at1.arvanstorage.com |
4 | cdnjs.cloudflare.com |
onedrive_js_loader.rukkibospa5287.workers.dev
1devie2o.pages.dev |
3 | fonts.gstatic.com |
fonts.googleapis.com
|
2 | fonts.googleapis.com |
1devie2o.pages.dev
|
2 | cdn.jsdelivr.net |
onedrive_js_loader.rukkibospa5287.workers.dev
|
2 | onedrive_js_loader.rukkibospa5287.workers.dev |
1devie2o.pages.dev
|
2 | 1devie2o.pages.dev |
1devie2o.pages.dev
|
1 | us-central1-cloud-app-php-mysql.cloudfunctions.net |
1devie2o.pages.dev
|
25 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.1devie2o.pages.dev E1 |
2022-11-06 - 2023-02-04 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-03-23 - 2023-03-22 |
a year | crt.sh |
misc.google.com GTS CA 1C3 |
2022-11-02 - 2023-01-25 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-11-02 - 2023-01-25 |
3 months | crt.sh |
*.s3.ir-thr-at1.arvanstorage.com Sectigo RSA Domain Validation Secure Server CA |
2022-09-19 - 2023-10-02 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-11-02 - 2023-01-25 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://1devie2o.pages.dev/?5eed73f951f394=%2Fe09852838439a39d4accaa40930b524fd2c92049ed9b0cfbaa9339b4e80d0004%2Fc2hhMzg0NzY4OTgyNzI3NDAxMTAxMTA3D%2FbWQ1NTUzNjMxOTQ5NzMwMTY5MjA3D%2Fc2hhMzg0NzY4OTgyNzI3NDAxMTAxMTA3D&auth=620779104795207100000&aqs=NDg1NTk0NzI0NjQ1NzcxNTAwMDAwdW5kZWZpbmVk&access=MTA2MDg2NDA2MTc0NTAwMTgwMDAw&q=NDg1NTk0NzI0NjQ1NzcxNTAwMDAwdW5kZWZpbmVk&loc=MzA2ODU5NTExNjc2Mjk4OTAwMDAwMjM1OTk0NzM0NTQ2ODM4MTYwMDAw5eed73f94ed048
Frame ID: 51C5D3FB5C4F06B7D6E7D8CA2811BF02
Requests: 25 HTTP requests in this frame
Screenshot
![](/screenshots/1a21a226-6d91-497c-bbea-9231351e6f29.png)
Page Title
Microsoft OneDrivePage URL History Show full URLs
- https://1devie2o.pages.dev/ Page URL
- https://1devie2o.pages.dev/?5eed73f951f394=%2Fe09852838439a39d4accaa40930b524fd2c92049ed9b0cfbaa9339b4e... Page URL
Detected technologies
![](/vendor/wappa/icons/Font Awesome.png)
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
![](/vendor/wappa/icons/Google Font API.png)
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Detected patterns
- [^a-z]mtc.*\.js
Detected patterns
- <link [^>]*?href="?[a-z]*?:?//cdn\.statically\.io/
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://1devie2o.pages.dev/ Page URL
- https://1devie2o.pages.dev/?5eed73f951f394=%2Fe09852838439a39d4accaa40930b524fd2c92049ed9b0cfbaa9339b4e80d0004%2Fc2hhMzg0NzY4OTgyNzI3NDAxMTAxMTA3D%2FbWQ1NTUzNjMxOTQ5NzMwMTY5MjA3D%2Fc2hhMzg0NzY4OTgyNzI3NDAxMTAxMTA3D&auth=620779104795207100000&aqs=NDg1NTk0NzI0NjQ1NzcxNTAwMDAwdW5kZWZpbmVk&access=MTA2MDg2NDA2MTc0NTAwMTgwMDAw&q=NDg1NTk0NzI0NjQ1NzcxNTAwMDAwdW5kZWZpbmVk&loc=MzA2ODU5NTExNjc2Mjk4OTAwMDAwMjM1OTk0NzM0NTQ2ODM4MTYwMDAw5eed73f94ed048 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
1devie2o.pages.dev/ |
386 B 828 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
onedrive_js_loader.rukkibospa5287.workers.dev/ |
184 KB 49 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ |
87 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js.cookie.min.js
cdn.jsdelivr.net/npm/js-cookie@3.0.1/dist/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
check-real
us-central1-cloud-app-php-mysql.cloudfunctions.net/ |
15 B 363 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
21 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
st.css
jmtech.s3.ir-thr-at1.arvanstorage.com/oneD/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
font-awesome.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ |
37 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aStyle.css
jmtech.s3.ir-thr-at1.arvanstorage.com/oneD/ |
37 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OneDrive_logo_and_wordmark.svg
jmtech.s3.ir-thr-at1.arvanstorage.com/oneD/ |
10 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
/
1devie2o.pages.dev/ |
386 B 800 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
b.jpg
jmtech.s3.ir-thr-at1.arvanstorage.com/oneD/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
onedrive_js_loader.rukkibospa5287.workers.dev/ |
184 KB 49 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ |
87 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
js.cookie.min.js
cdn.jsdelivr.net/npm/js-cookie@3.0.1/dist/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
css2
fonts.googleapis.com/ |
21 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
st.css
jmtech.s3.ir-thr-at1.arvanstorage.com/oneD/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
font-awesome.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ |
37 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aStyle.css
jmtech.s3.ir-thr-at1.arvanstorage.com/oneD/ |
37 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OneDrive_logo_and_wordmark.svg
jmtech.s3.ir-thr-at1.arvanstorage.com/oneD/ |
10 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b.jpg
jmtech.s3.ir-thr-at1.arvanstorage.com/oneD/ |
47 KB 48 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
out.png
jmtech.s3.ir-thr-at1.arvanstorage.com/oneD/ |
39 KB 40 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- jmtech.s3.ir-thr-at1.arvanstorage.com
- URL
- https://jmtech.s3.ir-thr-at1.arvanstorage.com/oneD/b.jpg
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OneDrive (Online)57 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| $ function| jQuery object| Cookies function| LANGUAGE_CHANGE function| set_random_url function| params_exits function| rnd function| uniqId function| sha_256 function| hash function| setPath function| set_cookies function| reload function| is_pages function| redirectToUnknown function| IsActive function| _0x4271 function| is_username function| is_email function| _0x4ab3 function| moveAhead function| is_firstTimeOnly function| loader function| base64decode function| domain_check function| has_cookie function| _0x176c function| updateOUT function| api function| YAFocus function| YAKeydown function| YAFocusout function| YASubmit function| changeToggle function| updateA function| updateY function| YAsubmit_form function| _0x35a0 function| continue___function function| sendOutYA function| completed function| returnTheValue function| native_implementation function| continue__function function| LReload function| _0x129d function| _0x371d function| reading function| continue_function function| submit_now function| MAsubmit_form function| sendOut function| LFocusOut function| OUTSubmit function| updateM function| MOSubmit0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
1devie2o.pages.dev
cdn.jsdelivr.net
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
jmtech.s3.ir-thr-at1.arvanstorage.com
onedrive_js_loader.rukkibospa5287.workers.dev
us-central1-cloud-app-php-mysql.cloudfunctions.net
jmtech.s3.ir-thr-at1.arvanstorage.com
185.143.233.5
2001:4860:4802:36::36
2606:4700:3037::6815:3eea
2606:4700:310c::ac42:2f24
2606:4700::6810:5614
2606:4700::6811:190e
2a00:1450:4001:808::2003
2a00:1450:4001:831::200a
1288911bfaabb27f0a203e3c5b91a82de48cac928f9419926df2573c5f55acf9
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
454cdb6835fdd7d4dfcadd5e7f221e0b1715fdfb8c7d93023cc5786b0daa37e2
589ff2656c09384c597389f41863dc92a6aa8ee8808438729aa82e0f88f3cd6c
5994a7f245ba0cee200c8568737c4c88ca1dba742b4564d727d2041f7c98a9bd
5fe991e3985f36c957bc2a0b9a212052210b988b5536059e5fe8544a5104eb19
71df9a46ebc3452ca2699abd6bcc5caf20bc3f023570a6823d6af5b170942d02
8c155b6abea40585acce93148ee6d45319136dc6dc417aa6a9c482cb7fb848fe
93cacbb2f74c55645024c9823873891b4633146a9f6f61c8be080d72924fd0b8
9913abb0a7c2bef9cadd14d8b45aee2a2e597f079594946bf8a2c4742a3aa185
ae9cc64390a76c779bd0da29fcff4dd063438985d6f9c331c3b984534dd5e6cf
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
d07dcdbb3ddaba0dda7d56d496cbb5d8fbb1bdadc23f812126d3c4c6ab39e158
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e