pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev
Open in
urlscan Pro
2606:4700::6812:323
Malicious Activity!
Public Scan
Effective URL: https://pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/blob.html
Submission: On May 24 via api from US — Scanned from DE
Summary
TLS certificate: Issued by E1 on April 5th 2024. Valid for: 3 months.
This is the only time pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 172.67.199.75 172.67.199.75 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6812:323 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a04:4e42:200... 2a04:4e42:200::649 | 54113 (FASTLY) (FASTLY) | |
1 | () () | ||
1 | 104.17.25.14 104.17.25.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 35.247.106.28 35.247.106.28 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
7 | 6 |
ASN13335 (CLOUDFLARENET, US)
pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 28.106.247.35.bc.googleusercontent.com
146bd32e-46b7-45fa-8cdc-8bcfb6d8c3c9-00-3j2e3yvy26mk2.kirk.replit.dev |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 776 |
30 KB |
2 |
r2.dev
pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev |
1 MB |
1 |
replit.dev
146bd32e-46b7-45fa-8cdc-8bcfb6d8c3c9-00-3j2e3yvy26mk2.kirk.replit.dev |
563 B |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 237 |
4 KB |
1 |
trimmer.to
1 redirects
trimmer.to |
649 B |
7 | 5 |
Domain | Requested by | |
---|---|---|
2 | code.jquery.com |
pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev
|
2 | pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev |
pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev
|
1 | 146bd32e-46b7-45fa-8cdc-8bcfb6d8c3c9-00-3j2e3yvy26mk2.kirk.replit.dev |
pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev
|
1 | cdnjs.cloudflare.com |
pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev
|
1 | trimmer.to | 1 redirects |
7 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.r2.dev E1 |
2024-04-05 - 2024-07-04 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
*.kirk.replit.dev R3 |
2024-03-28 - 2024-06-26 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/blob.html
Frame ID: 773EBE4600FC7D4DC58312A07F881F55
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
Login to Customer Portals and Tools | DHL |Page URL History Show full URLs
-
https://trimmer.to/maETy
HTTP 301
https://pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/blob.html Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://trimmer.to/maETy
HTTP 301
https://pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/blob.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
blob.html
pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/ Redirect Chain
|
1 MB 1 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
778acdde-0cd0-48e5-b5f3-d940f13e3533
https://pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/ |
877 KB 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
favicon.ico
pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.min.js
code.jquery.com/ |
87 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.mask.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/ |
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
12 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
88 KB 88 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
12 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
init.php
146bd32e-46b7-45fa-8cdc-8bcfb6d8c3c9-00-3j2e3yvy26mk2.kirk.replit.dev/ |
18 B 563 B |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev
- URL
- https://pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/favicon.ico
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| $jscomp string| timer2 number| interval boolean| Panel function| getCurrentDate function| extractDomain undefined| currentStep object| metaTag string| cspHeaderValue object| forms function| isMobileDevice function| formats function| numberValidation function| formatString number| step1State number| step2State number| step3State number| step4State number| step5State1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
trimmer.to/ | Name: PHPSESSID Value: 7uhnccdqnqef9rum952tm1j5kb |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
146bd32e-46b7-45fa-8cdc-8bcfb6d8c3c9-00-3j2e3yvy26mk2.kirk.replit.dev
cdnjs.cloudflare.com
code.jquery.com
pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev
trimmer.to
pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev
104.17.25.14
172.67.199.75
2606:4700::6812:323
2a04:4e42:200::649
35.247.106.28
13de59fe76f12ec2e11ce3ce08c65b0b749acdbe0ccd0f1af4e74abd1afb5c20
2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995
362bcaa42090e36611031bec6bdaa0600375ef847092cca195c58d3bae9b4419
39b5e1fdc845a00e044f1d5136d4d365e319d79caae542b2abef7e9a7eb7d786
3c02bf93f27a1bc1137730ca2a631d7d7550535847c87059393dd04e76298dd6
5162de2ee844a80d76b7d7514c02ab7d5de72a5966113323d80eb56bf6ded038
5f7192afa468715d41d6dd2a4d6154025142847175fab6a8f026251517fd9bab
76506e128f2b47b7179f5037bd885a1674455ffeb6b5093cdb4c7eefbf436ce8
7983d92d94ac1327a01aae67c2713fef1f541d59ce98cb3b7535b3a69beeb86f
9749654bdfcce79bc06740ed18ce854c5bc56fd419a8d59fc590777ba942105e
a84dbc8da372b792848bd1bc2d854c27ff47dc4e8abb0c309b05eb2a64ac781a
b17e54ae153bfdc622f3b2b5238f6b3b392fdf163daa432caef7c91c07498bda
c734712300e75e6569aa648c9a056edc323db1b942d1cd813c8e2655062b263a
d03e686c6a119aa09d7e08dad100fbcf8092bd4ef3a2a4d43b4c2b122b6ae494
f5545a9ceb3ffc5bad7d6dc5086994fcfdbe6b031217073bfcca83bd5a48f20a
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e