![](/screenshots/8943045a-31d3-4410-aa2f-e4dbab90a61c.png)
pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev
Open in
urlscan Pro
2606:4700::6812:323
Malicious Activity!
Private Scan
Submission: On April 23 via api from DE — Scanned from DE
Summary
TLS certificate: Issued by E1 on April 5th 2024. Valid for: 3 months.
This is the only time pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 9 | 2606:4700::68... 2606:4700::6812:323 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 104.16.144.15 104.16.144.15 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
12 | 3 |
ASN13335 (CLOUDFLARENET, US)
pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
r2.dev
1 redirects
pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev |
128 KB |
4 |
boxcdn.net
cdn01.boxcdn.net — Cisco Umbrella Rank: 10926 |
122 KB |
12 | 2 |
Domain | Requested by | |
---|---|---|
9 | pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev |
1 redirects
pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev
cdn01.boxcdn.net |
4 | cdn01.boxcdn.net |
pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev
|
12 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.box.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.r2.dev E1 |
2024-04-05 - 2024-07-04 |
3 months | crt.sh |
cdn01.boxcdn.net E1 |
2024-04-12 - 2024-07-11 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/randdannu.htm
Frame ID: EDC11B0416EF15A40FD25091D78D08DB
Requests: 13 HTTP requests in this frame
Screenshot
![](/screenshots/8943045a-31d3-4410-aa2f-e4dbab90a61c.png)
Page URL History Show full URLs
- https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/randdannu.htm Page URL
-
https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/cdn-cgi/phish-bypass?atok=rfbYOPUX6FQS0FvfB0JpiV0o0TSCZ5sPioM4xu._4Wc-171384...
HTTP 301
https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/randdannu.htm Page URL
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/randdannu.htm Page URL
-
https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/cdn-cgi/phish-bypass?atok=rfbYOPUX6FQS0FvfB0JpiV0o0TSCZ5sPioM4xu._4Wc-1713848434-0.0.1.1-%2Franddannu.htm
HTTP 301
https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/randdannu.htm Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
randdannu.htm
pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/ |
4 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cf.errors.css
pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/cdn-cgi/styles/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-exclamation.png
pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/cdn-cgi/images/ |
452 B 889 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/ |
27 KB 27 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
randdannu.htm
pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/ Redirect Chain
|
10 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-e9b270f3b1.css
cdn01.boxcdn.net/webapp_assets/login/css/ |
109 KB 39 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-dd5e003969.min.js
cdn01.boxcdn.net/webapp_assets/login/js/ |
263 KB 82 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
49 B 0 |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gen204
pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/ |
27 KB 27 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon-yz-tj-.ico
cdn01.boxcdn.net/_assets/img/favicons/ |
1 KB 792 B |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon-32x32-VwW37b.png
cdn01.boxcdn.net/_assets/img/favicons/ |
1 KB 1 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gen204
pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/ |
27 KB 27 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gen204
pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/ |
27 KB 27 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $t function| $ function| jQuery function| P object| Box function| moment object| Resin1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/ | Name: __cf_mw_byp Value: rfbYOPUX6FQS0FvfB0JpiV0o0TSCZ5sPioM4xu._4Wc-1713848434-0.0.1.1-/randdannu.htm |
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn01.boxcdn.net
pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev
104.16.144.15
2606:4700::6812:323
0966fed2adfcbbe4890d5f7591605490635b0257bc64c503944f79c20c3a37ab
0cb9a48421820365ca54fb035dd124b469bd0aea890d59b2ff82572a40529058
43d5dc022838b859f9754723c1c61dfc5074ebafda61a31175bdfef1cf0e2820
4dc9e1e369b16d691bbdef68f95f851e6a042b8c2427f8fb748f940ab25c7768
570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499
5d1ebbd7b88d4b0f748cb8ddc964a1d159268f0831af26f709d692a570168902
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
acfc7a296235b1e723cb0b7f3f20aff00ed90a1e2a42dc895adcad5d72fe9cd5
b08fadd752d3eeb3e857f1e67688c6f7f8407c396325ad0a459a93ef77806d9f
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016