pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev Open in urlscan Pro
2606:4700::6812:323 Malicious Activity! Private Scan

Go To Rescan
Add Verdict Report

URL:
https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/randdannu.htm
Submission: On April 23 via api (April 23rd 2024, 5:00:43 am UTC) from DE — Scanned from DE

Summary HTTP 12 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 12 HTTP transactions. The main IP is 2606:4700::6812:323, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev.
TLS certificate: Issued by E1 on April 5th 2024. Valid for: 3 months.

This is the only time pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 9	2606:4700::68... 2606:4700::6812:323	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	104.16.144.15 104.16.144.15	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	3

9 2606:4700::6812:323 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.16.144.15 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn01.boxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	r2.dev 1 redirects pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev	128 KB
4	boxcdn.net cdn01.boxcdn.net — Cisco Umbrella Rank: 10926	122 KB
12	2

	Domain	Requested by
9	pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev	1 redirects pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev cdn01.boxcdn.net
4	cdn01.boxcdn.net	pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev
12	2

This site contains links to these domains. Also see Links.

Domain
www.box.com

Subject Issuer	Validity	Valid
*.r2.dev E1	`2024-04-05` - `2024-07-04`	3 months	crt.sh
cdn01.boxcdn.net E1	`2024-04-12` - `2024-07-11`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/randdannu.htm
Frame ID: EDC11B0416EF15A40FD25091D78D08DB
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/randdannu.htm Page URL
https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/cdn-cgi/phish-bypass?atok=rfbYOPUX6FQS0FvfB0JpiV0o0TSCZ5sPioM4xu._4Wc-171384... HTTP 301
https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/randdannu.htm Page URL

Page Statistics

12
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

250 kB
Transfer

519 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.box.com/home

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/randdannu.htm Page URL
https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/cdn-cgi/phish-bypass?atok=rfbYOPUX6FQS0FvfB0JpiV0o0TSCZ5sPioM4xu._4Wc-1713848434-0.0.1.1-%2Franddannu.htm HTTP 301
https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/randdannu.htm Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK randdannu.htm Show response
pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/ 4 KB
5 KB 54ms
11ms Document
text/html 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/randdannu.htm

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0966fed2adfcbbe4890d5f7591605490635b0257bc64c503944f79c20c3a37ab

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

CF-RAY: 878b4a68af0e4d91-FRA
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Tue, 23 Apr 2024 05:00:34 GMT
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN

GET
H/1.1 200
OK cf.errors.css
pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/cdn-cgi/styles/ 23 KB
5 KB 9ms
9ms Stylesheet
text/css 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev
URL: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/randdannu.htm

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/randdannu.htm
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 23 Apr 2024 05:00:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 16 Apr 2024 15:45:04 GMT
Server: cloudflare
ETag: W/"661e9d00-5df3"
Transfer-Encoding: chunked
X-Frame-Options: DENY
Content-Type: text/css
Vary: Accept-Encoding
Cache-Control: max-age=7200, public
Connection: keep-alive
CF-RAY: 878b4a68bf1f4d91-FRA
Expires: Tue, 23 Apr 2024 07:00:34 GMT

GET
H/1.1 200
OK icon-exclamation.png
pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/cdn-cgi/images/ 452 B
889 B 8ms
8ms Image
image/png 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev
URL: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/cdn-cgi/styles/cf.errors.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/cdn-cgi/styles/cf.errors.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 23 Apr 2024 05:00:34 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 16 Apr 2024 15:45:04 GMT
Server: cloudflare
ETag: "661e9d00-1c4"
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: max-age=7200, public
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 878b4a68df314d91-FRA
Content-Length: 452
Expires: Tue, 23 Apr 2024 07:00:34 GMT

GET
H/1.1 404
Not Found favicon.ico
pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/ 27 KB
27 KB 599ms
599ms Other
text/html 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/randdannu.htm
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 23 Apr 2024 05:00:34 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 878b4a68ff584d91-FRA
Content-Length: 27242
Vary: Accept-Encoding
Content-Type: text/html

GET
H/1.1

200
OK

Primary Request randdannu.htm Show response
pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/
Redirect Chain

https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/cdn-cgi/phish-bypass?atok=rfbYOPUX6FQS0FvfB0JpiV0o0TSCZ5sPioM4xu._4Wc-1713848434-0.0.1.1-%2Franddannu.htm
https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/randdannu.htm

10 KB
10 KB

989ms
989ms

Document
text/html

2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/randdannu.htm
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: acfc7a296235b1e723cb0b7f3f20aff00ed90a1e2a42dc895adcad5d72fe9cd5

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/randdannu.htm
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Accept-Ranges: bytes
CF-RAY: 878b4a7f8a284d91-FRA
Connection: keep-alive
Content-Length: 10334
Content-Type: text/html
Date: Tue, 23 Apr 2024 05:00:38 GMT
ETag: "d06c30b7fc5a532af952b45c9922a2ee"
Last-Modified: Sat, 30 Dec 2023 21:58:37 GMT
Server: cloudflare
Vary: Accept-Encoding

Redirect headers

CF-RAY: 878b4a7f7a1e4d91-FRA
Cache-Control: private, no-cache
Connection: keep-alive
Content-Length: 167
Content-Type: text/html
Date: Tue, 23 Apr 2024 05:00:37 GMT
Location: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/randdannu.htm
Server: cloudflare
X-Content-Type-Options: nosniff
X-Frame-Options: DENY

GET
H2 200 login-e9b270f3b1.css
cdn01.boxcdn.net/webapp_assets/login/css/ 109 KB
39 KB 69ms
30ms Stylesheet
text/css 104.16.144.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn01.boxcdn.net/webapp_assets/login/css/login-e9b270f3b1.css

Requested by

Host: pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev
URL: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/randdannu.htm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.144.15 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4dc9e1e369b16d691bbdef68f95f851e6a042b8c2427f8fb748f940ab25c7768

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 05:00:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
cf-cache-status: HIT
x-goog-meta-goog-reserved-file-mtime: 1693558442
age: 70739
x-guploader-uploadid: ABPtcPo5jfSxvjsN2eDWwFMfiqbKkQgvg9r1qnaU1Mdo_I6R4-HjxEh4tHVAE3KiYRzz4R9kfeh6PwqaoA
x-goog-storage-class: STANDARD
x-goog-metageneration: 4
x-goog-stored-content-encoding: gzip
content-length: 38811
last-modified: Wed, 23 Aug 2023 12:53:45 GMT
server: cloudflare
etag: "c468d4e3443578114b016d5c9b38424d"
vary: Accept-Encoding
x-goog-generation: 1692795224979809
content-type: text/css
access-control-allow-origin: *
x-goog-hash: crc32c=5rnm4A==, md5=xGjU40Q1eBFLAW1cmzhCTQ==
access-control-expose-headers: Content-Encoding, Content-Length
cache-control: public,max-age=315360000,immutable
x-goog-stored-content-length: 38811
accept-ranges: bytes
cf-ray: 878b4a85f88d4db3-FRA
expires: Tue, 22 Apr 2025 09:21:39 GMT

GET
H2 200 login-dd5e003969.min.js Show response
cdn01.boxcdn.net/webapp_assets/login/js/ 263 KB
82 KB 360ms
321ms Script
application/javascript 104.16.144.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn01.boxcdn.net/webapp_assets/login/js/login-dd5e003969.min.js

Requested by

Host: pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev
URL: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/randdannu.htm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.144.15 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b08fadd752d3eeb3e857f1e67688c6f7f8407c396325ad0a459a93ef77806d9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 05:00:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
cf-cache-status: MISS
x-goog-meta-goog-reserved-file-mtime: 1693558442
x-guploader-uploadid: ABPtcPo5JSs-i9giJGiyX4JeVbIkai_cRIt9Vh6I6n5xBMV64kH_ZRCMIdi5et3vGkeeR8lxSZ5sEpGrPQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 4
x-goog-stored-content-encoding: gzip
content-length: 83347
last-modified: Wed, 23 Aug 2023 12:53:45 GMT
server: cloudflare
etag: "6522ae11fb628d055afc52adcd9adc6b"
vary: Accept-Encoding
x-goog-generation: 1692795225025860
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=l+aAKg==, md5=ZSKuEftijQVa/FKtzZrcaw==
access-control-expose-headers: Content-Encoding, Content-Length
cache-control: public,max-age=315360000,immutable
x-goog-stored-content-length: 83347
accept-ranges: bytes
cf-ray: 878b4a85f88e4db3-FRA
expires: Wed, 23 Apr 2025 05:00:38 GMT

GET
DATA 200
OK truncated Show response
/ 49 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43d5dc022838b859f9754723c1c61dfc5074ebafda61a31175bdfef1cf0e2820

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: text/javascript

GET
H/1.1 404
Not Found gen204 Show response
pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/ 27 KB
27 KB 191ms
191ms XHR
text/html 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/gen204?category=boomerang&event_type=beacon&keys_and_values[current_rm]=amsterdam_login_premium&keys_and_values[datacenterTag]=unknown&keys_and_values[uri]=https%3A%2F%2Fpub-4766015fdf5b413d866c3bdd90c68b40.r2.dev%2Franddannu.htm&&keys_and_values[version]=1&keys_and_values[nt_red_cnt]=1&keys_and_values[nt_nav_type]=0&keys_and_values[nt_nav_st]=1713848437669&keys_and_values[nt_red_st]=1713848437671&keys_and_values[nt_red_end]=1713848437683&keys_and_values[nt_fet_st]=1713848437683&keys_and_values[nt_dns_st]=1713848437683&keys_and_values[nt_dns_end]=1713848437683&keys_and_values[nt_con_st]=1713848437683&keys_and_values[nt_con_end]=1713848437683&keys_and_values[nt_req_st]=1713848437684&keys_and_values[nt_res_st]=1713848438672&keys_and_values[nt_res_end]=1713848438673&keys_and_values[nt_domloading]=1713848438675&keys_and_values[nt_domint]=1713848439075&keys_and_values[nt_domcontloaded_st]=1713848439077&keys_and_values[nt_domcontloaded_end]=1713848439077&keys_and_values[nt_domcomp]=1713848439078&keys_and_values[nt_load_st]=1713848439078&keys_and_values[nt_load_end]=1713848439078&keys_and_values[t_done]=1409&keys_and_values[t_resp]=988&keys_and_values[t_page]=406&runmode_options[splunk]=1&runmode_options[add_geo]=1
Requested by: Host: cdn01.boxcdn.net
URL: https://cdn01.boxcdn.net/webapp_assets/login/js/login-dd5e003969.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/randdannu.htm
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 23 Apr 2024 05:00:39 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 878b4a8848a94d91-FRA
Content-Length: 27242
Vary: Accept-Encoding
Content-Type: text/html

GET
H2 200 favicon-yz-tj-.ico
cdn01.boxcdn.net/_assets/img/favicons/ 1 KB
792 B 16ms
16ms Other
image/vnd.microsoft.icon 104.16.144.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn01.boxcdn.net/_assets/img/favicons/favicon-yz-tj-.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.144.15 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d1ebbd7b88d4b0f748cb8ddc964a1d159268f0831af26f709d692a570168902

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 05:00:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
cf-cache-status: HIT
x-goog-meta-goog-reserved-file-mtime: 1710322412
age: 3504445
x-guploader-uploadid: ABPtcPrpXtYeExgl7l8hUjhWe9vOQ2XV4Xw1UzRfpnCkgk4RjLqcxvyIE77y87BstQ1efABaKB3Dwppa6w
x-goog-storage-class: STANDARD
x-goog-metageneration: 347
x-goog-stored-content-encoding: gzip
last-modified: Wed, 23 Aug 2023 12:56:47 GMT
server: cloudflare
etag: "0b2ec01f6c635da351a5575a4deb5ec3"
vary: Accept-Encoding
x-goog-generation: 1692795407353875
content-type: image/vnd.microsoft.icon
access-control-allow-origin: *
x-goog-hash: crc32c=h0I+IQ==, md5=Cy7AH2xjXaNRpVdaTeteww==
access-control-expose-headers: Content-Encoding, Content-Length
cache-control: public,max-age=315360000,immutable
x-goog-stored-content-length: 487
cf-ray: 878b4a884a9a4db3-FRA
expires: Thu, 13 Mar 2025 15:33:14 GMT

GET
H2 200 favicon-32x32-VwW37b.png
cdn01.boxcdn.net/_assets/img/favicons/ 1 KB
1 KB 16ms
16ms Other
image/png 104.16.144.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn01.boxcdn.net/_assets/img/favicons/favicon-32x32-VwW37b.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.144.15 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0cb9a48421820365ca54fb035dd124b469bd0aea890d59b2ff82572a40529058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 05:00:39 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
x-goog-meta-goog-reserved-file-mtime: 1710322412
age: 3504445
cf-polished: origSize=1675
x-guploader-uploadid: ABPtcPo_uussvXOcBu7xBR-x6Pae6ZI7bQEU0-EN6CIh6REL_bKjIJ_TRUDqR3YZeWrA8wZGgLc
x-goog-storage-class: STANDARD
x-goog-metageneration: 347
x-goog-stored-content-encoding: gzip
cf-bgj: imgq:100,h2pri
last-modified: Wed, 23 Aug 2023 12:56:47 GMT
server: cloudflare
etag: "53ae82af0babf53534575e4e3d079b11"
vary: Accept-Encoding
x-goog-generation: 1692795407321936
content-type: image/png
access-control-allow-origin: *
x-goog-hash: crc32c=qPWp9Q==, md5=U66Crwur9TU0V15OPQebEQ==
access-control-expose-headers: Content-Encoding, Content-Length
cache-control: public,max-age=315360000,immutable
x-goog-stored-content-length: 1523
cf-ray: 878b4a886ab24db3-FRA
expires: Thu, 13 Mar 2025 15:33:14 GMT

GET
H/1.1 404
Not Found gen204 Show response
pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/ 27 KB
27 KB 195ms
195ms XHR
text/html 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/gen204?category=login&event_type=EMAIL_AUTOFILLED_NO&keys_and_values%5BpageType%5D=
Requested by: Host: cdn01.boxcdn.net
URL: https://cdn01.boxcdn.net/webapp_assets/login/js/login-dd5e003969.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/randdannu.htm
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 23 Apr 2024 05:00:39 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 878b4a8989814d91-FRA
Content-Length: 27242
Vary: Accept-Encoding
Content-Type: text/html

GET
H/1.1 404
Not Found gen204 Show response
pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/ 27 KB
27 KB 268ms
251ms XHR
text/html 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/gen204?category=login&event_type=PASSWORD_AUTOFILLED_NO&keys_and_values%5BpageType%5D=
Requested by: Host: cdn01.boxcdn.net
URL: https://cdn01.boxcdn.net/webapp_assets/login/js/login-dd5e003969.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/randdannu.htm
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 23 Apr 2024 05:00:39 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 878b4a899a095d65-FRA
Content-Length: 27242
Vary: Accept-Encoding
Content-Type: text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/	1970-01-20 20:05:34	Name: __cf_mw_byp Value: rfbYOPUX6FQS0FvfB0JpiV0o0TSCZ5sPioM4xu._4Wc-1713848434-0.0.1.1-/randdannu.htm

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)
recommendation	verbose	URL: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/randdannu.htm Message: [DOM] Multiple forms should be contained in their own form elements; break up complex forms into ones that represent a single action: (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/gen204?category=boomerang&event_type=beacon&keys_and_values[current_rm]=amsterdam_login_premium&keys_and_values[datacenterTag]=unknown&keys_and_values[uri]=https%3A%2F%2Fpub-4766015fdf5b413d866c3bdd90c68b40.r2.dev%2Franddannu.htm&&keys_and_values[version]=1&keys_and_values[nt_red_cnt]=1&keys_and_values[nt_nav_type]=0&keys_and_values[nt_nav_st]=1713848437669&keys_and_values[nt_red_st]=1713848437671&keys_and_values[nt_red_end]=1713848437683&keys_and_values[nt_fet_st]=1713848437683&keys_and_values[nt_dns_st]=1713848437683&keys_and_values[nt_dns_end]=1713848437683&keys_and_values[nt_con_st]=1713848437683&keys_and_values[nt_con_end]=1713848437683&keys_and_values[nt_req_st]=1713848437684&keys_and_values[nt_res_st]=1713848438672&keys_and_values[nt_res_end]=1713848438673&keys_and_values[nt_domloading]=1713848438675&keys_and_values[nt_domint]=1713848439075&keys_and_values[nt_domcontloaded_st]=1713848439077&keys_and_values[nt_domcontloaded_end]=1713848439077&keys_and_values[nt_domcomp]=1713848439078&keys_and_values[nt_load_st]=1713848439078&keys_and_values[nt_load_end]=1713848439078&keys_and_values[t_done]=1409&keys_and_values[t_resp]=988&keys_and_values[t_page]=406&runmode_options[splunk]=1&runmode_options[add_geo]=1 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/gen204?category=login&event_type=EMAIL_AUTOFILLED_NO&keys_and_values%5BpageType%5D= Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev/gen204?category=login&event_type=PASSWORD_AUTOFILLED_NO&keys_and_values%5BpageType%5D= Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn01.boxcdn.net
pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev
104.16.144.15
2606:4700::6812:323
0966fed2adfcbbe4890d5f7591605490635b0257bc64c503944f79c20c3a37ab
0cb9a48421820365ca54fb035dd124b469bd0aea890d59b2ff82572a40529058
43d5dc022838b859f9754723c1c61dfc5074ebafda61a31175bdfef1cf0e2820
4dc9e1e369b16d691bbdef68f95f851e6a042b8c2427f8fb748f940ab25c7768
570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499
5d1ebbd7b88d4b0f748cb8ddc964a1d159268f0831af26f709d692a570168902
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
acfc7a296235b1e723cb0b7f3f20aff00ed90a1e2a42dc895adcad5d72fe9cd5
b08fadd752d3eeb3e857f1e67688c6f7f8407c396325ad0a459a93ef77806d9f
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev Open in urlscan Pro 2606:4700::6812:323 Malicious Activity! Private Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

12 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

250 kBTransfer

519 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

1 Cookies

5 Console Messages

Security Headers

Indicators

pub-4766015fdf5b413d866c3bdd90c68b40.r2.dev Open in urlscan Pro
2606:4700::6812:323 Malicious Activity! Private Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

250 kB
Transfer

519 kB
Size

1
Cookies

12 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!