pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev Open in urlscan Pro
104.18.2.35 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://app.idashboard.com.au/campaigns/redirect/12966406122938f06385a340585b7f30a2ed4a7/2737136/https://janetyoung.nl/kk/Ac29...
Effective URL:
https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html
Submission: On November 08 via manual (November 8th 2023, 11:30:07 am UTC) from PT — Scanned from AU

Summary HTTP 22 Redirects Behaviour Indicators

Summary

This website contacted 11 IPs in 4 countries across 14 domains to perform 22 HTTP transactions. The main IP is 104.18.2.35, located in and belongs to CLOUDFLARENET, US. The main domain is pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev.
TLS certificate: Issued by E1 on October 11th 2023. Valid for: 3 months.

This is the only time pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	54.206.132.46 54.206.132.46	16509 (AMAZON-02) (AMAZON-02)
1 1	69.49.245.172 69.49.245.172	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
1	104.18.2.35 104.18.2.35	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.18.11.207 104.18.11.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.66.202 142.250.66.202	15169 (GOOGLE) (GOOGLE)
1	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	172.217.167.100 172.217.167.100	15169 (GOOGLE) (GOOGLE)
1	142.250.204.4 142.250.204.4	15169 (GOOGLE) (GOOGLE)
1	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
1	142.250.66.234 142.250.66.234	15169 (GOOGLE) (GOOGLE)
1 1	195.23.69.231 195.23.69.231	2860 (NOS_COMUN...) (NOS_COMUNICACOES)
1	23.55.242.147 23.55.242.147	() ()
1	172.217.167.68 172.217.167.68	15169 (GOOGLE) (GOOGLE)
1	104.74.57.233 104.74.57.233	() ()
22	11

1 54.206.132.46 (Sydney, Australia) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-206-132-46.ap-southeast-2.compute.amazonaws.com

app.idashboard.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.49.245.172 (United States) 1 redirects

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 69-49-245-172.webhostbox.net

janetyoung.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.2.35 (None, )

ASN13335 (CLOUDFLARENET, US)

pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.11.207 (None, )

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.66.202 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s23-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.167.100 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: syd09s17-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.204.4 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f4.1e100.net

t3.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.137 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.66.234 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd15s15-in-f10.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.23.69.231 (Braga, Portugal) 1 redirects

ASN2860 (NOS_COMUNICACOES, PT)
PTR: 195-23-69-231.static.net.novis.pt

solverde.pt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.55.242.147 (None, )

ASN- ()

www.solverde.pt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.167.68 (United States)

ASN15169 (GOOGLE, US)
PTR: syd15s06-in-f4.1e100.net

t1.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.74.57.233 (None, )

ASN- ()

cdn.safecharge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1137 stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2914	50 KB
2	solverde.pt 1 redirects solverde.pt — Cisco Umbrella Rank: 493017 www.solverde.pt	27 KB
2	gstatic.com t3.gstatic.com t1.gstatic.com	2 KB
2	google.com 2 redirects www.google.com — Cisco Umbrella Rank: 2	429 B
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31 ajax.googleapis.com — Cisco Umbrella Rank: 364	31 KB
1	safecharge.com cdn.safecharge.com	3 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 762	24 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 223	7 KB
1	r2.dev pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev	180 KB
1	janetyoung.nl 1 redirects janetyoung.nl	293 B
1	idashboard.com.au 1 redirects app.idashboard.com.au	581 B
0	azure.com Failed js.monitor.azure.com Failed
0	fontawesome.com Failed kit.fontawesome.com Failed
0	mytehranmusic.ru Failed mytehranmusic.ru Failed
22	14

	Domain	Requested by
2	www.google.com	2 redirects
2	maxcdn.bootstrapcdn.com	pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
1	cdn.safecharge.com	www.solverde.pt
1	t1.gstatic.com	pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
1	www.solverde.pt	pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev www.solverde.pt
1	solverde.pt	1 redirects
1	stackpath.bootstrapcdn.com	pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
1	ajax.googleapis.com	pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
1	code.jquery.com	pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
1	t3.gstatic.com	pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
1	cdnjs.cloudflare.com	pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
1	fonts.googleapis.com	pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
1	pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
1	janetyoung.nl	1 redirects
1	app.idashboard.com.au	1 redirects
0	js.monitor.azure.com Failed	www.solverde.pt
0	kit.fontawesome.com Failed	www.solverde.pt
0	mytehranmusic.ru Failed	pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
22	18

This site contains no links.

Subject Issuer	Validity	Valid
*.r2.dev E1	`2023-10-11` - `2024-01-09`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-12-30` - `2023-12-30`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
*.solverde.pt DigiCert TLS RSA SHA256 2020 CA1	`2023-02-11` - `2024-02-14`	a year	crt.sh
*.safecharge.com DigiCert TLS RSA SHA256 2020 CA1	`2023-09-05` - `2024-09-04`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html
Frame ID: 3F5AF08F1658650B66769D1A6E91046A
Requests: 12 HTTP requests in this frame

Frame: https://www.solverde.pt/
Frame ID: 38A387733F7070A2FC534EB3E0CD2179
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Mail

Page URL History Show full URLs

https://app.idashboard.com.au/campaigns/redirect/12966406122938f06385a340585b7f30a2ed4a7/2737136/https://j... HTTP 302
https://janetyoung.nl/kk/Ac29sdmVyZGVAc29sdmVyZGUucHQ= HTTP 302
https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/popper\.js/([0-9.]+)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

22
Requests

45 %
HTTPS

0 %
IPv6

14
Domains

18
Subdomains

11
IPs

4
Countries

323 kB
Transfer

1690 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://app.idashboard.com.au/campaigns/redirect/12966406122938f06385a340585b7f30a2ed4a7/2737136/https://janetyoung.nl/kk/Ac29sdmVyZGVAc29sdmVyZGUucHQ= HTTP 302
https://janetyoung.nl/kk/Ac29sdmVyZGVAc29sdmVyZGUucHQ= HTTP 302
https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://www.google.com/s2/favicons?sz=64&domain_url=cpanel.com HTTP 301
https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://cpanel.com&size=64

Request Chain 10

https://solverde.pt/ HTTP 301
https://www.solverde.pt/

Request Chain 11

https://www.google.com/s2/favicons?sz=64&domain_url=solverde.pt HTTP 301
https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://solverde.pt&size=64

22 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request index.html Show response
pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/
Redirect Chain

https://app.idashboard.com.au/campaigns/redirect/12966406122938f06385a340585b7f30a2ed4a7/2737136/https://janetyoung.nl/kk/Ac29sdmVyZGVAc29sdmVyZGUucHQ=
https://janetyoung.nl/kk/Ac29sdmVyZGVAc29sdmVyZGUucHQ=
https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html

1 MB
180 KB

408ms
374ms

Document
text/html

104.18.2.35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.2.35 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48a2d0e992570be3f7a2ed11a95d279d2d607e1e86329835daae45e8c0d6270a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

CF-RAY: 822d7b420f9f5721-SYD
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Wed, 08 Nov 2023 11:30:01 GMT
ETag: W/"8dbd575bb8dd79b8879a0f5b63d31259"
Last-Modified: Tue, 07 Nov 2023 17:13:34 GMT
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding

Redirect headers

Connection: Keep-Alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Wed, 08 Nov 2023 11:29:59 GMT
Keep-Alive: timeout=5, max=100
Location: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html#c29sdmVyZGVAc29sdmVyZGUucHQ=
Server: Apache

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ 141 KB
22 KB 26ms
12ms Stylesheet
text/css 104.18.11.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

Requested by

Host: pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
URL: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 11:30:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 517
age: 1094480
cdn-cachedat: 10/29/2021 09:04:47
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
server: cloudflare
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 1fe2af26056d45b3b9554c0dc68fd24d
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 822d7b466b9ea96d-SYD
cdn-requestpullsuccess: True

GET
H2 200 css
fonts.googleapis.com/ 1 KB
903 B 195ms
96ms Stylesheet
text/css 142.250.66.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Archivo+Narrow&display=swap

Requested by

Host: pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
URL: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.202 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s23-in-f10.1e100.net

Software

ESF /

Resource Hash

ad5f1ca3a94cebd89d45b7cf6a963a535bf28144862cffa3a41a31540f7a409f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 08 Nov 2023 11:30:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 08 Nov 2023 11:16:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 08 Nov 2023 11:30:01 GMT

GET css2.css
mytehranmusic.ru/.oce/ 0
0

GET
DATA 200
OK truncated
/ 117 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2fe895ccd96f92fc9649a1a2ff7fd8b44dc9ec1f0d9464c0e43b823b892e6094

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H2 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ 19 KB
7 KB 782ms
11ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

Requested by

Host: pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
URL: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Wed, 08 Nov 2023 11:30:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 55984
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 6157
last-modified: Mon, 04 May 2020 16:15:37 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fa9-4af4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iFxYCHBJDQ4UBGJw%2BI1C9c29gvoYOZLn0dDrPI9D%2FZY2m%2BWJ1HebVkWvBMLYce0%2B1isJAYGfBP5Li7tRmPw1SFAS59uxS2x16WM2X6fcgdVdk8PEdfLUZl%2BNMJH%2F7usrDLBLr9lE"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 822d7b4b3cbbaaf9-SYD
expires: Mon, 28 Oct 2024 11:30:02 GMT

GET
H2

200

faviconV2
t3.gstatic.com/
Redirect Chain

https://www.google.com/s2/favicons?sz=64&domain_url=cpanel.com
https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://cpanel.com&size=64

534 B
1 KB

215ms
106ms

Image
image/png

142.250.204.4
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://cpanel.com&size=64

Requested by

Host: pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
URL: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html

Protocol

Server

142.250.204.4 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f4.1e100.net

Software

sffe /

Resource Hash

1f1961d76b621894ec3261101300423548ce53681fb62c15a2a05a8ac8a5604f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 11:30:02 GMT
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 534
x-xss-protection: 0
last-modified: Fri, 08 Dec 2017 03:28:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-location: https://cpanel.net/wp-content/themes/cPbase/assets/img/apple-touch-icon.png
expires: Wed, 15 Nov 2023 11:30:02 GMT

Redirect headers

date: Wed, 08 Nov 2023 11:30:02 GMT
x-content-type-options: nosniff
server: sffe
content-type: text/html; charset=UTF-8
location: https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://cpanel.com&size=64
cache-control: public, max-age=1800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 330
x-xss-protection: 0
expires: Wed, 08 Nov 2023 12:00:02 GMT

GET
H2 200 jquery-3.2.1.slim.min.js Show response
code.jquery.com/ 68 KB
24 KB 1213ms
151ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.2.1.slim.min.js
Requested by: Host: pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
URL: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

Request headers

Referer: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Wed, 08 Nov 2023 11:30:02 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 4539202
x-cache: HIT, HIT
content-length: 23856
x-served-by: cache-lga21963-LGA, cache-bfi-krnt7300088-BFI
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1699443002.478493,VS0,VE0
etag: W/"28feccc0-10fdd"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 12, 22508

GET
H2 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ 48 KB
13 KB 11ms
10ms Script
application/javascript 104.18.11.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

Requested by

Host: pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
URL: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Wed, 08 Nov 2023 11:30:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 1001
age: 1026088
cdn-cachedat: 10/01/2022 01:42:47
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: W/"14d449eb8876fa55e1ef3c2cc52b0c17"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: f1b35a507a27ac9c79c5cd36b356838d
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 822d7b466ba7a96d-SYD
cdn-requestpullsuccess: True

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 84 KB
30 KB 859ms
3ms Script
text/javascript 142.250.66.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

Requested by

Host: pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
URL: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.234 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s15-in-f10.1e100.net

Software

sffe /

Resource Hash

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Wed, 01 Nov 2023 21:05:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 570295
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30028
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Oct 2024 21:05:07 GMT

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ 50 KB
14 KB 16ms
10ms Script
application/javascript 104.18.11.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

Requested by

Host: pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
URL: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Wed, 08 Nov 2023 11:30:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 852
age: 1105120
cdn-cachedat: 11/06/2022 20:25:53
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-proxyver: 1.03
cdn-requestpullcode: 200
server: cloudflare
etag: W/"67176c242e1bdc20603c878dee836df3"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 9a5433488a7ff8494ccd27f0421ec1e9
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 822d7b467bb2a96d-SYD
cdn-requestpullsuccess: True

GET
H2

200

/ Show response
www.solverde.pt/ Frame 38A3
Redirect Chain

https://solverde.pt/
https://www.solverde.pt/

101 KB
27 KB

3070ms
2424ms

Document
text/html

23.55.242.147

General

Check archive.org

Show headers Download Go to

Full URL

https://www.solverde.pt/

Requested by

Host: pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
URL: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.55.242.147 -, , ASN (),

Reverse DNS

Software

server /

Resource Hash

eb1b488ecfde4d2554007d8e2a3e7073a58f7ec293af43674a92dfdd0089661d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

akamai-cache-status: Miss from child, Miss from parent
cache-control: max-age=3600
content-encoding: gzip
content-length: 27106
content-type: text/html; charset=UTF-8
date: Wed, 08 Nov 2023 11:30:07 GMT
delegate-ch: sec-ch-ua-full-version-list https://login.solverde.pt; sec-ch-ua-model https://login.solverde.pt; sec-ch-ua-platform https://login.solverde.pt; sec-ch-ua-platform-version https://login.solverde.pt; sec-ch-ua-mobile https://login.solverde.pt
etag: W/"654a787c-1926b"
expires: Wed, 08 Nov 2023 12:30:07 GMT
last-modified: Tue, 07 Nov 2023 17:48:44 GMT
server: server
strict-transport-security: max-age=31536000
vary: Accept-Encoding

Redirect headers

content-length: 232
content-type: text/html; charset=iso-8859-1
date: Wed, 08 Nov 2023 11:30:03 GMT
location: https://www.solverde.pt/
server: Apache

GET
H2

200

faviconV2
t1.gstatic.com/
Redirect Chain

https://www.google.com/s2/favicons?sz=64&domain_url=solverde.pt
https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://solverde.pt&size=64

791 B
1 KB

521ms
111ms

Image
image/png

172.217.167.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://solverde.pt&size=64

Requested by

Host: pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
URL: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html

Protocol

Server

172.217.167.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s06-in-f4.1e100.net

Software

sffe /

Resource Hash

0f1ddaa5573110e52c8ead5707a8349bd913af57f1da2d57a782aeffe5c61739

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 11:30:03 GMT
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 791
x-xss-protection: 0
last-modified: Tue, 14 Dec 2021 13:57:51 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-location: https://www.solverde.pt/favicons/favicon-76.png?t=1696441052742
expires: Wed, 15 Nov 2023 11:30:03 GMT

Redirect headers

date: Wed, 08 Nov 2023 11:30:02 GMT
x-content-type-options: nosniff
server: sffe
content-type: text/html; charset=UTF-8
location: https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://solverde.pt&size=64
cache-control: public, max-age=1800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 331
x-xss-protection: 0
expires: Wed, 08 Nov 2023 12:00:02 GMT

GET
H2 200 sc_applepay.min.js Show response
cdn.safecharge.com/safecharge_resources/v1/ Frame 38A3 7 KB
3 KB 398ms
6ms Script
application/javascript 104.74.57.233

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.safecharge.com/safecharge_resources/v1/sc_applepay.min.js
Requested by: Host: www.solverde.pt
URL: https://www.solverde.pt/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.74.57.233 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3db846a8e258dae8a22af14c0f1414974bbc9cd051a85359fb90eb76f9107a67

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.solverde.pt/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 11:30:07 GMT
content-encoding: gzip
last-modified: Mon, 23 Oct 2023 06:04:37 GMT
etag: "65360cf5-1bba"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin
cache-control: max-age=86400
accept-ranges: bytes
content-length: 2656

GET style.raw.css
www.solverde.pt/solverde_solverde-theme/css/ Frame 38A3 0
0

GET bundle.css
www.solverde.pt/solverde_solverde-theme/js/app-out/ Frame 38A3 0
0

GET custom-variables.css
www.solverde.pt/solverde_solverde-theme/css/ Frame 38A3 0
0

GET fluidable.css
www.solverde.pt/library/new_layout_assets/imports/ Frame 38A3 0
0

GET sv-icons.css
www.solverde.pt/library/new_layout_assets/imports/ Frame 38A3 0
0

GET design_system.css
www.solverde.pt/library/new_layout_assets/imports/ Frame 38A3 0
0

GET f79228a033.js
kit.fontawesome.com/ Frame 38A3 0
0

GET bundle.js
www.solverde.pt/solverde_solverde-theme/js/app-out/ Frame 38A3 0
0

GET ai.2.min.js
js.monitor.azure.com/scripts/b/ Frame 38A3 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: mytehranmusic.ru
URL: https://mytehranmusic.ru/.oce/css2.css

Domain: www.solverde.pt
URL: https://www.solverde.pt/solverde_solverde-theme/css/style.raw.css?t=1697635164

Domain: www.solverde.pt
URL: https://www.solverde.pt/solverde_solverde-theme/js/app-out/bundle.css?t=1697635166

Domain: www.solverde.pt
URL: https://www.solverde.pt/solverde_solverde-theme/css/custom-variables.css?t=1699379323898

Domain: www.solverde.pt
URL: https://www.solverde.pt/library/new_layout_assets/imports/fluidable.css

Domain: www.solverde.pt
URL: https://www.solverde.pt/library/new_layout_assets/imports/sv-icons.css

Domain: www.solverde.pt
URL: https://www.solverde.pt/library/new_layout_assets/imports/design_system.css

Domain: kit.fontawesome.com
URL: https://kit.fontawesome.com/f79228a033.js

Domain: www.solverde.pt
URL: https://www.solverde.pt/solverde_solverde-theme/js/app-out/bundle.js?t=1697635162

Domain: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/b/ai.2.min.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
javascript	warning	URL: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.2.1.slim.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://mytehranmusic.ru/.oce/css2.css Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
app.idashboard.com.au
cdn.safecharge.com
cdnjs.cloudflare.com
code.jquery.com
fonts.googleapis.com
janetyoung.nl
js.monitor.azure.com
kit.fontawesome.com
maxcdn.bootstrapcdn.com
mytehranmusic.ru
pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
solverde.pt
stackpath.bootstrapcdn.com
t1.gstatic.com
t3.gstatic.com
www.google.com
www.solverde.pt
js.monitor.azure.com
kit.fontawesome.com
mytehranmusic.ru
www.solverde.pt
104.17.25.14
104.18.11.207
104.18.2.35
104.74.57.233
142.250.204.4
142.250.66.202
142.250.66.234
151.101.130.137
172.217.167.100
172.217.167.68
195.23.69.231
23.55.242.147
54.206.132.46
69.49.245.172
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0f1ddaa5573110e52c8ead5707a8349bd913af57f1da2d57a782aeffe5c61739
1f1961d76b621894ec3261101300423548ce53681fb62c15a2a05a8ac8a5604f
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
2fe895ccd96f92fc9649a1a2ff7fd8b44dc9ec1f0d9464c0e43b823b892e6094
3db846a8e258dae8a22af14c0f1414974bbc9cd051a85359fb90eb76f9107a67
48a2d0e992570be3f7a2ed11a95d279d2d607e1e86329835daae45e8c0d6270a
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
ad5f1ca3a94cebd89d45b7cf6a963a535bf28144862cffa3a41a31540f7a409f
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
eb1b488ecfde4d2554007d8e2a3e7073a58f7ec293af43674a92dfdd0089661d

pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev Open in urlscan Pro 104.18.2.35 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

22 Requests

45 %HTTPS

0 %IPv6

14 Domains

18 Subdomains

11 IPs

4 Countries

323 kBTransfer

1690 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

0 Cookies

8 Console Messages

Indicators

pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev Open in urlscan Pro
104.18.2.35 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

45 %
HTTPS

0 %
IPv6

14
Domains

18
Subdomains

11
IPs

4
Countries

323 kB
Transfer

1690 kB
Size

0
Cookies

22 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!