![](/screenshots/9f10620a-d965-4aaa-8cc1-efacb4a6ae9b.png)
pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
Open in
urlscan Pro
104.18.2.35
Malicious Activity!
Public Scan
Effective URL: https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html
Submission: On November 08 via manual from PT — Scanned from AU
Summary
TLS certificate: Issued by E1 on October 11th 2023. Valid for: 3 months.
This is the only time pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 54.206.132.46 54.206.132.46 | 16509 (AMAZON-02) (AMAZON-02) | |
1 1 | 69.49.245.172 69.49.245.172 | 19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING) | |
1 | 104.18.2.35 104.18.2.35 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 104.18.11.207 104.18.11.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 142.250.66.202 142.250.66.202 | 15169 (GOOGLE) (GOOGLE) | |
1 | 104.17.25.14 104.17.25.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 2 | 172.217.167.100 172.217.167.100 | 15169 (GOOGLE) (GOOGLE) | |
1 | 142.250.204.4 142.250.204.4 | 15169 (GOOGLE) (GOOGLE) | |
1 | 151.101.130.137 151.101.130.137 | 54113 (FASTLY) (FASTLY) | |
1 | 142.250.66.234 142.250.66.234 | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 195.23.69.231 195.23.69.231 | 2860 (NOS_COMUN...) (NOS_COMUNICACOES) | |
1 | 23.55.242.147 23.55.242.147 | () () | |
1 | 172.217.167.68 172.217.167.68 | 15169 (GOOGLE) (GOOGLE) | |
1 | 104.74.57.233 104.74.57.233 | () () | |
22 | 11 |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-206-132-46.ap-southeast-2.compute.amazonaws.com
app.idashboard.com.au |
ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 69-49-245-172.webhostbox.net
janetyoung.nl |
ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com | |
stackpath.bootstrapcdn.com |
ASN15169 (GOOGLE, US)
PTR: syd09s23-in-f10.1e100.net
fonts.googleapis.com |
ASN15169 (GOOGLE, US)
PTR: syd09s17-in-f4.1e100.net
www.google.com |
ASN15169 (GOOGLE, US)
PTR: syd15s15-in-f10.1e100.net
ajax.googleapis.com |
ASN2860 (NOS_COMUNICACOES, PT)
PTR: 195-23-69-231.static.net.novis.pt
solverde.pt |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1137 stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2914 |
50 KB |
2 |
solverde.pt
1 redirects
solverde.pt — Cisco Umbrella Rank: 493017 www.solverde.pt |
27 KB |
2 |
gstatic.com
t3.gstatic.com t1.gstatic.com |
2 KB |
2 |
google.com
2 redirects
www.google.com — Cisco Umbrella Rank: 2 |
429 B |
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31 ajax.googleapis.com — Cisco Umbrella Rank: 364 |
31 KB |
1 |
safecharge.com
cdn.safecharge.com |
3 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 762 |
24 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 223 |
7 KB |
1 |
r2.dev
pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev |
180 KB |
1 |
janetyoung.nl
1 redirects
janetyoung.nl |
293 B |
1 |
idashboard.com.au
1 redirects
app.idashboard.com.au |
581 B |
0 |
azure.com
Failed
js.monitor.azure.com Failed |
|
0 |
fontawesome.com
Failed
kit.fontawesome.com Failed |
|
0 |
mytehranmusic.ru
Failed
mytehranmusic.ru Failed |
|
22 | 14 |
Domain | Requested by | |
---|---|---|
2 | www.google.com | 2 redirects |
2 | maxcdn.bootstrapcdn.com |
pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
|
1 | cdn.safecharge.com |
www.solverde.pt
|
1 | t1.gstatic.com |
pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
|
1 | www.solverde.pt |
pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
www.solverde.pt |
1 | solverde.pt | 1 redirects |
1 | stackpath.bootstrapcdn.com |
pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
|
1 | ajax.googleapis.com |
pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
|
1 | code.jquery.com |
pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
|
1 | t3.gstatic.com |
pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
|
1 | cdnjs.cloudflare.com |
pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
|
1 | fonts.googleapis.com |
pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
|
1 | pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev | |
1 | janetyoung.nl | 1 redirects |
1 | app.idashboard.com.au | 1 redirects |
0 | js.monitor.azure.com Failed |
www.solverde.pt
|
0 | kit.fontawesome.com Failed |
www.solverde.pt
|
0 | mytehranmusic.ru Failed |
pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
|
22 | 18 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.r2.dev E1 |
2023-10-11 - 2024-01-09 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-12-30 - 2023-12-30 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-10-16 - 2024-01-08 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
*.solverde.pt DigiCert TLS RSA SHA256 2020 CA1 |
2023-02-11 - 2024-02-14 |
a year | crt.sh |
*.safecharge.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-09-05 - 2024-09-04 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html
Frame ID: 3F5AF08F1658650B66769D1A6E91046A
Requests: 12 HTTP requests in this frame
Frame:
https://www.solverde.pt/
Frame ID: 38A387733F7070A2FC534EB3E0CD2179
Requests: 11 HTTP requests in this frame
Screenshot
![](/screenshots/9f10620a-d965-4aaa-8cc1-efacb4a6ae9b.png)
Page Title
MailPage URL History Show full URLs
-
https://app.idashboard.com.au/campaigns/redirect/12966406122938f06385a340585b7f30a2ed4a7/2737136/https://j...
HTTP 302
https://janetyoung.nl/kk/Ac29sdmVyZGVAc29sdmVyZGUucHQ= HTTP 302
https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html Page URL
Detected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
![](/vendor/wappa/icons/Popper.png)
Detected patterns
- /popper\.js/([0-9.]+)
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://app.idashboard.com.au/campaigns/redirect/12966406122938f06385a340585b7f30a2ed4a7/2737136/https://janetyoung.nl/kk/Ac29sdmVyZGVAc29sdmVyZGUucHQ=
HTTP 302
https://janetyoung.nl/kk/Ac29sdmVyZGVAc29sdmVyZGUucHQ= HTTP 302
https://pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/index.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 5- https://www.google.com/s2/favicons?sz=64&domain_url=cpanel.com HTTP 301
- https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://cpanel.com&size=64
- https://solverde.pt/ HTTP 301
- https://www.solverde.pt/
- https://www.google.com/s2/favicons?sz=64&domain_url=solverde.pt HTTP 301
- https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://solverde.pt&size=64
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev/ Redirect Chain
|
1 MB 180 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ |
141 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
1 KB 903 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
css2.css
mytehranmusic.ru/.oce/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
117 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
faviconV2
t3.gstatic.com/ Redirect Chain
|
534 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.slim.min.js
code.jquery.com/ |
68 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ |
48 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ |
50 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.solverde.pt/ Frame 38A3 Redirect Chain
|
101 KB 27 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
faviconV2
t1.gstatic.com/ Redirect Chain
|
791 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sc_applepay.min.js
cdn.safecharge.com/safecharge_resources/v1/ Frame 38A3 |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
style.raw.css
www.solverde.pt/solverde_solverde-theme/css/ Frame 38A3 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
bundle.css
www.solverde.pt/solverde_solverde-theme/js/app-out/ Frame 38A3 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
custom-variables.css
www.solverde.pt/solverde_solverde-theme/css/ Frame 38A3 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
fluidable.css
www.solverde.pt/library/new_layout_assets/imports/ Frame 38A3 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
sv-icons.css
www.solverde.pt/library/new_layout_assets/imports/ Frame 38A3 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
design_system.css
www.solverde.pt/library/new_layout_assets/imports/ Frame 38A3 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
f79228a033.js
kit.fontawesome.com/ Frame 38A3 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
bundle.js
www.solverde.pt/solverde_solverde-theme/js/app-out/ Frame 38A3 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ai.2.min.js
js.monitor.azure.com/scripts/b/ Frame 38A3 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- mytehranmusic.ru
- URL
- https://mytehranmusic.ru/.oce/css2.css
- Domain
- www.solverde.pt
- URL
- https://www.solverde.pt/solverde_solverde-theme/css/style.raw.css?t=1697635164
- Domain
- www.solverde.pt
- URL
- https://www.solverde.pt/solverde_solverde-theme/js/app-out/bundle.css?t=1697635166
- Domain
- www.solverde.pt
- URL
- https://www.solverde.pt/solverde_solverde-theme/css/custom-variables.css?t=1699379323898
- Domain
- www.solverde.pt
- URL
- https://www.solverde.pt/library/new_layout_assets/imports/fluidable.css
- Domain
- www.solverde.pt
- URL
- https://www.solverde.pt/library/new_layout_assets/imports/sv-icons.css
- Domain
- www.solverde.pt
- URL
- https://www.solverde.pt/library/new_layout_assets/imports/design_system.css
- Domain
- kit.fontawesome.com
- URL
- https://kit.fontawesome.com/f79228a033.js
- Domain
- www.solverde.pt
- URL
- https://www.solverde.pt/solverde_solverde-theme/js/app-out/bundle.js?t=1697635162
- Domain
- js.monitor.azure.com
- URL
- https://js.monitor.azure.com/scripts/b/ai.2.min.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| documentPictureInPicture function| Popper function| $ function| jQuery object| bootstrap function| _0x1214 function| _0x479a13 function| _0x14f9 string| rdrt number| domain_redirect number| rc string| f0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
app.idashboard.com.au
cdn.safecharge.com
cdnjs.cloudflare.com
code.jquery.com
fonts.googleapis.com
janetyoung.nl
js.monitor.azure.com
kit.fontawesome.com
maxcdn.bootstrapcdn.com
mytehranmusic.ru
pub-e5efc1be21724f20b7f14b954e9f69b5.r2.dev
solverde.pt
stackpath.bootstrapcdn.com
t1.gstatic.com
t3.gstatic.com
www.google.com
www.solverde.pt
js.monitor.azure.com
kit.fontawesome.com
mytehranmusic.ru
www.solverde.pt
104.17.25.14
104.18.11.207
104.18.2.35
104.74.57.233
142.250.204.4
142.250.66.202
142.250.66.234
151.101.130.137
172.217.167.100
172.217.167.68
195.23.69.231
23.55.242.147
54.206.132.46
69.49.245.172
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0f1ddaa5573110e52c8ead5707a8349bd913af57f1da2d57a782aeffe5c61739
1f1961d76b621894ec3261101300423548ce53681fb62c15a2a05a8ac8a5604f
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
2fe895ccd96f92fc9649a1a2ff7fd8b44dc9ec1f0d9464c0e43b823b892e6094
3db846a8e258dae8a22af14c0f1414974bbc9cd051a85359fb90eb76f9107a67
48a2d0e992570be3f7a2ed11a95d279d2d607e1e86329835daae45e8c0d6270a
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
ad5f1ca3a94cebd89d45b7cf6a963a535bf28144862cffa3a41a31540f7a409f
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
eb1b488ecfde4d2554007d8e2a3e7073a58f7ec293af43674a92dfdd0089661d