pub-0c370035b7e8480681fa7852973436ed.r2.dev Open in urlscan Pro
2606:4700::6812:223 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Submission: On May 23 via api (May 23rd 2024, 10:37:51 pm UTC) from US — Scanned from DE

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 5 domains to perform 21 HTTP transactions. The main IP is 2606:4700::6812:223, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-0c370035b7e8480681fa7852973436ed.r2.dev.
TLS certificate: Issued by E1 on April 5th 2024. Valid for: 3 months.

This is the only time pub-0c370035b7e8480681fa7852973436ed.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WeTransfer (Online)

Domain & IP information

	IP Address	AS Autonomous System
18	2606:4700::68... 2606:4700::6812:223	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2606:4700:10:... 2606:4700:10::ac43:8ee	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	54.172.154.126 54.172.154.126	14618 (AMAZON-AES) (AMAZON-AES)
1	151.101.2.132 151.101.2.132	54113 (FASTLY) (FASTLY)
21	4

18 2606:4700::6812:223 (United States)

ASN13335 (CLOUDFLARENET, US)

pub-0c370035b7e8480681fa7852973436ed.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:8ee (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cutt.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.172.154.126 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-172-154-126.compute-1.amazonaws.com

florentine-brave-principle.glitch.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.132 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn.glitch.global	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	r2.dev pub-0c370035b7e8480681fa7852973436ed.r2.dev	354 KB
1	glitch.global cdn.glitch.global — Cisco Umbrella Rank: 218303	2 MB
1	glitch.me florentine-brave-principle.glitch.me	392 KB
1	cutt.ly 1 redirects cutt.ly — Cisco Umbrella Rank: 52019	412 B
0	Failed function sub() { [native code] }. Failed
21	5

	Domain	Requested by
18	pub-0c370035b7e8480681fa7852973436ed.r2.dev	pub-0c370035b7e8480681fa7852973436ed.r2.dev
1	cdn.glitch.global	pub-0c370035b7e8480681fa7852973436ed.r2.dev
1	florentine-brave-principle.glitch.me	pub-0c370035b7e8480681fa7852973436ed.r2.dev
1	cutt.ly	1 redirects
0	invalid Failed	pub-0c370035b7e8480681fa7852973436ed.r2.dev
21	5

This site contains no links.

Subject Issuer	Validity	Valid
*.r2.dev E1	`2024-04-05` - `2024-07-04`	3 months	crt.sh
cdn.glitch.global R3	`2024-03-31` - `2024-06-29`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Frame ID: 4D099A0C340D4CA4DA0BAE4144B57588
Requests: 9 HTTP requests in this frame

Frame: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Frame ID: 61A7060DA3AFE83D97826A6BD15E5F72
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

21
Requests

90 %
HTTPS

50 %
IPv6

5
Domains

5
Subdomains

4
IPs

1
Countries

2566 kB
Transfer

2729 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://cutt.ly/AwfGdyLa HTTP 301
https://florentine-brave-principle.glitch.me/kjlmk.css

21 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request index.html Show response
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ 123 KB
123 KB 95ms
70ms Document
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e1e50806953dc9d662331a08b005b5ebf814d3cc8afc25192cad808ee2635f3f

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Accept-Ranges: bytes
CF-RAY: 8888883b8cac2c75-FRA
Connection: keep-alive
Content-Length: 125903
Content-Type: text/html
Date: Thu, 23 May 2024 22:37:43 GMT
ETag: "cc46b7f7ff0fbfd9e72b4faf5576f63e"
Last-Modified: Thu, 09 May 2024 06:39:34 GMT
Server: cloudflare
Vary: Accept-Encoding

GET
H/1.1 200
OK 1.js Show response
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ 87 KB
88 KB 76ms
65ms Script
text/javascript 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.js
Requested by: Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00b1bdf84d1e1b30c2faaf2e4cdc14f1a6a7cf96a89121ddcfc884bf842b42a6

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 23 May 2024 22:37:43 GMT
Last-Modified: Thu, 09 May 2024 06:39:34 GMT
Server: cloudflare
ETag: "cfacf8be8e570f224dd8ff19ebed1622"
Vary: Accept-Encoding
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 8888883c1d132c75-FRA
Content-Length: 89498

GET
H/1.1 404
Not Found analytics.js.download
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ 0
0 82ms
64ms Script
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/analytics.js.download
Requested by: Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 23 May 2024 22:37:43 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 8888883c2d103604-FRA
Content-Length: 27242
Vary: Accept-Encoding
Content-Type: text/html

GET
H/1.1 404
Not Found bWqOLA69nu2fsMi45LjA.js.download
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ 0
0 53ms
51ms Script
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/bWqOLA69nu2fsMi45LjA.js.download
Requested by: Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 23 May 2024 22:37:43 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 8888883c2bee2c4a-FRA
Content-Length: 27242
Vary: Accept-Encoding
Content-Type: text/html

GET
H/1.1 404
Not Found gtm.js.download
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ 0
0 70ms
52ms Script
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/gtm.js.download
Requested by: Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 23 May 2024 22:37:43 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 8888883c4bd990ef-FRA
Content-Length: 27242
Vary: Accept-Encoding
Content-Type: text/html

GET /
invalid/ 0
0

GET
H2

200

kjlmk.css
florentine-brave-principle.glitch.me/
Redirect Chain

https://cutt.ly/AwfGdyLa
https://florentine-brave-principle.glitch.me/kjlmk.css

391 KB
392 KB

491ms
256ms

Stylesheet
text/css

54.172.154.126
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://florentine-brave-principle.glitch.me/kjlmk.css
Requested by: Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Protocol: H2
Server: 54.172.154.126 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-172-154-126.compute-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 7650cccb518dc3993c51d7a477c1676cf331e22856d2a5456178e5dc96f0ac39

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date: Thu, 23 May 2024 22:37:44 GMT
x-amz-version-id: 0wiCZMX7bst_JIyXIchPNKoPB0U63pYx
last-modified: Fri, 11 Aug 2023 10:29:48 GMT
server: AmazonS3
x-amz-request-id: BB1E0HPMHWT0S5G4
etag: "74acefad72f0016dcfb1e747dff5a9a7"
x-amz-server-side-encryption: AES256
content-type: text/css; charset=utf-8
cache-control: no-cache
accept-ranges: bytes
content-length: 400623
x-amz-id-2: v2T8QdbEfrB142sx1bRkAi5HIf+vlkk67/pQdc1XJC/nqkGMNIcA2+E9yu6zrhMMGDChY7uKgfI=

Redirect headers

pragma: no-cache
date: Thu, 23 May 2024 22:37:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
referrer-policy: same-origin
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://florentine-brave-principle.glitch.me/kjlmk.css
cache-control: no-cache, no-store, must-revalidate
cf-ray: 8888883dbb041c44-FRA
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK 2.js Show response
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ 76 KB
76 KB 90ms
76ms Script
text/javascript 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/2.js
Requested by: Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2e8635b35a80d7c8e7751a6b9be8924d39cac50fe49c20e769d86d6b1eb8c39

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 23 May 2024 22:37:43 GMT
Last-Modified: Thu, 09 May 2024 06:39:34 GMT
Server: cloudflare
ETag: "f8ce7a5d1ced50041c34d08a18eefbd5"
Vary: Accept-Encoding
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 8888883c4ce68c3e-FRA
Content-Length: 77542

GET
H/1.1 200
OK 1.html Show response
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ Frame 61A7 13 KB
13 KB 64ms
64ms Document
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Requested by: Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 641a8b59c7d86de5c520e9a5d8f284de6a70cf29f2a7054d682c226b0d01702a

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Accept-Ranges: bytes
CF-RAY: 888888434b458c3e-FRA
Connection: keep-alive
Content-Length: 13157
Content-Type: text/html
Date: Thu, 23 May 2024 22:37:44 GMT
ETag: "091c974a55afdf27fe7e9af69b471909"
Last-Modified: Thu, 09 May 2024 06:39:34 GMT
Server: cloudflare
Vary: Accept-Encoding

GET
H/1.1 200
OK 1.js Show response
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ Frame 61A7 87 KB
0 0ms
0ms Script
text/javascript 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.js
Requested by: Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00b1bdf84d1e1b30c2faaf2e4cdc14f1a6a7cf96a89121ddcfc884bf842b42a6

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 23 May 2024 22:37:43 GMT
Last-Modified: Thu, 09 May 2024 06:39:34 GMT
Server: cloudflare
ETag: "cfacf8be8e570f224dd8ff19ebed1622"
Vary: Accept-Encoding
Content-Type: text/javascript
Accept-Ranges: bytes
CF-RAY: 8888883c1d132c75-FRA
Content-Length: 89498

GET
H/1.1 404
Not Found wallpaper-toolbox-2.css
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ Frame 61A7 0
0 59ms
58ms Stylesheet
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/wallpaper-toolbox-2.css
Requested by: Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 23 May 2024 22:37:44 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 88888843dbe08c3e-FRA
Content-Length: 27242
Vary: Accept-Encoding
Content-Type: text/html

GET
H/1.1 200
OK 2.js Show response
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ Frame 61A7 76 KB
0 0ms
0ms Script
text/javascript 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/2.js
Requested by: Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2e8635b35a80d7c8e7751a6b9be8924d39cac50fe49c20e769d86d6b1eb8c39

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 23 May 2024 22:37:43 GMT
Last-Modified: Thu, 09 May 2024 06:39:34 GMT
Server: cloudflare
ETag: "f8ce7a5d1ced50041c34d08a18eefbd5"
Vary: Accept-Encoding
Content-Type: text/javascript
Accept-Ranges: bytes
CF-RAY: 8888883c4ce68c3e-FRA
Content-Length: 77542

GET
H/1.1 404
Not Found dom4.js
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ Frame 61A7 0
0 51ms
49ms Script
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/dom4.js
Requested by: Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 23 May 2024 22:37:44 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 88888843dfe390ef-FRA
Content-Length: 27242
Vary: Accept-Encoding
Content-Type: text/html

GET
H/1.1 404
Not Found anime.js
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ Frame 61A7 0
0 49ms
47ms Script
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/anime.js
Requested by: Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 23 May 2024 22:37:44 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 88888843db442c75-FRA
Content-Length: 27242
Vary: Accept-Encoding
Content-Type: text/html

GET
H/1.1 404
Not Found wallpaper-api-2.js
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ Frame 61A7 0
0 57ms
56ms Script
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/wallpaper-api-2.js
Requested by: Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 23 May 2024 22:37:44 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 88888843da1f2c4a-FRA
Content-Length: 27242
Vary: Accept-Encoding
Content-Type: text/html

GET
H/1.1 404
Not Found wallpaper-toolbox-2.js
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ Frame 61A7 0
0 56ms
55ms Script
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/wallpaper-toolbox-2.js
Requested by: Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 23 May 2024 22:37:44 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 88888843d97b9bb6-FRA
Content-Length: 27242
Vary: Accept-Encoding
Content-Type: text/html

GET
DATA 200
OK truncated
/ Frame 61A7 4 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cb03f92c07b692ce08005daa5f69a374b6bc2f65e0f5bde64aa1e18499b6e8f9

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 206 video-04.mp4
cdn.glitch.global/9ed4c623-bd1b-4310-adb3-cf24b8807ba1/ Frame 61A7 2 MB
2 MB 46ms
9ms Media
video/mp4 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.glitch.global/9ed4c623-bd1b-4310-adb3-cf24b8807ba1/video-04.mp4?v=1673277070960

Requested by

Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

55698987600e1a53ecc16853bb344c4a374db9f1e824ecd43e95a6f544de9595

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Referer: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/
Range: bytes=0-
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: script-src 'none'
via: 1.1 varnish, 1.1 varnish
date: Thu, 23 May 2024 22:37:45 GMT
x-amz-request-id: 46FW8G4JSK85RQ7V
age: 948147
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
Content-Range: bytes 0-1862641/1862642
Content-Length: 1862642
x-amz-id-2: z5a4pJDrbFsNaD1aqB8CxMBaZqE+dUWv4ZeeVkuwTKS8/lAbDJi0Kb5JUKkv0XPFZmPcnLnJzyI=
x-served-by: cache-iad-kjyo7100122-IAD, cache-fra-etou8220023-FRA
last-modified: Mon, 09 Jan 2023 15:11:00 GMT
server: AmazonS3
x-timer: S1716503865.036663,VS0,VE1
etag: "6fd59cf63aa3165809a31a4e64187c8a"
access-control-allow-methods: GET, HEAD, POST
content-type: video/mp4
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 12, 0

GET
H/1.1 404
Not Found next-button.png
pub-0c370035b7e8480681fa7852973436ed.r2.dev/assets/images/ Frame 61A7 27 KB
27 KB 54ms
54ms Image
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/assets/images/next-button.png
Requested by: Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 23 May 2024 22:37:45 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 888888444c398c3e-FRA
Content-Length: 27242
Vary: Accept-Encoding
Content-Type: text/html

GET
H/1.1 404
Not Found DINNextW1G-Bold.woff
pub-0c370035b7e8480681fa7852973436ed.r2.dev/assets/fonts/ Frame 61A7 0
0 55ms
54ms Font
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/assets/fonts/DINNextW1G-Bold.woff
Requested by: Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Origin: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 23 May 2024 22:37:45 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 888888445a932c4a-FRA
Content-Length: 27242
Vary: Accept-Encoding
Content-Type: text/html

GET
H/1.1 404
Not Found DINNextW1G-Regular.woff
pub-0c370035b7e8480681fa7852973436ed.r2.dev/assets/fonts/ Frame 61A7 0
0 58ms
57ms Font
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/assets/fonts/DINNextW1G-Regular.woff
Requested by: Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Origin: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 23 May 2024 22:37:45 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 8888884459ec9bb6-FRA
Content-Length: 27242
Vary: Accept-Encoding
Content-Type: text/html

GET
H/1.1 404
Not Found favicon.ico
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ 27 KB
27 KB 70ms
68ms Other
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 23 May 2024 22:37:45 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 888888455b029bb6-FRA
Content-Length: 27242
Vary: Accept-Encoding
Content-Type: text/html

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: invalid
URL: chrome-extension://invalid/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WeTransfer (Online)

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

14 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: chrome-extension://invalid/ Message: Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
network	error	URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/bWqOLA69nu2fsMi45LjA.js.download Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/analytics.js.download Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/gtm.js.download Message: Failed to load resource: the server responded with a status of 404 (Not Found)
recommendation	verbose	URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k@h****.c.kr Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/anime.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/dom4.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/wallpaper-toolbox-2.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/wallpaper-api-2.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/wallpaper-toolbox-2.css Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/assets/images/next-button.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/assets/fonts/DINNextW1G-Bold.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/assets/fonts/DINNextW1G-Regular.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.glitch.global
cutt.ly
florentine-brave-principle.glitch.me
invalid
pub-0c370035b7e8480681fa7852973436ed.r2.dev
invalid
151.101.2.132
2606:4700:10::ac43:8ee
2606:4700::6812:223
54.172.154.126
00b1bdf84d1e1b30c2faaf2e4cdc14f1a6a7cf96a89121ddcfc884bf842b42a6
55698987600e1a53ecc16853bb344c4a374db9f1e824ecd43e95a6f544de9595
570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499
641a8b59c7d86de5c520e9a5d8f284de6a70cf29f2a7054d682c226b0d01702a
7650cccb518dc3993c51d7a477c1676cf331e22856d2a5456178e5dc96f0ac39
cb03f92c07b692ce08005daa5f69a374b6bc2f65e0f5bde64aa1e18499b6e8f9
e1e50806953dc9d662331a08b005b5ebf814d3cc8afc25192cad808ee2635f3f
e2e8635b35a80d7c8e7751a6b9be8924d39cac50fe49c20e769d86d6b1eb8c39

pub-0c370035b7e8480681fa7852973436ed.r2.dev Open in urlscan Pro 2606:4700::6812:223 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

21 Requests

90 %HTTPS

50 %IPv6

5 Domains

5 Subdomains

4 IPs

1 Countries

2566 kBTransfer

2729 kBSize

0 Cookies

0 Outgoing links

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

33 JavaScript Global Variables

0 Cookies

14 Console Messages

Indicators

pub-0c370035b7e8480681fa7852973436ed.r2.dev Open in urlscan Pro
2606:4700::6812:223 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

90 %
HTTPS

50 %
IPv6

5
Domains

5
Subdomains

4
IPs

1
Countries

2566 kB
Transfer

2729 kB
Size

0
Cookies

21 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!