pub-0c370035b7e8480681fa7852973436ed.r2.dev Open in urlscan Pro
2606:4700::6812:223  Malicious Activity! Public Scan

URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Submission: On May 23 via api from US — Scanned from DE

Summary

This website contacted 4 IPs in 1 countries across 5 domains to perform 21 HTTP transactions. The main IP is 2606:4700::6812:223, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-0c370035b7e8480681fa7852973436ed.r2.dev.
TLS certificate: Issued by E1 on April 5th 2024. Valid for: 3 months.
This is the only time pub-0c370035b7e8480681fa7852973436ed.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WeTransfer (Online)

Domain & IP information

IP Address AS Autonomous System
18 2606:4700::68... 13335 (CLOUDFLAR...)
1 1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 54.172.154.126 14618 (AMAZON-AES)
1 151.101.2.132 54113 (FASTLY)
21 4
Apex Domain
Subdomains
Transfer
18 r2.dev
pub-0c370035b7e8480681fa7852973436ed.r2.dev
354 KB
1 glitch.global
cdn.glitch.global — Cisco Umbrella Rank: 218303
2 MB
1 glitch.me
florentine-brave-principle.glitch.me
392 KB
1 cutt.ly
cutt.ly — Cisco Umbrella Rank: 52019
412 B
0 Failed
function sub() { [native code] }. Failed
21 5
Domain Requested by
18 pub-0c370035b7e8480681fa7852973436ed.r2.dev pub-0c370035b7e8480681fa7852973436ed.r2.dev
1 cdn.glitch.global pub-0c370035b7e8480681fa7852973436ed.r2.dev
1 florentine-brave-principle.glitch.me pub-0c370035b7e8480681fa7852973436ed.r2.dev
1 cutt.ly 1 redirects
0 invalid Failed pub-0c370035b7e8480681fa7852973436ed.r2.dev
21 5

This site contains no links.

Subject Issuer Validity Valid
*.r2.dev
E1
2024-04-05 -
2024-07-04
3 months crt.sh
cdn.glitch.global
R3
2024-03-31 -
2024-06-29
3 months crt.sh

This page contains 2 frames:

Primary Page: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Frame ID: 4D099A0C340D4CA4DA0BAE4144B57588
Requests: 9 HTTP requests in this frame

Frame: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Frame ID: 61A7060DA3AFE83D97826A6BD15E5F72
Requests: 13 HTTP requests in this frame

Screenshot


Page Statistics

21
Requests

90 %
HTTPS

50 %
IPv6

5
Domains

5
Subdomains

4
IPs

1
Countries

2566 kB
Transfer

2729 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • https://cutt.ly/AwfGdyLa HTTP 301
  • https://florentine-brave-principle.glitch.me/kjlmk.css

21 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request index.html
pub-0c370035b7e8480681fa7852973436ed.r2.dev/
123 KB
123 KB
Document
General
Full URL
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1e50806953dc9d662331a08b005b5ebf814d3cc8afc25192cad808ee2635f3f

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Accept-Ranges
bytes
CF-RAY
8888883b8cac2c75-FRA
Connection
keep-alive
Content-Length
125903
Content-Type
text/html
Date
Thu, 23 May 2024 22:37:43 GMT
ETag
"cc46b7f7ff0fbfd9e72b4faf5576f63e"
Last-Modified
Thu, 09 May 2024 06:39:34 GMT
Server
cloudflare
Vary
Accept-Encoding
1.js
pub-0c370035b7e8480681fa7852973436ed.r2.dev/
87 KB
88 KB
Script
General
Full URL
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.js
Requested by
Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
00b1bdf84d1e1b30c2faaf2e4cdc14f1a6a7cf96a89121ddcfc884bf842b42a6

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 23 May 2024 22:37:43 GMT
Last-Modified
Thu, 09 May 2024 06:39:34 GMT
Server
cloudflare
ETag
"cfacf8be8e570f224dd8ff19ebed1622"
Vary
Accept-Encoding
Content-Type
text/javascript
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
8888883c1d132c75-FRA
Content-Length
89498
analytics.js.download
pub-0c370035b7e8480681fa7852973436ed.r2.dev/
0
0
Script
General
Full URL
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/analytics.js.download
Requested by
Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 23 May 2024 22:37:43 GMT
Server
cloudflare
Connection
keep-alive
CF-RAY
8888883c2d103604-FRA
Content-Length
27242
Vary
Accept-Encoding
Content-Type
text/html
bWqOLA69nu2fsMi45LjA.js.download
pub-0c370035b7e8480681fa7852973436ed.r2.dev/
0
0
Script
General
Full URL
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/bWqOLA69nu2fsMi45LjA.js.download
Requested by
Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 23 May 2024 22:37:43 GMT
Server
cloudflare
Connection
keep-alive
CF-RAY
8888883c2bee2c4a-FRA
Content-Length
27242
Vary
Accept-Encoding
Content-Type
text/html
gtm.js.download
pub-0c370035b7e8480681fa7852973436ed.r2.dev/
0
0
Script
General
Full URL
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/gtm.js.download
Requested by
Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 23 May 2024 22:37:43 GMT
Server
cloudflare
Connection
keep-alive
CF-RAY
8888883c4bd990ef-FRA
Content-Length
27242
Vary
Accept-Encoding
Content-Type
text/html
/
invalid/
0
0

kjlmk.css
florentine-brave-principle.glitch.me/
Redirect Chain
  • https://cutt.ly/AwfGdyLa
  • https://florentine-brave-principle.glitch.me/kjlmk.css
391 KB
392 KB
Stylesheet
General
Full URL
https://florentine-brave-principle.glitch.me/kjlmk.css
Requested by
Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Protocol
H2
Server
54.172.154.126 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-172-154-126.compute-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
7650cccb518dc3993c51d7a477c1676cf331e22856d2a5456178e5dc96f0ac39

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date
Thu, 23 May 2024 22:37:44 GMT
x-amz-version-id
0wiCZMX7bst_JIyXIchPNKoPB0U63pYx
last-modified
Fri, 11 Aug 2023 10:29:48 GMT
server
AmazonS3
x-amz-request-id
BB1E0HPMHWT0S5G4
etag
"74acefad72f0016dcfb1e747dff5a9a7"
x-amz-server-side-encryption
AES256
content-type
text/css; charset=utf-8
cache-control
no-cache
accept-ranges
bytes
content-length
400623
x-amz-id-2
v2T8QdbEfrB142sx1bRkAi5HIf+vlkk67/pQdc1XJC/nqkGMNIcA2+E9yu6zrhMMGDChY7uKgfI=

Redirect headers

pragma
no-cache
date
Thu, 23 May 2024 22:37:44 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
referrer-policy
same-origin
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
server
cloudflare
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
location
https://florentine-brave-principle.glitch.me/kjlmk.css
cache-control
no-cache, no-store, must-revalidate
cf-ray
8888883dbb041c44-FRA
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
expires
Thu, 19 Nov 1981 08:52:00 GMT
2.js
pub-0c370035b7e8480681fa7852973436ed.r2.dev/
76 KB
76 KB
Script
General
Full URL
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/2.js
Requested by
Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e2e8635b35a80d7c8e7751a6b9be8924d39cac50fe49c20e769d86d6b1eb8c39

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 23 May 2024 22:37:43 GMT
Last-Modified
Thu, 09 May 2024 06:39:34 GMT
Server
cloudflare
ETag
"f8ce7a5d1ced50041c34d08a18eefbd5"
Vary
Accept-Encoding
Content-Type
text/javascript
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
8888883c4ce68c3e-FRA
Content-Length
77542
1.html
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ Frame 61A7
13 KB
13 KB
Document
General
Full URL
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Requested by
Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
641a8b59c7d86de5c520e9a5d8f284de6a70cf29f2a7054d682c226b0d01702a

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Accept-Ranges
bytes
CF-RAY
888888434b458c3e-FRA
Connection
keep-alive
Content-Length
13157
Content-Type
text/html
Date
Thu, 23 May 2024 22:37:44 GMT
ETag
"091c974a55afdf27fe7e9af69b471909"
Last-Modified
Thu, 09 May 2024 06:39:34 GMT
Server
cloudflare
Vary
Accept-Encoding
1.js
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ Frame 61A7
87 KB
0
Script
General
Full URL
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.js
Requested by
Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
00b1bdf84d1e1b30c2faaf2e4cdc14f1a6a7cf96a89121ddcfc884bf842b42a6

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 23 May 2024 22:37:43 GMT
Last-Modified
Thu, 09 May 2024 06:39:34 GMT
Server
cloudflare
ETag
"cfacf8be8e570f224dd8ff19ebed1622"
Vary
Accept-Encoding
Content-Type
text/javascript
Accept-Ranges
bytes
CF-RAY
8888883c1d132c75-FRA
Content-Length
89498
wallpaper-toolbox-2.css
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ Frame 61A7
0
0
Stylesheet
General
Full URL
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/wallpaper-toolbox-2.css
Requested by
Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 23 May 2024 22:37:44 GMT
Server
cloudflare
Connection
keep-alive
CF-RAY
88888843dbe08c3e-FRA
Content-Length
27242
Vary
Accept-Encoding
Content-Type
text/html
2.js
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ Frame 61A7
76 KB
0
Script
General
Full URL
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/2.js
Requested by
Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e2e8635b35a80d7c8e7751a6b9be8924d39cac50fe49c20e769d86d6b1eb8c39

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 23 May 2024 22:37:43 GMT
Last-Modified
Thu, 09 May 2024 06:39:34 GMT
Server
cloudflare
ETag
"f8ce7a5d1ced50041c34d08a18eefbd5"
Vary
Accept-Encoding
Content-Type
text/javascript
Accept-Ranges
bytes
CF-RAY
8888883c4ce68c3e-FRA
Content-Length
77542
dom4.js
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ Frame 61A7
0
0
Script
General
Full URL
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/dom4.js
Requested by
Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 23 May 2024 22:37:44 GMT
Server
cloudflare
Connection
keep-alive
CF-RAY
88888843dfe390ef-FRA
Content-Length
27242
Vary
Accept-Encoding
Content-Type
text/html
anime.js
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ Frame 61A7
0
0
Script
General
Full URL
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/anime.js
Requested by
Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 23 May 2024 22:37:44 GMT
Server
cloudflare
Connection
keep-alive
CF-RAY
88888843db442c75-FRA
Content-Length
27242
Vary
Accept-Encoding
Content-Type
text/html
wallpaper-api-2.js
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ Frame 61A7
0
0
Script
General
Full URL
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/wallpaper-api-2.js
Requested by
Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 23 May 2024 22:37:44 GMT
Server
cloudflare
Connection
keep-alive
CF-RAY
88888843da1f2c4a-FRA
Content-Length
27242
Vary
Accept-Encoding
Content-Type
text/html
wallpaper-toolbox-2.js
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ Frame 61A7
0
0
Script
General
Full URL
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/wallpaper-toolbox-2.js
Requested by
Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 23 May 2024 22:37:44 GMT
Server
cloudflare
Connection
keep-alive
CF-RAY
88888843d97b9bb6-FRA
Content-Length
27242
Vary
Accept-Encoding
Content-Type
text/html
truncated
/ Frame 61A7
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cb03f92c07b692ce08005daa5f69a374b6bc2f65e0f5bde64aa1e18499b6e8f9

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
video-04.mp4
cdn.glitch.global/9ed4c623-bd1b-4310-adb3-cf24b8807ba1/ Frame 61A7
2 MB
2 MB
Media
General
Full URL
https://cdn.glitch.global/9ed4c623-bd1b-4310-adb3-cf24b8807ba1/video-04.mp4?v=1673277070960
Requested by
Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
55698987600e1a53ecc16853bb344c4a374db9f1e824ecd43e95a6f544de9595
Security Headers
Name Value
Content-Security-Policy script-src 'none'

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Referer
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/
Range
bytes=0-
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
script-src 'none'
via
1.1 varnish, 1.1 varnish
date
Thu, 23 May 2024 22:37:45 GMT
x-amz-request-id
46FW8G4JSK85RQ7V
age
948147
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
Content-Range
bytes 0-1862641/1862642
Content-Length
1862642
x-amz-id-2
z5a4pJDrbFsNaD1aqB8CxMBaZqE+dUWv4ZeeVkuwTKS8/lAbDJi0Kb5JUKkv0XPFZmPcnLnJzyI=
x-served-by
cache-iad-kjyo7100122-IAD, cache-fra-etou8220023-FRA
last-modified
Mon, 09 Jan 2023 15:11:00 GMT
server
AmazonS3
x-timer
S1716503865.036663,VS0,VE1
etag
"6fd59cf63aa3165809a31a4e64187c8a"
access-control-allow-methods
GET, HEAD, POST
content-type
video/mp4
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-cache-hits
12, 0
next-button.png
pub-0c370035b7e8480681fa7852973436ed.r2.dev/assets/images/ Frame 61A7
27 KB
27 KB
Image
General
Full URL
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/assets/images/next-button.png
Requested by
Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 23 May 2024 22:37:45 GMT
Server
cloudflare
Connection
keep-alive
CF-RAY
888888444c398c3e-FRA
Content-Length
27242
Vary
Accept-Encoding
Content-Type
text/html
DINNextW1G-Bold.woff
pub-0c370035b7e8480681fa7852973436ed.r2.dev/assets/fonts/ Frame 61A7
0
0
Font
General
Full URL
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/assets/fonts/DINNextW1G-Bold.woff
Requested by
Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Origin
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 23 May 2024 22:37:45 GMT
Server
cloudflare
Connection
keep-alive
CF-RAY
888888445a932c4a-FRA
Content-Length
27242
Vary
Accept-Encoding
Content-Type
text/html
DINNextW1G-Regular.woff
pub-0c370035b7e8480681fa7852973436ed.r2.dev/assets/fonts/ Frame 61A7
0
0
Font
General
Full URL
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/assets/fonts/DINNextW1G-Regular.woff
Requested by
Host: pub-0c370035b7e8480681fa7852973436ed.r2.dev
URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Origin
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 23 May 2024 22:37:45 GMT
Server
cloudflare
Connection
keep-alive
CF-RAY
8888884459ec9bb6-FRA
Content-Length
27242
Vary
Accept-Encoding
Content-Type
text/html
favicon.ico
pub-0c370035b7e8480681fa7852973436ed.r2.dev/
27 KB
27 KB
Other
General
Full URL
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 23 May 2024 22:37:45 GMT
Server
cloudflare
Connection
keep-alive
CF-RAY
888888455b029bb6-FRA
Content-Length
27242
Vary
Accept-Encoding
Content-Type
text/html

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
invalid
URL
chrome-extension://invalid/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WeTransfer (Online)

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| mail string| t object| params object| lst object| p undefined| $ function| jQuery string| ajaxurl string| image_save_msg string| no_menu_msg string| smessage function| disableEnterKey function| wccp_free_iscontenteditable function| disable_copy function| disable_copy_ie function| reEnable function| disableSelection function| onlongtouch undefined| timer number| touchduration string| elemtype function| touchstart function| touchend function| wccp_pro_is_passive function| nocontext undefined| timeout_result function| show_wpcp_message function| hide_message object| maxwellScreenReaderText object| lazySizes object| addComment object| wp

0 Cookies

14 Console Messages

Source Level URL
Text
network error URL: chrome-extension://invalid/
Message:
Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
network error URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/bWqOLA69nu2fsMi45LjA.js.download
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/analytics.js.download
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/gtm.js.download
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
recommendation verbose URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network error URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/anime.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/dom4.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/wallpaper-toolbox-2.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/wallpaper-api-2.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/wallpaper-toolbox-2.css
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/assets/images/next-button.png
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/assets/fonts/DINNextW1G-Bold.woff
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/assets/fonts/DINNextW1G-Regular.woff
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)