![](/screenshots/a24db7dd-0c2f-4cc4-b261-215a222106c5.png)
pub-0c370035b7e8480681fa7852973436ed.r2.dev
Open in
urlscan Pro
2606:4700::6812:223
Malicious Activity!
Public Scan
Submission: On May 23 via api from US — Scanned from DE
Summary
TLS certificate: Issued by E1 on April 5th 2024. Valid for: 3 months.
This is the only time pub-0c370035b7e8480681fa7852973436ed.r2.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WeTransfer (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
18 | 2606:4700::68... 2606:4700::6812:223 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 2606:4700:10:... 2606:4700:10::ac43:8ee | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 54.172.154.126 54.172.154.126 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 151.101.2.132 151.101.2.132 | 54113 (FASTLY) (FASTLY) | |
21 | 4 |
ASN13335 (CLOUDFLARENET, US)
pub-0c370035b7e8480681fa7852973436ed.r2.dev |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-172-154-126.compute-1.amazonaws.com
florentine-brave-principle.glitch.me |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
r2.dev
pub-0c370035b7e8480681fa7852973436ed.r2.dev |
354 KB |
1 |
glitch.global
cdn.glitch.global — Cisco Umbrella Rank: 218303 |
2 MB |
1 |
glitch.me
florentine-brave-principle.glitch.me |
392 KB |
1 |
cutt.ly
1 redirects
cutt.ly — Cisco Umbrella Rank: 52019 |
412 B |
0 |
Failed
function sub() { [native code] }. Failed |
|
21 | 5 |
Domain | Requested by | |
---|---|---|
18 | pub-0c370035b7e8480681fa7852973436ed.r2.dev |
pub-0c370035b7e8480681fa7852973436ed.r2.dev
|
1 | cdn.glitch.global |
pub-0c370035b7e8480681fa7852973436ed.r2.dev
|
1 | florentine-brave-principle.glitch.me |
pub-0c370035b7e8480681fa7852973436ed.r2.dev
|
1 | cutt.ly | 1 redirects |
0 | invalid Failed |
pub-0c370035b7e8480681fa7852973436ed.r2.dev
|
21 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.r2.dev E1 |
2024-04-05 - 2024-07-04 |
3 months | crt.sh |
cdn.glitch.global R3 |
2024-03-31 - 2024-06-29 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/index.html?email=r.k**@h*******.c*.kr
Frame ID: 4D099A0C340D4CA4DA0BAE4144B57588
Requests: 9 HTTP requests in this frame
Frame:
https://pub-0c370035b7e8480681fa7852973436ed.r2.dev/1.html
Frame ID: 61A7060DA3AFE83D97826A6BD15E5F72
Requests: 13 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 5- https://cutt.ly/AwfGdyLa HTTP 301
- https://florentine-brave-principle.glitch.me/kjlmk.css
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ |
123 KB 123 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1.js
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ |
87 KB 88 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
analytics.js.download
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bWqOLA69nu2fsMi45LjA.js.download
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gtm.js.download
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
invalid/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kjlmk.css
florentine-brave-principle.glitch.me/ Redirect Chain
|
391 KB 392 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2.js
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ |
76 KB 76 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1.html
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ Frame 61A7 |
13 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1.js
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ Frame 61A7 |
87 KB 0 |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wallpaper-toolbox-2.css
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ Frame 61A7 |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2.js
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ Frame 61A7 |
76 KB 0 |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dom4.js
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ Frame 61A7 |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
anime.js
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ Frame 61A7 |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wallpaper-api-2.js
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ Frame 61A7 |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wallpaper-toolbox-2.js
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ Frame 61A7 |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 61A7 |
4 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
video-04.mp4
cdn.glitch.global/9ed4c623-bd1b-4310-adb3-cf24b8807ba1/ Frame 61A7 |
2 MB 2 MB |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
next-button.png
pub-0c370035b7e8480681fa7852973436ed.r2.dev/assets/images/ Frame 61A7 |
27 KB 27 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DINNextW1G-Bold.woff
pub-0c370035b7e8480681fa7852973436ed.r2.dev/assets/fonts/ Frame 61A7 |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DINNextW1G-Regular.woff
pub-0c370035b7e8480681fa7852973436ed.r2.dev/assets/fonts/ Frame 61A7 |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
pub-0c370035b7e8480681fa7852973436ed.r2.dev/ |
27 KB 27 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- invalid
- URL
- chrome-extension://invalid/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WeTransfer (Online)33 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| mail string| t object| params object| lst object| p undefined| $ function| jQuery string| ajaxurl string| image_save_msg string| no_menu_msg string| smessage function| disableEnterKey function| wccp_free_iscontenteditable function| disable_copy function| disable_copy_ie function| reEnable function| disableSelection function| onlongtouch undefined| timer number| touchduration string| elemtype function| touchstart function| touchend function| wccp_pro_is_passive function| nocontext undefined| timeout_result function| show_wpcp_message function| hide_message object| maxwellScreenReaderText object| lazySizes object| addComment object| wp0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
14 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.glitch.global
cutt.ly
florentine-brave-principle.glitch.me
invalid
pub-0c370035b7e8480681fa7852973436ed.r2.dev
invalid
151.101.2.132
2606:4700:10::ac43:8ee
2606:4700::6812:223
54.172.154.126
00b1bdf84d1e1b30c2faaf2e4cdc14f1a6a7cf96a89121ddcfc884bf842b42a6
55698987600e1a53ecc16853bb344c4a374db9f1e824ecd43e95a6f544de9595
570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499
641a8b59c7d86de5c520e9a5d8f284de6a70cf29f2a7054d682c226b0d01702a
7650cccb518dc3993c51d7a477c1676cf331e22856d2a5456178e5dc96f0ac39
cb03f92c07b692ce08005daa5f69a374b6bc2f65e0f5bde64aa1e18499b6e8f9
e1e50806953dc9d662331a08b005b5ebf814d3cc8afc25192cad808ee2635f3f
e2e8635b35a80d7c8e7751a6b9be8924d39cac50fe49c20e769d86d6b1eb8c39