pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev Open in urlscan Pro
2606:4700::6812:223 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/index.html
Submission: On July 04 via automatic, source phishtank (July 4th 2024, 6:56:35 pm UTC) — Scanned from DE

Summary HTTP 10 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 10 HTTP transactions. The main IP is 2606:4700::6812:223, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev.
TLS certificate: Issued by E1 on June 3rd 2024. Valid for: 3 months.

This is the only time pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Intuit (Financial) Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 6	2606:4700::68... 2606:4700::6812:223	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	34.173.153.191 34.173.153.191	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
10	3

6 2606:4700::6812:223 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.173.153.191 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 191.153.173.34.bc.googleusercontent.com

d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	r2.dev 1 redirects pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev	569 KB
5	replit.dev d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev	2 MB
10	2

	Domain	Requested by
6	pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev	1 redirects pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev
5	d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev	pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev
10	2

This site contains links to these domains. Also see Links.

Domain
quickbooks.intuit.com
mailchimp.com
turbotax.intuit.com
accounts-help.intuit.com
glam.app.intuit.com
www.intuit.com
www.google.com
security.intuit.com
help.quickbooks.intuit.com
accounts.intuit.com

Subject Issuer	Validity	Valid
*.r2.dev E1	`2024-06-03` - `2024-09-01`	3 months	crt.sh
*.riker.replit.dev R3	`2024-05-27` - `2024-08-25`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/index.html
Frame ID: D50A527175DA32C1558B918000737804
Requests: 24 HTTP requests in this frame

Frame: data://truncated
Frame ID: 7C043A302D7B270A840ECFCA76738530
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

QuickBooks Online Login: Sign in to Access Your QuickBooks Account

Page URL History Show full URLs

https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/index.html Page URL
https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/cdn-cgi/phish-bypass?atok=tat6A1gr.wvpXzxXMscMPqsO7RaeCck9mdYE35wyDnE-172011... HTTP 301
https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/index.html Page URL

Page Statistics

10
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

2885 kB
Transfer

2945 kB
Size

1
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://quickbooks.intuit.com/

Search URL Search Domain Scan URL

URL: https://mailchimp.com/

Search URL Search Domain Scan URL

URL: https://turbotax.intuit.com/

Search URL Search Domain Scan URL

URL: https://accounts-help.intuit.com/app/intuit/1995107
Title: Intuit Account

Search URL Search Domain Scan URL

URL: https://glam.app.intuit.com/app/guesttos?glocale=en_us
Title: Terms

Search URL Search Domain Scan URL

URL: https://www.intuit.com/privacy/statement/
Title: Privacy Statement

Search URL Search Domain Scan URL

URL: https://www.google.com/intl/en/policies/privacy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.google.com/intl/en/policies/terms/
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://www.intuit.com/legal/
Title: Legal

Search URL Search Domain Scan URL

URL: https://security.intuit.com/
Title: Security

Search URL Search Domain Scan URL

URL: https://help.quickbooks.intuit.com/en_US/contact?pageContext=login
Title: Support

Search URL Search Domain Scan URL

URL: https://accounts.intuit.com/terms-of-service
Title: Software License Agreement

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/index.html Page URL
https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/cdn-cgi/phish-bypass?atok=tat6A1gr.wvpXzxXMscMPqsO7RaeCck9mdYE35wyDnE-1720119383-0.0.1.1-%2Findex.html HTTP 301
https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
15 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK index.html Show response
pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/ 4 KB
5 KB 212ms
111ms Document
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/index.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

17de6cf04927b94fd5b293faa88452d536583cf7c486f0ce9445c9a6a66a14c1

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

CF-RAY: 89e155c05ed45d41-FRA
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Thu, 04 Jul 2024 18:56:23 GMT
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN

GET
H/1.1 200
OK cf.errors.css
pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/cdn-cgi/styles/ 23 KB
5 KB 43ms
42ms Stylesheet
text/css 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev
URL: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/index.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/index.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 04 Jul 2024 18:56:23 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Fri, 28 Jun 2024 11:27:13 GMT
Server: cloudflare
ETag: W/"667e9e11-5df3"
Transfer-Encoding: chunked
X-Frame-Options: DENY
Content-Type: text/css
Vary: Accept-Encoding
Cache-Control: max-age=7200, public
Connection: keep-alive
CF-RAY: 89e155c11fa75d41-FRA
Expires: Thu, 04 Jul 2024 20:56:23 GMT

GET
H/1.1 200
OK icon-exclamation.png
pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/cdn-cgi/images/ 452 B
889 B 42ms
42ms Image
image/png 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev
URL: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/cdn-cgi/styles/cf.errors.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/cdn-cgi/styles/cf.errors.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 04 Jul 2024 18:56:23 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 28 Jun 2024 11:27:13 GMT
Server: cloudflare
ETag: "667e9e11-1c4"
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: max-age=7200, public
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 89e155c15ffc5d41-FRA
Content-Length: 452
Expires: Thu, 04 Jul 2024 20:56:23 GMT

GET
H/1.1 404
Not Found favicon.ico
pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/ 27 KB
27 KB 337ms
336ms Other
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/index.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 04 Jul 2024 18:56:23 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 89e155c1a86e5d41-FRA
Content-Length: 27150
Vary: Accept-Encoding
Content-Type: text/html

GET
H/1.1

200
OK

Primary Request index.html Show response
pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/
Redirect Chain

https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/cdn-cgi/phish-bypass?atok=tat6A1gr.wvpXzxXMscMPqsO7RaeCck9mdYE35wyDnE-1720119383-0.0.1.1-%2Findex.html
https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/index.html

531 KB
531 KB

463ms
462ms

Document
text/html

2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54fd46329f0dbc154446de77bfa18a954079acffaa62ae65ee16ebd01f082fe4

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/index.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Accept-Ranges: bytes
CF-RAY: 89e155e0fec05d41-FRA
Connection: keep-alive
Content-Length: 543800
Content-Type: text/html
Date: Thu, 04 Jul 2024 18:56:28 GMT
ETag: "fa5bad9afe57aec7330e75d995dbd8b7"
Last-Modified: Tue, 16 Apr 2024 14:44:11 GMT
Server: cloudflare
Vary: Accept-Encoding

Redirect headers

CF-RAY: 89e155e0be895d41-FRA
Cache-Control: private, no-cache
Connection: keep-alive
Content-Length: 167
Content-Type: text/html
Date: Thu, 04 Jul 2024 18:56:28 GMT
Location: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/index.html
Server: cloudflare
X-Content-Type-Options: nosniff
X-Frame-Options: DENY

GET
DATA 200
OK truncated
/ 527 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d2914873b554e478c32de29a12419313e80b29095402bf03a0193af382e1542e

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a425f6304622d3a56fa1a47c518f9c421e4b6ca071acb6e4c26cd48a9b4f9d72

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 390 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9e0407667016e9ef2ce75f20e0fdca6a4896f8b3dadb04bf0e4439c1a75de98d

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 82ca8cd60e5ecda336a08c16ac17d81962736bb628814f35c10cb8c15aaab448

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d3bd22b6db2516bc94148940e76db7ffe7a6cf3c4f3da9fe6526e72a38c36d26

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d1e4205c798359f751354ef999d11fda4113e4a8d1f8180c8e399f38387b7348

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 044541c8fb1fa2e3cff245f4c2ea764cd3afc339753914d4ea358b4db29e4efc

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 33 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9ffa0a23d6d5606bdc5a8f99ebb867c2e3c2f58c3d7db895c6c92f145353dfd7

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK serveCSS.php Show response
d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev/styles/ 882 KB
883 KB 605ms
156ms Fetch
text/css 34.173.153.191
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev/styles/serveCSS.php?file=style2.css
Requested by: Host: pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev
URL: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.173.153.191 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 191.153.173.34.bc.googleusercontent.com
Software: / PHP/8.2.0RC7
Resource Hash: b116d95914c7935b7a4dfbdff2ed9068518250229ab8413f381a37edf2e95706

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 04 Jul 2024 18:56:29 GMT
Host: d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev
X-Powered-By: PHP/8.2.0RC7
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET
Content-Type: text/css;charset=UTF-8
Access-Control-Allow-Origin: *
Replit-Cluster: riker
Access-Control-Allow-Headers: Content-Type
X-Robots-Tag: none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex, none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex

GET
H/1.1 200
OK serveCSS.php Show response
d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev/styles/ 99 KB
99 KB 619ms
170ms Fetch
text/css 34.173.153.191
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev/styles/serveCSS.php?file=style3.css
Requested by: Host: pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev
URL: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.173.153.191 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 191.153.173.34.bc.googleusercontent.com
Software: / PHP/8.2.0RC7
Resource Hash: c4e5897973c043950a1c4638faf22ce4e0ba877df4047996bdd92a6f2024c20b

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 04 Jul 2024 18:56:29 GMT
Host: d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev
X-Powered-By: PHP/8.2.0RC7
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET
Content-Type: text/css;charset=UTF-8
Access-Control-Allow-Origin: *
Replit-Cluster: riker
Access-Control-Allow-Headers: Content-Type
X-Robots-Tag: none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex, none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex

GET
H/1.1 200
OK serveCSS.php Show response
d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev/styles/ 540 KB
541 KB 602ms
153ms Fetch
text/css 34.173.153.191
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev/styles/serveCSS.php?file=style1.css
Requested by: Host: pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev
URL: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.173.153.191 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 191.153.173.34.bc.googleusercontent.com
Software: / PHP/8.2.0RC7
Resource Hash: 78a3ddbbbb78d5880d6df5cf9c19939d398187e62850d5ba174701dbcb5ab20f

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 04 Jul 2024 18:56:29 GMT
Host: d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev
X-Powered-By: PHP/8.2.0RC7
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET
Content-Type: text/css;charset=UTF-8
Access-Control-Allow-Origin: *
Replit-Cluster: riker
Access-Control-Allow-Headers: Content-Type
X-Robots-Tag: none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex, none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex

GET
H/1.1 200
OK serveCSS.php Show response
d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev/styles/ 677 KB
678 KB 603ms
155ms Fetch
text/css 34.173.153.191
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev/styles/serveCSS.php?file=style4.css
Requested by: Host: pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev
URL: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.173.153.191 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 191.153.173.34.bc.googleusercontent.com
Software: / PHP/8.2.0RC7
Resource Hash: 893b42db1bf7cf90bf8c6b4a073d2b8cb4981c067a0ef72512b1e43b5cc5062b

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 04 Jul 2024 18:56:29 GMT
Host: d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev
X-Powered-By: PHP/8.2.0RC7
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET
Content-Type: text/css;charset=UTF-8
Access-Control-Allow-Origin: *
Replit-Cluster: riker
Access-Control-Allow-Headers: Content-Type
X-Robots-Tag: none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex, none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex

GET
H/1.1 200
OK init.php Show response
d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev/ 18 B
564 B 619ms
171ms Fetch
text/html 34.173.153.191
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev/init.php
Requested by: Host: pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev
URL: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.173.153.191 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 191.153.173.34.bc.googleusercontent.com
Software: / PHP/8.2.0RC7
Resource Hash: b86fbe9526bdc520fe135a2586ad8af7eaadad1b16299fc3d55afb64963d9509

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 04 Jul 2024 18:56:29 GMT
Host: d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev
X-Powered-By: PHP/8.2.0RC7
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Replit-Cluster: riker
Access-Control-Allow-Headers: Content-Type
X-Robots-Tag: none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex, none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex

GET
DATA 200
OK truncated
/ Frame 7C04 81 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 475 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e7f8cdeb6987f67c9c1d77af30a70856813c61b4e9b3043f0e57b5b9325d7a39

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 9 KB
9 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d565ece548de79abdcab7ec7b6f87742353ab6f26debdbb8567d8461b32d338e

Request headers

Referer
Origin: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: font/woff2

GET
DATA 200
OK truncated
/ 9 KB
9 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c8278b56794c389919d388951c5fa4dc07a388e16eb7055d675b0b916acc70e5

Request headers

Referer
Origin: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: font/woff2

GET
DATA 200
OK truncated
/ 32 KB
32 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b406c35a6d317b896aef159ce69f94480e3e690a9e5f2bfab4fb8311b767a9b0

Request headers

Referer
Origin: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: font/woff2

GET
DATA 200
OK truncated
/ 32 KB
32 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a496f0a5fc51aac0cac43be7e4c6a81425194480f138a7a97e895071fd628260

Request headers

Referer
Origin: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: font/woff2

GET
DATA 200
OK truncated
/ 32 KB
32 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6b59034d520321abc96ed69ffbe45f00feade7c66ac3bcf99e3ba51059f2a2a2

Request headers

Referer
Origin: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: font/woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Intuit (Financial) Generic Cloudflare (Online)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/	1970-01-20 21:50:05	Name: __cf_mw_byp Value: tat6A1gr.wvpXzxXMscMPqsO7RaeCck9mdYE35wyDnE-1720119383-0.0.1.1-/index.html

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)
recommendation	warning	URL: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/index.html Message: [DOM] Found 7 elements with non-unique id #idsTab-EMAIL_USER_ID: (More info: https://goo.gl/9p2vKq) %o %o %o %o %o %o %o
recommendation	warning	URL: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/index.html Message: [DOM] Found 8 elements with non-unique id #iux-identifier-first-international-email-user-id-input: (More info: https://goo.gl/9p2vKq) %o %o %o %o %o %o %o %o
recommendation	verbose	URL: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/index.html Message: [DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o
recommendation	verbose	URL: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/index.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
recommendation	verbose	URL: https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/index.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev
pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev
2606:4700::6812:223
34.173.153.191
044541c8fb1fa2e3cff245f4c2ea764cd3afc339753914d4ea358b4db29e4efc
17de6cf04927b94fd5b293faa88452d536583cf7c486f0ce9445c9a6a66a14c1
54fd46329f0dbc154446de77bfa18a954079acffaa62ae65ee16ebd01f082fe4
6b59034d520321abc96ed69ffbe45f00feade7c66ac3bcf99e3ba51059f2a2a2
78a3ddbbbb78d5880d6df5cf9c19939d398187e62850d5ba174701dbcb5ab20f
82ca8cd60e5ecda336a08c16ac17d81962736bb628814f35c10cb8c15aaab448
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
893b42db1bf7cf90bf8c6b4a073d2b8cb4981c067a0ef72512b1e43b5cc5062b
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
9e0407667016e9ef2ce75f20e0fdca6a4896f8b3dadb04bf0e4439c1a75de98d
9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66
9ffa0a23d6d5606bdc5a8f99ebb867c2e3c2f58c3d7db895c6c92f145353dfd7
a425f6304622d3a56fa1a47c518f9c421e4b6ca071acb6e4c26cd48a9b4f9d72
a496f0a5fc51aac0cac43be7e4c6a81425194480f138a7a97e895071fd628260
b116d95914c7935b7a4dfbdff2ed9068518250229ab8413f381a37edf2e95706
b406c35a6d317b896aef159ce69f94480e3e690a9e5f2bfab4fb8311b767a9b0
b86fbe9526bdc520fe135a2586ad8af7eaadad1b16299fc3d55afb64963d9509
c4e5897973c043950a1c4638faf22ce4e0ba877df4047996bdd92a6f2024c20b
c8278b56794c389919d388951c5fa4dc07a388e16eb7055d675b0b916acc70e5
d1e4205c798359f751354ef999d11fda4113e4a8d1f8180c8e399f38387b7348
d2914873b554e478c32de29a12419313e80b29095402bf03a0193af382e1542e
d3bd22b6db2516bc94148940e76db7ffe7a6cf3c4f3da9fe6526e72a38c36d26
d565ece548de79abdcab7ec7b6f87742353ab6f26debdbb8567d8461b32d338e
e7f8cdeb6987f67c9c1d77af30a70856813c61b4e9b3043f0e57b5b9325d7a39
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev Open in urlscan Pro 2606:4700::6812:223 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

10 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

2885 kBTransfer

2945 kBSize

1 Cookies

12 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 15 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

1 Cookies

6 Console Messages

Security Headers

pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev Open in urlscan Pro
2606:4700::6812:223 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

2885 kB
Transfer

2945 kB
Size

1
Cookies

10 HTTP transactions
15 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!