pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev
Open in
urlscan Pro
2606:4700::6812:323
Malicious Activity!
Public Scan
Submission: On May 20 via api from BY — Scanned from DE
Summary
TLS certificate: Issued by E1 on April 5th 2024. Valid for: 3 months.
This is the only time pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Intuit (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700::68... 2606:4700::6812:323 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
10 | 2 |
ASN13335 (CLOUDFLARENET, US)
pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev |
Apex Domain Subdomains |
Transfer | |
---|---|---|
1 |
r2.dev
pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev |
531 KB |
0 |
replit.dev
Failed
d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev Failed |
|
10 | 2 |
Domain | Requested by | |
---|---|---|
1 | pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev | |
0 | d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev Failed |
pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev
|
10 | 2 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.r2.dev E1 |
2024-04-05 - 2024-07-04 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/index.html
Frame ID: 6EC91EEEC54846E26F3DC5366933629E
Requests: 15 HTTP requests in this frame
Frame:
data://truncated
Frame ID: 03902683D525C0F1DBB1DB5EDE9AB602
Requests: 1 HTTP requests in this frame
12 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Intuit Account
Search URL Search Domain Scan URL
Title: Terms
Search URL Search Domain Scan URL
Title: Privacy Statement
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Terms of Use
Search URL Search Domain Scan URL
Title: Legal
Search URL Search Domain Scan URL
Title: Security
Search URL Search Domain Scan URL
Title: Support
Search URL Search Domain Scan URL
Title: Software License Agreement
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev/ |
531 KB 531 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
527 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
390 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
33 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
serveCSS.php
d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev/styles/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
serveCSS.php
d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev/styles/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
serveCSS.php
d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev/styles/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
serveCSS.php
d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev/styles/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
init.php
d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 0390 |
81 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
475 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev
- URL
- https://d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev/styles/serveCSS.php?file=style2.css
- Domain
- d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev
- URL
- https://d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev/styles/serveCSS.php?file=style3.css
- Domain
- d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev
- URL
- https://d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev/styles/serveCSS.php?file=style1.css
- Domain
- d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev
- URL
- https://d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev/styles/serveCSS.php?file=style4.css
- Domain
- d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev
- URL
- https://d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev/init.php
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Intuit (Financial)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 function| hideLoadingShowStep1 function| loadCSS function| extractDomain object| metaTag string| cspHeaderValue object| forms function| isMobileDevice function| toggleRequired0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
15 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev
pub-d99f38cabe3d4b349c59fe95350ba60b.r2.dev
d12c915b-9bff-4039-92c2-ba801ba7979c-00-q9nyu4fphxm4.riker.replit.dev
2606:4700::6812:323
044541c8fb1fa2e3cff245f4c2ea764cd3afc339753914d4ea358b4db29e4efc
1650ddac3c099c6fd831cb1682b34b95bff01dc05e83eef1fde7daa6144c7f81
4ad4e839231559d1a5631f93c2284977e570c423e515b6757d85e348a963c3a8
54fd46329f0dbc154446de77bfa18a954079acffaa62ae65ee16ebd01f082fe4
82ca8cd60e5ecda336a08c16ac17d81962736bb628814f35c10cb8c15aaab448
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
9e0407667016e9ef2ce75f20e0fdca6a4896f8b3dadb04bf0e4439c1a75de98d
9ffa0a23d6d5606bdc5a8f99ebb867c2e3c2f58c3d7db895c6c92f145353dfd7
a425f6304622d3a56fa1a47c518f9c421e4b6ca071acb6e4c26cd48a9b4f9d72
d1e4205c798359f751354ef999d11fda4113e4a8d1f8180c8e399f38387b7348
d2914873b554e478c32de29a12419313e80b29095402bf03a0193af382e1542e
d3bd22b6db2516bc94148940e76db7ffe7a6cf3c4f3da9fe6526e72a38c36d26
e0a5c80925e2c4d7aed4886d98dfb74443d80ff97af8cddebe4c70652747ec48
e7f8cdeb6987f67c9c1d77af30a70856813c61b4e9b3043f0e57b5b9325d7a39