pub-d66b247c05b343c1b624fde64a178feb.r2.dev
Open in
urlscan Pro
2606:4700::6812:323
Malicious Activity!
Public Scan
Effective URL: https://pub-d66b247c05b343c1b624fde64a178feb.r2.dev/index.html
Submission: On May 15 via api from US — Scanned from DE
Summary
TLS certificate: Issued by E1 on April 5th 2024. Valid for: 3 months.
This is the only time pub-d66b247c05b343c1b624fde64a178feb.r2.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 2606:4700::68... 2606:4700::6812:323 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
12 | 2a05:d014:275... 2a05:d014:275:cb01::c8 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:810::200a | 15169 (GOOGLE) (GOOGLE) | |
3 | 2a04:4e42:400... 2a04:4e42:400::649 | 54113 (FASTLY) (FASTLY) | |
1 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
20 | 6 |
ASN13335 (CLOUDFLARENET, US)
pub-d66b247c05b343c1b624fde64a178feb.r2.dev |
ASN16509 (AMAZON-02, US)
newmedappdate.netlify.app |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
netlify.app
newmedappdate.netlify.app |
1 MB |
3 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 776 |
108 KB |
2 |
r2.dev
pub-d66b247c05b343c1b624fde64a178feb.r2.dev |
402 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 237 |
7 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 380 |
30 KB |
0 |
0174meldingen.online
Failed
0174meldingen.online Failed |
|
20 | 6 |
Domain | Requested by | |
---|---|---|
12 | newmedappdate.netlify.app |
pub-d66b247c05b343c1b624fde64a178feb.r2.dev
|
3 | code.jquery.com |
pub-d66b247c05b343c1b624fde64a178feb.r2.dev
|
2 | pub-d66b247c05b343c1b624fde64a178feb.r2.dev | |
1 | cdnjs.cloudflare.com |
pub-d66b247c05b343c1b624fde64a178feb.r2.dev
|
1 | ajax.googleapis.com |
pub-d66b247c05b343c1b624fde64a178feb.r2.dev
|
0 | 0174meldingen.online Failed |
newmedappdate.netlify.app
|
20 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.r2.dev E1 |
2024-04-05 - 2024-07-04 |
3 months | crt.sh |
*.netlify.app DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2024-01-15 - 2025-02-14 |
a year | crt.sh |
upload.video.google.com WR2 |
2024-05-06 - 2024-07-29 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://pub-d66b247c05b343c1b624fde64a178feb.r2.dev/index.html
Frame ID: 91D3136A7D34313D6E19A7F84BEF74F4
Requests: 22 HTTP requests in this frame
Screenshot
Page Title
Ledger LivePage URL History Show full URLs
-
http://pub-d66b247c05b343c1b624fde64a178feb.r2.dev/index.html
HTTP 307
https://pub-d66b247c05b343c1b624fde64a178feb.r2.dev/index.html Page URL
Detected technologies
Popper (Miscellaneous) ExpandDetected patterns
- <script [^>]*src="[^"]*/popper\.js/([0-9.]+)
- /popper\.js/([0-9.]+)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://pub-d66b247c05b343c1b624fde64a178feb.r2.dev/index.html
HTTP 307
https://pub-d66b247c05b343c1b624fde64a178feb.r2.dev/index.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
pub-d66b247c05b343c1b624fde64a178feb.r2.dev/ Redirect Chain
|
375 KB 376 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
UMX9jlahOh2Y.css
newmedappdate.netlify.app/Folder/ |
37 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.1.1.min.js
code.jquery.com/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.js
code.jquery.com/ |
265 KB 79 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mfkNbEskGSwj.svg
newmedappdate.netlify.app/Folder/ |
2 KB 993 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Yzvm8sG7noXg.png
newmedappdate.netlify.app/Folder/ |
92 KB 92 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
WZ0i3ciKJp19.png
newmedappdate.netlify.app/Folder/ |
127 KB 127 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8Sy1Q1E1EfZN.png
newmedappdate.netlify.app/Folder/ |
139 KB 140 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eGfjLjEcIGAc.png
newmedappdate.netlify.app/Folder/ |
140 KB 140 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
a9SypYD4A2v9.png
newmedappdate.netlify.app/Folder/ |
143 KB 143 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
%66%6F%6E%74%73.%70%6E%67
0174meldingen.online/%63%73%73/%43%72%79%70%74%6F/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.1.1.min.js
code.jquery.com/ |
85 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mfkNbEskGSwj.svg
newmedappdate.netlify.app/Folder/ |
2 KB 65 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eGfjLjEcIGAc.png
newmedappdate.netlify.app/Folder/ |
140 KB 40 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Bflfh7PtIV1m.mov
newmedappdate.netlify.app/Folder/ |
80 KB 0 |
Media
video/quicktime |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Bflfh7PtIV1m.mov
newmedappdate.netlify.app/Folder/ |
33 KB 33 KB |
Media
video/quicktime |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Bflfh7PtIV1m.mov
newmedappdate.netlify.app/Folder/ |
737 KB 649 KB |
Media
video/quicktime |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
pub-d66b247c05b343c1b624fde64a178feb.r2.dev/ |
27 KB 27 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
37 KB 37 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- 0174meldingen.online
- URL
- https://0174meldingen.online/%63%73%73/%43%72%79%70%74%6F/%66%6F%6E%74%73.%70%6E%67
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| Popper function| send12 function| send24 function| mayva function| jennafer function| avamay function| open12 function| open240 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
0174meldingen.online
ajax.googleapis.com
cdnjs.cloudflare.com
code.jquery.com
newmedappdate.netlify.app
pub-d66b247c05b343c1b624fde64a178feb.r2.dev
0174meldingen.online
2606:4700::6811:190e
2606:4700::6812:323
2a00:1450:4001:810::200a
2a04:4e42:400::649
2a05:d014:275:cb01::c8
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
13c19ec8ecbdb0854e61b191ea4f6a9820760381bf6ce39d4e18193a4b808ca5
1683b3bf200cdae3e8d70e9cd3e07c717e10117613bbf229a19336a457b165fb
39e72c0794c12f2dbb14a0f61ca946b535f795b1478fcf795bd26e5cb52ded34
570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499
6626713211e198c04d94e042abd4d81cb92c73d149da01ec209408d83be959e5
7c34850991c3b7dd8816ea3314a4ddf849f6fa94a5fc39b2493593f9f6aac253
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
91d6b82c75ef8695f4c907c99e9239458afab5f00159eb8294f3d94f0e75ab28
96c9ec39ea7361144c797060b09398fa43bff0dca108225afe910461c1ee73a3
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
b98d5ed89d2ce6b5143e31feb7c4ed60b63c8c6e08ae4f60385a8e7bf6899c53
bac2c823a8696c6a658e36167eacd615f5ef53781274e77ddc8e9946205fe309
c87c33b358ec9ac0f76c40a98c6cc16dabe5c00329e4e45f7c5d183f29606624
d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad
f0bd4a87030a8359cda954cd78052993756d831ac4513b1257b3423eb1aa6fa8
f50d7f92ceba5914f2e7574605800f7b43ac355d2544857eaa25c728bf7111c2