Report - pub-b26443603be74865bdafa09363210cfe.r2.dev/load.htm

Report Overview

Submitted URL
pub-b26443603be74865bdafa09363210cfe.r2.dev/load.htm
IP
104.18.3.35
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-25 17:07:43
Access
public
Website Title
PayU
Final URL
pub-b26443603be74865bdafa09363210cfe.r2.dev/cc.htm
Tags
suspicious
urlquery detections
Suspicious - Suspicious Javascript code

Detections

urlquery
3
Network Intrusion Detection
1
Threat Detection Systems
16

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
api.ipify.org	3267	2014-01-05	2014-10-06	2024-04-24	528 B	267 B	104.26.13.205
pub-b26443603be74865bdafa09363210cfe.r2.dev	unknown	2022-08-23	2024-03-05	2024-03-23	2.5 kB	1.4 MB	104.18.3.35
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-04-25	458 B	31 kB	216.58.207.202

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-25 17:07:20	low	Client IP	104.26.13.205	ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	pub-b26443603be74865bdafa09363210cfe.r2.dev/load.htm	PayU

PhishTank

Scan Date	Severity	Indicator	Alert
2024-03-05	medium	pub-b26443603be74865bdafa09363210cfe.r2.dev/load.htm	Other
2024-03-05	medium	pub-b26443603be74865bdafa09363210cfe.r2.dev/cc.htm	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	pub-b26443603be74865bdafa09363210cfe.r2.dev	Sinkholed
2024-04-25	medium	pub-b26443603be74865bdafa09363210cfe.r2.dev	Sinkholed
2024-04-25	medium	pub-b26443603be74865bdafa09363210cfe.r2.dev	Sinkholed
2024-04-25	medium	pub-b26443603be74865bdafa09363210cfe.r2.dev	Sinkholed
2024-04-25	medium	pub-b26443603be74865bdafa09363210cfe.r2.dev	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	pub-b26443603be74865bdafa09363210cfe.r2.dev/cc.htm	446 B	2023-03-08	2024-05-02
Pretty URL pub-b26443603be74865bdafa09363210cfe.r2.dev/cc.htm IP 104.18.3.35 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 02:29:52 Last Seen2024-05-02 18:41:02 Times Seen42 Hash 99684bd207f06a682b3ccc42304586a9 d88dda7dc43aa77cd01f3b8630ab1e3b5b7f6504 6588d1d53d02e5b08792d3fada49aee451bc0d0f8df1b186fa5d96e853cad06c Loading...

	pub-b26443603be74865bdafa09363210cfe.r2.dev/cc.htm	460 B	2023-03-09	2024-05-02
Pretty URL pub-b26443603be74865bdafa09363210cfe.r2.dev/cc.htm IP 104.18.3.35 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 13:18:32 Last Seen2024-05-02 18:41:02 Times Seen31 Hash d9b953dece09558ddb77fa9017721851 1e2a58e99596c72537f7744056a7fa58a7961aae 66253d1faa5bb6037e2f1d96ac71cc3c3d7655021270132e97b7b13d7ee58c43 Loading...

	pub-b26443603be74865bdafa09363210cfe.r2.dev/cc.htm	2.1 kB	2024-03-05	2024-04-25
Pretty URL pub-b26443603be74865bdafa09363210cfe.r2.dev/cc.htm IP 104.18.3.35 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-05 17:06:30 Last Seen2024-04-25 19:07:43 Times Seen5 Hash 15b590916c2c063b716f6d381372c17a bd617f5753b70f5aedd2903f025358492861ee68 2052a1f0b7e688333d1c1cfcb7b546da8de5bdcf13610fbdc1d27f39e75bfd2f Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js	87 kB	2023-03-07	2024-05-05
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js IP 216.58.207.202 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-05 21:07:24 Times Seen64827 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	pub-b26443603be74865bdafa09363210cfe.r2.dev/cc.htm	0 B	2023-03-07	2024-05-05
Pretty URL pub-b26443603be74865bdafa09363210cfe.r2.dev/cc.htm IP 104.18.3.35 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-05 21:57:51 Times Seen37370779 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (7)

URL IP Response Size

pub-b26443603be74865bdafa09363210cfe.r2.dev/load.htm

104.18.3.35

659 kB

URL
pub-b26443603be74865bdafa09363210cfe.r2.dev/load.htm
IP
104.18.3.35:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (13387), with CRLF line terminators
Size
659 kB (658686 bytes)
Hash
1c987f64c4a739996b0b3b1477c0c284
9c386d7b9b8480425d93ee296e3a20de306849c6
5da98f581b28a27df93d053bd874ba6b4d04593d04dad4fb59c17a0750956edf

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayU
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /load.htm HTTP/1.1
Host: pub-b26443603be74865bdafa09363210cfe.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 17:07:17 GMT
Content-Type: text/html
Content-Length: 658686
Connection: keep-alive
Accept-Ranges: bytes
ETag: "1c987f64c4a739996b0b3b1477c0c284"
Last-Modified: Mon, 04 Mar 2024 20:11:57 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879fedb18c970b31-OSL

pub-b26443603be74865bdafa09363210cfe.r2.dev/files/spinner.svg

104.18.3.35

337 B

URL
pub-b26443603be74865bdafa09363210cfe.r2.dev/files/spinner.svg
IP
104.18.3.35:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image
Size
337 B (337 bytes)
Hash
34295376cb2d20e1b3e6eb53dd7d1a47
12bb74a9e88035f0966380cd83ebec241d47c262
e68da19b69366f61e6c8946a3fbc968e07e33259ab4228416481eff5415a3695

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /files/spinner.svg HTTP/1.1
Host: pub-b26443603be74865bdafa09363210cfe.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-b26443603be74865bdafa09363210cfe.r2.dev/load.htm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 17:07:18 GMT
Content-Type: image/svg+xml
Content-Length: 337
Connection: keep-alive
Accept-Ranges: bytes
ETag: "34295376cb2d20e1b3e6eb53dd7d1a47"
Last-Modified: Mon, 04 Mar 2024 20:12:36 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879fedb55fa60b31-OSL

pub-b26443603be74865bdafa09363210cfe.r2.dev/cc.htm

104.18.3.35

200 OK

718 kB

URL User Request GET HTTP/1.1
pub-b26443603be74865bdafa09363210cfe.r2.dev/cc.htm
IP
104.18.3.35:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type
JavaScript source, Unicode text, UTF-8 (with BOM) text, with very long lines (13387), with CRLF line terminators
Size
718 kB (718242 bytes)
Hash
bc17cfa20233a0898bc3029f7ad252b0
1d3b5e9de6f254257b5d769269fb50a07d15e753
e0dd6fdb898c4011ab414128b6eab245ba840fe0553576dbddc1b69426ae171c

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Suspicious Javascript code
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cc.htm HTTP/1.1
Host: pub-b26443603be74865bdafa09363210cfe.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 17:07:20 GMT
Content-Type: text/html
Content-Length: 718242
Connection: keep-alive
Accept-Ranges: bytes
ETag: "bc17cfa20233a0898bc3029f7ad252b0"
Last-Modified: Mon, 04 Mar 2024 20:11:57 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879fedc2a8710b31-OSL

pub-b26443603be74865bdafa09363210cfe.r2.dev/pag2_files/reset.min.css

104.18.3.35

404 Not Found

27 kB

URL GET HTTP/1.1
pub-b26443603be74865bdafa09363210cfe.r2.dev/pag2_files/reset.min.css
IP
104.18.3.35:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-b26443603be74865bdafa09363210cfe.r2.dev/cc.htm
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type
HTML document, ASCII text, with very long lines (611)
Size
27 kB (27242 bytes)
Hash
df3d48946e8d3f5a83608308edbb4b86
47b9c40c97abf2658df96b1c06109324e15e1a00
570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pag2_files/reset.min.css HTTP/1.1
Host: pub-b26443603be74865bdafa09363210cfe.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-b26443603be74865bdafa09363210cfe.r2.dev/cc.htm
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 25 Apr 2024 17:07:20 GMT
Content-Type: text/html
Content-Length: 27242
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879fedc398ff0b31-OSL

ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js

216.58.207.202

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
IP
216.58.207.202:443
ASN
#15169 GOOGLE

Requested by
https://pub-b26443603be74865bdafa09363210cfe.r2.dev/cc.htm
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
JavaScript source, ASCII text, with very long lines (32058)
Size
30 kB (30306 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

HTTP Headers

GET /ajax/libs/jquery/3.2.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-b26443603be74865bdafa09363210cfe.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30306
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 17:46:15 GMT
expires: Fri, 18 Apr 2025 17:46:15 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 602465
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

pub-b26443603be74865bdafa09363210cfe.r2.dev/pag2_files/css

104.18.2.35

404 Not Found

27 kB

URL GET HTTP/1.1
pub-b26443603be74865bdafa09363210cfe.r2.dev/pag2_files/css
IP
104.18.2.35:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-b26443603be74865bdafa09363210cfe.r2.dev/cc.htm
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type
HTML document, ASCII text, with very long lines (611)
Size
27 kB (27242 bytes)
Hash
df3d48946e8d3f5a83608308edbb4b86
47b9c40c97abf2658df96b1c06109324e15e1a00
570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pag2_files/css HTTP/1.1
Host: pub-b26443603be74865bdafa09363210cfe.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-b26443603be74865bdafa09363210cfe.r2.dev/cc.htm
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 25 Apr 2024 17:07:20 GMT
Content-Type: text/html
Content-Length: 27242
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879fedc3bed15688-OSL

api.ipify.org/?format=json

104.26.13.205

200 OK

21 B

URL GET HTTP/2
api.ipify.org/?format=json
IP
104.26.13.205:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-b26443603be74865bdafa09363210cfe.r2.dev/cc.htm
Certificate
IssuerGoogle Trust Services LLC
Subjectipify.org
FingerprintC8:1A:05:47:C5:73:C6:CE:DF:1D:A6:DE:00:11:A9:9A:8C:DB:EF:A7
ValidityThu, 21 Mar 2024 19:56:02 GMT - Wed, 19 Jun 2024 19:56:01 GMT

File type
JSON text data
Size
21 B (21 bytes)
Hash
7d69c71af0f191e9a72db6153f8018d1
f67c5f2887bc05654b47f76e9621e53a4091aed1
5bac6e06cf0e1ad38c55f9f9d12122272bf4b8157877629fe68cd33fe2133c65

HTTP Headers

GET /?format=json HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pub-b26443603be74865bdafa09363210cfe.r2.dev
DNT: 1
Connection: keep-alive
Referer: https://pub-b26443603be74865bdafa09363210cfe.r2.dev/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 17:07:20 GMT
content-type: application/json
content-length: 21
access-control-allow-origin: *
vary: Origin
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 879fedc52a2c56b9-OSL
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (7)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP