Report - pub-37c387baa66249d982022a6255b22e47.r2.dev/index.html

Report Overview

Submitted URL
pub-37c387baa66249d982022a6255b22e47.r2.dev/index.html
IP
104.18.3.35
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-17 17:07:40
Access
public
Website Title
Webmail Portal Access
Final URL
pub-37c387baa66249d982022a6255b22e47.r2.dev/index.html
Tags
phishing
urlquery detections
Phishing - Generic phishing

Detections

urlquery
5
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
code.jquery.com	634	2005-12-10	2012-05-21	2024-04-17	433 B	85 kB	151.101.130.137
pub-37c387baa66249d982022a6255b22e47.r2.dev	unknown	2022-08-23	2024-04-17	2024-04-17	2.0 kB	208 kB	104.18.2.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-17	medium	pub-37c387baa66249d982022a6255b22e47.r2.dev/index.html	Webmail Providers
2024-04-17	medium	pub-37c387baa66249d982022a6255b22e47.r2.dev/index.html	Webmail Providers
2024-04-17	medium	pub-37c387baa66249d982022a6255b22e47.r2.dev/index.html	Webmail Providers

PhishTank

Scan Date	Severity	Indicator	Alert
2024-04-01	medium	pub-37c387baa66249d982022a6255b22e47.r2.dev/index.html	Other
2024-04-01	medium	pub-37c387baa66249d982022a6255b22e47.r2.dev/index.html	Other
2024-04-01	medium	pub-37c387baa66249d982022a6255b22e47.r2.dev/index.html	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-17	medium	pub-37c387baa66249d982022a6255b22e47.r2.dev	Sinkholed
2024-04-17	medium	pub-37c387baa66249d982022a6255b22e47.r2.dev	Sinkholed
2024-04-17	medium	pub-37c387baa66249d982022a6255b22e47.r2.dev	Sinkholed
2024-04-17	medium	pub-37c387baa66249d982022a6255b22e47.r2.dev	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	code.jquery.com/jquery-3.5.0.js	288 kB	2023-03-07	2024-04-30
Pretty URL code.jquery.com/jquery-3.5.0.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:54 Last Seen2024-04-30 18:38:16 Times Seen1231 Hash 11d6572328c173c395bfa02e3e4d0272 c80ea474aca683117bb6871655c246c6e5d6c3dd aff01a147aeccc9b70a5efad1f2362fd709f3316296ec460d94aa7d31decdb37 Loading...

	pub-37c387baa66249d982022a6255b22e47.r2.dev/index.html	3.9 kB	2024-03-30	2024-04-19
Pretty URL pub-37c387baa66249d982022a6255b22e47.r2.dev/index.html IP 104.18.2.35 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-30 17:43:59 Last Seen2024-04-19 12:40:29 Times Seen7 Hash 11f11bc28b3b4d37bb5817f4ae90fde1 2762be9b5f3517a0d816c613f291c093184adfd9 6be7cc031a2fde1a36c74e1a707d4546ea1c64678788f593ff31c3fde5d1e2c5 Loading...

	pub-37c387baa66249d982022a6255b22e47.r2.dev/jquery.min.v2.js	90 kB	2024-04-01	2024-04-17
Pretty URL pub-37c387baa66249d982022a6255b22e47.r2.dev/jquery.min.v2.js IP 104.18.2.35 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-01 18:42:17 Last Seen2024-04-17 19:07:41 Times Seen4 Hash 25a6871a9b03e95569bb7ba797fff882 2054d5c1f6b421bbc6b0f45352d72ec5905de3b7 ac5a892b1611794d7c1096a27c07c875b1f4b7dc8340d430f32234df1ee632fe Loading...

HTTP Transactions (5)

URL IP Response Size

pub-37c387baa66249d982022a6255b22e47.r2.dev/index.html

104.18.2.35

200 OK

39 kB

URL User Request GET HTTP/1.1
pub-37c387baa66249d982022a6255b22e47.r2.dev/index.html
IP
104.18.2.35:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type
HTML document, ASCII text, with very long lines (21293)
Size
39 kB (39066 bytes)
Hash
d8c39173d7b37705b4d27e29d0bca8e1
e1df2f02bb01e8ed9e8b06e1b1ff095051ddb101
492ae4be440ad2bda28ecba4c16fcbd702f35e1fb55d556ca447f92216f7b25f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic phishing
OpenPhish	phishing	Webmail Providers
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index.html HTTP/1.1
Host: pub-37c387baa66249d982022a6255b22e47.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 17:07:14 GMT
Content-Type: text/html
Content-Length: 39066
Connection: keep-alive
Accept-Ranges: bytes
ETag: "d8c39173d7b37705b4d27e29d0bca8e1"
Last-Modified: Tue, 26 Mar 2024 20:52:19 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 875e029e9f28abdb-CPH

code.jquery.com/jquery-3.5.0.js

151.101.130.137

200 OK

84 kB

URL GET HTTP/2
code.jquery.com/jquery-3.5.0.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://pub-37c387baa66249d982022a6255b22e47.r2.dev/index.html
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
84 kB (84374 bytes)
Hash
11d6572328c173c395bfa02e3e4d0272
c80ea474aca683117bb6871655c246c6e5d6c3dd
aff01a147aeccc9b70a5efad1f2362fd709f3316296ec460d94aa7d31decdb37

HTTP Headers

GET /jquery-3.5.0.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-37c387baa66249d982022a6255b22e47.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-463a1"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 17 Apr 2024 17:07:14 GMT
age: 18571433
x-served-by: cache-lga21959-LGA, cache-hel1410024-HEL
x-cache: HIT, HIT
x-cache-hits: 31, 711
x-timer: S1713373635.752877,VS0,VE0
vary: Accept-Encoding
content-length: 84374
X-Firefox-Spdy: h2

pub-37c387baa66249d982022a6255b22e47.r2.dev/jquery.min.v2.js

104.18.2.35

200 OK

90 kB

URL GET HTTP/1.1
pub-37c387baa66249d982022a6255b22e47.r2.dev/jquery.min.v2.js
IP
104.18.2.35:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-37c387baa66249d982022a6255b22e47.r2.dev/index.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type
JavaScript source, ASCII text, with very long lines (65446), with CRLF line terminators
Size
90 kB (89620 bytes)
Hash
25a6871a9b03e95569bb7ba797fff882
2054d5c1f6b421bbc6b0f45352d72ec5905de3b7
ac5a892b1611794d7c1096a27c07c875b1f4b7dc8340d430f32234df1ee632fe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jquery.min.v2.js HTTP/1.1
Host: pub-37c387baa66249d982022a6255b22e47.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-37c387baa66249d982022a6255b22e47.r2.dev/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 17:07:14 GMT
Content-Type: text/javascript
Content-Length: 89620
Connection: keep-alive
Accept-Ranges: bytes
ETag: "25a6871a9b03e95569bb7ba797fff882"
Last-Modified: Tue, 26 Mar 2024 20:52:18 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 875e02a0db55abdb-CPH

pub-37c387baa66249d982022a6255b22e47.r2.dev/index.html

104.18.2.35

200 OK

39 kB

URL User Request GET HTTP/1.1
pub-37c387baa66249d982022a6255b22e47.r2.dev/index.html
IP
104.18.2.35:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type
HTML document, ASCII text, with very long lines (21293)
Size
39 kB (39066 bytes)
Hash
d8c39173d7b37705b4d27e29d0bca8e1
e1df2f02bb01e8ed9e8b06e1b1ff095051ddb101
492ae4be440ad2bda28ecba4c16fcbd702f35e1fb55d556ca447f92216f7b25f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic phishing
OpenPhish	phishing	Webmail Providers
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index.html HTTP/1.1
Host: pub-37c387baa66249d982022a6255b22e47.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-37c387baa66249d982022a6255b22e47.r2.dev/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 17:07:15 GMT
Content-Type: text/html
Content-Length: 39066
Connection: keep-alive
Accept-Ranges: bytes
ETag: "d8c39173d7b37705b4d27e29d0bca8e1"
Last-Modified: Tue, 26 Mar 2024 20:52:19 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 875e02a25e9cabdb-CPH

pub-37c387baa66249d982022a6255b22e47.r2.dev/index.html

104.18.2.35

200 OK

39 kB

URL GET HTTP/1.1
pub-37c387baa66249d982022a6255b22e47.r2.dev/index.html
IP
104.18.2.35:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-37c387baa66249d982022a6255b22e47.r2.dev/index.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type
HTML document, ASCII text, with very long lines (21293)
Size
39 kB (39066 bytes)
Hash
d8c39173d7b37705b4d27e29d0bca8e1
e1df2f02bb01e8ed9e8b06e1b1ff095051ddb101
492ae4be440ad2bda28ecba4c16fcbd702f35e1fb55d556ca447f92216f7b25f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic phishing
OpenPhish	phishing	Webmail Providers
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index.html HTTP/1.1
Host: pub-37c387baa66249d982022a6255b22e47.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-37c387baa66249d982022a6255b22e47.r2.dev/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 17:07:15 GMT
Content-Type: text/html
Content-Length: 39066
Connection: keep-alive
Accept-Ranges: bytes
ETag: "d8c39173d7b37705b4d27e29d0bca8e1"
Last-Modified: Tue, 26 Mar 2024 20:52:19 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 875e02a25e9cabdb-CPH

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (5)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate