Report - pub-166b904ae438414b90587eff4ad1e897.r2.dev/2fait.html?30.YmtlbHRvbkBidWVzaW5nY29ycC5jb20=/

Report Overview

Visited public
2023-12-05 03:16:48
Tags
suspicious
URL
pub-166b904ae438414b90587eff4ad1e897.r2.dev/2fait.html?30.YmtlbHRvbkBidWVzaW5nY29ycC5jb20=/
Finishing URL
pub-166b904ae438414b90587eff4ad1e897.r2.dev/2fait.html?30.YmtlbHRvbkBidWVzaW5nY29ycC5jb20=/
IP / ASN
104.18.2.35
#13335 CLOUDFLARENET
Title
DocuSign Login - Enter your password to sign in
Suspicious - Suspicious Javascript code

Detections

urlquery

2

Network Intrusion Detection

2

Threat Detection Systems

0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
pub-166b904ae438414b90587eff4ad1e897.r2.dev	unknown	2022-08-23	2023-12-04 18:11:34	2023-12-05 01:49:52	557 B	165 kB	104.18.3.35
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-12-04 08:14:01	407 B	31 kB	142.250.74.106
logo.clearbit.com	27344	2003-07-04	2015-06-30 18:39:45	2023-12-04 06:57:59	390 B	511 B	54.230.111.26

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-05 03:16:37	low	Client IP	Internal IP	ET INFO Clearbit Logo Query in DNS Lookup
2023-12-05 03:16:37	low	Client IP	Internal IP	ET INFO Clearbit Logo Query in DNS Lookup

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	pub-166b904ae438414b90587eff4ad1e897.r2.dev/2fait.html?30.YmtlbHRvbkBidWVzaW5nY29ycC5jb20=/	ScriptElement	504 B	2023-12-04	2025-05-11
Pretty URL pub-166b904ae438414b90587eff4ad1e897.r2.dev/2fait.html?30.YmtlbHRvbkBidWVzaW5nY29ycC5jb20=/ IP 104.18.3.35 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-04 18:10 Last Seen2025-05-11 03:05 Times Seen858 Hash f57eb0f34c664229aae5a33833ec9331 03173d25f8485c0e4e3cd9c8f0a7c651b8ec7bdf 3ce0d0f714097894e826cc58d19f5666d4be40966c33c9a4debe3d434b27586e Loading...

	pub-166b904ae438414b90587eff4ad1e897.r2.dev/2fait.html?30.YmtlbHRvbkBidWVzaW5nY29ycC5jb20=/	ScriptElement	1.8 kB	2023-12-04	2024-09-28
Pretty URL pub-166b904ae438414b90587eff4ad1e897.r2.dev/2fait.html?30.YmtlbHRvbkBidWVzaW5nY29ycC5jb20=/ IP 104.18.3.35 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-04 18:10 Last Seen2024-09-28 08:46 Times Seen57 Hash ce9b3a1f123a8ecf77dd2fc6ba534b6f e1e2cef14e98ba57f604e89ccb8c9898314e700f 3fb02a24c90339877dfff4267d03e1fe8838e10358a38cab721bac46aa02948b Loading...

	unknown	EventHandler	3 B	2023-11-26	2025-05-11
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-11-26 01:58 Last Seen2025-05-11 12:14 Times Seen4756 Hash 55d41bf1762ab367e34869095adc637a a971c369972c389b280912b9f0c0cf3732694b8d 90cafbf1ac4ef47a2ef629011d29aae0bac2c7d96f05506c1df4f5646c417925 Loading...

	ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js	ScriptElement	86 kB	2023-03-07	2025-05-11
Pretty URL ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 16:35 Times Seen174142 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

HTTP Transactions (3)

	URL	IP	Response	Size
	pub-166b904ae438414b90587eff4ad1e897.r2.dev/2fait.html?30.YmtlbHRvbkBidWVzaW5nY29ycC5jb20=/	104.18.3.35	200 OK	165 kB
URL User Request GET HTTP/1.1 pub-166b904ae438414b90587eff4ad1e897.r2.dev/2fait.html?30.YmtlbHRvbkBidWVzaW5nY29ycC5jb20=/ IP 104.18.3.35:443 ASN #13335 CLOUDFLARENET Certificate IssuerLet's Encrypt Subject.r2.dev Fingerprint91:F0:8B:D3:AA:FC:86:18:F9:F2:29:EB:98:8C:D8:5A:3A:76:5C:CF ValidityWed, 11 Oct 2023 17:13:53 GMT - Tue, 09 Jan 2024 17:13:52 GMT File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (65350) Size 165 kB (165071 bytes) Hash 54ff7f76b6f2dd14ff8c59b1263be00a 16c6acdf800d57d09e064ea2fbce503788cdeb46 d1b8d91a0aa6530247c3854d6770f54eeaa4b5ea6e7bf762e69b8e2b5534523d HTTP Headers GET /2fait.html?30.YmtlbHRvbkBidWVzaW5nY29ycC5jb20=/ HTTP/1.1 Host: pub-166b904ae438414b90587eff4ad1e897.r2.dev User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK Date: Tue, 05 Dec 2023 03:16:31 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive ETag: W/"54ff7f76b6f2dd14ff8c59b1263be00a" Last-Modified: Mon, 04 Dec 2023 15:34:18 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 8309217d4b371bfe-OSL Content-Encoding: gzip`

	ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js	142.250.74.106	200 OK	30 kB
URL GET HTTP/2 ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js IP 142.250.74.106:443 ASN #15169 GOOGLE Requested by https://pub-166b904ae438414b90587eff4ad1e897.r2.dev/2fait.html?30.YmtlbHRvbkBidWVzaW5nY29ycC5jb20=/ Certificate IssuerGoogle Trust Services LLC Subjectupload.video.google.com FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42 ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT File type ASCII text, with very long lines (32065) Size 30 kB (30028 bytes) Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e HTTP Headers `GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1 Host: ajax.googleapis.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK accept-ranges: bytes content-encoding: gzip access-control-allow-origin: * content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers" report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} timing-allow-origin: * content-length: 30028 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Mon, 04 Dec 2023 20:34:29 GMT expires: Tue, 03 Dec 2024 20:34:29 GMT cache-control: public, max-age=31536000, stale-while-revalidate=2592000 last-modified: Tue, 03 Mar 2020 19:15:00 GMT content-type: text/javascript; charset=UTF-8 vary: Accept-Encoding age: 24122 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	logo.clearbit.com/	54.230.111.26	400 Bad Request	23 B
URL GET HTTP/2 logo.clearbit.com/ IP 54.230.111.26:443 ASN #16509 AMAZON-02 Requested by https://pub-166b904ae438414b90587eff4ad1e897.r2.dev/2fait.html?30.YmtlbHRvbkBidWVzaW5nY29ycC5jb20=/ Certificate IssuerAmazon Subjectclearbit.com FingerprintCE:F9:48:B9:1B:6F:17:74:BE:F2:87:A9:D6:47:48:D7:81:AC:02:31 ValidityMon, 18 Sep 2023 00:00:00 GMT - Thu, 17 Oct 2024 23:59:59 GMT File type ASCII text Size 23 B (23 bytes) Hash 6ec26fb8a65967babf1899ea3b0f16a1 607887802c91eae8b557ce153e1cc24e0f27bc64 9060c4b05ac95688fc5409f287057a2b818ee9da16c7b25bbdceff71f11482d1 HTTP Headers `GET / HTTP/1.1 Host: logo.clearbit.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 400 Bad Request content-type: text/plain; charset=utf-8 content-length: 23 date: Tue, 05 Dec 2023 03:16:32 GMT x-envoy-response-flags: - server: envoy strict-transport-security: max-age=63072000; includeSubDomains; preload x-content-type-options: nosniff x-cache: Error from cloudfront via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: FC6bf7sCJNTuW6ztM2lmP9cYfuQz3MtnUzhOAleWjLaVnBRBaxCQcg== X-Firefox-Spdy: h2`