Report - pub-7f5f6f29ccf64c6189d7ebb9ce6e5ed4.r2.dev/acer.html

Report Overview

Visitedpublic

2025-07-24 19:08:43

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
pub-7f5f6f29ccf64c6189d7ebb9ce6e5ed4.r2.dev	unknown	2022-08-23	2024-09-26	2025-07-12	1.0 kB	31 kB	104.18.54.45
cdn.socket.io	62068	2010-04-18	2015-03-23	2025-07-20	519 B	46 kB	3.167.2.78
twomancake.com	unknown	2024-04-09	2024-04-09	2025-07-12	445 B	0 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

Scan Date	Severity	Indicator	Alert
2024-06-13	medium	pub-7f5f6f29ccf64c6189d7ebb9ce6e5ed4.r2.dev/acer.html	Other

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-07-24	medium	twomancake.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	cdn.socket.io/4.6.0/socket.io.min.js	ScriptElement	46 kB	2023-04-05	2025-08-01
URL cdn.socket.io/4.6.0/socket.io.min.js IP / ASN 3.167.2.78 #0 Introduced by ScriptElement Embedded false Resource Info First Seen 2023-04-05 Last Seen 2025-08-01 Times Seen 38576 Size 46 kB (45806 bytes) MD5 80f5b8c6a9eeac15de93e5a112036a06 SHA1 f7174635137d37581b11937fc90e9cb325077bce SHA256 0401de33701f1cad16ecf952899d23990b6437d0a5b7335524edf6bdfb932542 Format Code Loading...

	pub-7f5f6f29ccf64c6189d7ebb9ce6e5ed4.r2.dev/acer.html	ScriptElement	1.2 kB	2025-03-26	2025-08-01
URL pub-7f5f6f29ccf64c6189d7ebb9ce6e5ed4.r2.dev/acer.html IP / ASN 104.18.54.45 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2025-03-26 Last Seen 2025-08-01 Times Seen 9 Size 1.2 kB (1249 bytes) MD5 078b7e7602a671c31719900acdacb4ef SHA1 0d2e85e9f6a6790dae111cad5e232f2ec938140b SHA256 3906a22f1d7ee2afd6bd7f3c3e31fc9864dc7f07d256c11e116cbf1d79c5409a Format Code Loading...

HTTP Transactions (4)

URL IP Response Size

GET pub-7f5f6f29ccf64c6189d7ebb9ce6e5ed4.r2.dev/acer.html

104.18.54.45

200 OK

2.9 kB

URL

pub-7f5f6f29ccf64c6189d7ebb9ce6e5ed4.r2.dev/acer.html

IP / ASN

104.18.54.45

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (696), with CRLF line terminators

First Seen2024-08-19

Last Seen2025-08-01

Times Seen12

Size2.9 kB (2898 bytes)

MD5cf73ac1c6193b0aabe01f34f706ba974

SHA1bc8992ddcdbded3c0dde25ddf9b7b2bc2f38de22

SHA2565a592cd6e85ee35904caa24a77385c924e9b5533fa9cd502d02d9c513baa2996

Certificate Info

IssuerLet's Encrypt

Subject*.r2.dev

Fingerprint0C:FA:DD:62:8D:63:51:46:AF:41:BD:E2:9F:BE:45:E0:09:6A:95:D4

ValidityMon, 21 Jul 2025 10:32:01 GMT - Sun, 19 Oct 2025 10:32:00 GMT

Detections

Analyzer	Verdict	Alert
PhishTank	phishing	Other

HTTP Headers

GET /acer.html HTTP/1.1
Host: pub-7f5f6f29ccf64c6189d7ebb9ce6e5ed4.r2.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 24 Jul 2025 19:08:07 GMT
Content-Type: text/html
Content-Length: 2898
Connection: keep-alive
Accept-Ranges: bytes
ETag: "cf73ac1c6193b0aabe01f34f706ba974"
Last-Modified: Tue, 21 May 2024 11:02:04 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 9645b450b8ea92c8-CPH

GET cdn.socket.io/4.6.0/socket.io.min.js

3.167.2.78

200 OK

46 kB

URL

cdn.socket.io/4.6.0/socket.io.min.js

IP / ASN

3.167.2.78

Requested byhttps://pub-7f5f6f29ccf64c6189d7ebb9ce6e5ed4.r2.dev/acer.html

Resource Info

File typeJavaScript source, ASCII text, with very long lines (45667)

First Seen2023-04-05

Last Seen2025-08-01

Times Seen38576

Size46 kB (45806 bytes)

MD580f5b8c6a9eeac15de93e5a112036a06

SHA1f7174635137d37581b11937fc90e9cb325077bce

SHA2560401de33701f1cad16ecf952899d23990b6437d0a5b7335524edf6bdfb932542

Certificate Info

IssuerAmazon

Subjectcdn.socket.io

Fingerprint71:F6:08:90:73:AA:7D:7B:9C:FB:82:1D:C4:25:5A:6C:23:9A:A0:C6

ValidityThu, 19 Sep 2024 00:00:00 GMT - Thu, 16 Oct 2025 23:59:59 GMT

HTTP Headers

GET /4.6.0/socket.io.min.js HTTP/1.1
Host: cdn.socket.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pub-7f5f6f29ccf64c6189d7ebb9ce6e5ed4.r2.dev
DNT: 1
Connection: keep-alive
Referer: https://pub-7f5f6f29ccf64c6189d7ebb9ce6e5ed4.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
content-disposition: inline; filename="socket.io.min.js"
content-encoding: gzip
date: Thu, 26 Dec 2024 13:57:58 GMT
etag: W/"80f5b8c6a9eeac15de93e5a112036a06"
last-modified: Fri, 08 Nov 2024 06:57:47 GMT
server: Vercel
strict-transport-security: max-age=63072000
x-vercel-cache: HIT
x-vercel-id: fra1::9lbnr-1735221478206-b8599b834fc1
x-cache: Hit from cloudfront
via: 1.1 1b7f8001b2b06f9624559a35b6822156.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: Q4O-KttEfTFfmoYCW-yadr5CGNWIUjKtFRfKdKO-dr-Kj-IEt5FsQQ==
age: 22335019
X-Firefox-Spdy: h2

GET twomancake.com/js.js

0.0.0.0

0 B

URL

twomancake.com/js.js

IP / ASN

0.0.0.0

Requested byhttps://pub-7f5f6f29ccf64c6189d7ebb9ce6e5ed4.r2.dev/acer.html

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606204

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js.js HTTP/1.1
Host: twomancake.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-7f5f6f29ccf64c6189d7ebb9ce6e5ed4.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET pub-7f5f6f29ccf64c6189d7ebb9ce6e5ed4.r2.dev/favicon.ico

104.18.54.45

404 Not Found

27 kB

URL

pub-7f5f6f29ccf64c6189d7ebb9ce6e5ed4.r2.dev/favicon.ico

IP / ASN

104.18.54.45

#13335 CLOUDFLARENET

Requested byhttps://pub-7f5f6f29ccf64c6189d7ebb9ce6e5ed4.r2.dev/acer.html

Resource Info

File typeHTML document, ASCII text, with very long lines (611)

First Seen2024-07-03

Last Seen2025-08-02

Times Seen17800

Size27 kB (27150 bytes)

MD546dd133ee00dc1bae5e4eeba7b88432f

SHA18af86a4ac91ce48c062216fb94a6e1d57618a19b

SHA2569eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66

Certificate Info

IssuerLet's Encrypt

Subject*.r2.dev

Fingerprint0C:FA:DD:62:8D:63:51:46:AF:41:BD:E2:9F:BE:45:E0:09:6A:95:D4

ValidityMon, 21 Jul 2025 10:32:01 GMT - Sun, 19 Oct 2025 10:32:00 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: pub-7f5f6f29ccf64c6189d7ebb9ce6e5ed4.r2.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-7f5f6f29ccf64c6189d7ebb9ce6e5ed4.r2.dev/acer.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 24 Jul 2025 19:08:07 GMT
Content-Type: text/html
Content-Length: 27150
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 9645b454cc0a92c8-CPH