Report - pub-efee82b3cd564cde8e0d207b52e93bf1.r2.dev/mail.html

Report Overview

Visited public
2025-04-30 18:30:33
Tags
URL
pub-efee82b3cd564cde8e0d207b52e93bf1.r2.dev/mail.html
Finishing URL
pub-efee82b3cd564cde8e0d207b52e93bf1.r2.dev/mail.html
IP / ASN
172.66.0.235
#13335 CLOUDFLARENET
Title
Webmail Login

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-04-30	1.8 kB	147 kB	142.250.74.35
pub-efee82b3cd564cde8e0d207b52e93bf1.r2.dev	unknown	2022-08-23	2024-10-10	2025-03-31	521 B	578 B	172.66.0.235
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-04-30	506 B	25 kB	142.250.74.10
ajax.googleapis.com	12905	2005-01-25	2012-05-22	2025-04-30	472 B	90 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-04-30 18:30:01	low	Client IP	104.18.41.169	ET HUNTING Observed IPFS Gateway Domain (ipfs .w3s .link) in TLS SNI
2025-04-30 18:30:01	low	Client IP	104.18.41.169	ET HUNTING Observed IPFS Gateway Domain (ipfs .w3s .link) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2025-04-19	medium	pub-efee82b3cd564cde8e0d207b52e93bf1.r2.dev/mail.html	Generic/Spear Phishing

PhishTank

Scan Date	Severity	Indicator	Alert
2024-07-10	medium	pub-efee82b3cd564cde8e0d207b52e93bf1.r2.dev/mail.html	Other

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	bafybeib6vx5dowe32lgfyglaxusvyp5di7gyefjkunbvrlmwplfxatf5mq.ipfs.w3s.link/	ScriptElement	1.9 MB	2023-08-12	2025-04-30
Pretty URL bafybeib6vx5dowe32lgfyglaxusvyp5di7gyefjkunbvrlmwplfxatf5mq.ipfs.w3s.link/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-12 10:33 Last Seen2025-04-30 18:30 Times Seen25 Hash 6871649eb308e2425eb3a9648d2e6e7c 00a2d0d02f8fca57ba5b4c79e851186e141af567 1a26cc80387362efb1c46ed7f64d947a79da95e997dae2a5474926d52ef45193 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-05-09
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 03:01 Times Seen108563 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	bafkreicxo52m6rp2k3na2v3n4k2tvewupn5qzilitqxbkkr2zot2bz7hje.ipfs.w3s.link/	ScriptElement	5.9 kB	2025-02-08	2025-04-30
Pretty URL bafkreicxo52m6rp2k3na2v3n4k2tvewupn5qzilitqxbkkr2zot2bz7hje.ipfs.w3s.link/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-08 00:33 Last Seen2025-04-30 18:30 Times Seen6 Hash e0b3ebb8cdaea9aa4fbf0b71ac749f65 a6e094e6a79cb3837df61f216e7741c672c862aa 577774cf45fa56da0d576de2b53a92d47b7b0ca1689c2e152a3acba7a0e7e749 Loading...

		Size	First Seen	Last Seen
	#1 Write - 13db991512ea79c839e5710881b547a2	280 kB	2023-08-12 10:33	2025-04-30 18:30
Pretty Observations First Seen2023-08-12 10:33 Last Seen2025-04-30 18:30 Times Seen24 Hash 13db991512ea79c839e5710881b547a2 69fdbd5fb6c0bd2e00864a075b8d06c70a29bfe3 5fe8d131bebf02f2ba71cab6f99139bc0bf908658c54717e2a9383ef44360da2 Loading...

HTTP Transactions (6)

URL IP Response Size

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.35

200 OK

48 kB

URL GET
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://pub-efee82b3cd564cde8e0d207b52e93bf1.r2.dev/mail.html
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:27:9C:C9:95:FF:8F:83:34:D0:B1:42:CB:B7:63:C0:8E:6F:3E:F1
ValidityMon, 31 Mar 2025 08:55:41 GMT - Mon, 23 Jun 2025 08:55:40 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pub-efee82b3cd564cde8e0d207b52e93bf1.r2.dev
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Apr 2025 10:12:20 GMT
expires: Fri, 24 Apr 2026 10:12:20 GMT
cache-control: public, max-age=31536000
age: 548265
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.35

200 OK

48 kB

URL GET
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://pub-efee82b3cd564cde8e0d207b52e93bf1.r2.dev/mail.html
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:27:9C:C9:95:FF:8F:83:34:D0:B1:42:CB:B7:63:C0:8E:6F:3E:F1
ValidityMon, 31 Mar 2025 08:55:41 GMT - Mon, 23 Jun 2025 08:55:40 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pub-efee82b3cd564cde8e0d207b52e93bf1.r2.dev
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Apr 2025 10:12:20 GMT
expires: Fri, 24 Apr 2026 10:12:20 GMT
cache-control: public, max-age=31536000
age: 548265
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

pub-efee82b3cd564cde8e0d207b52e93bf1.r2.dev/mail.html

172.66.0.235

200 OK

269 B

URL User Request GET
pub-efee82b3cd564cde8e0d207b52e93bf1.r2.dev/mail.html
IP
172.66.0.235:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subject*.r2.dev
FingerprintB5:A8:AD:86:09:9A:90:92:96:24:0C:B5:31:B4:70:40:B0:04:5C:F5
ValidityTue, 25 Mar 2025 11:48:11 GMT - Mon, 23 Jun 2025 11:48:10 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
269 B (269 bytes)
Hash
aca33c6f31a9267a033cd4c358e43ec2
1e7d508cfd07f3082bc01daf988d700abf9259ee
f47353cf3697a765cd3baa24ac8d19cec16d0a0c13372833aebe1c5a50c89e13

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing
PhishTank	phishing	Other

HTTP Headers

GET /mail.html HTTP/1.1
Host: pub-efee82b3cd564cde8e0d207b52e93bf1.r2.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 30 Apr 2025 18:30:01 GMT
Content-Type: text/html
Content-Length: 269
Connection: keep-alive
Accept-Ranges: bytes
ETag: "aca33c6f31a9267a033cd4c358e43ec2"
Last-Modified: Tue, 09 Jul 2024 09:14:00 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 93891b9dcb4bb527-OSL

fonts.googleapis.com/css2?family=Open+Sans:wght@400;500;600;700&display=swap

142.250.74.10

200 OK

24 kB

URL GET
fonts.googleapis.com/css2?family=Open+Sans:wght@400;500;600;700&display=swap
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://pub-efee82b3cd564cde8e0d207b52e93bf1.r2.dev/mail.html
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint7E:14:87:08:DF:BA:04:65:17:BA:3B:4F:BA:EA:BC:8C:3F:0A:A4:00
ValidityMon, 31 Mar 2025 08:55:43 GMT - Mon, 23 Jun 2025 08:55:42 GMT

File type
ASCII text, with very long lines (1572)
Size
24 kB (24056 bytes)
Hash
e1717b8f005502fc36bd81e887250a5e
417c334afbea2a3a559d52d9e717af796f0d78ee
f41df713969f37c69d521da6b2fecb5a39dda4adf6b1fdf52079556e81eef4fa

HTTP Headers

GET /css2?family=Open+Sans:wght@400;500;600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-efee82b3cd564cde8e0d207b52e93bf1.r2.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 30 Apr 2025 18:30:04 GMT
date: Wed, 30 Apr 2025 18:30:04 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

142.250.74.106

200 OK

90 kB

URL GET
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://pub-efee82b3cd564cde8e0d207b52e93bf1.r2.dev/mail.html
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint7E:14:87:08:DF:BA:04:65:17:BA:3B:4F:BA:EA:BC:8C:3F:0A:A4:00
ValidityMon, 31 Mar 2025 08:55:43 GMT - Mon, 23 Jun 2025 08:55:42 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
90 kB (89476 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-efee82b3cd564cde8e0d207b52e93bf1.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 27 Apr 2025 17:23:12 GMT
expires: Mon, 27 Apr 2026 17:23:12 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 263212
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.35

200 OK

48 kB

URL GET
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://pub-efee82b3cd564cde8e0d207b52e93bf1.r2.dev/mail.html
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:27:9C:C9:95:FF:8F:83:34:D0:B1:42:CB:B7:63:C0:8E:6F:3E:F1
ValidityMon, 31 Mar 2025 08:55:41 GMT - Mon, 23 Jun 2025 08:55:40 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pub-efee82b3cd564cde8e0d207b52e93bf1.r2.dev
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Apr 2025 10:12:20 GMT
expires: Fri, 24 Apr 2026 10:12:20 GMT
cache-control: public, max-age=31536000
age: 548265
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (6)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash