cloudflare-ipfs.com
Open in
urlscan Pro
2606:4700::6811:600d
Malicious Activity!
Public Scan
Effective URL: https://cloudflare-ipfs.com/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/adminserver-index.html
Submission: On February 18 via manual from NZ — Scanned from NZ
Summary
TLS certificate: Issued by E1 on December 28th 2023. Valid for: 3 months.
This is the only time cloudflare-ipfs.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2620:1ec:46::31 2620:1ec:46::31 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 34.117.33.233 34.117.33.233 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
4 | 2606:4700::68... 2606:4700::6811:600d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2404:6800:400... 2404:6800:4006:80a::200a | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 2404:6800:400... 2404:6800:4006:814::2004 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2404:6800:400... 2404:6800:4006:809::2004 | 15169 (GOOGLE) (GOOGLE) | |
1 | 34.225.153.79 34.225.153.79 | 14618 (AMAZON-AES) (AMAZON-AES) | |
8 | 6 |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 233.33.117.34.bc.googleusercontent.com
admin-server-47838kjhxxxf9876745674874456784897bjdshinoxe8978.replit.app |
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-225-153-79.compute-1.amazonaws.com
image.thum.io |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
cloudflare-ipfs.com
cloudflare-ipfs.com |
70 KB |
1 |
thum.io
image.thum.io — Cisco Umbrella Rank: 272786 |
18 KB |
1 |
gstatic.com
t1.gstatic.com |
2 KB |
1 |
google.com
1 redirects
www.google.com — Cisco Umbrella Rank: 2 |
294 B |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 434 |
31 KB |
1 |
replit.app
admin-server-47838kjhxxxf9876745674874456784897bjdshinoxe8978.replit.app |
1 KB |
1 |
bpmsafelink.com
1 redirects
yhdwb.bpmsafelink.com |
498 B |
8 | 7 |
Domain | Requested by | |
---|---|---|
4 | cloudflare-ipfs.com |
admin-server-47838kjhxxxf9876745674874456784897bjdshinoxe8978.replit.app
cloudflare-ipfs.com |
1 | image.thum.io |
cloudflare-ipfs.com
|
1 | t1.gstatic.com |
cloudflare-ipfs.com
|
1 | www.google.com | 1 redirects |
1 | ajax.googleapis.com |
cloudflare-ipfs.com
|
1 | admin-server-47838kjhxxxf9876745674874456784897bjdshinoxe8978.replit.app | |
1 | yhdwb.bpmsafelink.com | 1 redirects |
8 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
replit.app GTS CA 1D4 |
2023-12-21 - 2024-03-20 |
3 months | crt.sh |
cloudflare-ipfs.com E1 |
2023-12-28 - 2024-03-27 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-01-29 - 2024-04-22 |
3 months | crt.sh |
*.thum.io Amazon RSA 2048 M01 |
2023-09-24 - 2024-10-22 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://cloudflare-ipfs.com/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/adminserver-index.html
Frame ID: 8DBD1C926D4BC928CB299D0E1C8BB55C
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
Outlook Web AppPage URL History Show full URLs
-
https://yhdwb.bpmsafelink.com/c/ZDXpaVAjUEm9tqGjTMUdZQ
HTTP 302
https://admin-server-47838kjhxxxf9876745674874456784897bjdshinoxe8978.replit.app/ Page URL
- https://cloudflare-ipfs.com/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/adminserver... Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://yhdwb.bpmsafelink.com/c/ZDXpaVAjUEm9tqGjTMUdZQ
HTTP 302
https://admin-server-47838kjhxxxf9876745674874456784897bjdshinoxe8978.replit.app/ Page URL
- https://cloudflare-ipfs.com/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/adminserver-index.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://yhdwb.bpmsafelink.com/c/ZDXpaVAjUEm9tqGjTMUdZQ HTTP 302
- https://admin-server-47838kjhxxxf9876745674874456784897bjdshinoxe8978.replit.app/
- https://www.google.com/s2/favicons?domain=2degrees.nz&sz=64 HTTP 301
- https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://2degrees.nz&size=64
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
admin-server-47838kjhxxxf9876745674874456784897bjdshinoxe8978.replit.app/ Redirect Chain
|
898 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
adminserver-index.html
cloudflare-ipfs.com/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/ |
138 B 968 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bafybeide6ptk4n4ztilsdczbynk5kr3mh4ou46ccfsmy33nby3fwyiqthq
cloudflare-ipfs.com/ipfs/ |
269 KB 69 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
lgnexlogo.gif
cloudflare-ipfs.com/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/Outlook%20Web%20App_files/ |
225 B 225 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
lgnbotr.gif
cloudflare-ipfs.com/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/Outlook%20Web%20App_files/ |
223 B 223 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
290 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
232 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
76 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
99 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
faviconV2
t1.gstatic.com/ Redirect Chain
|
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2degrees.nz
image.thum.io/get/65490-1671030344805-37a36e07674665dbe1105f1044aab44d/width/1200/https:// |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| erp string| em number| tmp function| $ function| jQuery function| showEl function| hideEl number| g_fFcs1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cloudflare-ipfs.com/ | Name: __cf_bm Value: i2s0mjttlxsNlWJ8NwqlrEuAkI3.FMV1GuZsrA98BVw-1708287275-1.0-AbovuSX/LA7133qv1Ud7K3nkAHoFERLySQyKRjMVLfZcDtY6YnotoxCEBHVaswlJADgiQkMjVHjxLbDwhVLFseI= |
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=63072000; includeSubDomains |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
admin-server-47838kjhxxxf9876745674874456784897bjdshinoxe8978.replit.app
ajax.googleapis.com
cloudflare-ipfs.com
image.thum.io
t1.gstatic.com
www.google.com
yhdwb.bpmsafelink.com
2404:6800:4006:809::2004
2404:6800:4006:80a::200a
2404:6800:4006:814::2004
2606:4700::6811:600d
2620:1ec:46::31
34.117.33.233
34.225.153.79
2934659cf06ca3ba6b87e7b5b64cbfb54ac6d85ffd2dd3428eecc741e3eac732
301ab4a659a609d5ddc2155d403291d1de337b7adf437aa3db4d2e77560aadb4
3549d0fea3759ba1b08abe7aa14968dfdd891dfb7615579cfaf01c74c3477c2a
79f1ef553b12aa2798a2b550ad49cc85f9d0d007e1fa7cd292719c0f4a902ffd
7acfa3d76cd77b3aba2cb0e53c167a116ed8d8c104bd4df1345a32854e658519
7cc623ae411b358d670e9a9da00770e719e99facc6e49a94f07eca2a086aa88e
91c2122bfe23eee33fac943690f678536570ac1ddabfe4cfca60331a6fc2a63d
be17924f6d0d8a6ece9dc5666983fe23af7d0e67eed9c64b279ec71a9b95143b
dd67ed32488b6b8726b68c0c79773c693c8b69c7b26804812fbbbd5a89bbefce
e701ee8656f79f385b9f92c7599acdf3bf124e32546b9730c85067fa373c10ca
e7c8f9a8eeec5e657afb08a443c61ba96fa843168626ea5a68a0ca58d444bcb0
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fea818333e47cfb96471611dbd05651beaa422424e1609ad2e129c0265516b4f