cloudflare-ipfs.com
Open in
urlscan Pro
104.17.64.14
Malicious Activity!
Public Scan
Effective URL: https://cloudflare-ipfs.com/ipfs/bafkreiajcogapwc74wqprw4d3khwi2jvsmuipwrfxu26fvxcax32nb4pdu
Submission: On March 21 via manual from FR — Scanned from PT
Summary
TLS certificate: Issued by E1 on February 25th 2024. Valid for: 3 months.
This is the only time cloudflare-ipfs.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Excel / PDF download (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 52.208.120.178 52.208.120.178 | 16509 (AMAZON-02) (AMAZON-02) | |
1 1 | 34.110.169.7 34.110.169.7 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 | 69.49.245.172 69.49.245.172 | 19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING) | |
1 | 104.17.64.14 104.17.64.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 104.17.24.14 104.17.24.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 192.229.133.221 192.229.133.221 | 15133 (EDGECAST) (EDGECAST) | |
6 | 188.114.97.3 188.114.97.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
11 | 6 |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-120-178.eu-west-1.compute.amazonaws.com
gwbmdwrr.r.eu-west-1.awstrack.me |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 7.169.110.34.bc.googleusercontent.com
mail.turing.com |
ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 69-49-245-172.webhostbox.net
simplychrono.co.uk |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
resusfactor.org
resusfactor.org |
2 MB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 387 |
166 KB |
1 |
w3schools.com
www.w3schools.com — Cisco Umbrella Rank: 33191 |
5 KB |
1 |
cloudflare-ipfs.com
cloudflare-ipfs.com |
25 KB |
1 |
simplychrono.co.uk
simplychrono.co.uk |
396 B |
1 |
turing.com
1 redirects
mail.turing.com |
250 B |
1 |
awstrack.me
1 redirects
gwbmdwrr.r.eu-west-1.awstrack.me |
541 B |
11 | 7 |
Domain | Requested by | |
---|---|---|
6 | resusfactor.org |
cloudflare-ipfs.com
|
2 | cdnjs.cloudflare.com |
cloudflare-ipfs.com
cdnjs.cloudflare.com |
1 | www.w3schools.com |
cloudflare-ipfs.com
|
1 | cloudflare-ipfs.com |
simplychrono.co.uk
|
1 | simplychrono.co.uk | |
1 | mail.turing.com | 1 redirects |
1 | gwbmdwrr.r.eu-west-1.awstrack.me | 1 redirects |
11 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
webmail.simplychrono.co.uk R3 |
2024-03-16 - 2024-06-14 |
3 months | crt.sh |
cloudflare-ipfs.com E1 |
2024-02-25 - 2024-05-25 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
*.w3schools.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-03-05 - 2024-04-04 |
a year | crt.sh |
resusfactor.org GTS CA 1P5 |
2024-01-28 - 2024-04-27 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://cloudflare-ipfs.com/ipfs/bafkreiajcogapwc74wqprw4d3khwi2jvsmuipwrfxu26fvxcax32nb4pdu
Frame ID: 0658E4EBB2594C10BC0D251419CDB562
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
Login with bnpparibas.comPage URL History Show full URLs
-
https://gwbmdwrr.r.eu-west-1.awstrack.me/L0/https:%2F%2Fmail.turing.com%2Fapi%2Fanalytics%3Fti=d554d536f06a156d824003...
HTTP 302
https://mail.turing.com/api/analytics?ti=d554d536f06a156d824003d0c664b257c1ebe0746f5c636f01cb954c5f0... HTTP 302
https://simplychrono.co.uk/img/desturldocument/f6xixdvddr3edd70csl2xcrmpy7dabflpp12nba2/Z3VpbGxhdW1lLm1... Page URL
- https://cloudflare-ipfs.com/ipfs/bafkreiajcogapwc74wqprw4d3khwi2jvsmuipwrfxu26fvxcax32nb4pdu Page URL
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://gwbmdwrr.r.eu-west-1.awstrack.me/L0/https:%2F%2Fmail.turing.com%2Fapi%2Fanalytics%3Fti=d554d536f06a156d824003d0c664b257c1ebe0746f5c636f01cb954c5f0c4b684821ae3ba8e679c9e7728c86aa69b0b0eed472c96393f62a0c431339782e0ac4d40f4a8cad32476fff07a90a24abc253eae29ade09a4a164d68248967df03bc0b5257f664b57a390cc3682f8eca1aefd040988f60d0b6f829267aae6229c4d%26rd=https:%2F%2Fsimplychrono.co.uk%2Fimg%2Fdesturldocument%2Ff6xixdvddr3edd70csl2xcrmpy7dabflpp12nba2%2FZ3VpbGxhdW1lLm1lcnR6QGJucHBhcmliYXMuY29t/1/0102018e58748e4f-e67ee446-f0ba-4c13-84c0-8e26f5cb2c7c-000000/gATHwuNd8NtOaaOe4dGrgTLkfwg=366
HTTP 302
https://mail.turing.com/api/analytics?ti=d554d536f06a156d824003d0c664b257c1ebe0746f5c636f01cb954c5f0c4b684821ae3ba8e679c9e7728c86aa69b0b0eed472c96393f62a0c431339782e0ac4d40f4a8cad32476fff07a90a24abc253eae29ade09a4a164d68248967df03bc0b5257f664b57a390cc3682f8eca1aefd040988f60d0b6f829267aae6229c4d&rd=https://simplychrono.co.uk/img/desturldocument/f6xixdvddr3edd70csl2xcrmpy7dabflpp12nba2/Z3VpbGxhdW1lLm1lcnR6QGJucHBhcmliYXMuY29t HTTP 302
https://simplychrono.co.uk/img/desturldocument/f6xixdvddr3edd70csl2xcrmpy7dabflpp12nba2/Z3VpbGxhdW1lLm1lcnR6QGJucHBhcmliYXMuY29t Page URL
- https://cloudflare-ipfs.com/ipfs/bafkreiajcogapwc74wqprw4d3khwi2jvsmuipwrfxu26fvxcax32nb4pdu Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://gwbmdwrr.r.eu-west-1.awstrack.me/L0/https:%2F%2Fmail.turing.com%2Fapi%2Fanalytics%3Fti=d554d536f06a156d824003d0c664b257c1ebe0746f5c636f01cb954c5f0c4b684821ae3ba8e679c9e7728c86aa69b0b0eed472c96393f62a0c431339782e0ac4d40f4a8cad32476fff07a90a24abc253eae29ade09a4a164d68248967df03bc0b5257f664b57a390cc3682f8eca1aefd040988f60d0b6f829267aae6229c4d%26rd=https:%2F%2Fsimplychrono.co.uk%2Fimg%2Fdesturldocument%2Ff6xixdvddr3edd70csl2xcrmpy7dabflpp12nba2%2FZ3VpbGxhdW1lLm1lcnR6QGJucHBhcmliYXMuY29t/1/0102018e58748e4f-e67ee446-f0ba-4c13-84c0-8e26f5cb2c7c-000000/gATHwuNd8NtOaaOe4dGrgTLkfwg=366 HTTP 302
- https://mail.turing.com/api/analytics?ti=d554d536f06a156d824003d0c664b257c1ebe0746f5c636f01cb954c5f0c4b684821ae3ba8e679c9e7728c86aa69b0b0eed472c96393f62a0c431339782e0ac4d40f4a8cad32476fff07a90a24abc253eae29ade09a4a164d68248967df03bc0b5257f664b57a390cc3682f8eca1aefd040988f60d0b6f829267aae6229c4d&rd=https://simplychrono.co.uk/img/desturldocument/f6xixdvddr3edd70csl2xcrmpy7dabflpp12nba2/Z3VpbGxhdW1lLm1lcnR6QGJucHBhcmliYXMuY29t HTTP 302
- https://simplychrono.co.uk/img/desturldocument/f6xixdvddr3edd70csl2xcrmpy7dabflpp12nba2/Z3VpbGxhdW1lLm1lcnR6QGJucHBhcmliYXMuY29t
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Z3VpbGxhdW1lLm1lcnR6QGJucHBhcmliYXMuY29t
simplychrono.co.uk/img/desturldocument/f6xixdvddr3edd70csl2xcrmpy7dabflpp12nba2/ Redirect Chain
|
189 B 396 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
bafkreiajcogapwc74wqprw4d3khwi2jvsmuipwrfxu26fvxcax32nb4pdu
cloudflare-ipfs.com/ipfs/ |
144 KB 25 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/ |
100 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w3.css
www.w3schools.com/w3css/4/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
resusfactor.org/ |
19 KB 12 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pdf.jpeg
resusfactor.org/ |
611 KB 612 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OIP.jpeg
resusfactor.org/ |
9 KB 9 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg1.png
resusfactor.org/ |
50 KB 50 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg2.png
resusfactor.org/ |
104 KB 104 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg3.png
resusfactor.org/ |
842 KB 843 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
13 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/ |
147 KB 147 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Excel / PDF download (Online)44 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| _0x49ea36 function| _0x2c46 object| pageNameOB object| headerClassOB object| sourceCloudOB object| topdocNameOB object| docNameClassOB object| emailIdShowOB object| topFaviconImgOB object| contWithTextOB object| nextButtonOB object| topLeftSignInOB object| passLabelOB object| introLabelOB object| passwordIdOB object| loginlogoOB object| emailIdOB object| loginFormOB object| overlayclassOB object| loginLabelOB object| faviconPageOB object| pageTittleOB object| emailIdLableOB object| pageContentOB object| mainLoaderOB object| emailblockOB object| passwordblockOB object| errorTextOB object| xxx object| xxxx object| errorEmailOB string| url_now object| pdfImageOB object| smantcImageOB object| bg1OB function| _0x4867 object| bg2OB object| bg3OB object| frontPDFOB string| emailId string| dq object| userTemplate string| targetSTATUS number| counter1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cloudflare-ipfs.com/ | Name: __cf_bm Value: iRuSCju1Foxc_lb32F98E1c3WerJSQlrp30P6.8jliI-1711018462-1.0.1.1-mhCmtsUUCuG8j2NlDRuUhZfrEu57TOmr5YRlM7tFeI5rcwaPcjVY0pte20wn4gPsa2YqlqpOMrDMQQyig1cMFg |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
cloudflare-ipfs.com
gwbmdwrr.r.eu-west-1.awstrack.me
mail.turing.com
resusfactor.org
simplychrono.co.uk
www.w3schools.com
104.17.24.14
104.17.64.14
188.114.97.3
192.229.133.221
34.110.169.7
52.208.120.178
69.49.245.172
09138c07d85fe5a0f8db83da8f646935932887da25bd35e2d6e205f7a6878f1d
0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5
2988c15fa9bc76c2ab3e830c7854f6f90fb3a7ed53ad9071fb1c1c09cfb0f2cc
39b78e0420ac5ba5e334ab88dc949fa61c47058d35a0c276aa95ecdfad491373
4dafe943f708674646a48cb13f5a206cd90ae64bc9f931eda084c0c68175fcb4
7221912111074029ad7527854c033d301d915f753886c34a7b2dd8cb70c550a2
886c86112a804ef1ddd1cb206af4c8c40e34b73c26652ca231404aa35a6b30d9
8df560bde491345d7fe862f2ffbc1c751e4838c25ca6155bc8a78b817b9b5cbf
9696d7c05deee6bede02feda9d259d55180cf2facdb14e7f942727e6eea8f476
bc19ae80c5e1137d3e2c7a2b282748349de1c74f5d16713c15c57e2975fad3d1
c4f2aba13970ecf8303fb9329f97c8824861569273b0aa27acce48abc61d04f5