magiceden.red
Open in
urlscan Pro
2606:4700:3033::ac43:c223
Malicious Activity!
Public Scan
Submission: On August 20 via api from BE — Scanned from DE
Summary
TLS certificate: Issued by WE1 on August 17th 2024. Valid for: 3 months.
This is the only time magiceden.red was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 25 | 2606:4700:303... 2606:4700:3033::ac43:c223 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6812:1b2e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:80f::2003 | 15169 (GOOGLE) (GOOGLE) | |
4 | 2606:4700:303... 2606:4700:3034::6815:4c71 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
30 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
25 |
magiceden.red
1 redirects
magiceden.red |
9 MB |
4 |
solscan.fun
solscan.fun |
1 KB |
1 |
gstatic.com
fonts.gstatic.com |
46 KB |
1 |
walletconnect.com
verify.walletconnect.com — Cisco Umbrella Rank: 34429 |
|
30 | 4 |
Domain | Requested by | |
---|---|---|
25 | magiceden.red |
1 redirects
magiceden.red
|
4 | solscan.fun |
magiceden.red
|
1 | fonts.gstatic.com |
magiceden.red
|
1 | verify.walletconnect.com |
magiceden.red
|
30 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
magiceden.red WE1 |
2024-08-17 - 2024-11-15 |
3 months | crt.sh |
walletconnect.com E5 |
2024-06-27 - 2024-09-25 |
3 months | crt.sh |
*.gstatic.com WR2 |
2024-07-30 - 2024-10-22 |
3 months | crt.sh |
solscan.fun WE1 |
2024-07-23 - 2024-10-21 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://magiceden.red/
Frame ID: 98D0A6793BEEED62F001B273CBBF86AD
Requests: 27 HTTP requests in this frame
Frame:
https://verify.walletconnect.com/8752e208b53d7d1e8e8c49e6a28e85fe
Frame ID: 65C4654A036BDC806C262FBEB786B33A
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Rewards | Magic EdenPage URL History Show full URLs
- https://magiceden.red/ Page URL
-
https://magiceden.red/cdn-cgi/phish-bypass?atok=tEHXNHNdAGQsISSeuIWX_FfBKIT_N_PZUlCXQXGmzrA-172413...
HTTP 301
https://magiceden.red/ Page URL
Detected technologies
React (JavaScript Frameworks) ExpandDetected patterns
- <[^>]+data-react
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://magiceden.red/ Page URL
-
https://magiceden.red/cdn-cgi/phish-bypass?atok=tEHXNHNdAGQsISSeuIWX_FfBKIT_N_PZUlCXQXGmzrA-1724139591-0.0.1.1-%2F
HTTP 301
https://magiceden.red/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
30 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
/
magiceden.red/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cf.errors.css
magiceden.red/cdn-cgi/styles/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-exclamation.png
magiceden.red/cdn-cgi/images/ |
452 B 635 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
magiceden.red/ |
99 KB 16 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
/
magiceden.red/ Redirect Chain
|
99 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
style.css
magiceden.red/ |
272 B 635 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
5d2d33bbc81d6e49.css
magiceden.red/_next/static/css/ |
246 KB 56 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
6384ebf6a7b8bb56.css
magiceden.red/_next/static/css/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.js
magiceden.red/ |
297 KB 100 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
rewards_map_mobile_sol.cc26b592.png
magiceden.red/_next/image/ |
965 KB 966 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
magic-garden-cloud.ebd3320a.png
magiceden.red/_next/image/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
rewards_map_desktop_sol.801d343f.png
magiceden.red/_next/image/ |
4 MB 4 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
charting_library.js
magiceden.red/charting_library/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
8752e208b53d7d1e8e8c49e6a28e85fe
verify.walletconnect.com/ Frame 65C4 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
rewards_bg_gradient_sol.7064966f.png
magiceden.red/_next/image/ |
2 MB 2 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7W0Q5nw.woff2
fonts.gstatic.com/s/inter/v13/ |
45 KB 46 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo_2.png
magiceden.red/_next/image/ |
924 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
coins_sol.ab7dbfd9.svg
magiceden.red/_next/image/ |
47 KB 9 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
buying_rewards.gif
magiceden.red/_next/image/ |
503 KB 503 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
listing_rewards.gif
magiceden.red/_next/image/ |
414 KB 414 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
collection_offer_rewards.gif
magiceden.red/_next/image/ |
648 KB 648 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
tba_rewards.gif
magiceden.red/_next/image/ |
414 KB 414 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
emmy_brush.png
magiceden.red/_next/image/ |
103 KB 103 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
emmy_laptop.png
magiceden.red/_next/image/ |
96 KB 96 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
emmy_me.png
magiceden.red/_next/image/ |
97 KB 98 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
scan
solscan.fun/ |
90 B 573 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H3 |
scan
solscan.fun/ Frame |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
android-chrome-192x192.png
magiceden.red/img/favicon/ |
3 KB 4 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
data
solscan.fun/ |
4 B 486 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H3 |
data
solscan.fun/ Frame |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 function| _0x3657 function| _0x46472 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.magiceden.red/ | Name: __cf_mw_byp Value: tEHXNHNdAGQsISSeuIWX_FfBKIT_N_PZUlCXQXGmzrA-1724139591-0.0.1.1-/ |
|
.walletconnect.com/ | Name: __cf_bm Value: 15JF1lorhlmzVXuNMdGhKDdhtsDVRopHR13XzE5AEIQ-1724139596-1.0.1.1-3Ssd4kFZg7h.k4_GBSmFZfPyzMjAaxBJvPTeDi_gTKL6Z_fXEZA04u_USrICbBzJB8yfpQGvVpm7qh3mpNbEPA |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.gstatic.com
magiceden.red
solscan.fun
verify.walletconnect.com
2606:4700:3033::ac43:c223
2606:4700:3034::6815:4c71
2606:4700::6812:1b2e
2a00:1450:4001:80f::2003
1f836eaeae33629e1ac7c7a00c694834bc25e41fabdfa76e9e834d99870d2073
24cbee869b00fae01fdac5fbeae6ddf1bbaf83c4736cc3afb948d5550c6c3c76
28dd11d207cd598e6c01b8cd0c0af880854ebfa9f685a21a96cd10930e8db8b9
2ba9987967fe17a6362f5a84fc4d4f2154f98251722b8d21b5bdbc3ad5315375
3bcf04ca301e44f13f404c8a04aa4ae707f67a950e12ef30c238f96e784266a1
4533b9a6216135d9587e3b6f12ffa8f31809bfd230ece0b4d33ba5693c317588
68a2f9ab7ef936bdbd5dcbe91ddc19935783f0dd57e9fd029fbe154347c8471e
7121b1efb8e0f0d046ee0d75dfa119a3a9a314256cd61d2f3077ac805884cd23
71ff0b3910d3f6435ff1d88a269102210478c5428b0e13d122fb128d180e9dbc
72fca87c90604d555c5f2e70acc8127ac98beb86715f7ab285a5b5b2bf1e100c
74196bf7f5d6f255f88916658265fa05ee5807dedf5325c6f78a8478f0022d03
74e4c0ae633c69d7218afa49c833ebad0f84553b13dab144d5e83b99c1292930
7968ac80cb70787ce0dd669458350de9fba944ef72c7b45993bf94577826fda6
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
850e4450a98922714a0388b4487c3bed7ad7532585fc71a9888a4911ad859a7f
876093037f781c272c3bdffc16c85b4fd09040f73cf76fc093aa9145601daa17
a3182977201fa6b8098ac1d85f8980028a1b321bf318065f78d64ec62311504e
aeee4798187ee9fca02522036e335a4c60eff44d7487d4a1029416cd12890108
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
b74d7f76414dd056a620f408645ccbd0568c6e729ef98255ae620ca847adccdd
c98cbccebb81abc94eb8788a26f4fbce7a850443268ff0f42f0f4023255ed4cd
e0649d4eb055f4bbff9bab34a79d567ce33fe6eeef2c5b1ea9f571e8bd6598c5
e594db2b5116ce958acbd86be5ce0e4139c1e0871aadfef7ed9724536d73a6a8
ea8941214d90285f726c2b190e5c0c6f6fefa065b7996bbce36506b0d7e6fa9e
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016