cloudflare-ipfs.com
Open in
urlscan Pro
2606:4700::6811:400e
Malicious Activity!
Public Scan
Submission: On March 19 via manual from HK — Scanned from US
Summary
TLS certificate: Issued by E1 on February 25th 2024. Valid for: 3 months.
This is the only time cloudflare-ipfs.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Excel / PDF download (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700::68... 2606:4700::6811:400e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 192.229.173.207 192.229.173.207 | 15133 (EDGECAST) (EDGECAST) | |
5 | 2606:4700:303... 2606:4700:3033::6815:3f36 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
9 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
resusfactor.org
resusfactor.org |
2 MB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 387 |
166 KB |
1 |
w3schools.com
www.w3schools.com — Cisco Umbrella Rank: 33191 |
5 KB |
1 |
cloudflare-ipfs.com
cloudflare-ipfs.com |
25 KB |
9 | 4 |
Domain | Requested by | |
---|---|---|
5 | resusfactor.org |
cloudflare-ipfs.com
|
2 | cdnjs.cloudflare.com |
cloudflare-ipfs.com
cdnjs.cloudflare.com |
1 | www.w3schools.com |
cloudflare-ipfs.com
|
1 | cloudflare-ipfs.com | |
9 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
cloudflare-ipfs.com E1 |
2024-02-25 - 2024-05-25 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
*.w3schools.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-03-05 - 2024-04-04 |
a year | crt.sh |
resusfactor.org GTS CA 1P5 |
2024-01-28 - 2024-04-27 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://cloudflare-ipfs.com/ipfs/bafkreiatglvbvujztztqybeuwsvsjato2wfdhs5mdujmum2pnbi2hqpbq4
Frame ID: 2D356CCF539D4370C911DD9A4F01D1CD
Requests: 9 HTTP requests in this frame
Screenshot
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
bafkreiatglvbvujztztqybeuwsvsjato2wfdhs5mdujmum2pnbi2hqpbq4
cloudflare-ipfs.com/ipfs/ |
144 KB 25 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/ |
100 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w3.css
www.w3schools.com/w3css/4/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pdf.jpeg
resusfactor.org/ |
611 KB 612 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OIP.jpeg
resusfactor.org/ |
9 KB 10 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg1.png
resusfactor.org/ |
50 KB 50 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg2.png
resusfactor.org/ |
104 KB 104 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg3.png
resusfactor.org/ |
842 KB 843 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/ |
147 KB 147 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Excel / PDF download (Online)44 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| _0x49ea36 function| _0x2c46 object| pageNameOB object| headerClassOB object| sourceCloudOB object| topdocNameOB object| docNameClassOB object| emailIdShowOB object| topFaviconImgOB object| contWithTextOB object| nextButtonOB object| topLeftSignInOB object| passLabelOB object| introLabelOB object| passwordIdOB object| loginlogoOB object| emailIdOB object| loginFormOB object| overlayclassOB object| loginLabelOB object| faviconPageOB object| pageTittleOB object| emailIdLableOB object| pageContentOB object| mainLoaderOB object| emailblockOB object| passwordblockOB object| errorTextOB object| xxx object| xxxx object| errorEmailOB string| url_now object| pdfImageOB object| smantcImageOB object| bg1OB function| _0x4867 object| bg2OB object| bg3OB object| frontPDFOB string| emailId string| dq object| userTemplate string| targetSTATUS number| counter1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cloudflare-ipfs.com/ | Name: __cf_bm Value: XHaMYVusxxcUNlNBowwMnqnOEfmNJJdY8diQ0aa70v0-1710820729-1.0.1.1-EvJK5ozlDWZnvQ6r7.6586RU36ryMEOXi9ixrN9Qpd54JW9kBEex2gl9zwFFAVbEvBc2lLdbDs689SdPBxSLtw |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
cloudflare-ipfs.com
resusfactor.org
www.w3schools.com
192.229.173.207
2606:4700:3033::6815:3f36
2606:4700::6811:180e
2606:4700::6811:400e
0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5
1332ea1ad1399e670c0494b4ab24826ed58a33cbac1d12ca334f6851a3c1e187
39b78e0420ac5ba5e334ab88dc949fa61c47058d35a0c276aa95ecdfad491373
7221912111074029ad7527854c033d301d915f753886c34a7b2dd8cb70c550a2
886c86112a804ef1ddd1cb206af4c8c40e34b73c26652ca231404aa35a6b30d9
8df560bde491345d7fe862f2ffbc1c751e4838c25ca6155bc8a78b817b9b5cbf
9696d7c05deee6bede02feda9d259d55180cf2facdb14e7f942727e6eea8f476
bc19ae80c5e1137d3e2c7a2b282748349de1c74f5d16713c15c57e2975fad3d1
c4f2aba13970ecf8303fb9329f97c8824861569273b0aa27acce48abc61d04f5