cloudflare-ipfs.com
Open in
urlscan Pro
2606:4700::6811:400e
Malicious Activity!
Public Scan
Effective URL: https://cloudflare-ipfs.com/ipfs/QmVXAPKLEnNuExsYCfjHEureHNufrU6Sz3MCTkZaCc21Lj
Submission: On February 15 via manual from ES — Scanned from ES
Summary
TLS certificate: Issued by E1 on December 28th 2023. Valid for: 3 months.
This is the only time cloudflare-ipfs.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OneDrive (Online) Adobe (Consumer) Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 34.233.171.34 34.233.171.34 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 2606:4700::68... 2606:4700::6811:400e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a04:4e42:200... 2a04:4e42:200::649 | 54113 (FASTLY) (FASTLY) | |
1 | () () | ||
6 | 5 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-233-171-34.compute-1.amazonaws.com
royal-agate-seal.glitch.me | |
whip-snowy-flavor.glitch.me |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
glitch.me
royal-agate-seal.glitch.me whip-snowy-flavor.glitch.me |
1 KB |
2 |
cloudflare-ipfs.com
cloudflare-ipfs.com |
346 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 940 |
30 KB |
6 | 3 |
Domain | Requested by | |
---|---|---|
2 | cloudflare-ipfs.com |
cloudflare-ipfs.com
|
2 | whip-snowy-flavor.glitch.me | |
1 | code.jquery.com |
cloudflare-ipfs.com
|
1 | royal-agate-seal.glitch.me | |
6 | 4 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
glitch.com Amazon RSA 2048 M03 |
2023-12-04 - 2025-01-01 |
a year | crt.sh |
cloudflare-ipfs.com E1 |
2023-12-28 - 2024-03-27 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://cloudflare-ipfs.com/ipfs/QmVXAPKLEnNuExsYCfjHEureHNufrU6Sz3MCTkZaCc21Lj
Frame ID: FAF4112F9259D1FBA85131A0AFD43C14
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
Share Point OnlinePage URL History Show full URLs
- https://royal-agate-seal.glitch.me/ Page URL
- https://whip-snowy-flavor.glitch.me/2.htm Page URL
- https://whip-snowy-flavor.glitch.me/ Page URL
- https://cloudflare-ipfs.com/ipfs/QmVXAPKLEnNuExsYCfjHEureHNufrU6Sz3MCTkZaCc21Lj Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: Sign in with Outlook
Search URL Search Domain Scan URL
Title: Sign in with Aol
Search URL Search Domain Scan URL
Title: Sign in with Office365
Search URL Search Domain Scan URL
Title: Sign in with Yahoo!
Search URL Search Domain Scan URL
Title: Sign in with Gmail
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://royal-agate-seal.glitch.me/ Page URL
- https://whip-snowy-flavor.glitch.me/2.htm Page URL
- https://whip-snowy-flavor.glitch.me/ Page URL
- https://cloudflare-ipfs.com/ipfs/QmVXAPKLEnNuExsYCfjHEureHNufrU6Sz3MCTkZaCc21Lj Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
royal-agate-seal.glitch.me/ |
89 B 450 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.htm
whip-snowy-flavor.glitch.me/ |
84 B 444 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
whip-snowy-flavor.glitch.me/ |
127 B 488 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
QmVXAPKLEnNuExsYCfjHEureHNufrU6Sz3MCTkZaCc21Lj
cloudflare-ipfs.com/ipfs/ |
2 MB 346 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.1.min.js
code.jquery.com/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
52937a3e-ae0e-484d-a4a7-b92f4e156c19
https://cloudflare-ipfs.com/ |
390 KB 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
30 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
771 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
26 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
18 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
18 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
21 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
157 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OneDrive (Online) Adobe (Consumer) Generic (Online)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cloudflare-ipfs.com/ | Name: __cf_bm Value: PCdUqmOycJ9oKJc.dFwPK5UnBDGb0z649by7d0l9d_Q-1708011999-1.0-AQXEHFzhRjpE1GIcLgVEHOVXsOLjXvQMzHKPLuLEwyMT3snxqV8+eKgnD5kS55QDQyLxxe0unx3u61s8SiXOzu0= |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cloudflare-ipfs.com
code.jquery.com
royal-agate-seal.glitch.me
whip-snowy-flavor.glitch.me
2606:4700::6811:400e
2a04:4e42:200::649
34.233.171.34
26c62dbdf527b8dcbf378ea62f129cbbba3b244730687909ba21ecd729c9d2e6
3a9b144d6482b78afc4e0a940a1d3c22240f14fa535b808cf4dab9635339569f
57898461712a639d119bdf88b7145919dcc8956c7a271d2e4a1084b29eae6785
5848062cffa5ec97a99a28d18c90c420146608ffea41abbb59fa10b34b7a63a4
66de1b4630bf6702a229d32c167f5485f9cf961fdbb82cdea4e4b3c132c2df22
6bcb7d5c458227a1fe24b5e4545a1ebbbe293f46df9fed4834831527d4099e16
7829f065e0e10c8466f3d57766e0719421b7b652f6a1082f21b98702f1b28a30
a2f26b68a6c8810c1aeb4048c938f835a86ba83756a7a440f989b967e78f3ba8
aad24ed5f36320964c515b9889cb2943bbf830b40703999ad3976fce8176e554
b4ad7fcfbf9d34771d8f3880b3f8dc4d894e0243241befea655d4fc022574bd3
f8a8cf4f1928938c796e2f35f8c21b0d510d4e3f16e016ee83d1f206f8ebde14