cloudflare-ipfs.com
Open in
urlscan Pro
2606:4700::6811:400e
Malicious Activity!
Public Scan
Submission: On April 30 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by E1 on April 24th 2024. Valid for: 3 months.
This is the only time cloudflare-ipfs.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Dropbox (Consumer) Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 5 | 2606:4700::68... 2606:4700::6811:400e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 18.235.65.101 18.235.65.101 | 14618 (AMAZON-AES) (AMAZON-AES) | |
3 | 2606:4700:303... 2606:4700:3036::6815:1b98 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:828::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
14 | 7 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-18-235-65-101.compute-1.amazonaws.com
alder-hilarious-barometer.glitch.me |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
cloudflare-ipfs.com
1 redirects
cloudflare-ipfs.com |
79 KB |
3 |
fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1230 |
99 KB |
3 |
glitch.me
alder-hilarious-barometer.glitch.me |
79 KB |
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1139 |
36 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 231 |
7 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 363 |
31 KB |
14 | 6 |
Domain | Requested by | |
---|---|---|
5 | cloudflare-ipfs.com |
1 redirects
cloudflare-ipfs.com
|
3 | use.fontawesome.com |
cloudflare-ipfs.com
use.fontawesome.com |
3 | alder-hilarious-barometer.glitch.me |
cloudflare-ipfs.com
|
2 | maxcdn.bootstrapcdn.com |
cloudflare-ipfs.com
|
1 | cdnjs.cloudflare.com |
cloudflare-ipfs.com
|
1 | ajax.googleapis.com |
cloudflare-ipfs.com
|
14 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
cloudflare-ipfs.com E1 |
2024-04-24 - 2024-07-23 |
3 months | crt.sh |
glitch.com Amazon RSA 2048 M03 |
2023-12-04 - 2025-01-01 |
a year | crt.sh |
use.fontawesome.com Cloudflare Inc ECC CA-3 |
2023-10-12 - 2024-10-10 |
a year | crt.sh |
bootstrapcdn.com GTS CA 1P5 |
2024-03-27 - 2024-06-25 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-04-08 - 2024-07-01 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://cloudflare-ipfs.com/ipfs/QmXWKJqSnqE7ALAYFBK9Hg4sXWHESmnD5Qpkcpuoxuib1Q
Frame ID: 44BF442FCB0F64A2A824399D7FCF1A30
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
Shared Files - OneDrivePage URL History Show full URLs
- https://cloudflare-ipfs.com/ipfs/QmXWKJqSnqE7ALAYFBK9Hg4sXWHESmnD5Qpkcpuoxuib1Q Page URL
-
https://cloudflare-ipfs.com/cdn-cgi/phish-bypass?atok=7FdVL.gw9j_hymWL47QeJDSzcn1yqJ5fCqSjAdvkjG0-171443...
HTTP 301
https://cloudflare-ipfs.com/ipfs/QmXWKJqSnqE7ALAYFBK9Hg4sXWHESmnD5Qpkcpuoxuib1Q Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Popper (Miscellaneous) Expand
Detected patterns
- /popper\.js/([0-9.]+)
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://cloudflare-ipfs.com/ipfs/QmXWKJqSnqE7ALAYFBK9Hg4sXWHESmnD5Qpkcpuoxuib1Q Page URL
-
https://cloudflare-ipfs.com/cdn-cgi/phish-bypass?atok=7FdVL.gw9j_hymWL47QeJDSzcn1yqJ5fCqSjAdvkjG0-1714439264-0.0.1.1-%2Fipfs%2FQmXWKJqSnqE7ALAYFBK9Hg4sXWHESmnD5Qpkcpuoxuib1Q
HTTP 301
https://cloudflare-ipfs.com/ipfs/QmXWKJqSnqE7ALAYFBK9Hg4sXWHESmnD5Qpkcpuoxuib1Q Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
QmXWKJqSnqE7ALAYFBK9Hg4sXWHESmnD5Qpkcpuoxuib1Q
cloudflare-ipfs.com/ipfs/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cf.errors.css
cloudflare-ipfs.com/cdn-cgi/styles/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-exclamation.png
cloudflare-ipfs.com/cdn-cgi/images/ |
452 B 634 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
QmXWKJqSnqE7ALAYFBK9Hg4sXWHESmnD5Qpkcpuoxuib1Q
cloudflare-ipfs.com/ipfs/ Redirect Chain
|
398 KB 72 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.css
alder-hilarious-barometer.glitch.me/ |
5 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
check.css
alder-hilarious-barometer.glitch.me/ |
1 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.css
alder-hilarious-barometer.glitch.me/ |
71 KB 72 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.css
use.fontawesome.com/releases/v5.7.0/css/ |
53 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ |
141 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ |
48 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
11 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-regular-400.woff2
use.fontawesome.com/releases/v5.7.0/webfonts/ |
13 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.woff2
use.fontawesome.com/releases/v5.7.0/webfonts/ |
73 KB 73 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Dropbox (Consumer) Generic Cloudflare (Online)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| Popper object| bootstrap2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cloudflare-ipfs.com/ | Name: __cf_mw_byp Value: 7FdVL.gw9j_hymWL47QeJDSzcn1yqJ5fCqSjAdvkjG0-1714439264-0.0.1.1-/ipfs/QmXWKJqSnqE7ALAYFBK9Hg4sXWHESmnD5Qpkcpuoxuib1Q |
|
cloudflare-ipfs.com/ | Name: __cf_bm Value: k8mfh9vbcSvvoQVR7cU8CK1VjjFBnaUoQH5fjf0DbQc-1714439269-1.0.1.1-ykhxef5gS4j7qtY869JKRAYZT3liyOG1GjbYox4L5QfqPmgiBSt._pwCbWyY5qQvtgE71Z5zimuRetebJFbAyQ |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
alder-hilarious-barometer.glitch.me
cdnjs.cloudflare.com
cloudflare-ipfs.com
maxcdn.bootstrapcdn.com
use.fontawesome.com
18.235.65.101
2606:4700:3036::6815:1b98
2606:4700::6811:190e
2606:4700::6811:400e
2606:4700::6812:bcf
2a00:1450:4001:828::200a
152a5d57a6f2540659a44f2dd7b89ff1503bb4bc7eb37592698fbfbcc3136a08
2372b42d2afc39267393e1c7263ece4bdc7915794f447dc344a464d5ac0097ee
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
3275b19201e60d9da8a8d6cfc1142a8d24ccb38651bed6c6ca6936833d255c75
47f7901b4ab01ff5544474bbe0f50c38331f8b3d1e7ce503ee0c7c807b45e57c
530cb4c29b444dc89dd73a4e0812f803be98d3448a48edca8aafdbc55a0b97eb
5a15ab5506fd2f4dd56632388ae13f93265bd2fb241b8cdc086246ed3ec4c8e5
63e5f7daca8a12698a23826e656d8b9d078a81d5b6289d79b92f35976bd6ed66
658cf43db24e9d4c57890e958aa74656a13139754de24f19e706f0a355279e4d
6ad9c100b8c65f735e2b9d0e4b2f6df37ec87499856f73a5ae858b772b4a482e
79569bbf98e046743427673c2f59a9649ee833f2a9089b2e6497d435b5fe1b09
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
ab96691d78536247ca2ab64aac5af744cf699926fa30d393ae859c9fa803b42c
afdc6bf2de981ffd7d370b76f44e7580572f197efbe214b9cfa4005d189d8eae
b0ea10451375696df008df1ce02167284547e9803c10196d66f0ae79fe3c08ab
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f197d9da74ec12bcfeb42f4ace83d2b31b2dd06c70a60aa8f9d89c8f58efa9e3
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d