run.plnkr.co
Open in
urlscan Pro
2606:4700:3033::681f:50d6
Malicious Activity!
Public Scan
Submission: On June 30 via manual from SA
Summary
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on January 30th 2020. Valid for: 8 months.
This is the only time run.plnkr.co was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700:303... 2606:4700:3033::681f:50d6 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:10:... 2606:4700:10::ac43:1526 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
1 |
iconfinder.com
cdn3.iconfinder.com |
10 KB |
1 |
plnkr.co
run.plnkr.co |
6 KB |
2 | 2 |
Domain | Requested by | |
---|---|---|
1 | cdn3.iconfinder.com |
run.plnkr.co
|
1 | run.plnkr.co | |
2 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2020-01-30 - 2020-10-09 |
8 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://run.plnkr.co/plunks/byRPJXnnx7HKjkk6/
Frame ID: 9E7403EBD4FDD7FF1888E1D6A598D636
Requests: 3 HTTP requests in this frame
Screenshot
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
2 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
run.plnkr.co/plunks/byRPJXnnx7HKjkk6/ |
39 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
internt_web_technology-13-512.png
cdn3.iconfinder.com/data/icons/internet-and-web-4/78/ |
9 KB 10 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| startTimer function| checkSecond1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.plnkr.co/ | Name: __cfduid Value: dbcc0fbbbe29eeca38d9790e141c384eb1593510698 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn3.iconfinder.com
run.plnkr.co
2606:4700:10::ac43:1526
2606:4700:3033::681f:50d6
340731dede31f14fd399a1720ad8d768d3df2f37b4388631e02b7fac5cac38a5
9b83f1881052e72353c19ed7e4e583068f90af6e2c501f551fbd71f2a4cd7095
cdd666bf866b3aaba311acc79ebc0b780690651c42bd14efc7228a373a9263a7