urlscan.io logo urlscan.io
SecurityTrails logo

run.plnkr.co Open in urlscan Pro
2606:4700:3033::681f:50d6  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://run.plnkr.co/plunks/byRPJXnnx7HKjkk6/
Submission: On June 30 via manual from SA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 2 HTTP transactions. The main IP is 2606:4700:3033::681f:50d6, located in United States and belongs to CLOUDFLARENET, US. The main domain is run.plnkr.co.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on January 30th 2020. Valid for: 8 months.
This is the only time run.plnkr.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
2 3
Apex Domain
Subdomains		 Transfer
1 iconfinder.com
cdn3.iconfinder.com
10 KB
1 plnkr.co
run.plnkr.co
6 KB
2 2
Domain Requested by
1 cdn3.iconfinder.com run.plnkr.co
1 run.plnkr.co
2 2

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-01-30 -
2020-10-09		 8 months crt.sh

This page contains 1 frames:

Primary Page: https://run.plnkr.co/plunks/byRPJXnnx7HKjkk6/
Frame ID: 9E7403EBD4FDD7FF1888E1D6A598D636
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

2
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

16 kB
Transfer

51 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
run.plnkr.co/plunks/byRPJXnnx7HKjkk6/ 		39 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://run.plnkr.co/plunks/byRPJXnnx7HKjkk6/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681f:50d6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9b83f1881052e72353c19ed7e4e583068f90af6e2c501f551fbd71f2a4cd7095

Request headers

:method
GET
:authority
run.plnkr.co
:scheme
https
:path
/plunks/byRPJXnnx7HKjkk6/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Tue, 30 Jun 2020 09:51:38 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=dbcc0fbbbe29eeca38d9790e141c384eb1593510698; expires=Thu, 30-Jul-20 09:51:38 GMT; path=/; domain=.plnkr.co; HttpOnly; SameSite=Lax
cache-control
no-cache
vary
accept-encoding
cf-cache-status
DYNAMIC
cf-request-id
03a63cb5a400001f251281b200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5ab6fd690afd1f25-FRA
content-encoding
br
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cdd666bf866b3aaba311acc79ebc0b780690651c42bd14efc7228a373a9263a7

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
internt_web_technology-13-512.png
cdn3.iconfinder.com/data/icons/internet-and-web-4/78/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn3.iconfinder.com/data/icons/internet-and-web-4/78/internt_web_technology-13-512.png
Requested by
Host: run.plnkr.co
URL: https://run.plnkr.co/plunks/byRPJXnnx7HKjkk6/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:1526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
340731dede31f14fd399a1720ad8d768d3df2f37b4388631e02b7fac5cac38a5
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://run.plnkr.co/plunks/byRPJXnnx7HKjkk6/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 30 Jun 2020 09:51:38 GMT
via
1.1 vegur
x-content-type-options
nosniff
cf-cache-status
HIT
age
120218
cf-polished
origFmt=png, origSize=10424
status
200
content-disposition
inline; filename="internt_web_technology-13-512.webp"
vary
Accept
x-amz-request-id
98B36E8EFA15315E
x-amz-id-2
hL0+HJv2e/AEmHZ+V0IsMHO+Y6gKkiiEsVpn9XNBk5XzLG7cmsDEs0n3yNDRhk5lHGc92lrhPRo=
accept-ranges
bytes
last-modified
Mon, 16 Oct 2017 15:32:48 GMT
server
cloudflare
etag
"64b04190c66a7abb0b0c592543b8e990"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-type
image/webp
access-control-allow-origin
*
expires
Thu, 31 Dec 2037 23:55:55 GMT
cache-control
max-age=315360000
x-amz-version-id
CnAxHP2qXzaWJkr5_3LKmXh53HPbs5l0
cf-request-id
03a63cb6e30000d6c97d391200000001
content-length
9082
cf-ray
5ab6fd6b0e62d6c9-FRA
cf-bgj
imgq:100,h2pri

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| startTimer function| checkSecond

1 Cookies

Domain/Path Name / Value
.plnkr.co/ Name: __cfduid
Value: dbcc0fbbbe29eeca38d9790e141c384eb1593510698

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn3.iconfinder.com
run.plnkr.co
2606:4700:10::ac43:1526
2606:4700:3033::681f:50d6
340731dede31f14fd399a1720ad8d768d3df2f37b4388631e02b7fac5cac38a5
9b83f1881052e72353c19ed7e4e583068f90af6e2c501f551fbd71f2a4cd7095
cdd666bf866b3aaba311acc79ebc0b780690651c42bd14efc7228a373a9263a7