fiddle.jshell.net
Open in
urlscan Pro
45.55.126.88
Malicious Activity!
Public Scan
Submission: On April 12 via manual from JP
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on February 22nd 2020. Valid for: 3 months.
This is the only time fiddle.jshell.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Crypto (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 45.55.126.88 45.55.126.88 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
1 | 2a00:1450:400... 2a00:1450:4001:818::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:3b | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
2 | 152.199.21.147 152.199.21.147 | 15133 (EDGECAST) (EDGECAST) | |
5 | 2606:4700::68... 2606:4700::6810:7791 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 2606:2800:134... 2606:2800:134:1a0d:1429:742:782:b6 | 15133 (EDGECAST) (EDGECAST) | |
1 | 13.225.73.25 13.225.73.25 | 16509 (AMAZON-02) (AMAZON-02) | |
3 | 2606:4700::68... 2606:4700::6810:7991 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
26 | 9 |
ASN16509 (AMAZON-02, US)
PTR: server-13-225-73-25.fra2.r.cloudfront.net
avatars.io |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
medium.com
miro.medium.com glyph.medium.com |
219 KB |
8 |
jshell.net
fiddle.jshell.net |
36 KB |
5 |
twimg.com
pbs.twimg.com |
99 KB |
2 |
tumblr.com
static.tumblr.com |
574 KB |
1 |
avatars.io
avatars.io |
13 KB |
1 |
jquery.com
code.jquery.com |
30 KB |
1 |
googleapis.com
fonts.googleapis.com |
555 B |
26 | 7 |
Domain | Requested by | |
---|---|---|
8 | fiddle.jshell.net |
fiddle.jshell.net
|
5 | pbs.twimg.com |
fiddle.jshell.net
|
5 | miro.medium.com |
fiddle.jshell.net
|
3 | glyph.medium.com |
fiddle.jshell.net
|
2 | static.tumblr.com |
fiddle.jshell.net
|
1 | avatars.io |
fiddle.jshell.net
|
1 | code.jquery.com |
fiddle.jshell.net
|
1 | fonts.googleapis.com |
fiddle.jshell.net
|
26 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
fiddle.jshell.net Let's Encrypt Authority X3 |
2020-02-22 - 2020-05-22 |
3 months | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-03-24 - 2020-06-16 |
3 months | crt.sh |
jquery.org COMODO RSA Domain Validation Secure Server CA |
2018-10-17 - 2020-10-16 |
2 years | crt.sh |
tumblr.com DigiCert SHA2 Extended Validation Server CA |
2019-08-08 - 2021-08-12 |
2 years | crt.sh |
*.medium.com DigiCert SHA2 Secure Server CA |
2018-07-31 - 2020-09-09 |
2 years | crt.sh |
*.twimg.com DigiCert SHA2 High Assurance Server CA |
2019-11-12 - 2020-11-18 |
a year | crt.sh |
avatars.io Amazon |
2019-05-20 - 2020-06-20 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://fiddle.jshell.net/mhbs6wx5/show/?gf
Frame ID: 06A3D86CDE8C3EE134A189CDF718BA0A
Requests: 5 HTTP requests in this frame
Frame:
https://fiddle.jshell.net/mhbs6wx5/show/light/
Frame ID: 2871D3B6EBD8ACB871B58FF955456F0E
Requests: 24 HTTP requests in this frame
Screenshot
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Google Font API (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
fiddle.jshell.net/mhbs6wx5/show/ |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
highlight.pack.js
fiddle.jshell.net/js/embed/ |
18 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
embed.js
fiddle.jshell.net/js/embed/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
embed-light.css
fiddle.jshell.net/css/embed/ |
7 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
1 KB 555 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
fiddle.jshell.net/mhbs6wx5/show/light/ Frame 2871 |
100 KB 19 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dummy.js
fiddle.jshell.net/js/lib/ Frame 2871 |
0 191 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
result-light.css
fiddle.jshell.net/css/ Frame 2871 |
29 B 230 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.4.1.min.js
code.jquery.com/ Frame 2871 |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m2.css
static.tumblr.com/bejxdgc/NDhpx23f1/ Frame 2871 |
64 KB 64 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main-branding-base.css
static.tumblr.com/bejxdgc/H7hpx23gv/ Frame 2871 |
510 KB 510 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0*7BnzmbPe0EWkT0wh.jpg
miro.medium.com/fit/c/48/48/ Frame 2871 |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1UATD6Vui-5Xa4Vb2QAOtbg_002.png
fiddle.jshell.net/mhbs6wx5/show/light/index_files/ Frame 2871 |
2 KB 2 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1*K8VfhFXX02rUgFJ4PNJnpQ.jpeg
miro.medium.com/max/1000/ Frame 2871 |
144 KB 144 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0*V4KAYJF9WB-Cvxfi.jpg
miro.medium.com/fit/c/160/160/ Frame 2871 |
12 KB 12 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1*tIWs8Qk_-H0ANcEVDFGLsg.png
miro.medium.com/max/240/ Frame 2871 |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1*mdJWWVTfTd7LMbR1pZvZ0A.jpeg
miro.medium.com/max/240/ Frame 2871 |
15 KB 16 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aVq2oAP-_normal.jpg
pbs.twimg.com/profile_images/1006221503548059657/ Frame 2871 |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
a3a234d295e0a5824b856d5ddf228d0c_bigger.jpeg
pbs.twimg.com/profile_images/2924807632/ Frame 2871 |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
large
avatars.io/twitter/AlexCobb_/ Frame 2871 |
12 KB 13 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4ZyABl-E_400x400.jpg
pbs.twimg.com/profile_images/1178449867590512640/ Frame 2871 |
31 KB 31 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pTlu6wrD_400x400.jpg
pbs.twimg.com/profile_images/1076901702102597632/ Frame 2871 |
46 KB 46 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
VItKwBD2_400x400.jpg
pbs.twimg.com/profile_images/817962897011867651/ Frame 2871 |
18 KB 18 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 2871 |
14 KB 14 KB |
Font
font/opentype |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fell-400-normal.woff
glyph.medium.com/font/78ce731/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ Frame 2871 |
14 KB 14 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 2871 |
15 KB 15 KB |
Font
font/opentype |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
charter-700-normal.woff
glyph.medium.com/font/f50d520/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ Frame 2871 |
10 KB 11 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 2871 |
14 KB 14 KB |
Font
font/opentype |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marat-sans-600-normal.woff
glyph.medium.com/font/6f4b679/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ Frame 2871 |
15 KB 15 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Crypto (Crypto Exchange)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| hljs undefined| height object| force_height string| slug string| show_src number| resize_element_counter string| shell_edit_url object| EmbedManager2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
fiddle.jshell.net/ | Name: _jsfiddle_session Value: MkdTUGtkQ3I2aFhYV1RBUy9aQ0JvMnMvdHc3aXE1YmJIMmVpRG1rY3RhUUMzanJHSFV4S1JaYUFXRkxDWHJtY2paSjdUb04rT244aXVZK2pvSUNvM2hFRkxYRkVPSDh5UmJFVUp4cjg4SE5pbXRESzl5NWhQTTZFOS9kUEV2NGRxRUFmU3lnWEdqdkEvRGZSQXUxSndBPT0tLTUyMUU0bWVSZTg2SUFhRGxhT3BQYnc9PQ%3D%3D--8e016a5dd8561c696c94cf40f10f17dd52d98c9e |
|
fiddle.jshell.net/ | Name: csrftoken Value: jwyw2rTG6LS9Pdc1WjXI0eOwlVjWJj84AGK4saHgztpTzbZGrihIi%2Bu%2BHsHataN%2BkoYEGT7jq5pEUUnTBro18A%3D%3D |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Frame-Options | ALLOWALL |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
avatars.io
code.jquery.com
fiddle.jshell.net
fonts.googleapis.com
glyph.medium.com
miro.medium.com
pbs.twimg.com
static.tumblr.com
13.225.73.25
152.199.21.147
2001:4de0:ac19::1:b:3b
2606:2800:134:1a0d:1429:742:782:b6
2606:4700::6810:7791
2606:4700::6810:7991
2a00:1450:4001:818::200a
45.55.126.88
06c91a82be00f2961fde70cdee401a0f62c75c86539a7c87ffd16edb87d8357c
07a2b5342c8e9edea70f2ca4c923058e2808c1f1e279b94452f8d269f18b4545
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
198f7f8d32f771479af26f52469b8dd04dc50cd187aceb661dd3beeffaa2aebc
29e89f00341d65ffbab6fdfce78f7e42a1daf4bda2e3615ad9466e2ce47760ef
31ce12605ac90c6218f74f3f8365f923d69269345b0cb46e32b4feb868143428
33a2746fd0b359d03ba728dc7f70d1d8fb7aac02425524fe1771ae2e19c6b8ef
41532aec4c3a3a0747ca853b064ef7a96483a95798a6526974ec043997e2ccf9
484f089658ef569f6b1ae925790eab6880fc8fab96698c8ec9970281109a7474
5bf8a2bf795b3af4a7d3e5ef848718c6d6fd081e0799f5af777b6d857c92cf2b
79756e53a42ec454c0443ea89676f87544c34c6a492476c8e5730e0164b6bd6e
88c246f58844411c9cdf8f8057e4ae96c69e6ba29b892f1ea3154f9912c3f372
8c16cea95eec6f9f7932b7571e6ee2f375f89cd5bdcc955b05a7c09619c8c0aa
8ed4d5864bd422a465a7a7cb8270d1cfbd7d7bb28b47a70da3b10e45562bf9c0
93967dd8cd4cccff9075fd0165b3b2f50c94d43150b9bd2dc12fb8770fa44e1d
99a9df080944a29084bf6f88ccc49b1f3a0cee1aed655c640ca433871a6af398
99dacff4ea7603fb33484a77a632cb1d805b2fff84f477934abc360977eef115
a214e8a9da8a7b9eeab2eaf27bd569cfdf5bf41fc7d3cbf09c93b20238ceaa87
be9a62a389ef14e5aa7c9c7ef9f7bec271ecce1f86aa8f0cdcc9a5e3acf7948e
bf82b5b7148bf7f3ae01c94d29508087c09fa250768f4e54f015e6b02816487f
c3e568b8600083d2343ae7a3849df66cbe77608ae46d57d5192508a4cfac4221
cb31d2d43efc714642919af84920177170837267c64a8fd3cec95889f83cc276
d1de21730854ea4db035a81914cb0bd57aa74d715af6f89b46a2d002917ca1ed
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e50c7f011fb1efc8e70b8ad32391fb3d02b1120a89632d1a3fac4d3a81876304
e8d3c5235501768e2a627d038545f64002d441aa438bb93b51b7e837cddf5b1f
eb6716cc505aa72734bf11ebfd6c604e1136e11e8ab017f8a405b3ae73f633b1
f57137897a4e676f0d2199b79def1a95b253a1a938dff9d8ba10519f3beb2b08
ff4c91bf9cb91b2fb2e0344577754e3f2ade240aa8d8d8db0171901c9115feb1