cloudflare-ipfs.com
Open in
urlscan Pro
104.17.96.13
Malicious Activity!
Public Scan
Effective URL: https://cloudflare-ipfs.com/ipfs/bafybeiezbtzgrfmsij3l4l65eysw3r2nzu4l6rjgovaatkc4wqjxjne2zm/juno.html
Submission Tags: @phish_report
Submission: On May 09 via api from FI — Scanned from FI
Summary
TLS certificate: Issued by E1 on April 24th 2024. Valid for: 3 months.
This is the only time cloudflare-ipfs.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Juno (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 104.17.96.13 104.17.96.13 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
11 | 64.136.53.68 64.136.53.68 | 13446 (AS-NETZERO) (AS-NETZERO) | |
1 | 64.136.53.83 64.136.53.83 | 13446 (AS-NETZERO) (AS-NETZERO) | |
1 | 64.136.45.178 64.136.45.178 | 13446 (AS-NETZERO) (AS-NETZERO) | |
1 | 64.136.53.32 64.136.53.32 | 13446 (AS-NETZERO) (AS-NETZERO) | |
15 | 5 |
ASN13446 (AS-NETZERO, US)
PTR: account.vgs.juno.com
account.juno.com |
ASN13446 (AS-NETZERO, US)
PTR: webmail.vgs.netzero.net
webmail.uolstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
juno.com
account.juno.com — Cisco Umbrella Rank: 678094 store.juno.com track.juno.com — Cisco Umbrella Rank: 253711 |
50 KB |
1 |
uolstatic.com
webmail.uolstatic.com — Cisco Umbrella Rank: 213292 |
31 KB |
1 |
cloudflare-ipfs.com
cloudflare-ipfs.com |
7 KB |
15 | 3 |
Domain | Requested by | |
---|---|---|
11 | account.juno.com |
cloudflare-ipfs.com
account.juno.com |
1 | track.juno.com |
cloudflare-ipfs.com
|
1 | store.juno.com |
cloudflare-ipfs.com
|
1 | webmail.uolstatic.com |
cloudflare-ipfs.com
|
1 | cloudflare-ipfs.com | |
15 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.juno.com |
account.juno.com |
store.juno.com |
my.juno.com |
www.untd.com |
www.netzero.net |
www.mysite.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
cloudflare-ipfs.com E1 |
2024-04-24 - 2024-07-23 |
3 months | crt.sh |
account.juno.com Go Daddy Secure Certificate Authority - G2 |
2023-07-07 - 2024-07-19 |
a year | crt.sh |
webmail.netzero.net Go Daddy Secure Certificate Authority - G2 |
2023-07-12 - 2024-08-12 |
a year | crt.sh |
store.juno.com Go Daddy Secure Certificate Authority - G2 |
2023-05-10 - 2024-05-22 |
a year | crt.sh |
track.netzero.net Go Daddy Secure Certificate Authority - G2 |
2023-09-14 - 2024-09-25 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://cloudflare-ipfs.com/ipfs/bafybeiezbtzgrfmsij3l4l65eysw3r2nzu4l6rjgovaatkc4wqjxjne2zm/juno.html
Frame ID: 1171BCA892C031F233F574D71613150C
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
Juno - My Account - Value-priced Internet Service Provider - ISP - Free, low-cost and fast Internet AccessPage URL History Show full URLs
-
http://cloudflare-ipfs.com/ipfs/bafybeiezbtzgrfmsij3l4l65eysw3r2nzu4l6rjgovaatkc4wqjxjne2zm/juno.html
HTTP 307
https://cloudflare-ipfs.com/ipfs/bafybeiezbtzgrfmsij3l4l65eysw3r2nzu4l6rjgovaatkc4wqjxjne2zm/juno.html Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
15 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: SUPPORT
Search URL Search Domain Scan URL
Title: password
Search URL Search Domain Scan URL
Title: sign in issues
Search URL Search Domain Scan URL
Title: Juno Store
Search URL Search Domain Scan URL
Title: My Juno
Search URL Search Domain Scan URL
Title: My Account
Search URL Search Domain Scan URL
Title: Our Services
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Your Privacy Rights: Do Not Sell My Info
Search URL Search Domain Scan URL
Title: About Ads
Search URL Search Domain Scan URL
Title: Terms of Service
Search URL Search Domain Scan URL
Title: United Online
Search URL Search Domain Scan URL
Title: NetZero
Search URL Search Domain Scan URL
Title: MySite
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://cloudflare-ipfs.com/ipfs/bafybeiezbtzgrfmsij3l4l65eysw3r2nzu4l6rjgovaatkc4wqjxjne2zm/juno.html
HTTP 307
https://cloudflare-ipfs.com/ipfs/bafybeiezbtzgrfmsij3l4l65eysw3r2nzu4l6rjgovaatkc4wqjxjne2zm/juno.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
juno.html
cloudflare-ipfs.com/ipfs/bafybeiezbtzgrfmsij3l4l65eysw3r2nzu4l6rjgovaatkc4wqjxjne2zm/ Redirect Chain
|
20 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common-j.css
account.juno.com/static/account/view/css/ |
52 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jQuery.js
webmail.uolstatic.com/js_c/l/jq/3.6.0/ |
87 KB 31 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.dcjqaccordion.2.7.min.js
account.juno.com/static/account/view/js/ |
7 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common.js
account.juno.com/static/account/view/js/ |
120 KB 24 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
j_logo-black.gif
account.juno.com/static/account/view/img/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
j_sign-in-btn.gif
account.juno.com/static/account/view/img/ |
2 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
j_signin-issue.gif
account.juno.com/static/account/view/img/ |
470 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
j_netzero-store.gif
account.juno.com/static/account/view/img/ |
402 B 984 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common-print.css
account.juno.com/static/account/view/css/ |
388 B 858 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
event.do
store.juno.com/account/ |
43 B 756 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pv
track.juno.com/s/ |
43 B 506 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
j_header-keyline.gif
account.juno.com/static/account/view/img/ |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
j_sign-in-btn.gif
account.juno.com/static/account/view/img/ |
2 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
webicon_j.ico
account.juno.com/static/account/view/img/ |
1 KB 1 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Juno (Telecommunication)132 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| brandLetterLC function| $ function| jQuery string| href undefined| buttonLocation boolean| flagBills boolean| handsetUsage boolean| buttonShippingStauts boolean| errorFlag boolean| errorFlag1 boolean| errorFlag2 function| getCookieValue function| getCookieDomain function| setCookieValue object| d boolean| safari function| gebtn function| check_it function| turn_radio function| reverse function| logonValidate function| TabNext function| getAbsDimension function| showTip function| hideTip function| showEstimated function| showUPS function| collapseSummary function| changeSliderLight function| changeSliderWarp function| vpnAlertOverlay function| displayOrderCdOverlay function| displayTollfreeOverlay function| showUpgradeOverlay function| showDatashieldCancelOverlay function| showPaypalCancelOverlay function| helpNumbersOverlay function| showUmwb function| displayOverlay function| updateOverlayContent function| showConfOverlayContent function| showLoadingOverlay function| hideOverlay function| goToUrl function| selectTab function| changeClass function| addEvent function| removeEvent function| getIfrDoc function| setIfrHeight function| getQueryString function| createDateinJS function| updateSelectListValue function| ReloadUsage function| setIframeHeight function| setDynIframeHeight function| changePaymentInfo function| secretAnswerPop function| pwdStrengthPop function| pwdStrengthPopN function| faqPop function| rulesPop function| softwarePop function| securePop function| securePopEpay function| securePopN function| editRhinobootAddress function| tosbillingauthpop function| rights function| termsOfServicePop function| termsOfServiceEpay function| getEmailaddress function| submitForm function| pageWidth function| pageHeight function| getScrollX function| getScrollY undefined| tooltipTimer function| hideToolTip function| displayToolTipPrevious function| displayToolTipOutstanding function| findPosX function| findPosY function| onlyCaptcha function| positionOverlay function| getPageSize function| getPageScroll string| phoneNumber string| areacode string| prefix string| suffix function| addErrorPhone function| phoneNoFormat function| phoneNoFormat1 string| capid function| areCookiesEnabled function| getPhoneNumber string| expire function| myErrorHandler string| store function| popup string| overridePageName object| member object| session object| order function| rememberJN boolean| pseudo_jn object| nz boolean| jn object| env string| pagename string| myRefcd string| memberId function| trkEvent function| Set_Cookie function| Get_Cookie string| params2Str object| temp string| servlet string| refcd string| cf string| flowid string| serverType string| omEnv string| pname boolean| track object| pagesToTrack undefined| offer undefined| device undefined| notes function| testForMSIE927917 function| logPageView2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cloudflare-ipfs.com/ | Name: __cf_bm Value: hByQoP1CMxdHQFskDhH6DGGn5ys1To0F9HTU_LfL.uE-1715255607-1.0.1.1-4XyLI7sYtMq9.aJX9QW7RFbn_kdDKHP0rw6o22mQHPTDW1JrUDZfada0oW0TsIzlJIUrzW6W5zo4G6m4CIZdSQ |
|
cloudflare-ipfs.com/ | Name: c_check Value: enabled |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
account.juno.com
cloudflare-ipfs.com
store.juno.com
track.juno.com
webmail.uolstatic.com
104.17.96.13
64.136.45.178
64.136.53.32
64.136.53.68
64.136.53.83
002518b99d4b6301e81eed98543c9f8a8b459fca4222810b257ec5a24b7f606a
00d1f131e5622864f1b4eba30e315b6184dfb1f3ae452873c6da030084965c78
0856a6dd32e4bb7283e9ee5a16864a3455a483c53d9b3132852b910f2929a7b9
0a24d86f8db757c512ff637d91e3267085fa0be5a4a88daae0063af80fedaec5
2b4c6e154d4ce8a1a4d4970dcddb078f1d6480a8cd31d31a5db1e655435adfd4
5c5ac9a525fc89deff94641d337c75cf84ea8ec106d9bdbcb99453d3931adc68
5d9cfde10bdc06fb765e3c89753bc1d2eb97debaa266dcb23dabf01c630e000f
7e3a92a95d2535cba95fff5dd5cc9b6d370b27461f34815e72f4886f555128fa
83e8763c495ec64bcd1fda5113b5cb349eb7b2cd541a57ff102167a7c13deec6
8612f65941164b6564d4e374615270c7442da86e95220b564a3817c93ee201e9
a5e76956ee90e7bd8734dff6e2318022cd07e21425c0f58e2590563fb412f9a7
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
f5e6b14721cde30c590db55c88cb4ad24b5770e406b8af6a330828a40ad78156