cloudflare-ipfs.com - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 1 HTTP transactions. The main IP is 2606:4700::6811:600d, located in United States and belongs to CLOUDFLARENET, US. The main domain is cloudflare-ipfs.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 29th 2022. Valid for: a year.

This is the only time cloudflare-ipfs.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Naver (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:600d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2

1 2a06:98c1:3121::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

megaurl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:600d (United States)

ASN13335 (CLOUDFLARENET, US)

cloudflare-ipfs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	cloudflare-ipfs.com cloudflare-ipfs.com	154 KB
1	megaurl.co 1 redirects megaurl.co	644 B
1	2

	Domain	Requested by
1	cloudflare-ipfs.com
1	megaurl.co	1 redirects
1	2

This site contains links to these domains. Also see Links.

Domain
www.naver.com
nid.naver.com
m.site.naver.com
help.naver.com
www.navercorp.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-11-29` - `2023-11-29`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://cloudflare-ipfs.com/ipfs/bafybeic7ojcsxql7flts2rgusi7ealwr537caajldzmqzakvhpqmoyfrdi/
Frame ID: CD39C52E37203EFE5D145A3AA0976C4C
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

네이버 : 로그인..

Page URL History Show full URLs

https://megaurl.co/123ys2v3tt7ypnj9tjh09thgay6rnwx5k72z2ld4dqz5xxuw3osx8uuoksma2grbi1kfvtbbmkqi... HTTP 301
https://cloudflare-ipfs.com/ipfs/bafybeic7ojcsxql7flts2rgusi7ealwr537caajldzmqzakvhpqmoyfrdi/ Page URL

Page Statistics

1
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

154 kB
Transfer

373 kB
Size

1
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://www.naver.com/
Title: 본문 바로가기

Search URL Search Domain Scan URL

URL: https://nid.naver.com/login/ext/help_ip3.html
Title: IP보안

Search URL Search Domain Scan URL

URL: https://nid.naver.com/user2/api/route?m=routePwInquiry&lang=ko_KR
Title: 비밀번호 찾기

Search URL Search Domain Scan URL

URL: https://nid.naver.com/user2/api/route?m=routeIdInquiry&lang=ko_KR
Title: 아이디 찾기

Search URL Search Domain Scan URL

URL: https://nid.naver.com/user2/V2Join?m=agree&lang=ko_KR
Title: 회원가입

Search URL Search Domain Scan URL

URL: https://m.site.naver.com/0PNGp

Search URL Search Domain Scan URL

URL: http://www.naver.com/rules/service.html
Title: 이용약관

Search URL Search Domain Scan URL

URL: http://www.naver.com/rules/privacy.html
Title: 개인정보처리방침

Search URL Search Domain Scan URL

URL: http://www.naver.com/rules/disclaimer.html
Title: 책임의 한계와 법적고지

Search URL Search Domain Scan URL

URL: https://help.naver.com/support/service/main.nhn?serviceNo=532
Title: 회원정보 고객센터

Search URL Search Domain Scan URL

URL: https://www.navercorp.com/
Title: 네이버

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://megaurl.co/123ys2v3tt7ypnj9tjh09thgay6rnwx5k72z2ld4dqz5xxuw3osx8uuoksma2grbi1kfvtbbmkqidr2f38km7c7yoz7dp9cczcb1t0nrkd9mxfgfjnpxe6lst8icqb6zc0yub30sfm7xetagz2efaq7e9cc5wju4hcudamoj5o2ljb8pmtwtpdpm81wpdiwu26p1psf0ih9zp1xgnqv1z8h43xurzudvew4eqi7vudvve810asr34rksibijz1swgy993xqpgk3ng2zse1gmn3jipi807sllkhohmsz92n6rzqg1gdv42w3vtktrsttaxqq199jehhjl3gwpkjkhpuiuem3k63d5w4r9xr0iv52h235zh5awq16twpmgawftzy9w3f8z00l2pt2fzsut60oxp6180g44egkg01kvvbbv8351r0cn1urezk1if7gc9ndhdmxai41xq1et4fiavcvlhwpzr3w7kc8egt4dpx5fs38qovkjbws03lnjzqm723vi2uncxl8pd14pz5z8js230uiwvfm631oskjp08bahhebc3ajrhhklzdayt1mntean3gr6johpvg7hiyxe4i7mokbydow4ihai3bgpwc92ozvtdnvjtzm6nelrhz61rwiajl525bk8ou6a6ear4zztgutobfop15r3ebgvy96k3iqggr0rawifd6jp8uodliec7grwthiw8sg01u4ic7lxf5o6xbmuvsy7d0267gcyur3qzncdj0v5wlbev5nscon86uu1vg7hex3a0o16vkpmszub5rvc41y47lrek8u3cl1doentwwecb6yk03wbtn9q9uftanxd9n7qs51932q7kvdyrvv27yuj79r4qm0kgovgwu1rdbihxgso0mduwzcqxenirl9r50n8u2ei7pzxz6nh1ozjszoo20e74v7l9sjuqnxaeawgpe0kigsz8lt6etulonwbg990fxxfc76s18r5951p1mqjzzsnjj9wgdndp3687snuh2ozwo5y3pfs04qcnsy7l62t6q7xjq9n44ymcqi53smvct0cp3utsjtmdr8rok2nz1xdjyynyc3mtv34lu5naan6190eklbvrlkx4ge90qnz4jjid6zbd8a26laonry9c90tdjjrxhzf0rj2o1ct4dobhhfjhwtek262ef9t78itkgfoi9sa043d76wttqdwwfvh8yib6t5y253qixtclr2dv7iext43wurova7hajq9qedw3v0138ld9tlnn8grit4kzfv9ppr03zh237lx9we5zrxj9emj3i649xspx36zwi8mjii6yv1hgob2unp9l3adrz6u40g4903q35xy0qnm593jr42351i0sxixkz5mbkbgz1yifsib3nuf2zqdb9cwicimkfw4nh72r29liwlst0rr1l2ucev4bqtad6qzedkospmn6nqkzwnsqs3g9ihk8lcg6wtgxd79zw349ro0nplqfshzfhr1m2du8fok0zlodyhjp5pe0714nbqk7nmm3kb889gt5l3r9koi5ij7tp7b6dyw9ohy1hdpfgio6iqi2hi9q09eub78r7eekpirihz0wy0xadxujutkulduvhv4wc6jcndd0sos5svwvx3l5brs2oq20abkhez1e7h01c7fax9vjjcicp3j0g2h8s83vo4lrkejs66xhonm7lsmjqbn5ifwtpc9r462uqojdiz7tz9nsor4zhv9k9r6nzexptnqraivosk25ywfscn6o2zbwfh5zmtojutcd0j0xdmp85rxo3922gp02cqwvsp8u4pgie06q6em6klni8ybl2anyg6pryck1oobyvalz5kksdzdteeyt2uv1wlz0kpwk3a8hv1w1sbmhzjydg5nmcdgnda9pqlsu61xk4694zo0if3suvu2uxq7oh02o2pj4rlkp7l2r4agmlgyta4q8sp1a97jwaul9g943mavh6yrm4wzlc43fvse3ote/f152dc78a674cbda041ab1501a8e5e1b HTTP 301
https://cloudflare-ipfs.com/ipfs/bafybeic7ojcsxql7flts2rgusi7ealwr537caajldzmqzakvhpqmoyfrdi/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response cloudflare-ipfs.com/ipfs/bafybeic7ojcsxql7flts2rgusi7ealwr537caajldzmqzakvhpqmoyfrdi/ Redirect Chain https://megaurl.co/123ys2v3tt7ypnj9tjh09thgay6rnwx5k72z2ld4dqz5xxuw3osx8uuoksma2grbi1kfvtbbmkqidr2f38km7c7yoz7dp9cczcb1t0nrkd9mxfgfjnpxe6lst8icqb6zc0yub30sfm7xetagz2efaq7e9cc5wju4hcudamoj5o2ljb8pmt... https://cloudflare-ipfs.com/ipfs/bafybeic7ojcsxql7flts2rgusi7ealwr537caajldzmqzakvhpqmoyfrdi/	221 KB 154 KB	359ms 301ms	Document text/html	2606:4700::6811:600d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cloudflare-ipfs.com/ipfs/bafybeic7ojcsxql7flts2rgusi7ealwr537caajldzmqzakvhpqmoyfrdi/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:600d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4a596ab900fb1a68e014ef6baf728c1a8e0ac58189655ef6a58ebfa02436b4d2` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers access-control-allow-headers Content-Type Range User-Agent X-Requested-With access-control-allow-methods GET access-control-allow-origin * access-control-expose-headers Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output age 49191 alt-svc h3=":443"; ma=86400 cache-control public, max-age=29030400, immutable cf-cache-status HIT cf-ray 7fe6c21cbbc69205-FRA content-encoding br content-type text/html date Tue, 29 Aug 2023 18:11:45 GMT etag W/"bafybeic7ojcsxql7flts2rgusi7ealwr537caajldzmqzakvhpqmoyfrdi" server cloudflare vary Accept-Encoding x-cf-ipfs-cache-status hit x-ipfs-path /ipfs/bafybeic7ojcsxql7flts2rgusi7ealwr537caajldzmqzakvhpqmoyfrdi/ x-ipfs-roots bafybeic7ojcsxql7flts2rgusi7ealwr537caajldzmqzakvhpqmoyfrdi Redirect headers alt-svc h3=":443"; ma=86400 cache-control no-cache cf-cache-status DYNAMIC cf-ray 7fe6c219bb3a6943-FRA content-type text/html; charset=utf-8 date Tue, 29 Aug 2023 18:11:44 GMT location https://cloudflare-ipfs.com/ipfs/bafybeic7ojcsxql7flts2rgusi7ealwr537caajldzmqzakvhpqmoyfrdi/ nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=26gI%2BJcUOwRLyUSdsWl1wh4P%2BpsoA%2BnkQGeFUgrmV9xDCwUAfKRwtk3nts%2FwlGCoutnT12czmeSysAkdS%2BWzlBRl4I6bIGrCt7Qh0e29OzQ2qdI7YOylMuB4En4SVRWSx5jv19GkXVZg"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=31536000 via 1.1 vegur x-content-type-options nosniff x-frame-options SAMEORIGIN x-request-id 8682f8f8-baa5-4353-a8d5-5678df731307 x-runtime 0.035202 x-xss-protection 1; mode=block
GET DATA	200 OK	truncated /	13 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8a92d63d31496759a0f4938e99d55e01f1d12893572e0953167faa3481b91cfb` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	75 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f58f114b9d173c25cc4bb0139fbc52a62a6b868cbb0fbb9b456fc346696a807f` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	65 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d9e8bb6edada840a04fab1e17e14596fb9fcdea4019297a8596e887183829efc` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Content-Type image/jpeg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Naver (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			cloudflare-ipfs.com/	1970-01-20 14:22:14	Name: __cf_bm Value: UnzaGPQ6W2qr0HU4TVjquNBevAMEAbXvDnB9HfgHxv8-1693332705-0-AXxYkWRLYnpusk28/tov0VHSsDWzeGgatRtwnfmg5uyWgKYRVw4Sa6YkmUOhci5nWa5boTPLfB+ZoiCJCnVr0XI=

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cloudflare-ipfs.com
megaurl.co
2606:4700::6811:600d
2a06:98c1:3121::3
4a596ab900fb1a68e014ef6baf728c1a8e0ac58189655ef6a58ebfa02436b4d2
8a92d63d31496759a0f4938e99d55e01f1d12893572e0953167faa3481b91cfb
d9e8bb6edada840a04fab1e17e14596fb9fcdea4019297a8596e887183829efc
f58f114b9d173c25cc4bb0139fbc52a62a6b868cbb0fbb9b456fc346696a807f

cloudflare-ipfs.com Open in urlscan Pro 2606:4700::6811:600d Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

1 Requests

100 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

154 kBTransfer

373 kBSize

1 Cookies

11 Outgoing links

Page URL History

Redirected requests

1 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

1 Cookies

Indicators

cloudflare-ipfs.com Open in urlscan Pro
2606:4700::6811:600d Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

1
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

154 kB
Transfer

373 kB
Size

1
Cookies

1 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!