cloudflare-ipfs.com
Open in
urlscan Pro
104.17.96.13
Malicious Activity!
Public Scan
Submission: On May 17 via api from LU — Scanned from DE
Summary
TLS certificate: Issued by E1 on April 24th 2024. Valid for: 3 months.
This is the only time cloudflare-ipfs.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 104.17.96.13 104.17.96.13 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.17.25.14 104.17.25.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a04:4e42:400... 2a04:4e42:400::649 | 54113 (FASTLY) (FASTLY) | |
2 | 2a00:1450:400... 2a00:1450:4001:831::2001 | 15169 (GOOGLE) (GOOGLE) | |
6 | 5 |
ASN15169 (GOOGLE, US)
lh3.googleusercontent.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
googleusercontent.com
lh3.googleusercontent.com — Cisco Umbrella Rank: 44 |
193 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 776 |
78 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 237 |
14 KB |
1 |
cloudflare-ipfs.com
cloudflare-ipfs.com |
40 KB |
0 |
lkalzzop.online
Failed
lkalzzop.online Failed |
|
6 | 5 |
Domain | Requested by | |
---|---|---|
2 | lh3.googleusercontent.com | |
1 | code.jquery.com |
cloudflare-ipfs.com
|
1 | cdnjs.cloudflare.com |
cloudflare-ipfs.com
|
1 | cloudflare-ipfs.com | |
0 | lkalzzop.online Failed |
code.jquery.com
|
6 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
cloudflare-ipfs.com E1 |
2024-04-24 - 2024-07-23 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
*.googleusercontent.com WR2 |
2024-05-06 - 2024-07-29 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://cloudflare-ipfs.com/ipfs/bafkreienbn3rwmlicdpwtwmt3gbeb7qvlb3dlpnuidsf3j6dnxf67mtbyy
Frame ID: 7B2F30185CF31671C838ADEB258C34B2
Requests: 6 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
bafkreienbn3rwmlicdpwtwmt3gbeb7qvlb3dlpnuidsf3j6dnxf67mtbyy
cloudflare-ipfs.com/ipfs/ |
58 KB 40 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
crypto-js.min.js
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/ |
47 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.9.1.js
code.jquery.com/ |
262 KB 78 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AJFCJaXhZo6cUCNh1ssNQzSV3jc1ppd5Vt2HN5GjHL82rJR25OrOigrMWVvBpwQN6BD4T_qHdwh2spOZ9bKA-BqcHsttYMUy5sxc-E99nKe9pgDJsCX0icydpRhjm97W_S4_6cism2sTCOp-Oxa807yjCEw=w1580-h720-s-no
lh3.googleusercontent.com/pw/ |
192 KB 193 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AMWts8CjWLE-4lSHnzZVyyi38RiG_iHUev92wvk3GXVlZur4_v68tJc5TxPcsfc6Vo4P2_Sa5_Dg4wBjO9x0q0xYFQKyjpg1zURhvOLxyPhDhPJg_Z8XDFduSWtavIhhZp_z9dX4zrOp2jk9GCWUmL_6qus=s128-no
lh3.googleusercontent.com/pw/ |
330 B 646 B |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
/
lkalzzop.online/obufsssssssscaaatoion/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- lkalzzop.online
- URL
- https://lkalzzop.online/obufsssssssscaaatoion/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)311 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| hNbVgqgF string| WOWAzKDP string| BEymRobw string| ATBzuakK string| ZltjRavS string| baXxGlUn string| KMFQdXOR string| SbhcDLek string| gvYKVeFd string| VyRDqRfW string| NJhDIIQG string| nkyUskRy string| LLfPpGAd string| HqkjqfFb string| LnIvCDvm string| QJhuYalH string| KmjfcsbV string| BCyEJcLk string| crnfhvTe string| tQsdmyiK string| zXDFUEcb string| FbRpEngJ string| JcwdHFqv string| Mfhwtptx string| BiPtKsiE string| VJKwqTgC string| gkxWiNrd string| nhhpgrUL string| vcqfKosl string| vYUvFgNu string| mlFkUTwn string| jRoLGfON string| YZcQCXWr string| JYKCxwzj string| jWZYTgoX string| sXQdLGMp string| dVlBLHBx string| PZKYyLpX string| qHSGxYns string| XhhylySZ string| prwuSzEa string| VlpchTfD string| myTbHHvW string| kfzvgprq string| yhoTJXvd string| htJPtImm string| kdExkJTu string| BDElbgZZ string| GoSilxrz string| tpTEvVaV string| VRYbVrvr string| SaIDrFny string| GIAkBdUw string| oSAeooUS string| zarrYWWT string| AemarkJP string| WJfGvUJI string| bXOwHMTg string| zTTgbBoZ string| KyZrsOAy string| TRrsphPH string| NqVARTXB string| QTnTHWMi string| GucdHmdC string| CVLxtMxF string| PUKVjTvy string| fjgcGkuJ string| zqIoThxI string| GpRVesaM string| APYaPFPG string| gSSLtnSr string| RpWEtDJM string| GzFBJhnB string| mpDIaFGo string| nBnLMcGE string| otqDKJGQ string| PylINohV string| AsbgEcDh string| fRNcwddx string| JuHHsLqb string| nYbqexMr string| grzzJbCE string| IqWhPOmr string| fIYrNqwZ string| uVmVykli string| bonuSNlt string| kBHaGOks string| OhfbwLAC string| fnmlgHBG string| yZWgmiCb string| seVsVyRZ string| GhZmTNhe string| srORyziE string| vJqMXZeR string| GjzTLRgt string| SQGXIUXa string| cvsHGnmX string| hxeWOXsj string| YSBWQJln string| fGFzKztM string| BmtnbzAt string| qrnRkYCP string| dJBCngya string| phPgIoAe string| ddrZkbqF string| wCTwokdm string| pLhTnpGW string| JYlifOQl string| GQCplqOM string| zetmBxpg string| pjOFPtzz string| TQbdjQHv string| WwZlontW string| PYPLLKDt string| mXsdbEDu string| JePNtTPD string| sqjvKuFa string| GriwBvOD string| FrSrHiui string| zUSbMslM string| iDqvRgVY string| bcrklcEh string| NrEsnBqY string| yPDpVWQi string| rtWEdgEH string| EtYUgkJQ string| oeuDBZOL string| RBmfjKlE string| UQsmqIHq string| VqIwrFmr string| izQJXRcW string| LdljkJmM string| GkGjTmYa string| mAuZAoAI string| DXnvWYmb string| iWcursjM string| RnWnsXSB string| ntuaGhWb string| jDTAkoJI string| xclTundI string| oihLtdTi string| bsaVYFUY string| jpqQCDzv string| CIKOCuzk string| MPwqLKVg string| YGUtByES string| XTfLWWWL string| WeScmIht string| oYjDEEPc string| mYrtWqXE string| wdXVCdYa string| CdUIudnJ string| cqsymbwl string| GDiTrZTY string| CyLgPgKW string| NBCGKzaU string| GVCagVmV object| CryptoJS object| decrypted object| key function| _0x3d4b function| _0x3d9170 function| _0x4ab417 function| _0x464327 function| _0x204ad7 function| _0x766e68 function| _0x2ae988 function| _0x1b9a44 function| _0xd45be7 function| _0x307fc8 function| _0x27fe3e function| _0x4559c0 function| _0x4bbe86 function| _0x1e8ec8 function| _0x5355be function| _0xd1f941 function| _0x21654f function| _0x5efb94 function| _0x52957a function| _0x137590 function| _0x613c37 function| _0x249344 function| _0x2a9fec function| _0x18fa61 function| _0x21aa3c function| _0x43c50c function| _0x172554 function| _0x44d0a3 function| _0x3737f6 function| _0x4fd9f3 function| _0x27334b function| _0x3b9b8c function| _0x4fafec function| _0xfdf878 function| _0x6cac41 function| _0x4af0a0 function| _0x3f2b60 function| _0x32320f function| _0x5204bc function| _0x4e58f6 function| _0x5f5de3 function| _0x3a3696 function| _0x2272b4 function| _0x444788 function| _0x94e4b2 function| _0x3fe756 function| _0x1f234e function| _0x53d68d function| _0xd95145 function| _0x1848f0 function| _0x39b23b function| _0x2d896f function| _0x54fc68 function| _0x3d3264 function| _0x130e9f function| _0x4b8362 function| _0x217d73 function| _0x82fcde function| _0x1de470 function| _0x1ab60b function| _0x312c11 function| _0x135252 function| _0x527cb2 function| _0x58d0bb function| _0x60746b function| _0xeb5be3 function| _0x8f1a13 function| _0x372f56 function| _0xcffbd1 function| _0xc0aa5a function| _0x10e0a7 function| _0x2dae75 function| _0x4cad01 function| _0xa4e0b9 function| _0x40a722 function| _0x2a982a function| _0x432a0d function| _0x45f3ce function| _0x2f0c59 function| _0x1cb8f3 function| _0x66ec9f function| _0x42418e function| _0x398135 function| _0x300bd1 function| _0x267feb function| _0x14d1dd function| _0x5e1ac8 function| _0x579fff function| _0x16d620 function| _0x1d3c03 function| _0x586b79 function| _0x247b18 function| _0x5655e6 function| _0x1aa5a0 function| _0x46ff49 function| _0x1a4da3 function| _0x552377 function| _0x36028b function| _0x2c761c function| _0x7238ad function| _0x5e5047 function| _0x1d31c4 function| _0x110f51 function| _0x60f5f3 function| _0x78fc36 function| _0x5f238a function| _0x3c6fa5 function| _0x161418 function| _0x19e099 function| _0x222575 function| _0x34d3b4 function| _0x137edf function| _0x2eea03 function| _0xe5dd1b function| _0x400417 function| _0x353f7c function| _0x2ade3e function| _0xf333fe function| _0x1a8ed5 function| _0x43209b function| _0x243644 function| _0x5ce290 function| _0x5ac300 function| _0x3f27f4 function| _0x49cf71 function| _0x1fefd4 function| _0x5d29e6 function| _0x4a166e function| _0x57be0f function| _0x139317 function| _0x12a9b2 function| _0x4f3350 function| _0x26ef5f function| _0x5a10ef function| _0x4b92ae function| _0x266d79 function| _0x48a83b function| _0x37eb11 function| _0x25eb66 function| _0x5dc465 function| _0x1456d9 function| _0x3b23 object| _0xa53e string| IGOBZL string| cbbg string| kaka90nal string| ka45k459final2 string| kak0011afinal number| countttingerr function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cloudflare-ipfs.com/ | Name: __cf_bm Value: Oz3ZjAfz8ThSz3xRK2.CY9j3ijFVw1DV0fpSQp2wqpw-1715916200-1.0.1.1-F82scgg52MYBfJFW_RmvhLz5QFzkTyFI3ayzGeyt6.mVRCKEzvd4BB3ENh__AZc51mRyzKYJUWiaAemyjD9V2w |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
cloudflare-ipfs.com
code.jquery.com
lh3.googleusercontent.com
lkalzzop.online
lkalzzop.online
104.17.25.14
104.17.96.13
2a00:1450:4001:831::2001
2a04:4e42:400::649
7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40
8d0b771b316810df69d993d98240fe15587635bdb440e45da7c36dcbefb261c6
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
c51ecfdbb39612d629bbbfa57896c63dc52971d7bcf78f1795944be16274a8eb
fea8fbaec75213e1af8005edfcdc94e7b5d7dca6ddb4e262d66e4756bda96d54