snip.ly
Open in
urlscan Pro
2606:4700:20::681a:720
Malicious Activity!
Public Scan
Submission: On September 26 via manual from IN — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 15th 2021. Valid for: a year.
This is the only time snip.ly was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sharepoint (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 2606:4700:20:... 2606:4700:20::681a:720 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700::68... 2606:4700::6810:125e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a00:1450:400... 2a00:1450:4001:813::200a | 15169 (GOOGLE) (GOOGLE) | |
3 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 169.46.89.154 169.46.89.154 | 36351 (SOFTLAYER) (SOFTLAYER) | |
1 | 206.190.215.254 206.190.215.254 | 32354 (UNWIRED) (UNWIRED) | |
2 | 2a00:1450:400... 2a00:1450:4001:831::200e | 15169 (GOOGLE) (GOOGLE) | |
2 | 2.18.233.88 2.18.233.88 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 2a00:1450:400... 2a00:1450:4001:80f::2003 | 15169 (GOOGLE) (GOOGLE) | |
18 | 9 |
ASN36351 (SOFTLAYER, US)
PTR: 9a.59.2ea9.ip4.static.sl-reverse.com
j0i433i512j69i59j0i512l2j69i60l-4384j0j9sourceid.us-south.cf.appdomain.cloud |
ASN32354 (UNWIRED, US)
PTR: s3.us-west-002.backblazeb2.com
034543987656789876545673456544567765678.s3.us-west-002.backblazeb2.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-88.deploy.static.akamaitechnologies.com
ffb2efd5105ff0aedbc9-9cdacdeebf0faa19b665bf427f0c8092.ssl.cf1.rackcdn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
snip.ly
snip.ly |
238 KB |
3 |
bootstrapcdn.com
netdna.bootstrapcdn.com |
53 KB |
2 |
rackcdn.com
ffb2efd5105ff0aedbc9-9cdacdeebf0faa19b665bf427f0c8092.ssl.cf1.rackcdn.com |
32 KB |
2 |
google-analytics.com
www.google-analytics.com |
20 KB |
2 |
googleapis.com
fonts.googleapis.com |
2 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com |
122 KB |
1 |
gstatic.com
fonts.gstatic.com |
44 KB |
1 |
backblazeb2.com
034543987656789876545673456544567765678.s3.us-west-002.backblazeb2.com |
610 KB |
1 |
appdomain.cloud
1 redirects
j0i433i512j69i59j0i512l2j69i60l-4384j0j9sourceid.us-south.cf.appdomain.cloud |
401 B |
18 | 9 |
Domain | Requested by | |
---|---|---|
5 | snip.ly |
snip.ly
cdnjs.cloudflare.com |
3 | netdna.bootstrapcdn.com |
snip.ly
netdna.bootstrapcdn.com |
2 | ffb2efd5105ff0aedbc9-9cdacdeebf0faa19b665bf427f0c8092.ssl.cf1.rackcdn.com |
snip.ly
|
2 | www.google-analytics.com |
snip.ly
www.google-analytics.com |
2 | fonts.googleapis.com |
snip.ly
|
2 | cdnjs.cloudflare.com |
snip.ly
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | 034543987656789876545673456544567765678.s3.us-west-002.backblazeb2.com |
snip.ly
|
1 | j0i433i512j69i59j0i512l2j69i60l-4384j0j9sourceid.us-south.cf.appdomain.cloud | 1 redirects |
18 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-06-15 - 2022-06-14 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-08-30 - 2021-11-22 |
3 months | crt.sh |
backblazeb2.com R3 |
2021-07-19 - 2021-10-17 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2021-08-30 - 2021-11-22 |
3 months | crt.sh |
*.ssl.cf1.rackcdn.com DigiCert SHA2 Secure Server CA |
2021-06-29 - 2022-07-07 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-08-30 - 2021-11-22 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
https://snip.ly/x0noc7
Frame ID: C6B1D23C56960E7BA4CFC0C02EFE0351
Requests: 5 HTTP requests in this frame
Frame:
https://034543987656789876545673456544567765678.s3.us-west-002.backblazeb2.com/index.html
Frame ID: 9E1F8C11A1D89214B219F34BC6D31102
Requests: 10 HTTP requests in this frame
Frame:
https://snip.ly/render/x0noc7/?_url=https%3A%2F%2Fsnip.ly%2Fx0noc7%23https%3A%2F%2F034543987656789876545673456544567765678.s3.us-west-002.backblazeb2.com%2Findex.html
Frame ID: F3089F166E96476CDE17EBF78083B01C
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
Share PointDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Analytics (Analytics) Expand
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- https://j0i433i512j69i59j0i512l2j69i60l-4384j0j9sourceid.us-south.cf.appdomain.cloud/index.html?utm_source=sniply&utm_campaign=sniply&utm_medium=sniply HTTP 302
- https://034543987656789876545673456544567765678.s3.us-west-002.backblazeb2.com/index.html
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
x0noc7
snip.ly/ |
325 KB 225 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/ |
242 KB 61 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
8 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
netdna.bootstrapcdn.com/font-awesome/4.0.3/css/ |
17 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
site.js
snip.ly/ |
11 KB 3 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.html
034543987656789876545673456544567765678.s3.us-west-002.backblazeb2.com/ Frame 9E1F Redirect Chain
|
609 KB 610 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
snip.ly/render/x0noc7/ Frame F308 |
47 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ Frame F308 |
8 KB 799 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
netdna.bootstrapcdn.com/font-awesome/4.0.3/css/ Frame F308 |
17 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/ Frame F308 |
242 KB 61 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ Frame F308 |
48 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_122x33.png
ffb2efd5105ff0aedbc9-9cdacdeebf0faa19b665bf427f0c8092.ssl.cf1.rackcdn.com/img/ Frame F308 |
20 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v26/ Frame F308 |
44 KB 44 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-webfont.woff
netdna.bootstrapcdn.com/font-awesome/4.0.3/fonts/ Frame F308 |
43 KB 44 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
x0noc7
snip.ly/api/cta/ Frame F308 |
957 B 931 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/j/ Frame F308 |
2 B 201 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
profile-placeholder.png
ffb2efd5105ff0aedbc9-9cdacdeebf0faa19b665bf427f0c8092.ssl.cf1.rackcdn.com/img/ Frame F308 |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
snip.ly/api/v2/views/ Frame F308 |
218 B 474 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 9E1F |
13 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 9E1F |
238 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 9E1F |
16 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 9E1F |
15 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 9E1F |
16 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 9E1F |
10 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 9E1F |
14 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 9E1F |
13 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 9E1F |
14 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sharepoint (Online)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery object| content_frame object| afs_ads_div function| tryAvoidFilters object| content_frame_observer object| sniply3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.snip.ly/ | Name: _ga Value: GA1.2.1985664534.1632621197 |
|
.snip.ly/ | Name: _gid Value: GA1.2.1226842521.1632621197 |
|
.snip.ly/ | Name: _gat Value: 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
034543987656789876545673456544567765678.s3.us-west-002.backblazeb2.com
cdnjs.cloudflare.com
ffb2efd5105ff0aedbc9-9cdacdeebf0faa19b665bf427f0c8092.ssl.cf1.rackcdn.com
fonts.googleapis.com
fonts.gstatic.com
j0i433i512j69i59j0i512l2j69i60l-4384j0j9sourceid.us-south.cf.appdomain.cloud
netdna.bootstrapcdn.com
snip.ly
www.google-analytics.com
169.46.89.154
2.18.233.88
206.190.215.254
2606:4700:20::681a:720
2606:4700::6810:125e
2606:4700::6812:bcf
2a00:1450:4001:80f::2003
2a00:1450:4001:813::200a
2a00:1450:4001:831::200e
03e701250890224c377b2c747ba9aef46b970682d5e5aca72f9dd037d5c89440
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
2ebbdc22426e8f776202e9a014e2a32c02d3e751001f19d664e3dc2678defbb7
3d28b1647011555b322ca6d78cda43aa12094e7ea3bb3adc2651edffd410132b
49cd32a9879d1d838209c2479057ec98c8db5a1151e0eea98ae3d405fe4aae28
4e0b9f04158e35c886fb6e31a2913a80015f4448db3397e46d44f7fe2f6da1ff
538dd4ff6e384a44155168326ac40a6c20a93cd212b1fbf88ae7b0c44f9ab0bd
57e18d40b40839e9a7a74d1fdcbe6983c5026354fb439b80d62a0c78aa7c8210
5d99ab2bf7dde6169ec2c7ccc7adaad852d17d33d9c40e1a6f4be538f9b1478a
670b9398865900d230eb044384791cdb5ba6bc1d5f16bca4111e908fd571cec7
6c69057e725d997345b91c70929d8062c459a206b7b371e6ebb7a9475a1eeffc
8b2f608e415cd292cb85d6199465f59fc88de24616ea2487a57034ca9f05587e
9bc072bee8f8653393501d1246e9ec6f47c317879594cc557b19e47270b3a3dc
9c51fd79e449c2d98fda0b1e8c225c08cbdd7d8368d96611e6641a1af758a38b
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8
b2215cce5830e2350b9d420271d9bd82340f664c3f60f0ea850f7e9c0392704e
c1357b6d937fe72d653b7d0f2f637578a5ae1010799d407af6b6c773a2d2ca2d
c4c803337c3a62a637f8946d4a0f23fcf26de1276bdb5a1ca6b24690e09a0117
d2668c50a423f55b36262bfd4bbd068261e9f06e86d226f0b42ab91dc11973c3
d9996d1cd780f411e637694c103886f81d2cef3acb58552e5674d285516ac52c
dc96459284a4f270495a97bedfce6ec876f12d193633650bf760a45966992b2a
fb9bc9abc0b60e10f8aa36a18a8db172302ca9004b7834585ce51420281576e3
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62