cloudflare-ipfs.com
Open in
urlscan Pro
2606:4700::6811:600d
Malicious Activity!
Public Scan
Effective URL: https://cloudflare-ipfs.com/ipfs/bafkreignnbwtwhdnxh5wrr3bjhnmr5erj2xnhlma2hdgiyo6x6n6l3a4we
Submission: On February 27 via manual from IN — Scanned from DE
Summary
TLS certificate: Issued by E1 on February 25th 2024. Valid for: 3 months.
This is the only time cloudflare-ipfs.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 34.207.50.50 34.207.50.50 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 2606:4700::68... 2606:4700::6811:600d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
10 | 45.8.227.100 45.8.227.100 | 48254 (TWENTYI) (TWENTYI) | |
1 | 197.242.151.49 197.242.151.49 | 37611 (Afrihost) (Afrihost) | |
1 | 2a02:26f0:350... 2a02:26f0:3500:1b::1724:a38e | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
14 | 5 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-207-50-50.compute-1.amazonaws.com
kiwi-brave-boat.glitch.me |
ASN37611 (Afrihost, ZA)
PTR: convexchart1.dedicated.co.za
webmail.clyn.co.za |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
stackmail.com
www.stackmail.com |
264 KB |
1 |
bing.com
th.bing.com — Cisco Umbrella Rank: 214 |
9 KB |
1 |
clyn.co.za
webmail.clyn.co.za |
3 KB |
1 |
cloudflare-ipfs.com
cloudflare-ipfs.com |
3 KB |
1 |
glitch.me
kiwi-brave-boat.glitch.me |
559 B |
14 | 5 |
Domain | Requested by | |
---|---|---|
10 | www.stackmail.com |
cloudflare-ipfs.com
|
1 | th.bing.com |
cloudflare-ipfs.com
|
1 | webmail.clyn.co.za |
cloudflare-ipfs.com
|
1 | cloudflare-ipfs.com | |
1 | kiwi-brave-boat.glitch.me | |
14 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
glitch.com Amazon RSA 2048 M03 |
2023-12-04 - 2025-01-01 |
a year | crt.sh |
cloudflare-ipfs.com E1 |
2024-02-25 - 2024-05-25 |
3 months | crt.sh |
*.stackmail.com RapidSSL TLS RSA CA G1 |
2023-05-09 - 2024-06-08 |
a year | crt.sh |
clyn.co.za cPanel, Inc. Certification Authority |
2023-12-24 - 2024-03-23 |
3 months | crt.sh |
r.bing.com Microsoft Azure ECC TLS Issuing CA 05 |
2023-10-18 - 2024-06-27 |
8 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://cloudflare-ipfs.com/ipfs/bafkreignnbwtwhdnxh5wrr3bjhnmr5erj2xnhlma2hdgiyo6x6n6l3a4we
Frame ID: A70A844684DE4656BAFF1B8FE0411EE6
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
Webmail LoginPage URL History Show full URLs
- https://kiwi-brave-boat.glitch.me/ Page URL
- https://cloudflare-ipfs.com/ipfs/bafkreignnbwtwhdnxh5wrr3bjhnmr5erj2xnhlma2hdgiyo6x6n6l3a4we Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery UI (JavaScript Libraries) Expand
Detected patterns
- jquery-ui.*\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://kiwi-brave-boat.glitch.me/ Page URL
- https://cloudflare-ipfs.com/ipfs/bafkreignnbwtwhdnxh5wrr3bjhnmr5erj2xnhlma2hdgiyo6x6n6l3a4we Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
kiwi-brave-boat.glitch.me/ |
196 B 559 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
bafkreignnbwtwhdnxh5wrr3bjhnmr5erj2xnhlma2hdgiyo6x6n6l3a4we
cloudflare-ipfs.com/ipfs/ |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
www.stackmail.com/skins/elastic/deps/ |
157 KB 26 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
www.stackmail.com/skins/elastic/styles/ |
101 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-ui.css
www.stackmail.com/plugins/jqueryui/themes/elastic/ |
33 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
www.stackmail.com/program/js/ |
89 KB 32 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common.min.js
www.stackmail.com/program/js/ |
12 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.min.js
www.stackmail.com/program/js/ |
170 KB 51 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jstz.min.js
www.stackmail.com/program/js/ |
14 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-ui.min.js
www.stackmail.com/plugins/jqueryui/js/ |
254 KB 72 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
webmail-logo.svg
webmail.clyn.co.za/cPanel_magic_revision_1522251304/unprotected/cpanel/images/ |
5 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
th
th.bing.com/ |
8 KB 9 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.bundle.min.js
www.stackmail.com/skins/elastic/deps/ |
82 KB 23 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ui.min.js
www.stackmail.com/skins/elastic/ |
60 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)27 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery number| CONTROL_KEY number| SHIFT_KEY number| CONTROL_SHIFT_KEY function| roundcube_browser object| rcube_event function| rcube_event_engine function| rcube_check_email function| rcube_clone_object function| urlencode function| rcube_find_object function| rcube_mouse_is_over function| setCookie function| getCookie object| bw function| rcube_parse_query object| Base64 object| pattern function| rcube_webmail object| jstz object| rcmail undefined| element object| bootstrap function| rcube_elastic_ui function| __newInst object| UI1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cloudflare-ipfs.com/ | Name: __cf_bm Value: 9oaAko22bxPm7cCsf6sLrBHOpdXce7wT3ggRRgp.JfM-1709029587-1.0-ASyRSkYUUHeKoqtEULelT0WNvUDoLmVOy9+ZlkOis2gxsSK4lsZHHwxPcpTYcPL6B+DuMH4OPQwxOt6EiF8Ghok= |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cloudflare-ipfs.com
kiwi-brave-boat.glitch.me
th.bing.com
webmail.clyn.co.za
www.stackmail.com
197.242.151.49
2606:4700::6811:600d
2a02:26f0:3500:1b::1724:a38e
34.207.50.50
45.8.227.100
19b51730c10082760e6d9b82c1342e60855f98d2666c64e4eb758d26b1a0c840
2b7935accebcd1d8f4629f854c8b70a50c107cd7e2b9e75b707ddbafa007a1b1
3920ab3f4447ca12e1a4e4e9c48b0878ba9f742cbfc9b0063975e643addeb4fe
3cb5b7ae5053d743996378c35733560214d3d896ade5c0de0d8b13a97f43039e
5641ed21773230a8110279658abac57bb5b4abc7bf4091946c5e61e8f0021f55
59a4c9a75c48cf979e66c5641230bda0e15dfff292666e56ffb52a5a96d78834
5cdc6e632001b9614dba3952e9646f9adadc5e8eeeead130349712df745a8837
716ece8deb8412f7ec95ab395c92f6515bb8d8b792fd7480c014cdc6f063452a
85b2f3b581f149f013f76981f91e10519a609c1fa924c52df9efe677b94b4e84
998cd48cdc0414f694d0a3a299dd2beb1134769d5666c7e5567e7d20b4174ef8
ae0affeeba50d92b9cea4387176a63fd2b8669aac4e5771c1649a567ec455e9c
be3fb3fdbbc609e8cce13f5f57c13b3ce6ce38e12addc774064f306447feea2f
cd686d3b1c6db9fb68c76149dac8f4914eaed3ad80d1c66461debf9be5ec1cb1
e31b63f62d3dda0aeed0d1706e40d2728dc60adba73daab4cf96d9b911b11842