ipfs.io
Open in
urlscan Pro
209.94.90.1
Malicious Activity!
Public Scan
Effective URL: https://ipfs.io/ipfs/bafkreic3yupbfkhmpxbmjpy7hlrpn3s6bb2fbt2afyjizud6dor2c6yxcm
Submission: On May 17 via api from LU — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on April 16th 2024. Valid for: 3 months.
This is the only time ipfs.io was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 209.94.90.1 209.94.90.1 | 40680 (PROTOCOL) (PROTOCOL) | |
1 | 104.17.24.14 104.17.24.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a04:4e42:200... 2a04:4e42:200::649 | 54113 (FASTLY) (FASTLY) | |
2 | 2a00:1450:400... 2a00:1450:4001:812::2001 | 15169 (GOOGLE) (GOOGLE) | |
6 | 5 |
ASN15169 (GOOGLE, US)
lh3.googleusercontent.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
googleusercontent.com
lh3.googleusercontent.com — Cisco Umbrella Rank: 44 |
193 KB |
2 |
ipfs.io
1 redirects
gateway.ipfs.io — Cisco Umbrella Rank: 316196 ipfs.io — Cisco Umbrella Rank: 65949 |
30 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 776 |
78 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 237 |
14 KB |
0 |
lopapscop.ws
Failed
ob0usmzfroj.lopapscop.ws Failed |
|
6 | 5 |
Domain | Requested by | |
---|---|---|
2 | lh3.googleusercontent.com | |
1 | code.jquery.com |
ipfs.io
|
1 | cdnjs.cloudflare.com |
ipfs.io
|
1 | ipfs.io | |
1 | gateway.ipfs.io | 1 redirects |
0 | ob0usmzfroj.lopapscop.ws Failed |
code.jquery.com
|
6 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ipfs.io GTS CA 1P5 |
2024-04-16 - 2024-07-15 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
*.googleusercontent.com WR2 |
2024-05-06 - 2024-07-29 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ipfs.io/ipfs/bafkreic3yupbfkhmpxbmjpy7hlrpn3s6bb2fbt2afyjizud6dor2c6yxcm
Frame ID: 55DC738870D0F5D8F542E30531566350
Requests: 6 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://gateway.ipfs.io/ipfs/bafkreic3yupbfkhmpxbmjpy7hlrpn3s6bb2fbt2afyjizud6dor2c6yxcm
HTTP 301
https://ipfs.io/ipfs/bafkreic3yupbfkhmpxbmjpy7hlrpn3s6bb2fbt2afyjizud6dor2c6yxcm Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://gateway.ipfs.io/ipfs/bafkreic3yupbfkhmpxbmjpy7hlrpn3s6bb2fbt2afyjizud6dor2c6yxcm
HTTP 301
https://ipfs.io/ipfs/bafkreic3yupbfkhmpxbmjpy7hlrpn3s6bb2fbt2afyjizud6dor2c6yxcm Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
bafkreic3yupbfkhmpxbmjpy7hlrpn3s6bb2fbt2afyjizud6dor2c6yxcm
ipfs.io/ipfs/ Redirect Chain
|
39 KB 30 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
crypto-js.min.js
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/ |
47 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.9.1.js
code.jquery.com/ |
262 KB 78 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AJFCJaXhZo6cUCNh1ssNQzSV3jc1ppd5Vt2HN5GjHL82rJR25OrOigrMWVvBpwQN6BD4T_qHdwh2spOZ9bKA-BqcHsttYMUy5sxc-E99nKe9pgDJsCX0icydpRhjm97W_S4_6cism2sTCOp-Oxa807yjCEw=w1580-h720-s-no
lh3.googleusercontent.com/pw/ |
192 KB 193 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AMWts8CjWLE-4lSHnzZVyyi38RiG_iHUev92wvk3GXVlZur4_v68tJc5TxPcsfc6Vo4P2_Sa5_Dg4wBjO9x0q0xYFQKyjpg1zURhvOLxyPhDhPJg_Z8XDFduSWtavIhhZp_z9dX4zrOp2jk9GCWUmL_6qus=s128-no
lh3.googleusercontent.com/pw/ |
330 B 647 B |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
/
ob0usmzfroj.lopapscop.ws/obufsssssssscaaatoion/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- ob0usmzfroj.lopapscop.ws
- URL
- https://ob0usmzfroj.lopapscop.ws/obufsssssssscaaatoion/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)149 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| CryptoJS string| HIcbQbCY function| _0xc1681e function| _0x2429f4 function| _0xd030e9 function| _0xc13dc5 function| _0x3d3c7c function| _0x3b8271 function| _0xd74b4b function| _0x5ac71c function| _0x3647a0 function| _0x1d08da function| _0x49bee6 function| _0x40e26f function| _0xe3eb1 function| _0x159e47 function| _0x4f6a7e function| _0x177aa7 function| _0x2910cb function| _0x472abb function| _0x3c0da9 function| _0xa33610 function| _0x390946 function| _0x1d7061 function| _0x441e0a function| _0x23a8f6 function| _0x431bbb function| _0xfd83ef function| _0x399dcd function| _0x1370db function| _0x1f0b31 function| _0x2677ba function| _0x9798d3 function| _0x2b252c function| _0x161dbe function| _0x3d08cf function| _0x148460 function| _0x26cfae function| _0x541e92 function| _0x45f069 function| _0xe26be function| _0x17a865 function| _0x5dd4cb function| _0x49d05e function| _0x5a59fd function| _0x1fb5b5 function| _0x46102a function| _0x5ce20f function| _0xc6fdfb function| _0x4b1736 function| _0x6aedad function| _0x528436 function| _0x3b58f2 function| _0x188021 function| _0x182604 function| _0x38cb22 function| _0x30cdf4 function| _0x398ca4 function| _0x1791df function| _0x24f870 function| _0x59f3ce function| _0x9d5afe function| _0x55bc4b function| _0x1e9c4d function| _0x1d6864 function| _0x440c6c function| _0x5c81e5 function| _0x3e6117 function| _0x1540f9 function| _0x558a28 function| _0x22fe1b function| _0x2db4a1 function| _0x9c0e9 function| _0x1e8bf9 function| _0x25b3e9 function| _0x256150 function| _0x2d73e3 function| _0x526962 function| _0xa064a6 function| _0x141450 function| _0x339d62 function| _0x56c556 function| _0x38950f function| _0x2bbda7 function| _0x4a2244 function| _0x3a1dcb function| _0x427af3 function| _0x2d5a74 function| _0x4e6479 function| _0x3ba424 function| _0x555936 function| _0x9e482 function| _0x2689bb function| _0x571011 function| _0x454523 function| _0x113a12 function| _0x4bae81 function| _0x12b948 function| _0x569243 function| _0x9212e7 function| _0x18fd5f function| _0x4055b8 function| _0x48d45e function| _0x31dda4 function| _0x4e57b4 function| _0x351cfe function| _0x145269 function| _0x284511 function| _0x183d96 function| _0x32cdcb function| _0xa74090 function| _0x180af9 function| _0x2f0794 function| _0x2db320 function| _0x1bd6db function| _0x54d94e function| _0x44b25f function| _0x5d8fe2 function| _0x323d3f function| _0x313da4 function| _0x2d83c4 function| _0x2934ad function| _0x26ca4a function| _0x5324ca function| _0xb25122 function| _0x2a80d9 function| _0x1d3af7 function| _0x4f23ee function| _0x37f4fc function| _0x1238cf function| _0x21ccea function| _0x45d9d5 function| _0x259f52 function| _0xe72f58 function| _0xa4031d function| _0x1fce6b function| _0x4fccdc function| _0x5cab00 function| _0x34e4 function| _0x304c object| _0x2720 string| IGOBZL string| cbbg string| kaka90nal string| ka45k459final2 string| kak0011afinal number| countttingerr function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
code.jquery.com
gateway.ipfs.io
ipfs.io
lh3.googleusercontent.com
ob0usmzfroj.lopapscop.ws
ob0usmzfroj.lopapscop.ws
104.17.24.14
209.94.90.1
2a00:1450:4001:812::2001
2a04:4e42:200::649
5bc51e12a8ec7dc2c4bf1f3ae2f6ee5e087450cf402e128cd07e1ba3a17b1713
7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
c51ecfdbb39612d629bbbfa57896c63dc52971d7bcf78f1795944be16274a8eb
fea8fbaec75213e1af8005edfcdc94e7b5d7dca6ddb4e262d66e4756bda96d54