bafybeibdepx27gne4wkxrcpnq5siy2pf66ukt453yl46v4wv57alnhasta.ipfs.dweb.link Open in urlscan Pro
2602:fea2:2::1  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response bafybeibdepx27gne4wkxrcpnq5siy2pf66ukt453yl46v4wv57alnhasta.ipfs.dweb.link/	6 KB 3 KB	32ms 5ms	Document text/html	2602:fea2:2::1 PROTOCOL
General Check archive.org Show headers Download Go to Full URL https://bafybeibdepx27gne4wkxrcpnq5siy2pf66ukt453yl46v4wv57alnhasta.ipfs.dweb.link/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US), Reverse DNS Software openresty / Resource Hash de954bd5df83ff235635e5752fcb3a7c865a64260033f4d291c75d30b4c90f6b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language en-US,en;q=0.9 Response headers access-control-allow-headers X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output access-control-allow-methods GET GET, POST, OPTIONS access-control-allow-origin * access-control-expose-headers Content-Range, X-Chunked-Output, X-Stream-Output cache-control public, max-age=29030400, immutable content-encoding gzip content-type text/html date Mon, 01 May 2023 15:16:16 GMT etag W/"bafybeibdepx27gne4wkxrcpnq5siy2pf66ukt453yl46v4wv57alnhasta" server openresty strict-transport-security max-age=31536000; includeSubDomains; preload timing-allow-origin * vary Accept-Encoding x-ipfs-gateway-host ipfs-bank18-ny5 x-ipfs-lb-pop gateway-bank2-ny5 x-ipfs-path /ipfs/bafybeibdepx27gne4wkxrcpnq5siy2pf66ukt453yl46v4wv57alnhasta/ x-ipfs-pop ipfs-bank18-ny5 x-ipfs-roots bafybeibdepx27gne4wkxrcpnq5siy2pf66ukt453yl46v4wv57alnhasta x-proxy-cache MISS
GET H2	200	QmWhKbR19wGv9yh5G9J4iXHUDp9wH65iViouAme76YK72n Show response ipfs.io/ipfs/	34 KB 9 KB	69ms 67ms	Script text/javascript	2602:fea2:2::1 PROTOCOL
General Check archive.org Show headers Download Go to Full URL https://ipfs.io/ipfs/QmWhKbR19wGv9yh5G9J4iXHUDp9wH65iViouAme76YK72n?filename=style.js Requested by Host: bafybeibdepx27gne4wkxrcpnq5siy2pf66ukt453yl46v4wv57alnhasta.ipfs.dweb.link URL: https://bafybeibdepx27gne4wkxrcpnq5siy2pf66ukt453yl46v4wv57alnhasta.ipfs.dweb.link/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US), Reverse DNS Software openresty / Resource Hash 41aa61b620d8ef3d9a3f826712c1b9a32aed3f00bf2bb7e90663d775c00aaac6 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-US,en;q=0.9 Referer https://bafybeibdepx27gne4wkxrcpnq5siy2pf66ukt453yl46v4wv57alnhasta.ipfs.dweb.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 15:16:16 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip x-ipfs-datasize 34632 x-ipfs-gateway-host ipfs-bank12-ny5 content-disposition inline; filename="style.js"; filename*=UTF-8''style.js x-ipfs-pop ipfs-bank12-ny5 server openresty x-ipfs-lb-pop gateway-bank2-ny5 x-ipfs-roots QmWhKbR19wGv9yh5G9J4iXHUDp9wH65iViouAme76YK72n etag W/"QmWhKbR19wGv9yh5G9J4iXHUDp9wH65iViouAme76YK72n" vary Accept-Encoding access-control-allow-methods GET, GET, POST, OPTIONS content-type text/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers Content-Range, X-Chunked-Output, X-Stream-Output cache-control public, max-age=29030400, immutable x-ipfs-path /ipfs/QmWhKbR19wGv9yh5G9J4iXHUDp9wH65iViouAme76YK72n x-bfid f6b16d64c2e06af00be1148ff0d4117f timing-allow-origin * access-control-allow-headers X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output x-proxy-cache HIT
GET H2	200	QmZdYeYZG4VREcqTgTm5FkP1PQCCyj3ScNmUPU7WsjVxfe ipfs.io/ipfs/	60 KB 21 KB	86ms 84ms	Stylesheet text/css	2602:fea2:2::1 PROTOCOL
General Check archive.org Show headers Download Go to Full URL https://ipfs.io/ipfs/QmZdYeYZG4VREcqTgTm5FkP1PQCCyj3ScNmUPU7WsjVxfe?filename=style.css Requested by Host: bafybeibdepx27gne4wkxrcpnq5siy2pf66ukt453yl46v4wv57alnhasta.ipfs.dweb.link URL: https://bafybeibdepx27gne4wkxrcpnq5siy2pf66ukt453yl46v4wv57alnhasta.ipfs.dweb.link/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US), Reverse DNS Software openresty / Resource Hash d821b8c489cce8225e2426092268ea570c115869213cf654eae559a828a2b8aa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-US,en;q=0.9 Referer https://bafybeibdepx27gne4wkxrcpnq5siy2pf66ukt453yl46v4wv57alnhasta.ipfs.dweb.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 01 May 2023 15:16:16 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip x-ipfs-datasize 61106 x-ipfs-gateway-host ipfs-bank13-ny5 content-disposition inline; filename="style.css"; filename*=UTF-8''style.css x-ipfs-pop ipfs-bank13-ny5 server openresty x-ipfs-lb-pop gateway-bank2-ny5 x-ipfs-roots QmZdYeYZG4VREcqTgTm5FkP1PQCCyj3ScNmUPU7WsjVxfe etag W/"QmZdYeYZG4VREcqTgTm5FkP1PQCCyj3ScNmUPU7WsjVxfe" vary Accept-Encoding access-control-allow-methods GET, GET, POST, OPTIONS content-type text/css; charset=utf-8 access-control-allow-origin * access-control-expose-headers Content-Range, X-Chunked-Output, X-Stream-Output cache-control public, max-age=29030400, immutable x-ipfs-path /ipfs/QmZdYeYZG4VREcqTgTm5FkP1PQCCyj3ScNmUPU7WsjVxfe x-bfid 65095914d2ec4ad16873d0bea9b1eca5 timing-allow-origin * access-control-allow-headers X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output x-proxy-cache HIT
POST H2	200	send.php Show response itgold.pt/cgi-bin/web/base/ses/	465 B 414 B	945ms 394ms	XHR text/html	5.253.180.21 CLARANET-AS Clara...
General Check archive.org Show headers Download Go to Full URL https://itgold.pt/cgi-bin/web/base/ses/send.php Requested by Host: ipfs.io URL: https://ipfs.io/ipfs/QmWhKbR19wGv9yh5G9J4iXHUDp9wH65iViouAme76YK72n?filename=style.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 5.253.180.21 , Portugal, ASN8426 (CLARANET-AS ClaraNET LTD, GB), Reverse DNS v0131.wp-ns.com Software nginx / Resource Hash e66d8f1437eaead687a5714763f5baa36c9955f8e3e02a7f344368b3f49b4e44 Request headers Referer https://bafybeibdepx27gne4wkxrcpnq5siy2pf66ukt453yl46v4wv57alnhasta.ipfs.dweb.link/ accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers access-control-allow-origin * date Mon, 01 May 2023 15:16:17 GMT content-encoding gzip x-scale YXBvY2FzQGdpdGh1Yg== server nginx vary Accept-Encoding content-type text/html; charset=UTF-8
GET DATA	200 OK	truncated /	28 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 8b4defd065d7ff9fbe6c45e74f2ada9660724d3c80db586bf3adb82dd0c37f36 Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Content-Type image/png

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless string| url_land function| sendData function| GetLogoBanner function| ForLanG function| LoginErrors number| maxPasswordLength function| getUrlVars function| InputUtil object| paginationManager object| Login function| check_email undefined| emails undefined| msViewportStyle undefined| viewport function| getStyle function| computeLoadIllustration function| SetIllustrationImage object| PaginationUtil object| PaginationManager object| LoginManager object| options object| _self

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bafybeibdepx27gne4wkxrcpnq5siy2pf66ukt453yl46v4wv57alnhasta.ipfs.dweb.link
ipfs.io
itgold.pt
2602:fea2:2::1
5.253.180.21
41aa61b620d8ef3d9a3f826712c1b9a32aed3f00bf2bb7e90663d775c00aaac6
8b4defd065d7ff9fbe6c45e74f2ada9660724d3c80db586bf3adb82dd0c37f36
d821b8c489cce8225e2426092268ea570c115869213cf654eae559a828a2b8aa
de954bd5df83ff235635e5752fcb3a7c865a64260033f4d291c75d30b4c90f6b
e66d8f1437eaead687a5714763f5baa36c9955f8e3e02a7f344368b3f49b4e44