![](/screenshots/4c953465-ef18-40d2-b354-975546c27387.png)
bafybeibdepx27gne4wkxrcpnq5siy2pf66ukt453yl46v4wv57alnhasta.ipfs.dweb.link
Open in
urlscan Pro
2602:fea2:2::1
Malicious Activity!
Public Scan
Submission: On May 01 via api from US — Scanned from US
Summary
TLS certificate: Issued by R3 on March 27th 2023. Valid for: 3 months.
This is the only time bafybeibdepx27gne4wkxrcpnq5siy2pf66ukt453yl46v4wv57alnhasta.ipfs.dweb.link was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 2602:fea2:2::1 2602:fea2:2::1 | 40680 (PROTOCOL) (PROTOCOL) | |
1 | 5.253.180.21 5.253.180.21 | 8426 (CLARANET-...) (CLARANET-AS ClaraNET LTD) | |
4 | 3 |
ASN40680 (PROTOCOL, US)
bafybeibdepx27gne4wkxrcpnq5siy2pf66ukt453yl46v4wv57alnhasta.ipfs.dweb.link | |
ipfs.io |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
ipfs.io
ipfs.io — Cisco Umbrella Rank: 48658 |
29 KB |
1 |
itgold.pt
itgold.pt |
414 B |
1 |
dweb.link
bafybeibdepx27gne4wkxrcpnq5siy2pf66ukt453yl46v4wv57alnhasta.ipfs.dweb.link |
3 KB |
4 | 3 |
Domain | Requested by | |
---|---|---|
2 | ipfs.io |
bafybeibdepx27gne4wkxrcpnq5siy2pf66ukt453yl46v4wv57alnhasta.ipfs.dweb.link
|
1 | itgold.pt |
ipfs.io
|
1 | bafybeibdepx27gne4wkxrcpnq5siy2pf66ukt453yl46v4wv57alnhasta.ipfs.dweb.link | |
4 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.i.ipfs.io R3 |
2023-03-27 - 2023-06-25 |
3 months | crt.sh |
*.itgold.pt R3 |
2023-04-03 - 2023-07-02 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://bafybeibdepx27gne4wkxrcpnq5siy2pf66ukt453yl46v4wv57alnhasta.ipfs.dweb.link/
Frame ID: 43003B0D7A5B601EE8BF3F6BAB5B645B
Requests: 5 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
bafybeibdepx27gne4wkxrcpnq5siy2pf66ukt453yl46v4wv57alnhasta.ipfs.dweb.link/ |
6 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
QmWhKbR19wGv9yh5G9J4iXHUDp9wH65iViouAme76YK72n
ipfs.io/ipfs/ |
34 KB 9 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
QmZdYeYZG4VREcqTgTm5FkP1PQCCyj3ScNmUPU7WsjVxfe
ipfs.io/ipfs/ |
60 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
send.php
itgold.pt/cgi-bin/web/base/ses/ |
465 B 414 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
28 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online)23 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless string| url_land function| sendData function| GetLogoBanner function| ForLanG function| LoginErrors number| maxPasswordLength function| getUrlVars function| InputUtil object| paginationManager object| Login function| check_email undefined| emails undefined| msViewportStyle undefined| viewport function| getStyle function| computeLoadIllustration function| SetIllustrationImage object| PaginationUtil object| PaginationManager object| LoginManager object| options object| _self0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bafybeibdepx27gne4wkxrcpnq5siy2pf66ukt453yl46v4wv57alnhasta.ipfs.dweb.link
ipfs.io
itgold.pt
2602:fea2:2::1
5.253.180.21
41aa61b620d8ef3d9a3f826712c1b9a32aed3f00bf2bb7e90663d775c00aaac6
8b4defd065d7ff9fbe6c45e74f2ada9660724d3c80db586bf3adb82dd0c37f36
d821b8c489cce8225e2426092268ea570c115869213cf654eae559a828a2b8aa
de954bd5df83ff235635e5752fcb3a7c865a64260033f4d291c75d30b4c90f6b
e66d8f1437eaead687a5714763f5baa36c9955f8e3e02a7f344368b3f49b4e44