bafkreib5njiibirjf3wqjxljh77rwlp72vyhvzcy5c4ih3b6ci7g7cqpr4.ipfs.dweb.link
Open in
urlscan Pro
2602:fea2:2::1
Malicious Activity!
Public Scan
Effective URL: https://bafkreib5njiibirjf3wqjxljh77rwlp72vyhvzcy5c4ih3b6ci7g7cqpr4.ipfs.dweb.link/
Submission: On July 28 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on June 11th 2023. Valid for: 3 months.
This is the only time bafkreib5njiibirjf3wqjxljh77rwlp72vyhvzcy5c4ih3b6ci7g7cqpr4.ipfs.dweb.link was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 201.224.58.176 201.224.58.176 | 11556 (Cable & W...) (Cable & Wireless Panama) | |
1 2 | 185.90.59.205 185.90.59.205 | 9186 (ONI Lisbon) (ONI Lisbon) | |
1 | 2602:fea2:2::1 2602:fea2:2::1 | 40680 (PROTOCOL) (PROTOCOL) | |
1 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:2a | 20446 (STACKPATH...) (STACKPATH-CDN) | |
1 | 2a00:1450:400... 2a00:1450:4001:812::2001 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 6 |
ASN11556 (Cable & Wireless Panama, PA)
PTR: modulosms.cwpanama.com
bclientes.cwpanama.com |
ASN9186 (ONI Lisbon, Portugal., PT)
PTR: ativehosting.com
ccbcmd.kryptonproduction.com |
ASN40680 (PROTOCOL, US)
bafkreib5njiibirjf3wqjxljh77rwlp72vyhvzcy5c4ih3b6ci7g7cqpr4.ipfs.dweb.link |
ASN15169 (GOOGLE, US)
lh3.googleusercontent.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
kryptonproduction.com
1 redirects
ccbcmd.kryptonproduction.com |
830 B |
1 |
kgkagkgaga.ws
kgkagkgaga.ws — Cisco Umbrella Rank: 908817 |
|
1 |
googleusercontent.com
lh3.googleusercontent.com — Cisco Umbrella Rank: 107 |
193 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 743 |
78 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 265 |
14 KB |
1 |
dweb.link
bafkreib5njiibirjf3wqjxljh77rwlp72vyhvzcy5c4ih3b6ci7g7cqpr4.ipfs.dweb.link |
30 KB |
1 |
cwpanama.com
1 redirects
bclientes.cwpanama.com |
468 B |
6 | 7 |
Domain | Requested by | |
---|---|---|
2 | ccbcmd.kryptonproduction.com | 1 redirects |
1 | kgkagkgaga.ws |
code.jquery.com
|
1 | lh3.googleusercontent.com | |
1 | code.jquery.com |
ccbcmd.kryptonproduction.com
|
1 | cdnjs.cloudflare.com |
bafkreib5njiibirjf3wqjxljh77rwlp72vyhvzcy5c4ih3b6ci7g7cqpr4.ipfs.dweb.link
|
1 | bafkreib5njiibirjf3wqjxljh77rwlp72vyhvzcy5c4ih3b6ci7g7cqpr4.ipfs.dweb.link |
ccbcmd.kryptonproduction.com
|
1 | bclientes.cwpanama.com | 1 redirects |
6 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
dweb.link R3 |
2023-06-11 - 2023-09-09 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
*.googleusercontent.com GTS CA 1C3 |
2023-07-10 - 2023-10-02 |
3 months | crt.sh |
kgkagkgaga.ws E1 |
2023-07-20 - 2023-10-18 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://bafkreib5njiibirjf3wqjxljh77rwlp72vyhvzcy5c4ih3b6ci7g7cqpr4.ipfs.dweb.link/
Frame ID: 413D5F55AAAC97AAB906EC84F2DE7F6C
Requests: 6 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://bclientes.cwpanama.com/customers/module.php/core/loginuserpass.php?AuthState=_f6522b387362565de2fd6...
HTTP 302
http://ccbcmd.kryptonproduction.com/ccbcmd Page URL
-
http://ccbcmd.kryptonproduction.com/red.php?e=4736b757274696e6974697340636362636d642e656475
HTTP 302
https://bafkreib5njiibirjf3wqjxljh77rwlp72vyhvzcy5c4ih3b6ci7g7cqpr4.ipfs.dweb.link/ Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://bclientes.cwpanama.com/customers/module.php/core/loginuserpass.php?AuthState=_f6522b387362565de2fd6c90c667dff1393e050975%3Ahttp://ccbcmd.kryptonproduction.com/ccbcmd
HTTP 302
http://ccbcmd.kryptonproduction.com/ccbcmd Page URL
-
http://ccbcmd.kryptonproduction.com/red.php?e=4736b757274696e6974697340636362636d642e656475
HTTP 302
https://bafkreib5njiibirjf3wqjxljh77rwlp72vyhvzcy5c4ih3b6ci7g7cqpr4.ipfs.dweb.link/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://bclientes.cwpanama.com/customers/module.php/core/loginuserpass.php?AuthState=_f6522b387362565de2fd6c90c667dff1393e050975%3Ahttp://ccbcmd.kryptonproduction.com/ccbcmd HTTP 302
- http://ccbcmd.kryptonproduction.com/ccbcmd
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
ccbcmd
ccbcmd.kryptonproduction.com/ Redirect Chain
|
164 B 442 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
bafkreib5njiibirjf3wqjxljh77rwlp72vyhvzcy5c4ih3b6ci7g7cqpr4.ipfs.dweb.link/ Redirect Chain
|
39 KB 30 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crypto-js.min.js
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/ |
47 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.9.1.js
code.jquery.com/ |
262 KB 78 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AJFCJaXhZo6cUCNh1ssNQzSV3jc1ppd5Vt2HN5GjHL82rJR25OrOigrMWVvBpwQN6BD4T_qHdwh2spOZ9bKA-BqcHsttYMUy5sxc-E99nKe9pgDJsCX0icydpRhjm97W_S4_6cism2sTCOp-Oxa807yjCEw=w1580-h720-s-no
lh3.googleusercontent.com/pw/ |
192 KB 193 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
kgkagkgaga.ws/obufsssssssscaaatoion/ |
688 KB 0 |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)149 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| CryptoJS string| vIaSZKGN function| _0x368c function| _0x1379 function| _0x5f0b33 function| _0x2d5823 function| _0x26f95f function| _0x668ee4 function| _0x2d5291 function| _0xe444b function| _0x4685d6 function| _0x34490d function| _0x1b9485 function| _0x4e16e6 function| _0x39fce6 function| _0xe6b904 function| _0x55fb91 function| _0x10c3c0 function| _0x29dea3 function| _0x550c7b function| _0x2209d3 function| _0x449792 function| _0x5114a9 function| _0xde44 function| _0x13cd85 function| _0x3d17b6 function| _0xb5d53c function| _0x3b1a07 function| _0x3a101e function| _0x3c93ab function| _0x40a6fb function| _0x2fe0db function| _0x2a4081 function| _0x328b80 function| _0x459ae5 function| _0x1f9bda function| _0x3ac7cb function| _0x448b24 function| _0xf8d889 function| _0x2ed8e3 function| _0x75c2a4 function| _0x51a80a function| _0x3b9237 function| _0x2670e8 function| _0x3c5a65 function| _0x2f45a2 function| _0x307c36 function| _0x4908bf function| _0x73a47d function| _0x23294c function| _0x1da9d function| _0x2ef76c function| _0x3691c9 function| _0x4cd7d0 function| _0xd921a8 function| _0x1d6dba function| _0x22ff44 function| _0x1333f3 function| _0x24ef2f function| _0x8e04a0 function| _0x3021a5 function| _0x2a7615 function| _0x1e29b1 function| _0x173bbc function| _0x4938e5 function| _0x2d0451 function| _0x40f124 function| _0xdd7676 function| _0x6ba5cf function| _0x30baa2 function| _0x39bf1f function| _0x9393c8 function| _0x5c7e42 function| _0x5f4bc6 function| _0x19ab56 function| _0x2eee15 function| _0x2d4b85 function| _0x45388e function| _0x289aa8 function| _0x1a533c function| _0x4a642b function| _0x4e34e1 function| _0x5d0c61 function| _0x1fe438 function| _0x723ec6 function| _0x1442a4 function| _0x5f38b9 function| _0x172ac5 function| _0x28c034 function| _0x1da961 function| _0x1455ee function| _0x397144 function| _0x4d9286 function| _0x5c05b6 function| _0x55cf9b function| _0x694744 function| _0x4388c1 function| _0x52bc41 function| _0x39a67b function| _0x288a73 function| _0x2524f7 function| _0x4f64f0 function| _0x145d3d function| _0x5b7404 function| _0x4a5ebd function| _0x3daedc function| _0x1a225a function| _0x457591 function| _0x1a0238 function| _0x1ab323 function| _0x5959c2 function| _0x2a5f06 function| _0x223738 function| _0x5afddb function| _0x11f4b0 function| _0x21f1e8 function| _0x70d7f7 function| _0x21f916 function| _0x4164ac function| _0x4fe1f0 function| _0x436074 function| _0x5b4902 function| _0x291745 function| _0x17d670 function| _0x226d8e function| _0x464026 function| _0x2d9108 function| _0x2be871 function| _0x537697 function| _0x504870 function| _0x1b2a5f function| _0x27d8d7 function| _0x2ff346 function| _0x3f79b0 function| _0x397713 function| _0x302a51 function| _0x416225 function| _0x430c57 function| _0x4d503e function| _0x225187 object| _0x4701 string| IGOBZL string| cbbg string| kaka90nal string| ka45k459final2 string| kak0011afinal number| countttingerr function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
bclientes.cwpanama.com/ | Name: PHPSESSID Value: 82bfb245f8487b07bea0a22a3e6a9a7a |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bafkreib5njiibirjf3wqjxljh77rwlp72vyhvzcy5c4ih3b6ci7g7cqpr4.ipfs.dweb.link
bclientes.cwpanama.com
ccbcmd.kryptonproduction.com
cdnjs.cloudflare.com
code.jquery.com
kgkagkgaga.ws
lh3.googleusercontent.com
185.90.59.205
2001:4de0:ac18::1:a:2a
201.224.58.176
2602:fea2:2::1
2606:4700::6811:180e
2a00:1450:4001:812::2001
2a06:98c1:3120::3
3d6a5080a2292eed04dd693fff1b2dffd5707ae458e8b883ec3e123e6f8a0f8f
7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
c51ecfdbb39612d629bbbfa57896c63dc52971d7bcf78f1795944be16274a8eb