ipfs.eth.aragon.network Open in urlscan Pro
146.190.204.125  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request bafkreidh6a4hncy5kbo4jhmbdzj4oz7axs3iydshu7g45bbjguahhuhezm Show response ipfs.eth.aragon.network/ipfs/	40 KB 40 KB	111ms 83ms	Document text/html	146.190.204.125 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://ipfs.eth.aragon.network/ipfs/bafkreidh6a4hncy5kbo4jhmbdzj4oz7axs3iydshu7g45bbjguahhuhezm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 146.190.204.125 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.21.6 / Resource Hash 67f038768b1d505dc49d811e53c767e0bcb68c0e47a7cdce8429350073d0e4cb Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers accept-ranges bytes access-control-allow-headers Content-Type Range User-Agent X-Requested-With access-control-allow-methods GET access-control-allow-origin * access-control-expose-headers Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output cache-control public, max-age=29030400, immutable content-length 40494 content-type text/html date Fri, 17 May 2024 07:10:58 GMT etag "bafkreidh6a4hncy5kbo4jhmbdzj4oz7axs3iydshu7g45bbjguahhuhezm" server nginx/1.21.6 x-ipfs-path /ipfs/bafkreidh6a4hncy5kbo4jhmbdzj4oz7axs3iydshu7g45bbjguahhuhezm x-ipfs-roots bafkreidh6a4hncy5kbo4jhmbdzj4oz7axs3iydshu7g45bbjguahhuhezm
GET H3	200	crypto-js.min.js Show response cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/	47 KB 14 KB	32ms 19ms	Script application/javascript	104.17.25.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js Requested by Host: ipfs.eth.aragon.network URL: https://ipfs.eth.aragon.network/ipfs/bafkreidh6a4hncy5kbo4jhmbdzj4oz7axs3iydshu7g45bbjguahhuhezm Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://ipfs.eth.aragon.network/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 17 May 2024 07:10:58 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 21878 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 13972 last-modified Sat, 14 Aug 2021 20:33:09 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "61182885-3694" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=47rQ5dWI2xY8V633N54N4CdQdpW45CV3%2FQqoRQPRz4F%2FagCJKESZIbEJMj3bAt0JMDggd3s%2BJqShkve29wroTfDLBkGvuIUEsNS4%2BOYaDWOWQW4r%2F5Mue29qZBqDKda8Dnmvxn7f"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 8851ca6deb752be9-FRA expires Wed, 07 May 2025 07:10:58 GMT
GET H2	200	jquery-1.9.1.js Show response code.jquery.com/	262 KB 78 KB	32ms 7ms	Script application/javascript	2a04:4e42:200::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-1.9.1.js Requested by Host: ipfs.eth.aragon.network URL: https://ipfs.eth.aragon.network/ipfs/bafkreidh6a4hncy5kbo4jhmbdzj4oz7axs3iydshu7g45bbjguahhuhezm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://ipfs.eth.aragon.network/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 17 May 2024 07:10:58 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 3555324 x-cache HIT, HIT content-length 79506 x-served-by cache-lga21952-LGA, cache-fra-eddf8230159-FRA last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1715929858.289261,VS0,VE0 etag W/"28feccc0-4185d" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 16, 68330
GET H2	200	AJFCJaXhZo6cUCNh1ssNQzSV3jc1ppd5Vt2HN5GjHL82rJR25OrOigrMWVvBpwQN6BD4T_qHdwh2spOZ9bKA-BqcHsttYMUy5sxc-E99nKe9pgDJsCX0icydpRhjm97W_S4_6cism2sTCOp-Oxa807yjCEw=w1580-h720-s-no lh3.googleusercontent.com/pw/	192 KB 193 KB	261ms 238ms	Image image/gif	2a00:1450:4001:812::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://lh3.googleusercontent.com/pw/AJFCJaXhZo6cUCNh1ssNQzSV3jc1ppd5Vt2HN5GjHL82rJR25OrOigrMWVvBpwQN6BD4T_qHdwh2spOZ9bKA-BqcHsttYMUy5sxc-E99nKe9pgDJsCX0icydpRhjm97W_S4_6cism2sTCOp-Oxa807yjCEw=w1580-h720-s-no?authuser=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software fife / Resource Hash c51ecfdbb39612d629bbbfa57896c63dc52971d7bcf78f1795944be16274a8eb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://ipfs.eth.aragon.network/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 17 May 2024 07:10:58 GMT x-content-type-options nosniff server fife etag "v51" vary Origin content-type image/gif access-control-expose-headers Content-Length cache-control private, max-age=86400, no-transform cross-origin-resource-policy cross-origin content-disposition inline;filename="Flashback - Jul 5, 2023 00_04_12.gif" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 197044 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	AMWts8CjWLE-4lSHnzZVyyi38RiG_iHUev92wvk3GXVlZur4_v68tJc5TxPcsfc6Vo4P2_Sa5_Dg4wBjO9x0q0xYFQKyjpg1zURhvOLxyPhDhPJg_Z8XDFduSWtavIhhZp_z9dX4zrOp2jk9GCWUmL_6qus=s128-no lh3.googleusercontent.com/pw/	330 B 439 B	273ms 255ms	Other image/png	2a00:1450:4001:812::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://lh3.googleusercontent.com/pw/AMWts8CjWLE-4lSHnzZVyyi38RiG_iHUev92wvk3GXVlZur4_v68tJc5TxPcsfc6Vo4P2_Sa5_Dg4wBjO9x0q0xYFQKyjpg1zURhvOLxyPhDhPJg_Z8XDFduSWtavIhhZp_z9dX4zrOp2jk9GCWUmL_6qus=s128-no Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software fife / Resource Hash fea8fbaec75213e1af8005edfcdc94e7b5d7dca6ddb4e262d66e4756bda96d54 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://ipfs.eth.aragon.network/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 17 May 2024 07:10:58 GMT x-content-type-options nosniff server fife etag "v30" vary Origin content-type image/png access-control-expose-headers Content-Length cache-control private, max-age=86400, no-transform cross-origin-resource-policy cross-origin content-disposition inline;filename="logo-off-1.png" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 330 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST		/ wctrjw96lr.lopapscop.ws/obufsssssssscaaatoion/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

wctrjw96lr.lopapscop.ws

URL

https://wctrjw96lr.lopapscop.ws/obufsssssssscaaatoion/

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

156 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| CryptoJS string| ykyqsvWn function| _0x5016 function| _0x263e01 function| _0x3e042d function| _0x4d526d function| _0x564986 function| _0x56c307 function| _0x480662 function| _0x518f10 function| _0x260ff3 function| _0x404465 function| _0x48a618 function| _0x5a4b1e function| _0x2f57d1 function| _0x321d9a function| _0x4bd58e function| _0x27b778 function| _0x567761 function| _0x514f34 function| _0x18e531 function| _0x1f7969 function| _0x34de6a function| _0x3de8e9 function| _0x578458 function| _0x14e5b2 function| _0x6a78f3 function| _0x22dc3f function| _0x574c40 function| _0x1eab75 function| _0x4e651d function| _0x390dbe function| _0x164006 function| _0x49b9a1 function| _0x5cff50 function| _0x212d00 function| _0xe0b83b function| _0x26a5b6 function| _0x322902 function| _0x309682 function| _0x2d603a function| _0x540fec function| _0x435ed7 function| _0x2fdb0c function| _0x15a017 function| _0x139825 function| _0x2c094d function| _0x4180d6 function| _0x50b58a function| _0x7c7c83 function| _0x24b75f function| _0xc0937a function| _0x6b1979 function| _0x178297 function| _0x37a7c8 function| _0x215b36 function| _0x47e3ee function| _0x21c86b function| _0x2b0709 function| _0x3238f8 function| _0x3c9feb function| _0x3c1fdf function| _0x4f7fc8 function| _0xb41538 function| _0x3edc28 function| _0x4a2643 function| _0x398fa4 function| _0x53ba0a function| _0x1b2934 function| _0x58c791 function| _0x4d1a0b function| _0x457c2c function| _0x52687e function| _0x4dde9e function| _0x5a8606 function| _0x31cc07 function| _0x280cb2 function| _0x2c7d8e function| _0x5aecc0 function| _0x399177 function| _0x2dffca function| _0x3653b7 function| _0x378d5c function| _0xd43a15 function| _0x1cb69d function| _0x1d3744 function| _0x519cfb function| _0x21bf22 function| _0x53f5cd function| _0x43089c function| _0x58ef64 function| _0xc2e02 function| _0x6616bf function| _0x504a8f function| _0x4a8035 function| _0x13ea32 function| _0x2c252c function| _0xbb1a83 function| _0x5f1738 function| _0x2fc31b function| _0x520cb6 function| _0xf56198 function| _0x11eef6 function| _0x3039a9 function| _0xd9ed9 function| _0xceb537 function| _0x2fd0b3 function| _0x464e8e function| _0x3bf0ce function| _0x12e635 function| _0x2257c7 function| _0x51bcf2 function| _0x168e88 function| _0x45bf43 function| _0x1f1c20 function| _0x3deda8 function| _0x2bcd8d function| _0x4f3601 function| _0x48cf47 function| _0x1c812b function| _0x244db8 function| _0x145789 function| _0x415bf2 function| _0x36172a function| _0x24cbd6 function| _0x366ecf function| _0x1de213 function| _0x43c67b function| _0x21fb9f function| _0x399d6d function| _0x3b9de1 function| _0x8e5a4 function| _0x501643 function| _0x3054be function| _0x1edc46 function| _0x29ab91 function| _0x21e592 function| _0x540e12 function| _0x33e291 function| _0x7a78f4 function| _0x3f8685 function| _0x19ca2b function| _0x46ed64 function| _0x3f1b45 function| _0x42f739 function| _0x44f88e function| _0x381b object| _0x74bf string| IGOBZL string| cbbg string| kaka90nal string| ka45k459final2 string| kak0011afinal number| countttingerr function| $ function| jQuery

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
code.jquery.com
ipfs.eth.aragon.network
lh3.googleusercontent.com
wctrjw96lr.lopapscop.ws
wctrjw96lr.lopapscop.ws
104.17.25.14
146.190.204.125
2a00:1450:4001:812::2001
2a04:4e42:200::649
67f038768b1d505dc49d811e53c767e0bcb68c0e47a7cdce8429350073d0e4cb
7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
c51ecfdbb39612d629bbbfa57896c63dc52971d7bcf78f1795944be16274a8eb
fea8fbaec75213e1af8005edfcdc94e7b5d7dca6ddb4e262d66e4756bda96d54