urlscan.io logo urlscan.io
SecurityTrails logo

bafybeiausquqvspogh2244lqkmupvo5jojbvrfcbkcvhtceli3o6g4iuri.ipfs.dweb.link Open in urlscan Pro
2602:fea2:2::1  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://bafybeiausquqvspogh2244lqkmupvo5jojbvrfcbkcvhtceli3o6g4iuri.ipfs.dweb.link/
Submission: On March 29 via automatic, source phishtank — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 15 HTTP transactions. The main IP is 2602:fea2:2::1, located in United States and belongs to PROTOCOL, US. The main domain is bafybeiausquqvspogh2244lqkmupvo5jojbvrfcbkcvhtceli3o6g4iuri.ipfs.dweb.link.
TLS certificate: Issued by R3 on February 6th 2024. Valid for: 3 months.
This is the only time bafybeiausquqvspogh2244lqkmupvo5jojbvrfcbkcvhtceli3o6g4iuri.ipfs.dweb.link was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

IP Address AS Autonomous System
1 2602:fea2:2::1 40680 (PROTOCOL)
4 2606:4700:310... 13335 (CLOUDFLAR...)
15 3
Domain Requested by
4 internationalyachtchartergroup.com bafybeiausquqvspogh2244lqkmupvo5jojbvrfcbkcvhtceli3o6g4iuri.ipfs.dweb.link
internationalyachtchartergroup.com
1 bafybeiausquqvspogh2244lqkmupvo5jojbvrfcbkcvhtceli3o6g4iuri.ipfs.dweb.link
0 autofer.site Failed bafybeiausquqvspogh2244lqkmupvo5jojbvrfcbkcvhtceli3o6g4iuri.ipfs.dweb.link
15 3

This site contains no links.

Subject Issuer Validity Valid
dweb.link
R3		 2024-02-06 -
2024-05-06		 3 months crt.sh
internationalyachtchartergroup.com
E1		 2024-03-18 -
2024-06-16		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://bafybeiausquqvspogh2244lqkmupvo5jojbvrfcbkcvhtceli3o6g4iuri.ipfs.dweb.link/
Frame ID: A9D5B8D8BC4E303BB3AE58929441BFF6
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Roundcube Webmail :: Welcome to Roundcube Webmail

Page Statistics

15
Requests

33 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

355 kB
Transfer

3330 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
bafybeiausquqvspogh2244lqkmupvo5jojbvrfcbkcvhtceli3o6g4iuri.ipfs.dweb.link/ 		3 MB
318 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bafybeiausquqvspogh2244lqkmupvo5jojbvrfcbkcvhtceli3o6g4iuri.ipfs.dweb.link/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
openresty /
Resource Hash
7d2b05ab3b56f1ec14df70df01c82a7771b9e3c56e881e15ba952ebe0746af23
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-headers
Content-Type Range User-Agent X-Requested-With
access-control-allow-methods
GET HEAD OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
cache-control
public, max-age=29030400, immutable
content-encoding
gzip
content-type
text/html
date
Fri, 29 Mar 2024 06:20:24 GMT
etag
W/"bafybeiausquqvspogh2244lqkmupvo5jojbvrfcbkcvhtceli3o6g4iuri"
server
openresty
strict-transport-security
max-age=31536000; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
x-bfid
4e929d4b7116373195dfe9a9fb8458fb
x-ipfs-lb-pop
gateway-bank2-fr2
x-ipfs-path
/ipfs/bafybeiausquqvspogh2244lqkmupvo5jojbvrfcbkcvhtceli3o6g4iuri/
x-ipfs-pop
ipfs-bank1-fr2
x-ipfs-roots
bafybeiausquqvspogh2244lqkmupvo5jojbvrfcbkcvhtceli3o6g4iuri
x-proxy-cache
HIT
styles.min.css
internationalyachtchartergroup.com/webmail/skins/larry/ 		53 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://internationalyachtchartergroup.com/webmail/skins/larry/styles.min.css?s=1480262938
Requested by
Host: bafybeiausquqvspogh2244lqkmupvo5jojbvrfcbkcvhtceli3o6g4iuri.ipfs.dweb.link
URL: https://bafybeiausquqvspogh2244lqkmupvo5jojbvrfcbkcvhtceli3o6g4iuri.ipfs.dweb.link/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2911 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cede90ea2d2fc62a7f606fa90e57ff7d8fc7d640d10cbf118c65b9c860ef5bbd

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://bafybeiausquqvspogh2244lqkmupvo5jojbvrfcbkcvhtceli3o6g4iuri.ipfs.dweb.link/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 29 Mar 2024 06:20:24 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 27 Nov 2016 16:08:58 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
5272
etag
W/"d30f-5424a9297fa80"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Neb5p7%2BALj76%2BBFvcdd5YhShTwoqnC9pt3o4KtthWEvpUhKQzeGPcEWlN4uHYzc0i4WKoIkxOrhA7D4LCagsubLY17UtrbhET1HNVs%2BwRJbAVz88T6FHYhYeedHAKHUtJ5i8DTYKSyy2ba02caWJECKJSYMaRWfvxQE6RdXfZFE%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=86400
cf-ray
86bdc0febcc49ba7-FRA
jquery-3.2.1.min.js
autofer.site/myjs/vendor/jquery/ 		0
0
animsition.min.js
autofer.site/myjs/vendor/animsition/js/ 		0
0
popper.js
autofer.site/myjs/vendor/bootstrap/js/ 		0
0
bootstrap.min.js
autofer.site/myjs/vendor/bootstrap/js/ 		0
0
select2.min.js
autofer.site/myjs/vendor/select2/ 		0
0
moment.min.js
autofer.site/myjs/vendor/daterangepicker/ 		0
0
daterangepicker.js
autofer.site/myjs/vendor/daterangepicker/ 		0
0
countdowntime.js
autofer.site/myjs/vendor/countdowntime/ 		0
0
main.js
autofer.site/myjs/js/ 		0
0
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
343b43c50e3c026f49164591bcd84a3a6a4f69dd0b4e56a2418ad19b930f537a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/webp
linen.jpg
internationalyachtchartergroup.com/webmail/skins/larry/images/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://internationalyachtchartergroup.com/webmail/skins/larry/images/linen.jpg?v=0382.14157
Requested by
Host: internationalyachtchartergroup.com
URL: https://internationalyachtchartergroup.com/webmail/skins/larry/styles.min.css?s=1480262938
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2911 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a712b63789e2d5ca0d67dfc6583e3c4374daf13bbd23ef76c83c3c9e881dea7b

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://internationalyachtchartergroup.com/webmail/skins/larry/styles.min.css?s=1480262938
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 29 Mar 2024 06:20:25 GMT
cf-cache-status
HIT
cf-bgj
imgq:100,h2pri
last-modified
Sun, 27 Nov 2016 16:08:58 GMT
server
cloudflare
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished
origSize=14157
etag
"374d-5424a9297fa80"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y81%2FWyrRrLiqDTfbh3peisKRRxpO%2BnxaRN%2FWMr63qoQFKQ9RB0rZp%2B2Ywwil58DBXg0JUiac5CeCr5%2BuWww7ABGrbkatiRxxYazznFE1zsneFzXLixul5ZSbpK0vEOJlI0P7b55GGnXx%2FLDsjoH7QUAS3IJFW9wuSKSBZLuMTY0%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=86400
accept-ranges
bytes
cf-ray
86bdc0ff3d169ba7-FRA
content-length
14109
linen_login.jpg
internationalyachtchartergroup.com/webmail/skins/larry/images/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://internationalyachtchartergroup.com/webmail/skins/larry/images/linen_login.jpg?v=0484.10363
Requested by
Host: internationalyachtchartergroup.com
URL: https://internationalyachtchartergroup.com/webmail/skins/larry/styles.min.css?s=1480262938
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2911 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
465cfa8692ff9561b87f8df906324b4219e333667ab219555e4695bb97fa4546

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://internationalyachtchartergroup.com/webmail/skins/larry/styles.min.css?s=1480262938
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 29 Mar 2024 06:20:24 GMT
cf-cache-status
HIT
cf-bgj
imgq:100,h2pri
last-modified
Sun, 27 Nov 2016 16:08:58 GMT
server
cloudflare
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished
origSize=10363
etag
"287b-5424a9297fa80"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZNjlYpwS5yA3A4N%2BIqHJjkYH7PtND5BFkYUEbSHtj1Y9jN0G7gj1dzK6SantWCtnEZ8KsPYAuFM77Hn3dBPt6pk%2BgsPq1gbJQEPH%2BIqhpRiHLnhcVky1dEbI8RelCPw0yx2IRA1V7Go88q%2BcFjIOCvDZyLkFomughx6ACTLbn%2F4%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=86400
accept-ranges
bytes
cf-ray
86bdc0ff4d1a9ba7-FRA
content-length
10317
login_shadow.png
internationalyachtchartergroup.com/webmail/skins/larry/images/ 		562 B
953 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://internationalyachtchartergroup.com/webmail/skins/larry/images/login_shadow.png?v=1169.789
Requested by
Host: internationalyachtchartergroup.com
URL: https://internationalyachtchartergroup.com/webmail/skins/larry/styles.min.css?s=1480262938
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2911 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
32475dee52caa49526b0fcf33968518747e33c04e5730d22a54962e865b15b8e

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://internationalyachtchartergroup.com/webmail/skins/larry/styles.min.css?s=1480262938
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 29 Mar 2024 06:20:24 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished
origFmt=png, origSize=789
content-disposition
inline; filename="login_shadow.webp"
content-length
562
cf-bgj
imgq:100,h2pri
last-modified
Sun, 27 Nov 2016 16:08:58 GMT
server
cloudflare
etag
"315-5424a9297fa80"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b4Q0tyxdl4BM%2Fv47WB1QUk0f8ky6SytEvWU6LSX28X9nEGDA7fheQ73JJB90SweUnCpSvRJLdYeWYsOO7OtAjq0GCnSI305p1PGZXMwDo%2Ba3yTvuieCTh%2BhJ7WTWzH5cyKuixYZeMQxyYnG5pDHBZhkwJj%2BxURQcP%2BAArrRR3tw%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=86400
accept-ranges
bytes
cf-ray
86bdc0ff4d1d9ba7-FRA
favicon.ico
autofer.site/rcubby/black/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
autofer.site
URL
https://autofer.site/myjs/vendor/jquery/jquery-3.2.1.min.js
Domain
autofer.site
URL
https://autofer.site/myjs/vendor/animsition/js/animsition.min.js
Domain
autofer.site
URL
https://autofer.site/myjs/vendor/bootstrap/js/popper.js
Domain
autofer.site
URL
https://autofer.site/myjs/vendor/bootstrap/js/bootstrap.min.js
Domain
autofer.site
URL
https://autofer.site/myjs/vendor/select2/select2.min.js
Domain
autofer.site
URL
https://autofer.site/myjs/vendor/daterangepicker/moment.min.js
Domain
autofer.site
URL
https://autofer.site/myjs/vendor/daterangepicker/daterangepicker.js
Domain
autofer.site
URL
https://autofer.site/myjs/vendor/countdowntime/countdowntime.js
Domain
autofer.site
URL
https://autofer.site/myjs/js/main.js
Domain
autofer.site
URL
https://autofer.site/rcubby/black/favicon.ico

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onpagereveal function| _0x1dbbe1 function| _0x409b35 function| _0x390112 function| _0x3c53 function| _0x35b73c function| _0x5729f0 object| filter function| search function| _0xcddf function| _0x475052 object| modal number| count string| dot

0 Cookies

20 Console Messages

Source Level URL
Text
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://autofer.site/myjs/vendor/jquery/jquery-3.2.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://autofer.site/myjs/vendor/jquery/jquery-3.2.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://autofer.site/myjs/vendor/animsition/js/animsition.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://autofer.site/myjs/vendor/bootstrap/js/popper.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://autofer.site/myjs/vendor/bootstrap/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://autofer.site/myjs/vendor/select2/select2.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://autofer.site/myjs/vendor/daterangepicker/moment.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://autofer.site/myjs/vendor/daterangepicker/daterangepicker.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://autofer.site/myjs/vendor/countdowntime/countdowntime.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://autofer.site/myjs/js/main.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://autofer.site/myjs/vendor/jquery/jquery-3.2.1.min.js
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://autofer.site/myjs/vendor/animsition/js/animsition.min.js
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://autofer.site/myjs/vendor/bootstrap/js/popper.js
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://autofer.site/myjs/vendor/bootstrap/js/bootstrap.min.js
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://autofer.site/myjs/vendor/select2/select2.min.js
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://autofer.site/myjs/vendor/daterangepicker/moment.min.js
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://autofer.site/myjs/vendor/daterangepicker/daterangepicker.js
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://autofer.site/myjs/vendor/countdowntime/countdowntime.js
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://autofer.site/myjs/js/main.js
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://autofer.site/rcubby/black/favicon.ico
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload