urlscan.io logo urlscan.io
SecurityTrails logo

bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq.ipfs.dweb.link Open in urlscan Pro
2602:fea2:2::1  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq.ipfs.dweb.link/
Submission: On March 02 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 15 HTTP transactions. The main IP is 2602:fea2:2::1, located in United States and belongs to PROTOCOL, US. The main domain is bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq.ipfs.dweb.link.
TLS certificate: Issued by R3 on February 6th 2024. Valid for: 3 months.
This is the only time bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq.ipfs.dweb.link was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

IP Address AS Autonomous System
1 2602:fea2:2::1 40680 (PROTOCOL)
1 216.194.164.209 22611 (INMOTION)
3 95.164.33.245 44477 (STARK-IND...)
15 4
Domain Requested by
3 bzrexna.site cooltechem.com
1 cooltechem.com bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq.ipfs.dweb.link
1 bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq.ipfs.dweb.link
0 autofer.site Failed bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq.ipfs.dweb.link
15 4

This site contains links to these domains. Also see Links.

Domain
go.cpanel.net
Subject Issuer Validity Valid
dweb.link
R3		 2024-02-06 -
2024-05-06		 3 months crt.sh
cooltechem.com
cPanel, Inc. Certification Authority		 2024-02-23 -
2024-05-23		 3 months crt.sh
*.bzrexna.site
R3		 2024-02-11 -
2024-05-11		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq.ipfs.dweb.link/
Frame ID: F4EEB541A0D61F30B2C14C59059FF20D
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Webmail Login

Page Statistics

15
Requests

33 %
HTTPS

33 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

482 kB
Transfer

2094 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq.ipfs.dweb.link/ 		2 MB
338 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq.ipfs.dweb.link/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
openresty /
Resource Hash
c72a0a3fc0aa739c9c5f61c622b61da8c6568a2dabbb782df717ccb608c5b6d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

access-control-allow-headers
Content-Type Range User-Agent X-Requested-With
access-control-allow-methods
GET HEAD OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
cache-control
public, max-age=29030400, immutable
content-encoding
gzip
content-type
text/html
date
Sat, 02 Mar 2024 06:10:01 GMT
etag
W/"bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq"
server
openresty
strict-transport-security
max-age=31536000; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
x-bfid
c85bb2c97509ff69fb2afcaf951951cf
x-ipfs-lb-pop
gateway-bank1-dc13
x-ipfs-path
/ipfs/bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq/
x-ipfs-pop
ipfs-bank3-dc13
x-ipfs-roots
bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq
x-proxy-cache
MISS
rb.css
cooltechem.com/images/ 		141 KB
141 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cooltechem.com/images/rb.css
Requested by
Host: bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq.ipfs.dweb.link
URL: https://bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq.ipfs.dweb.link/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
216.194.164.209 , United States, ASN22611 (INMOTION, US),
Reverse DNS
ded4012.inmotionhosting.com
Software
Apache /
Resource Hash
68e0d82fadebea53e180a9c24e9517d629e9c3751d0d6297ccc9148e598530f6

Request headers

accept-language
en-US,en;q=0.9
Referer
https://bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq.ipfs.dweb.link/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date
Sat, 02 Mar 2024 06:13:47 GMT
Last-Modified
Mon, 12 Feb 2024 22:55:41 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
144458
jquery-3.2.1.min.js
autofer.site/myjs/vendor/jquery/ 		0
0
webmail-logo.svg
autofer.site/rcubby/ufiles/ 		0
0
animsition.min.js
autofer.site/myjs/vendor/animsition/js/ 		0
0
popper.js
autofer.site/myjs/vendor/bootstrap/js/ 		0
0
bootstrap.min.js
autofer.site/myjs/vendor/bootstrap/js/ 		0
0
select2.min.js
autofer.site/myjs/vendor/select2/ 		0
0
moment.min.js
autofer.site/myjs/vendor/daterangepicker/ 		0
0
daterangepicker.js
autofer.site/myjs/vendor/daterangepicker/ 		0
0
countdowntime.js
autofer.site/myjs/vendor/countdowntime/ 		0
0
main.js
autofer.site/myjs/js/ 		0
0
notice-error.png
bzrexna.site/rcubby/ufiles/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bzrexna.site/rcubby/ufiles/notice-error.png
Requested by
Host: cooltechem.com
URL: https://cooltechem.com/images/rb.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
95.164.33.245 Stockholm, Sweden, ASN44477 (STARK-INDUSTRIES, GB),
Reverse DNS
vm2090149.stark-industries.solutions
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
bcaf01928e5c7246ab0bb7e83f609b485a67a5e442d3dd94539a883c11fb70cd

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cooltechem.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date
Sat, 02 Mar 2024 06:13:48 GMT
Last-Modified
Sun, 17 Sep 2023 14:10:26 GMT
Server
Apache/2.4.41 (Ubuntu)
ETag
"402-6058e96565880"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1026
icon-username.png
bzrexna.site/rcubby/ufiles/ 		320 B
605 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bzrexna.site/rcubby/ufiles/icon-username.png
Requested by
Host: cooltechem.com
URL: https://cooltechem.com/images/rb.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
95.164.33.245 Stockholm, Sweden, ASN44477 (STARK-INDUSTRIES, GB),
Reverse DNS
vm2090149.stark-industries.solutions
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
05ce0f813e6236158fa1d115faba62cd2041aab1878cac0960a0f45575cece1e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cooltechem.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date
Sat, 02 Mar 2024 06:13:48 GMT
Last-Modified
Sun, 17 Sep 2023 14:10:26 GMT
Server
Apache/2.4.41 (Ubuntu)
ETag
"140-6058e96565880"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
320
icon-password.png
bzrexna.site/rcubby/ufiles/ 		450 B
735 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bzrexna.site/rcubby/ufiles/icon-password.png
Requested by
Host: cooltechem.com
URL: https://cooltechem.com/images/rb.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
95.164.33.245 Stockholm, Sweden, ASN44477 (STARK-INDUSTRIES, GB),
Reverse DNS
vm2090149.stark-industries.solutions
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
a02998df88a6efb0baa526796b2b682ce9fdd6471ceb19170b326320f22f7053

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cooltechem.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date
Sat, 02 Mar 2024 06:13:48 GMT
Last-Modified
Sun, 17 Sep 2023 14:10:26 GMT
Server
Apache/2.4.41 (Ubuntu)
ETag
"1c2-6058e96565880"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
450
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
70667a94ef79118b93b13b1cb41fcb11b09e8fd3ce0c9c82680ed5f991ba9a32

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Content-Type
image/svg+xml

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
autofer.site
URL
https://autofer.site/myjs/vendor/jquery/jquery-3.2.1.min.js
Domain
autofer.site
URL
https://autofer.site/rcubby/ufiles/webmail-logo.svg
Domain
autofer.site
URL
https://autofer.site/myjs/vendor/animsition/js/animsition.min.js
Domain
autofer.site
URL
https://autofer.site/myjs/vendor/bootstrap/js/popper.js
Domain
autofer.site
URL
https://autofer.site/myjs/vendor/bootstrap/js/bootstrap.min.js
Domain
autofer.site
URL
https://autofer.site/myjs/vendor/select2/select2.min.js
Domain
autofer.site
URL
https://autofer.site/myjs/vendor/daterangepicker/moment.min.js
Domain
autofer.site
URL
https://autofer.site/myjs/vendor/daterangepicker/daterangepicker.js
Domain
autofer.site
URL
https://autofer.site/myjs/vendor/countdowntime/countdowntime.js
Domain
autofer.site
URL
https://autofer.site/myjs/js/main.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| _0x1af513 function| _0x20913b function| _0x19a835 function| _0x515017 function| _0x251390 function| _0x2d9d58 function| _0x4358 function| _0x2664df function| _0x4bcc35 function| _0x347107 function| _0x4a99 object| filter function| search object| modal function| _0xdf5f0c number| count function| _0x4e93f string| dot

0 Cookies

20 Console Messages

Source Level URL
Text
javascript warning URL: https://bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq.ipfs.dweb.link/
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://autofer.site/myjs/vendor/jquery/jquery-3.2.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq.ipfs.dweb.link/
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://autofer.site/myjs/vendor/jquery/jquery-3.2.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq.ipfs.dweb.link/
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://autofer.site/myjs/vendor/animsition/js/animsition.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq.ipfs.dweb.link/
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://autofer.site/myjs/vendor/bootstrap/js/popper.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq.ipfs.dweb.link/
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://autofer.site/myjs/vendor/bootstrap/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq.ipfs.dweb.link/
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://autofer.site/myjs/vendor/select2/select2.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq.ipfs.dweb.link/
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://autofer.site/myjs/vendor/daterangepicker/moment.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq.ipfs.dweb.link/
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://autofer.site/myjs/vendor/daterangepicker/daterangepicker.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq.ipfs.dweb.link/
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://autofer.site/myjs/vendor/countdowntime/countdowntime.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://bafybeieoork6f42zkexugpigqrysnccen2n3b3nsbwdhbtyrnpl4oziukq.ipfs.dweb.link/
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://autofer.site/myjs/js/main.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://autofer.site/rcubby/ufiles/webmail-logo.svg
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://autofer.site/myjs/vendor/jquery/jquery-3.2.1.min.js
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://autofer.site/myjs/vendor/animsition/js/animsition.min.js
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://autofer.site/myjs/vendor/bootstrap/js/popper.js
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://autofer.site/myjs/vendor/bootstrap/js/bootstrap.min.js
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://autofer.site/myjs/vendor/select2/select2.min.js
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://autofer.site/myjs/vendor/daterangepicker/moment.min.js
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://autofer.site/myjs/vendor/daterangepicker/daterangepicker.js
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://autofer.site/myjs/vendor/countdowntime/countdowntime.js
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://autofer.site/myjs/js/main.js
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload