ipfs.eth.aragon.network
Open in
urlscan Pro
146.190.204.125
Malicious Activity!
Public Scan
Submission: On June 30 via api from LU — Scanned from DE
Summary
TLS certificate: Issued by R3 on June 6th 2024. Valid for: 3 months.
This is the only time ipfs.eth.aragon.network was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Protonmail (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 146.190.204.125 146.190.204.125 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
2 | 2606:4700::68... 2606:4700::6812:bb1f | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 23.111.177.2 23.111.177.2 | 29802 (HVC-AS) (HVC-AS) | |
1 | 151.101.2.132 151.101.2.132 | 54113 (FASTLY) (FASTLY) | |
1 | 185.70.42.36 185.70.42.36 | 62371 (PROTON) (PROTON) | |
8 | 5 |
ASN14061 (DIGITALOCEAN-ASN, US)
ipfs.eth.aragon.network |
ASN62371 (PROTON, CH)
PTR: 185-70-42-36.protonmail.ch
account.proton.me |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
aragon.network
ipfs.eth.aragon.network — Cisco Umbrella Rank: 928177 |
134 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 381 |
25 KB |
1 |
proton.me
account.proton.me — Cisco Umbrella Rank: 59605 |
1 KB |
1 |
glitch.global
cdn.glitch.global — Cisco Umbrella Rank: 348647 |
17 KB |
1 |
facetfab.com
facetfab.com |
26 KB |
8 | 5 |
Domain | Requested by | |
---|---|---|
3 | ipfs.eth.aragon.network |
ipfs.eth.aragon.network
|
2 | cdn.jsdelivr.net |
ipfs.eth.aragon.network
|
1 | account.proton.me |
facetfab.com
|
1 | cdn.glitch.global |
facetfab.com
|
1 | facetfab.com |
ipfs.eth.aragon.network
|
8 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ipfs.eth.aragon.network R3 |
2024-06-06 - 2024-09-04 |
3 months | crt.sh |
*.jsdelivr.net Sectigo RSA Domain Validation Secure Server CA |
2024-05-04 - 2025-05-04 |
a year | crt.sh |
facetfab.com R3 |
2024-05-05 - 2024-08-03 |
3 months | crt.sh |
cdn.glitch.global R3 |
2024-05-30 - 2024-08-28 |
3 months | crt.sh |
proton.me R3 |
2024-05-14 - 2024-08-12 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://ipfs.eth.aragon.network/ipfs/bafybeia37xkvv4e6yxbk67y23k4wzjz2zrh5mg77mxxjuqbrvsecpq7s7a
Frame ID: 7689E20D16CFEC4B9EAE6BCF5621B10D
Requests: 7 HTTP requests in this frame
Frame:
https://ipfs.eth.aragon.network/ipfs/Proton%20%20Account_files/html.html
Frame ID: DE8F88E682EE6943785A6743E61A33BB
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Mail LoginDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jsDelivr (CDN) Expand
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
bafybeia37xkvv4e6yxbk67y23k4wzjz2zrh5mg77mxxjuqbrvsecpq7s7a
ipfs.eth.aragon.network/ipfs/ |
133 KB 133 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.0.0/dist/css/ |
141 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.a1c97931.css
facetfab.com/ |
159 KB 26 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email.min.js
cdn.jsdelivr.net/npm/@emailjs/browser@3/dist/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
html.html
ipfs.eth.aragon.network/ipfs/Proton%20%20Account_files/ Frame DE8F |
112 B 205 B |
Document
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aae5995f35b62f18223e.jpg
cdn.glitch.global/aec2dedd-3a76-4829-a4ec-5f0b11844b26/ |
17 KB 17 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
host.png
account.proton.me/assets/ |
42 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
ipfs.eth.aragon.network/ |
56 B 164 B |
Other
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Protonmail (Online)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 undefined| event object| fence object| sharedStorage object| emailjs function| sendMail2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
account.proton.me/ | Name: Domain Value: proton.me |
|
account.proton.me/ | Name: Tag Value: default |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
account.proton.me
cdn.glitch.global
cdn.jsdelivr.net
facetfab.com
ipfs.eth.aragon.network
146.190.204.125
151.101.2.132
185.70.42.36
23.111.177.2
2606:4700::6812:bb1f
19efc8c6edf67c5ca415a388dcf4aa0bfc854347e1ecd172fbe160c1fa2bec82
1ef0e1c669d3283ee8e426f1a5936d5bae24ce26cf0207f8c4b1ae324718006f
249f5139f01396e20b067fbe6db17315981fb1c36c64d64df224bcf0f8750eab
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
69c1f1f685d99b3dabea28214738dc1dfedd8a4dddb63c7aab1df0d42e18d6ad
a71e6b5e96c24b522ad97ed964dbb74318a6e1f20d1293d85b90b0e2323394b2
d637ebc7fb2e6e942c50f0ce7cdcac30982bd8a98f8ad59010225a509bf68765
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629