ipfs.io
Open in
urlscan Pro
2602:fea2:2::1
Malicious Activity!
Public Scan
Effective URL: https://ipfs.io/ipfs/QmSRiCYu3V9NFq2wiK6Mqb3ShYCBA2GLQJwwA7ZdfGJ597?filename=QmSRiCYu3V9NFq2wiK6Mqb3ShYCBA2GLQJw...
Submission: On May 23 via automatic, source phishtank — Scanned from DE
Summary
TLS certificate: Issued by R3 on March 27th 2023. Valid for: 3 months.
This is the only time ipfs.io was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Yahoo (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2602:fea2:2::1 2602:fea2:2::1 | 40680 (PROTOCOL) (PROTOCOL) | |
1 | 2a00:1450:400... 2a00:1450:4001:82f::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700::68... 2606:4700::6812:acf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 192.229.133.221 192.229.133.221 | 15133 (EDGECAST) (EDGECAST) | |
1 | 169.47.124.25 169.47.124.25 | 36351 (SOFTLAYER) (SOFTLAYER) | |
1 | 2a00:1288:80:... 2a00:1288:80:807::2 | 203220 (YAHOO-DEB) (YAHOO-DEB) | |
7 | 8 |
ASN36351 (SOFTLAYER, US)
PTR: 19.7c.2fa9.ip4.static.sl-reverse.com
nextgen-error-gen-apiv3.us-south.cf.appdomain.cloud |
Apex Domain Subdomains |
Transfer | |
---|---|---|
1 |
yimg.com
s.yimg.com — Cisco Umbrella Rank: 558 |
2 KB |
1 |
appdomain.cloud
nextgen-error-gen-apiv3.us-south.cf.appdomain.cloud |
2 KB |
1 |
w3schools.com
www.w3schools.com — Cisco Umbrella Rank: 15931 |
5 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 199 |
6 KB |
1 |
bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2440 |
15 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 320 |
30 KB |
1 |
ipfs.io
ipfs.io — Cisco Umbrella Rank: 43968 |
260 KB |
7 | 7 |
Domain | Requested by | |
---|---|---|
1 | s.yimg.com | |
1 | nextgen-error-gen-apiv3.us-south.cf.appdomain.cloud |
ipfs.io
|
1 | www.w3schools.com |
ipfs.io
|
1 | cdnjs.cloudflare.com |
ipfs.io
|
1 | stackpath.bootstrapcdn.com |
ipfs.io
|
1 | ajax.googleapis.com |
ipfs.io
|
1 | ipfs.io | |
7 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.i.ipfs.io R3 |
2023-03-27 - 2023-06-25 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-04-24 - 2023-07-17 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-12-30 - 2023-12-30 |
a year | crt.sh |
*.w3schools.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-03-05 - 2024-04-04 |
a year | crt.sh |
*.us-south.cf.appdomain.cloud DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-04-21 - 2024-04-19 |
a year | crt.sh |
*.api.fantasysports.yahoo.com DigiCert SHA2 High Assurance Server CA |
2023-05-22 - 2023-07-12 |
2 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ipfs.io/ipfs/QmSRiCYu3V9NFq2wiK6Mqb3ShYCBA2GLQJwwA7ZdfGJ597?filename=QmSRiCYu3V9NFq2wiK6Mqb3ShYCBA2GLQJwwA7ZdfGJ597
Frame ID: 82D54621AAA8C4C813576F84B973EF17
Requests: 8 HTTP requests in this frame
Screenshot
Page Title
PORTAL - X Mail AuthenticationDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
QmSRiCYu3V9NFq2wiK6Mqb3ShYCBA2GLQJwwA7ZdfGJ597
ipfs.io/ipfs/ |
369 KB 260 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ |
50 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ |
30 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w3.css
www.w3schools.com/w3css/4/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
nextgen-error-gen-apiv3.us-south.cf.appdomain.cloud/ |
1 KB 2 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
220 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png
s.yimg.com/rz/p/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Yahoo (Online)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 boolean| credentialless string| Xeno function| $ function| jQuery object| bootstrap function| _0x233b35 function| _0x2ce7 function| _0x3a79 function| _0x1831 function| _0x1f0d object| _0xea5c function| waitForElm0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdnjs.cloudflare.com
ipfs.io
nextgen-error-gen-apiv3.us-south.cf.appdomain.cloud
s.yimg.com
stackpath.bootstrapcdn.com
www.w3schools.com
169.47.124.25
192.229.133.221
2602:fea2:2::1
2606:4700::6811:180e
2606:4700::6812:acf
2a00:1288:80:807::2
2a00:1450:4001:82f::200a
013798cbdc1e1cf24c4cd787b6d3d5add9b57dcd390c0043fc862d553e5ed967
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0fdefe26bac6a6b0b06fe67984582f887af70b7da25d6cb1b401f9074db58338
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
ab036ac5eb2d295205ef6563f7fb73667b23b26cc8ba72c1466bf374ccc60c12
c4f2aba13970ecf8303fb9329f97c8824861569273b0aa27acce48abc61d04f5
f388ef4e737ce78851cc77b5b64b83f51db50c513735ad9c46749f2dd304105b