ipfs.io
Open in
urlscan Pro
2602:fea2:2::1
Malicious Activity!
Public Scan
Effective URL: https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/?pYhJEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6z...
Submission: On July 24 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on June 11th 2023. Valid for: 3 months.
This is the only time ipfs.io was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Excel / PDF download (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 35.186.245.55 35.186.245.55 | 15169 (GOOGLE) (GOOGLE) | |
1 7 | 2602:fea2:2::1 2602:fea2:2::1 | 40680 (PROTOCOL) (PROTOCOL) | |
1 | 2a02:4780:dea... 2a02:4780:dead:8b5::1 | 204915 (AWEX) (AWEX) | |
9 | 4 |
ASN15169 (GOOGLE, US)
PTR: 55.245.186.35.bc.googleusercontent.com
diellzehoxha.repl.co |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
ipfs.io
1 redirects
ipfs.io — Cisco Umbrella Rank: 58217 |
103 KB |
2 |
repl.co
diellzehoxha.repl.co |
7 KB |
1 |
000webhostapp.com
windowofoppo.000webhostapp.com |
243 B |
9 | 3 |
Domain | Requested by | |
---|---|---|
7 | ipfs.io |
1 redirects
diellzehoxha.repl.co
ipfs.io |
2 | diellzehoxha.repl.co |
diellzehoxha.repl.co
|
1 | windowofoppo.000webhostapp.com |
ipfs.io
|
9 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
repl.co GTS CA 1P5 |
2023-06-22 - 2023-09-20 |
3 months | crt.sh |
dweb.link R3 |
2023-06-11 - 2023-09-09 |
3 months | crt.sh |
*.000webhostapp.com RapidSSL TLS RSA CA G1 |
2023-07-11 - 2024-08-10 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/?pYhJEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J=mEsRzEcDvfGbtHYRve&trexxx=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&trexxcoz=signode.com&6574RGYEVD56YRH43RF32R4T35GGH53T4G5TR234TH6474RHUEGTINJRBRHUEGTR8OLIUK3EWF86JGTHY57UJ68IU76Y44TGE3T5Y4TH53T=4R35THRYRFT4R3Tb86KUJTYRHsPizePEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&coztrexx=metalsales&wfIUbh=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J
Frame ID: 2A956CEB83F82BFF6D89744507442CCB
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
Sign in to view SheetPage URL History Show full URLs
- https://diellzehoxha.repl.co/ Page URL
-
https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep?pYhJEJQ0kaQmYAV5GKpsJemf...
HTTP 301
https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/?pYhJEJQ0kaQmYAV5GKpsJem... Page URL
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://diellzehoxha.repl.co/ Page URL
-
https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep?pYhJEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J=mEsRzEcDvfGbtHYRve&trexxx=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&trexxcoz=signode.com&6574RGYEVD56YRH43RF32R4T35GGH53T4G5TR234TH6474RHUEGTINJRBRHUEGTR8OLIUK3EWF86JGTHY57UJ68IU76Y44TGE3T5Y4TH53T=4R35THRYRFT4R3Tb86KUJTYRHsPizePEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&coztrexx=metalsales&wfIUbh=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J
HTTP 301
https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/?pYhJEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J=mEsRzEcDvfGbtHYRve&trexxx=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&trexxcoz=signode.com&6574RGYEVD56YRH43RF32R4T35GGH53T4G5TR234TH6474RHUEGTINJRBRHUEGTR8OLIUK3EWF86JGTHY57UJ68IU76Y44TGE3T5Y4TH53T=4R35THRYRFT4R3Tb86KUJTYRHsPizePEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&coztrexx=metalsales&wfIUbh=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
diellzehoxha.repl.co/ |
7 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jQuery.js
diellzehoxha.repl.co/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/ Redirect Chain
|
237 KB 58 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/index_files/ |
30 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js.download
ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/index_files/ |
87 KB 31 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js.js
ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/ |
6 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jg.js
ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/ |
959 B 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js1.js
ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/ |
2 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
chkdsk.php
windowofoppo.000webhostapp.com/ |
17 B 243 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
36 KB 0 |
Image
image/jpg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Excel / PDF download (Online)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| _$_e459 function| mary object| _$_d21a object| _$_5207 string| domain string| newPageTitle0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=5060198; includeSubDomains |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
diellzehoxha.repl.co
ipfs.io
windowofoppo.000webhostapp.com
2602:fea2:2::1
2a02:4780:dead:8b5::1
35.186.245.55
04db54a384df5dbdb0409de04bf301a8c5b70a5db13613e6fb83d72d6d4d5265
06842e0664d4e1338b575fd07075f0b1a3c72795d4a7e7e1a11948461f8525a4
4e17a9c5bfc4998daf931d9c5fe88a8702a8ae65be78cde986f3d127c7a296d8
4e803c2ab6d5998cb9da1b9e6653330c33918f9eb5046286647d725dbf40ff27
4fd62c68ab5f0bebdd169cd66d6370c1b370435f4fc64cc6785f712053801d9e
670135ea781e340c8a0a1643f57704614ee1fbdb6481cac2cdf1a3ca93df6f01
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
8409aca4ad247e3576e8274e7cdb5628532fc5b40b34f60b19cb4d5eb7baef5d
974818f8ced5c6a513c63f968a1227ea921ccfbb52c2a0ad92bd059793862086
a70d22195d5e13b8e3710b8a2bf6d0abe00af005314a16d5849aea7698560209
e69a26c74077b9817a585d2835f4d91218f1fb1635b88bb3811f35f7db16964d
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e