ipfs.io Open in urlscan Pro
2602:fea2:2::1 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://diellzehoxha.repl.co/#dQk?cb=5Se1&VfDbGdT4R4ErD54tR1DtR=metalsales&moD=lQB&wE657UyRfVtO=signode.com&jG=lUREc
Effective URL:
https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/?pYhJEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6z...
Submission: On July 24 via manual (July 24th 2023, 4:11:35 am UTC) from US — Scanned from DE

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 9 HTTP transactions. The main IP is 2602:fea2:2::1, located in United States and belongs to PROTOCOL, US. The main domain is ipfs.io. The Cisco Umbrella rank of the primary domain is 58217.
TLS certificate: Issued by R3 on June 11th 2023. Valid for: 3 months.

This is the only time ipfs.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Excel / PDF download (Online)

Domain & IP information

	IP Address	AS Autonomous System
2	35.186.245.55 35.186.245.55	15169 (GOOGLE) (GOOGLE)
1 7	2602:fea2:2::1 2602:fea2:2::1	40680 (PROTOCOL) (PROTOCOL)
1	2a02:4780:dea... 2a02:4780:dead:8b5::1	204915 (AWEX) (AWEX)
9	4

2 35.186.245.55 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 55.245.186.35.bc.googleusercontent.com

diellzehoxha.repl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2602:fea2:2::1 (United States) 1 redirects

ASN40680 (PROTOCOL, US)

ipfs.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:4780:dead:8b5::1 (United States)

ASN204915 (AWEX, CY)

windowofoppo.000webhostapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	ipfs.io 1 redirects ipfs.io — Cisco Umbrella Rank: 58217	103 KB
2	repl.co diellzehoxha.repl.co	7 KB
1	000webhostapp.com windowofoppo.000webhostapp.com	243 B
9	3

	Domain	Requested by
7	ipfs.io	1 redirects diellzehoxha.repl.co ipfs.io
2	diellzehoxha.repl.co	diellzehoxha.repl.co
1	windowofoppo.000webhostapp.com	ipfs.io
9	3

This site contains no links.

Subject Issuer	Validity	Valid
repl.co GTS CA 1P5	`2023-06-22` - `2023-09-20`	3 months	crt.sh
dweb.link R3	`2023-06-11` - `2023-09-09`	3 months	crt.sh
*.000webhostapp.com RapidSSL TLS RSA CA G1	`2023-07-11` - `2024-08-10`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/?pYhJEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J=mEsRzEcDvfGbtHYRve&trexxx=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&trexxcoz=signode.com&6574RGYEVD56YRH43RF32R4T35GGH53T4G5TR234TH6474RHUEGTINJRBRHUEGTR8OLIUK3EWF86JGTHY57UJ68IU76Y44TGE3T5Y4TH53T=4R35THRYRFT4R3Tb86KUJTYRHsPizePEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&coztrexx=metalsales&wfIUbh=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J
Frame ID: 2A956CEB83F82BFF6D89744507442CCB
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to view Sheet

Page URL History Show full URLs

https://diellzehoxha.repl.co/ Page URL
https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep?pYhJEJQ0kaQmYAV5GKpsJemf... HTTP 301
https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/?pYhJEJQ0kaQmYAV5GKpsJem... Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

109 kB
Transfer

422 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://diellzehoxha.repl.co/ Page URL
https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep?pYhJEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J=mEsRzEcDvfGbtHYRve&trexxx=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&trexxcoz=signode.com&6574RGYEVD56YRH43RF32R4T35GGH53T4G5TR234TH6474RHUEGTINJRBRHUEGTR8OLIUK3EWF86JGTHY57UJ68IU76Y44TGE3T5Y4TH53T=4R35THRYRFT4R3Tb86KUJTYRHsPizePEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&coztrexx=metalsales&wfIUbh=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J HTTP 301
https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/?pYhJEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J=mEsRzEcDvfGbtHYRve&trexxx=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&trexxcoz=signode.com&6574RGYEVD56YRH43RF32R4T35GGH53T4G5TR234TH6474RHUEGTINJRBRHUEGTR8OLIUK3EWF86JGTHY57UJ68IU76Y44TGE3T5Y4TH53T=4R35THRYRFT4R3Tb86KUJTYRHsPizePEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&coztrexx=metalsales&wfIUbh=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
diellzehoxha.repl.co/ 7 KB
7 KB 956ms
404ms Document
text/html 35.186.245.55
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://diellzehoxha.repl.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.245.55 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

55.245.186.35.bc.googleusercontent.com

Software

Resource Hash

06842e0664d4e1338b575fd07075f0b1a3c72795d4a7e7e1a11948461f8525a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=5060198; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
content-length: 6748
content-type: text/html; charset=utf-8
date: Mon, 24 Jul 2023 04:11:30 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=5060198; includeSubDomains

GET
H2 404 jQuery.js
diellzehoxha.repl.co/ 0
0 211ms
210ms Script
text/html 35.186.245.55
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://diellzehoxha.repl.co/jQuery.js

Requested by

Host: diellzehoxha.repl.co
URL: https://diellzehoxha.repl.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.245.55 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

55.245.186.35.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=5060198; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://diellzehoxha.repl.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=5060198; includeSubDomains
date: Mon, 24 Jul 2023 04:11:30 GMT
replit-cluster: global
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
content-type: text/html; charset=utf-8

GET
H2

200

Primary Request / Show response
ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/
Redirect Chain

https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep?pYhJEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J...
https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/?pYhJEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30...

237 KB
58 KB

85ms
85ms

Document
text/html

2602:fea2:2::1
PROTOCOL

General

Check archive.org

Show headers Download Go to

Full URL

https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/?pYhJEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J=mEsRzEcDvfGbtHYRve&trexxx=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&trexxcoz=signode.com&6574RGYEVD56YRH43RF32R4T35GGH53T4G5TR234TH6474RHUEGTINJRBRHUEGTR8OLIUK3EWF86JGTHY57UJ68IU76Y44TGE3T5Y4TH53T=4R35THRYRFT4R3Tb86KUJTYRHsPizePEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&coztrexx=metalsales&wfIUbh=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J

Requested by

Host: diellzehoxha.repl.co
URL: https://diellzehoxha.repl.co/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US),

Reverse DNS

Software

openresty /

Resource Hash

e69a26c74077b9817a585d2835f4d91218f1fb1635b88bb3811f35f7db16964d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://diellzehoxha.repl.co/#dQk?cb=5Se1&VfDbGdT4R4ErD54tR1DtR=metalsales&moD=lQB&wE657UyRfVtO=signode.com&jG=lUREc
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
access-control-allow-methods: GET GET, POST, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output
cache-control: public, max-age=29030400, immutable
content-encoding: gzip
content-type: text/html
date: Mon, 24 Jul 2023 04:11:30 GMT
etag: W/"QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep"
server: openresty
strict-transport-security: max-age=31536000; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
x-bfid: 1748a902a282f383a932871f40f24f55
x-ipfs-datasize: 242632
x-ipfs-gateway-host: ipfs-bank3-fr2
x-ipfs-lb-pop: gateway-bank3-fr2
x-ipfs-path: /ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/
x-ipfs-pop: ipfs-bank3-fr2
x-ipfs-roots: QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep
x-proxy-cache: MISS

Redirect headers

access-control-allow-headers: X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
access-control-allow-methods: GET GET, POST, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output
content-length: 829
content-type: text/html; charset=utf-8
date: Mon, 24 Jul 2023 04:11:30 GMT
location: /ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/?pYhJEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J=mEsRzEcDvfGbtHYRve&trexxx=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&trexxcoz=signode.com&6574RGYEVD56YRH43RF32R4T35GGH53T4G5TR234TH6474RHUEGTINJRBRHUEGTR8OLIUK3EWF86JGTHY57UJ68IU76Y44TGE3T5Y4TH53T=4R35THRYRFT4R3Tb86KUJTYRHsPizePEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&coztrexx=metalsales&wfIUbh=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J
server: openresty
strict-transport-security: max-age=31536000; includeSubDomains; preload
timing-allow-origin: *
x-bfid: 5e458f05492918bb7774813bc8f1a6ee
x-ipfs-datasize: 829
x-ipfs-gateway-host: ipfs-bank10-fr2
x-ipfs-lb-pop: gateway-bank3-fr2
x-ipfs-path: /ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep
x-ipfs-pop: ipfs-bank10-fr2
x-ipfs-roots: QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep
x-proxy-cache: MISS

GET
H2 200 font-awesome.min.css
ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/index_files/ 30 KB
8 KB 41ms
41ms Stylesheet
text/css 2602:fea2:2::1
PROTOCOL

General

Check archive.org

Show headers Download Go to

Full URL

https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/index_files/font-awesome.min.css

Requested by

Host: ipfs.io
URL: https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/?pYhJEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J=mEsRzEcDvfGbtHYRve&trexxx=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&trexxcoz=signode.com&6574RGYEVD56YRH43RF32R4T35GGH53T4G5TR234TH6474RHUEGTINJRBRHUEGTR8OLIUK3EWF86JGTHY57UJ68IU76Y44TGE3T5Y4TH53T=4R35THRYRFT4R3Tb86KUJTYRHsPizePEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&coztrexx=metalsales&wfIUbh=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US),

Reverse DNS

Software

openresty /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/?pYhJEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J=mEsRzEcDvfGbtHYRve&trexxx=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&trexxcoz=signode.com&6574RGYEVD56YRH43RF32R4T35GGH53T4G5TR234TH6474RHUEGTINJRBRHUEGTR8OLIUK3EWF86JGTHY57UJ68IU76Y44TGE3T5Y4TH53T=4R35THRYRFT4R3Tb86KUJTYRHsPizePEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&coztrexx=metalsales&wfIUbh=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 04:11:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-ipfs-datasize: 31000
x-ipfs-gateway-host: ipfs-bank4-fr2
x-ipfs-pop: ipfs-bank4-fr2
server: openresty
x-ipfs-lb-pop: gateway-bank3-fr2
x-ipfs-roots: QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep,QmYtNZe3r1aZoh8pSwPQjPeJUmZTXY2v63jZdmEMD4Kbpn,QmPsUxV3Ystg1HUiRfqwrraGFjh5KEnMJywxwjEVXnMoBr
etag: W/"QmPsUxV3Ystg1HUiRfqwrraGFjh5KEnMJywxwjEVXnMoBr"
vary: Accept-Encoding
access-control-allow-methods: GET, GET, POST, OPTIONS
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output
cache-control: public, max-age=29030400, immutable
x-ipfs-path: /ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/index_files/font-awesome.min.css
x-bfid: 27d1e13c9b669a022a6fbaa4655c0d72
timing-allow-origin: *
access-control-allow-headers: X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
x-proxy-cache: HIT

GET
H2 200 jquery.min.js.download Show response
ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/index_files/ 87 KB
31 KB 43ms
43ms Script
text/plain 2602:fea2:2::1
PROTOCOL

General

Check archive.org

Show headers Download Go to

Full URL

https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/index_files/jquery.min.js.download

Requested by

Host: diellzehoxha.repl.co
URL: https://diellzehoxha.repl.co/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US),

Reverse DNS

Software

openresty /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/?pYhJEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J=mEsRzEcDvfGbtHYRve&trexxx=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&trexxcoz=signode.com&6574RGYEVD56YRH43RF32R4T35GGH53T4G5TR234TH6474RHUEGTINJRBRHUEGTR8OLIUK3EWF86JGTHY57UJ68IU76Y44TGE3T5Y4TH53T=4R35THRYRFT4R3Tb86KUJTYRHsPizePEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&coztrexx=metalsales&wfIUbh=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 04:11:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-ipfs-datasize: 89501
x-ipfs-gateway-host: ipfs-bank16-fr2
x-ipfs-pop: ipfs-bank16-fr2
server: openresty
x-ipfs-lb-pop: gateway-bank3-fr2
x-ipfs-roots: QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep,QmYtNZe3r1aZoh8pSwPQjPeJUmZTXY2v63jZdmEMD4Kbpn,QmNkWKjTSf67aXVS214sySFE8r82Le4NLLorTwTCWCLKRK
etag: W/"QmNkWKjTSf67aXVS214sySFE8r82Le4NLLorTwTCWCLKRK"
vary: Accept-Encoding
access-control-allow-methods: GET, GET, POST, OPTIONS
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output
cache-control: public, max-age=29030400, immutable
x-ipfs-path: /ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/index_files/jquery.min.js.download
x-bfid: adcfd299d6bfe6be0b0bfd4eb26d896b
timing-allow-origin: *
access-control-allow-headers: X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
x-proxy-cache: HIT

GET
H2 200 js.js Show response
ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/ 6 KB
2 KB 43ms
43ms Script
text/javascript 2602:fea2:2::1
PROTOCOL

General

Check archive.org

Show headers Download Go to

Full URL

https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/js.js

Requested by

Host: diellzehoxha.repl.co
URL: https://diellzehoxha.repl.co/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US),

Reverse DNS

Software

openresty /

Resource Hash

04db54a384df5dbdb0409de04bf301a8c5b70a5db13613e6fb83d72d6d4d5265

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/?pYhJEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J=mEsRzEcDvfGbtHYRve&trexxx=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&trexxcoz=signode.com&6574RGYEVD56YRH43RF32R4T35GGH53T4G5TR234TH6474RHUEGTINJRBRHUEGTR8OLIUK3EWF86JGTHY57UJ68IU76Y44TGE3T5Y4TH53T=4R35THRYRFT4R3Tb86KUJTYRHsPizePEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&coztrexx=metalsales&wfIUbh=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 04:11:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-ipfs-datasize: 6427
x-ipfs-gateway-host: ipfs-bank6-fr2
x-ipfs-pop: ipfs-bank6-fr2
server: openresty
x-ipfs-lb-pop: gateway-bank3-fr2
x-ipfs-roots: QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep,QmeMrXFjxxZjRXmY6SP6jPcuYKPk5AiyJLRVBfw1P1KdHX
etag: W/"QmeMrXFjxxZjRXmY6SP6jPcuYKPk5AiyJLRVBfw1P1KdHX"
vary: Accept-Encoding
access-control-allow-methods: GET, GET, POST, OPTIONS
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output
cache-control: public, max-age=29030400, immutable
x-ipfs-path: /ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/js.js
x-bfid: 90bfcaa3fc45dfba634d3007248b88b6
timing-allow-origin: *
access-control-allow-headers: X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
x-proxy-cache: HIT

GET
H2 200 jg.js Show response
ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/ 959 B
1 KB 43ms
43ms Script
text/javascript 2602:fea2:2::1
PROTOCOL

General

Check archive.org

Show headers Download Go to

Full URL

https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/jg.js

Requested by

Host: diellzehoxha.repl.co
URL: https://diellzehoxha.repl.co/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US),

Reverse DNS

Software

openresty /

Resource Hash

974818f8ced5c6a513c63f968a1227ea921ccfbb52c2a0ad92bd059793862086

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/?pYhJEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J=mEsRzEcDvfGbtHYRve&trexxx=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&trexxcoz=signode.com&6574RGYEVD56YRH43RF32R4T35GGH53T4G5TR234TH6474RHUEGTINJRBRHUEGTR8OLIUK3EWF86JGTHY57UJ68IU76Y44TGE3T5Y4TH53T=4R35THRYRFT4R3Tb86KUJTYRHsPizePEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&coztrexx=metalsales&wfIUbh=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 04:11:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-ipfs-datasize: 959
x-ipfs-gateway-host: ipfs-bank12-fr2
x-ipfs-pop: ipfs-bank12-fr2
server: openresty
x-ipfs-lb-pop: gateway-bank3-fr2
x-ipfs-roots: QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep,QmXjPSTGRFbTGGHG8694v7SxJh5HqzuRFN6zsmTyYmpD8D
etag: W/"QmXjPSTGRFbTGGHG8694v7SxJh5HqzuRFN6zsmTyYmpD8D"
vary: Accept-Encoding
access-control-allow-methods: GET, GET, POST, OPTIONS
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output
cache-control: public, max-age=29030400, immutable
x-ipfs-path: /ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/jg.js
x-bfid: 0c42a82403d7697509f51446cac27528
timing-allow-origin: *
access-control-allow-headers: X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
x-proxy-cache: HIT

GET
H2 200 js1.js Show response
ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/ 2 KB
1 KB 44ms
43ms Script
text/javascript 2602:fea2:2::1
PROTOCOL

General

Check archive.org

Show headers Download Go to

Full URL

https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/js1.js

Requested by

Host: diellzehoxha.repl.co
URL: https://diellzehoxha.repl.co/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US),

Reverse DNS

Software

openresty /

Resource Hash

8409aca4ad247e3576e8274e7cdb5628532fc5b40b34f60b19cb4d5eb7baef5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/?pYhJEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J=mEsRzEcDvfGbtHYRve&trexxx=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&trexxcoz=signode.com&6574RGYEVD56YRH43RF32R4T35GGH53T4G5TR234TH6474RHUEGTINJRBRHUEGTR8OLIUK3EWF86JGTHY57UJ68IU76Y44TGE3T5Y4TH53T=4R35THRYRFT4R3Tb86KUJTYRHsPizePEJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J&coztrexx=metalsales&wfIUbh=EJQ0kaQmYAV5GKpsJemfmNHSWNqwb7KRXMi7T6zkSek3QX1VMP9unRYhpPrJuDFnP8joDe5rQQozON1gxutVzhDh0jUmZQG6LGvhh2CTk8At5rzuGaIAOQyirx30J
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 24 Jul 2023 04:11:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-ipfs-datasize: 2021
x-ipfs-gateway-host: ipfs-bank16-fr2
x-ipfs-pop: ipfs-bank16-fr2
server: openresty
x-ipfs-lb-pop: gateway-bank3-fr2
x-ipfs-roots: QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep,QmSaHqtSvcTNZuZGFjwZUpkufXC35pGWQF2UWZ1DVmxurG
etag: W/"QmSaHqtSvcTNZuZGFjwZUpkufXC35pGWQF2UWZ1DVmxurG"
vary: Accept-Encoding
access-control-allow-methods: GET, GET, POST, OPTIONS
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output
cache-control: public, max-age=29030400, immutable
x-ipfs-path: /ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/js1.js
x-bfid: 44f7fa2adec85d17d8b8109d1a5fe84e
timing-allow-origin: *
access-control-allow-headers: X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
x-proxy-cache: HIT

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 670135ea781e340c8a0a1643f57704614ee1fbdb6481cac2cdf1a3ca93df6f01

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4fd62c68ab5f0bebdd169cd66d6370c1b370435f4fc64cc6785f712053801d9e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a70d22195d5e13b8e3710b8a2bf6d0abe00af005314a16d5849aea7698560209

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 chkdsk.php Show response
windowofoppo.000webhostapp.com/ 17 B
243 B 464ms
137ms XHR
text/html 2a02:4780:dead:8b5::1
AWEX

General

Check archive.org

Show headers Download Go to

Full URL

https://windowofoppo.000webhostapp.com/chkdsk.php

Requested by

Host: ipfs.io
URL: https://ipfs.io/ipfs/QmaoUTySgdmcSYsaSdnUiRCQxo5rJsjt1qejdX6dqELrep/index_files/jquery.min.js.download

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:4780:dead:8b5::1 , United States, ASN204915 (AWEX, CY),

Reverse DNS

Software

awex /

Resource Hash

4e17a9c5bfc4998daf931d9c5fe88a8702a8ae65be78cde986f3d127c7a296d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://ipfs.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Mon, 24 Jul 2023 04:11:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: awex
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
x-xss-protection: 1; mode=block
x-request-id: 02220ac1282e195e4d41f57cf47e3972

GET
DATA 200
OK truncated
/ 36 KB
0 Image
image/jpg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e803c2ab6d5998cb9da1b9e6653330c33918f9eb5046286647d725dbf40ff27

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/jpg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Excel / PDF download (Online)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://diellzehoxha.repl.co/jQuery.js Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=5060198; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

diellzehoxha.repl.co
ipfs.io
windowofoppo.000webhostapp.com
2602:fea2:2::1
2a02:4780:dead:8b5::1
35.186.245.55
04db54a384df5dbdb0409de04bf301a8c5b70a5db13613e6fb83d72d6d4d5265
06842e0664d4e1338b575fd07075f0b1a3c72795d4a7e7e1a11948461f8525a4
4e17a9c5bfc4998daf931d9c5fe88a8702a8ae65be78cde986f3d127c7a296d8
4e803c2ab6d5998cb9da1b9e6653330c33918f9eb5046286647d725dbf40ff27
4fd62c68ab5f0bebdd169cd66d6370c1b370435f4fc64cc6785f712053801d9e
670135ea781e340c8a0a1643f57704614ee1fbdb6481cac2cdf1a3ca93df6f01
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
8409aca4ad247e3576e8274e7cdb5628532fc5b40b34f60b19cb4d5eb7baef5d
974818f8ced5c6a513c63f968a1227ea921ccfbb52c2a0ad92bd059793862086
a70d22195d5e13b8e3710b8a2bf6d0abe00af005314a16d5849aea7698560209
e69a26c74077b9817a585d2835f4d91218f1fb1635b88bb3811f35f7db16964d
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

ipfs.io Open in urlscan Pro 2602:fea2:2::1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

4 IPs

1 Countries

109 kBTransfer

422 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

0 Cookies

1 Console Messages

Security Headers

Indicators

ipfs.io Open in urlscan Pro
2602:fea2:2::1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

109 kB
Transfer

422 kB
Size

0
Cookies

9 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!