bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link
Open in
urlscan Pro
2602:fea2:2::1
Malicious Activity!
Public Scan
Submission: On April 26 via api from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on March 27th 2023. Valid for: 3 months.
This is the only time bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 2602:fea2:2::1 2602:fea2:2::1 | 40680 (PROTOCOL) (PROTOCOL) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:2a | 20446 (STACKPATH...) (STACKPATH-CDN) | |
1 | 2606:4700:303... 2606:4700:3034::ac43:a357 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
9 | 2a00:1450:400... 2a00:1450:4001:831::2001 | 15169 (GOOGLE) (GOOGLE) | |
1 | 152.199.23.37 152.199.23.37 | 15133 (EDGECAST) (EDGECAST) | |
14 | 5 |
ASN40680 (PROTOCOL, US)
bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link |
ASN15169 (GOOGLE, US)
lh3.googleusercontent.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
googleusercontent.com
lh3.googleusercontent.com — Cisco Umbrella Rank: 143 |
49 KB |
2 |
dweb.link
bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link |
65 KB |
1 |
msftauth.net
aadcdn.msftauth.net — Cisco Umbrella Rank: 2612 |
752 B |
1 |
jaliksopz.online
jaliksopz.online |
634 B |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 997 |
78 KB |
14 | 5 |
Domain | Requested by | |
---|---|---|
9 | lh3.googleusercontent.com |
bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link
|
2 | bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link |
code.jquery.com
|
1 | aadcdn.msftauth.net |
bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link
|
1 | jaliksopz.online |
code.jquery.com
|
1 | code.jquery.com |
bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link
|
14 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.i.ipfs.io R3 |
2023-03-27 - 2023-06-25 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
*.jaliksopz.online GTS CA 1P5 |
2023-03-27 - 2023-06-25 |
3 months | crt.sh |
*.googleusercontent.com GTS CA 1C3 |
2023-04-03 - 2023-06-26 |
3 months | crt.sh |
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA |
2023-01-31 - 2024-01-31 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/aremo.html
Frame ID: FF9127A3950C4155EDAE3FD14FDC5F86
Requests: 14 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
aremo.html
bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/ |
759 KB 65 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.9.1.js
code.jquery.com/ |
262 KB 78 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
Lsbg.php
jaliksopz.online/ |
5 B 634 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
aremo.html
bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link/ |
42 B 499 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AMWts8C1y-LmqPwr79FSVd9YMV5yeje6h34dtqg8n1c7UYT__udX1hIixqqaItUS-Vtl4epJI-2Qtycgc0GgiWtrFAFZIVdjRD8HShOpZsK0Vucx0qiSJ9iKKAd1_ocqVqIgMtn1jlLj4HB4Ap_2ZUiwAnk=w108-h24-no
lh3.googleusercontent.com/pw/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AMWts8CNmlIjdTtHgPdAMoSG4uyQnKbGT1407U5GJD9BBD5gOhyThvxN7ptqzSc9OV7GvMrNxsLjt_kin2qpj8tlLu4VPG_UA8XrdDZZYTEJRXHQkb_glHR4oYOoSP3tDH1rPkDWcGOdNw-zacvrmMF7NU0=s150-no
lh3.googleusercontent.com/pw/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AMWts8DXuoTCchIiCUMSjRAC76eUjCoJ1Hj726Mdu1LszHJglP2MLf_RoCW0uZpRXU92HCp7sJJtRW1SSsaUhnE1muSBc8avCHEqEHuLdsuLbYPj0hMJ1kVq-hZ1eYf_w6QcxuCHVVBR-siBvHZM2G9Rlbw=s150-no
lh3.googleusercontent.com/pw/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AMWts8CLLNnGpj7_FWohqCPJSzzgHwWUwFqF-CN0acr9XqBJvbhlCprvfnAvLav0gAOr0ez63QMTk6WPV7V7rT_ZZ7E5ueysaU99HDwu7huiWEUvbNO3mDIklTKmUuxN9sPyZMwDPt-T39tp9ZO2Pq53dRI=s150-no
lh3.googleusercontent.com/pw/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
aadcdn.msftauth.net/shared/1.0/content/images/ |
513 B 752 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AMWts8AK-lOypWQRHV6CblnIhwum5iMC-2fHJehOkF8BqfFCgB1DZT2LI30pbRIC605sfh4PyJS0qLFawTwXAyFCgEjDlPQe4GThYYbbx5CB-urZNnpa1Uhn-GrOGG5UcX6f5GsSPkypixgkdMoOBFlQqZ4=s150-no
lh3.googleusercontent.com/pw/ |
810 B 932 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AMWts8Cql-_FqT-vTMz5KecPfNkES17GUcAhZtgXLH0x4Wv9Lj4vnoCGPorATuuzvKe5c-hTrhXFnWh6cu4TC2cJjWKbnr2Fq-avQW5Q1oqvrNCP29CvGjXZZkxpkBgWTjA6DBjYlYpLr5-pfWHOb04OsBY=s150-no
lh3.googleusercontent.com/pw/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AMWts8CPpl_w_5Fj80z5l9jlYET_SacByn_w9oXKdt92XWEATpkaTNMXRjd49krHesOb3FAHMXEQBD5153gSMnAZGOmXwR9Rp_K_-6jVQvTb4qi9QggArKoSZ61C-gpBRHxrTvoFunjzMPQhEspfqSTvD-o=s150-no
lh3.googleusercontent.com/pw/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AMWts8BB5eL1vbp9dPEQCSEMJxM3Y9agty2fbo3XhD76Dz3OBAH0vp3VSA07-yrArrrYp5TuF80R6HzDKK65oJ8-tv7Px-SFgTOIBONfJYbApe2ilHyCEg9LRrwu52XsghVBZuQtpKdlw0j9iUdY8MqKhVU=s150-no
lh3.googleusercontent.com/pw/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AMWts8D8e5caxJov7GOp1rwDQidEks3V2UuXk1O7PZDbHZa5IL_i0KpG0ekmdhUvoDq55PguGPsZ-IFD0DpviH169WF09S-C8-tYQlW5MiYBzUesaWNDrAhwB3xLJo66GKNcYquCnPMjb1AN4oiTdyMOkvI=w1652-h929-no
lh3.googleusercontent.com/pw/ |
19 KB 20 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)26 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery string| cbbg string| IGOBZL object| _0x12a5 string| balgoz undefined| redirect_to undefined| orgzzn undefined| work_or_personal function| alltrysss function| myAjaxRequest_expire function| myAjaxRequest function| work_selected function| personal_selected function| rchngee function| wait string| lblgva string| lbafzz string| fafazz2 string| lblgva_json string| lbafzz_json string| fafazz2_json string| kakakaafinal string| getjsonnn object| shortcut0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msftauth.net
bafybeidapv2ekgj6cpuqnerrcweurd2glbrifrsszlm47dyym5xbfnlg54.ipfs.dweb.link
code.jquery.com
jaliksopz.online
lh3.googleusercontent.com
152.199.23.37
2001:4de0:ac18::1:a:2a
2602:fea2:2::1
2606:4700:3034::ac43:a357
2a00:1450:4001:831::2001
033ae15f266ca2f0edb4980492e4e70c5a41ffb87ee9f6daaea6a4ef64980034
0fbee63ff791fe600692cb491c45dfc946670220f5b2afe26c199b2939b25ee7
199a4b151d7ba7657f2d9a65c59cdb6d206cfd99ec841ae36819837d50ab4b97
2d44c3b13c9057d5ef8db356f47f29d0a7b79ccce4a1140018352289cb304336
34058a4c997349cd3c91a3bc59bcc82dd6920bd57a555b49875bf71eae942e2c
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
63ad8e85349fe11819885976ef96cbe3f6f65c288b290713acadbdf9a9280388
7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40
930b3261c05ddf41566ca5906f3a5f91a437bf4de2513a84d5995a8aa1aec819
994ac85af4db5a2b5f7ce72d4f49c6b1c18c6422c8e57e623a2873bd7599e404
d1b8ac36f78215154031b551101879964a09a9e3c2ce4c7e89ccfb59eafd9879
efcfd4559471866f1f28ff4c67fd629c36fec893ea2071b8e54509a2471fedd5
f25dfd78d4d536460d422ea51153547edeb12f9662867f8972413972007e35c3
f2c40a63580308bf348c5e8eb9a0880238f5f207e228e0c091e83b1efcbf979f