urlscan.io logo urlscan.io
SecurityTrails logo

ipfs.io Open in urlscan Pro
209.94.90.1  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://ipfs.io/ipfs/bafybeih4wwljr3lg6fxunpfgmjpqlwhihybtxvvbn5wesic6ii6wdjizfm/eso.com.mk.htm
Submission: On June 26 via manual from MX — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 4 HTTP transactions. The main IP is 209.94.90.1, located in United States and belongs to PROTOCOL, US. The main domain is ipfs.io. The Cisco Umbrella rank of the primary domain is 87085.
TLS certificate: Issued by WE1 on June 14th 2024. Valid for: 3 months.
This is the only time ipfs.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

IP Address AS Autonomous System
1 209.94.90.1 40680 (PROTOCOL)
3 91.203.226.10 204991 (AVSELECTR...)
4 2
Apex Domain
Subdomains		 Transfer
3 avselectro.ru
mail.avselectro.ru
17 KB
1 ipfs.io
ipfs.io — Cisco Umbrella Rank: 87085
5 KB
4 2
Domain Requested by
3 mail.avselectro.ru ipfs.io
mail.avselectro.ru
1 ipfs.io
4 2

This site contains links to these domains. Also see Links.

Domain
www.zimbra.com
blog.zimbra.com
wiki.zimbra.com
Subject Issuer Validity Valid
ipfs.io
WE1		 2024-06-14 -
2024-09-12		 3 months crt.sh
*.avselectro.ru
R3		 2024-05-17 -
2024-08-15		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://ipfs.io/ipfs/bafybeih4wwljr3lg6fxunpfgmjpqlwhihybtxvvbn5wesic6ii6wdjizfm/eso.com.mk.htm
Frame ID: 181838695C24FC47605F97C00FAF76BA
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Zimbra Web Client Sign In

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

22 kB
Transfer

75 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request eso.com.mk.htm
ipfs.io/ipfs/bafybeih4wwljr3lg6fxunpfgmjpqlwhihybtxvvbn5wesic6ii6wdjizfm/ 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ipfs.io/ipfs/bafybeih4wwljr3lg6fxunpfgmjpqlwhihybtxvvbn5wesic6ii6wdjizfm/eso.com.mk.htm
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.94.90.1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ceac845e76b99edc20c6738e8327a8f472542b209cdf895d991b984d010de3b4

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-headers
Content-Type Range User-Agent X-Requested-With
access-control-allow-methods
GET HEAD OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
age
5466333
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=29030400, immutable
cf-cache-status
HIT
cf-ray
899950105d041e0c-FRA
content-encoding
br
content-type
text/html
date
Wed, 26 Jun 2024 01:09:35 GMT
server
cloudflare
vary
Accept-Encoding
x-ipfs-path
/ipfs/bafybeih4wwljr3lg6fxunpfgmjpqlwhihybtxvvbn5wesic6ii6wdjizfm/eso.com.mk.htm
x-ipfs-pop
rainbow-fr2-01
x-ipfs-roots
bafybeih4wwljr3lg6fxunpfgmjpqlwhihybtxvvbn5wesic6ii6wdjizfm,Qmea7wjzsvtmX9Bk37XBFHhZmvLLcRzQhoxb4hN9amcWAY
common,login,zhtml,skin.css
mail.avselectro.ru/css/ 		58 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://mail.avselectro.ru/css/common,login,zhtml,skin.css?skin=harmony&v=220324083352
Requested by
Host: ipfs.io
URL: https://ipfs.io/ipfs/bafybeih4wwljr3lg6fxunpfgmjpqlwhihybtxvvbn5wesic6ii6wdjizfm/eso.com.mk.htm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.203.226.10 , Russian Federation, ASN204991 (AVSELECTRO-AS, RU),
Reverse DNS
mail.avselectro.ru
Software
/
Resource Hash
bb645b01a6b888d0b6314543bc51f480a3591630c9082bd3ea2c8f161a7e10ee
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://ipfs.io/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 26 Jun 2024 01:09:35 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Vary
User-Agent, Accept-Encoding
Cache-Control
public, max-age=2595600
Expires
Fri, 26 Jul 2024 02:09:35 GMT
LoginBanner_white.png
mail.avselectro.ru/skins/_base/logos/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mail.avselectro.ru/skins/_base/logos/LoginBanner_white.png?v=220324083352
Requested by
Host: mail.avselectro.ru
URL: https://mail.avselectro.ru/css/common,login,zhtml,skin.css?skin=harmony&v=220324083352
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.203.226.10 , Russian Federation, ASN204991 (AVSELECTRO-AS, RU),
Reverse DNS
mail.avselectro.ru
Software
/
Resource Hash
8db258b55ceabeb5c9c8bf41f59a2743c579cfcee58c34cacc945ad9c01d6ef1
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://mail.avselectro.ru/css/common,login,zhtml,skin.css?skin=harmony&v=220324083352
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 26 Jun 2024 01:09:35 GMT
Last-Modified
Tue, 28 Feb 2017 20:13:10 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
public, max-age=2595600
Accept-Ranges
bytes
Content-Length
3299
Expires
Fri, 26 Jul 2024 02:09:35 GMT
favicon.ico
mail.avselectro.ru/img/logo/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://mail.avselectro.ru/img/logo/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.203.226.10 , Russian Federation, ASN204991 (AVSELECTRO-AS, RU),
Reverse DNS
mail.avselectro.ru
Software
/
Resource Hash
1afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://ipfs.io/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 26 Jun 2024 01:09:35 GMT
Last-Modified
Tue, 28 Feb 2017 20:13:10 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/x-icon
Cache-Control
public, max-age=2595600
Accept-Ranges
bytes
Content-Length
1150
Expires
Fri, 26 Jul 2024 02:09:35 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage function| ZmSkin object| link function| clientChange function| showWhatsThis function| forgotPassword function| onLoad function| BaseSkin object| skin

0 Cookies