fleek.ipfs.io
Open in
urlscan Pro
2602:fea2:2::1
Malicious Activity!
Public Scan
Effective URL: https://fleek.ipfs.io/ipfs/bafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy/ow_enc.html
Submission: On May 03 via api from PT — Scanned from DE
Summary
TLS certificate: Issued by R3 on March 27th 2023. Valid for: 3 months.
This is the only time fleek.ipfs.io was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Outlook Web Access (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 2606:4700::68... 2606:4700::6812:cb1 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 3 | 154.53.48.92 154.53.48.92 | 40021 (CONTABO) (CONTABO) | |
2 | 2602:fea2:2::1 2602:fea2:2::1 | 40680 (PROTOCOL) (PROTOCOL) | |
4 | 4 |
ASN40021 (CONTABO, US)
PTR: usds1.centohost.com
www.abrafi.com.br |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
abrafi.com.br
2 redirects
www.abrafi.com.br |
3 KB |
2 |
ipfs.io
fleek.ipfs.io |
46 KB |
2 |
hubspotlinks.com
1 redirects
d4fplv04.na1.hubspotlinks.com — Cisco Umbrella Rank: 541052 |
4 KB |
4 | 3 |
Domain | Requested by | |
---|---|---|
3 | www.abrafi.com.br |
2 redirects
d4fplv04.na1.hubspotlinks.com
|
2 | fleek.ipfs.io |
fleek.ipfs.io
|
2 | d4fplv04.na1.hubspotlinks.com | 1 redirects |
4 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
hubspotlinks.com Cloudflare Inc ECC CA-3 |
2023-04-17 - 2024-04-16 |
a year | crt.sh |
*.i.ipfs.io R3 |
2023-03-27 - 2023-06-25 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://fleek.ipfs.io/ipfs/bafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy/ow_enc.html
Frame ID: 074DD08B1D87669EE1C095F05216496C
Requests: 9 HTTP requests in this frame
Screenshot
Page Title
OutlookPage URL History Show full URLs
- https://d4fplv04.na1.hubspotlinks.com/Ctc/I9+113/d4FPLv04/VWGBV98hj0ZlW5-_PXG2SqvTPW3cF4jk4-3ZC6N3mxJ6p96_8_V7Wycr... Page URL
-
https://d4fplv04.na1.hubspotlinks.com/events/public/v1/encoded/track/tc/I9+113/d4FPLv04/VWGBV98hj0ZlW5-_PXG2SqvTPW...
HTTP 307
http://www.abrafi.com.br/banner/redirect.php?bid=124&banner_hash=196ec07deb17039611fe77f13d3885403e15... Page URL
-
http://www.abrafi.com.br/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=13731697
HTTP 302
http://www.abrafi.com.br/banner/redirect.php?bid=124&banner_hash=196ec07deb17039611fe77f13d3885403e15... HTTP 302
https://fleek.ipfs.io/ipfs/bafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy/ow_enc.html Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://d4fplv04.na1.hubspotlinks.com/Ctc/I9+113/d4FPLv04/VWGBV98hj0ZlW5-_PXG2SqvTPW3cF4jk4-3ZC6N3mxJ6p96_8_V7Wycr7CgQbBW4TT8V44d3yM0Vlq-w328RkWjW7nfpR64sFZL7W5X8BqQ17yZLrW1VvmLr4FPT3mW3yhcnw1LhJG7N8xC2KBfhDTZVs-jzt5wnJx4W6fYxzd5t9sTFVCtGr35tSbfzW2xvlBh84GkGzW1z9JFq2Qz00NW72V9Ly3pCPZ8W7HmHL75xb-Q0W80bcx46-b_HRW3Fvt-c1Hkz-HW4ywRld309np5W2kvh009b1W_MVxpRhc7X8vbRW6xVGT08Vt7QSW8-sHjb97CP0DW79cV5Z74QHzzW4fYCzz7h9BRpW3mkyhP65-gfZW72_2fP3g1sPLW1X8x-T4wxMWwW7cm6Sh9kb_rBW951hNj33_tKnV8VV3_92X7SzVdBrT88N-dSKW7PZzh_7PZX4ZW3ld5nB7yK4GMVHH0Yz7fkVbdW2mLPfG6f6JcZW99vHGl59NpRrW1r7yg363mjgLW2pFLDm3FM6wfW9g53P53xQl2_W5h97x57LKYKxW2FfMsf3r58P-Vx3Jxw4KbRhJW6RTSrq718-8ZW6tJJwC3VCDtkW2dtD768nWjSMW1D3zKp6LWD2bW1S4Mqy3S0t4gW6HLcN34HLLsLW4bfb7b1C312DW4bcpm43qHvJ-W5pwZFt57c9GbW7_wKMH2hkRpqW1bcXqv5fPj0nW64GSfy67j_4bW6hX1Sl7TPpCKW99TH6G2G7h5yW2LH8jq4zdW3fW4n61TH1RQZmvW7Bk4Zw22W8JCW5ccNHL8Bd2YqW2cLsmb4K2cR1W3zjJGk747tTBW2tvCxP8BvDqbVLSCqM5gxgrbVrNm0q7zQRk0N6s6hs2hdrvMW6Sv7Mk63nSSMW18J86N84hL9XN2x58M6BMspLW19k1kJ8_rC3RVdRjQc1s6GzP31G61 Page URL
-
https://d4fplv04.na1.hubspotlinks.com/events/public/v1/encoded/track/tc/I9+113/d4FPLv04/VWGBV98hj0ZlW5-_PXG2SqvTPW3cF4jk4-3ZC6N3mxJ6p96_8_V7Wycr7CgQbBW4TT8V44d3yM0Vlq-w328RkWjW7nfpR64sFZL7W5X8BqQ17yZLrW1VvmLr4FPT3mW3yhcnw1LhJG7N8xC2KBfhDTZVs-jzt5wnJx4W6fYxzd5t9sTFVCtGr35tSbfzW2xvlBh84GkGzW1z9JFq2Qz00NW72V9Ly3pCPZ8W7HmHL75xb-Q0W80bcx46-b_HRW3Fvt-c1Hkz-HW4ywRld309np5W2kvh009b1W_MVxpRhc7X8vbRW6xVGT08Vt7QSW8-sHjb97CP0DW79cV5Z74QHzzW4fYCzz7h9BRpW3mkyhP65-gfZW72_2fP3g1sPLW1X8x-T4wxMWwW7cm6Sh9kb_rBW951hNj33_tKnV8VV3_92X7SzVdBrT88N-dSKW7PZzh_7PZX4ZW3ld5nB7yK4GMVHH0Yz7fkVbdW2mLPfG6f6JcZW99vHGl59NpRrW1r7yg363mjgLW2pFLDm3FM6wfW9g53P53xQl2_W5h97x57LKYKxW2FfMsf3r58P-Vx3Jxw4KbRhJW6RTSrq718-8ZW6tJJwC3VCDtkW2dtD768nWjSMW1D3zKp6LWD2bW1S4Mqy3S0t4gW6HLcN34HLLsLW4bfb7b1C312DW4bcpm43qHvJ-W5pwZFt57c9GbW7_wKMH2hkRpqW1bcXqv5fPj0nW64GSfy67j_4bW6hX1Sl7TPpCKW99TH6G2G7h5yW2LH8jq4zdW3fW4n61TH1RQZmvW7Bk4Zw22W8JCW5ccNHL8Bd2YqW2cLsmb4K2cR1W3zjJGk747tTBW2tvCxP8BvDqbVLSCqM5gxgrbVrNm0q7zQRk0N6s6hs2hdrvMW6Sv7Mk63nSSMW18J86N84hL9XN2x58M6BMspLW19k1kJ8_rC3RVdRjQc1s6GzP31G61?_ud=6c38155d-a6b7-4917-9ad6-2b8ff8799ef2&_jss=1&_fl=8&_pl=3&_hc=4&_lg=en-US,en&_plt=Win32&_scr=1600,1200
HTTP 307
http://www.abrafi.com.br/banner/redirect.php?bid=124&banner_hash=196ec07deb17039611fe77f13d3885403e151cd1ba6ad9b7689bedacdfac29ef&jk=U3N2YxM2QzODg1X9ANSJA&url=https%3A%2F%2Ffleek.ipfs.io%2Fipfs%2Fbafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy%2Fow_enc.html&condition=redirect&verifybannerhash=MTk2ZWwN2RlYjE3MDM5NjExZmU3N2YxM2QzODg1NDAzZTE1MWNkMWJhNmFkOWI3Njg5YmVkYWNkZmFjMjllZiAgLQo%3D&utm_medium=email&_hsmi=256177445&_hsenc=p2ANqtz--QDW4Oh14GErB_SmPsp46SAyLm8rysGD9937Y23__-KJqAwijqZhW6d6MqJxfHSpQwDlzfGsZszVmGU55A_XpTLv9u6s5Mc7I2lsSNWAUq6E9RH-A&utm_source=hs_email Page URL
-
http://www.abrafi.com.br/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=13731697
HTTP 302
http://www.abrafi.com.br/banner/redirect.php?bid=124&banner_hash=196ec07deb17039611fe77f13d3885403e151cd1ba6ad9b7689bedacdfac29ef&jk=U3N2YxM2QzODg1X9ANSJA&url=https%3A%2F%2Ffleek.ipfs.io%2Fipfs%2Fbafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy%2Fow_enc.html&condition=redirect&verifybannerhash=MTk2ZWwN2RlYjE3MDM5NjExZmU3N2YxM2QzODg1NDAzZTE1MWNkMWJhNmFkOWI3Njg5YmVkYWNkZmFjMjllZiAgLQo%3D&utm_medium=email&_hsmi=256177445&_hsenc=p2ANqtz--QDW4Oh14GErB_SmPsp46SAyLm8rysGD9937Y23__-KJqAwijqZhW6d6MqJxfHSpQwDlzfGsZszVmGU55A_XpTLv9u6s5Mc7I2lsSNWAUq6E9RH-A&utm_source=hs_email HTTP 302
https://fleek.ipfs.io/ipfs/bafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy/ow_enc.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://d4fplv04.na1.hubspotlinks.com/events/public/v1/encoded/track/tc/I9+113/d4FPLv04/VWGBV98hj0ZlW5-_PXG2SqvTPW3cF4jk4-3ZC6N3mxJ6p96_8_V7Wycr7CgQbBW4TT8V44d3yM0Vlq-w328RkWjW7nfpR64sFZL7W5X8BqQ17yZLrW1VvmLr4FPT3mW3yhcnw1LhJG7N8xC2KBfhDTZVs-jzt5wnJx4W6fYxzd5t9sTFVCtGr35tSbfzW2xvlBh84GkGzW1z9JFq2Qz00NW72V9Ly3pCPZ8W7HmHL75xb-Q0W80bcx46-b_HRW3Fvt-c1Hkz-HW4ywRld309np5W2kvh009b1W_MVxpRhc7X8vbRW6xVGT08Vt7QSW8-sHjb97CP0DW79cV5Z74QHzzW4fYCzz7h9BRpW3mkyhP65-gfZW72_2fP3g1sPLW1X8x-T4wxMWwW7cm6Sh9kb_rBW951hNj33_tKnV8VV3_92X7SzVdBrT88N-dSKW7PZzh_7PZX4ZW3ld5nB7yK4GMVHH0Yz7fkVbdW2mLPfG6f6JcZW99vHGl59NpRrW1r7yg363mjgLW2pFLDm3FM6wfW9g53P53xQl2_W5h97x57LKYKxW2FfMsf3r58P-Vx3Jxw4KbRhJW6RTSrq718-8ZW6tJJwC3VCDtkW2dtD768nWjSMW1D3zKp6LWD2bW1S4Mqy3S0t4gW6HLcN34HLLsLW4bfb7b1C312DW4bcpm43qHvJ-W5pwZFt57c9GbW7_wKMH2hkRpqW1bcXqv5fPj0nW64GSfy67j_4bW6hX1Sl7TPpCKW99TH6G2G7h5yW2LH8jq4zdW3fW4n61TH1RQZmvW7Bk4Zw22W8JCW5ccNHL8Bd2YqW2cLsmb4K2cR1W3zjJGk747tTBW2tvCxP8BvDqbVLSCqM5gxgrbVrNm0q7zQRk0N6s6hs2hdrvMW6Sv7Mk63nSSMW18J86N84hL9XN2x58M6BMspLW19k1kJ8_rC3RVdRjQc1s6GzP31G61?_ud=6c38155d-a6b7-4917-9ad6-2b8ff8799ef2&_jss=1&_fl=8&_pl=3&_hc=4&_lg=en-US,en&_plt=Win32&_scr=1600,1200 HTTP 307
- http://www.abrafi.com.br/banner/redirect.php?bid=124&banner_hash=196ec07deb17039611fe77f13d3885403e151cd1ba6ad9b7689bedacdfac29ef&jk=U3N2YxM2QzODg1X9ANSJA&url=https%3A%2F%2Ffleek.ipfs.io%2Fipfs%2Fbafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy%2Fow_enc.html&condition=redirect&verifybannerhash=MTk2ZWwN2RlYjE3MDM5NjExZmU3N2YxM2QzODg1NDAzZTE1MWNkMWJhNmFkOWI3Njg5YmVkYWNkZmFjMjllZiAgLQo%3D&utm_medium=email&_hsmi=256177445&_hsenc=p2ANqtz--QDW4Oh14GErB_SmPsp46SAyLm8rysGD9937Y23__-KJqAwijqZhW6d6MqJxfHSpQwDlzfGsZszVmGU55A_XpTLv9u6s5Mc7I2lsSNWAUq6E9RH-A&utm_source=hs_email
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
VWGBV98hj0ZlW5-_PXG2SqvTPW3cF4jk4-3ZC6N3mxJ6p96_8_V7Wycr7CgQbBW4TT8V44d3yM0Vlq-w328RkWjW7nfpR64sFZL7W5X8BqQ17yZLrW1VvmLr4FPT3mW3yhcnw1LhJG7N8xC2KBfhDTZVs-jzt5wnJx4W6fYxzd5t9sTFVCtGr35tSbfzW2xvlBh84...
d4fplv04.na1.hubspotlinks.com/Ctc/I9+113/d4FPLv04/ |
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
redirect.php
www.abrafi.com.br/banner/ Redirect Chain
|
1 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
ow_enc.html
fleek.ipfs.io/ipfs/bafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy/ Redirect Chain
|
250 KB 46 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
8 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
segoeui-regular.ttf
fleek.ipfs.io/ipfs/bafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy/resources/ |
0 0 |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Outlook Web Access (Online)29 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless string| data function| html_encoder string| result function| initLogon function| redir function| shw function| hd function| clkSecExp function| kdSecExp function| clkSec function| clkBsc function| checkSubmit function| clkLgn function| clkRtry function| clkReLgn function| gbid function| IsOwaPremiumBrowser function| hres function| LogoffMime function| addPerfMarker object| mainLogonDiv boolean| showPlaceholderText string| mainLogonDivClassName function| setPlaceholderText function| showPasswordClick number| count function| submitForm function| convertToBase641 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.www.abrafi.com.br/ | Name: wschkid Value: bca2d8a94e2cc9f79c7cf8bd79e38cf05180ff15.1683192642.1 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
d4fplv04.na1.hubspotlinks.com
fleek.ipfs.io
www.abrafi.com.br
154.53.48.92
2602:fea2:2::1
2606:4700::6812:cb1
07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7
2530c765391604b5ccc924a81133e6c90733e25c94f017c311d2ede7f8192a42
4de8fc175826d9f78fce9f9f2b71a63fe832fc7507e0394125c823b0909fa54a
6710ee6e22d5e3e82f70554804806c37aac5789b110d944383ea393d93eb627a
a7c14ee84d81a536a4cd54e3a144f388f2174a4a5c409ae118ea49f0da6b4aa6
d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b