bafybeicjy7mtnytmvrc4ts3ob3xeg2xne5rz35jqx2lf7teydaugoqd42m.ipfs.dweb.link Open in urlscan Pro
2602:fea2:2::1  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	3mail@b.c Show response market.easytanga.com/tsi-/Product-/media/	0 491 B	1134ms 718ms	Document text/html	41.185.64.21 ZA-1-Grid
General Check archive.org Show headers Download Go to Full URL https://market.easytanga.com/tsi-/Product-/media/3mail@b.c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 41.185.64.21 , South Africa, ASN36943 (ZA-1-Grid, ZA), Reverse DNS act16-cvps01.hostserv.co.za Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-length 0 content-type text/html; charset=UTF-8 date Sun, 04 Jun 2023 13:13:30 GMT refresh 0;url=https://bafybeicjy7mtnytmvrc4ts3ob3xeg2xne5rz35jqx2lf7teydaugoqd42m.ipfs.dweb.link?alt=media&token=1b81a229-bd05-40e1-b6ff-cc50f3b500d3&yMWbPptEkmvL1IcFN59YzZhw4JsqxfQOiDTlRuGSBVa3Cnoe70=CybvOkUHAnmvRIzcwmDzW7o1Y2e9GGEjwop04pqelMkdJlaTsFFQ7u5CiKQxqfSZt5nhIUgY3PSfLcHE6M8hBKdNra6g0PVjOX31&email=3mail@b.c&TqbiUJ4WvqoNBHTrUlxjV1JEZYad8eYhhXb9udAQx1s6LI8RmGI7fm9L5S0AyPyVpo2cKPtitgwCRONcMsprEWCD0O5M6jQeaukH server nginx
GET H2	200	Primary Request / Show response bafybeicjy7mtnytmvrc4ts3ob3xeg2xne5rz35jqx2lf7teydaugoqd42m.ipfs.dweb.link/	32 KB 3 KB	643ms 574ms	Document text/html	2602:fea2:2::1 PROTOCOL
General Check archive.org Show headers Download Go to Full URL https://bafybeicjy7mtnytmvrc4ts3ob3xeg2xne5rz35jqx2lf7teydaugoqd42m.ipfs.dweb.link/?alt=media&token=1b81a229-bd05-40e1-b6ff-cc50f3b500d3&yMWbPptEkmvL1IcFN59YzZhw4JsqxfQOiDTlRuGSBVa3Cnoe70=CybvOkUHAnmvRIzcwmDzW7o1Y2e9GGEjwop04pqelMkdJlaTsFFQ7u5CiKQxqfSZt5nhIUgY3PSfLcHE6M8hBKdNra6g0PVjOX31&email=3mail@b.c&TqbiUJ4WvqoNBHTrUlxjV1JEZYad8eYhhXb9udAQx1s6LI8RmGI7fm9L5S0AyPyVpo2cKPtitgwCRONcMsprEWCD0O5M6jQeaukH Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US), Reverse DNS Software openresty / Resource Hash 12e15b6f30c8d579cef786bc68e60823c4255114b9fd319b14852ea0a645b41a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://market.easytanga.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-headers X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output access-control-allow-methods GET GET, POST, OPTIONS access-control-allow-origin * access-control-expose-headers Content-Range, X-Chunked-Output, X-Stream-Output cache-control public, max-age=29030400, immutable content-encoding gzip content-type text/html date Sun, 04 Jun 2023 13:13:31 GMT etag W/"bafybeicjy7mtnytmvrc4ts3ob3xeg2xne5rz35jqx2lf7teydaugoqd42m" server openresty strict-transport-security max-age=31536000; includeSubDomains; preload timing-allow-origin * vary Accept-Encoding x-ipfs-gateway-host ipfs-bank1-fr2 x-ipfs-lb-pop gateway-bank2-fr2 x-ipfs-path /ipfs/bafybeicjy7mtnytmvrc4ts3ob3xeg2xne5rz35jqx2lf7teydaugoqd42m/ x-ipfs-pop ipfs-bank1-fr2 x-ipfs-roots bafybeicjy7mtnytmvrc4ts3ob3xeg2xne5rz35jqx2lf7teydaugoqd42m x-proxy-cache MISS
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/3.5.1/	87 KB 31 KB	69ms 20ms	Script text/javascript	2a00:1450:4001:82a::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js Requested by Host: market.easytanga.com URL: https://market.easytanga.com/tsi-/Product-/media/3mail@b.c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://bafybeicjy7mtnytmvrc4ts3ob3xeg2xne5rz35jqx2lf7teydaugoqd42m.ipfs.dweb.link/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Sun, 04 Jun 2023 12:16:36 GMT content-encoding gzip x-content-type-options nosniff age 3415 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 31021 x-xss-protection 0 last-modified Fri, 08 May 2020 07:05:03 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Mon, 03 Jun 2024 12:16:36 GMT
GET H2	200	pin.js Show response acmpymes.es/wp-content/uploads/2015/03/	109 KB 11 KB	168ms 21ms	Script application/javascript	141.95.126.89 OVH
General Check archive.org Show headers Download Go to Full URL https://acmpymes.es/wp-content/uploads/2015/03/pin.js?qzNVgZ9wJW={base64email}&EepB6TE5vPoyBr1=d2hvc2VuZG1lMTAwMDAwMEB5YW5kZXguY29tLCBuZXRzb2wyMkB5YW5kZXgucnUsIG5ldHNvbDIyQHlhbmRleC5jb20sIGZvcndhcmRvdmVydG9tZWtpbmczNjBAZ21haWwuY29t Requested by Host: market.easytanga.com URL: https://market.easytanga.com/tsi-/Product-/media/3mail@b.c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 141.95.126.89 , France, ASN16276 (OVH, FR), Reverse DNS s593.fra6.mysecurecloudhost.com Software LiteSpeed / Resource Hash 1a158d8d921e11619b58d7e752a3d31f922edec21a7bdc32b40923290cbce4f8 Request headers Referer https://bafybeicjy7mtnytmvrc4ts3ob3xeg2xne5rz35jqx2lf7teydaugoqd42m.ipfs.dweb.link/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Sun, 04 Jun 2023 13:13:31 GMT content-encoding br last-modified Tue, 30 May 2023 15:10:57 GMT server LiteSpeed vary Accept-Encoding,User-Agent content-type application/javascript cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 10958 expires Sun, 11 Jun 2023 13:13:31 GMT
GET H2	200	loading.gif i.ibb.co/rs11WVg/	3 KB 3 KB	111ms 31ms	Image image/gif	162.19.58.158 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://i.ibb.co/rs11WVg/loading.gif Requested by Host: bafybeicjy7mtnytmvrc4ts3ob3xeg2xne5rz35jqx2lf7teydaugoqd42m.ipfs.dweb.link URL: https://bafybeicjy7mtnytmvrc4ts3ob3xeg2xne5rz35jqx2lf7teydaugoqd42m.ipfs.dweb.link/?alt=media&token=1b81a229-bd05-40e1-b6ff-cc50f3b500d3&yMWbPptEkmvL1IcFN59YzZhw4JsqxfQOiDTlRuGSBVa3Cnoe70=CybvOkUHAnmvRIzcwmDzW7o1Y2e9GGEjwop04pqelMkdJlaTsFFQ7u5CiKQxqfSZt5nhIUgY3PSfLcHE6M8hBKdNra6g0PVjOX31&email=3mail@b.c&TqbiUJ4WvqoNBHTrUlxjV1JEZYad8eYhhXb9udAQx1s6LI8RmGI7fm9L5S0AyPyVpo2cKPtitgwCRONcMsprEWCD0O5M6jQeaukH Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.19.58.158 , France, ASN16276 (OVH, FR), Reverse DNS ns3096590.ip-162-19-58.eu Software nginx / Resource Hash a32558a8e67bd48e551fb110df2607d396d314c296e277a76d32e0fcce3624af Request headers accept-language de-DE,de;q=0.9 Referer https://bafybeicjy7mtnytmvrc4ts3ob3xeg2xne5rz35jqx2lf7teydaugoqd42m.ipfs.dweb.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Sun, 04 Jun 2023 13:13:31 GMT last-modified Fri, 02 Oct 2020 09:10:16 GMT server nginx access-control-allow-methods GET, OPTIONS content-type image/gif access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 2754 expires Thu, 31 Dec 2037 23:55:55 GMT
POST H2	200	Submittest.php Show response schseels.com/	324 B 369 B	1236ms 868ms	XHR text/html	162.213.255.79 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://schseels.com/Submittest.php Requested by Host: ajax.googleapis.com URL: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.213.255.79 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server283-1.web-hosting.com Software LiteSpeed / PHP/7.4.33 Resource Hash ae7e93f6f34339359b15172b6427014ab919bb747cb9e18cf9ea231ed338be38 Request headers Accept */* Referer https://bafybeicjy7mtnytmvrc4ts3ob3xeg2xne5rz35jqx2lf7teydaugoqd42m.ipfs.dweb.link/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers date Sun, 04 Jun 2023 13:13:32 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.4.33 vary Accept-Encoding content-type text/html; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=0 x-turbo-charged-by LiteSpeed content-length 147 expires Sun, 04 Jun 2023 13:13:32 GMT
POST H2	200	Submittest.php Show response schseels.com/	92 B 302 B	1274ms 911ms	XHR text/html	162.213.255.79 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://schseels.com/Submittest.php Requested by Host: ajax.googleapis.com URL: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.213.255.79 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server283-1.web-hosting.com Software LiteSpeed / PHP/7.4.33 Resource Hash 8993b782889d400f6cd705cdecd00b82ef748d8d88d7efa7380022dbf594509d Request headers Accept text/html, */*; q=0.01 Referer https://bafybeicjy7mtnytmvrc4ts3ob3xeg2xne5rz35jqx2lf7teydaugoqd42m.ipfs.dweb.link/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers date Sun, 04 Jun 2023 13:13:32 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.4.33 vary Accept-Encoding content-type text/html; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=0 x-turbo-charged-by LiteSpeed content-length 82 expires Sun, 04 Jun 2023 13:13:32 GMT
POST H2	200	Submittest.php Show response schseels.com/	151 B 305 B	1861ms 1861ms	XHR text/html	162.213.255.79 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://schseels.com/Submittest.php Requested by Host: ajax.googleapis.com URL: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.213.255.79 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server283-1.web-hosting.com Software LiteSpeed / PHP/7.4.33 Resource Hash 12f4e8565ffa1e69fb674b0ea253a61f1bef2bb20e56ecd8b2c2fa9407489e6b Request headers Accept */* Referer https://bafybeicjy7mtnytmvrc4ts3ob3xeg2xne5rz35jqx2lf7teydaugoqd42m.ipfs.dweb.link/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers date Sun, 04 Jun 2023 13:13:34 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.4.33 vary Accept-Encoding content-type text/html; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=0 x-turbo-charged-by LiteSpeed content-length 85 expires Sun, 04 Jun 2023 13:13:34 GMT
GET H2	200	download_35.jpeg www.central-uh-edu.com/api/pics/	277 KB 277 KB	172ms 70ms	Image image/jpeg	162.0.217.17 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://www.central-uh-edu.com/api/pics/download_35.jpeg Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.0.217.17 Amsterdam, Netherlands, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server307-2.web-hosting.com Software LiteSpeed / Resource Hash 211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb Request headers accept-language de-DE,de;q=0.9 Referer https://bafybeicjy7mtnytmvrc4ts3ob3xeg2xne5rz35jqx2lf7teydaugoqd42m.ipfs.dweb.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Sun, 04 Jun 2023 13:13:33 GMT last-modified Tue, 02 Aug 2022 20:40:02 GMT server LiteSpeed content-type image/jpeg cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 283351 expires Sun, 11 Jun 2023 13:13:33 GMT
GET H2	200	download02.png www.central-uh-edu.com/api/pics/	1 KB 1 KB	143ms 41ms	Image image/png	162.0.217.17 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://www.central-uh-edu.com/api/pics/download02.png Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.0.217.17 Amsterdam, Netherlands, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server307-2.web-hosting.com Software LiteSpeed / Resource Hash f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c Request headers accept-language de-DE,de;q=0.9 Referer https://bafybeicjy7mtnytmvrc4ts3ob3xeg2xne5rz35jqx2lf7teydaugoqd42m.ipfs.dweb.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers date Sun, 04 Jun 2023 13:13:33 GMT last-modified Tue, 02 Aug 2022 20:40:02 GMT server LiteSpeed content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 1057 expires Sun, 11 Jun 2023 13:13:33 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

37 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend function| MI8 function| RPL891 function| oiuyt function| $ function| jQuery object| _0xca41 function| makeid function| getScriptName function| createElementHtml function| CHTMLElement function| cvalide function| CreateHtml function| errorshow function| clear function| ssetbrand function| setbrand function| Passcheck function| checkofficemeial function| GetIMG function| getUrlVars function| submit function| ReplaT string| qqr object| qjson object| body object| imported function| sendDataP function| displayDate object| displayName object| pdiv object| codediv object| Codemsg object| codeinput object| passwinput

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	(Line 4) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 4) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 4) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://acmpymes.es/wp-content/uploads/2015/03/pin.js?qzNVgZ9wJW={base64email}&EepB6TE5vPoyBr1=d2hvc2VuZG1lMTAwMDAwMEB5YW5kZXguY29tLCBuZXRzb2wyMkB5YW5kZXgucnUsIG5ldHNvbDIyQHlhbmRleC5jb20sIGZvcndhcmRvdmVydG9tZWtpbmczNjBAZ21haWwuY29t, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acmpymes.es
ajax.googleapis.com
bafybeicjy7mtnytmvrc4ts3ob3xeg2xne5rz35jqx2lf7teydaugoqd42m.ipfs.dweb.link
i.ibb.co
market.easytanga.com
schseels.com
www.central-uh-edu.com
141.95.126.89
162.0.217.17
162.19.58.158
162.213.255.79
2602:fea2:2::1
2a00:1450:4001:82a::200a
41.185.64.21
12e15b6f30c8d579cef786bc68e60823c4255114b9fd319b14852ea0a645b41a
12f4e8565ffa1e69fb674b0ea253a61f1bef2bb20e56ecd8b2c2fa9407489e6b
1a158d8d921e11619b58d7e752a3d31f922edec21a7bdc32b40923290cbce4f8
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb
8993b782889d400f6cd705cdecd00b82ef748d8d88d7efa7380022dbf594509d
a32558a8e67bd48e551fb110df2607d396d314c296e277a76d32e0fcce3624af
ae7e93f6f34339359b15172b6427014ab919bb747cb9e18cf9ea231ed338be38
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d