urlscan.io logo urlscan.io
SecurityTrails logo

ipfs.io Open in urlscan Pro
2602:fea2:2::1  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://shp.zone/owa
Effective URL: https://ipfs.io/ipfs/QmbX9NrB3umCP2ALKtuVrw1a6xHq8BFCkqsVmJFf4VdEDY?filename=owa-5aed1bace14ae2.html
Submission Tags: @phish_report
Submission: On August 31 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 4 HTTP transactions. The main IP is 2602:fea2:2::1, located in United States and belongs to PROTOCOL, US. The main domain is ipfs.io. The Cisco Umbrella rank of the primary domain is 59463.
TLS certificate: Issued by R3 on August 26th 2023. Valid for: 3 months.
This is the only time ipfs.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook Web Access (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 3 2602:fea2:2::1 40680 (PROTOCOL)
1 41.185.8.245 36943 (ZA-1-Grid)
1 2400:52e0:1e0... 200325 (BUNNYCDN)
4 4
Apex Domain
Subdomains		 Transfer
3 ipfs.io
ipfs.io — Cisco Umbrella Rank: 59463
33 KB
1 ipfs.tech
ipfs.tech — Cisco Umbrella Rank: 175743
1 narisi.sbs
narisi.sbs
9 KB
1 shp.zone
shp.zone
493 B
4 4
Domain Requested by
3 ipfs.io 1 redirects ipfs.io
1 ipfs.tech ipfs.io
1 narisi.sbs ipfs.io
1 shp.zone 1 redirects
4 4

This site contains no links.

Subject Issuer Validity Valid
dweb.link
R3		 2023-08-26 -
2023-11-24		 3 months crt.sh
narisi.sbs
cPanel, Inc. Certification Authority		 2023-08-26 -
2023-11-24		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://ipfs.io/ipfs/QmbX9NrB3umCP2ALKtuVrw1a6xHq8BFCkqsVmJFf4VdEDY?filename=owa-5aed1bace14ae2.html
Frame ID: 867F5239819568545E8BFFECBD1D3E1D
Requests: 1 HTTP requests in this frame

Frame: https://ipfs.io/ipfs/Qmd4cB4MgbMXLHDaq5DwtvSFXiPvDwuLPrBujshM1Lm3Gy?filename=owa.html
Frame ID: F4BEC3B986014AA1C0D8B6FBCFE593B4
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Outlook

Page URL History Show full URLs

  1. https://shp.zone/owa HTTP 302
    https://ipfs.io/ipfs/QmbX9NrB3umCP2ALKtuVrw1a6xHq8BFCkqsVmJFf4VdEDY?filename=owa-5aed1bace14... Page URL

Page Statistics

4
Requests

75 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

42 kB
Transfer

135 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://shp.zone/owa HTTP 302
    https://ipfs.io/ipfs/QmbX9NrB3umCP2ALKtuVrw1a6xHq8BFCkqsVmJFf4VdEDY?filename=owa-5aed1bace14ae2.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7
  • https://ipfs.io/owa/auth/15.2.1258/themes/resources/segoeui-regular.ttf HTTP 301
  • https://ipfs.tech/owa/auth/15.2.1258/themes/resources/segoeui-regular.ttf

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request QmbX9NrB3umCP2ALKtuVrw1a6xHq8BFCkqsVmJFf4VdEDY
ipfs.io/ipfs/
Redirect Chain
  • https://shp.zone/owa
  • https://ipfs.io/ipfs/QmbX9NrB3umCP2ALKtuVrw1a6xHq8BFCkqsVmJFf4VdEDY?filename=owa-5aed1bace14ae2.html
13 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ipfs.io/ipfs/QmbX9NrB3umCP2ALKtuVrw1a6xHq8BFCkqsVmJFf4VdEDY?filename=owa-5aed1bace14ae2.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
openresty /
Resource Hash
c8e92ec57793cfdea2a723dc2541728e07fa4b95b3020247e176fa0a7de88e75
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

access-control-allow-headers
X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
access-control-allow-methods
GET HEAD OPTIONS GET, POST, OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Range, X-Chunked-Output, X-Stream-Output
cache-control
public, max-age=29030400, immutable
content-disposition
inline; filename="owa-5aed1bace14ae2.html"; filename*=UTF-8''owa-5aed1bace14ae2.html
content-encoding
gzip
content-type
text/html
date
Thu, 31 Aug 2023 08:45:49 GMT
etag
W/"QmbX9NrB3umCP2ALKtuVrw1a6xHq8BFCkqsVmJFf4VdEDY"
server
openresty
strict-transport-security
max-age=31536000; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
x-bfid
58776f60571328ea8a5869a0cb17b161
x-ipfs-datasize
13023
x-ipfs-gateway-host
ipfs-bank13-am6
x-ipfs-lb-pop
gateway-bank1-am6
x-ipfs-path
/ipfs/QmbX9NrB3umCP2ALKtuVrw1a6xHq8BFCkqsVmJFf4VdEDY
x-ipfs-pop
ipfs-bank13-am6
x-ipfs-roots
QmbX9NrB3umCP2ALKtuVrw1a6xHq8BFCkqsVmJFf4VdEDY
x-proxy-cache
HIT

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7ff3ffdaaedc0b51-OSL
content-type
text/html; charset=UTF-8
date
Thu, 31 Aug 2023 08:45:49 GMT
location
https://ipfs.io/ipfs/QmbX9NrB3umCP2ALKtuVrw1a6xHq8BFCkqsVmJFf4VdEDY?filename=owa-5aed1bace14ae2.html
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uqa1f9NAQtMLgKlp2kXfqzX311kF0BccJG9E1xiFaY2gZ2tnTKO8ys%2Beyhh1w84Z4PUw9uPpCQ8uUqHVaSTCi2Uk8NUNuF13dbQpbx6dmViJ0pZ5AvhHax34nsqkcZLXEgHh97%2Bskw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
Qmd4cB4MgbMXLHDaq5DwtvSFXiPvDwuLPrBujshM1Lm3Gy
ipfs.io/ipfs/ Frame F4BE 		97 KB
29 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ipfs.io/ipfs/Qmd4cB4MgbMXLHDaq5DwtvSFXiPvDwuLPrBujshM1Lm3Gy?filename=owa.html
Requested by
Host: ipfs.io
URL: https://ipfs.io/ipfs/QmbX9NrB3umCP2ALKtuVrw1a6xHq8BFCkqsVmJFf4VdEDY?filename=owa-5aed1bace14ae2.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
openresty /
Resource Hash
ea67e22422ad1de046f12899766403507e71369a64ac0975ed86936be2635b37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://ipfs.io/ipfs/QmbX9NrB3umCP2ALKtuVrw1a6xHq8BFCkqsVmJFf4VdEDY?filename=owa-5aed1bace14ae2.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

access-control-allow-headers
X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
access-control-allow-methods
GET HEAD OPTIONS GET, POST, OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Range, X-Chunked-Output, X-Stream-Output
cache-control
public, max-age=29030400, immutable
content-disposition
inline; filename="owa.html"; filename*=UTF-8''owa.html
content-encoding
gzip
content-type
text/html
date
Thu, 31 Aug 2023 08:45:49 GMT
etag
W/"Qmd4cB4MgbMXLHDaq5DwtvSFXiPvDwuLPrBujshM1Lm3Gy"
server
openresty
strict-transport-security
max-age=31536000; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
x-bfid
1bb76c82e1ae8293a759e709ade1c74b
x-ipfs-datasize
99068
x-ipfs-gateway-host
ipfs-bank14-am6
x-ipfs-lb-pop
gateway-bank1-am6
x-ipfs-path
/ipfs/Qmd4cB4MgbMXLHDaq5DwtvSFXiPvDwuLPrBujshM1Lm3Gy
x-ipfs-pop
ipfs-bank14-am6
x-ipfs-roots
Qmd4cB4MgbMXLHDaq5DwtvSFXiPvDwuLPrBujshM1Lm3Gy
x-proxy-cache
MISS
truncated
/ Frame F4BE 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame F4BE 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4de8fc175826d9f78fce9f9f2b71a63fe832fc7507e0394125c823b0909fa54a

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame F4BE 		8 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a7c14ee84d81a536a4cd54e3a144f388f2174a4a5c409ae118ea49f0da6b4aa6

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type
image/png
sign_in.jpg
narisi.sbs/cgibin/ Frame F4BE 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://narisi.sbs/cgibin/sign_in.jpg
Requested by
Host: ipfs.io
URL: https://ipfs.io/ipfs/Qmd4cB4MgbMXLHDaq5DwtvSFXiPvDwuLPrBujshM1Lm3Gy?filename=owa.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
41.185.8.245 , South Africa, ASN36943 (ZA-1-Grid, ZA),
Reverse DNS
srv52.hostserv.co.za
Software
nginx /
Resource Hash
8a176c0c89d32bdc76d745495de025ba1182af6de0224488bec1c12f02b77d3b

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://ipfs.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Thu, 31 Aug 2023 08:45:52 GMT
last-modified
Wed, 01 Apr 2020 21:48:26 GMT
server
nginx
content-type
image/jpeg
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
9331
expires
Thu, 07 Sep 2023 08:45:52 GMT
truncated
/ Frame F4BE 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame F4BE 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6710ee6e22d5e3e82f70554804806c37aac5789b110d944383ea393d93eb627a

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type
image/png
segoeui-regular.ttf
ipfs.tech/owa/auth/15.2.1258/themes/resources/ Frame F4BE
Redirect Chain
  • https://ipfs.io/owa/auth/15.2.1258/themes/resources/segoeui-regular.ttf
  • https://ipfs.tech/owa/auth/15.2.1258/themes/resources/segoeui-regular.ttf
0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://ipfs.tech/owa/auth/15.2.1258/themes/resources/segoeui-regular.ttf
Requested by
Host: ipfs.io
URL: https://ipfs.io/ipfs/Qmd4cB4MgbMXLHDaq5DwtvSFXiPvDwuLPrBujshM1Lm3Gy?filename=owa.html
Protocol
H2
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://ipfs.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
58
cdn-pullzone
1567618
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
vary
Accept-Encoding
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
text/html
access-control-allow-origin
*
cdn-cache
EXPIRED
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=10, stale-while-revalidate=600
x-ipfs-path
/ipfs/bafybeia6i7gndozfnyrechtvu375ijeyniqm6d7o6ztklurjpogcfpj7v4/owa/auth/15.2.1258/themes/resources/segoeui-regular.ttf
cdn-requestcountrycode
FI
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
expires
Thu, 31 Aug 2023 12:45:50 GMT
date
Thu, 31 Aug 2023 08:45:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
1082
cdn-cachedat
08/31/2023 08:45:50
x-xss-protection
0
x-request-id
522f91baac668641a362ed6fef6e34ec
server
BunnyCDN-DE1-1080
cdn-requestpullcode
404
access-control-max-age
86400
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
cdn-requestid
c053846a7c9a6f7fa8f6dc7a992b24b6
cf-ray
7ff3ffe57c842a59-CDG
cdn-status
404
cdn-requestpullsuccess
True

Redirect headers

date
Thu, 31 Aug 2023 08:45:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
server
openresty
x-ipfs-lb-pop
gateway-bank1-am6
x-bfid
d2d3f5bac698a947be8d96cae52ad52d
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://ipfs.tech/owa/auth/15.2.1258/themes/resources/segoeui-regular.ttf
access-control-allow-origin
*
access-control-expose-headers
Content-Range, X-Chunked-Output, X-Stream-Output
access-control-allow-headers
X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
content-length
166

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook Web Access (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture

1 Cookies

Domain/Path Name / Value
ipfs.io/ipfs Name: cookieTest
Value: 1

1 Console Messages

Source Level URL
Text
network error URL: https://ipfs.tech/owa/auth/15.2.1258/themes/resources/segoeui-regular.ttf
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload