bafybeieqhgwp44nlwqb7iovw5sennksdn77vwm7fv2ozajlfdsrjawfkzq.ipfs.dweb.link
Open in
urlscan Pro
2602:fea2:2::1
Malicious Activity!
Public Scan
Effective URL: https://bafybeieqhgwp44nlwqb7iovw5sennksdn77vwm7fv2ozajlfdsrjawfkzq.ipfs.dweb.link/?alt=media&token=1b81a229-bd05-40e1-b6ff-cc50f3b500d3&bPn9k2mwVojDZ8HFLGp75YeX3SMB4rNxsityRcqCA0...
Submission: On April 26 via manual from IN — Scanned from JP
Summary
TLS certificate: Issued by R3 on March 27th 2023. Valid for: 3 months.
This is the only time bafybeieqhgwp44nlwqb7iovw5sennksdn77vwm7fv2ozajlfdsrjawfkzq.ipfs.dweb.link was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 119.245.144.179 119.245.144.179 | 2514 (INFOSPHER...) (INFOSPHERE NTT PC Communications) | |
1 | 2405:3f00:a22... 2405:3f00:a222:bbbb:bba1:2b:ffff:ffff | 38719 (DREAMSCAP...) (DREAMSCAPE-AS-AP Dreamscape Networks Limited) | |
1 | 2602:fea2:2::1 2602:fea2:2::1 | 40680 (PROTOCOL) (PROTOCOL) | |
1 | 2404:6800:400... 2404:6800:4004:825::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 213.227.130.171 213.227.130.171 | 60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands) | |
1 | 162.213.255.79 162.213.255.79 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 | 172.96.160.210 172.96.160.210 | 23470 (RELIABLESITE) (RELIABLESITE) | |
1 | 141.95.126.89 141.95.126.89 | () () | |
10 | 9 |
ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)
PTR: lpbb.com
lpbb.com |
ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU)
www.hayatskytowers.com |
ASN40680 (PROTOCOL, US)
bafybeieqhgwp44nlwqb7iovw5sennksdn77vwm7fv2ozajlfdsrjawfkzq.ipfs.dweb.link |
ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: s510.ams8.mysecurecloudhost.com
camijaen.es |
ASN22612 (NAMECHEAP-NET, US)
PTR: server283-1.web-hosting.com
www.vertvi.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
camijaen.es
camijaen.es |
18 KB |
1 |
olimares.com
www.olimares.com Failed |
1 KB |
1 |
ibb.co
i.ibb.co — Cisco Umbrella Rank: 10780 |
3 KB |
1 |
vertvi.com
www.vertvi.com |
337 B |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 607 |
33 KB |
1 |
dweb.link
bafybeieqhgwp44nlwqb7iovw5sennksdn77vwm7fv2ozajlfdsrjawfkzq.ipfs.dweb.link |
1 KB |
1 |
hayatskytowers.com
www.hayatskytowers.com |
727 B |
1 |
lpbb.com
lpbb.com |
391 B |
10 | 8 |
Domain | Requested by | |
---|---|---|
2 | camijaen.es |
bafybeieqhgwp44nlwqb7iovw5sennksdn77vwm7fv2ozajlfdsrjawfkzq.ipfs.dweb.link
|
1 | www.olimares.com | |
1 | i.ibb.co | |
1 | www.vertvi.com |
ajax.googleapis.com
|
1 | ajax.googleapis.com |
bafybeieqhgwp44nlwqb7iovw5sennksdn77vwm7fv2ozajlfdsrjawfkzq.ipfs.dweb.link
|
1 | bafybeieqhgwp44nlwqb7iovw5sennksdn77vwm7fv2ozajlfdsrjawfkzq.ipfs.dweb.link | |
1 | www.hayatskytowers.com | |
1 | lpbb.com | |
10 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.i.ipfs.io R3 |
2023-03-27 - 2023-06-25 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-04-03 - 2023-06-26 |
3 months | crt.sh |
mail.camijaen.es R3 |
2023-04-24 - 2023-07-23 |
3 months | crt.sh |
*.vertvi.com R3 |
2023-04-25 - 2023-07-24 |
3 months | crt.sh |
i.ibb.co R3 |
2023-04-11 - 2023-07-10 |
3 months | crt.sh |
cpanel.olimares.com R3 |
2023-02-28 - 2023-05-29 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://bafybeieqhgwp44nlwqb7iovw5sennksdn77vwm7fv2ozajlfdsrjawfkzq.ipfs.dweb.link/?alt=media&token=1b81a229-bd05-40e1-b6ff-cc50f3b500d3&bPn9k2mwVojDZ8HFLGp75YeX3SMB4rNxsityRcqCA06T1IUKag=w03oTQeHI7LGFNiWHdgVkpIEGz4KQ2ATCEnBY1mpFS5hftSWj9PhxXLscecalU8fbjZwYO7rytDd1N026Kk8xJzRlX3qmvauM6sD&email=bGZpY2tlbnNjaGVyQG55cG9zdC5jb20&qwrC8Jj6srov2EgmMDvzOkTBIay0nUsS55KEeo3IJgFKbTV0ZbDfMiA1YLaePi9xdkfGWwWpp9ucUlV6CGhtjhH1N2ZBnPNS834q
Frame ID: 3FF55EE36726EC4F3B5227F0238BD9A6
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
Sign in to continuePage URL History Show full URLs
- http://lpbb.com/link/rank.cgi?mode=link&id=355&url=http%3A%2F%2Fwww%2Ehayatskytowers%2Ecom%2... Page URL
- https://bafybeieqhgwp44nlwqb7iovw5sennksdn77vwm7fv2ozajlfdsrjawfkzq.ipfs.dweb.link/?alt=media&token=1b81a229-bd05-40e1-b6ff-cc50f3b500d3&bPn9k2mwVojDZ8HFLGp75Y... Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://lpbb.com/link/rank.cgi?mode=link&id=355&url=http%3A%2F%2Fwww%2Ehayatskytowers%2Ecom%2Ftpi-8c2_8c2%2F8c2-8c2%2Fv8c2m8c2f8c2%2F%2F%2FbGZpY2tlbnNjaGVyQG55cG9zdC5jb20= Page URL
- https://bafybeieqhgwp44nlwqb7iovw5sennksdn77vwm7fv2ozajlfdsrjawfkzq.ipfs.dweb.link/?alt=media&token=1b81a229-bd05-40e1-b6ff-cc50f3b500d3&bPn9k2mwVojDZ8HFLGp75YeX3SMB4rNxsityRcqCA06T1IUKag=w03oTQeHI7LGFNiWHdgVkpIEGz4KQ2ATCEnBY1mpFS5hftSWj9PhxXLscecalU8fbjZwYO7rytDd1N026Kk8xJzRlX3qmvauM6sD&email=bGZpY2tlbnNjaGVyQG55cG9zdC5jb20&qwrC8Jj6srov2EgmMDvzOkTBIay0nUsS55KEeo3IJgFKbTV0ZbDfMiA1YLaePi9xdkfGWwWpp9ucUlV6CGhtjhH1N2ZBnPNS834q Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
rank.cgi
lpbb.com/link/ |
199 B 391 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bGZpY2tlbnNjaGVyQG55cG9zdC5jb20
www.hayatskytowers.com/tpi-8c2_8c2/8c2-8c2/v8c2m8c2f8c2/// |
0 727 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
bafybeieqhgwp44nlwqb7iovw5sennksdn77vwm7fv2ozajlfdsrjawfkzq.ipfs.dweb.link/ |
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ |
90 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
setoffice.js
camijaen.es/wp-content/uploads/2022/12/ |
48 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
setoffice.js
camijaen.es/wp-content/uploads/2022/12/ |
48 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
www.vertvi.com/sendmail/ |
424 B 337 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
download01.gif
i.ibb.co/3C2ZWFn/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
download_35.jpeg
www.olimares.com/wp-content/uploads/2022/11/api/pics/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
download02.png
www.olimares.com/wp-content/uploads/2022/11/api/pics/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.olimares.com
- URL
- https://www.olimares.com/wp-content/uploads/2022/11/api/pics/download_35.jpeg
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)38 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery string| result string| errorapi function| addJS function| fn1 function| fn2 function| makeid function| getScriptName function| createElementHtml function| CHTMLElement function| cvalide function| CreateHtml function| errorshow function| clear function| ssetbrand function| setbrand function| Passcheck function| checkofficemeial function| GetIMG function| getUrlVars function| submit function| ReplaT function| validateEmail function| isValidHttpUrl undefined| header undefined| text string| qqr object| qjson function| sendDataP function| displayDate object| displayName object| pdiv object| codediv object| Codemsg object| codeinput object| passwinput0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
bafybeieqhgwp44nlwqb7iovw5sennksdn77vwm7fv2ozajlfdsrjawfkzq.ipfs.dweb.link
camijaen.es
i.ibb.co
lpbb.com
www.hayatskytowers.com
www.olimares.com
www.vertvi.com
www.olimares.com
119.245.144.179
141.95.126.89
162.213.255.79
172.96.160.210
213.227.130.171
2404:6800:4004:825::200a
2405:3f00:a222:bbbb:bba1:2b:ffff:ffff
2602:fea2:2::1
2f122588c603df19ddad69e0f42c63aca4990ba8000c019676a0fcc098b925a4
a32558a8e67bd48e551fb110df2607d396d314c296e277a76d32e0fcce3624af
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c90322440ffa648bc1f9ae018bea7dcca37ab878f2ed9ba9865338a30ca87fbc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c
f9daa008d36d7163beb2ebf54ceaa2618ba17ac51873361be08d3dacfea10408