urlscan.io logo urlscan.io
SecurityTrails logo

ipfs.eth.aragon.network Open in urlscan Pro
146.190.204.125  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://ipfs.eth.aragon.network/ipfs/bafkreibaqjo77yilg6r55qu6q3yd3dg5tnydlnvk56ywnhbh3xjc2wpacm
Submission: On September 01 via api from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 4 countries across 5 domains to perform 5 HTTP transactions. The main IP is 146.190.204.125, located in Frankfurt am Main, Germany and belongs to DIGITALOCEAN-ASN, US. The main domain is ipfs.eth.aragon.network.
TLS certificate: Issued by R3 on August 11th 2023. Valid for: 3 months.
This is the only time ipfs.eth.aragon.network was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 146.190.204.125 14061 (DIGITALOC...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2001:4de0:ac1... 20446 (STACKPATH...)
1 2404:6800:400... 15169 (GOOGLE)
1 2606:4700:303... 13335 (CLOUDFLAR...)
5 5
1    146.190.204.125 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)
ipfs.eth.aragon.network
1    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2001:4de0:ac18::1:a:1a (Netherlands)

ASN20446 (STACKPATH-CDN, US)
code.jquery.com
1    2404:6800:400a:805::2001 (Osaka, Japan)

ASN15169 (GOOGLE, US)
lh3.googleusercontent.com
1    2606:4700:3033::ac43:9623 (United States)

ASN13335 (CLOUDFLARENET, US)
kgkagkgaga.ws
Apex Domain
Subdomains		 Transfer
1 kgkagkgaga.ws
kgkagkgaga.ws
72 KB
1 googleusercontent.com
lh3.googleusercontent.com — Cisco Umbrella Rank: 62
193 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 733
78 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 220
14 KB
1 aragon.network
ipfs.eth.aragon.network
39 KB
5 5
Domain Requested by
1 kgkagkgaga.ws code.jquery.com
1 lh3.googleusercontent.com
1 code.jquery.com ipfs.eth.aragon.network
1 cdnjs.cloudflare.com ipfs.eth.aragon.network
1 ipfs.eth.aragon.network
5 5

This site contains no links.

Subject Issuer Validity Valid
ipfs.eth.aragon.network
R3		 2023-08-11 -
2023-11-09		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh
*.googleusercontent.com
GTS CA 1C3		 2023-08-07 -
2023-10-30		 3 months crt.sh
kgkagkgaga.ws
E1		 2023-07-20 -
2023-10-18		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://ipfs.eth.aragon.network/ipfs/bafkreibaqjo77yilg6r55qu6q3yd3dg5tnydlnvk56ywnhbh3xjc2wpacm
Frame ID: A391AD60ED8FAA92E643EC936314397B
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

5
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

5
IPs

4
Countries

396 kB
Transfer

1468 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request bafkreibaqjo77yilg6r55qu6q3yd3dg5tnydlnvk56ywnhbh3xjc2wpacm
ipfs.eth.aragon.network/ipfs/ 		39 KB
39 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ipfs.eth.aragon.network/ipfs/bafkreibaqjo77yilg6r55qu6q3yd3dg5tnydlnvk56ywnhbh3xjc2wpacm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
146.190.204.125 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.21.6 /
Resource Hash
20825dffe10b37a3dec29e86f03d8cdd9b7035b6aaefb1669c27ddd22d59e013

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-headers
Content-Type Range User-Agent X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-expose-headers
Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
cache-control
public, max-age=29030400, immutable
content-length
39596
content-type
text/html
date
Fri, 01 Sep 2023 00:50:44 GMT
etag
"bafkreibaqjo77yilg6r55qu6q3yd3dg5tnydlnvk56ywnhbh3xjc2wpacm"
server
nginx/1.21.6
x-ipfs-path
/ipfs/bafkreibaqjo77yilg6r55qu6q3yd3dg5tnydlnvk56ywnhbh3xjc2wpacm
x-ipfs-roots
bafkreibaqjo77yilg6r55qu6q3yd3dg5tnydlnvk56ywnhbh3xjc2wpacm
crypto-js.min.js
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/ 		47 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
Requested by
Host: ipfs.eth.aragon.network
URL: https://ipfs.eth.aragon.network/ipfs/bafkreibaqjo77yilg6r55qu6q3yd3dg5tnydlnvk56ywnhbh3xjc2wpacm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://ipfs.eth.aragon.network/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 00:50:44 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
12812959
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
13972
last-modified
Sat, 14 Aug 2021 20:33:09 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"61182885-3694"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sz6N1sA9e1GGByazsdTCBkL0wh6p07cOfZqhRzkJaq8KI%2FbeonbrEAlYDwDnI%2BsSJAEimXmSgzuTkYJt1Rjdw%2FtYZYg94%2BbFMYuvXpHkC4K784YlQ3Xq3GCxAhkHC%2BVXKBjIBBciE0Rq%2BxCFKvqMdSuO"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7ff985550d318a6f-NRT
expires
Wed, 21 Aug 2024 00:50:44 GMT
jquery-1.9.1.js
code.jquery.com/ 		262 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-1.9.1.js
Requested by
Host: ipfs.eth.aragon.network
URL: https://ipfs.eth.aragon.network/ipfs/bafkreibaqjo77yilg6r55qu6q3yd3dg5tnydlnvk56ywnhbh3xjc2wpacm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:1a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://ipfs.eth.aragon.network/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 00:50:45 GMT
content-encoding
gzip
last-modified
Fri, 20 Aug 2021 17:47:53 GMT
server
nginx
etag
W/"611feac9-4185d"
surrogate-control
max-age=315360000;hw-h2proxy
vary
Accept-Encoding
x-hw
1693529445.cdn4-pxy102-sjc02.sj3.evs,1693529445.cds103.sj3.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000,public
accept-ranges
bytes
content-length
79506
AJFCJaXhZo6cUCNh1ssNQzSV3jc1ppd5Vt2HN5GjHL82rJR25OrOigrMWVvBpwQN6BD4T_qHdwh2spOZ9bKA-BqcHsttYMUy5sxc-E99nKe9pgDJsCX0icydpRhjm97W_S4_6cism2sTCOp-Oxa807yjCEw=w1580-h720-s-no
lh3.googleusercontent.com/pw/ 		192 KB
193 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/pw/AJFCJaXhZo6cUCNh1ssNQzSV3jc1ppd5Vt2HN5GjHL82rJR25OrOigrMWVvBpwQN6BD4T_qHdwh2spOZ9bKA-BqcHsttYMUy5sxc-E99nKe9pgDJsCX0icydpRhjm97W_S4_6cism2sTCOp-Oxa807yjCEw=w1580-h720-s-no?authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:400a:805::2001 Osaka, Japan, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
c51ecfdbb39612d629bbbfa57896c63dc52971d7bcf78f1795944be16274a8eb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://ipfs.eth.aragon.network/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 00:50:45 GMT
x-content-type-options
nosniff
server
fife
etag
"v51"
vary
Origin
content-type
image/gif
access-control-expose-headers
Content-Length
cache-control
private, max-age=86400, no-transform
cross-origin-resource-policy
cross-origin
content-disposition
inline;filename="Flashback - Jul 5, 2023 00_04_12.gif"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
197044
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
kgkagkgaga.ws/obufsssssssscaaatoion/ 		928 KB
72 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://kgkagkgaga.ws/obufsssssssscaaatoion/
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-1.9.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:9623 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
73740385fd4355d690f4eb83664ddca79e76ba3c8aad0e89279a8a2a2ae164a3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://ipfs.eth.aragon.network/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Fri, 01 Sep 2023 00:50:46 GMT
content-encoding
br
x-content-type-options
nosniff
referrer-policy
same-origin
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
origin
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ISe%2BDwAgKPUO2Ka1e9KBpKg9XxVMVKvlQGD76Q5MMsRBf89I2Bi6lLdV%2BVaohhY3OxPxm5rAduIIKQnjjcztbeqF%2BMMa8uJ96HX1MxtKtVSIbqYw00JIWh9xCzh3njXS9l0CUtoAcKc9W%2FSq"}],"group":"cf-nel","max_age":604800}
cf-ray
7ff9855ddd91f6a5-NRT
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

147 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| CryptoJS string| TBbagJFB function| _0x3a70 function| _0x2e6ad2 function| _0x9701ad function| _0x5d8023 function| _0x117284 function| _0x3a76bf function| _0x4fa2cd function| _0x1f2f24 function| _0x159624 function| _0x5af5ac function| _0x7017ff function| _0x2f356b function| _0x3c37a6 function| _0x2a15c7 function| _0x346243 function| _0x9afd92 function| _0x4ba574 function| _0x213854 function| _0x484580 function| _0x45c2e6 function| _0xbfaf51 function| _0x5dd2f4 function| _0x375cde function| _0x207c4b function| _0x1241b9 function| _0xb5e28e function| _0x1e2dc1 function| _0x3e276a function| _0x1f647d function| _0x93cfab function| _0x46bfeb function| _0x3b962f function| _0x3c9e67 function| _0xcd7ca6 function| _0x19f949 function| _0x1c96fc function| _0xac67e1 function| _0x3414b4 function| _0x36977a function| _0x38fe51 function| _0x4225d8 function| _0x14ea9f function| _0x297846 function| _0x1f22ab function| _0x108157 function| _0x30951a function| _0x1f20ba function| _0x544847 function| _0x44f448 function| _0x421e54 function| _0x2d0487 function| _0x4e5ee4 function| _0x5c4f5f function| _0x4b710c function| _0x521940 function| _0x3f8c85 function| _0x485828 function| _0x517475 function| _0x22b387 function| _0x3e5212 function| _0x1236e1 function| _0x3cac15 function| _0xffc2ae function| _0x55453a function| _0x2b04c4 function| _0x5cd6fc function| _0x29a8cf function| _0x2644e0 function| _0x335971 function| _0xa9bc4a function| _0x3d2a9a function| _0x2ce5ee function| _0x133dc8 function| _0x3efe92 function| _0x1cb48a function| _0x58a01e function| _0x5ccea9 function| _0x3cc256 function| _0x453f90 function| _0x1b6741 function| _0x4215c5 function| _0x4fcae8 function| _0x296088 function| _0x45ab86 function| _0x47895a function| _0x40793c function| _0x173968 function| _0x52c643 function| _0x306b8b function| _0xccc303 function| _0x27b460 function| _0x2f3eb3 function| _0x34e4ad function| _0x715e7d function| _0x33d260 function| _0x3be126 function| _0x3b790f function| _0x1760ef function| _0x5753b7 function| _0x342889 function| _0x4ad560 function| _0x216270 function| _0x5ead24 function| _0x4ecbd9 function| _0x1ad49c function| _0x363c05 function| _0x1e333c function| _0x4bfa6d function| _0x278bb0 function| _0x5bb38c function| _0x1ef19c function| _0x469070 function| _0x1165c1 function| _0x3e8a33 function| _0x3eaf32 function| _0x3743f2 function| _0x223922 function| _0x49345a function| _0x18e11a function| _0x259df3 function| _0x4ca870 function| _0x4cbcc7 function| _0x5a9b03 function| _0x4254f0 function| _0x29add9 function| _0x26c57d function| _0x3fcaa3 function| _0x32ecb4 function| _0x4372c5 function| _0x1fd559 function| _0x4277a1 function| _0x150a10 function| _0x191ce2 function| _0x54dde0 object| _0xb019 string| IGOBZL string| cbbg function| _0x52c3 string| kaka90nal string| ka45k459final2 string| kak0011afinal number| countttingerr function| $ function| jQuery

0 Cookies