bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link Open in urlscan Pro
209.94.90.1 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://ikincielplotter.com/
Effective URL:
https://bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link/
Submission: On December 14 via manual (December 14th 2023, 1:45:14 pm UTC) from PL — Scanned from PL

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 4 countries across 8 domains to perform 17 HTTP transactions. The main IP is 209.94.90.1, located in United States and belongs to PROTOCOL, US. The main domain is bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link.
TLS certificate: Issued by R3 on November 20th 2023. Valid for: 3 months.

This is the only time bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	89.252.159.3 89.252.159.3	42846 (GUZELHOST...) (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S.)
1	209.94.90.1 209.94.90.1	40680 (PROTOCOL) (PROTOCOL)
1	151.101.194.137 151.101.194.137	54113 (FASTLY) (FASTLY)
1	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.67.182.143 172.67.182.143	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.133.182 172.67.133.182	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	51.77.64.70 51.77.64.70	16276 (OVH) (OVH)
17	7

1 89.252.159.3 (Turkey) 1 redirects

ASN42846 (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S., TR)
PTR: 3x8cf6f.guzel.net.tr

ikincielplotter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.94.90.1 (United States)

ASN40680 (PROTOCOL, US)

bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.137 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.182.143 (United States)

ASN13335 (CLOUDFLARENET, US)

3ymf604crpq.tyeqf.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.133.182 (United States)

ASN13335 (CLOUDFLARENET, US)

odrw6tdpzam.bvkv.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.77.64.70 (Germany)

ASN16276 (OVH, FR)
PTR: de-fra-1.pro.ip-api.com

pro.ip-api.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	tyeqf.online 3ymf604crpq.tyeqf.online	267 KB
1	ip-api.com pro.ip-api.com — Cisco Umbrella Rank: 6331	440 B
1	bvkv.online odrw6tdpzam.bvkv.online	193 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 204	14 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 735	78 KB
1	dweb.link bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link	6 KB
1	ikincielplotter.com 1 redirects ikincielplotter.com	287 B
0	msftauth.net Failed aadcdn.msftauth.net Failed
17	8

	Domain	Requested by
2	3ymf604crpq.tyeqf.online	code.jquery.com
1	pro.ip-api.com	code.jquery.com
1	odrw6tdpzam.bvkv.online
1	cdnjs.cloudflare.com	bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link
1	code.jquery.com	bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link
1	bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link
1	ikincielplotter.com	1 redirects
0	aadcdn.msftauth.net Failed
17	8

This site contains no links.

Subject Issuer	Validity	Valid
dweb.link R3	`2023-11-20` - `2024-02-18`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
tyeqf.online GTS CA 1P5	`2023-12-04` - `2024-03-03`	3 months	crt.sh
bvkv.online GTS CA 1P5	`2023-12-04` - `2024-03-03`	3 months	crt.sh
*.ip-api.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-25` - `2023-12-26`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link/
Frame ID: 8C1ABA3052D1CDB8FA0DD1C834246C98
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to your account

Page URL History Show full URLs

http://ikincielplotter.com/ HTTP 301
https://bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

41 %
HTTPS

0 %
IPv6

8
Domains

8
Subdomains

7
IPs

4
Countries

559 kB
Transfer

1632 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://ikincielplotter.com/ HTTP 301
https://bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link/
Redirect Chain

http://ikincielplotter.com/
https://bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link/

15 KB
6 KB

451ms
46ms

Document
text/html

209.94.90.1
PROTOCOL

General

Check archive.org

Show headers Download Go to

Full URL

https://bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

209.94.90.1 , United States, ASN40680 (PROTOCOL, US),

Reverse DNS

Software

openresty /

Resource Hash

8a104d43f311fcea74f00417a5b90b1b9eacb1e19ef12514a7aa0d09cc6bd687

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

access-control-allow-headers: X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
access-control-allow-methods: GET HEAD OPTIONS GET, POST, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output
cache-control: public, max-age=29030400, immutable
content-encoding: gzip
content-type: text/html
date: Thu, 14 Dec 2023 13:45:09 GMT
etag: W/"bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4"
server: openresty
strict-transport-security: max-age=31536000; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
x-ipfs-gateway-host: ipfs-bank6-fr2
x-ipfs-lb-pop: gateway-bank1-fr2
x-ipfs-path: /ipfs/bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4/
x-ipfs-pop: ipfs-bank6-fr2
x-ipfs-roots: bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4
x-proxy-cache: MISS

Redirect headers

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-length: 707
content-type: text/html
date: Thu, 14 Dec 2023 13:45:07 GMT
location: https://bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link/
server: LiteSpeed

GET
H2 200 jquery-1.9.1.js Show response
code.jquery.com/ 262 KB
78 KB 447ms
45ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.9.1.js
Requested by: Host: bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link
URL: https://bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 13:45:09 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 7759302
x-cache: HIT, HIT
content-length: 79506
x-served-by: cache-lga21952-LGA, cache-fra-eddf8230094-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1702561510.974587,VS0,VE0
etag: W/"28feccc0-4185d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 41, 104589

GET
H2 200 crypto-js.min.js Show response
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/ 47 KB
14 KB 441ms
52ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

Requested by

Host: bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link
URL: https://bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 13:45:09 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1239278
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 13972
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "61182885-3694"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NBrjAIHHSvoLy6lfky9ZrMqaVGCMpquQF%2F85pNBiuyLPXKxrZH6%2FI9DP4%2BfeTX8yFgapEnonoL4P97QQnoqoaby8RbqIqypOkgNqDgP8TNYLoMMOZh43fY9ApSxfP761HA1W13dM"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8356e2bd3bf49a1b-FRA
expires: Tue, 03 Dec 2024 13:45:09 GMT

GET
H2 200 preload-outlook.gif
3ymf604crpq.tyeqf.online/static/media/ 192 KB
193 KB 1092ms
689ms Image
image/gif 172.67.182.143
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3ymf604crpq.tyeqf.online/static/media/preload-outlook.gif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.182.143 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c51ecfdbb39612d629bbbfa57896c63dc52971d7bcf78f1795944be16274a8eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 13:45:10 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-disposition: inline; filename="preload-outlook.gif"
alt-svc: h3=":443"; ma=86400
content-length: 197044
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 04 Nov 2023 22:18:46 GMT
server: cloudflare
x-frame-options: DENY
vary: origin, Accept-Encoding
content-type: image/gif
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fil%2BffefcRHq8iLXO3oush3efjqSk%2BgMkGQc2342S3IrA4hJFifA5dR0KkFoU0GAlZXUOOaKluxffRByV8LWZP8V8Z5TZld2Lb%2FFvcbpv7%2B2oypNZ4xjGj51wKVkmp8WQ1slE1j1vsuOw80%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8356e2bd5ea9695d-FRA

GET
H2 200 preload-outlook.gif
odrw6tdpzam.bvkv.online/static/media/ 192 KB
193 KB 1328ms
669ms Image
image/gif 172.67.133.182
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://odrw6tdpzam.bvkv.online/static/media/preload-outlook.gif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.133.182 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c51ecfdbb39612d629bbbfa57896c63dc52971d7bcf78f1795944be16274a8eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 13:45:10 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-disposition: inline; filename="preload-outlook.gif"
alt-svc: h3=":443"; ma=86400
content-length: 197044
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 04 Nov 2023 22:18:46 GMT
server: cloudflare
x-frame-options: DENY
vary: origin, Accept-Encoding
content-type: image/gif
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XW6FKT4hAZJfgn6ldhDKHDoIL5ud%2B56EVEsjNpWkuaKwpBp4vPbEMNBDUEM1kI1yxHJM1OVhQKKb0oU21ISGiSz1f9pHAmx6wGngMJZbRFJZYKzd8p3l6m7vdZIiRyTqA6tuJVMkoZ00sg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8356e2befc044d5c-FRA

GET
H/1.1 200
OK / Show response
pro.ip-api.com/json/ 284 B
440 B 145ms
44ms XHR
application/json 51.77.64.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://pro.ip-api.com/json/?key=pD3jjrEbn4o2CQ1
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-1.9.1.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.77.64.70 , Germany, ASN16276 (OVH, FR),
Reverse DNS: de-fra-1.pro.ip-api.com
Software: /
Resource Hash: aaceb0d08c14c57a22dfb0a98ac6be3fbfad970a6eb902eba8263e6e93faf183

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link/
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 14 Dec 2023 13:45:10 GMT
Content-Length: 284
Content-Type: application/json; charset=utf-8

POST
H2 200 / Show response
3ymf604crpq.tyeqf.online/obufsssssssscaaatoion/ 923 KB
74 KB 828ms
402ms XHR
application/json 172.67.182.143
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://3ymf604crpq.tyeqf.online/obufsssssssscaaatoion/

Requested by

Host: code.jquery.com
URL: https://code.jquery.com/jquery-1.9.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.182.143 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

75e078bba55adba2be242c7c0cddfdf9bdb6e94135f14592f1ee29d8aae54731

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link/
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 14 Dec 2023 13:45:11 GMT
content-encoding: br
x-content-type-options: nosniff
referrer-policy: same-origin
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: origin
x-frame-options: DENY
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e3amhWoO3ZKnmcA7DEpa0oyq7FNTzfwK9ZSY%2FnEOOXqA9ceHXgFpsjpMDUj2GQzu7k4wH4cOlnutQNbvHM%2Fn3wgNsQXDpVsF9z3HAEe2YEq6OhaIDrkpPpkbGzZDLPgNZ038dg0S%2BUD0o4k%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8356e2c4db2222a6-CDG
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block

GET arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
aadcdn.msftauth.net/shared/1.0/content/images/ 0
0

GET /
3ymf604crpq.tyeqf.online/static/media/microsoft_logo.png/ 0
0

GET key_workshcool.png
3ymf604crpq.tyeqf.online/static/media/ 0
0

GET person_workshcool.png
3ymf604crpq.tyeqf.online/static/media/ 0
0

GET person_office.png
3ymf604crpq.tyeqf.online/static/media/ 0
0

GET message_think.png
3ymf604crpq.tyeqf.online/static/media/ 0
0

GET auth_number.png
3ymf604crpq.tyeqf.online/static/media/ 0
0

GET call_2fa.png
3ymf604crpq.tyeqf.online/static/media/ 0
0

GET 2fa_authenticator.png
3ymf604crpq.tyeqf.online/static/media/ 0
0

GET bg_normal.png
3ymf604crpq.tyeqf.online/static/media/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg

Domain: 3ymf604crpq.tyeqf.online
URL: https://3ymf604crpq.tyeqf.online/static/media/microsoft_logo.png/

Domain: 3ymf604crpq.tyeqf.online
URL: https://3ymf604crpq.tyeqf.online/static/media/key_workshcool.png

Domain: 3ymf604crpq.tyeqf.online
URL: https://3ymf604crpq.tyeqf.online/static/media/person_workshcool.png

Domain: 3ymf604crpq.tyeqf.online
URL: https://3ymf604crpq.tyeqf.online/static/media/person_office.png

Domain: 3ymf604crpq.tyeqf.online
URL: https://3ymf604crpq.tyeqf.online/static/media/message_think.png

Domain: 3ymf604crpq.tyeqf.online
URL: https://3ymf604crpq.tyeqf.online/static/media/auth_number.png

Domain: 3ymf604crpq.tyeqf.online
URL: https://3ymf604crpq.tyeqf.online/static/media/call_2fa.png

Domain: 3ymf604crpq.tyeqf.online
URL: https://3ymf604crpq.tyeqf.online/static/media/2fa_authenticator.png

Domain: 3ymf604crpq.tyeqf.online
URL: https://3ymf604crpq.tyeqf.online/static/media/bg_normal.png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3ymf604crpq.tyeqf.online
aadcdn.msftauth.net
bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link
cdnjs.cloudflare.com
code.jquery.com
ikincielplotter.com
odrw6tdpzam.bvkv.online
pro.ip-api.com
3ymf604crpq.tyeqf.online
aadcdn.msftauth.net
104.17.25.14
151.101.194.137
172.67.133.182
172.67.182.143
209.94.90.1
51.77.64.70
89.252.159.3
75e078bba55adba2be242c7c0cddfdf9bdb6e94135f14592f1ee29d8aae54731
7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40
8a104d43f311fcea74f00417a5b90b1b9eacb1e19ef12514a7aa0d09cc6bd687
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
aaceb0d08c14c57a22dfb0a98ac6be3fbfad970a6eb902eba8263e6e93faf183
c51ecfdbb39612d629bbbfa57896c63dc52971d7bcf78f1795944be16274a8eb

bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link Open in urlscan Pro 209.94.90.1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

41 %HTTPS

0 %IPv6

8 Domains

8 Subdomains

7 IPs

4 Countries

559 kBTransfer

1632 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

32 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

bafkreiekcbguh4yr7tvhj4aec6s3scy3t2wldym66esrjj5kbue4y26wq4.ipfs.dweb.link Open in urlscan Pro
209.94.90.1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

41 %
HTTPS

0 %
IPv6

8
Domains

8
Subdomains

7
IPs

4
Countries

559 kB
Transfer

1632 kB
Size

0
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!