urlscan.io logo urlscan.io
SecurityTrails logo

ipfs.io Open in urlscan Pro
2602:fea2:2::1  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://teex.stuccosystemsincs.net/index.php?code=Y2xpbnQuYXJuZXR0QHRlZXgudGFtdS5lZHU=
Effective URL: https://ipfs.io/ipfs/QmVv7qvRzWHBKPsnTRQHkCqhhYFg58QTkQck7YuR2nJSec
Submission: On April 22 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 3 HTTP transactions. The main IP is 2602:fea2:2::1, located in United States and belongs to PROTOCOL, US. The main domain is ipfs.io. The Cisco Umbrella rank of the primary domain is 48658.
TLS certificate: Issued by R3 on March 27th 2023. Valid for: 3 months.
This is the only time ipfs.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook (Online)

Domain & IP information

IP Address AS Autonomous System
1 108.179.220.170 19871 (NETWORK-S...)
1 2602:fea2:2::1 40680 (PROTOCOL)
1 162.0.232.86 22612 (NAMECHEAP...)
3 4
Apex Domain
Subdomains		 Transfer
1 hzvilbotex.com
hzvilbotex.com
1 KB
1 ipfs.io
ipfs.io — Cisco Umbrella Rank: 48658
24 KB
1 stuccosystemsincs.net
teex.stuccosystemsincs.net
573 B
3 3
Domain Requested by
1 hzvilbotex.com ipfs.io
1 ipfs.io teex.stuccosystemsincs.net
1 teex.stuccosystemsincs.net
3 3

This site contains no links.

Subject Issuer Validity Valid
*.i.ipfs.io
R3		 2023-03-27 -
2023-06-25		 3 months crt.sh
hzvilbotex.com
Sectigo RSA Domain Validation Secure Server CA		 2023-04-20 -
2024-04-20		 a year crt.sh

This page contains 1 frames:

Primary Page: https://ipfs.io/ipfs/QmVv7qvRzWHBKPsnTRQHkCqhhYFg58QTkQck7YuR2nJSec
Frame ID: 28D11F1599C97E584A277478D605D1E5
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Outlook

Page URL History Show full URLs

  1. http://teex.stuccosystemsincs.net/index.php?code=Y2xpbnQuYXJuZXR0QHRlZXgudGFtdS5lZHU= Page URL
  2. https://ipfs.io/ipfs/QmVv7qvRzWHBKPsnTRQHkCqhhYFg58QTkQck7YuR2nJSec Page URL

Page Statistics

3
Requests

67 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

26 kB
Transfer

90 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://teex.stuccosystemsincs.net/index.php?code=Y2xpbnQuYXJuZXR0QHRlZXgudGFtdS5lZHU= Page URL
  2. https://ipfs.io/ipfs/QmVv7qvRzWHBKPsnTRQHkCqhhYFg58QTkQck7YuR2nJSec Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
index.php
teex.stuccosystemsincs.net/ 		161 B
573 B 		Document
General
Check archive.org
Download Go to
Full URL
http://teex.stuccosystemsincs.net/index.php?code=Y2xpbnQuYXJuZXR0QHRlZXgudGFtdS5lZHU=
Protocol
HTTP/1.1
Server
108.179.220.170 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
server.acnstudio.co
Software
Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
163
Content-Type
text/html; charset=UTF-8
Date
Sat, 22 Apr 2023 15:03:48 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=100
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
Primary Request QmVv7qvRzWHBKPsnTRQHkCqhhYFg58QTkQck7YuR2nJSec
ipfs.io/ipfs/ 		41 KB
24 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ipfs.io/ipfs/QmVv7qvRzWHBKPsnTRQHkCqhhYFg58QTkQck7YuR2nJSec
Requested by
Host: teex.stuccosystemsincs.net
URL: http://teex.stuccosystemsincs.net/index.php?code=Y2xpbnQuYXJuZXR0QHRlZXgudGFtdS5lZHU=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
openresty /
Resource Hash
18e8f0afe0af189843d60f2c872eab52df09dcc7985012d76dab5d2d5c9e67c9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
http://teex.stuccosystemsincs.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
access-control-allow-methods
GET GET, POST, OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Range, X-Chunked-Output, X-Stream-Output
cache-control
public, max-age=29030400, immutable
content-encoding
gzip
content-type
text/html
date
Sat, 22 Apr 2023 15:03:49 GMT
etag
W/"QmVv7qvRzWHBKPsnTRQHkCqhhYFg58QTkQck7YuR2nJSec"
server
openresty
strict-transport-security
max-age=31536000; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
x-bfid
bbf2754a45136d395279125698da4b4c
x-ipfs-datasize
41976
x-ipfs-gateway-host
ipfs-bank7-fr2
x-ipfs-lb-pop
gateway-bank2-fr2
x-ipfs-path
/ipfs/QmVv7qvRzWHBKPsnTRQHkCqhhYFg58QTkQck7YuR2nJSec
x-ipfs-pop
ipfs-bank7-fr2
x-ipfs-roots
QmVv7qvRzWHBKPsnTRQHkCqhhYFg58QTkQck7YuR2nJSec
x-proxy-cache
HIT
app.js
hzvilbotex.com/goodshit/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hzvilbotex.com/goodshit/app.js
Requested by
Host: ipfs.io
URL: https://ipfs.io/ipfs/QmVv7qvRzWHBKPsnTRQHkCqhhYFg58QTkQck7YuR2nJSec
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.232.86 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
premium276-5.web-hosting.com
Software
LiteSpeed /
Resource Hash
a2a975d9304737ddcf77648186a9bcaf3606754983cf234670130e728ad39538

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ipfs.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 22 Apr 2023 15:03:50 GMT
content-encoding
gzip
last-modified
Thu, 20 Apr 2023 15:12:28 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
content-length
863
expires
Sat, 29 Apr 2023 15:03:50 GMT
truncated
/ 		28 KB
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
64d14471cc6ff013cc309a0c43be662723f220d78d960c3ef1903f9c5f9c5838

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type
text/css
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a7cdef2a343a697f16fb77ccba5ad107680cd7b4c336e45024b54802481271d1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		11 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f8593c513b145927dfff508c6e4a3c21c5e76f5003fb5c817036e4416f7888d8

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
47abb531f51079ad100757fa175a33462f038be94d918dc5db204d1be2545045

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type
image/jpeg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

1 Cookies

Domain/Path Name / Value
teex.stuccosystemsincs.net/ Name: PHPSESSID
Value: 56cbad1019f9fdf71d4c0bc6e9515951