cloudflare-ipfs.com Open in urlscan Pro
2606:4700::6811:600d  Malicious Activity! Public Scan

Submitted URL: https://yhdwb.bpmsafelink.com/c/ZDXpaVAjUEm9tqGjTMUdZQ
Effective URL: https://cloudflare-ipfs.com/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/adminserver-index.html
Submission: On February 18 via manual from NZ — Scanned from NZ

Summary

This website contacted 6 IPs in 2 countries across 7 domains to perform 8 HTTP transactions. The main IP is 2606:4700::6811:600d, located in United States and belongs to CLOUDFLARENET, US. The main domain is cloudflare-ipfs.com.
TLS certificate: Issued by E1 on December 28th 2023. Valid for: 3 months.
This is the only time cloudflare-ipfs.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 2620:1ec:46::31 8075 (MICROSOFT...)
1 34.117.33.233 396982 (GOOGLE-CL...)
4 2606:4700::68... 13335 (CLOUDFLAR...)
1 2404:6800:400... 15169 (GOOGLE)
1 1 2404:6800:400... 15169 (GOOGLE)
1 2404:6800:400... 15169 (GOOGLE)
1 34.225.153.79 14618 (AMAZON-AES)
8 6
Apex Domain
Subdomains
Transfer
4 cloudflare-ipfs.com
cloudflare-ipfs.com
70 KB
1 thum.io
image.thum.io — Cisco Umbrella Rank: 272786
18 KB
1 gstatic.com
t1.gstatic.com
2 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 2
294 B
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 434
31 KB
1 replit.app
admin-server-47838kjhxxxf9876745674874456784897bjdshinoxe8978.replit.app
1 KB
1 bpmsafelink.com
yhdwb.bpmsafelink.com
498 B
8 7
Domain Requested by
4 cloudflare-ipfs.com admin-server-47838kjhxxxf9876745674874456784897bjdshinoxe8978.replit.app
cloudflare-ipfs.com
1 image.thum.io cloudflare-ipfs.com
1 t1.gstatic.com cloudflare-ipfs.com
1 www.google.com 1 redirects
1 ajax.googleapis.com cloudflare-ipfs.com
1 admin-server-47838kjhxxxf9876745674874456784897bjdshinoxe8978.replit.app
1 yhdwb.bpmsafelink.com 1 redirects
8 7

This site contains no links.

Subject Issuer Validity Valid
replit.app
GTS CA 1D4
2023-12-21 -
2024-03-20
3 months crt.sh
cloudflare-ipfs.com
E1
2023-12-28 -
2024-03-27
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2024-01-29 -
2024-04-22
3 months crt.sh
*.thum.io
Amazon RSA 2048 M01
2023-09-24 -
2024-10-22
a year crt.sh

This page contains 1 frames:

Primary Page: https://cloudflare-ipfs.com/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/adminserver-index.html
Frame ID: 8DBD1C926D4BC928CB299D0E1C8BB55C
Requests: 14 HTTP requests in this frame

Screenshot

Page Title

Outlook Web App

Page URL History Show full URLs

  1. https://yhdwb.bpmsafelink.com/c/ZDXpaVAjUEm9tqGjTMUdZQ HTTP 302
    https://admin-server-47838kjhxxxf9876745674874456784897bjdshinoxe8978.replit.app/ Page URL
  2. https://cloudflare-ipfs.com/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/adminserver... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

88 %
HTTPS

71 %
IPv6

7
Domains

7
Subdomains

6
IPs

2
Countries

122 kB
Transfer

390 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://yhdwb.bpmsafelink.com/c/ZDXpaVAjUEm9tqGjTMUdZQ HTTP 302
    https://admin-server-47838kjhxxxf9876745674874456784897bjdshinoxe8978.replit.app/ Page URL
  2. https://cloudflare-ipfs.com/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/adminserver-index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://yhdwb.bpmsafelink.com/c/ZDXpaVAjUEm9tqGjTMUdZQ HTTP 302
  • https://admin-server-47838kjhxxxf9876745674874456784897bjdshinoxe8978.replit.app/
Request Chain 11
  • https://www.google.com/s2/favicons?domain=2degrees.nz&sz=64 HTTP 301
  • https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://2degrees.nz&size=64

8 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
admin-server-47838kjhxxxf9876745674874456784897bjdshinoxe8978.replit.app/
Redirect Chain
  • https://yhdwb.bpmsafelink.com/c/ZDXpaVAjUEm9tqGjTMUdZQ
  • https://admin-server-47838kjhxxxf9876745674874456784897bjdshinoxe8978.replit.app/
898 B
1 KB
Document
General
Full URL
https://admin-server-47838kjhxxxf9876745674874456784897bjdshinoxe8978.replit.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.33.233 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
233.33.117.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
en-NZ,en;q=0.9

Response headers

age
146575
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
898
content-type
text/html; charset=utf-8
date
Sun, 18 Feb 2024 20:14:34 GMT
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 google

Redirect headers

content-length
0
date
Sun, 18 Feb 2024 20:14:33 GMT
location
https://admin-server-47838kjhxxxf9876745674874456784897bjdshinoxe8978.replit.app/#khilesh.bajaj@2degrees.nz
request-context
appId=cid-v1:d430274a-9cff-4a59-a156-79b00414ff83
x-azure-ref
20240218T201432Z-5zseyp5d3h2th73pm6kyvdnxrn000000071g0000000009p8
x-cache
CONFIG_NOCACHE
x-powered-by
ASP.NET
Primary Request adminserver-index.html
cloudflare-ipfs.com/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/
138 B
968 B
Document
General
Full URL
https://cloudflare-ipfs.com/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/adminserver-index.html
Requested by
Host: admin-server-47838kjhxxxf9876745674874456784897bjdshinoxe8978.replit.app
URL: https://admin-server-47838kjhxxxf9876745674874456784897bjdshinoxe8978.replit.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:600d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91c2122bfe23eee33fac943690f678536570ac1ddabfe4cfca60331a6fc2a63d

Request headers

Referer
https://admin-server-47838kjhxxxf9876745674874456784897bjdshinoxe8978.replit.app/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
en-NZ,en;q=0.9

Response headers

access-control-allow-headers
Content-Type Range User-Agent X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-expose-headers
Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
age
57166
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=29030400, immutable
cf-cache-status
HIT
cf-ray
8578efea0bdd7253-AKL
content-encoding
br
content-type
text/html
date
Sun, 18 Feb 2024 20:14:35 GMT
etag
W/"bafkreieryijcx7rd53rt7leug2ipm6ctmvykyho2x7sm7stagmng7qvghu"
server
cloudflare
vary
Accept-Encoding
x-cf-ipfs-cache-status
hit
x-ipfs-path
/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/adminserver-index.html
x-ipfs-roots
bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y,bafkreieryijcx7rd53rt7leug2ipm6ctmvykyho2x7sm7stagmng7qvghu
bafybeide6ptk4n4ztilsdczbynk5kr3mh4ou46ccfsmy33nby3fwyiqthq
cloudflare-ipfs.com/ipfs/
269 KB
69 KB
Script
General
Full URL
https://cloudflare-ipfs.com/ipfs/bafybeide6ptk4n4ztilsdczbynk5kr3mh4ou46ccfsmy33nby3fwyiqthq
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/adminserver-index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:600d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fea818333e47cfb96471611dbd05651beaa422424e1609ad2e129c0265516b4f

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://cloudflare-ipfs.com/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/adminserver-index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Sun, 18 Feb 2024 20:14:35 GMT
content-encoding
br
cf-cache-status
HIT
age
57167
x-cf-ipfs-cache-status
hit
alt-svc
h3=":443"; ma=86400
server
cloudflare
x-ipfs-roots
bafybeide6ptk4n4ztilsdczbynk5kr3mh4ou46ccfsmy33nby3fwyiqthq
etag
W/"bafybeide6ptk4n4ztilsdczbynk5kr3mh4ou46ccfsmy33nby3fwyiqthq"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control
public, max-age=29030400, immutable
x-ipfs-path
/ipfs/bafybeide6ptk4n4ztilsdczbynk5kr3mh4ou46ccfsmy33nby3fwyiqthq
cf-ray
8578efee0ab87253-AKL
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/
87 KB
31 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/ipfs/bafybeide6ptk4n4ztilsdczbynk5kr3mh4ou46ccfsmy33nby3fwyiqthq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4006:80a::200a Sydney, Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cloudflare-ipfs.com/
accept-language
en-NZ,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Fri, 16 Feb 2024 07:39:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
218129
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31021
x-xss-protection
0
last-modified
Fri, 08 May 2020 07:05:03 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 15 Feb 2025 07:39:07 GMT
lgnexlogo.gif
cloudflare-ipfs.com/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/Outlook%20Web%20App_files/
225 B
225 B
Image
General
Full URL
https://cloudflare-ipfs.com/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/Outlook%20Web%20App_files/lgnexlogo.gif
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/ipfs/bafybeide6ptk4n4ztilsdczbynk5kr3mh4ou46ccfsmy33nby3fwyiqthq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:600d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e701ee8656f79f385b9f92c7599acdf3bf124e32546b9730c85067fa373c10ca
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://cloudflare-ipfs.com/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/adminserver-index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Sun, 18 Feb 2024 20:14:36 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
EXPIRED
x-cf-ipfs-cache-status
miss
alt-svc
h3=":443"; ma=86400
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control
no-store
x-ipfs-path
/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/Outlook Web App_files/lgnexlogo.gif
cf-ray
8578eff14f201c53-AKL
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
lgnbotr.gif
cloudflare-ipfs.com/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/Outlook%20Web%20App_files/
223 B
223 B
Image
General
Full URL
https://cloudflare-ipfs.com/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/Outlook%20Web%20App_files/lgnbotr.gif
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/ipfs/bafybeide6ptk4n4ztilsdczbynk5kr3mh4ou46ccfsmy33nby3fwyiqthq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:600d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3549d0fea3759ba1b08abe7aa14968dfdd891dfb7615579cfaf01c74c3477c2a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://cloudflare-ipfs.com/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/adminserver-index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Sun, 18 Feb 2024 20:14:36 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
EXPIRED
x-cf-ipfs-cache-status
miss
alt-svc
h3=":443"; ma=86400
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control
no-store
x-ipfs-path
/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/Outlook Web App_files/lgnbotr.gif
cf-ray
8578eff14f251c53-AKL
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
truncated
/
9 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2934659cf06ca3ba6b87e7b5b64cbfb54ac6d85ffd2dd3428eecc741e3eac732

Request headers

accept-language
en-NZ,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7acfa3d76cd77b3aba2cb0e53c167a116ed8d8c104bd4df1345a32854e658519

Request headers

accept-language
en-NZ,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/
290 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
be17924f6d0d8a6ece9dc5666983fe23af7d0e67eed9c64b279ec71a9b95143b

Request headers

accept-language
en-NZ,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/
232 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
301ab4a659a609d5ddc2155d403291d1de337b7adf437aa3db4d2e77560aadb4

Request headers

accept-language
en-NZ,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/
76 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7cc623ae411b358d670e9a9da00770e719e99facc6e49a94f07eca2a086aa88e

Request headers

accept-language
en-NZ,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/
99 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e7c8f9a8eeec5e657afb08a443c61ba96fa843168626ea5a68a0ca58d444bcb0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/gif
faviconV2
t1.gstatic.com/
Redirect Chain
  • https://www.google.com/s2/favicons?domain=2degrees.nz&sz=64
  • https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://2degrees.nz&size=64
1 KB
2 KB
Image
General
Full URL
https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://2degrees.nz&size=64
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/adminserver-index.html
Protocol
H2
Server
2404:6800:4006:809::2004 Sydney, Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dd67ed32488b6b8726b68c0c79773c693c8b69c7b26804812fbbbd5a89bbefce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://cloudflare-ipfs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Sun, 18 Feb 2024 19:47:34 GMT
x-content-type-options
nosniff
age
1623
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1245
x-xss-protection
0
last-modified
Fri, 06 Nov 2020 04:02:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="media-favicon"
report-to
{"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
content-location
https://www.2degrees.nz/themes/custom/nz2degrees_theme/favicon.ico
expires
Sun, 25 Feb 2024 19:47:34 GMT

Redirect headers

date
Sun, 18 Feb 2024 19:47:34 GMT
x-content-type-options
nosniff
server
sffe
age
1622
content-type
text/html; charset=UTF-8
location
https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://2degrees.nz&size=64
cache-control
public, max-age=1800
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
331
x-xss-protection
0
expires
Sun, 18 Feb 2024 20:17:34 GMT
2degrees.nz
image.thum.io/get/65490-1671030344805-37a36e07674665dbe1105f1044aab44d/width/1200/https://
18 KB
18 KB
Image
General
Full URL
https://image.thum.io/get/65490-1671030344805-37a36e07674665dbe1105f1044aab44d/width/1200/https://2degrees.nz
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/adminserver-index.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.225.153.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-153-79.compute-1.amazonaws.com
Software
/
Resource Hash
79f1ef553b12aa2798a2b550ad49cc85f9d0d007e1fa7cd292719c0f4a902ffd

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://cloudflare-ipfs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Sun, 18 Feb 2024 20:14:37 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/png
expires
Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| erp string| em number| tmp function| $ function| jQuery function| showEl function| hideEl number| g_fFcs

1 Cookies

Domain/Path Name / Value
cloudflare-ipfs.com/ Name: __cf_bm
Value: i2s0mjttlxsNlWJ8NwqlrEuAkI3.FMV1GuZsrA98BVw-1708287275-1.0-AbovuSX/LA7133qv1Ud7K3nkAHoFERLySQyKRjMVLfZcDtY6YnotoxCEBHVaswlJADgiQkMjVHjxLbDwhVLFseI=

5 Console Messages

Source Level URL
Text
javascript warning URL: https://cloudflare-ipfs.com/ipfs/bafybeide6ptk4n4ztilsdczbynk5kr3mh4ou46ccfsmy33nby3fwyiqthq(Line 11673)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://cloudflare-ipfs.com/ipfs/bafybeide6ptk4n4ztilsdczbynk5kr3mh4ou46ccfsmy33nby3fwyiqthq(Line 11673)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://cloudflare-ipfs.com/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/Outlook%20Web%20App_files/lgnbotr.gif
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://cloudflare-ipfs.com/ipfs/bafybeich6tajqp35k76an5eu4n4upbrbuonstlu7jekjfbypp7q3l6ox3y/Outlook%20Web%20App_files/lgnexlogo.gif
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://image.thum.io/get/65490-1671030344805-37a36e07674665dbe1105f1044aab44d/width/1200/https://2degrees.nz
Message:
Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains