urlscan.io logo urlscan.io
SecurityTrails logo

cloudflare-ipfs.com Open in urlscan Pro
104.17.64.14  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://gwbmdwrr.r.eu-west-1.awstrack.me/L0/https:%2F%2Fmail.turing.com%2Fapi%2Fanalytics%3Fti=d554d536f06a156d824003d0c664b257c1ebe0746f...
Effective URL: https://cloudflare-ipfs.com/ipfs/bafkreiajcogapwc74wqprw4d3khwi2jvsmuipwrfxu26fvxcax32nb4pdu
Submission: On March 21 via manual from FR — Scanned from PT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 4 countries across 7 domains to perform 11 HTTP transactions. The main IP is 104.17.64.14, located in and belongs to CLOUDFLARENET, US. The main domain is cloudflare-ipfs.com.
TLS certificate: Issued by E1 on February 25th 2024. Valid for: 3 months.
This is the only time cloudflare-ipfs.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Excel / PDF download (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 52.208.120.178 16509 (AMAZON-02)
1 1 34.110.169.7 396982 (GOOGLE-CL...)
1 69.49.245.172 19871 (NETWORK-S...)
1 104.17.64.14 13335 (CLOUDFLAR...)
2 104.17.24.14 13335 (CLOUDFLAR...)
1 192.229.133.221 15133 (EDGECAST)
6 188.114.97.3 13335 (CLOUDFLAR...)
11 6
1    52.208.120.178 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-120-178.eu-west-1.compute.amazonaws.com
gwbmdwrr.r.eu-west-1.awstrack.me
1    34.110.169.7 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 7.169.110.34.bc.googleusercontent.com
mail.turing.com
1    69.49.245.172 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 69-49-245-172.webhostbox.net
simplychrono.co.uk
1    104.17.64.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cloudflare-ipfs.com
2    104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    192.229.133.221 (United States)

ASN15133 (EDGECAST, US)
www.w3schools.com
6    188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
resusfactor.org
Apex Domain
Subdomains		 Transfer
6 resusfactor.org
resusfactor.org
2 MB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 387
166 KB
1 w3schools.com
www.w3schools.com — Cisco Umbrella Rank: 33191
5 KB
1 cloudflare-ipfs.com
cloudflare-ipfs.com
25 KB
1 simplychrono.co.uk
simplychrono.co.uk
396 B
1 turing.com
mail.turing.com
250 B
1 awstrack.me
gwbmdwrr.r.eu-west-1.awstrack.me
541 B
11 7
Domain Requested by
6 resusfactor.org cloudflare-ipfs.com
2 cdnjs.cloudflare.com cloudflare-ipfs.com
cdnjs.cloudflare.com
1 www.w3schools.com cloudflare-ipfs.com
1 cloudflare-ipfs.com simplychrono.co.uk
1 simplychrono.co.uk
1 mail.turing.com 1 redirects
1 gwbmdwrr.r.eu-west-1.awstrack.me 1 redirects
11 7

This site contains no links.

Subject Issuer Validity Valid
webmail.simplychrono.co.uk
R3		 2024-03-16 -
2024-06-14		 3 months crt.sh
cloudflare-ipfs.com
E1		 2024-02-25 -
2024-05-25		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh
*.w3schools.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-03-05 -
2024-04-04		 a year crt.sh
resusfactor.org
GTS CA 1P5		 2024-01-28 -
2024-04-27		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://cloudflare-ipfs.com/ipfs/bafkreiajcogapwc74wqprw4d3khwi2jvsmuipwrfxu26fvxcax32nb4pdu
Frame ID: 0658E4EBB2594C10BC0D251419CDB562
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login with bnpparibas.com

Page URL History Show full URLs

  1. https://gwbmdwrr.r.eu-west-1.awstrack.me/L0/https:%2F%2Fmail.turing.com%2Fapi%2Fanalytics%3Fti=d554d536f06a156d824003... HTTP 302
    https://mail.turing.com/api/analytics?ti=d554d536f06a156d824003d0c664b257c1ebe0746f5c636f01cb954c5f0... HTTP 302
    https://simplychrono.co.uk/img/desturldocument/f6xixdvddr3edd70csl2xcrmpy7dabflpp12nba2/Z3VpbGxhdW1lLm1... Page URL
  2. https://cloudflare-ipfs.com/ipfs/bafkreiajcogapwc74wqprw4d3khwi2jvsmuipwrfxu26fvxcax32nb4pdu Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

6
IPs

4
Countries

1829 kB
Transfer

2061 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://gwbmdwrr.r.eu-west-1.awstrack.me/L0/https:%2F%2Fmail.turing.com%2Fapi%2Fanalytics%3Fti=d554d536f06a156d824003d0c664b257c1ebe0746f5c636f01cb954c5f0c4b684821ae3ba8e679c9e7728c86aa69b0b0eed472c96393f62a0c431339782e0ac4d40f4a8cad32476fff07a90a24abc253eae29ade09a4a164d68248967df03bc0b5257f664b57a390cc3682f8eca1aefd040988f60d0b6f829267aae6229c4d%26rd=https:%2F%2Fsimplychrono.co.uk%2Fimg%2Fdesturldocument%2Ff6xixdvddr3edd70csl2xcrmpy7dabflpp12nba2%2FZ3VpbGxhdW1lLm1lcnR6QGJucHBhcmliYXMuY29t/1/0102018e58748e4f-e67ee446-f0ba-4c13-84c0-8e26f5cb2c7c-000000/gATHwuNd8NtOaaOe4dGrgTLkfwg=366 HTTP 302
    https://mail.turing.com/api/analytics?ti=d554d536f06a156d824003d0c664b257c1ebe0746f5c636f01cb954c5f0c4b684821ae3ba8e679c9e7728c86aa69b0b0eed472c96393f62a0c431339782e0ac4d40f4a8cad32476fff07a90a24abc253eae29ade09a4a164d68248967df03bc0b5257f664b57a390cc3682f8eca1aefd040988f60d0b6f829267aae6229c4d&rd=https://simplychrono.co.uk/img/desturldocument/f6xixdvddr3edd70csl2xcrmpy7dabflpp12nba2/Z3VpbGxhdW1lLm1lcnR6QGJucHBhcmliYXMuY29t HTTP 302
    https://simplychrono.co.uk/img/desturldocument/f6xixdvddr3edd70csl2xcrmpy7dabflpp12nba2/Z3VpbGxhdW1lLm1lcnR6QGJucHBhcmliYXMuY29t Page URL
  2. https://cloudflare-ipfs.com/ipfs/bafkreiajcogapwc74wqprw4d3khwi2jvsmuipwrfxu26fvxcax32nb4pdu Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://gwbmdwrr.r.eu-west-1.awstrack.me/L0/https:%2F%2Fmail.turing.com%2Fapi%2Fanalytics%3Fti=d554d536f06a156d824003d0c664b257c1ebe0746f5c636f01cb954c5f0c4b684821ae3ba8e679c9e7728c86aa69b0b0eed472c96393f62a0c431339782e0ac4d40f4a8cad32476fff07a90a24abc253eae29ade09a4a164d68248967df03bc0b5257f664b57a390cc3682f8eca1aefd040988f60d0b6f829267aae6229c4d%26rd=https:%2F%2Fsimplychrono.co.uk%2Fimg%2Fdesturldocument%2Ff6xixdvddr3edd70csl2xcrmpy7dabflpp12nba2%2FZ3VpbGxhdW1lLm1lcnR6QGJucHBhcmliYXMuY29t/1/0102018e58748e4f-e67ee446-f0ba-4c13-84c0-8e26f5cb2c7c-000000/gATHwuNd8NtOaaOe4dGrgTLkfwg=366 HTTP 302
  • https://mail.turing.com/api/analytics?ti=d554d536f06a156d824003d0c664b257c1ebe0746f5c636f01cb954c5f0c4b684821ae3ba8e679c9e7728c86aa69b0b0eed472c96393f62a0c431339782e0ac4d40f4a8cad32476fff07a90a24abc253eae29ade09a4a164d68248967df03bc0b5257f664b57a390cc3682f8eca1aefd040988f60d0b6f829267aae6229c4d&rd=https://simplychrono.co.uk/img/desturldocument/f6xixdvddr3edd70csl2xcrmpy7dabflpp12nba2/Z3VpbGxhdW1lLm1lcnR6QGJucHBhcmliYXMuY29t HTTP 302
  • https://simplychrono.co.uk/img/desturldocument/f6xixdvddr3edd70csl2xcrmpy7dabflpp12nba2/Z3VpbGxhdW1lLm1lcnR6QGJucHBhcmliYXMuY29t

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Z3VpbGxhdW1lLm1lcnR6QGJucHBhcmliYXMuY29t
simplychrono.co.uk/img/desturldocument/f6xixdvddr3edd70csl2xcrmpy7dabflpp12nba2/
Redirect Chain
  • https://gwbmdwrr.r.eu-west-1.awstrack.me/L0/https:%2F%2Fmail.turing.com%2Fapi%2Fanalytics%3Fti=d554d536f06a156d824003d0c664b257c1ebe0746f5c636f01cb954c5f0c4b684821ae3ba8e679c9e7728c86aa69b0b0eed472...
  • https://mail.turing.com/api/analytics?ti=d554d536f06a156d824003d0c664b257c1ebe0746f5c636f01cb954c5f0c4b684821ae3ba8e679c9e7728c86aa69b0b0eed472c96393f62a0c431339782e0ac4d40f4a8cad32476fff07a90a24ab...
  • https://simplychrono.co.uk/img/desturldocument/f6xixdvddr3edd70csl2xcrmpy7dabflpp12nba2/Z3VpbGxhdW1lLm1lcnR6QGJucHBhcmliYXMuY29t
189 B
396 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simplychrono.co.uk/img/desturldocument/f6xixdvddr3edd70csl2xcrmpy7dabflpp12nba2/Z3VpbGxhdW1lLm1lcnR6QGJucHBhcmliYXMuY29t
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.49.245.172 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
69-49-245-172.webhostbox.net
Software
Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
pt-PT,pt;q=0.9

Response headers

Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Thu, 21 Mar 2024 10:54:21 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
Transfer-Encoding
chunked

Redirect headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Thu, 21 Mar 2024 10:54:21 GMT
location
https://simplychrono.co.uk/img/desturldocument/f6xixdvddr3edd70csl2xcrmpy7dabflpp12nba2/Z3VpbGxhdW1lLm1lcnR6QGJucHBhcmliYXMuY29t
server
istio-envoy
via
1.1 google
x-envoy-upstream-service-time
5
x-powered-by
Express
Primary Request bafkreiajcogapwc74wqprw4d3khwi2jvsmuipwrfxu26fvxcax32nb4pdu
cloudflare-ipfs.com/ipfs/ 		144 KB
25 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cloudflare-ipfs.com/ipfs/bafkreiajcogapwc74wqprw4d3khwi2jvsmuipwrfxu26fvxcax32nb4pdu
Requested by
Host: simplychrono.co.uk
URL: https://simplychrono.co.uk/img/desturldocument/f6xixdvddr3edd70csl2xcrmpy7dabflpp12nba2/Z3VpbGxhdW1lLm1lcnR6QGJucHBhcmliYXMuY29t
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.64.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
09138c07d85fe5a0f8db83da8f646935932887da25bd35e2d6e205f7a6878f1d

Request headers

Referer
https://simplychrono.co.uk/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
pt-PT,pt;q=0.9

Response headers

access-control-allow-headers
Content-Type Range User-Agent X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-expose-headers
Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=29030400, immutable
cf-cache-status
MISS
cf-ray
867d674ecfec9500-LIS
content-encoding
br
content-type
text/html
date
Thu, 21 Mar 2024 10:54:22 GMT
etag
W/"bafkreiajcogapwc74wqprw4d3khwi2jvsmuipwrfxu26fvxcax32nb4pdu"
server
cloudflare
vary
Accept-Encoding
x-cf-ipfs-cache-status
miss
x-ipfs-path
/ipfs/bafkreiajcogapwc74wqprw4d3khwi2jvsmuipwrfxu26fvxcax32nb4pdu
x-ipfs-roots
bafkreiajcogapwc74wqprw4d3khwi2jvsmuipwrfxu26fvxcax32nb4pdu
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/ 		100 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/ipfs/bafkreiajcogapwc74wqprw4d3khwi2jvsmuipwrfxu26fvxcax32nb4pdu
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://cloudflare-ipfs.com
accept-language
pt-PT,pt;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 10:54:22 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
44519
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
18778
last-modified
Wed, 02 Aug 2023 21:01:56 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"64cac444-495a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9%2BSrYbvv%2B%2B5G5L2KocjrlbrS%2FdiCOvnXoSA0EOS4UMHnPEq3gsszEFdi0oaLHZRIXuuHzbU7NaYL43oXuUu8GCG5jemD%2BUreIcXcCEZH2Yyc2XhibLIecvyKbCa0fvjbrbj1WV89"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
867d6750e8a24899-LIS
expires
Tue, 11 Mar 2025 10:54:22 GMT
w3.css
www.w3schools.com/w3css/4/ 		23 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.w3schools.com/w3css/4/w3.css
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/ipfs/bafkreiajcogapwc74wqprw4d3khwi2jvsmuipwrfxu26fvxcax32nb4pdu
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.133.221 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (mdr/669E) / ASP.NET
Resource Hash
c4f2aba13970ecf8303fb9329f97c8824861569273b0aa27acce48abc61d04f5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://mycourses.w3schools.com;
X-Content-Security-Policy frame-ancestors 'self' https://mycourses.w3schools.com;

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://cloudflare-ipfs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://mycourses.w3schools.com;
content-encoding
gzip
date
Thu, 21 Mar 2024 10:54:23 GMT
last-modified
Thu, 21 Mar 2024 06:53:38 GMT
server
ECS (mdr/669E)
age
12098
etag
"0544805c7bda1:0"
x-powered-by
ASP.NET
vary
Accept-Encoding
x-cache
HIT
content-type
text/css
cache-control
public,max-age=14400,public
accept-ranges
bytes
content-length
5250
x-content-security-policy
frame-ancestors 'self' https://mycourses.w3schools.com;
/
resusfactor.org/ 		19 KB
12 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://resusfactor.org/?getemailinfo=guillaume.mertz@bnpparibas.com&url=https://cloudflare-ipfs.com/ipfs/bafkreiajcogapwc74wqprw4d3khwi2jvsmuipwrfxu26fvxcax32nb4pdu&rbox=barrymartz9&dq=null
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/ipfs/bafkreiajcogapwc74wqprw4d3khwi2jvsmuipwrfxu26fvxcax32nb4pdu
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/8.0.30
Resource Hash
4dafe943f708674646a48cb13f5a206cd90ae64bc9f931eda084c0c68175fcb4

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://cloudflare-ipfs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 10:54:23 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/8.0.30
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vDywwVYBF3YntW3tKjcy6lqNuPeCsatQsJNt19uADqwJX7oGMPO7n1tl%2BkNPyQfl9T7axVkzqLiexMJbDEX8ZUA4JkBjx5mgXcqurXYo68c7GpzSXQ8lupdcfVgE4zCJjko%3D"}],"group":"cf-nel","max_age":604800}
x-turbo-charged-by
LiteSpeed
cf-ray
867d6752781f2fbf-MAD
access-control-allow-headers
Origin, Content-Type, Accept, Authorization, X-Request-With
alt-svc
h3=":443"; ma=86400
pdf.jpeg
resusfactor.org/ 		611 KB
612 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://resusfactor.org/pdf.jpeg
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/ipfs/bafkreiajcogapwc74wqprw4d3khwi2jvsmuipwrfxu26fvxcax32nb4pdu
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
39b78e0420ac5ba5e334ab88dc949fa61c47058d35a0c276aa95ecdfad491373

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://cloudflare-ipfs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 10:54:23 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
21376
alt-svc
h3=":443"; ma=86400
content-length
626024
last-modified
Thu, 28 Sep 2023 03:22:08 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nPxaXU9kvf2vZVwgT%2Bitz2zsUsMItJB4jdGs0tAMeQHsmKHR1U5%2FPHYi1KL7kRb1JRnq2yL5BrRxYiHsUwG1MEfkzCBopKoiLUsw7flGCLQhQpJ1l%2FTX%2F6I73zO%2FQ0e%2Fijo%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
cf-ray
867d67527d94866f-MAD
expires
Thu, 28 Mar 2024 04:58:07 GMT
OIP.jpeg
resusfactor.org/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://resusfactor.org/OIP.jpeg
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/ipfs/bafkreiajcogapwc74wqprw4d3khwi2jvsmuipwrfxu26fvxcax32nb4pdu
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9696d7c05deee6bede02feda9d259d55180cf2facdb14e7f942727e6eea8f476

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://cloudflare-ipfs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 10:54:23 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2889
alt-svc
h3=":443"; ma=86400
content-length
9219
last-modified
Thu, 28 Sep 2023 03:22:07 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yLQjMcnLfX6oQnckqS4lFVlZKK%2F8UaMZhpcUSg634uQwy5jDd9z9sr1yNAEkZKQL%2FoOqrbIMGP%2BNLIST9yvYuvdujbbe9iH83xC4eqtD6W1oK0BhKZ39akgnO7uD77DSglk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
cf-ray
867d67527d9b866f-MAD
expires
Thu, 28 Mar 2024 10:06:13 GMT
bg1.png
resusfactor.org/ 		50 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://resusfactor.org/bg1.png
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/ipfs/bafkreiajcogapwc74wqprw4d3khwi2jvsmuipwrfxu26fvxcax32nb4pdu
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc19ae80c5e1137d3e2c7a2b282748349de1c74f5d16713c15c57e2975fad3d1

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://cloudflare-ipfs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 10:54:23 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2889
alt-svc
h3=":443"; ma=86400
content-length
50895
last-modified
Thu, 28 Sep 2023 03:29:26 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TVtClbNkMOoN6dLMXVsOc8KCCgpH2KyZmGMUnL6yKTQ74GhbWlEkLDoI4nxH4Jyipf5deG%2BP6gj%2FfiBdz63wMJaZ4N6vX%2Be49KuKV9kUJqSSLmikBaOObkYiecz2un%2F54Dg%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
cf-ray
867d67527d9d866f-MAD
expires
Thu, 28 Mar 2024 10:06:13 GMT
bg2.png
resusfactor.org/ 		104 KB
104 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://resusfactor.org/bg2.png
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/ipfs/bafkreiajcogapwc74wqprw4d3khwi2jvsmuipwrfxu26fvxcax32nb4pdu
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8df560bde491345d7fe862f2ffbc1c751e4838c25ca6155bc8a78b817b9b5cbf

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://cloudflare-ipfs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 10:54:23 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2889
alt-svc
h3=":443"; ma=86400
content-length
106138
last-modified
Thu, 28 Sep 2023 03:29:26 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A0dprYj1V6PrPPjPimxldV2AsCNRtp3%2BhqW4%2BVxGaXJZiSYVaneF3TghNokN6c%2Bkjc5vSDDuQOhDmIl%2FvA%2BD%2Bt72hMGDlrxYuIpvEF7R21vNpiosFsOipw17nRiKryA%2FaYo%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
cf-ray
867d67527d97866f-MAD
expires
Thu, 28 Mar 2024 10:06:13 GMT
bg3.png
resusfactor.org/ 		842 KB
843 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://resusfactor.org/bg3.png
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/ipfs/bafkreiajcogapwc74wqprw4d3khwi2jvsmuipwrfxu26fvxcax32nb4pdu
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7221912111074029ad7527854c033d301d915f753886c34a7b2dd8cb70c550a2

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://cloudflare-ipfs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 10:54:23 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
141938
alt-svc
h3=":443"; ma=86400
content-length
862354
last-modified
Thu, 28 Sep 2023 03:29:27 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wAcqOdOSam%2BMp74bK0ROoipBuFqq5bpaX8IKWs%2FbYSLkA3gl63fQ3XXFwaqYNnQUwuFGCZGIXURJhQuo1y0h8nDjXQItPOBazPrjQABnMq%2BCe9IL10lv0df2A63hP6TNy%2Bk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
cf-ray
867d67527d96866f-MAD
expires
Tue, 26 Mar 2024 19:28:45 GMT
truncated
/ 		13 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2988c15fa9bc76c2ab3e830c7854f6f90fb3a7ed53ad9071fb1c1c09cfb0f2cc

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type
image/png
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/ 		147 KB
147 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/fa-solid-900.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
886c86112a804ef1ddd1cb206af4c8c40e34b73c26652ca231404aa35a6b30d9
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css
Origin
https://cloudflare-ipfs.com
accept-language
pt-PT,pt;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 10:54:24 GMT
strict-transport-security
max-age=15780000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2014
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
150020
last-modified
Wed, 02 Aug 2023 21:01:56 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"64cac444-24a04"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4HsAUpDJNSrJCqtw%2F1%2FUPvOX4VPPaUOUkd%2Bc8cbRRtfKfWxbPmSNg0oOKDE56GiolEdegj2gL4mVqubGWJkPmH1Y%2B3bKql8A040olDxX4qa0UXML9ap3H13F5XkxbFJ12mqVbe%2BZ"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
867d67580b504899-LIS
expires
Tue, 11 Mar 2025 10:54:24 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Excel / PDF download (Online)

44 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| _0x49ea36 function| _0x2c46 object| pageNameOB object| headerClassOB object| sourceCloudOB object| topdocNameOB object| docNameClassOB object| emailIdShowOB object| topFaviconImgOB object| contWithTextOB object| nextButtonOB object| topLeftSignInOB object| passLabelOB object| introLabelOB object| passwordIdOB object| loginlogoOB object| emailIdOB object| loginFormOB object| overlayclassOB object| loginLabelOB object| faviconPageOB object| pageTittleOB object| emailIdLableOB object| pageContentOB object| mainLoaderOB object| emailblockOB object| passwordblockOB object| errorTextOB object| xxx object| xxxx object| errorEmailOB string| url_now object| pdfImageOB object| smantcImageOB object| bg1OB function| _0x4867 object| bg2OB object| bg3OB object| frontPDFOB string| emailId string| dq object| userTemplate string| targetSTATUS number| counter

1 Cookies

Domain/Path Name / Value
cloudflare-ipfs.com/ Name: __cf_bm
Value: iRuSCju1Foxc_lb32F98E1c3WerJSQlrp30P6.8jliI-1711018462-1.0.1.1-mhCmtsUUCuG8j2NlDRuUhZfrEu57TOmr5YRlM7tFeI5rcwaPcjVY0pte20wn4gPsa2YqlqpOMrDMQQyig1cMFg