Submitted URL: https://d4fplv04.na1.hubspotlinks.com/Ctc/I9+113/d4FPLv04/VWGBV98hj0ZlW5-_PXG2SqvTPW3cF4jk4-3ZC6N3mxJ6p96_8_V7Wycr7CgQbBW4TT8V44d3yM0V...
Effective URL: https://fleek.ipfs.io/ipfs/bafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy/ow_enc.html
Submission: On May 03 via api from PT — Scanned from DE

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 4 HTTP transactions. The main IP is 2602:fea2:2::1, located in United States and belongs to PROTOCOL, US. The main domain is fleek.ipfs.io.
TLS certificate: Issued by R3 on March 27th 2023. Valid for: 3 months.
This is the only time fleek.ipfs.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook Web Access (Online)

Domain & IP information

IP Address AS Autonomous System
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
2 3 154.53.48.92 40021 (CONTABO)
2 2602:fea2:2::1 40680 (PROTOCOL)
4 4
Apex Domain
Subdomains
Transfer
3 abrafi.com.br
www.abrafi.com.br
3 KB
2 ipfs.io
fleek.ipfs.io
46 KB
2 hubspotlinks.com
d4fplv04.na1.hubspotlinks.com — Cisco Umbrella Rank: 541052
4 KB
4 3
Domain Requested by
3 www.abrafi.com.br 2 redirects d4fplv04.na1.hubspotlinks.com
2 fleek.ipfs.io fleek.ipfs.io
2 d4fplv04.na1.hubspotlinks.com 1 redirects
4 3

This site contains no links.

Subject Issuer Validity Valid
hubspotlinks.com
Cloudflare Inc ECC CA-3
2023-04-17 -
2024-04-16
a year crt.sh
*.i.ipfs.io
R3
2023-03-27 -
2023-06-25
3 months crt.sh

This page contains 1 frames:

Primary Page: https://fleek.ipfs.io/ipfs/bafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy/ow_enc.html
Frame ID: 074DD08B1D87669EE1C095F05216496C
Requests: 9 HTTP requests in this frame

Screenshot

Page Title

Outlook

Page URL History Show full URLs

  1. https://d4fplv04.na1.hubspotlinks.com/Ctc/I9+113/d4FPLv04/VWGBV98hj0ZlW5-_PXG2SqvTPW3cF4jk4-3ZC6N3mxJ6p96_8_V7Wycr... Page URL
  2. https://d4fplv04.na1.hubspotlinks.com/events/public/v1/encoded/track/tc/I9+113/d4FPLv04/VWGBV98hj0ZlW5-_PXG2SqvTPW... HTTP 307
    http://www.abrafi.com.br/banner/redirect.php?bid=124&banner_hash=196ec07deb17039611fe77f13d3885403e15... Page URL
  3. http://www.abrafi.com.br/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=13731697 HTTP 302
    http://www.abrafi.com.br/banner/redirect.php?bid=124&banner_hash=196ec07deb17039611fe77f13d3885403e15... HTTP 302
    https://fleek.ipfs.io/ipfs/bafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy/ow_enc.html Page URL

Page Statistics

4
Requests

75 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

50 kB
Transfer

276 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://d4fplv04.na1.hubspotlinks.com/Ctc/I9+113/d4FPLv04/VWGBV98hj0ZlW5-_PXG2SqvTPW3cF4jk4-3ZC6N3mxJ6p96_8_V7Wycr7CgQbBW4TT8V44d3yM0Vlq-w328RkWjW7nfpR64sFZL7W5X8BqQ17yZLrW1VvmLr4FPT3mW3yhcnw1LhJG7N8xC2KBfhDTZVs-jzt5wnJx4W6fYxzd5t9sTFVCtGr35tSbfzW2xvlBh84GkGzW1z9JFq2Qz00NW72V9Ly3pCPZ8W7HmHL75xb-Q0W80bcx46-b_HRW3Fvt-c1Hkz-HW4ywRld309np5W2kvh009b1W_MVxpRhc7X8vbRW6xVGT08Vt7QSW8-sHjb97CP0DW79cV5Z74QHzzW4fYCzz7h9BRpW3mkyhP65-gfZW72_2fP3g1sPLW1X8x-T4wxMWwW7cm6Sh9kb_rBW951hNj33_tKnV8VV3_92X7SzVdBrT88N-dSKW7PZzh_7PZX4ZW3ld5nB7yK4GMVHH0Yz7fkVbdW2mLPfG6f6JcZW99vHGl59NpRrW1r7yg363mjgLW2pFLDm3FM6wfW9g53P53xQl2_W5h97x57LKYKxW2FfMsf3r58P-Vx3Jxw4KbRhJW6RTSrq718-8ZW6tJJwC3VCDtkW2dtD768nWjSMW1D3zKp6LWD2bW1S4Mqy3S0t4gW6HLcN34HLLsLW4bfb7b1C312DW4bcpm43qHvJ-W5pwZFt57c9GbW7_wKMH2hkRpqW1bcXqv5fPj0nW64GSfy67j_4bW6hX1Sl7TPpCKW99TH6G2G7h5yW2LH8jq4zdW3fW4n61TH1RQZmvW7Bk4Zw22W8JCW5ccNHL8Bd2YqW2cLsmb4K2cR1W3zjJGk747tTBW2tvCxP8BvDqbVLSCqM5gxgrbVrNm0q7zQRk0N6s6hs2hdrvMW6Sv7Mk63nSSMW18J86N84hL9XN2x58M6BMspLW19k1kJ8_rC3RVdRjQc1s6GzP31G61 Page URL
  2. https://d4fplv04.na1.hubspotlinks.com/events/public/v1/encoded/track/tc/I9+113/d4FPLv04/VWGBV98hj0ZlW5-_PXG2SqvTPW3cF4jk4-3ZC6N3mxJ6p96_8_V7Wycr7CgQbBW4TT8V44d3yM0Vlq-w328RkWjW7nfpR64sFZL7W5X8BqQ17yZLrW1VvmLr4FPT3mW3yhcnw1LhJG7N8xC2KBfhDTZVs-jzt5wnJx4W6fYxzd5t9sTFVCtGr35tSbfzW2xvlBh84GkGzW1z9JFq2Qz00NW72V9Ly3pCPZ8W7HmHL75xb-Q0W80bcx46-b_HRW3Fvt-c1Hkz-HW4ywRld309np5W2kvh009b1W_MVxpRhc7X8vbRW6xVGT08Vt7QSW8-sHjb97CP0DW79cV5Z74QHzzW4fYCzz7h9BRpW3mkyhP65-gfZW72_2fP3g1sPLW1X8x-T4wxMWwW7cm6Sh9kb_rBW951hNj33_tKnV8VV3_92X7SzVdBrT88N-dSKW7PZzh_7PZX4ZW3ld5nB7yK4GMVHH0Yz7fkVbdW2mLPfG6f6JcZW99vHGl59NpRrW1r7yg363mjgLW2pFLDm3FM6wfW9g53P53xQl2_W5h97x57LKYKxW2FfMsf3r58P-Vx3Jxw4KbRhJW6RTSrq718-8ZW6tJJwC3VCDtkW2dtD768nWjSMW1D3zKp6LWD2bW1S4Mqy3S0t4gW6HLcN34HLLsLW4bfb7b1C312DW4bcpm43qHvJ-W5pwZFt57c9GbW7_wKMH2hkRpqW1bcXqv5fPj0nW64GSfy67j_4bW6hX1Sl7TPpCKW99TH6G2G7h5yW2LH8jq4zdW3fW4n61TH1RQZmvW7Bk4Zw22W8JCW5ccNHL8Bd2YqW2cLsmb4K2cR1W3zjJGk747tTBW2tvCxP8BvDqbVLSCqM5gxgrbVrNm0q7zQRk0N6s6hs2hdrvMW6Sv7Mk63nSSMW18J86N84hL9XN2x58M6BMspLW19k1kJ8_rC3RVdRjQc1s6GzP31G61?_ud=6c38155d-a6b7-4917-9ad6-2b8ff8799ef2&_jss=1&_fl=8&_pl=3&_hc=4&_lg=en-US,en&_plt=Win32&_scr=1600,1200 HTTP 307
    http://www.abrafi.com.br/banner/redirect.php?bid=124&banner_hash=196ec07deb17039611fe77f13d3885403e151cd1ba6ad9b7689bedacdfac29ef&jk=U3N2YxM2QzODg1X9ANSJA&url=https%3A%2F%2Ffleek.ipfs.io%2Fipfs%2Fbafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy%2Fow_enc.html&condition=redirect&verifybannerhash=MTk2ZWwN2RlYjE3MDM5NjExZmU3N2YxM2QzODg1NDAzZTE1MWNkMWJhNmFkOWI3Njg5YmVkYWNkZmFjMjllZiAgLQo%3D&utm_medium=email&_hsmi=256177445&_hsenc=p2ANqtz--QDW4Oh14GErB_SmPsp46SAyLm8rysGD9937Y23__-KJqAwijqZhW6d6MqJxfHSpQwDlzfGsZszVmGU55A_XpTLv9u6s5Mc7I2lsSNWAUq6E9RH-A&utm_source=hs_email Page URL
  3. http://www.abrafi.com.br/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=13731697 HTTP 302
    http://www.abrafi.com.br/banner/redirect.php?bid=124&banner_hash=196ec07deb17039611fe77f13d3885403e151cd1ba6ad9b7689bedacdfac29ef&jk=U3N2YxM2QzODg1X9ANSJA&url=https%3A%2F%2Ffleek.ipfs.io%2Fipfs%2Fbafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy%2Fow_enc.html&condition=redirect&verifybannerhash=MTk2ZWwN2RlYjE3MDM5NjExZmU3N2YxM2QzODg1NDAzZTE1MWNkMWJhNmFkOWI3Njg5YmVkYWNkZmFjMjllZiAgLQo%3D&utm_medium=email&_hsmi=256177445&_hsenc=p2ANqtz--QDW4Oh14GErB_SmPsp46SAyLm8rysGD9937Y23__-KJqAwijqZhW6d6MqJxfHSpQwDlzfGsZszVmGU55A_XpTLv9u6s5Mc7I2lsSNWAUq6E9RH-A&utm_source=hs_email HTTP 302
    https://fleek.ipfs.io/ipfs/bafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy/ow_enc.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://d4fplv04.na1.hubspotlinks.com/events/public/v1/encoded/track/tc/I9+113/d4FPLv04/VWGBV98hj0ZlW5-_PXG2SqvTPW3cF4jk4-3ZC6N3mxJ6p96_8_V7Wycr7CgQbBW4TT8V44d3yM0Vlq-w328RkWjW7nfpR64sFZL7W5X8BqQ17yZLrW1VvmLr4FPT3mW3yhcnw1LhJG7N8xC2KBfhDTZVs-jzt5wnJx4W6fYxzd5t9sTFVCtGr35tSbfzW2xvlBh84GkGzW1z9JFq2Qz00NW72V9Ly3pCPZ8W7HmHL75xb-Q0W80bcx46-b_HRW3Fvt-c1Hkz-HW4ywRld309np5W2kvh009b1W_MVxpRhc7X8vbRW6xVGT08Vt7QSW8-sHjb97CP0DW79cV5Z74QHzzW4fYCzz7h9BRpW3mkyhP65-gfZW72_2fP3g1sPLW1X8x-T4wxMWwW7cm6Sh9kb_rBW951hNj33_tKnV8VV3_92X7SzVdBrT88N-dSKW7PZzh_7PZX4ZW3ld5nB7yK4GMVHH0Yz7fkVbdW2mLPfG6f6JcZW99vHGl59NpRrW1r7yg363mjgLW2pFLDm3FM6wfW9g53P53xQl2_W5h97x57LKYKxW2FfMsf3r58P-Vx3Jxw4KbRhJW6RTSrq718-8ZW6tJJwC3VCDtkW2dtD768nWjSMW1D3zKp6LWD2bW1S4Mqy3S0t4gW6HLcN34HLLsLW4bfb7b1C312DW4bcpm43qHvJ-W5pwZFt57c9GbW7_wKMH2hkRpqW1bcXqv5fPj0nW64GSfy67j_4bW6hX1Sl7TPpCKW99TH6G2G7h5yW2LH8jq4zdW3fW4n61TH1RQZmvW7Bk4Zw22W8JCW5ccNHL8Bd2YqW2cLsmb4K2cR1W3zjJGk747tTBW2tvCxP8BvDqbVLSCqM5gxgrbVrNm0q7zQRk0N6s6hs2hdrvMW6Sv7Mk63nSSMW18J86N84hL9XN2x58M6BMspLW19k1kJ8_rC3RVdRjQc1s6GzP31G61?_ud=6c38155d-a6b7-4917-9ad6-2b8ff8799ef2&_jss=1&_fl=8&_pl=3&_hc=4&_lg=en-US,en&_plt=Win32&_scr=1600,1200 HTTP 307
  • http://www.abrafi.com.br/banner/redirect.php?bid=124&banner_hash=196ec07deb17039611fe77f13d3885403e151cd1ba6ad9b7689bedacdfac29ef&jk=U3N2YxM2QzODg1X9ANSJA&url=https%3A%2F%2Ffleek.ipfs.io%2Fipfs%2Fbafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy%2Fow_enc.html&condition=redirect&verifybannerhash=MTk2ZWwN2RlYjE3MDM5NjExZmU3N2YxM2QzODg1NDAzZTE1MWNkMWJhNmFkOWI3Njg5YmVkYWNkZmFjMjllZiAgLQo%3D&utm_medium=email&_hsmi=256177445&_hsenc=p2ANqtz--QDW4Oh14GErB_SmPsp46SAyLm8rysGD9937Y23__-KJqAwijqZhW6d6MqJxfHSpQwDlzfGsZszVmGU55A_XpTLv9u6s5Mc7I2lsSNWAUq6E9RH-A&utm_source=hs_email

4 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
VWGBV98hj0ZlW5-_PXG2SqvTPW3cF4jk4-3ZC6N3mxJ6p96_8_V7Wycr7CgQbBW4TT8V44d3yM0Vlq-w328RkWjW7nfpR64sFZL7W5X8BqQ17yZLrW1VvmLr4FPT3mW3yhcnw1LhJG7N8xC2KBfhDTZVs-jzt5wnJx4W6fYxzd5t9sTFVCtGr35tSbfzW2xvlBh84...
d4fplv04.na1.hubspotlinks.com/Ctc/I9+113/d4FPLv04/
9 KB
3 KB
Document
General
Full URL
https://d4fplv04.na1.hubspotlinks.com/Ctc/I9+113/d4FPLv04/VWGBV98hj0ZlW5-_PXG2SqvTPW3cF4jk4-3ZC6N3mxJ6p96_8_V7Wycr7CgQbBW4TT8V44d3yM0Vlq-w328RkWjW7nfpR64sFZL7W5X8BqQ17yZLrW1VvmLr4FPT3mW3yhcnw1LhJG7N8xC2KBfhDTZVs-jzt5wnJx4W6fYxzd5t9sTFVCtGr35tSbfzW2xvlBh84GkGzW1z9JFq2Qz00NW72V9Ly3pCPZ8W7HmHL75xb-Q0W80bcx46-b_HRW3Fvt-c1Hkz-HW4ywRld309np5W2kvh009b1W_MVxpRhc7X8vbRW6xVGT08Vt7QSW8-sHjb97CP0DW79cV5Z74QHzzW4fYCzz7h9BRpW3mkyhP65-gfZW72_2fP3g1sPLW1X8x-T4wxMWwW7cm6Sh9kb_rBW951hNj33_tKnV8VV3_92X7SzVdBrT88N-dSKW7PZzh_7PZX4ZW3ld5nB7yK4GMVHH0Yz7fkVbdW2mLPfG6f6JcZW99vHGl59NpRrW1r7yg363mjgLW2pFLDm3FM6wfW9g53P53xQl2_W5h97x57LKYKxW2FfMsf3r58P-Vx3Jxw4KbRhJW6RTSrq718-8ZW6tJJwC3VCDtkW2dtD768nWjSMW1D3zKp6LWD2bW1S4Mqy3S0t4gW6HLcN34HLLsLW4bfb7b1C312DW4bcpm43qHvJ-W5pwZFt57c9GbW7_wKMH2hkRpqW1bcXqv5fPj0nW64GSfy67j_4bW6hX1Sl7TPpCKW99TH6G2G7h5yW2LH8jq4zdW3fW4n61TH1RQZmvW7Bk4Zw22W8JCW5ccNHL8Bd2YqW2cLsmb4K2cR1W3zjJGk747tTBW2tvCxP8BvDqbVLSCqM5gxgrbVrNm0q7zQRk0N6s6hs2hdrvMW6Sv7Mk63nSSMW18J86N84hL9XN2x58M6BMspLW19k1kJ8_rC3RVdRjQc1s6GzP31G61
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:cb1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
false
cf-cache-status
DYNAMIC
cf-ray
7c177c975a6818de-FRA
content-encoding
br
content-type
text/html;charset=utf-8
date
Wed, 03 May 2023 09:30:41 GMT
referrer-policy
no-referrer
server
cloudflare
vary
origin
x-envoy-upstream-service-time
7
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/event-tracking-td/envoy-proxy-bfbdbbbf5-ncwzl
x-evy-trace-virtual-host
all
x-hubspot-correlation-id
51840874-74e7-45d4-aaee-74627005ffb7
x-request-id
37ec60cb-2a47-4044-8123-70d8aab0cb6e
x-robots-tag
none
redirect.php
www.abrafi.com.br/banner/
Redirect Chain
  • https://d4fplv04.na1.hubspotlinks.com/events/public/v1/encoded/track/tc/I9+113/d4FPLv04/VWGBV98hj0ZlW5-_PXG2SqvTPW3cF4jk4-3ZC6N3mxJ6p96_8_V7Wycr7CgQbBW4TT8V44d3yM0Vlq-w328RkWjW7nfpR64sFZL7W5X8BqQ17...
  • http://www.abrafi.com.br/banner/redirect.php?bid=124&banner_hash=196ec07deb17039611fe77f13d3885403e151cd1ba6ad9b7689bedacdfac29ef&jk=U3N2YxM2QzODg1X9ANSJA&url=https%3A%2F%2Ffleek.ipfs.io%2Fipfs%2Fb...
1 KB
2 KB
Document
General
Full URL
http://www.abrafi.com.br/banner/redirect.php?bid=124&banner_hash=196ec07deb17039611fe77f13d3885403e151cd1ba6ad9b7689bedacdfac29ef&jk=U3N2YxM2QzODg1X9ANSJA&url=https%3A%2F%2Ffleek.ipfs.io%2Fipfs%2Fbafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy%2Fow_enc.html&condition=redirect&verifybannerhash=MTk2ZWwN2RlYjE3MDM5NjExZmU3N2YxM2QzODg1NDAzZTE1MWNkMWJhNmFkOWI3Njg5YmVkYWNkZmFjMjllZiAgLQo%3D&utm_medium=email&_hsmi=256177445&_hsenc=p2ANqtz--QDW4Oh14GErB_SmPsp46SAyLm8rysGD9937Y23__-KJqAwijqZhW6d6MqJxfHSpQwDlzfGsZszVmGU55A_XpTLv9u6s5Mc7I2lsSNWAUq6E9RH-A&utm_source=hs_email
Requested by
Host: d4fplv04.na1.hubspotlinks.com
URL: https://d4fplv04.na1.hubspotlinks.com/Ctc/I9+113/d4FPLv04/VWGBV98hj0ZlW5-_PXG2SqvTPW3cF4jk4-3ZC6N3mxJ6p96_8_V7Wycr7CgQbBW4TT8V44d3yM0Vlq-w328RkWjW7nfpR64sFZL7W5X8BqQ17yZLrW1VvmLr4FPT3mW3yhcnw1LhJG7N8xC2KBfhDTZVs-jzt5wnJx4W6fYxzd5t9sTFVCtGr35tSbfzW2xvlBh84GkGzW1z9JFq2Qz00NW72V9Ly3pCPZ8W7HmHL75xb-Q0W80bcx46-b_HRW3Fvt-c1Hkz-HW4ywRld309np5W2kvh009b1W_MVxpRhc7X8vbRW6xVGT08Vt7QSW8-sHjb97CP0DW79cV5Z74QHzzW4fYCzz7h9BRpW3mkyhP65-gfZW72_2fP3g1sPLW1X8x-T4wxMWwW7cm6Sh9kb_rBW951hNj33_tKnV8VV3_92X7SzVdBrT88N-dSKW7PZzh_7PZX4ZW3ld5nB7yK4GMVHH0Yz7fkVbdW2mLPfG6f6JcZW99vHGl59NpRrW1r7yg363mjgLW2pFLDm3FM6wfW9g53P53xQl2_W5h97x57LKYKxW2FfMsf3r58P-Vx3Jxw4KbRhJW6RTSrq718-8ZW6tJJwC3VCDtkW2dtD768nWjSMW1D3zKp6LWD2bW1S4Mqy3S0t4gW6HLcN34HLLsLW4bfb7b1C312DW4bcpm43qHvJ-W5pwZFt57c9GbW7_wKMH2hkRpqW1bcXqv5fPj0nW64GSfy67j_4bW6hX1Sl7TPpCKW99TH6G2G7h5yW2LH8jq4zdW3fW4n61TH1RQZmvW7Bk4Zw22W8JCW5ccNHL8Bd2YqW2cLsmb4K2cR1W3zjJGk747tTBW2tvCxP8BvDqbVLSCqM5gxgrbVrNm0q7zQRk0N6s6hs2hdrvMW6Sv7Mk63nSSMW18J86N84hL9XN2x58M6BMspLW19k1kJ8_rC3RVdRjQc1s6GzP31G61
Protocol
HTTP/1.1
Server
154.53.48.92 New York, United States, ASN40021 (CONTABO, US),
Reverse DNS
usds1.centohost.com
Software
imunify360-webshield/1.18 /
Resource Hash

Request headers

Referer
https://d4fplv04.na1.hubspotlinks.com/Ctc/I9+113/d4FPLv04/VWGBV98hj0ZlW5-_PXG2SqvTPW3cF4jk4-3ZC6N3mxJ6p96_8_V7Wycr7CgQbBW4TT8V44d3yM0Vlq-w328RkWjW7nfpR64sFZL7W5X8BqQ17yZLrW1VvmLr4FPT3mW3yhcnw1LhJG7N8xC2KBfhDTZVs-jzt5wnJx4W6fYxzd5t9sTFVCtGr35tSbfzW2xvlBh84GkGzW1z9JFq2Qz00NW72V9Ly3pCPZ8W7HmHL75xb-Q0W80bcx46-b_HRW3Fvt-c1Hkz-HW4ywRld309np5W2kvh009b1W_MVxpRhc7X8vbRW6xVGT08Vt7QSW8-sHjb97CP0DW79cV5Z74QHzzW4fYCzz7h9BRpW3mkyhP65-gfZW72_2fP3g1sPLW1X8x-T4wxMWwW7cm6Sh9kb_rBW951hNj33_tKnV8VV3_92X7SzVdBrT88N-dSKW7PZzh_7PZX4ZW3ld5nB7yK4GMVHH0Yz7fkVbdW2mLPfG6f6JcZW99vHGl59NpRrW1r7yg363mjgLW2pFLDm3FM6wfW9g53P53xQl2_W5h97x57LKYKxW2FfMsf3r58P-Vx3Jxw4KbRhJW6RTSrq718-8ZW6tJJwC3VCDtkW2dtD768nWjSMW1D3zKp6LWD2bW1S4Mqy3S0t4gW6HLcN34HLLsLW4bfb7b1C312DW4bcpm43qHvJ-W5pwZFt57c9GbW7_wKMH2hkRpqW1bcXqv5fPj0nW64GSfy67j_4bW6hX1Sl7TPpCKW99TH6G2G7h5yW2LH8jq4zdW3fW4n61TH1RQZmvW7Bk4Zw22W8JCW5ccNHL8Bd2YqW2cLsmb4K2cR1W3zjJGk747tTBW2tvCxP8BvDqbVLSCqM5gxgrbVrNm0q7zQRk0N6s6hs2hdrvMW6Sv7Mk63nSSMW18J86N84hL9XN2x58M6BMspLW19k1kJ8_rC3RVdRjQc1s6GzP31G61
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Connection
close
Content-Type
text/html
Date
Wed, 03 May 2023 09:30:42 GMT
Last-Modified
Wednesday, 03-May-2023 09:30:42 GMT
Server
imunify360-webshield/1.18
Transfer-Encoding
chunked
cf-edge-cache
no-cache

Redirect headers

access-control-allow-credentials
false
cf-cache-status
DYNAMIC
cf-ray
7c177c9a0de918de-FRA
date
Wed, 03 May 2023 09:30:41 GMT
link
<http://www.abrafi.com.br/banner/redirect.php?bid=124&banner_hash=196ec07deb17039611fe77f13d3885403e151cd1ba6ad9b7689bedacdfac29ef&jk=U3N2YxM2QzODg1X9ANSJA&url=https%3A%2F%2Ffleek.ipfs.io%2Fipfs%2Fbafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy%2Fow_enc.html&condition=redirect&verifybannerhash=MTk2ZWwN2RlYjE3MDM5NjExZmU3N2YxM2QzODg1NDAzZTE1MWNkMWJhNmFkOWI3Njg5YmVkYWNkZmFjMjllZiAgLQo%3D&utm_medium=email&_hsmi=256177445&_hsenc=p2ANqtz--QDW4Oh14GErB_SmPsp46SAyLm8rysGD9937Y23__-KJqAwijqZhW6d6MqJxfHSpQwDlzfGsZszVmGU55A_XpTLv9u6s5Mc7I2lsSNWAUq6E9RH-A&utm_source=hs_email#ZmVybmFuZG8uc291c2FAZGl2dWx0ZWMucHQ=>; rel="canonical"
location
http://www.abrafi.com.br/banner/redirect.php?bid=124&banner_hash=196ec07deb17039611fe77f13d3885403e151cd1ba6ad9b7689bedacdfac29ef&jk=U3N2YxM2QzODg1X9ANSJA&url=https%3A%2F%2Ffleek.ipfs.io%2Fipfs%2Fbafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy%2Fow_enc.html&condition=redirect&verifybannerhash=MTk2ZWwN2RlYjE3MDM5NjExZmU3N2YxM2QzODg1NDAzZTE1MWNkMWJhNmFkOWI3Njg5YmVkYWNkZmFjMjllZiAgLQo%3D&utm_medium=email&_hsmi=256177445&_hsenc=p2ANqtz--QDW4Oh14GErB_SmPsp46SAyLm8rysGD9937Y23__-KJqAwijqZhW6d6MqJxfHSpQwDlzfGsZszVmGU55A_XpTLv9u6s5Mc7I2lsSNWAUq6E9RH-A&utm_source=hs_email#ZmVybmFuZG8uc291c2FAZGl2dWx0ZWMucHQ=
referrer-policy
no-referrer
server
cloudflare
vary
origin
x-envoy-upstream-service-time
23
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/event-tracking-td/envoy-proxy-bfbdbbbf5-m8fgl
x-evy-trace-virtual-host
all
x-hubspot-correlation-id
37dab802-f41d-4edb-99d6-e9c4cf6a8efc
x-request-id
f39e60d5-f94c-486b-ab04-2c75b3f4515e
x-robots-tag
none
Primary Request ow_enc.html
fleek.ipfs.io/ipfs/bafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy/
Redirect Chain
  • http://www.abrafi.com.br/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=13731697
  • http://www.abrafi.com.br/banner/redirect.php?bid=124&banner_hash=196ec07deb17039611fe77f13d3885403e151cd1ba6ad9b7689bedacdfac29ef&jk=U3N2YxM2QzODg1X9ANSJA&url=https%3A%2F%2Ffleek.ipfs.io%2Fipfs%2Fb...
  • https://fleek.ipfs.io/ipfs/bafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy/ow_enc.html
250 KB
46 KB
Document
General
Full URL
https://fleek.ipfs.io/ipfs/bafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy/ow_enc.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
openresty /
Resource Hash
2530c765391604b5ccc924a81133e6c90733e25c94f017c311d2ede7f8192a42
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
http://www.abrafi.com.br/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
access-control-allow-methods
GET GET, POST, OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Range, X-Chunked-Output, X-Stream-Output
cache-control
public, max-age=29030400, immutable
content-encoding
gzip
content-type
text/html
date
Wed, 03 May 2023 09:30:43 GMT
etag
W/"bafkreibfgddwkoiwas24zsjevaithzwja4z6exeu6al4geos5xt7qgjkii"
server
openresty
strict-transport-security
max-age=31536000; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
x-bfid
59267f7023c84fde63fc146fb1799737
x-ipfs-datasize
255756
x-ipfs-gateway-host
ipfs-bank16-fr2
x-ipfs-lb-pop
gateway-bank3-fr2
x-ipfs-path
/ipfs/bafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy/ow_enc.html
x-ipfs-pop
ipfs-bank16-fr2
x-ipfs-roots
bafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy,bafkreibfgddwkoiwas24zsjevaithzwja4z6exeu6al4geos5xt7qgjkii
x-proxy-cache
HIT

Redirect headers

Connection
close
Content-Type
text/html; charset=UTF-8
Date
Wed, 03 May 2023 09:30:42 GMT
Location
https://fleek.ipfs.io/ipfs/bafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy/ow_enc.html
Server
imunify360-webshield/1.18
Transfer-Encoding
chunked
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4de8fc175826d9f78fce9f9f2b71a63fe832fc7507e0394125c823b0909fa54a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
8 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a7c14ee84d81a536a4cd54e3a144f388f2174a4a5c409ae118ea49f0da6b4aa6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6710ee6e22d5e3e82f70554804806c37aac5789b110d944383ea393d93eb627a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type
image/png
segoeui-regular.ttf
fleek.ipfs.io/ipfs/bafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy/resources/
0
0
Font
General
Full URL
https://fleek.ipfs.io/ipfs/bafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy/resources/segoeui-regular.ttf
Requested by
Host: fleek.ipfs.io
URL: https://fleek.ipfs.io/ipfs/bafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy/ow_enc.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
openresty /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://fleek.ipfs.io/ipfs/bafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy/ow_enc.html
Origin
https://fleek.ipfs.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date
Wed, 03 May 2023 09:30:43 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
x-ipfs-pop
ipfs-bank2-fr2
server
openresty
x-ipfs-datasize
207
x-ipfs-lb-pop
gateway-bank3-fr2
x-bfid
8912a031d040f5edbc0c082f626cc16d
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Content-Range, X-Chunked-Output, X-Stream-Output
timing-allow-origin
*
access-control-allow-headers
X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
content-length
207

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook Web Access (Online)

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless string| data function| html_encoder string| result function| initLogon function| redir function| shw function| hd function| clkSecExp function| kdSecExp function| clkSec function| clkBsc function| checkSubmit function| clkLgn function| clkRtry function| clkReLgn function| gbid function| IsOwaPremiumBrowser function| hres function| LogoffMime function| addPerfMarker object| mainLogonDiv boolean| showPlaceholderText string| mainLogonDivClassName function| setPlaceholderText function| showPasswordClick number| count function| submitForm function| convertToBase64

1 Cookies

Domain/Path Name / Value
.www.abrafi.com.br/ Name: wschkid
Value: bca2d8a94e2cc9f79c7cf8bd79e38cf05180ff15.1683192642.1

1 Console Messages

Source Level URL
Text
network error URL: https://fleek.ipfs.io/ipfs/bafybeiddivoplm6jnzfyz527x5f3qb3vbbrgk4l2vljbp6ary3mmm4tioy/resources/segoeui-regular.ttf
Message:
Failed to load resource: the server responded with a status of 404 ()