bafkreifwfox7gdsxbul5ytug3x64sa3g65ica2vj6eiyqjjrdpxwj7hc5e.ipfs.dweb.link

Summary

This website contacted 3 IPs in 3 countries across 4 domains to perform 4 HTTP transactions. The main IP is 2602:fea2:2::1, located in United States and belongs to PROTOCOL, US. The main domain is bafkreifwfox7gdsxbul5ytug3x64sa3g65ica2vj6eiyqjjrdpxwj7hc5e.ipfs.dweb.link.
TLS certificate: Issued by R3 on June 11th 2023. Valid for: 3 months.

This is the only time bafkreifwfox7gdsxbul5ytug3x64sa3g65ica2vj6eiyqjjrdpxwj7hc5e.ipfs.dweb.link was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700::68... 2606:4700::6812:cddb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	77.238.109.84 77.238.109.84	43754 (ASIATECH) (ASIATECH)
2	2602:fea2:2::1 2602:fea2:2::1	40680 (PROTOCOL) (PROTOCOL)
1 2	195.252.110.134 195.252.110.134	6700 (BEOTEL-AS...) (BEOTEL-AS www.beotel.net)
4	3

1 2606:4700::6812:cddb (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

r.srvtrck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 77.238.109.84 (Iran, Islamic Republic Of)

ASN43754 (ASIATECH, IR)
PTR: whm.clickzone.it

clickchain.ir	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2602:fea2:2::1 (United States)

ASN40680 (PROTOCOL, US)

bafkreifwfox7gdsxbul5ytug3x64sa3g65ica2vj6eiyqjjrdpxwj7hc5e.ipfs.dweb.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
bafkreigjhdgsl3hyu7box3tj42dbalwx5oci2e442v6d7ozfds6gl4q7eu.ipfs.dweb.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 195.252.110.134 (Surcin, Serbia) 1 redirects

ASN6700 (BEOTEL-AS www.beotel.net, RS)
PTR: cpanel08.beotel.net

kayakcanoeadventure.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.kayakcanoeadventure.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	kayakcanoeadventure.com 1 redirects kayakcanoeadventure.com www.kayakcanoeadventure.com	545 B
2	dweb.link bafkreifwfox7gdsxbul5ytug3x64sa3g65ica2vj6eiyqjjrdpxwj7hc5e.ipfs.dweb.link bafkreigjhdgsl3hyu7box3tj42dbalwx5oci2e442v6d7ozfds6gl4q7eu.ipfs.dweb.link	2 KB
1	clickchain.ir clickchain.ir	354 B
1	srvtrck.com 1 redirects r.srvtrck.com — Cisco Umbrella Rank: 79325	287 B
4	4

	Domain	Requested by
1	www.kayakcanoeadventure.com	bafkreifwfox7gdsxbul5ytug3x64sa3g65ica2vj6eiyqjjrdpxwj7hc5e.ipfs.dweb.link
1	kayakcanoeadventure.com	1 redirects
1	bafkreigjhdgsl3hyu7box3tj42dbalwx5oci2e442v6d7ozfds6gl4q7eu.ipfs.dweb.link	bafkreifwfox7gdsxbul5ytug3x64sa3g65ica2vj6eiyqjjrdpxwj7hc5e.ipfs.dweb.link
1	bafkreifwfox7gdsxbul5ytug3x64sa3g65ica2vj6eiyqjjrdpxwj7hc5e.ipfs.dweb.link
1	clickchain.ir
1	r.srvtrck.com	1 redirects
4	6

This site contains no links.

Subject Issuer	Validity	Valid
clickchain.ir R3	`2023-06-30` - `2023-09-28`	3 months	crt.sh
dweb.link R3	`2023-06-11` - `2023-09-09`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://bafkreifwfox7gdsxbul5ytug3x64sa3g65ica2vj6eiyqjjrdpxwj7hc5e.ipfs.dweb.link/?filename=auth.html
Frame ID: 318FD337813F160320BAEB0D46C37894
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

4
Requests

75 %
HTTPS

50 %
IPv6

4
Domains

6
Subdomains

3
IPs

3
Countries

3 kB
Transfer

3 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://r.srvtrck.com/v1/redirect?yk_tag=337_47d_c3_3b6f&site_id=56e7d51be4b05d750682348a&api_key=abbc5236946676eae219a734c0a1c5e8&url=https%3A%2F%2Fclickchain.ir%2Fwp-include%2Fnew%2Fcss%2Fcrepzu%2F%2F%2F%2Fa3Jhc2ltaXJAb3JiaXRhbGNvbm5lY3QuY29t HTTP 302
https://clickchain.ir/wp-include/new/css/crepzu////a3Jhc2ltaXJAb3JiaXRhbGNvbm5lY3QuY29t

Request Chain 2

https://kayakcanoeadventure.com/wipcontent/host%5b20%5d.mod/admin/js/sc.php HTTP 301
https://www.kayakcanoeadventure.com/wipcontent/host%5b20%5d.mod/admin/js/sc.php

4 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

a3Jhc2ltaXJAb3JiaXRhbGNvbm5lY3QuY29t Show response
clickchain.ir/wp-include/new/css/crepzu////
Redirect Chain

https://r.srvtrck.com/v1/redirect?yk_tag=337_47d_c3_3b6f&site_id=56e7d51be4b05d750682348a&api_key=abbc5236946676eae219a734c0a1c5e8&url=https%3A%2F%2Fclickchain.ir%2Fwp-include%2Fnew%2Fcss%2Fcrepzu%...
https://clickchain.ir/wp-include/new/css/crepzu////a3Jhc2ltaXJAb3JiaXRhbGNvbm5lY3QuY29t

0
354 B

416ms
101ms

Document
text/html

77.238.109.84
ASIATECH

General

Check archive.org

Show headers Download Go to

Full URL: https://clickchain.ir/wp-include/new/css/crepzu////a3Jhc2ltaXJAb3JiaXRhbGNvbm5lY3QuY29t
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 77.238.109.84 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS: whm.clickzone.it
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 03 Jul 2023 07:24:47 GMT
refresh: 0;url=https://bafkreifwfox7gdsxbul5ytug3x64sa3g65ica2vj6eiyqjjrdpxwj7hc5e.ipfs.dweb.link/?filename=auth.html#krasimir@orbitalconnect.com
vary: Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7e0d640a6d2c1957-FRA
content-length: 0
date: Mon, 03 Jul 2023 07:24:47 GMT
location: https://clickchain.ir/wp-include/new/css/crepzu////a3Jhc2ltaXJAb3JiaXRhbGNvbm5lY3QuY29t
p3p: CP="CAO PSA OUR"
server: cloudflare

GET
H2 200 Primary Request / Show response
bafkreifwfox7gdsxbul5ytug3x64sa3g65ica2vj6eiyqjjrdpxwj7hc5e.ipfs.dweb.link/ 153 B
893 B 77ms
22ms Document
text/html 2602:fea2:2::1
PROTOCOL

General

Check archive.org

Show headers Download Go to

Full URL

https://bafkreifwfox7gdsxbul5ytug3x64sa3g65ica2vj6eiyqjjrdpxwj7hc5e.ipfs.dweb.link/?filename=auth.html

Protocol

H2

Security

TLS 1.3, , AES_256_GCM

Server

2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US),

Reverse DNS

Software

openresty /

Resource Hash

b62baff30e570d17dc4e86ddfdc90366f750206aa9f1118825311bef64fce2e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://clickchain.ir/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-headers: X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
access-control-allow-methods: GET GET, POST, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output
cache-control: public, max-age=29030400, immutable
content-disposition: inline; filename="auth.html"; filename*=UTF-8''auth.html
content-length: 153
content-type: text/html
date: Mon, 03 Jul 2023 07:24:47 GMT
etag: "bafkreifwfox7gdsxbul5ytug3x64sa3g65ica2vj6eiyqjjrdpxwj7hc5e"
server: openresty
strict-transport-security: max-age=31536000; includeSubDomains; preload
timing-allow-origin: *
x-ipfs-gateway-host: ipfs-bank10-fr2
x-ipfs-lb-pop: gateway-bank3-fr2
x-ipfs-path: /ipfs/bafkreifwfox7gdsxbul5ytug3x64sa3g65ica2vj6eiyqjjrdpxwj7hc5e/
x-ipfs-pop: ipfs-bank10-fr2
x-ipfs-roots: bafkreifwfox7gdsxbul5ytug3x64sa3g65ica2vj6eiyqjjrdpxwj7hc5e
x-proxy-cache: HIT

GET
H2 200 / Show response
bafkreigjhdgsl3hyu7box3tj42dbalwx5oci2e442v6d7ozfds6gl4q7eu.ipfs.dweb.link/ 2 KB
2 KB 45ms
21ms Script
text/javascript 2602:fea2:2::1
PROTOCOL

General

Check archive.org

Show headers Download Go to

Full URL

https://bafkreigjhdgsl3hyu7box3tj42dbalwx5oci2e442v6d7ozfds6gl4q7eu.ipfs.dweb.link/?filename=myscr166010.js

Requested by

Host: bafkreifwfox7gdsxbul5ytug3x64sa3g65ica2vj6eiyqjjrdpxwj7hc5e.ipfs.dweb.link
URL: https://bafkreifwfox7gdsxbul5ytug3x64sa3g65ica2vj6eiyqjjrdpxwj7hc5e.ipfs.dweb.link/?filename=auth.html

Protocol

H2

Security

TLS 1.3, , AES_256_GCM

Server

2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US),

Reverse DNS

Software

openresty /

Resource Hash

c938cd25ecf8a7c2ebee69e686102ed7eb848d139cd57c3fbb251cbc65f21f25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bafkreifwfox7gdsxbul5ytug3x64sa3g65ica2vj6eiyqjjrdpxwj7hc5e.ipfs.dweb.link/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 07:24:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-ipfs-gateway-host: ipfs-bank4-fr2
content-disposition: inline; filename="myscr166010.js"; filename*=UTF-8''myscr166010.js
x-ipfs-pop: ipfs-bank4-fr2
server: openresty
x-ipfs-lb-pop: gateway-bank3-fr2
x-ipfs-roots: bafkreigjhdgsl3hyu7box3tj42dbalwx5oci2e442v6d7ozfds6gl4q7eu
etag: W/"bafkreigjhdgsl3hyu7box3tj42dbalwx5oci2e442v6d7ozfds6gl4q7eu"
vary: Accept-Encoding
access-control-allow-methods: GET, GET, POST, OPTIONS
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output
cache-control: public, max-age=29030400, immutable
x-ipfs-path: /ipfs/bafkreigjhdgsl3hyu7box3tj42dbalwx5oci2e442v6d7ozfds6gl4q7eu/
timing-allow-origin: *
access-control-allow-headers: X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
x-proxy-cache: HIT

GET
H/1.1

404
Not Found

sc.php
www.kayakcanoeadventure.com/wipcontent/host%5b20%5d.mod/admin/js/
Redirect Chain

https://kayakcanoeadventure.com/wipcontent/host%5b20%5d.mod/admin/js/sc.php
https://www.kayakcanoeadventure.com/wipcontent/host%5b20%5d.mod/admin/js/sc.php

0
0

1233ms
1086ms

Script
text/html

195.252.110.134
BEOTEL-AS www.beo...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.kayakcanoeadventure.com/wipcontent/host%5b20%5d.mod/admin/js/sc.php
Requested by: Host: bafkreifwfox7gdsxbul5ytug3x64sa3g65ica2vj6eiyqjjrdpxwj7hc5e.ipfs.dweb.link
URL: https://bafkreifwfox7gdsxbul5ytug3x64sa3g65ica2vj6eiyqjjrdpxwj7hc5e.ipfs.dweb.link/?filename=auth.html
Protocol: HTTP/1.1
Server: 195.252.110.134 Surcin, Serbia, ASN6700 (BEOTEL-AS www.beotel.net, RS),
Reverse DNS: cpanel08.beotel.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bafkreifwfox7gdsxbul5ytug3x64sa3g65ica2vj6eiyqjjrdpxwj7hc5e.ipfs.dweb.link/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Redirect headers

cf-edge-cache: cache,platform=wordpress
Date: Mon, 03 Jul 2023 07:24:47 GMT
X-Content-Type-Options: nosniff
Server: Apache
X-Powered-By: PHP/8.0.28
X-Redirect-By: WordPress
Content-Type: text/html; charset=UTF-8
Location: https://www.kayakcanoeadventure.com/wipcontent/host%5b20%5d.mod/admin/js/sc.php
Cache-Control: no-cache, must-revalidate, max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 0
X-XSS-Protection: 1; mode=block
Expires: Wed, 11 Jan 1984 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.srvtrck.com/	1970-01-20 21:45:05	Name: ykuid Value: 95eefc2b40d745a68dd15a45f4150a99

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://bafkreigjhdgsl3hyu7box3tj42dbalwx5oci2e442v6d7ozfds6gl4q7eu.ipfs.dweb.link/?filename=myscr166010.js(Line 100) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://kayakcanoeadventure.com/wipcontent/host%5b20%5d.mod/admin/js/sc.php, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://bafkreigjhdgsl3hyu7box3tj42dbalwx5oci2e442v6d7ozfds6gl4q7eu.ipfs.dweb.link/?filename=myscr166010.js(Line 100) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://kayakcanoeadventure.com/wipcontent/host%5b20%5d.mod/admin/js/sc.php, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://www.kayakcanoeadventure.com/wipcontent/host%5b20%5d.mod/admin/js/sc.php Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bafkreifwfox7gdsxbul5ytug3x64sa3g65ica2vj6eiyqjjrdpxwj7hc5e.ipfs.dweb.link
bafkreigjhdgsl3hyu7box3tj42dbalwx5oci2e442v6d7ozfds6gl4q7eu.ipfs.dweb.link
clickchain.ir
kayakcanoeadventure.com
r.srvtrck.com
www.kayakcanoeadventure.com
195.252.110.134
2602:fea2:2::1
2606:4700::6812:cddb
77.238.109.84
b62baff30e570d17dc4e86ddfdc90366f750206aa9f1118825311bef64fce2e9
c938cd25ecf8a7c2ebee69e686102ed7eb848d139cd57c3fbb251cbc65f21f25
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

bafkreifwfox7gdsxbul5ytug3x64sa3g65ica2vj6eiyqjjrdpxwj7hc5e.ipfs.dweb.link Open in urlscan Pro 2602:fea2:2::1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

4 Requests

75 %HTTPS

50 %IPv6

4 Domains

6 Subdomains

3 IPs

3 Countries

3 kBTransfer

3 kBSize

1 Cookies

0 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

1 Cookies

3 Console Messages

Indicators

bafkreifwfox7gdsxbul5ytug3x64sa3g65ica2vj6eiyqjjrdpxwj7hc5e.ipfs.dweb.link Open in urlscan Pro
2602:fea2:2::1 Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

75 %
HTTPS

50 %
IPv6

4
Domains

6
Subdomains

3
IPs

3
Countries

3 kB
Transfer

3 kB
Size

1
Cookies

4 HTTP transactions
0 data transactions