urlscan.io logo urlscan.io
SecurityTrails logo

bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com Open in urlscan Pro
104.17.64.14  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://assets-apj.mkt.dynamics.com/3432604b-b4e5-ee11-9049-000d3ac6dd9e/digitalassets/standaloneforms/6c301970-72e7-ee11-904c-6045b...
Effective URL: https://bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/human-resources.html
Submission: On March 27 via manual from SG — Scanned from SG
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 9 domains to perform 12 HTTP transactions. The main IP is 104.17.64.14, located in and belongs to CLOUDFLARENET, US. The main domain is bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com.
TLS certificate: Issued by E1 on March 16th 2024. Valid for: 3 months.
This is the only time bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

IP Address AS Autonomous System
3 13.107.246.59 8075 (MICROSOFT...)
1 156.146.56.169 60068 (CDN77 _)
3 104.17.64.14 13335 (CLOUDFLAR...)
1 74.125.130.95 15169 (GOOGLE)
1 1 142.251.10.99 15169 (GOOGLE)
1 64.233.170.106 15169 (GOOGLE)
1 34.195.143.153 14618 (AMAZON-AES)
12 7
3    13.107.246.59 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
assets-apj.mkt.dynamics.com
cxppusa1formui01cdnsa01-endpoint.azureedge.net
1    156.146.56.169 (Singapore, Singapore)

ASN60068 (CDN77 _, GB)
PTR: 156-146-56-169.bunnyinfra.net
rdr47.b-cdn.net
3    104.17.64.14 (None, )

ASN13335 (CLOUDFLARENET, US)
bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com
1    74.125.130.95 (United States)

ASN15169 (GOOGLE, US)
PTR: sb-in-f95.1e100.net
ajax.googleapis.com
1    142.251.10.99 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: sd-in-f99.1e100.net
www.google.com
1    64.233.170.106 (United States)

ASN15169 (GOOGLE, US)
PTR: sg-in-f106.1e100.net
t3.gstatic.com
1    34.195.143.153 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-195-143-153.compute-1.amazonaws.com
image.thum.io
Apex Domain
Subdomains		 Transfer
3 cf-ipfs.com
bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com
113 KB
2 dynamics.com
assets-apj.mkt.dynamics.com — Cisco Umbrella Rank: 995690
8 KB
1 thum.io
image.thum.io — Cisco Umbrella Rank: 249878
21 KB
1 gstatic.com
t3.gstatic.com
917 B
1 google.com
www.google.com — Cisco Umbrella Rank: 5
287 B
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 728
31 KB
1 b-cdn.net
rdr47.b-cdn.net
829 B
1 azureedge.net
cxppusa1formui01cdnsa01-endpoint.azureedge.net — Cisco Umbrella Rank: 456009
203 KB
0 bourbon-online.com Failed
webmail.bourbon-online.com Failed
12 9
Domain Requested by
3 bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com rdr47.b-cdn.net
bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com
2 assets-apj.mkt.dynamics.com cxppusa1formui01cdnsa01-endpoint.azureedge.net
1 image.thum.io bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com
1 t3.gstatic.com bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com
1 www.google.com 1 redirects
1 ajax.googleapis.com bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com
1 rdr47.b-cdn.net assets-apj.mkt.dynamics.com
1 cxppusa1formui01cdnsa01-endpoint.azureedge.net assets-apj.mkt.dynamics.com
cxppusa1formui01cdnsa01-endpoint.azureedge.net
0 webmail.bourbon-online.com Failed
12 9

This site contains no links.

Subject Issuer Validity Valid
assets-apj.mkt.dynamics.com
Microsoft Azure RSA TLS Issuing CA 07		 2024-02-11 -
2025-02-05		 a year crt.sh
*.azureedge.net
Microsoft Azure RSA TLS Issuing CA 07		 2024-02-25 -
2025-02-19		 a year crt.sh
*.b-cdn.net
Sectigo RSA Domain Validation Secure Server CA		 2023-11-05 -
2024-11-11		 a year crt.sh
cf-ipfs.com
E1		 2024-03-16 -
2024-06-14		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-02-26 -
2024-05-20		 3 months crt.sh
*.thum.io
Amazon RSA 2048 M01		 2023-09-24 -
2024-10-22		 a year crt.sh

This page contains 1 frames:

Primary Page: https://bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/human-resources.html
Frame ID: 42BBD89B66565624C57D8234EDE9FDA8
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Outlook Web App

Page URL History Show full URLs

  1. http://assets-apj.mkt.dynamics.com/3432604b-b4e5-ee11-9049-000d3ac6dd9e/digitalassets/standaloneforms/6c301970-... HTTP 307
    https://assets-apj.mkt.dynamics.com/3432604b-b4e5-ee11-9049-000d3ac6dd9e/digitalassets/standaloneforms/6c301970-... Page URL
  2. https://rdr47.b-cdn.net/bunnyrdr7.html Page URL
  3. https://bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/human-resources.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

75 %
HTTPS

0 %
IPv6

9
Domains

9
Subdomains

7
IPs

3
Countries

378 kB
Transfer

1275 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://assets-apj.mkt.dynamics.com/3432604b-b4e5-ee11-9049-000d3ac6dd9e/digitalassets/standaloneforms/6c301970-72e7-ee11-904c-6045bd2172c1 HTTP 307
    https://assets-apj.mkt.dynamics.com/3432604b-b4e5-ee11-9049-000d3ac6dd9e/digitalassets/standaloneforms/6c301970-72e7-ee11-904c-6045bd2172c1 Page URL
  2. https://rdr47.b-cdn.net/bunnyrdr7.html Page URL
  3. https://bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/human-resources.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://assets-apj.mkt.dynamics.com/3432604b-b4e5-ee11-9049-000d3ac6dd9e/digitalassets/standaloneforms/6c301970-72e7-ee11-904c-6045bd2172c1 HTTP 307
  • https://assets-apj.mkt.dynamics.com/3432604b-b4e5-ee11-9049-000d3ac6dd9e/digitalassets/standaloneforms/6c301970-72e7-ee11-904c-6045bd2172c1
Request Chain 14
  • https://www.google.com/s2/favicons?domain=undefined&sz=64 HTTP 301
  • https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://undefined&size=64

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
6c301970-72e7-ee11-904c-6045bd2172c1
assets-apj.mkt.dynamics.com/3432604b-b4e5-ee11-9049-000d3ac6dd9e/digitalassets/standaloneforms/
Redirect Chain
  • http://assets-apj.mkt.dynamics.com/3432604b-b4e5-ee11-9049-000d3ac6dd9e/digitalassets/standaloneforms/6c301970-72e7-ee11-904c-6045bd2172c1
  • https://assets-apj.mkt.dynamics.com/3432604b-b4e5-ee11-9049-000d3ac6dd9e/digitalassets/standaloneforms/6c301970-72e7-ee11-904c-6045bd2172c1
491 B
821 B 		Document
General
Check archive.org
Download Go to
Full URL
https://assets-apj.mkt.dynamics.com/3432604b-b4e5-ee11-9049-000d3ac6dd9e/digitalassets/standaloneforms/6c301970-72e7-ee11-904c-6045bd2172c1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.59 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0db36cfbe4eaca5be22621f36c55702b5502bbaf0180bc298f01cdab7960d9ff
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
zh-SG,zh;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
public, max-age=900, must-revalidate
content-length
491
content-type
text/html
date
Wed, 27 Mar 2024 12:59:07 GMT
strict-transport-security
max-age=2592000; preload
x-azure-ref
20240327T125906Z-b97b5gznm957r2vtqkdmnfc93n00000008s0000000002zau
x-cache
TCP_MISS
x-content-type-options
nosniff
x-fd-int-roxy-purgeid
67761409
x-ms-trace-id
c9dd5eb938ce459dc5181a6a189e1029

Redirect headers

Location
https://assets-apj.mkt.dynamics.com/3432604b-b4e5-ee11-9049-000d3ac6dd9e/digitalassets/standaloneforms/6c301970-72e7-ee11-904c-6045bd2172c1
Non-Authoritative-Reason
HttpsUpgrades
FormLoader.bundle.js
cxppusa1formui01cdnsa01-endpoint.azureedge.net/apj/FormLoader/ 		694 KB
203 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/apj/FormLoader/FormLoader.bundle.js
Requested by
Host: assets-apj.mkt.dynamics.com
URL: https://assets-apj.mkt.dynamics.com/3432604b-b4e5-ee11-9049-000d3ac6dd9e/digitalassets/standaloneforms/6c301970-72e7-ee11-904c-6045bd2172c1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.59 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
779b4fbe4a213e68edb39d99832b2eb3c3eeceb8dc06004ee5bffa104a56b239

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://assets-apj.mkt.dynamics.com/
accept-language
zh-SG,zh;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Wed, 27 Mar 2024 12:59:09 GMT
content-encoding
br
last-modified
Thu, 22 Feb 2024 09:32:42 GMT
vary
Accept-Encoding
x-azure-ref
20240327T125907Z-zntprfdksd6xx3aqx4adfrwwhs0000000d60000000005ts6
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
71ebc5dc-201e-003e-5446-808e94000000
x-cache
TCP_MISS
x-ms-version
2009-09-19
x-fd-int-roxy-purgeid
66630197
6c301970-72e7-ee11-904c-6045bd2172c1
assets-apj.mkt.dynamics.com/3432604b-b4e5-ee11-9049-000d3ac6dd9e/digitalassets/forms/ 		33 KB
7 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://assets-apj.mkt.dynamics.com/3432604b-b4e5-ee11-9049-000d3ac6dd9e/digitalassets/forms/6c301970-72e7-ee11-904c-6045bd2172c1
Requested by
Host: cxppusa1formui01cdnsa01-endpoint.azureedge.net
URL: https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/apj/FormLoader/FormLoader.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.59 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0cab5398275b3422b6cf4a428aa498acf8d2d1248e5b5cb69f582b366a6aa778
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept
text/plain
Referer
https://assets-apj.mkt.dynamics.com/3432604b-b4e5-ee11-9049-000d3ac6dd9e/digitalassets/standaloneforms/6c301970-72e7-ee11-904c-6045bd2172c1
accept-language
zh-SG,zh;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 12:59:10 GMT
strict-transport-security
max-age=2592000; preload
x-content-type-options
nosniff
content-encoding
br
x-ms-trace-id
b4785657802ab1be7850af46185be9fd
vary
Accept-Encoding
x-azure-ref
20240327T125910Z-b97b5gznm957r2vtqkdmnfc93n00000008s0000000002zd7
content-type
text/html
access-control-allow-origin
*
x-cache
TCP_MISS
cache-control
public, max-age=900, must-revalidate
x-fd-int-roxy-purgeid
67761409
translation.json
cxppusa1formui01cdnsa01-endpoint.azureedge.net/apj/FormLoader/public/locales/en-us/ 		0
0
bunnyrdr7.html
rdr47.b-cdn.net/ 		908 B
829 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rdr47.b-cdn.net/bunnyrdr7.html
Requested by
Host: assets-apj.mkt.dynamics.com
URL: https://assets-apj.mkt.dynamics.com/3432604b-b4e5-ee11-9049-000d3ac6dd9e/digitalassets/standaloneforms/6c301970-72e7-ee11-904c-6045bd2172c1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
156.146.56.169 Singapore, Singapore, ASN60068 (CDN77 _, GB),
Reverse DNS
156-146-56-169.bunnyinfra.net
Software
BunnyCDN-SG1-977 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
zh-SG,zh;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
public, max-age=2592000
cdn-cache
HIT
cdn-cachedat
03/21/2024 13:25:26
cdn-edgestorageid
1180
cdn-fileserver
728
cdn-proxyver
1.04
cdn-pullzone
2084342
cdn-requestcountrycode
SG
cdn-requestid
c8275e4bbe6baf7c8d367aafaa50bdd1
cdn-requestpullcode
206
cdn-requestpullsuccess
True
cdn-status
200
cdn-storageserver
DE-680
cdn-uid
9caf5e36-3d37-45d4-b973-6a709e2d62ce
content-encoding
gzip
content-type
text/html
date
Wed, 27 Mar 2024 12:59:11 GMT
last-modified
Thu, 21 Mar 2024 12:31:06 GMT
server
BunnyCDN-SG1-977
vary
Accept-Encoding
Primary Request human-resources.html
bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/ 		424 KB
113 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/human-resources.html
Requested by
Host: rdr47.b-cdn.net
URL: https://rdr47.b-cdn.net/bunnyrdr7.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.64.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ed3be4b7e0892cdd76c347fc04241c558fb74f2d825104fdefae30058617bc9

Request headers

Referer
https://rdr47.b-cdn.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
zh-SG,zh;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-headers
Content-Type Range User-Agent X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-expose-headers
Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
age
1781
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=29030400, immutable
cf-cache-status
HIT
cf-ray
86af8e64fc458219-SIN
content-encoding
br
content-type
text/html
date
Wed, 27 Mar 2024 12:59:11 GMT
etag
W/"bafkreiao2o7ew7qislg5o3bup7aeeqofld5xj4wyeuie7xx24mafqyl3ze"
server
cloudflare
vary
Accept-Encoding
x-cf-ipfs-cache-status
hit
x-ipfs-path
/ipfs/bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a/human-resources.html
x-ipfs-roots
bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a,bafkreiao2o7ew7qislg5o3bup7aeeqofld5xj4wyeuie7xx24mafqyl3ze
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com
URL: https://bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/human-resources.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.130.95 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sb-in-f95.1e100.net
Software
sffe /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/
accept-language
zh-SG,zh;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 05:55:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
25420
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31021
x-xss-protection
0
last-modified
Fri, 08 May 2020 07:05:03 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 27 Mar 2025 05:55:32 GMT
lgnexlogo.gif
bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/Outlook%20Web%20App_files/ 		225 B
225 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/Outlook%20Web%20App_files/lgnexlogo.gif
Requested by
Host: bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com
URL: https://bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/human-resources.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.64.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/human-resources.html
accept-language
zh-SG,zh;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 12:59:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
x-cf-ipfs-cache-status
miss
alt-svc
h3=":443"; ma=86400
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control
no-store
x-ipfs-path
/ipfs/bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a/Outlook Web App_files/lgnexlogo.gif
cf-ray
86af8e65dd428219-SIN
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
lgnbotr.gif
bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/Outlook%20Web%20App_files/ 		223 B
223 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/Outlook%20Web%20App_files/lgnbotr.gif
Requested by
Host: bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com
URL: https://bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/human-resources.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.64.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e475dd9263920a38a575910ed266b2ee45f2a8238b47f6f23823ff9e44b754e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/human-resources.html
accept-language
zh-SG,zh;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 12:59:12 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
x-cf-ipfs-cache-status
miss
alt-svc
h3=":443"; ma=86400
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control
no-store
x-ipfs-path
/ipfs/bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a/Outlook Web App_files/lgnbotr.gif
cf-ray
86af8e65dd448219-SIN
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2934659cf06ca3ba6b87e7b5b64cbfb54ac6d85ffd2dd3428eecc741e3eac732

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7acfa3d76cd77b3aba2cb0e53c167a116ed8d8c104bd4df1345a32854e658519

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ 		290 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
be17924f6d0d8a6ece9dc5666983fe23af7d0e67eed9c64b279ec71a9b95143b

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ 		232 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
301ab4a659a609d5ddc2155d403291d1de337b7adf437aa3db4d2e77560aadb4

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ 		76 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7cc623ae411b358d670e9a9da00770e719e99facc6e49a94f07eca2a086aa88e

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ 		99 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e7c8f9a8eeec5e657afb08a443c61ba96fa843168626ea5a68a0ca58d444bcb0

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/gif
faviconV2
t3.gstatic.com/
Redirect Chain
  • https://www.google.com/s2/favicons?domain=undefined&sz=64
  • https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://undefined&size=64
726 B
917 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://undefined&size=64
Requested by
Host: bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com
URL: https://bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/human-resources.html
Protocol
H2
Server
64.233.170.106 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sg-in-f106.1e100.net
Software
sffe /
Resource Hash
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

date
Wed, 27 Mar 2024 12:59:13 GMT
x-content-type-options
nosniff
server
sffe
content-type
image/png
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
726
x-xss-protection
0

Redirect headers

date
Wed, 27 Mar 2024 12:59:12 GMT
x-content-type-options
nosniff
server
sffe
content-type
text/html; charset=UTF-8
location
https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://undefined&size=64
cache-control
public, max-age=1800
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
329
x-xss-protection
0
expires
Wed, 27 Mar 2024 13:29:12 GMT
undefined
image.thum.io/get/65490-1671030344805-37a36e07674665dbe1105f1044aab44d/width/1200/https:// 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image.thum.io/get/65490-1671030344805-37a36e07674665dbe1105f1044aab44d/width/1200/https://undefined
Requested by
Host: bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com
URL: https://bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/human-resources.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.195.143.153 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-195-143-153.compute-1.amazonaws.com
Software
/
Resource Hash
380fe5ddf551686fd1a4e88218b04d64a56982b5b1d5e3f0f1cb087d5c3ff1bd

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/
accept-language
zh-SG,zh;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
date
Wed, 27 Mar 2024 12:59:13 GMT
cache-control
max-age=86400
content-type
image/png
content-disposition
inline; filename= "undefined.png"
thum_status_code
0
expires
Thu, 28 Mar 2024 12:59:13 GMT
favicon.ico
webmail.bourbon-online.com/owa/14.3.513.0/themes/resources/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cxppusa1formui01cdnsa01-endpoint.azureedge.net
URL
https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/apj/FormLoader/public/locales/en-us/translation.json
Domain
webmail.bourbon-online.com
URL
https://webmail.bourbon-online.com/owa/14.3.513.0/themes/resources/favicon.ico

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onpagereveal function| _0xb141f4 function| _0x19de function| _0xcd98 function| $ function| jQuery function| v function| x function| zW function| zb function| zX function| zF function| C function| ze function| zE function| zc function| zG function| zJ function| zo function| showEl function| hideEl function| z number| g_fFcs

1 Cookies

Domain/Path Name / Value
.bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/ Name: __cf_bm
Value: tqKLHcymlPgw68eaG9UCX1LpKDuYX4AXeOvj.zWneXA-1711544351-1.0.1.1-NpQ5f1voFL7gWEWH8uKI1kD4GJfIrvUdfmHGynJdkreSU7mgzAoO05ElaEcEBPQi.sy4lME_rartMW5YNr3YBg

6 Console Messages

Source Level URL
Text
javascript warning URL: https://bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/human-resources.html(Line 3)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/human-resources.html(Line 3)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/Outlook%20Web%20App_files/lgnbotr.gif
Message:
Failed to load resource: the server responded with a status of 404 ()
recommendation verbose URL: https://bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/human-resources.html#undefined
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network error URL: https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://undefined&size=64
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com/Outlook%20Web%20App_files/lgnexlogo.gif
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
assets-apj.mkt.dynamics.com
bafybeihhl2ftsimclushohb4byjwjfjoqr3pdymvx5fzx7aeswvf2imv2a.ipfs.cf-ipfs.com
cxppusa1formui01cdnsa01-endpoint.azureedge.net
image.thum.io
rdr47.b-cdn.net
t3.gstatic.com
webmail.bourbon-online.com
www.google.com
cxppusa1formui01cdnsa01-endpoint.azureedge.net
webmail.bourbon-online.com
104.17.64.14
13.107.246.59
142.251.10.99
156.146.56.169
34.195.143.153
64.233.170.106
74.125.130.95
0cab5398275b3422b6cf4a428aa498acf8d2d1248e5b5cb69f582b366a6aa778
0db36cfbe4eaca5be22621f36c55702b5502bbaf0180bc298f01cdab7960d9ff
0ed3be4b7e0892cdd76c347fc04241c558fb74f2d825104fdefae30058617bc9
2934659cf06ca3ba6b87e7b5b64cbfb54ac6d85ffd2dd3428eecc741e3eac732
301ab4a659a609d5ddc2155d403291d1de337b7adf437aa3db4d2e77560aadb4
380fe5ddf551686fd1a4e88218b04d64a56982b5b1d5e3f0f1cb087d5c3ff1bd
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64
779b4fbe4a213e68edb39d99832b2eb3c3eeceb8dc06004ee5bffa104a56b239
7acfa3d76cd77b3aba2cb0e53c167a116ed8d8c104bd4df1345a32854e658519
7cc623ae411b358d670e9a9da00770e719e99facc6e49a94f07eca2a086aa88e
9e475dd9263920a38a575910ed266b2ee45f2a8238b47f6f23823ff9e44b754e
be17924f6d0d8a6ece9dc5666983fe23af7d0e67eed9c64b279ec71a9b95143b
e7c8f9a8eeec5e657afb08a443c61ba96fa843168626ea5a68a0ca58d444bcb0
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d