bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
Open in
urlscan Pro
2602:fea2:2::3
Malicious Activity!
Public Scan
Effective URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Submission: On July 01 via api from US — Scanned from DE
Summary
TLS certificate: Issued by E6 on June 14th 2024. Valid for: 3 months.
This is the only time bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Spark (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 2602:fea2:2::3 2602:fea2:2::3 | 40680 (PROTOCOL) (PROTOCOL) | |
9 | 146.171.248.36 146.171.248.36 | 2570 (TAS-SPARK...) (TAS-SPARK-NZ Spark New Zealand Trading Ltd) | |
12 | 2 |
ASN40680 (PROTOCOL, US)
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link |
ASN2570 (TAS-SPARK-NZ Spark New Zealand Trading Ltd, NZ)
www.spark.co.nz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
spark.co.nz
www.spark.co.nz |
85 KB |
3 |
dweb.link
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link |
12 KB |
12 | 2 |
Domain | Requested by | |
---|---|---|
9 | www.spark.co.nz |
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
www.spark.co.nz |
3 | bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link |
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
|
12 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.spark.co.nz |
Subject Issuer | Validity | Valid | |
---|---|---|---|
dweb.link E6 |
2024-06-14 - 2024-09-12 |
3 months | crt.sh |
www.spark.co.nz DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2024-06-19 - 2025-06-18 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Frame ID: C0D11BACEDC2ABD9EBB3CA9ED9FA50CE
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
Xtramail sign in | Spark NZPage URL History Show full URLs
-
http://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link:443/
HTTP 307
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/ Page URL
Detected technologies
Adobe Experience Manager (CMS) ExpandDetected patterns
- <div class="[^"]*aem-Grid
- /etc/designs/
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Scams and Safety
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link:443/
HTTP 307
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
/
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/ Redirect Chain
|
145 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
clientlib-all.css
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clientlib-sparkv2.css
www.spark.co.nz/etc/designs/onespark/ |
116 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clientlib-forms.css
www.spark.co.nz/etc/designs/spark-responsive/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
xtramail-sign-in.css
www.spark.co.nz/etc/designs/xtramail/clientlib_xtramail/ |
38 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
xtramail-delete-account.css
www.spark.co.nz/etc/designs/xtramail/clientlib_xtramail/ |
37 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shopping-disabled.svg
www.spark.co.nz/content/dam/telecomcms/responsive/icons-svg/ |
962 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
purple.svg
www.spark.co.nz/content/dam/sparkdigital/images/logo/ |
34 KB 11 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shielded.png
www.spark.co.nz/content/dam/onespark/icon-images/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
spark-icon-family.woff
www.spark.co.nz/content/dam/sparkresponsive/font/Fontello/ |
28 KB 29 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon_32.png
www.spark.co.nz/ |
4 KB 5 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Spark (Telecommunication)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| event object| fence object| sharedStorage object| error1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/ | Name: __cflb Value: 0H28vbmuGkgyS4Qdp1WjcBx2Tw5NhmTRu1nF5Ny6VfJ |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
www.spark.co.nz
146.171.248.36
2602:fea2:2::3
2d98b01da0724db55fe327b97a09ef64c25598eb8d8194414e63de0e82a20d3d
4589441ac97df1033c946f3403b0199cfb05e8ba3e406e21013d1af6965dd06a
4b91ad0b85c39f6789caf49cec4beb06b7b9f0e4d0ac8feff0de8f79fdd12d97
4d899b6b03c228edf05bda2e1107e08a20d446fdaad7b4276a936ae75827a7c5
534fe5896097c5f707e499a35e69ee58fe0c7aed220e42e2341db6f0afe71a5a
597577e553630e1a1a757b9a233376cc1c0ea7e590a796b708103f8b077b0631
77bbfa0cb24fc3fbd863563814a419f68661054ada740bc501a03bea5d7ce7cc
8cd0112b63387703de5702e3604c364adad1548f16f995fcc9c75ecef36f9119
e1feb0cfb8121d6c37a4e8797daba314869376e63581c4e5d2ee36039a430a06
fde2509c661f9f9c1e4fc80550297e92356f3b36b497b2bd790c648e25d0df80