bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link Open in urlscan Pro
2602:fea2:2::3  Malicious Activity! Public Scan

Submitted URL: http://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link:443/
Effective URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Submission: On July 01 via api from US — Scanned from DE

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 12 HTTP transactions. The main IP is 2602:fea2:2::3, located in United States and belongs to PROTOCOL, US. The main domain is bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link.
TLS certificate: Issued by E6 on June 14th 2024. Valid for: 3 months.
This is the only time bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Spark (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
3 2602:fea2:2::3 40680 (PROTOCOL)
9 146.171.248.36 2570 (TAS-SPARK...)
12 2
Domain Requested by
9 www.spark.co.nz bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
www.spark.co.nz
3 bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
12 2

This site contains links to these domains. Also see Links.

Domain
www.spark.co.nz
Subject Issuer Validity Valid
dweb.link
E6
2024-06-14 -
2024-09-12
3 months crt.sh
www.spark.co.nz
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-06-19 -
2025-06-18
a year crt.sh

This page contains 1 frames:

Primary Page: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Frame ID: C0D11BACEDC2ABD9EBB3CA9ED9FA50CE
Requests: 12 HTTP requests in this frame

Screenshot

Page Title

Xtramail sign in | Spark NZ

Page URL History Show full URLs

  1. http://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link:443/ HTTP 307
    https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <div class="[^"]*aem-Grid
  • /etc/designs/

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

97 kB
Transfer

415 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link:443/ HTTP 307
    https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Redirect Chain
  • http://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link:443/
  • https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
145 KB
12 KB
Document
General
Full URL
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2602:fea2:2::3 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fde2509c661f9f9c1e4fc80550297e92356f3b36b497b2bd790c648e25d0df80

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type Range User-Agent X-Requested-With
access-control-allow-methods
GET HEAD OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
age
3216867
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=29030400, immutable
cf-cache-status
HIT
cf-ray
89c46954183591fb-FRA
content-encoding
br
content-type
text/html
date
Mon, 01 Jul 2024 06:41:37 GMT
server
cloudflare
vary
Accept-Encoding
x-ipfs-path
/ipfs/bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm/
x-ipfs-pop
rainbow-am6-01
x-ipfs-roots
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Non-Authoritative-Reason
HSTS
clientlib-all.css
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
0
0
Stylesheet
General
Full URL
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/clientlib-all.css
Requested by
Host: bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2602:fea2:2::3 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 06:41:38 GMT
cf-cache-status
EXPIRED
x-ipfs-pop
rainbow-fr2-02
server
cloudflare
vary
Accept-Encoding
content-type
text/html
cf-ray
89c46954687391fb-FRA
alt-svc
h3=":443"; ma=86400
clientlib-sparkv2.css
www.spark.co.nz/etc/designs/onespark/
116 KB
16 KB
Stylesheet
General
Full URL
https://www.spark.co.nz/etc/designs/onespark/clientlib-sparkv2.css
Requested by
Host: bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
146.171.248.36 , New Zealand, ASN2570 (TAS-SPARK-NZ Spark New Zealand Trading Ltd, NZ),
Reverse DNS
Software
/
Resource Hash
77bbfa0cb24fc3fbd863563814a419f68661054ada740bc501a03bea5d7ce7cc
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 01 Jul 2024 06:41:38 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self'
Last-Modified
Tue, 28 May 2024 05:16:56 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css; charset=utf-8
Cache-Control
max-age=900
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=25
Content-Length
15553
clientlib-forms.css
www.spark.co.nz/etc/designs/spark-responsive/
7 KB
2 KB
Stylesheet
General
Full URL
https://www.spark.co.nz/etc/designs/spark-responsive/clientlib-forms.css
Requested by
Host: bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
146.171.248.36 , New Zealand, ASN2570 (TAS-SPARK-NZ Spark New Zealand Trading Ltd, NZ),
Reverse DNS
Software
/
Resource Hash
2d98b01da0724db55fe327b97a09ef64c25598eb8d8194414e63de0e82a20d3d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 01 Jul 2024 06:41:38 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self'
Last-Modified
Tue, 28 May 2024 05:14:40 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css; charset=utf-8
Cache-Control
max-age=900
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=48
Content-Length
1569
xtramail-sign-in.css
www.spark.co.nz/etc/designs/xtramail/clientlib_xtramail/
38 KB
7 KB
Stylesheet
General
Full URL
https://www.spark.co.nz/etc/designs/xtramail/clientlib_xtramail/xtramail-sign-in.css
Requested by
Host: bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
146.171.248.36 , New Zealand, ASN2570 (TAS-SPARK-NZ Spark New Zealand Trading Ltd, NZ),
Reverse DNS
Software
/
Resource Hash
e1feb0cfb8121d6c37a4e8797daba314869376e63581c4e5d2ee36039a430a06
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 01 Jul 2024 06:41:38 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self'
Last-Modified
Tue, 28 May 2024 05:17:26 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css; charset=utf-8
Cache-Control
max-age=900
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=85
Content-Length
6240
xtramail-delete-account.css
www.spark.co.nz/etc/designs/xtramail/clientlib_xtramail/
37 KB
7 KB
Stylesheet
General
Full URL
https://www.spark.co.nz/etc/designs/xtramail/clientlib_xtramail/xtramail-delete-account.css
Requested by
Host: bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
146.171.248.36 , New Zealand, ASN2570 (TAS-SPARK-NZ Spark New Zealand Trading Ltd, NZ),
Reverse DNS
Software
/
Resource Hash
4d899b6b03c228edf05bda2e1107e08a20d446fdaad7b4276a936ae75827a7c5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 01 Jul 2024 06:41:38 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self'
Last-Modified
Tue, 28 May 2024 05:16:07 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css; charset=utf-8
Cache-Control
max-age=900
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=18
Content-Length
6145
shopping-disabled.svg
www.spark.co.nz/content/dam/telecomcms/responsive/icons-svg/
962 B
1 KB
Image
General
Full URL
https://www.spark.co.nz/content/dam/telecomcms/responsive/icons-svg/shopping-disabled.svg
Requested by
Host: bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
146.171.248.36 , New Zealand, ASN2570 (TAS-SPARK-NZ Spark New Zealand Trading Ltd, NZ),
Reverse DNS
Software
/
Resource Hash
4b91ad0b85c39f6789caf49cec4beb06b7b9f0e4d0ac8feff0de8f79fdd12d97
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 01 Jul 2024 06:41:38 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self'
Last-Modified
Mon, 10 Jun 2024 11:41:45 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Cache-Control
max-age=7200
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Content-Length
512
purple.svg
www.spark.co.nz/content/dam/sparkdigital/images/logo/
34 KB
11 KB
Image
General
Full URL
https://www.spark.co.nz/content/dam/sparkdigital/images/logo/purple.svg
Requested by
Host: bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
146.171.248.36 , New Zealand, ASN2570 (TAS-SPARK-NZ Spark New Zealand Trading Ltd, NZ),
Reverse DNS
Software
/
Resource Hash
8cd0112b63387703de5702e3604c364adad1548f16f995fcc9c75ecef36f9119
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 01 Jul 2024 06:41:38 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self'
Last-Modified
Mon, 10 Jun 2024 12:07:27 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Cache-Control
max-age=7200
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=63
Content-Length
10484
shielded.png
www.spark.co.nz/content/dam/onespark/icon-images/
5 KB
6 KB
Image
General
Full URL
https://www.spark.co.nz/content/dam/onespark/icon-images/shielded.png
Requested by
Host: bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
146.171.248.36 , New Zealand, ASN2570 (TAS-SPARK-NZ Spark New Zealand Trading Ltd, NZ),
Reverse DNS
Software
/
Resource Hash
4589441ac97df1033c946f3403b0199cfb05e8ba3e406e21013d1af6965dd06a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 01 Jul 2024 06:41:39 GMT
Content-Security-Policy
frame-ancestors 'self'
X-Content-Type-Options
nosniff
Last-Modified
Tue, 11 Jun 2024 02:54:02 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=7200
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=62
Content-Length
5432
jquery.min.js
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
0
0
Script
General
Full URL
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/jquery.min.js
Requested by
Host: bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2602:fea2:2::3 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 06:41:38 GMT
cf-cache-status
EXPIRED
x-ipfs-pop
rainbow-fr2-02
server
cloudflare
vary
Accept-Encoding
content-type
text/html
cf-ray
89c46954788291fb-FRA
alt-svc
h3=":443"; ma=86400
spark-icon-family.woff
www.spark.co.nz/content/dam/sparkresponsive/font/Fontello/
28 KB
29 KB
Font
General
Full URL
https://www.spark.co.nz/content/dam/sparkresponsive/font/Fontello/spark-icon-family.woff
Requested by
Host: www.spark.co.nz
URL: https://www.spark.co.nz/etc/designs/onespark/clientlib-sparkv2.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
146.171.248.36 , New Zealand, ASN2570 (TAS-SPARK-NZ Spark New Zealand Trading Ltd, NZ),
Reverse DNS
Software
/
Resource Hash
597577e553630e1a1a757b9a233376cc1c0ea7e590a796b708103f8b077b0631
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.spark.co.nz/etc/designs/onespark/clientlib-sparkv2.css
Origin
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 01 Jul 2024 06:41:40 GMT
Content-Security-Policy
frame-ancestors 'self'
X-Content-Type-Options
nosniff
Last-Modified
Thu, 06 Jun 2024 10:55:08 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
application/font-woff
Access-Control-Allow-Origin
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
Cache-Control
max-age=7200
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=28
Content-Length
28652
favicon_32.png
www.spark.co.nz/
4 KB
5 KB
Other
General
Full URL
https://www.spark.co.nz/favicon_32.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
146.171.248.36 , New Zealand, ASN2570 (TAS-SPARK-NZ Spark New Zealand Trading Ltd, NZ),
Reverse DNS
Software
/
Resource Hash
534fe5896097c5f707e499a35e69ee58fe0c7aed220e42e2341db6f0afe71a5a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 01 Jul 2024 06:41:41 GMT
Content-Security-Policy
frame-ancestors 'self'
X-Content-Type-Options
nosniff
Last-Modified
Tue, 28 May 2024 05:16:44 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=14400
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=9
Content-Length
4345

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Spark (Telecommunication)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage object| error

1 Cookies

Domain/Path Name / Value
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/ Name: __cflb
Value: 0H28vbmuGkgyS4Qdp1WjcBx2Tw5NhmTRu1nF5Ny6VfJ

2 Console Messages

Source Level URL
Text
network error URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/clientlib-all.css
Message:
Failed to load resource: the server responded with a status of 410 ()
network error URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/jquery.min.js
Message:
Failed to load resource: the server responded with a status of 410 ()