urlscan.io logo urlscan.io
SecurityTrails logo

bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link Open in urlscan Pro
2602:fea2:2::3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.cf-ipfs.com/
Effective URL: https://bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link/
Submission: On September 10 via api from BY — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 7 domains to perform 6 HTTP transactions. The main IP is 2602:fea2:2::3, located in United States and belongs to PROTOCOL, US. The main domain is bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link.
TLS certificate: Issued by E5 on August 12th 2024. Valid for: 3 months.
This is the only time bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2602:fea2:2::3 40680 (PROTOCOL)
1 104.131.67.145 14061 (DIGITALOC...)
2 2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a02:c0:ac:7:... 39029 (REDPILL-L...)
6 5
1    2606:4700::6811:600d (United States)

ASN13335 (CLOUDFLARENET, US)
bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.cf-ipfs.com
1    2602:fea2:2::3 (United States)

ASN40680 (PROTOCOL, US)
bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link
1    104.131.67.145 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
cdn.freebiesupply.com
2    2606:4700::6812:bc73 (United States)

ASN13335 (CLOUDFLARENET, US)
www.dhlparcel.nl
2    2606:4700::6812:1ac4 (United States)

ASN13335 (CLOUDFLARENET, US)
www.dhlecommerce.nl
1    2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2a02:c0:ac:7:fe::193 (Norway)

ASN39029 (REDPILL-LINPRO Redpill Linpro, NO)
images-global.nhst.tech
Apex Domain
Subdomains		 Transfer
2 dhlecommerce.nl
www.dhlecommerce.nl — Cisco Umbrella Rank: 417055
3 KB
2 dhlparcel.nl
www.dhlparcel.nl
843 B
1 nhst.tech
images-global.nhst.tech — Cisco Umbrella Rank: 421261
221 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 641
30 KB
1 freebiesupply.com
cdn.freebiesupply.com — Cisco Umbrella Rank: 298991
45 KB
1 dweb.link
bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link
3 KB
1 cf-ipfs.com
bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.cf-ipfs.com
425 B
6 7
Domain Requested by
2 www.dhlecommerce.nl bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link
2 www.dhlparcel.nl 2 redirects
1 images-global.nhst.tech bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link
1 ajax.googleapis.com bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link
1 cdn.freebiesupply.com bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link
1 bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link
1 bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.cf-ipfs.com 1 redirects
6 7

This site contains no links.

Subject Issuer Validity Valid
dweb.link
E5		 2024-08-12 -
2024-11-10		 3 months crt.sh
cdn.freebiesupply.com
R10		 2024-09-01 -
2024-11-30		 3 months crt.sh
upload.video.google.com
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
nhst.tech
R11		 2024-09-09 -
2024-12-08		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link/
Frame ID: 51159839B058BFF07EE57E0B9F81AC6B
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

DHL Express | Track Shipment

Page URL History Show full URLs

  1. https://bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.cf-ipfs.com/ HTTP 301
    https://bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

6
Requests

67 %
HTTPS

86 %
IPv6

7
Domains

7
Subdomains

5
IPs

3
Countries

303 kB
Transfer

369 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.cf-ipfs.com/ HTTP 301
    https://bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://www.dhlparcel.nl/themes/custom/dp_theme/images/logo.svg HTTP 301
  • https://www.dhlecommerce.nl/themes/custom/dp_theme/images/logo.svg
Request Chain 4
  • https://www.dhlparcel.nl/themes/custom/dp_theme/favicon.ico HTTP 301
  • https://www.dhlecommerce.nl/themes/custom/dp_theme/favicon.ico

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link/
Redirect Chain
  • https://bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.cf-ipfs.com/
  • https://bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link/
10 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2602:fea2:2::3 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
cloudflare /
Resource Hash
81cdf2babc1f3fbe008b50dc9ba9c32d364d5c3c11ba47358bd5eb5f0989aa42

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type Range User-Agent X-Requested-With
access-control-allow-methods
GET HEAD OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
age
5906387
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=29030400, immutable
cf-cache-status
HIT
cf-ray
8c0c907c4c3393d8-LHR
content-encoding
br
content-type
text/html
date
Tue, 10 Sep 2024 04:09:45 GMT
server
cloudflare
vary
Accept-Encoding
x-ipfs-path
/ipfs/bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa/
x-ipfs-pop
rainbow-am6-01
x-ipfs-roots
bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-ray
8c0c907b4d16cd67-LHR
content-length
0
date
Tue, 10 Sep 2024 04:09:45 GMT
location
https://bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link/
server
cloudflare
vary
Accept-Encoding
dhl-1-logo-png-transparent.png
cdn.freebiesupply.com/logos/large/2x/ 		45 KB
45 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.freebiesupply.com/logos/large/2x/dhl-1-logo-png-transparent.png
Requested by
Host: bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link
URL: https://bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.131.67.145 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
7f8a7411080898c5e0e9a1b99c27c4c0951d558c6948a8f5cd712364f85e9bc7

Request headers

Referer
https://bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Tue, 10 Sep 2024 04:09:46 GMT
Last-Modified
Fri, 09 Mar 2018 21:42:13 GMT
Server
nginx
x-amz-request-id
28614FAD7B274E59
ETag
"c254c6e963469ddf999da53d10109dea"
X-Cache-Status
HIT
Content-Type
image/png
Cache-Control
max-age=15552000, public, no-transform
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
45805
x-amz-id-2
XZbIpmPf9PFo2XVF7tEO9Qr7mSd4FG4AA+Rw98IEpb27+/GWXHNMfBTBVGvb4Conea/CEiMQ2Lc=
Expires
Sun, 09 Mar 2025 04:09:46 GMT
logo.svg
www.dhlecommerce.nl/themes/custom/dp_theme/images/
Redirect Chain
  • https://www.dhlparcel.nl/themes/custom/dp_theme/images/logo.svg
  • https://www.dhlecommerce.nl/themes/custom/dp_theme/images/logo.svg
3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dhlecommerce.nl/themes/custom/dp_theme/images/logo.svg
Requested by
Host: bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link
URL: https://bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link/
Protocol
H2
Server
2606:4700::6812:1ac4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a62bf08fcdd300ef2c47e160b8d0a9f2dcb2fd9278af0a4e52cc716deb8a14c3
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 04:09:46 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Wed, 05 Jun 2024 13:26:19 GMT
server
cloudflare
age
1024355
etag
W/"c72-61a2482fc94c0"
vary
Accept-Encoding
content-type
image/svg+xml
content-encoding
br
cache-control
max-age=1209600
cf-ray
8c0c907eb933405e-LHR
expires
Thu, 12 Sep 2024 07:36:05 GMT

Redirect headers

date
Tue, 10 Sep 2024 04:09:45 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
server
cloudflare
vary
Accept-Encoding
content-type
text/html
location
https://www.dhlecommerce.nl/themes/custom/dp_theme/images/logo.svg
cache-control
max-age=3600
cf-ray
8c0c907d8f6f79b7-LHR
content-length
167
expires
Tue, 10 Sep 2024 05:09:45 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 		84 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Requested by
Host: bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link
URL: https://bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 12:27:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
402139
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30028
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 05 Sep 2025 12:27:26 GMT
0f2521703767006c88f7c21a24cf991e
images-global.nhst.tech/image/WEdHSVZ5eU5vT01Ia25OS1duVnowOWNrSFJyVXFmRzdZOFhBcjNhZ3g4Zz0=/nhst/binary/ 		221 KB
221 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images-global.nhst.tech/image/WEdHSVZ5eU5vT01Ia25OS1duVnowOWNrSFJyVXFmRzdZOFhBcjNhZ3g4Zz0=/nhst/binary/0f2521703767006c88f7c21a24cf991e
Requested by
Host: bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link
URL: https://bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:c0:ac:7:fe::193 , Norway, ASN39029 (REDPILL-LINPRO Redpill Linpro, NO),
Reverse DNS
Software
/ Express
Resource Hash
25e1397babd7c81dc8946fbf3fdbf8ba9a7e3092160f4e473cc90ac59b4b15e0

Request headers

Referer
https://bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Sun, 08 Sep 2024 23:41:47 GMT
Via
1.1 varnish-v4
X-CDN-Location
unknown
X-CDN-Cache
HIT #2
Age
102479
X-Powered-By
Express
Content-Type
image/jpg
cache-control
max-age=86400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
225852
favicon.ico
www.dhlecommerce.nl/themes/custom/dp_theme/
Redirect Chain
  • https://www.dhlparcel.nl/themes/custom/dp_theme/favicon.ico
  • https://www.dhlecommerce.nl/themes/custom/dp_theme/favicon.ico
7 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.dhlecommerce.nl/themes/custom/dp_theme/favicon.ico
Protocol
H2
Server
2606:4700::6812:1ac4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6804c64aa3c5ed0b33ea0127c00d7d5af5bcca300162e009ce80de5032618cb6
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 04:09:46 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Wed, 05 Jun 2024 13:26:19 GMT
server
cloudflare
age
1024487
etag
W/"1cee-61a2482fc94c0"
vary
Accept-Encoding
content-type
image/vnd.microsoft.icon
content-encoding
br
cache-control
max-age=1209600
cf-ray
8c0c90808a70405e-LHR
expires
Wed, 11 Sep 2024 17:39:51 GMT

Redirect headers

date
Tue, 10 Sep 2024 04:09:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
server
cloudflare
vary
Accept-Encoding
content-type
text/html
location
https://www.dhlecommerce.nl/themes/custom/dp_theme/favicon.ico
cache-control
max-age=3600
cf-ray
8c0c908048d879b7-LHR
content-length
167
expires
Tue, 10 Sep 2024 05:09:46 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

2 Cookies

Domain/Path Name / Value
.bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.cf-ipfs.com/ Name: __cf_bm
Value: iZSFNf.cHgsrGRiOANop7xZ9DBX.17TlIYXmVWBHRnc-1725941385-1.0.1.1-V2QYxJxseMNzmhVIWsgpJc_kgxz8FaVxFWxdgcoi5ZefykmC5W3lN8VEGkZ7D.0MfMV7pXpCszMcO3ZJS70tow
.dhlparcel.nl/ Name: _cfuvid
Value: SF0zoflWjn2tb6OrauxRGHZ8R9KZqxNmRitZ8p9leOQ-1725941385863-0.0.1.1-604800000

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link/
Message:
[DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o