bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
Open in
urlscan Pro
209.94.90.2
Malicious Activity!
Public Scan
Submission Tags: @phish_report
Submission: On May 25 via api from FI — Scanned from FI
Summary
TLS certificate: Issued by E1 on April 16th 2024. Valid for: 3 months.
This is the only time bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Spark (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 209.94.90.2 209.94.90.2 | 40680 (PROTOCOL) (PROTOCOL) | |
9 | 146.171.248.36 146.171.248.36 | 2570 (TAS-SPARK...) (TAS-SPARK-NZ Spark New Zealand Trading Ltd) | |
15 | 2 |
ASN40680 (PROTOCOL, US)
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link |
ASN2570 (TAS-SPARK-NZ Spark New Zealand Trading Ltd, NZ)
www.spark.co.nz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
spark.co.nz
www.spark.co.nz |
84 KB |
6 |
dweb.link
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link |
383 KB |
15 | 2 |
Domain | Requested by | |
---|---|---|
9 | www.spark.co.nz |
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
www.spark.co.nz |
6 | bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link |
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
|
15 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.spark.co.nz |
Subject Issuer | Validity | Valid | |
---|---|---|---|
dweb.link E1 |
2024-04-16 - 2024-07-15 |
3 months | crt.sh |
www.spark.co.nz Entrust Certification Authority - L1K |
2023-06-26 - 2024-07-12 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Frame ID: DA38948B2A5D02C2DA757378A76F25CC
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
Xtramail sign in | Spark NZDetected technologies
Adobe Experience Manager (CMS) ExpandDetected patterns
- <div class="[^"]*aem-Grid
- /etc/designs/
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Scams and Safety
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
/
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/ |
145 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
clientlib-all.css
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/ |
836 KB 115 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clientlib-sparkv2.css
www.spark.co.nz/etc/designs/onespark/ |
116 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clientlib-forms.css
www.spark.co.nz/etc/designs/spark-responsive/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
xtramail-sign-in.css
www.spark.co.nz/etc/designs/xtramail/clientlib_xtramail/ |
38 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
xtramail-delete-account.css
www.spark.co.nz/etc/designs/xtramail/clientlib_xtramail/ |
37 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shopping-disabled.svg
www.spark.co.nz/content/dam/telecomcms/responsive/icons-svg/ |
962 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
purple.svg
www.spark.co.nz/content/dam/sparkdigital/images/logo/ |
34 KB 11 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shielded.png
www.spark.co.nz/content/dam/onespark/icon-images/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/ |
88 KB 32 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
91b50bbb-9aa1-4d54-9159-ec6f19d14a7c.woff
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/ |
73 KB 74 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
f26faddb-86cc-4477-a253-1e1287684336.woff
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/ |
74 KB 75 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
spark-icon-family.woff
www.spark.co.nz/content/dam/sparkresponsive/font/Fontello/ |
28 KB 29 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
b8e906a1-f5e8-4bf1-8e80-82c646ca4d5f.woff
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/ |
74 KB 75 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon_32.png
www.spark.co.nz/ |
4 KB 5 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Spark (Telecommunication)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| error1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/ | Name: __cflb Value: 0H28vbmuGkgyS4Qdp1WuB2521r7t6gmYzrY8273bGXn |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
www.spark.co.nz
146.171.248.36
209.94.90.2
1c1bbdd52caac896e0afaf4e56e749b8181fb025bfc7afc16ea8f4f38ca99579
26ad2f29829d8defbbeeb54cb3bc7df4c630b57125f1d93811309aa699be6b63
2d98b01da0724db55fe327b97a09ef64c25598eb8d8194414e63de0e82a20d3d
4589441ac97df1033c946f3403b0199cfb05e8ba3e406e21013d1af6965dd06a
4b91ad0b85c39f6789caf49cec4beb06b7b9f0e4d0ac8feff0de8f79fdd12d97
4d899b6b03c228edf05bda2e1107e08a20d446fdaad7b4276a936ae75827a7c5
534fe5896097c5f707e499a35e69ee58fe0c7aed220e42e2341db6f0afe71a5a
597577e553630e1a1a757b9a233376cc1c0ea7e590a796b708103f8b077b0631
77bbfa0cb24fc3fbd863563814a419f68661054ada740bc501a03bea5d7ce7cc
85d481ca95cdd4e312fc5870a28f39b012acbe6cee76336d7e631d49c2ce3569
8cd0112b63387703de5702e3604c364adad1548f16f995fcc9c75ecef36f9119
c454d5bf7977f3dc91fc22f4e3648a607b72c3677c59d5a4ed04b6c7f42e964b
cb5460d12873f565566367d90c804bdcdfad6f80522ce61a8fdb03b1cfc156f5
e1feb0cfb8121d6c37a4e8797daba314869376e63581c4e5d2ee36039a430a06
fde2509c661f9f9c1e4fc80550297e92356f3b36b497b2bd790c648e25d0df80