bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link Open in urlscan Pro
209.94.90.2  Malicious Activity! Public Scan

URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Submission Tags: @phish_report
Submission: On May 25 via api from FI — Scanned from FI

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 15 HTTP transactions. The main IP is 209.94.90.2, located in United States and belongs to PROTOCOL, US. The main domain is bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link.
TLS certificate: Issued by E1 on April 16th 2024. Valid for: 3 months.
This is the only time bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Spark (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
6 209.94.90.2 40680 (PROTOCOL)
9 146.171.248.36 2570 (TAS-SPARK...)
15 2
Domain Requested by
9 www.spark.co.nz bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
www.spark.co.nz
6 bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
15 2

This site contains links to these domains. Also see Links.

Domain
www.spark.co.nz
Subject Issuer Validity Valid
dweb.link
E1
2024-04-16 -
2024-07-15
3 months crt.sh
www.spark.co.nz
Entrust Certification Authority - L1K
2023-06-26 -
2024-07-12
a year crt.sh

This page contains 1 frames:

Primary Page: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Frame ID: DA38948B2A5D02C2DA757378A76F25CC
Requests: 15 HTTP requests in this frame

Screenshot

Page Title

Xtramail sign in | Spark NZ

Detected technologies

Overall confidence: 100%
Detected patterns
  • <div class="[^"]*aem-Grid
  • /etc/designs/

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

467 kB
Transfer

1561 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
145 KB
12 KB
Document
General
Full URL
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.94.90.2 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fde2509c661f9f9c1e4fc80550297e92356f3b36b497b2bd790c648e25d0df80

Request headers

Accept-Language
fi-FI,fi;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-headers
Content-Type Range User-Agent X-Requested-With
access-control-allow-methods
GET HEAD OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
age
1
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=29030400, immutable
cf-cache-status
HIT
cf-ray
8891a08d49e98db0-HEL
content-encoding
br
content-type
text/html
date
Sat, 25 May 2024 01:07:11 GMT
server
cloudflare
vary
Accept-Encoding
x-ipfs-path
/ipfs/bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm/
x-ipfs-pop
rainbow-am6-01
x-ipfs-roots
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm
clientlib-all.css
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
836 KB
115 KB
Stylesheet
General
Full URL
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/clientlib-all.css
Requested by
Host: bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.94.90.2 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
cloudflare /
Resource Hash
26ad2f29829d8defbbeeb54cb3bc7df4c630b57125f1d93811309aa699be6b63

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 25 May 2024 01:07:11 GMT
content-encoding
br
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
x-ipfs-pop
rainbow-am6-03
server
cloudflare
x-ipfs-roots
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm,QmQMLDyUAiHJPniFgJBfq92fRR92PwrWPemh6yVCatJBPb
etag
W/"QmQMLDyUAiHJPniFgJBfq92fRR92PwrWPemh6yVCatJBPb"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control
public, max-age=29030400, immutable
x-ipfs-path
/ipfs/bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm/clientlib-all.css
cf-ray
8891a08daa158db0-HEL
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
clientlib-sparkv2.css
www.spark.co.nz/etc/designs/onespark/
116 KB
16 KB
Stylesheet
General
Full URL
https://www.spark.co.nz/etc/designs/onespark/clientlib-sparkv2.css
Requested by
Host: bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
146.171.248.36 , New Zealand, ASN2570 (TAS-SPARK-NZ Spark New Zealand Trading Ltd, NZ),
Reverse DNS
Software
/
Resource Hash
77bbfa0cb24fc3fbd863563814a419f68661054ada740bc501a03bea5d7ce7cc
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 25 May 2024 01:07:12 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self'
Last-Modified
Thu, 25 May 2023 01:26:25 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css;charset=utf-8
Cache-Control
max-age=900
X-Cnection
close
Accept-Ranges
bytes
Content-Length
15553
clientlib-forms.css
www.spark.co.nz/etc/designs/spark-responsive/
7 KB
2 KB
Stylesheet
General
Full URL
https://www.spark.co.nz/etc/designs/spark-responsive/clientlib-forms.css
Requested by
Host: bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
146.171.248.36 , New Zealand, ASN2570 (TAS-SPARK-NZ Spark New Zealand Trading Ltd, NZ),
Reverse DNS
Software
/
Resource Hash
2d98b01da0724db55fe327b97a09ef64c25598eb8d8194414e63de0e82a20d3d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 25 May 2024 01:07:12 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self'
Last-Modified
Wed, 27 May 2020 13:58:59 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css;charset=utf-8
Cache-Control
max-age=900
X-Cnection
close
Accept-Ranges
bytes
Content-Length
1569
xtramail-sign-in.css
www.spark.co.nz/etc/designs/xtramail/clientlib_xtramail/
38 KB
7 KB
Stylesheet
General
Full URL
https://www.spark.co.nz/etc/designs/xtramail/clientlib_xtramail/xtramail-sign-in.css
Requested by
Host: bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
146.171.248.36 , New Zealand, ASN2570 (TAS-SPARK-NZ Spark New Zealand Trading Ltd, NZ),
Reverse DNS
Software
/
Resource Hash
e1feb0cfb8121d6c37a4e8797daba314869376e63581c4e5d2ee36039a430a06
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 25 May 2024 01:07:12 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self'
Last-Modified
Sun, 24 Mar 2019 09:50:17 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css;charset=utf-8
Cache-Control
max-age=900
X-Cnection
close
Accept-Ranges
bytes
Content-Length
6240
xtramail-delete-account.css
www.spark.co.nz/etc/designs/xtramail/clientlib_xtramail/
37 KB
7 KB
Stylesheet
General
Full URL
https://www.spark.co.nz/etc/designs/xtramail/clientlib_xtramail/xtramail-delete-account.css
Requested by
Host: bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
146.171.248.36 , New Zealand, ASN2570 (TAS-SPARK-NZ Spark New Zealand Trading Ltd, NZ),
Reverse DNS
Software
/
Resource Hash
4d899b6b03c228edf05bda2e1107e08a20d446fdaad7b4276a936ae75827a7c5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 25 May 2024 01:07:12 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self'
Last-Modified
Sun, 04 Mar 2018 09:09:40 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css;charset=utf-8
Cache-Control
max-age=900
X-Cnection
close
Accept-Ranges
bytes
Content-Length
6145
shopping-disabled.svg
www.spark.co.nz/content/dam/telecomcms/responsive/icons-svg/
962 B
1 KB
Image
General
Full URL
https://www.spark.co.nz/content/dam/telecomcms/responsive/icons-svg/shopping-disabled.svg
Requested by
Host: bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
146.171.248.36 , New Zealand, ASN2570 (TAS-SPARK-NZ Spark New Zealand Trading Ltd, NZ),
Reverse DNS
Software
/
Resource Hash
4b91ad0b85c39f6789caf49cec4beb06b7b9f0e4d0ac8feff0de8f79fdd12d97
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 25 May 2024 01:07:12 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self'
Last-Modified
Sun, 10 Sep 2017 10:34:17 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Cache-Control
max-age=7200
X-Cnection
close
Accept-Ranges
bytes
Content-Length
512
purple.svg
www.spark.co.nz/content/dam/sparkdigital/images/logo/
34 KB
11 KB
Image
General
Full URL
https://www.spark.co.nz/content/dam/sparkdigital/images/logo/purple.svg
Requested by
Host: bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
146.171.248.36 , New Zealand, ASN2570 (TAS-SPARK-NZ Spark New Zealand Trading Ltd, NZ),
Reverse DNS
Software
/
Resource Hash
8cd0112b63387703de5702e3604c364adad1548f16f995fcc9c75ecef36f9119
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 25 May 2024 01:07:12 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self'
Last-Modified
Wed, 22 Mar 2017 03:37:11 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Cache-Control
max-age=7200
X-Cnection
close
Accept-Ranges
bytes
Content-Length
10484
shielded.png
www.spark.co.nz/content/dam/onespark/icon-images/
5 KB
6 KB
Image
General
Full URL
https://www.spark.co.nz/content/dam/onespark/icon-images/shielded.png
Requested by
Host: bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
146.171.248.36 , New Zealand, ASN2570 (TAS-SPARK-NZ Spark New Zealand Trading Ltd, NZ),
Reverse DNS
Software
/
Resource Hash
4589441ac97df1033c946f3403b0199cfb05e8ba3e406e21013d1af6965dd06a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 25 May 2024 01:07:13 GMT
Content-Security-Policy
frame-ancestors 'self'
X-Content-Type-Options
nosniff
Last-Modified
Thu, 07 Feb 2019 01:21:17 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=7200
X-Cnection
close
Accept-Ranges
bytes
Content-Length
5432
jquery.min.js
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
88 KB
32 KB
Script
General
Full URL
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/jquery.min.js
Requested by
Host: bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.94.90.2 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
cloudflare /
Resource Hash
85d481ca95cdd4e312fc5870a28f39b012acbe6cee76336d7e631d49c2ce3569

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 25 May 2024 01:07:11 GMT
content-encoding
br
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
x-ipfs-pop
rainbow-am6-03
server
cloudflare
x-ipfs-roots
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm,QmRQvYnikeowdQYc61bffkp49tPAVvwdvFZS5mGmbsfmUd
etag
W/"QmRQvYnikeowdQYc61bffkp49tPAVvwdvFZS5mGmbsfmUd"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control
public, max-age=29030400, immutable
x-ipfs-path
/ipfs/bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm/jquery.min.js
cf-ray
8891a08dda238db0-HEL
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
91b50bbb-9aa1-4d54-9159-ec6f19d14a7c.woff
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
73 KB
74 KB
Font
General
Full URL
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/91b50bbb-9aa1-4d54-9159-ec6f19d14a7c.woff
Requested by
Host: bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/clientlib-all.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.94.90.2 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb5460d12873f565566367d90c804bdcdfad6f80522ce61a8fdb03b1cfc156f5

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/clientlib-all.css
Origin
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 25 May 2024 01:07:13 GMT
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
content-length
75190
x-ipfs-pop
rainbow-am6-03
server
cloudflare
x-ipfs-roots
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm,QmdoqWCBAHSvza7PxzyooiHFq7GfarRTV4JXDDbT7s8hJD
etag
"QmdoqWCBAHSvza7PxzyooiHFq7GfarRTV4JXDDbT7s8hJD"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
font/woff
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control
public, max-age=29030400, immutable
x-ipfs-path
/ipfs/bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm/91b50bbb-9aa1-4d54-9159-ec6f19d14a7c.woff
accept-ranges
bytes
cf-ray
8891a0987e188db0-HEL
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
f26faddb-86cc-4477-a253-1e1287684336.woff
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
74 KB
75 KB
Font
General
Full URL
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/f26faddb-86cc-4477-a253-1e1287684336.woff
Requested by
Host: bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/clientlib-all.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.94.90.2 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c1bbdd52caac896e0afaf4e56e749b8181fb025bfc7afc16ea8f4f38ca99579

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/clientlib-all.css
Origin
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 25 May 2024 01:07:13 GMT
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
content-length
76214
x-ipfs-pop
rainbow-am6-03
server
cloudflare
x-ipfs-roots
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm,QmV4rh1mJPhZUaZkrVqKiPEVFvHNkwwhAE95MQ3vNWNAGx
etag
"QmV4rh1mJPhZUaZkrVqKiPEVFvHNkwwhAE95MQ3vNWNAGx"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
font/woff
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control
public, max-age=29030400, immutable
x-ipfs-path
/ipfs/bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm/f26faddb-86cc-4477-a253-1e1287684336.woff
accept-ranges
bytes
cf-ray
8891a0987e198db0-HEL
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
spark-icon-family.woff
www.spark.co.nz/content/dam/sparkresponsive/font/Fontello/
28 KB
29 KB
Font
General
Full URL
https://www.spark.co.nz/content/dam/sparkresponsive/font/Fontello/spark-icon-family.woff
Requested by
Host: www.spark.co.nz
URL: https://www.spark.co.nz/etc/designs/onespark/clientlib-sparkv2.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
146.171.248.36 , New Zealand, ASN2570 (TAS-SPARK-NZ Spark New Zealand Trading Ltd, NZ),
Reverse DNS
Software
/
Resource Hash
597577e553630e1a1a757b9a233376cc1c0ea7e590a796b708103f8b077b0631
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.spark.co.nz/etc/designs/onespark/clientlib-sparkv2.css
Origin
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 25 May 2024 01:07:14 GMT
Content-Security-Policy
frame-ancestors 'self'
X-Content-Type-Options
nosniff
Last-Modified
Wed, 07 Jun 2017 11:38:17 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
application/font-woff
Access-Control-Allow-Origin
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
Cache-Control
max-age=7200
X-Cnection
close
Accept-Ranges
bytes
Content-Length
28652
b8e906a1-f5e8-4bf1-8e80-82c646ca4d5f.woff
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
74 KB
75 KB
Font
General
Full URL
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/b8e906a1-f5e8-4bf1-8e80-82c646ca4d5f.woff
Requested by
Host: bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
URL: https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/clientlib-all.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.94.90.2 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c454d5bf7977f3dc91fc22f4e3648a607b72c3677c59d5a4ed04b6c7f42e964b

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/clientlib-all.css
Origin
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 25 May 2024 01:07:13 GMT
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
content-length
76262
x-ipfs-pop
rainbow-am6-03
server
cloudflare
x-ipfs-roots
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm,QmRu8YR74UogFVHMCiM9LoPbkL8faigvf5CaYa65NP3DX4
etag
"QmRu8YR74UogFVHMCiM9LoPbkL8faigvf5CaYa65NP3DX4"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
font/woff
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control
public, max-age=29030400, immutable
x-ipfs-path
/ipfs/bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm/b8e906a1-f5e8-4bf1-8e80-82c646ca4d5f.woff
accept-ranges
bytes
cf-ray
8891a0987e1a8db0-HEL
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
favicon_32.png
www.spark.co.nz/
4 KB
5 KB
Other
General
Full URL
https://www.spark.co.nz/favicon_32.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
146.171.248.36 , New Zealand, ASN2570 (TAS-SPARK-NZ Spark New Zealand Trading Ltd, NZ),
Reverse DNS
Software
/
Resource Hash
534fe5896097c5f707e499a35e69ee58fe0c7aed220e42e2341db6f0afe71a5a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 25 May 2024 01:07:15 GMT
Content-Security-Policy
frame-ancestors 'self'
X-Content-Type-Options
nosniff
Last-Modified
Sat, 16 Feb 2019 19:33:42 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=14400
X-Cnection
close
Accept-Ranges
bytes
Content-Length
4345

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Spark (Telecommunication)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| error

1 Cookies

Domain/Path Name / Value
bafybeiajwtow3rz47irjnflxvxipyjw54ojtmeo5razhzbajnati5kscfm.ipfs.dweb.link/ Name: __cflb
Value: 0H28vbmuGkgyS4Qdp1WuB2521r7t6gmYzrY8273bGXn