urlscan.io logo urlscan.io
SecurityTrails logo

bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link Open in urlscan Pro
2602:fea2:2::2  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Submission: On July 08 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 8 HTTP transactions. The main IP is 2602:fea2:2::2, located in United States and belongs to PROTOCOL, US. The main domain is bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link.
TLS certificate: Issued by E6 on June 14th 2024. Valid for: 3 months.
This is the only time bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
3 2602:fea2:2::2 40680 (PROTOCOL)
1 2a00:1450:400... 15169 (GOOGLE)
2 209.94.90.2 40680 (PROTOCOL)
8 4
Domain Requested by
5 bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link
1 encrypted-tbn0.gstatic.com bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link
0 www.computerhope.com Failed bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link
0 www.wqe.16mb.com Failed bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link
8 4

This site contains links to these domains. Also see Links.

Domain
get.adobe.com
Subject Issuer Validity Valid
dweb.link
E6		 2024-06-14 -
2024-09-12		 3 months crt.sh
*.gstatic.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Frame ID: 026DD9F677361F366680A5C0F2A422A1
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Download Document - Adobe Sign In

Page Statistics

8
Requests

75 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

64 kB
Transfer

152 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/ 		83 KB
50 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2602:fea2:2::2 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
cloudflare /
Resource Hash
632de02c198517de02a7837d714c16cab8b6bae690f6cbf3adfad7c0d0faab06

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-headers
Content-Type Range User-Agent X-Requested-With
access-control-allow-methods
GET HEAD OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
age
763176
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=29030400, immutable
cf-cache-status
HIT
cf-ray
89fc33379d145b32-FRA
content-encoding
br
content-type
text/html
date
Mon, 08 Jul 2024 01:11:24 GMT
server
cloudflare
vary
Accept-Encoding
x-ipfs-path
/ipfs/bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay/
x-ipfs-pop
rainbow-am6-02
x-ipfs-roots
bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay
images
encrypted-tbn0.gstatic.com/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRGA-AAufqAvH_jrYtr_AztiK6QCMXUXp6vxIwAP23kiRbekdSl
Requested by
Host: bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link
URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
de2c1a0cfc9fe2a92c3151d4ac11a5582323963d7107258571ab420819e4b97c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 22:07:27 GMT
x-content-type-options
nosniff
age
11037
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7494
x-xss-protection
0
last-modified
Sat, 27 Jul 2019 08:06:30 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Mon, 07 Jul 2025 22:07:27 GMT
SpryValidationTextField.css
bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/Adobe%20Sign%20In_files/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/Adobe%20Sign%20In_files/SpryValidationTextField.css
Requested by
Host: bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link
URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2602:fea2:2::2 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 08 Jul 2024 01:11:24 GMT
cf-cache-status
EXPIRED
x-ipfs-pop
rainbow-fr2-03
server
cloudflare
vary
Accept-Encoding
content-type
text/html
cf-ray
89fc3337bd1c5b32-FRA
alt-svc
h3=":443"; ma=86400
style.css
bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/Adobe%20Sign%20In_files/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/Adobe%20Sign%20In_files/style.css
Requested by
Host: bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link
URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2602:fea2:2::2 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 08 Jul 2024 01:11:24 GMT
cf-cache-status
EXPIRED
x-ipfs-pop
rainbow-fr2-03
server
cloudflare
vary
Accept-Encoding
content-type
text/html
cf-ray
89fc3337bd1d5b32-FRA
alt-svc
h3=":443"; ma=86400
SpryValidationTextField.js
bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/Adobe%20Sign%20In_files/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/Adobe%20Sign%20In_files/SpryValidationTextField.js
Requested by
Host: bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link
URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.94.90.2 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 08 Jul 2024 01:11:24 GMT
cf-cache-status
EXPIRED
x-ipfs-pop
rainbow-fr2-03
server
cloudflare
vary
Accept-Encoding
content-type
text/html
cf-ray
89fc3337e8f29bf8-FRA
alt-svc
h3=":443"; ma=86400
truncated
/ 		48 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b017df1defe56bb74395e69cf291beea481d7f97cdbe2cd50e9ea9f86f5570ca

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/jpeg
pdf-logo.png
www.wqe.16mb.com/b/Adobe%20Sign%20In_files/ 		0
0
truncated
/ 		7 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
151a92f94a4b7825a6e371c967e7250d86d058496e5b4a97b857d61c324af806

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/jpeg
bg_form.png
bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/images/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/images/bg_form.png
Requested by
Host: bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link
URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.94.90.2 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
cloudflare /
Resource Hash
11f646822d898789be77abe95d18e99920b64dd226774c57d2b64035b8c9eca4

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 08 Jul 2024 01:11:24 GMT
cf-cache-status
EXPIRED
x-ipfs-pop
rainbow-fr2-03
server
cloudflare
vary
Accept-Encoding
content-type
text/html
cf-ray
89fc3338290b9bf8-FRA
alt-svc
h3=":443"; ma=86400
acrobatpdf.jpg
www.computerhope.com/jargon/p/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.wqe.16mb.com
URL
https://www.wqe.16mb.com/b/Adobe%20Sign%20In_files/pdf-logo.png
Domain
www.computerhope.com
URL
https://www.computerhope.com/jargon/p/acrobatpdf.jpg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage function| MM_goToURL function| validateForm undefined| sprytextfield1 undefined| sprytextfield2

1 Cookies

Domain/Path Name / Value
bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/ Name: __cflb
Value: 02DiuGheHjoGKaVk2YFs9uLjFQyCR7qgEdgKnEicxhA2x

6 Console Messages

Source Level URL
Text
security warning URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/(Line 273)
Message:
Mixed Content: The page at 'https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/' was loaded over HTTPS, but requested an insecure element 'http://www.wqe.16mb.com/b/Adobe%20Sign%20In_files/pdf-logo.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
network error URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/Adobe%20Sign%20In_files/SpryValidationTextField.css
Message:
Failed to load resource: the server responded with a status of 410 ()
network error URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/Adobe%20Sign%20In_files/style.css
Message:
Failed to load resource: the server responded with a status of 410 ()
network error URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/Adobe%20Sign%20In_files/SpryValidationTextField.js
Message:
Failed to load resource: the server responded with a status of 410 ()
security warning URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Message:
Mixed Content: The page at 'https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/' was loaded over HTTPS, but requested an insecure element 'http://www.computerhope.com/jargon/p/acrobatpdf.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
network error URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/images/bg_form.png
Message:
Failed to load resource: the server responded with a status of 410 ()