urlscan.io logo urlscan.io
SecurityTrails logo

ipfs.io Open in urlscan Pro
2602:fea2:2::1  Malicious Activity! Private Scan

Go To Rescan Add Verdict Report
Submitted URL: https://coloursatelec.com/vac1/?alt=media&token=033982e3-60ca-457e-b182-18a03119de12&data=d2ljQGNvLndvb2Qud2kudXM=&subf=Op...
Effective URL: https://ipfs.io/ipfs/QmU2WPX67Q4Xzuwm5bMU8xfns6xBY5ddombhQZAwe3sqKh/ahm.html?alt=media&token=033982e3-60ca-457e-...
Submission: On June 12 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 3 countries across 7 domains to perform 9 HTTP transactions. The main IP is 2602:fea2:2::1, located in United States and belongs to PROTOCOL, US. The main domain is ipfs.io. The Cisco Umbrella rank of the primary domain is 44817.
TLS certificate: Issued by R3 on June 11th 2023. Valid for: 3 months.
This is the only time ipfs.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: OneDrive (Online)

Domain & IP information

IP Address AS Autonomous System
1 85.217.144.171 211252 (AS_DELIS)
2 2001:67c:4e8:... 62041 (TELEGRAM)
1 2602:fea2:2::1 40680 (PROTOCOL)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 13.32.99.121 16509 (AMAZON-02)
9 8
1    85.217.144.171 (Reston, United States)

ASN211252 (AS_DELIS, US)
coloursatelec.com
2    2001:67c:4e8:f004::9 (Amsterdam, Netherlands)

ASN62041 (TELEGRAM, VG)
api.telegram.org
1    2602:fea2:2::1 (United States)

ASN40680 (PROTOCOL, US)
ipfs.io
2    2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    13.32.99.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-121.fra60.r.cloudfront.net
logo.clearbit.com
Apex Domain
Subdomains		 Transfer
2 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 993
32 KB
2 telegram.org
api.telegram.org — Cisco Umbrella Rank: 34493
262 B
1 clearbit.com
logo.clearbit.com — Cisco Umbrella Rank: 22747
27 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 263
6 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 422
31 KB
1 ipfs.io
ipfs.io — Cisco Umbrella Rank: 44817
403 KB
1 coloursatelec.com
coloursatelec.com
1 KB
9 7
Domain Requested by
2 maxcdn.bootstrapcdn.com ipfs.io
2 api.telegram.org coloursatelec.com
1 logo.clearbit.com
1 cdnjs.cloudflare.com ipfs.io
1 ajax.googleapis.com ipfs.io
1 ipfs.io coloursatelec.com
1 coloursatelec.com
9 7

This site contains no links.

Subject Issuer Validity Valid
coloursatelec.com
R3		 2023-05-16 -
2023-08-14		 3 months crt.sh
api.telegram.org
Go Daddy Secure Certificate Authority - G2		 2023-03-26 -
2024-04-26		 a year crt.sh
dweb.link
R3		 2023-06-11 -
2023-09-09		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-12-30 -
2023-12-30		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-05-19 -
2023-08-11		 3 months crt.sh
clearbit.com
Amazon RSA 2048 M02		 2023-02-21 -
2024-03-21		 a year crt.sh

This page contains 1 frames:

Primary Page: https://ipfs.io/ipfs/QmU2WPX67Q4Xzuwm5bMU8xfns6xBY5ddombhQZAwe3sqKh/ahm.html?alt=media&token=033982e3-60ca-457e-b182-18a03119de12&data=d2ljQGNvLndvb2Qud2kudXM=&subf=Open%20Vacations.pdf&file=Vacation_Submissions.pdf
Frame ID: 0A0A41F14ED524FA427011B5EE2D0B48
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Staff Email- Sign in Required - 2022

Page URL History Show full URLs

  1. https://coloursatelec.com/vac1/?alt=media&token=033982e3-60ca-457e-b182-18a03119de12&data=d2ljQGNvLndv... Page URL
  2. https://ipfs.io/ipfs/QmU2WPX67Q4Xzuwm5bMU8xfns6xBY5ddombhQZAwe3sqKh/ahm.html?alt=media&token... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

71 %
IPv6

7
Domains

7
Subdomains

8
IPs

3
Countries

500 kB
Transfer

2117 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://coloursatelec.com/vac1/?alt=media&token=033982e3-60ca-457e-b182-18a03119de12&data=d2ljQGNvLndvb2Qud2kudXM=&subf=Open%20Vacations.pdf&foldr=Human%20Resources&file=Vacation_Submissions.pdf Page URL
  2. https://ipfs.io/ipfs/QmU2WPX67Q4Xzuwm5bMU8xfns6xBY5ddombhQZAwe3sqKh/ahm.html?alt=media&token=033982e3-60ca-457e-b182-18a03119de12&data=d2ljQGNvLndvb2Qud2kudXM=&subf=Open%20Vacations.pdf&file=Vacation_Submissions.pdf Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
coloursatelec.com/vac1/ 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://coloursatelec.com/vac1/?alt=media&token=033982e3-60ca-457e-b182-18a03119de12&data=d2ljQGNvLndvb2Qud2kudXM=&subf=Open%20Vacations.pdf&foldr=Human%20Resources&file=Vacation_Submissions.pdf
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
85.217.144.171 Reston, United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
1067
content-type
text/html; charset=utf-8
date
Mon, 12 Jun 2023 14:06:27 GMT
etag
"a45-5fdd63dba4700-gzip"
last-modified
Sun, 11 Jun 2023 08:18:04 GMT
server
nginx
vary
Accept-Encoding
sendMessage
api.telegram.org/bot6228585037:AAH8ix5TnPzMH84OzTGK3HI7x4UG3chwAgI/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.telegram.org/bot6228585037:AAH8ix5TnPzMH84OzTGK3HI7x4UG3chwAgI/sendMessage
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://coloursatelec.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Type,Date,Server,Connection
access-control-max-age
86400
date
Mon, 12 Jun 2023 14:06:27 GMT
server
nginx/1.18.0
sendMessage
api.telegram.org/bot6228585037:AAH8ix5TnPzMH84OzTGK3HI7x4UG3chwAgI/ 		56 B
262 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.telegram.org/bot6228585037:AAH8ix5TnPzMH84OzTGK3HI7x4UG3chwAgI/sendMessage
Requested by
Host: coloursatelec.com
URL: https://coloursatelec.com/vac1/?alt=media&token=033982e3-60ca-457e-b182-18a03119de12&data=d2ljQGNvLndvb2Qud2kudXM=&subf=Open%20Vacations.pdf&foldr=Human%20Resources&file=Vacation_Submissions.pdf
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://coloursatelec.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-type
application/json; charset=UTF-8

Response headers

access-control-allow-origin
*
date
Mon, 12 Jun 2023 14:06:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-expose-headers
Content-Length,Content-Type,Date,Server,Connection
server
nginx/1.18.0
content-length
56
content-type
application/json
Primary Request ahm.html
ipfs.io/ipfs/QmU2WPX67Q4Xzuwm5bMU8xfns6xBY5ddombhQZAwe3sqKh/ 		1 MB
403 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ipfs.io/ipfs/QmU2WPX67Q4Xzuwm5bMU8xfns6xBY5ddombhQZAwe3sqKh/ahm.html?alt=media&token=033982e3-60ca-457e-b182-18a03119de12&data=d2ljQGNvLndvb2Qud2kudXM=&subf=Open%20Vacations.pdf&file=Vacation_Submissions.pdf
Requested by
Host: coloursatelec.com
URL: https://coloursatelec.com/vac1/?alt=media&token=033982e3-60ca-457e-b182-18a03119de12&data=d2ljQGNvLndvb2Qud2kudXM=&subf=Open%20Vacations.pdf&foldr=Human%20Resources&file=Vacation_Submissions.pdf
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
openresty /
Resource Hash
48271b611151d32d295b28262b4249d09cf977f2aeaa30e6195e9a687eff23de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://coloursatelec.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
access-control-allow-methods
GET GET, POST, OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Range, X-Chunked-Output, X-Stream-Output
cache-control
public, max-age=29030400, immutable
content-encoding
gzip
content-type
text/html
date
Mon, 12 Jun 2023 14:06:28 GMT
etag
W/"QmXwvLzkQgBQcWUPmmdtnwqqhXYbcgBHng17Yu5SSRkUmB"
server
openresty
strict-transport-security
max-age=31536000; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
x-bfid
dd049bde231addff6a141e4c88ddc7b1
x-ipfs-datasize
1491321
x-ipfs-gateway-host
ipfs-bank1-fr2
x-ipfs-lb-pop
gateway-bank2-fr2
x-ipfs-path
/ipfs/QmU2WPX67Q4Xzuwm5bMU8xfns6xBY5ddombhQZAwe3sqKh/ahm.html
x-ipfs-pop
ipfs-bank1-fr2
x-ipfs-roots
QmU2WPX67Q4Xzuwm5bMU8xfns6xBY5ddombhQZAwe3sqKh,QmXwvLzkQgBQcWUPmmdtnwqqhXYbcgBHng17Yu5SSRkUmB
x-proxy-cache
MISS
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/ 		119 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css
Requested by
Host: ipfs.io
URL: https://ipfs.io/ipfs/QmU2WPX67Q4Xzuwm5bMU8xfns6xBY5ddombhQZAwe3sqKh/ahm.html?alt=media&token=033982e3-60ca-457e-b182-18a03119de12&data=d2ljQGNvLndvb2Qud2kudXM=&subf=Open%20Vacations.pdf&file=Vacation_Submissions.pdf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ipfs.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Mon, 12 Jun 2023 14:06:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
617, 617
age
11350236
cdn-cachedat
2021-06-08 14:28:03
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:00 GMT
server
cloudflare
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
d06b2a01fb9f3475d74eef77ae825085
timing-allow-origin
*
cdn-requestcountrycode
US
cdn-status
200
cf-ray
7d62a7924f1c3637-FRA
cdn-requestpullsuccess
True
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
Requested by
Host: ipfs.io
URL: https://ipfs.io/ipfs/QmU2WPX67Q4Xzuwm5bMU8xfns6xBY5ddombhQZAwe3sqKh/ahm.html?alt=media&token=033982e3-60ca-457e-b182-18a03119de12&data=d2ljQGNvLndvb2Qud2kudXM=&subf=Open%20Vacations.pdf&file=Vacation_Submissions.pdf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ipfs.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Mon, 12 Jun 2023 04:17:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
35329
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31017
x-xss-protection
0
last-modified
Wed, 10 Mar 2021 14:28:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 11 Jun 2024 04:17:39 GMT
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/ 		39 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js
Requested by
Host: ipfs.io
URL: https://ipfs.io/ipfs/QmU2WPX67Q4Xzuwm5bMU8xfns6xBY5ddombhQZAwe3sqKh/ahm.html?alt=media&token=033982e3-60ca-457e-b182-18a03119de12&data=d2ljQGNvLndvb2Qud2kudXM=&subf=Open%20Vacations.pdf&file=Vacation_Submissions.pdf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://ipfs.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Mon, 12 Jun 2023 14:06:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
637, 617, 617
age
11350238
cdn-cachedat
2021-06-08 12:10:24
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:00 GMT
server
cloudflare
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
8d0dcd7f8e443770a3d04e0938c8e32f
timing-allow-origin
*
cdn-requestcountrycode
US
cdn-status
200
cf-ray
7d62a7924f1d3637-FRA
cdn-requestpullsuccess
True
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 		30 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: ipfs.io
URL: https://ipfs.io/ipfs/QmU2WPX67Q4Xzuwm5bMU8xfns6xBY5ddombhQZAwe3sqKh/ahm.html?alt=media&token=033982e3-60ca-457e-b182-18a03119de12&data=d2ljQGNvLndvb2Qud2kudXM=&subf=Open%20Vacations.pdf&file=Vacation_Submissions.pdf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ipfs.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Mon, 12 Jun 2023 14:06:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
513833
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
5631
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-7918"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UD1aZ1zW8aRbeOZ1laZROCYo%2F1Bdt92oiLsyBD9%2FFGub8dtV03RvrmTca5UTVvQmAiLRbzJWa6QyIDVDVxFRdZ0PklucYm37x5DHS%2FzHtzK6dwr8w8H9kzl35E515hLbfCNCJ%2BoI%2Fg15G83X4Kw6dc4E"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7d62a7924d213a73-FRA
expires
Sat, 01 Jun 2024 14:06:28 GMT
truncated
/ 		52 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
418019d168be0b2926def4bccd3f573c79489a736cb12b8277ec6ef423819582

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		50 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
387e2eaa68dbdd9f8e42c82099cdf8a8d594b71e07810f3a7337989023e25770

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		49 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b8953f2ea0efd62e46e65782785223b47e185e90b076fd5f35659be1498061af

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		73 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9d65a2723cb391bb30084a73addd71eed842868db177658892af4c4f0d864258

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		52 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e9b4fe843eda020b02e3cc8298903e9b3e64c96e5e88307ab07ae666681a396e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		50 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ba637cdcb265213c86f775d0e251aa33ea0dc87507ff978f98ecbc3d6b916253

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		31 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f11be9462b7e9a3674af7da5703bd38de9ea871846d4e3d12cd3871cc61b62e8

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type
image/png
co.wood.wi.us
logo.clearbit.com/ 		26 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logo.clearbit.com/co.wood.wi.us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-121.fra60.r.cloudfront.net
Software
envoy /
Resource Hash
8e84ec45dd1b587f5c407acc6cbdcbacdb9a1414e8ecde85f530e37bc092dc01
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ipfs.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Sat, 10 Jun 2023 23:03:34 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-envoy-response-flags
-
via
1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
server
envoy
x-amz-cf-pop
FRA60-P3
age
140574
x-cache
Hit from cloudfront
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=2592000
x-amz-cf-id
kQcFSTxPRoP8R6hB63SaKm3FBG5u5kOrurxRcMzxavR5YtGLhmfyrA==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: OneDrive (Online)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend function| $ function| jQuery function| E function| U function| q

0 Cookies

4 Console Messages

Source Level URL
Text
network error URL: https://api.telegram.org/bot6228585037:AAH8ix5TnPzMH84OzTGK3HI7x4UG3chwAgI/sendMessage
Message:
Failed to load resource: the server responded with a status of 400 ()
javascript warning URL: https://ipfs.io/ipfs/QmU2WPX67Q4Xzuwm5bMU8xfns6xBY5ddombhQZAwe3sqKh/ahm.html?alt=media&token=033982e3-60ca-457e-b182-18a03119de12&data=d2ljQGNvLndvb2Qud2kudXM=&subf=Open%20Vacations.pdf&file=Vacation_Submissions.pdf(Line 2)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://ipfs.io/ipfs/QmU2WPX67Q4Xzuwm5bMU8xfns6xBY5ddombhQZAwe3sqKh/ahm.html?alt=media&token=033982e3-60ca-457e-b182-18a03119de12&data=d2ljQGNvLndvb2Qud2kudXM=&subf=Open%20Vacations.pdf&file=Vacation_Submissions.pdf(Line 2)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://ipfs.io/ipfs/QmU2WPX67Q4Xzuwm5bMU8xfns6xBY5ddombhQZAwe3sqKh/ahm.html?alt=media&token=033982e3-60ca-457e-b182-18a03119de12&data=d2ljQGNvLndvb2Qud2kudXM=&subf=Open%20Vacations.pdf&file=Vacation_Submissions.pdf(Line 2)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.