urlscan.io logo urlscan.io
SecurityTrails logo

btconnect-40687f.webflow.io Open in urlscan Pro
151.101.130.132  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://btconnect-40687f.webflow.io/
Submission: On November 21 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 7 HTTP transactions. The main IP is 151.101.130.132, located in United States and belongs to FASTLY, US. The main domain is btconnect-40687f.webflow.io.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2022 Q2 on May 24th 2022. Valid for: a year.
This is the only time btconnect-40687f.webflow.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BT (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
1 151.101.130.132 54113 (FASTLY)
5 18.66.112.13 16509 (AMAZON-02)
1 143.204.42.215 16509 (AMAZON-02)
7 3
Apex Domain
Subdomains		 Transfer
5 webflow.com
uploads-ssl.webflow.com — Cisco Umbrella Rank: 11690
113 KB
1 cloudfront.net
d3e54v103j8qbb.cloudfront.net
30 KB
1 webflow.io
btconnect-40687f.webflow.io
2 KB
7 3
Domain Requested by
5 uploads-ssl.webflow.com btconnect-40687f.webflow.io
1 d3e54v103j8qbb.cloudfront.net btconnect-40687f.webflow.io
1 btconnect-40687f.webflow.io
7 3

This site contains no links.

Subject Issuer Validity Valid
*.webflow.io
GlobalSign Atlas R3 DV TLS CA 2022 Q2		 2022-05-24 -
2023-06-25		 a year crt.sh
uploads-ssl.webflow.com
Amazon		 2022-08-28 -
2023-09-26		 a year crt.sh
*.cloudfront.net
Amazon		 2022-02-01 -
2023-01-31		 a year crt.sh

This page contains 1 frames:

Primary Page: https://btconnect-40687f.webflow.io/
Frame ID: 9BEA2F24DA64ECBD8FC27E7046EAE0F2
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

BTCONNECT

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

145 kB
Transfer

257 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
btconnect-40687f.webflow.io/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://btconnect-40687f.webflow.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a62cd857c70bc24385350d1d5627cd6fb2f012b19965a365d6ac4b4fe5a1ae77
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
5
content-encoding
gzip
content-length
1521
content-security-policy
frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com
content-type
text/html
date
Mon, 21 Nov 2022 13:25:16 GMT
vary
Accept-Encoding,x-wf-forwarded-proto
via
1.1 varnish, 1.1 varnish
x-cache
HIT, HIT
x-cache-hits
17, 1
x-served-by
cache-iad-kcgs7200173-IAD, cache-hhn4046-HHN
x-timer
S1669037117.890986,VS0,VE1
btconnect-40687f.webflow.e89890d6e.css
uploads-ssl.webflow.com/637b250aceb5f74a4b957168/css/ 		32 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://uploads-ssl.webflow.com/637b250aceb5f74a4b957168/css/btconnect-40687f.webflow.e89890d6e.css
Requested by
Host: btconnect-40687f.webflow.io
URL: https://btconnect-40687f.webflow.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-13.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b202e5ec434c46c2a05dd78764c38f8899fb823b5632b24fd8f5daedb76e3931

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://btconnect-40687f.webflow.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 10:14:50 GMT
content-encoding
gzip
via
1.1 0afa2d721972ae312ad1dd54e47c43ca.cloudfront.net (CloudFront)
x-amz-version-id
WKucsPEDiLo1.OtU_a00vzqC6Jd5WF9Y
age
11427
x-amz-cf-pop
FRA56-P5
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
8441
last-modified
Mon, 21 Nov 2022 07:16:47 GMT
server
AmazonS3
etag
"30d884f0ee92867d3d98bcca50f7d65d"
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
JTVoK_oT9FPZknHgu98siJ2djJSBbtCB1OxOdI4LUulzs79Fc_h6Ug==
jquery-3.5.1.min.dc5e7f18c8.js
d3e54v103j8qbb.cloudfront.net/js/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=637b250aceb5f74a4b957168
Requested by
Host: btconnect-40687f.webflow.io
URL: https://btconnect-40687f.webflow.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.42.215 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-42-215.osl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer
https://btconnect-40687f.webflow.io/
Origin
https://btconnect-40687f.webflow.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Sun, 20 Nov 2022 19:59:36 GMT
content-encoding
br
via
1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
age
62763
x-amz-cf-pop
OSL50-C1
x-cache
Hit from cloudfront
last-modified
Mon, 20 Jul 2020 17:53:02 GMT
server
AmazonS3
etag
W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
vary
Accept-Encoding
x-amz-cf-id
SO4XTzcpwh-WfDX84nXKIGIauWuU17S9Xo2kGktc6mnPeeXr4eSIhg==
webflow.b3d2d5f11.js
uploads-ssl.webflow.com/637b250aceb5f74a4b957168/js/ 		46 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uploads-ssl.webflow.com/637b250aceb5f74a4b957168/js/webflow.b3d2d5f11.js
Requested by
Host: btconnect-40687f.webflow.io
URL: https://btconnect-40687f.webflow.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-13.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
70fcf1bfc5ddb16ea115ad8b58c5adba00a00b2d14c5c988a779418245a65ab2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://btconnect-40687f.webflow.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 10:14:50 GMT
content-encoding
gzip
via
1.1 0afa2d721972ae312ad1dd54e47c43ca.cloudfront.net (CloudFront)
x-amz-version-id
KuBIt0_Fv7TQ9vEJ7HsJ_9DOBqSqA9vx
age
11427
x-amz-cf-pop
FRA56-P5
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
16221
last-modified
Mon, 21 Nov 2022 07:16:47 GMT
server
AmazonS3
etag
"ffc49880dc6f8d63dc03de5a9b9655ee"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
mHxXmCs1xQcV_gUd_GlH-g3lMN5sd8NtIPRiwyKranFGjLQ0_yc0sw==
637b25438a55d6574d0d015f_62d7fa08f77d8119faaddfd4_btheader-p-1600.jpg
uploads-ssl.webflow.com/637b250aceb5f74a4b957168/ 		26 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uploads-ssl.webflow.com/637b250aceb5f74a4b957168/637b25438a55d6574d0d015f_62d7fa08f77d8119faaddfd4_btheader-p-1600.jpg
Requested by
Host: btconnect-40687f.webflow.io
URL: https://btconnect-40687f.webflow.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-13.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5ba52412e7008273d96a2f54d6daae84f1a2db6c31bba2678e30cbada326b1be

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://btconnect-40687f.webflow.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 10:17:51 GMT
x-amz-version-id
jraxMK3odEd_nvw1hwwvp5tm8VLL3gw9
via
1.1 0afa2d721972ae312ad1dd54e47c43ca.cloudfront.net (CloudFront)
age
11246
x-amz-cf-pop
FRA56-P5
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
26743
last-modified
Mon, 21 Nov 2022 07:14:14 GMT
server
AmazonS3
etag
"1695b02860f962705f0025843003af9a"
content-type
image/jpg
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate
accept-ranges
bytes
x-amz-cf-id
OIc4WcRspaYdwznSpNXAbvcavXqkZBidkQUWN8tezNBI4xsHQNFVNw==
637b2567359e1d0d93a2617c_Screenshot%20(1263)-p-500.png
uploads-ssl.webflow.com/637b250aceb5f74a4b957168/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uploads-ssl.webflow.com/637b250aceb5f74a4b957168/637b2567359e1d0d93a2617c_Screenshot%20(1263)-p-500.png
Requested by
Host: btconnect-40687f.webflow.io
URL: https://btconnect-40687f.webflow.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-13.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0655a7180d93cc26ca0d45bad7cea43ba04d4f4f81952caf85dd3146602bef3f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://btconnect-40687f.webflow.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 10:25:08 GMT
x-amz-version-id
op_2TREVlaXeNI3RaNKwqhk7N1PE.p7m
via
1.1 0afa2d721972ae312ad1dd54e47c43ca.cloudfront.net (CloudFront)
age
10809
x-amz-cf-pop
FRA56-P5
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
32367
last-modified
Mon, 21 Nov 2022 07:14:50 GMT
server
AmazonS3
etag
"87bd8534fd5a09cc15f5cfb1256a91bd"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate
accept-ranges
bytes
x-amz-cf-id
ZwNOJyKcD1nYxs7Bty1qaRuZvlG486i14Yexb8iWBPQYD6UyKLcBIQ==
637b25552913f92ab953131e_Screenshot%20(1265)-p-1600.png
uploads-ssl.webflow.com/637b250aceb5f74a4b957168/ 		29 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uploads-ssl.webflow.com/637b250aceb5f74a4b957168/637b25552913f92ab953131e_Screenshot%20(1265)-p-1600.png
Requested by
Host: btconnect-40687f.webflow.io
URL: https://btconnect-40687f.webflow.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-13.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
68ec8b9bc5c6889f0171bf292294c7eafdf8f6a34163a068d63b020886e2afe7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://btconnect-40687f.webflow.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 10:17:50 GMT
x-amz-version-id
m82fR4xIszcDG.9js9uz1D.9mqrwmnKp
via
1.1 0afa2d721972ae312ad1dd54e47c43ca.cloudfront.net (CloudFront)
age
11247
x-amz-cf-pop
FRA56-P5
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
29847
last-modified
Mon, 21 Nov 2022 07:14:33 GMT
server
AmazonS3
etag
"295188494ac6fb7e5cbd1cbee83386a1"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate
accept-ranges
bytes
x-amz-cf-id
b18h8uhy2dku-WSg4dT-rDytg8RKGxwYr5CezbToolmSkOriBxa3Jg==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BT (Telecommunication)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| tram object| Webflow

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com