btconnect-40687f.webflow.io
Open in
urlscan Pro
151.101.130.132
Malicious Activity!
Public Scan
Submission: On November 21 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2022 Q2 on May 24th 2022. Valid for: a year.
This is the only time btconnect-40687f.webflow.io was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BT (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 151.101.130.132 151.101.130.132 | 54113 (FASTLY) (FASTLY) | |
5 | 18.66.112.13 18.66.112.13 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 143.204.42.215 143.204.42.215 | 16509 (AMAZON-02) (AMAZON-02) | |
7 | 3 |
ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-13.fra56.r.cloudfront.net
uploads-ssl.webflow.com |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-42-215.osl50.r.cloudfront.net
d3e54v103j8qbb.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
webflow.com
uploads-ssl.webflow.com — Cisco Umbrella Rank: 11690 |
113 KB |
1 |
cloudfront.net
d3e54v103j8qbb.cloudfront.net |
30 KB |
1 |
webflow.io
btconnect-40687f.webflow.io |
2 KB |
7 | 3 |
Domain | Requested by | |
---|---|---|
5 | uploads-ssl.webflow.com |
btconnect-40687f.webflow.io
|
1 | d3e54v103j8qbb.cloudfront.net |
btconnect-40687f.webflow.io
|
1 | btconnect-40687f.webflow.io | |
7 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.webflow.io GlobalSign Atlas R3 DV TLS CA 2022 Q2 |
2022-05-24 - 2023-06-25 |
a year | crt.sh |
uploads-ssl.webflow.com Amazon |
2022-08-28 - 2023-09-26 |
a year | crt.sh |
*.cloudfront.net Amazon |
2022-02-01 - 2023-01-31 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://btconnect-40687f.webflow.io/
Frame ID: 9BEA2F24DA64ECBD8FC27E7046EAE0F2
Requests: 7 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
btconnect-40687f.webflow.io/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
btconnect-40687f.webflow.e89890d6e.css
uploads-ssl.webflow.com/637b250aceb5f74a4b957168/css/ |
32 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.min.dc5e7f18c8.js
d3e54v103j8qbb.cloudfront.net/js/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webflow.b3d2d5f11.js
uploads-ssl.webflow.com/637b250aceb5f74a4b957168/js/ |
46 KB 16 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
637b25438a55d6574d0d015f_62d7fa08f77d8119faaddfd4_btheader-p-1600.jpg
uploads-ssl.webflow.com/637b250aceb5f74a4b957168/ |
26 KB 27 KB |
Image
image/jpg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
637b2567359e1d0d93a2617c_Screenshot%20(1263)-p-500.png
uploads-ssl.webflow.com/637b250aceb5f74a4b957168/ |
32 KB 32 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
637b25552913f92ab953131e_Screenshot%20(1265)-p-1600.png
uploads-ssl.webflow.com/637b250aceb5f74a4b957168/ |
29 KB 30 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BT (Telecommunication)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| tram object| Webflow0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
btconnect-40687f.webflow.io
d3e54v103j8qbb.cloudfront.net
uploads-ssl.webflow.com
143.204.42.215
151.101.130.132
18.66.112.13
0655a7180d93cc26ca0d45bad7cea43ba04d4f4f81952caf85dd3146602bef3f
5ba52412e7008273d96a2f54d6daae84f1a2db6c31bba2678e30cbada326b1be
68ec8b9bc5c6889f0171bf292294c7eafdf8f6a34163a068d63b020886e2afe7
70fcf1bfc5ddb16ea115ad8b58c5adba00a00b2d14c5c988a779418245a65ab2
a62cd857c70bc24385350d1d5627cd6fb2f012b19965a365d6ac4b4fe5a1ae77
b202e5ec434c46c2a05dd78764c38f8899fb823b5632b24fd8f5daedb76e3931
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d