bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link
Open in
urlscan Pro
209.94.90.2
Malicious Activity!
Public Scan
Submission: On July 27 via api from US — Scanned from DE
Summary
TLS certificate: Issued by E6 on June 14th 2024. Valid for: 3 months.
This is the only time bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 209.94.90.2 209.94.90.2 | 40680 (PROTOCOL) (PROTOCOL) | |
1 | 104.131.67.145 104.131.67.145 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
2 2 | 2606:4700::68... 2606:4700::6812:bd73 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700::68... 2606:4700::6812:1ac4 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:80b::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a02:c0:ac:7:... 2a02:c0:ac:7:fe::193 | 39029 (REDPILL-L...) (REDPILL-LINPRO Redpill Linpro) | |
6 | 5 |
ASN40680 (PROTOCOL, US)
bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link |
ASN39029 (REDPILL-LINPRO Redpill Linpro, NO)
images-global.nhst.tech |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
dhlecommerce.nl
www.dhlecommerce.nl — Cisco Umbrella Rank: 417055 |
3 KB |
2 |
dhlparcel.nl
2 redirects
www.dhlparcel.nl |
852 B |
1 |
nhst.tech
images-global.nhst.tech — Cisco Umbrella Rank: 421261 |
221 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 641 |
30 KB |
1 |
freebiesupply.com
cdn.freebiesupply.com — Cisco Umbrella Rank: 298991 |
45 KB |
1 |
dweb.link
bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link |
3 KB |
6 | 6 |
Domain | Requested by | |
---|---|---|
2 | www.dhlecommerce.nl |
bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link
|
2 | www.dhlparcel.nl | 2 redirects |
1 | images-global.nhst.tech |
bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link
|
1 | ajax.googleapis.com |
bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link
|
1 | cdn.freebiesupply.com |
bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link
|
1 | bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link | |
6 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
dweb.link E6 |
2024-06-14 - 2024-09-12 |
3 months | crt.sh |
cdn.freebiesupply.com R11 |
2024-06-16 - 2024-09-14 |
3 months | crt.sh |
upload.video.google.com WR2 |
2024-07-01 - 2024-09-23 |
3 months | crt.sh |
nhst.tech R10 |
2024-06-24 - 2024-09-22 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link/
Frame ID: 66C63FD1AAE5AB42CB6D547EC0FE1A5F
Requests: 6 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://www.dhlparcel.nl/themes/custom/dp_theme/images/logo.svg HTTP 301
- https://www.dhlecommerce.nl/themes/custom/dp_theme/images/logo.svg
- https://www.dhlparcel.nl/themes/custom/dp_theme/favicon.ico HTTP 301
- https://www.dhlecommerce.nl/themes/custom/dp_theme/favicon.ico
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
/
bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link/ |
10 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dhl-1-logo-png-transparent.png
cdn.freebiesupply.com/logos/large/2x/ |
45 KB 45 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.svg
www.dhlecommerce.nl/themes/custom/dp_theme/images/ Redirect Chain
|
3 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0f2521703767006c88f7c21a24cf991e
images-global.nhst.tech/image/WEdHSVZ5eU5vT01Ia25OS1duVnowOWNrSFJyVXFmRzdZOFhBcjNhZ3g4Zz0=/nhst/binary/ |
221 KB 221 KB |
Image
image/jpg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
www.dhlecommerce.nl/themes/custom/dp_theme/ Redirect Chain
|
7 KB 2 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.dhlparcel.nl/ | Name: _cfuvid Value: gbVBmgOh0g7XQMiwj4KqDgqUGwBYXVBh9QwFfx23eLw-1722093692524-0.0.1.1-604800000 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
bafybeiehyvd2x6zve34foj2w7rqetlf5oewqnmzhcoflovfuna6jjbyjoa.ipfs.dweb.link
cdn.freebiesupply.com
images-global.nhst.tech
www.dhlecommerce.nl
www.dhlparcel.nl
104.131.67.145
209.94.90.2
2606:4700::6812:1ac4
2606:4700::6812:bd73
2a00:1450:4001:80b::200a
2a02:c0:ac:7:fe::193
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
25e1397babd7c81dc8946fbf3fdbf8ba9a7e3092160f4e473cc90ac59b4b15e0
6804c64aa3c5ed0b33ea0127c00d7d5af5bcca300162e009ce80de5032618cb6
7f8a7411080898c5e0e9a1b99c27c4c0951d558c6948a8f5cd712364f85e9bc7
81cdf2babc1f3fbe008b50dc9ba9c32d364d5c3c11ba47358bd5eb5f0989aa42
a62bf08fcdd300ef2c47e160b8d0a9f2dcb2fd9278af0a4e52cc716deb8a14c3