Report - bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/

Report Overview

Submitted URL
bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
IP
104.17.96.13
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-18 07:31:46
Access
public
Website Title
webmail
Final URL
bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
22

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-18	549 B	7.2 kB	142.250.74.74
bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com	unknown	2018-12-05	2024-01-16	2024-03-25	7.8 kB	298 kB	104.17.64.14
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-04-17	1.8 kB	57 kB	151.101.193.229

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-18 07:31:21	low	Client IP	104.17.64.14	ET INFO Peer to Peer File Sharing Service Domain in TLS SNI (cf-ipfs .com)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-05	medium	bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/	Generic/Spear Phishing
2024-04-05	medium	bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/	Generic/Spear Phishing
2024-04-05	medium	bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/	Generic/Spear Phishing
2024-04-05	medium	bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/	Generic/Spear Phishing
2024-04-05	medium	bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/	Generic/Spear Phishing
2024-04-05	medium	bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/	Generic/Spear Phishing
2024-04-05	medium	bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/	Generic/Spear Phishing
2024-04-05	medium	bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/	Generic/Spear Phishing
2024-04-05	medium	bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/	Generic/Spear Phishing
2024-04-05	medium	bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/	Generic/Spear Phishing
2024-04-05	medium	bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/	Generic/Spear Phishing

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	cdn.jsdelivr.net/npm/@popperjs/core@2.11.5/dist/umd/popper.min.js	20 kB	2023-03-07	2024-04-30
Pretty URL cdn.jsdelivr.net/npm/@popperjs/core@2.11.5/dist/umd/popper.min.js IP 151.101.193.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:32 Last Seen2024-04-30 10:26:29 Times Seen170 Hash 3dab316eaf9964c43114f300dfa85020 8979c5bcb99573805cb68391e11dd8dbfebaf61d da7796caf9359015af4ecdf8c6ccbd53706ea4613932a9b6f81e442e49d5f626 Loading...

	cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/js/bootstrap.min.js	60 kB	2023-03-07	2024-04-26
Pretty URL cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/js/bootstrap.min.js IP 151.101.193.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:32 Last Seen2024-04-26 17:53:24 Times Seen110 Hash 8978a8af940f6f4b20ad402905e19bfc c6e18aa2822401abe0d4aad20f581bcd2fe63c82 aadb16b112b53641773ebb0b5f823d52cd2f5e8e8027aaff81e92754ee9c925a Loading...

	bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/static/js/main.583fdaa2.js	197 kB	2024-04-18	2024-04-18
Pretty URL bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/static/js/main.583fdaa2.js IP 104.17.64.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 09:31:47 Last Seen2024-04-18 09:31:48 Times Seen2 Hash e9e5f1e40d1f97971ab0f06da82233c7 e72fd1ea93e36e2a6c40290c6ddb1e612d7fb122 f8ed91ce6b9681c31677540fec4b40e055c4f087df8d5328e7eef8d68caed0e9 Loading...

HTTP Transactions (15)

URL IP Response Size

cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/css/bootstrap.min.css

151.101.193.229

200 OK

30 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/css/bootstrap.min.css
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
Unicode text, UTF-8 text, with very long lines (65300)
Size
30 kB (30281 bytes)
Hash
6d9c6fda1e7087224431cc8068bb998f
6273ac1a23d79a122f022f6a87c5b75c2cfafc3a
fb1763b59f9f5764294b5af9fa5250835ae608282fe6f2f2213a5952aacf1fbf

HTTP Headers

GET /npm/bootstrap@5.2.0-beta1/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com
DNT: 1
Connection: keep-alive
Referer: https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.2.0-beta1
x-jsd-version-type: version
etag: W/"2f3f9-YnOsGiPXmhIvAi9qh8W3XCz6/Do"
content-encoding: br
accept-ranges: bytes
date: Thu, 18 Apr 2024 07:31:22 GMT
age: 19546925
x-served-by: cache-fra-etou8220113-FRA, cache-hel1410020-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 30281
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/js/bootstrap.min.js

151.101.193.229

200 OK

17 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/js/bootstrap.min.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (59770)
Size
17 kB (17206 bytes)
Hash
8978a8af940f6f4b20ad402905e19bfc
c6e18aa2822401abe0d4aad20f581bcd2fe63c82
aadb16b112b53641773ebb0b5f823d52cd2f5e8e8027aaff81e92754ee9c925a

HTTP Headers

GET /npm/bootstrap@5.2.0-beta1/dist/js/bootstrap.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com
DNT: 1
Connection: keep-alive
Referer: https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.2.0-beta1
x-jsd-version-type: version
etag: W/"ea97-xuGKooIkAavg1KrSD1gbzS/mPII"
content-encoding: br
accept-ranges: bytes
date: Thu, 18 Apr 2024 07:31:22 GMT
age: 1106966
x-served-by: cache-fra-etou8220122-FRA, cache-hel1410020-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 17206
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/@popperjs/core@2.11.5/dist/umd/popper.min.js

151.101.193.229

200 OK

7.5 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/@popperjs/core@2.11.5/dist/umd/popper.min.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (19677)
Size
7.5 kB (7496 bytes)
Hash
3dab316eaf9964c43114f300dfa85020
8979c5bcb99573805cb68391e11dd8dbfebaf61d
da7796caf9359015af4ecdf8c6ccbd53706ea4613932a9b6f81e442e49d5f626

HTTP Headers

GET /npm/@popperjs/core@2.11.5/dist/umd/popper.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com
DNT: 1
Connection: keep-alive
Referer: https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.11.5
x-jsd-version-type: version
etag: W/"4d36-iXnFvLmVc4BctoOR4R3Y2/669h0"
content-encoding: br
accept-ranges: bytes
date: Thu, 18 Apr 2024 07:31:22 GMT
age: 3097661
x-served-by: cache-fra-eddf8230111-FRA, cache-hel1410020-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 7496
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Montserrat:wght@300;400;500;600;700&family=Young+Serif&display=swap

142.250.74.74

200 OK

6.6 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Montserrat:wght@300;400;500;600;700&family=Young+Serif&display=swap
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
gzip compressed data, max compression
Size
6.6 kB (6616 bytes)
Hash
356040113a17578334f0c4c0c9a704e7
b99017b4d9fcdf9dc6f3536a5040e48c7175d629
29f4aec82a82108db0bbabc33861bed740a96de17fcb9b6ec6479d185264990b

HTTP Headers

GET /css2?family=Montserrat:wght@300;400;500;600;700&family=Young+Serif&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 18 Apr 2024 07:31:22 GMT
date: Thu, 18 Apr 2024 07:31:22 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/img1.JPG

104.17.64.14

200 OK

8.8 kB

URL GET HTTP/2
bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/img1.JPG
IP
104.17.64.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Certificate
IssuerLet's Encrypt
Subjectcf-ipfs.com
Fingerprint46:AD:9B:E1:02:E3:A8:FE:9B:E2:86:B5:A1:5C:07:B9:B7:3B:17:14
ValiditySat, 16 Mar 2024 23:28:47 GMT - Fri, 14 Jun 2024 23:28:46 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 204x26, components 3
Size
8.8 kB (8802 bytes)
Hash
5f29d5151d66742b8e5483099fb41912
c936d34cf685b6f4122ddee428324008990a1854
703330d8b8fe706aa7ad8a35b1ff5dd2559388ad012696acd857965f6f670e11

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /img1.JPG HTTP/1.1
Host: bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Cookie: __cf_bm=da4qrqL3gTz_Pb5e1oGBYptGiPbSHwENjMJzpNGRCKo-1713425481-1.0.1.1-jeeYoVKRPLMhJoVBh1KHGccZAAYS8a7HdhhNhg1RNKiMk6kaL9DlB_Eu1aCaM6Iz4uOjRY2H9PuMX3d4pjH2Jg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 07:31:23 GMT
content-type: image/jpeg
content-length: 8802
cf-ray: 8762f474a9a71c0a-OSL
cf-cache-status: MISS
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=29030400, immutable
etag: "QmVrQ7fuRotJxbXhitmTKzD5vypH2RLmm782BVdUA5nyFL"
vary: Accept-Encoding
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
x-cf-ipfs-cache-status: miss
x-ipfs-path: /ipfs/bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju/img1.JPG
x-ipfs-roots: bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju,QmVrQ7fuRotJxbXhitmTKzD5vypH2RLmm782BVdUA5nyFL
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/separator.JPG

104.17.64.14

8.8 kB

URL GET
bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/separator.JPG
IP
104.17.64.14:0
ASN
#13335 CLOUDFLARENET

Requested by
https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Certificate
IssuerLet's Encrypt
Subjectcf-ipfs.com
Fingerprint46:AD:9B:E1:02:E3:A8:FE:9B:E2:86:B5:A1:5C:07:B9:B7:3B:17:14
ValiditySat, 16 Mar 2024 23:28:47 GMT - Fri, 14 Jun 2024 23:28:46 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 303x35, components 3
Size
8.8 kB (8750 bytes)
Hash
4df1d315d4663e5579a353034f2cad93
d832f3003168c67a104b6cbc239555631f868395
bd0141734c54b8714944219f96628b8ee7073d0bd36acba446f5ee4f6fbf901c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /separator.JPG HTTP/1.1
Host: bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Cookie: __cf_bm=da4qrqL3gTz_Pb5e1oGBYptGiPbSHwENjMJzpNGRCKo-1713425481-1.0.1.1-jeeYoVKRPLMhJoVBh1KHGccZAAYS8a7HdhhNhg1RNKiMk6kaL9DlB_Eu1aCaM6Iz4uOjRY2H9PuMX3d4pjH2Jg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 07:31:23 GMT
content-type: image/jpeg
content-length: 8750
cf-ray: 8762f474a9a11c0a-OSL
cf-cache-status: MISS
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=29030400, immutable
etag: "QmQr4QQdD91y2UUKkE4h2SZbWjCCTw9cmswdXzotRrYC2P"
vary: Accept-Encoding
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
x-cf-ipfs-cache-status: miss
x-ipfs-path: /ipfs/bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju/separator.JPG
x-ipfs-roots: bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju,QmQr4QQdD91y2UUKkE4h2SZbWjCCTw9cmswdXzotRrYC2P
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/button_icon.JPG

104.17.64.14

200 OK

8.2 kB

URL GET HTTP/2
bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/button_icon.JPG
IP
104.17.64.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Certificate
IssuerLet's Encrypt
Subjectcf-ipfs.com
Fingerprint46:AD:9B:E1:02:E3:A8:FE:9B:E2:86:B5:A1:5C:07:B9:B7:3B:17:14
ValiditySat, 16 Mar 2024 23:28:47 GMT - Fri, 14 Jun 2024 23:28:46 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 41x29, components 3
Size
8.2 kB (8242 bytes)
Hash
e57e62b7df433dc23e6c3106b0726582
98464c779d04e00255f45c7aaf88464bc0d891bb
b6c2cbd58e805d046dac7a068be458612111e6c47754a75659d57493d4a04c47

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /button_icon.JPG HTTP/1.1
Host: bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Cookie: __cf_bm=da4qrqL3gTz_Pb5e1oGBYptGiPbSHwENjMJzpNGRCKo-1713425481-1.0.1.1-jeeYoVKRPLMhJoVBh1KHGccZAAYS8a7HdhhNhg1RNKiMk6kaL9DlB_Eu1aCaM6Iz4uOjRY2H9PuMX3d4pjH2Jg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 07:31:23 GMT
content-type: image/jpeg
content-length: 8242
cf-ray: 8762f474a9a21c0a-OSL
cf-cache-status: MISS
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=29030400, immutable
etag: "QmbjiChsDtJBJCLzTcjdy4T4wyNCDJwcfdAeUwncR72Q4Y"
vary: Accept-Encoding
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
x-cf-ipfs-cache-status: miss
x-ipfs-path: /ipfs/bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju/button_icon.JPG
x-ipfs-roots: bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju,QmbjiChsDtJBJCLzTcjdy4T4wyNCDJwcfdAeUwncR72Q4Y
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/img3.JPG

104.17.64.14

200 OK

9.6 kB

URL GET HTTP/2
bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/img3.JPG
IP
104.17.64.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Certificate
IssuerLet's Encrypt
Subjectcf-ipfs.com
Fingerprint46:AD:9B:E1:02:E3:A8:FE:9B:E2:86:B5:A1:5C:07:B9:B7:3B:17:14
ValiditySat, 16 Mar 2024 23:28:47 GMT - Fri, 14 Jun 2024 23:28:46 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 243x25, components 3
Size
9.6 kB (9551 bytes)
Hash
586fa95a4e54a11cc33df7bef643a4aa
eb8f254a42ab3c3d67e1e5a296b67bf55b66d208
8d30487777525fa7ae8883af2ee25058dd8d891a54a8e95d53e9a79559768c79

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /img3.JPG HTTP/1.1
Host: bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Cookie: __cf_bm=da4qrqL3gTz_Pb5e1oGBYptGiPbSHwENjMJzpNGRCKo-1713425481-1.0.1.1-jeeYoVKRPLMhJoVBh1KHGccZAAYS8a7HdhhNhg1RNKiMk6kaL9DlB_Eu1aCaM6Iz4uOjRY2H9PuMX3d4pjH2Jg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 07:31:23 GMT
content-type: image/jpeg
content-length: 9551
cf-ray: 8762f474b9b01c0a-OSL
cf-cache-status: MISS
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=29030400, immutable
etag: "QmbhzfqQBNbjt3o23qJHykuZ2fCTaGU7ET7pNmTBm6RofD"
vary: Accept-Encoding
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
x-cf-ipfs-cache-status: miss
x-ipfs-path: /ipfs/bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju/img3.JPG
x-ipfs-roots: bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju,QmbhzfqQBNbjt3o23qJHykuZ2fCTaGU7ET7pNmTBm6RofD
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/img2.JPG

104.17.64.14

200 OK

9.2 kB

URL GET HTTP/2
bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/img2.JPG
IP
104.17.64.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Certificate
IssuerLet's Encrypt
Subjectcf-ipfs.com
Fingerprint46:AD:9B:E1:02:E3:A8:FE:9B:E2:86:B5:A1:5C:07:B9:B7:3B:17:14
ValiditySat, 16 Mar 2024 23:28:47 GMT - Fri, 14 Jun 2024 23:28:46 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 234x22, components 3
Size
9.2 kB (9180 bytes)
Hash
c977df27bc6614fd1451c9ce82fbcc63
106cd3e8097c9d5fc2b22efeec057d865b45cd0d
68d0cc26c5a43a57f6e57f3f8906f0deadbd591f9216b0165b5dbbb083189cb7

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /img2.JPG HTTP/1.1
Host: bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Cookie: __cf_bm=da4qrqL3gTz_Pb5e1oGBYptGiPbSHwENjMJzpNGRCKo-1713425481-1.0.1.1-jeeYoVKRPLMhJoVBh1KHGccZAAYS8a7HdhhNhg1RNKiMk6kaL9DlB_Eu1aCaM6Iz4uOjRY2H9PuMX3d4pjH2Jg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 07:31:23 GMT
content-type: image/jpeg
content-length: 9180
cf-ray: 8762f474b9af1c0a-OSL
cf-cache-status: MISS
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=29030400, immutable
etag: "QmUaizSMzEHnfJvxNEQmL9LArdEA6NiAFkuX2Z5p8z1oTm"
vary: Accept-Encoding
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
x-cf-ipfs-cache-status: miss
x-ipfs-path: /ipfs/bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju/img2.JPG
x-ipfs-roots: bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju,QmUaizSMzEHnfJvxNEQmL9LArdEA6NiAFkuX2Z5p8z1oTm
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/webmail_icon.JPG

104.17.64.14

200 OK

13 kB

URL GET HTTP/2
bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/webmail_icon.JPG
IP
104.17.64.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Certificate
IssuerLet's Encrypt
Subjectcf-ipfs.com
Fingerprint46:AD:9B:E1:02:E3:A8:FE:9B:E2:86:B5:A1:5C:07:B9:B7:3B:17:14
ValiditySat, 16 Mar 2024 23:28:47 GMT - Fri, 14 Jun 2024 23:28:46 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 328x77, components 3
Size
13 kB (13069 bytes)
Hash
6613e9fc7c6ed6f9fbbe25509bf03c03
84771795f4e1e01f3da1a547816e9bff6d58dc7c
24c17005a4d3ffc1227028030c2973d4f863cb4d79b788b3bc7d04542c118b84

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /webmail_icon.JPG HTTP/1.1
Host: bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Cookie: __cf_bm=da4qrqL3gTz_Pb5e1oGBYptGiPbSHwENjMJzpNGRCKo-1713425481-1.0.1.1-jeeYoVKRPLMhJoVBh1KHGccZAAYS8a7HdhhNhg1RNKiMk6kaL9DlB_Eu1aCaM6Iz4uOjRY2H9PuMX3d4pjH2Jg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 07:31:23 GMT
content-type: image/jpeg
content-length: 13069
cf-ray: 8762f474a99e1c0a-OSL
cf-cache-status: MISS
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=29030400, immutable
etag: "QmVagATGmBvxipTXr86YaDFvfvZnSNxG973L2j4R9K1i1t"
vary: Accept-Encoding
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
x-cf-ipfs-cache-status: miss
x-ipfs-path: /ipfs/bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju/webmail_icon.JPG
x-ipfs-roots: bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju,QmVagATGmBvxipTXr86YaDFvfvZnSNxG973L2j4R9K1i1t
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/logo192.png

104.17.64.14

200 OK

18 kB

URL GET HTTP/2
bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/logo192.png
IP
104.17.64.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Certificate
IssuerLet's Encrypt
Subjectcf-ipfs.com
Fingerprint46:AD:9B:E1:02:E3:A8:FE:9B:E2:86:B5:A1:5C:07:B9:B7:3B:17:14
ValiditySat, 16 Mar 2024 23:28:47 GMT - Fri, 14 Jun 2024 23:28:46 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
18 kB (18534 bytes)
Hash
c7a9360149faf742338bcecca296842b
a12f73ac8fc5c4186b9a46740064af8756d4677b
40e06c7486ee3b0bf684d90100ff1d7b38d2234e7bd93ad725f0cfbb1f7fd671

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /logo192.png HTTP/1.1
Host: bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Cookie: __cf_bm=da4qrqL3gTz_Pb5e1oGBYptGiPbSHwENjMJzpNGRCKo-1713425481-1.0.1.1-jeeYoVKRPLMhJoVBh1KHGccZAAYS8a7HdhhNhg1RNKiMk6kaL9DlB_Eu1aCaM6Iz4uOjRY2H9PuMX3d4pjH2Jg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 07:31:23 GMT
content-type: image/png
content-length: 18534
cf-ray: 8762f475ba9c1c0a-OSL
cf-cache-status: MISS
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=29030400, immutable
etag: "QmVe2TuusBFDsSimAzSN9hXEPg69a25eeLTgzLEHq3wsya"
vary: Accept-Encoding
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
x-cf-ipfs-cache-status: miss
x-ipfs-path: /ipfs/bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju/logo192.png
x-ipfs-roots: bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju,QmVe2TuusBFDsSimAzSN9hXEPg69a25eeLTgzLEHq3wsya
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/favicon.ico

104.17.64.14

200 OK

12 kB

URL GET HTTP/2
bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/favicon.ico
IP
104.17.64.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Certificate
IssuerLet's Encrypt
Subjectcf-ipfs.com
Fingerprint46:AD:9B:E1:02:E3:A8:FE:9B:E2:86:B5:A1:5C:07:B9:B7:3B:17:14
ValiditySat, 16 Mar 2024 23:28:47 GMT - Fri, 14 Jun 2024 23:28:46 GMT

File type
MS Windows icon resource - 1 icon, 27x27, 32 bits/pixel
Size
12 kB (12396 bytes)
Hash
a6c075db02f52c2dd8b1ba6d704a9e48
cad6ecea97bd88726910eb2b65db1712a2c0460a
4def88ffee69ddd9d4597132ecc0f74e4dd8b0a32adbcb4e242577a9f4b20d68

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Cookie: __cf_bm=da4qrqL3gTz_Pb5e1oGBYptGiPbSHwENjMJzpNGRCKo-1713425481-1.0.1.1-jeeYoVKRPLMhJoVBh1KHGccZAAYS8a7HdhhNhg1RNKiMk6kaL9DlB_Eu1aCaM6Iz4uOjRY2H9PuMX3d4pjH2Jg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 07:31:23 GMT
content-type: image/x-icon
cf-ray: 8762f475ba9e1c0a-OSL
cf-cache-status: MISS
access-control-allow-origin: *
cache-control: public, max-age=29030400, immutable
etag: W/"Qme4yDEPvapEwXkgqAoi4BytS7NN9txQAdBAV5E2xXgTdy"
vary: Accept-Encoding
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
x-cf-ipfs-cache-status: miss
x-ipfs-path: /ipfs/bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju/favicon.ico
x-ipfs-roots: bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju,Qme4yDEPvapEwXkgqAoi4BytS7NN9txQAdBAV5E2xXgTdy
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/

104.17.64.14

200 OK

1.3 kB

URL User Request GET HTTP/2
bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
IP
104.17.64.14:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectcf-ipfs.com
Fingerprint46:AD:9B:E1:02:E3:A8:FE:9B:E2:86:B5:A1:5C:07:B9:B7:3B:17:14
ValiditySat, 16 Mar 2024 23:28:47 GMT - Fri, 14 Jun 2024 23:28:46 GMT

File type
HTML document, ASCII text, with very long lines (1322), with no line terminators
Size
1.3 kB (1264 bytes)
Hash
c4a5cab76635e822c4ebbe6c78cb83e7
5ccf04a881c77088354cca0cb05287c43579dc57
dc9f093558183211cd3f977f29ae2f329777c3f0cd86a0a209077cf3a911170e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET / HTTP/1.1
Host: bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 07:31:21 GMT
content-type: text/html
cf-ray: 8762f469ff881c0a-OSL
cf-cache-status: MISS
access-control-allow-origin: *
cache-control: public, max-age=29030400, immutable
etag: W/"bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju"
vary: Accept-Encoding
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
x-cf-ipfs-cache-status: miss
x-ipfs-path: /ipfs/bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju/
x-ipfs-roots: bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju
set-cookie: __cf_bm=da4qrqL3gTz_Pb5e1oGBYptGiPbSHwENjMJzpNGRCKo-1713425481-1.0.1.1-jeeYoVKRPLMhJoVBh1KHGccZAAYS8a7HdhhNhg1RNKiMk6kaL9DlB_Eu1aCaM6Iz4uOjRY2H9PuMX3d4pjH2Jg; path=/; expires=Thu, 18-Apr-24 08:01:21 GMT; domain=.bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/static/js/main.583fdaa2.js

104.17.64.14

200 OK

197 kB

URL GET HTTP/2
bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/static/js/main.583fdaa2.js
IP
104.17.64.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Certificate
IssuerLet's Encrypt
Subjectcf-ipfs.com
Fingerprint46:AD:9B:E1:02:E3:A8:FE:9B:E2:86:B5:A1:5C:07:B9:B7:3B:17:14
ValiditySat, 16 Mar 2024 23:28:47 GMT - Fri, 14 Jun 2024 23:28:46 GMT

File type
JavaScript source, ASCII text, with very long lines (65465)
Size
197 kB (196782 bytes)
Hash
e9e5f1e40d1f97971ab0f06da82233c7
e72fd1ea93e36e2a6c40290c6ddb1e612d7fb122
f8ed91ce6b9681c31677540fec4b40e055c4f087df8d5328e7eef8d68caed0e9

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /static/js/main.583fdaa2.js HTTP/1.1
Host: bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Cookie: __cf_bm=da4qrqL3gTz_Pb5e1oGBYptGiPbSHwENjMJzpNGRCKo-1713425481-1.0.1.1-jeeYoVKRPLMhJoVBh1KHGccZAAYS8a7HdhhNhg1RNKiMk6kaL9DlB_Eu1aCaM6Iz4uOjRY2H9PuMX3d4pjH2Jg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 07:31:22 GMT
content-type: text/javascript; charset=utf-8
cf-ray: 8762f46f4cd91c0a-OSL
cf-cache-status: MISS
access-control-allow-origin: *
cache-control: public, max-age=29030400, immutable
etag: W/"Qmdu62Vt9JXAj76hJp7eNW3rG14kwageQKMwK7TEcamCkH"
vary: Accept-Encoding
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
x-cf-ipfs-cache-status: miss
x-ipfs-path: /ipfs/bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju/static/js/main.583fdaa2.js
x-ipfs-roots: bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju,QmeWnVjre9vez3kzh3RuYWfiENvPH53T2Y2NibkPUFFT1R,QmWWQwaVeMVTry3uJSQsfRenjYQi87jL7yHZKh3iRFABzR,Qmdu62Vt9JXAj76hJp7eNW3rG14kwageQKMwK7TEcamCkH
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/static/css/main.eb25c050.css

104.17.64.14

200 OK

1.7 kB

URL GET HTTP/2
bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/static/css/main.eb25c050.css
IP
104.17.64.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Certificate
IssuerLet's Encrypt
Subjectcf-ipfs.com
Fingerprint46:AD:9B:E1:02:E3:A8:FE:9B:E2:86:B5:A1:5C:07:B9:B7:3B:17:14
ValiditySat, 16 Mar 2024 23:28:47 GMT - Fri, 14 Jun 2024 23:28:46 GMT

File type
ASCII text, with very long lines (1691), with no line terminators
Size
1.7 kB (1690 bytes)
Hash
c4bbab9afb3fcf79c1cc0195fade54ba
895a4535ef9660b64e7817523b0dc3c84dfa6a33
6c64a795c3d0b34ac7ae3775b49852a216b6dcbcd0e114c98c3b39d1787b5ce2

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /static/css/main.eb25c050.css HTTP/1.1
Host: bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju.ipfs.cf-ipfs.com/
Cookie: __cf_bm=da4qrqL3gTz_Pb5e1oGBYptGiPbSHwENjMJzpNGRCKo-1713425481-1.0.1.1-jeeYoVKRPLMhJoVBh1KHGccZAAYS8a7HdhhNhg1RNKiMk6kaL9DlB_Eu1aCaM6Iz4uOjRY2H9PuMX3d4pjH2Jg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 07:31:22 GMT
content-type: text/css; charset=utf-8
cf-ray: 8762f46f5cdb1c0a-OSL
cf-cache-status: MISS
access-control-allow-origin: *
cache-control: public, max-age=29030400, immutable
etag: W/"QmYV4p1A8pxiRhBr5UaXmUUb8FSqYdP3Xx2tWbwfr6Tqur"
vary: Accept-Encoding
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
x-cf-ipfs-cache-status: miss
x-ipfs-path: /ipfs/bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju/static/css/main.eb25c050.css
x-ipfs-roots: bafybeif46qhnbpvzesmxtzq4c7loo3w3zvgrpxxivgfzsisxsxy2jjjrju,QmeWnVjre9vez3kzh3RuYWfiENvPH53T2Y2NibkPUFFT1R,QmbrC337nChbMDb66XDGcdiLZBYYqm2pLABEHAwDAzau4u,QmYV4p1A8pxiRhBr5UaXmUUb8FSqYdP3Xx2tWbwfr6Tqur
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (15)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate