ipfs.io - urlscan.io

Summary

This website contacted 4 IPs in 2 countries across 5 domains to perform 7 HTTP transactions. The main IP is 209.94.90.1, located in United States and belongs to PROTOCOL, US. The main domain is ipfs.io. The Cisco Umbrella rank of the primary domain is 90575.
TLS certificate: Issued by WE1 on June 14th 2024. Valid for: 3 months.

This is the only time ipfs.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address	AS Autonomous System
2	209.94.90.1 209.94.90.1	40680 (PROTOCOL) (PROTOCOL)
2	2a04:4e42:400... 2a04:4e42:400::649	54113 (FASTLY) (FASTLY)
2	18.172.153.55 18.172.153.55	16509 (AMAZON-02) (AMAZON-02)
1 1	142.250.74.196 142.250.74.196	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
7	4

2 209.94.90.1 (United States)

ASN40680 (PROTOCOL, US)

ipfs.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.172.153.55 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-172-153-55.lhr50.r.cloudfront.net

logo.clearbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.74.196 (Plainview, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

t3.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	clearbit.com logo.clearbit.com — Cisco Umbrella Rank: 46929	1004 B
2	jquery.com code.jquery.com — Cisco Umbrella Rank: 1211	30 KB
2	ipfs.io ipfs.io — Cisco Umbrella Rank: 90575	10 KB
1	gstatic.com t3.gstatic.com	667 B
1	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 10	19 B
7	5

	Domain	Requested by
2	logo.clearbit.com	ipfs.io
2	code.jquery.com	ipfs.io
2	ipfs.io	ipfs.io
1	t3.gstatic.com
1	www.google.com	1 redirects
7	5

This site contains no links.

Subject Issuer	Validity	Valid
ipfs.io WE1	`2024-06-14` - `2024-09-12`	3 months	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
clearbit.com Amazon RSA 2048 M03	`2024-01-22` - `2025-02-18`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html
Frame ID: 8E5785A5418507D59B87B275832733A3
Requests: 4 HTTP requests in this frame

Frame: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html
Frame ID: 465F261B9F81BFFA0A5723778FF8E309
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Session Expired!

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

86 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

41 kB
Transfer

198 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://www.google.com/s2/favicons?domain=microsoft.com HTTP 301
https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy Show response
ipfs.io/ipfs/ 14 KB
5 KB 102ms
41ms Document
text/html 209.94.90.1
PROTOCOL

General

Check archive.org

Show headers Download Go to

Full URL: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 209.94.90.1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ea2a9db3120e97f8d78629056c4c7ceaa88a5384d5522e6ed09395584527b87

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type Range User-Agent X-Requested-With
access-control-allow-methods: GET HEAD OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
age: 325079
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=29030400, immutable
cf-cache-status: HIT
cf-ray: 8a8e4bc55b686934-FRA
content-disposition: inline; filename="~%2523GTB_0498488TU%2520-.html"; filename*=UTF-8''~%2523GTB_0498488TU%2520-.html
content-encoding: br
content-type: text/html
date: Thu, 25 Jul 2024 18:43:30 GMT
server: cloudflare
vary: Accept-Encoding
x-ipfs-path: /ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy
x-ipfs-pop: rainbow-fr2-01
x-ipfs-roots: QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy

GET
H2 200 jquery-3.2.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 494ms
11ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.2.1.min.js
Requested by: Host: ipfs.io
URL: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Referer: https://ipfs.io/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 25 Jul 2024 18:43:31 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 16481577
x-cache: HIT, HIT
content-length: 30125
x-served-by: cache-lga21971-LGA, cache-fra-etou8220034-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1721933011.311206,VS0,VE0
etag: W/"28feccc0-15283"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 18, 136180

GET
H2 200 live.com
logo.clearbit.com/ 618 B
1004 B 618ms
74ms Image
image/png 18.172.153.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://logo.clearbit.com/live.com

Requested by

Host: ipfs.io
URL: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

18.172.153.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-172-153-55.lhr50.r.cloudfront.net

Software

Clearbit /

Resource Hash

a1fab8fc3cf9fb9554b6d0fcab8236be7a22ceadec82ce0704cf79d3973c1139

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ipfs.io/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 25 Jun 2024 21:01:57 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-response-flags: -
via: 1.1 2314648d77cb37d8a893a71206bcabbe.cloudfront.net (CloudFront)
server: Clearbit
x-amz-cf-pop: LHR50-P5
age: 2583694
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
content-length: 618
x-amz-cf-id: B4MAsIHhfuGspRozzplU5ykhAQ9AXvNTfnyscgjbim5Q3d9dKbHwLA==

GET
H3 200 QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy Show response
ipfs.io/ipfs/ Frame 465F 14 KB
5 KB 41ms
37ms Document
text/html 209.94.90.1
PROTOCOL

General

Check archive.org

Show headers Download Go to

Full URL: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html
Requested by: Host: ipfs.io
URL: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 209.94.90.1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ea2a9db3120e97f8d78629056c4c7ceaa88a5384d5522e6ed09395584527b87

Request headers

Referer: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type Range User-Agent X-Requested-With
access-control-allow-methods: GET HEAD OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
age: 325080
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=29030400, immutable
cf-cache-status: HIT
cf-ray: 8a8e4bcab92c6934-FRA
content-disposition: inline; filename="~%2523GTB_0498488TU%2520-.html"; filename*=UTF-8''~%2523GTB_0498488TU%2520-.html
content-encoding: br
content-type: text/html
date: Thu, 25 Jul 2024 18:43:31 GMT
server: cloudflare
vary: Accept-Encoding
x-ipfs-path: /ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy
x-ipfs-pop: rainbow-fr2-01
x-ipfs-roots: QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy

GET
H2 200 jquery-3.2.1.min.js Show response
code.jquery.com/ Frame 465F 85 KB
0 494ms
11ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.2.1.min.js
Requested by: Host: ipfs.io
URL: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Referer: https://ipfs.io/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 25 Jul 2024 18:43:31 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 16481577
x-cache: HIT, HIT
content-length: 30125
x-served-by: cache-lga21971-LGA, cache-fra-etou8220034-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1721933011.311206,VS0,VE0
etag: W/"28feccc0-15283"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 18, 136180

GET
H2 200 live.com
logo.clearbit.com/ Frame 465F 618 B
0 618ms
74ms Image
image/png 18.172.153.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://logo.clearbit.com/live.com

Requested by

Host: ipfs.io
URL: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

18.172.153.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-172-153-55.lhr50.r.cloudfront.net

Software

Clearbit /

Resource Hash

a1fab8fc3cf9fb9554b6d0fcab8236be7a22ceadec82ce0704cf79d3973c1139

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ipfs.io/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 25 Jun 2024 21:01:57 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-response-flags: -
via: 1.1 2314648d77cb37d8a893a71206bcabbe.cloudfront.net (CloudFront)
server: Clearbit
x-amz-cf-pop: LHR50-P5
age: 2583694
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
content-length: 618
x-amz-cf-id: B4MAsIHhfuGspRozzplU5ykhAQ9AXvNTfnyscgjbim5Q3d9dKbHwLA==

GET
H2

200

faviconV2
t3.gstatic.com/
Redirect Chain

https://www.google.com/s2/favicons?domain=microsoft.com
https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16

123 B
667 B

105ms
9ms

Other
image/png

2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16

Protocol

H2

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

352a123b5fc60b04834709b12bd417da8aec2c4319e6486c31f6826e9e591eed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ipfs.io/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 18 Jul 2024 20:49:22 GMT
x-content-type-options: nosniff
age: 597249
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123
x-xss-protection: 0
last-modified: Wed, 29 Nov 2017 12:34:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-location: https://www.microsoft.com/favicon.ico?v2
expires: Thu, 25 Jul 2024 20:49:22 GMT

Redirect headers

date: Thu, 25 Jul 2024 18:14:28 GMT
x-content-type-options: nosniff
server: sffe
age: 1743
content-type: text/html; charset=UTF-8
location: https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16
cache-control: public, max-age=1800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 333
x-xss-protection: 0
expires: Thu, 25 Jul 2024 18:44:28 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: about:blank Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
recommendation	verbose	URL: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
security	warning	URL: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html# Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
recommendation	verbose	URL: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html# Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
ipfs.io
logo.clearbit.com
t3.gstatic.com
www.google.com
142.250.74.196
18.172.153.55
209.94.90.1
2a00:1450:4001:831::2004
2a04:4e42:400::649
352a123b5fc60b04834709b12bd417da8aec2c4319e6486c31f6826e9e591eed
3ea2a9db3120e97f8d78629056c4c7ceaa88a5384d5522e6ed09395584527b87
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
a1fab8fc3cf9fb9554b6d0fcab8236be7a22ceadec82ce0704cf79d3973c1139

ipfs.io Open in urlscan Pro 209.94.90.1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

7 Requests

86 %HTTPS

40 %IPv6

5 Domains

5 Subdomains

4 IPs

2 Countries

41 kBTransfer

198 kBSize

0 Cookies

0 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

0 Cookies

4 Console Messages

Indicators

ipfs.io Open in urlscan Pro
209.94.90.1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

86 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

41 kB
Transfer

198 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!