ipfs.io - urlscan.io

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 5 HTTP transactions. The main IP is 2602:fea2:2::1, located in United States and belongs to PROTOCOL, US. The main domain is ipfs.io. The Cisco Umbrella rank of the primary domain is 49655.
TLS certificate: Issued by R3 on August 26th 2023. Valid for: 3 months.

This is the only time ipfs.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

	IP Address	AS Autonomous System
1	2602:fea2:2::1 2602:fea2:2::1	40680 (PROTOCOL) (PROTOCOL)
1	2a02:26f0:350... 2a02:26f0:3500:2a4::296d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700:303... 2606:4700:3031::6815:16fe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:225... 2600:9000:2250:9600:4:26a5:bf80:93a1	16509 (AMAZON-02) (AMAZON-02)
5	5

1 2602:fea2:2::1 (United States)

ASN40680 (PROTOCOL, US)

ipfs.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:2a4::296d (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

www.dpdhl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::6815:16fe (United States)

ASN13335 (CLOUDFLARENET, US)

tpcost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:9600:4:26a5:bf80:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.elextensions.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	elextensions.com cdn.elextensions.com	167 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 410	27 KB
1	tpcost.com tpcost.com	43 KB
1	dpdhl.com www.dpdhl.com	3 KB
1	ipfs.io ipfs.io — Cisco Umbrella Rank: 49655	3 KB
5	5

	Domain	Requested by
1	cdn.elextensions.com	ipfs.io
1	cdnjs.cloudflare.com	ipfs.io
1	tpcost.com	ipfs.io
1	www.dpdhl.com	ipfs.io
1	ipfs.io
5	5

This site contains no links.

Subject Issuer	Validity	Valid
dweb.link R3	`2023-08-26` - `2023-11-24`	3 months	crt.sh
www.dpdhl.com DPDHL Global TLS CA - I5	`2023-04-18` - `2024-04-17`	a year	crt.sh
tpcost.com GTS CA 1P5	`2023-09-15` - `2023-12-14`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
*.elextensions.com Amazon RSA 2048 M01	`2023-03-01` - `2024-01-02`	10 months	crt.sh

This page contains 1 frames:

Primary Page: https://ipfs.io/ipfs/QmNgqKufbMY4bXd8m6pHGbJJnAGWgdXUWVVbMHcggT4iBU?filename=w070.html
Frame ID: 21E43E7536E7F9BF93770B489F5A4682
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

5
Requests

100 %
HTTPS

100 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

243 kB
Transfer

304 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request QmNgqKufbMY4bXd8m6pHGbJJnAGWgdXUWVVbMHcggT4iBU Show response
ipfs.io/ipfs/ 5 KB
3 KB 135ms
45ms Document
text/html 2602:fea2:2::1
PROTOCOL

General

Check archive.org

Show headers Download Go to

Full URL

https://ipfs.io/ipfs/QmNgqKufbMY4bXd8m6pHGbJJnAGWgdXUWVVbMHcggT4iBU?filename=w070.html

Protocol

H2

Security

TLS 1.3, , AES_256_GCM

Server

2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US),

Reverse DNS

Software

openresty /

Resource Hash

78008ac6bff374f41c2e901167d2894bbeef1e9820aadc37e7f00fc3524ff26d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-headers: X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
access-control-allow-methods: GET HEAD OPTIONS GET, POST, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output
cache-control: public, max-age=29030400, immutable
content-disposition: inline; filename="w070.html"; filename*=UTF-8''w070.html
content-encoding: gzip
content-type: text/html
date: Sun, 01 Oct 2023 16:31:45 GMT
etag: W/"QmNgqKufbMY4bXd8m6pHGbJJnAGWgdXUWVVbMHcggT4iBU"
server: openresty
strict-transport-security: max-age=31536000; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
x-bfid: 2390416f9018a9692916d3ca2f076383
x-ipfs-datasize: 5482
x-ipfs-gateway-host: ipfs-bank9-am6
x-ipfs-lb-pop: gateway-bank1-am6
x-ipfs-path: /ipfs/QmNgqKufbMY4bXd8m6pHGbJJnAGWgdXUWVVbMHcggT4iBU
x-ipfs-pop: ipfs-bank9-am6
x-ipfs-roots: QmNgqKufbMY4bXd8m6pHGbJJnAGWgdXUWVVbMHcggT4iBU
x-proxy-cache: MISS

GET
H2 200 DHL_Group_logo_rgb_BG.svg
www.dpdhl.com/content/dam/dpdhl/en/logos/ 5 KB
3 KB 272ms
59ms Image
image/svg+xml 2a02:26f0:3500:2a4::296d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.dpdhl.com/content/dam/dpdhl/en/logos/DHL_Group_logo_rgb_BG.svg

Requested by

Host: ipfs.io
URL: https://ipfs.io/ipfs/QmNgqKufbMY4bXd8m6pHGbJJnAGWgdXUWVVbMHcggT4iBU?filename=w070.html

Protocol

H2

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:2a4::296d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

/

Resource Hash

84569c21c4ceecc190c2ac7a7bd6d6dc31d7d78ecafacb6367d59620fad94dca

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://dhlinsights.dhlsupplychain.dhl.com; default-src 'self' data: https: blob: wss://cctr-chat.dhl.com:443 wss://cctr-xchat.dhl.com:443 wss://streaming.mypurecloud.de wss://collection.decibelinsight.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: blob:; style-src 'unsafe-inline' 'self' https: blob:; media-src 'unsafe-inline' 'self' https: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ipfs.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://dhlinsights.dhlsupplychain.dhl.com; default-src 'self' data: https: blob: wss://cctr-chat.dhl.com:443 wss://cctr-xchat.dhl.com:443 wss://streaming.mypurecloud.de wss://collection.decibelinsight.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: blob:; style-src 'unsafe-inline' 'self' https: blob:; media-src 'unsafe-inline' 'self' https: blob:
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 01 Oct 2023 16:31:45 GMT
strict-transport-security: max-age=31536000
x-akamai-cache: Hit from child
content-length: 2002
referrer-policy: same-origin
last-modified: Sat, 16 Sep 2023 07:46:10 GMT
etag: "128d-605751a4d9c3d-gzip"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=0
permissions-policy: microphone=(),camera=()
accept-ranges: bytes
expires: Sun, 01 Oct 2023 16:31:45 GMT

GET
H2 200 ezgif-5-8c9da0b832-768x506.webp
tpcost.com/wp-content/uploads/2022/07/ 42 KB
43 KB 260ms
110ms Image
image/webp 2606:4700:3031::6815:16fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpcost.com/wp-content/uploads/2022/07/ezgif-5-8c9da0b832-768x506.webp
Requested by: Host: ipfs.io
URL: https://ipfs.io/ipfs/QmNgqKufbMY4bXd8m6pHGbJJnAGWgdXUWVVbMHcggT4iBU?filename=w070.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:16fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bcca5c487a01fb10237d458a6e2c6aa4cc52af2aaa19c79b3e2b7c0ac8da1a27

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ipfs.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 16:31:45 GMT
cf-cache-status: MISS
last-modified: Fri, 22 Jul 2022 04:01:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "62da211f-a9ca"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=np%2Beq05Mb4M%2FzWlze9X2wNRZnSurh64P77%2BKz4rB8aV%2Ft55N%2FkBNxmWE0AeIaNpUsedvG%2BLwMjdvebgSbYQn5VBc%2FibiLGfUooinXyDP0egwuGU1PIPNf5B9D9yTl%2FFFq%2FYtjAxXn%2BzP"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 80f61905aa990e78-AMS
alt-svc: h3=":443"; ma=86400
content-length: 43466
expires: Mon, 30 Sep 2024 16:31:45 GMT

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.1.0/ 84 KB
27 KB 114ms
44ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.0/jquery.min.js

Requested by

Host: ipfs.io
URL: https://ipfs.io/ipfs/QmNgqKufbMY4bXd8m6pHGbJJnAGWgdXUWVVbMHcggT4iBU?filename=w070.html

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

702b9e051e82b32038ffdb33a4f7eb5f7b38f4cf6f514e4182d8898f4eb0b7fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ipfs.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 16:31:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2067378
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27176
last-modified: Thu, 22 Jun 2023 11:06:06 GMT
server: cloudflare
cf-cdnjs-via: cfworker/r2
etag: "64942b1e-6a28"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XnmsRJhuzq3Xiu%2BD329XdKHO9Q%2BLmsYn1lKAn7vCx4gEXta98CCBsdTYOaxZfJta%2FciDWHW8YvIo7dIXj68hONcP3LrQoQnQIhQOFCtFxuRIBHxcJJKlpRCemaoj49ss4Bac1H0Cn2jvm2XP4oIBOhkY"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 80f619051a0b23d7-LHR
expires: Fri, 20 Sep 2024 16:31:45 GMT

GET
H2 200 WooCommerce-DHL-Tracking-for-DHL-Tracking-Website.png
cdn.elextensions.com/wp-content/uploads/2019/06/ 167 KB
167 KB 213ms
63ms Image
image/png 2600:9000:2250:9600:4:26a5:bf80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.elextensions.com/wp-content/uploads/2019/06/WooCommerce-DHL-Tracking-for-DHL-Tracking-Website.png
Requested by: Host: ipfs.io
URL: https://ipfs.io/ipfs/QmNgqKufbMY4bXd8m6pHGbJJnAGWgdXUWVVbMHcggT4iBU?filename=w070.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:9600:4:26a5:bf80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: dd1e9fa8faa46c2ea226063685a9040167f4d9776de0b0eb705b0f13340920cd

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ipfs.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Sun, 03 Sep 2023 18:18:25 GMT
via: 1.1 2a6277094357eb47f8dbeacb06ed96c2.cloudfront.net (CloudFront)
last-modified: Thu, 13 Jun 2019 13:26:31 GMT
server: nginx
x-amz-cf-pop: FRA60-P2
age: 2412800
etag: "5d024f07-29b00"
vary: Origin
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=2592000
accept-ranges: bytes
content-length: 170752
x-amz-cf-id: rH-oesNxAdkhc0okPHw6WahQm8q28Wq_7ynG7nJ93p3VNLq3eMHgqg==

Verdicts & Comments Add Verdict or Comment

Malicious page.url
Submitted on October 1st 2023, 4:36:25 pm UTC — From United Kingdom

Threats: Phishing Brand Impersonation
Brands: DHL DE
Comment: credential phishing

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.elextensions.com
cdnjs.cloudflare.com
ipfs.io
tpcost.com
www.dpdhl.com
2600:9000:2250:9600:4:26a5:bf80:93a1
2602:fea2:2::1
2606:4700:3031::6815:16fe
2606:4700::6811:190e
2a02:26f0:3500:2a4::296d
702b9e051e82b32038ffdb33a4f7eb5f7b38f4cf6f514e4182d8898f4eb0b7fb
78008ac6bff374f41c2e901167d2894bbeef1e9820aadc37e7f00fc3524ff26d
84569c21c4ceecc190c2ac7a7bd6d6dc31d7d78ecafacb6367d59620fad94dca
bcca5c487a01fb10237d458a6e2c6aa4cc52af2aaa19c79b3e2b7c0ac8da1a27
dd1e9fa8faa46c2ea226063685a9040167f4d9776de0b0eb705b0f13340920cd

ipfs.io Open in urlscan Pro 2602:fea2:2::1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

5 Requests

100 %HTTPS

100 %IPv6

5 Domains

5 Subdomains

5 IPs

2 Countries

243 kBTransfer

304 kBSize

0 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Malicious page.url Submitted on October 1st 2023, 4:36:25 pm UTC — From United Kingdom

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

5 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

ipfs.io Open in urlscan Pro
2602:fea2:2::1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

100 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

243 kB
Transfer

304 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Malicious page.url
Submitted on October 1st 2023, 4:36:25 pm UTC — From United Kingdom

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!