URL: https://ipfs.io/ipfs/Qmdx6xdEhKJ98FYsKaURmrpAAwWGpXycoXamtcU6sS8JZu/z~Z~Z%28%28%28%5ETrag%29%29.html
Submission: On July 26 via api from US — Scanned from DE

Summary

This website contacted 4 IPs in 2 countries across 5 domains to perform 7 HTTP transactions. The main IP is 209.94.90.1, located in United States and belongs to PROTOCOL, US. The main domain is ipfs.io. The Cisco Umbrella rank of the primary domain is 90575.
TLS certificate: Issued by WE1 on June 14th 2024. Valid for: 3 months.
This is the only time ipfs.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

IP Address AS Autonomous System
2 209.94.90.1 40680 (PROTOCOL)
2 2a04:4e42:200... 54113 (FASTLY)
2 3.165.113.58 16509 (AMAZON-02)
1 1 142.250.184.196 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
7 4
Apex Domain
Subdomains
Transfer
2 clearbit.com
logo.clearbit.com — Cisco Umbrella Rank: 46929
1011 B
2 jquery.com
code.jquery.com — Cisco Umbrella Rank: 1211
30 KB
2 ipfs.io
ipfs.io — Cisco Umbrella Rank: 90575
10 KB
1 gstatic.com
t1.gstatic.com
667 B
1 google.com
www.google.com — Cisco Umbrella Rank: 10
19 B
7 5
Domain Requested by
2 logo.clearbit.com ipfs.io
2 code.jquery.com ipfs.io
2 ipfs.io ipfs.io
1 t1.gstatic.com
1 www.google.com 1 redirects
7 5

This site contains no links.

Subject Issuer Validity Valid
ipfs.io
WE1
2024-06-14 -
2024-09-12
3 months crt.sh
*.jquery.com
Sectigo ECC Domain Validation Secure Server CA
2024-06-25 -
2025-06-25
a year crt.sh
clearbit.com
Amazon RSA 2048 M03
2024-01-22 -
2025-02-18
a year crt.sh

This page contains 2 frames:

Primary Page: https://ipfs.io/ipfs/Qmdx6xdEhKJ98FYsKaURmrpAAwWGpXycoXamtcU6sS8JZu/z~Z~Z%28%28%28%5ETrag%29%29.html
Frame ID: E8E88468C259463B17FAE51F6ED61209
Requests: 4 HTTP requests in this frame

Frame: https://ipfs.io/ipfs/Qmdx6xdEhKJ98FYsKaURmrpAAwWGpXycoXamtcU6sS8JZu/z~Z~Z%28%28%28%5ETrag%29%29.html
Frame ID: B2181A6F36A48FA4A71D024ED1D60F49
Requests: 3 HTTP requests in this frame

Screenshot

Page Title

Session Expired!

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

86 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

41 kB
Transfer

198 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • https://www.google.com/s2/favicons?domain=microsoft.com HTTP 301
  • https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16

7 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request z~Z~Z%28%28%28%5ETrag%29%29.html
ipfs.io/ipfs/Qmdx6xdEhKJ98FYsKaURmrpAAwWGpXycoXamtcU6sS8JZu/
14 KB
5 KB
Document
General
Full URL
https://ipfs.io/ipfs/Qmdx6xdEhKJ98FYsKaURmrpAAwWGpXycoXamtcU6sS8JZu/z~Z~Z%28%28%28%5ETrag%29%29.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.94.90.1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3ea2a9db3120e97f8d78629056c4c7ceaa88a5384d5522e6ed09395584527b87

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type Range User-Agent X-Requested-With
access-control-allow-methods
GET HEAD OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
age
128558
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=29030400, immutable
cf-cache-status
HIT
cf-ray
8a93e407dd27450a-TXL
content-encoding
br
content-type
text/html
date
Fri, 26 Jul 2024 11:01:16 GMT
server
cloudflare
vary
Accept-Encoding
x-ipfs-path
/ipfs/Qmdx6xdEhKJ98FYsKaURmrpAAwWGpXycoXamtcU6sS8JZu/z~Z~Z(((^Trag)).html
x-ipfs-pop
rainbow-fr2-02
x-ipfs-roots
Qmdx6xdEhKJ98FYsKaURmrpAAwWGpXycoXamtcU6sS8JZu,QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy
jquery-3.2.1.min.js
code.jquery.com/
85 KB
30 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.2.1.min.js
Requested by
Host: ipfs.io
URL: https://ipfs.io/ipfs/Qmdx6xdEhKJ98FYsKaURmrpAAwWGpXycoXamtcU6sS8JZu/z~Z~Z%28%28%28%5ETrag%29%29.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Referer
https://ipfs.io/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 26 Jul 2024 11:01:16 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
16540242
x-cache
HIT, HIT
content-length
30125
x-served-by
cache-lga21971-LGA, cache-cph2320046-CPH
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1721991676.321702,VS0,VE0
etag
W/"28feccc0-15283"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
37105, 968
live.com
logo.clearbit.com/
618 B
1011 B
Image
General
Full URL
https://logo.clearbit.com/live.com
Requested by
Host: ipfs.io
URL: https://ipfs.io/ipfs/Qmdx6xdEhKJ98FYsKaURmrpAAwWGpXycoXamtcU6sS8JZu/z~Z~Z%28%28%28%5ETrag%29%29.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.165.113.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-165-113-58.cdg50.r.cloudfront.net
Software
Clearbit /
Resource Hash
a1fab8fc3cf9fb9554b6d0fcab8236be7a22ceadec82ce0704cf79d3973c1139
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://ipfs.io/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 13 Jul 2024 08:19:50 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-envoy-response-flags
-
via
1.1 f9162e3b9b2b755ff58826d46f861a56.cloudfront.net (CloudFront)
server
Clearbit
x-amz-cf-pop
CDG50-P3
age
1132886
x-cache
Hit from cloudfront
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=2592000
content-length
618
x-amz-cf-id
e5LEyKV8OfvaJ8MdvOcsgmYPds7EPyl7T9KyelVeD16nphiGHqctmg==
z~Z~Z%28%28%28%5ETrag%29%29.html
ipfs.io/ipfs/Qmdx6xdEhKJ98FYsKaURmrpAAwWGpXycoXamtcU6sS8JZu/ Frame B218
14 KB
5 KB
Document
General
Full URL
https://ipfs.io/ipfs/Qmdx6xdEhKJ98FYsKaURmrpAAwWGpXycoXamtcU6sS8JZu/z~Z~Z%28%28%28%5ETrag%29%29.html
Requested by
Host: ipfs.io
URL: https://ipfs.io/ipfs/Qmdx6xdEhKJ98FYsKaURmrpAAwWGpXycoXamtcU6sS8JZu/z~Z~Z%28%28%28%5ETrag%29%29.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.94.90.1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3ea2a9db3120e97f8d78629056c4c7ceaa88a5384d5522e6ed09395584527b87

Request headers

Referer
https://ipfs.io/ipfs/Qmdx6xdEhKJ98FYsKaURmrpAAwWGpXycoXamtcU6sS8JZu/z~Z~Z%28%28%28%5ETrag%29%29.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type Range User-Agent X-Requested-With
access-control-allow-methods
GET HEAD OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
age
128558
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=29030400, immutable
cf-cache-status
HIT
cf-ray
8a93e40978f1450a-TXL
content-encoding
br
content-type
text/html
date
Fri, 26 Jul 2024 11:01:16 GMT
server
cloudflare
vary
Accept-Encoding
x-ipfs-path
/ipfs/Qmdx6xdEhKJ98FYsKaURmrpAAwWGpXycoXamtcU6sS8JZu/z~Z~Z(((^Trag)).html
x-ipfs-pop
rainbow-fr2-02
x-ipfs-roots
Qmdx6xdEhKJ98FYsKaURmrpAAwWGpXycoXamtcU6sS8JZu,QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy
jquery-3.2.1.min.js
code.jquery.com/ Frame B218
85 KB
0
Script
General
Full URL
https://code.jquery.com/jquery-3.2.1.min.js
Requested by
Host: ipfs.io
URL: https://ipfs.io/ipfs/Qmdx6xdEhKJ98FYsKaURmrpAAwWGpXycoXamtcU6sS8JZu/z~Z~Z%28%28%28%5ETrag%29%29.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Referer
https://ipfs.io/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 26 Jul 2024 11:01:16 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
16540242
x-cache
HIT, HIT
content-length
30125
x-served-by
cache-lga21971-LGA, cache-cph2320046-CPH
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1721991676.321702,VS0,VE0
etag
W/"28feccc0-15283"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
37105, 968
live.com
logo.clearbit.com/ Frame B218
618 B
0
Image
General
Full URL
https://logo.clearbit.com/live.com
Requested by
Host: ipfs.io
URL: https://ipfs.io/ipfs/Qmdx6xdEhKJ98FYsKaURmrpAAwWGpXycoXamtcU6sS8JZu/z~Z~Z%28%28%28%5ETrag%29%29.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.165.113.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-165-113-58.cdg50.r.cloudfront.net
Software
Clearbit /
Resource Hash
a1fab8fc3cf9fb9554b6d0fcab8236be7a22ceadec82ce0704cf79d3973c1139
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://ipfs.io/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 13 Jul 2024 08:19:50 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-envoy-response-flags
-
via
1.1 f9162e3b9b2b755ff58826d46f861a56.cloudfront.net (CloudFront)
server
Clearbit
x-amz-cf-pop
CDG50-P3
age
1132886
x-cache
Hit from cloudfront
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=2592000
content-length
618
x-amz-cf-id
e5LEyKV8OfvaJ8MdvOcsgmYPds7EPyl7T9KyelVeD16nphiGHqctmg==
faviconV2
t1.gstatic.com/
Redirect Chain
  • https://www.google.com/s2/favicons?domain=microsoft.com
  • https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16
123 B
667 B
Other
General
Full URL
https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16
Protocol
H2
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
352a123b5fc60b04834709b12bd417da8aec2c4319e6486c31f6826e9e591eed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ipfs.io/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 05:25:47 GMT
x-content-type-options
nosniff
age
192929
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
123
x-xss-protection
0
last-modified
Wed, 29 Nov 2017 12:34:19 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="media-favicon"
report-to
{"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
content-location
https://www.microsoft.com/favicon.ico?v2
expires
Wed, 31 Jul 2024 05:25:47 GMT

Redirect headers

date
Fri, 26 Jul 2024 10:44:24 GMT
x-content-type-options
nosniff
server
sffe
age
1012
content-type
text/html; charset=UTF-8
location
https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16
cache-control
public, max-age=1800
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
333
x-xss-protection
0
expires
Fri, 26 Jul 2024 11:14:24 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| $ function| jQuery function| stopHtmlRender function| randomString function| isBase64 function| _0x23c5db function| _0x5dde function| _0x2cf3 function| checkImage

0 Cookies

4 Console Messages

Source Level URL
Text
security warning URL: about:blank
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
recommendation verbose URL: https://ipfs.io/ipfs/Qmdx6xdEhKJ98FYsKaURmrpAAwWGpXycoXamtcU6sS8JZu/z~Z~Z%28%28%28%5ETrag%29%29.html
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
security warning URL: https://ipfs.io/ipfs/Qmdx6xdEhKJ98FYsKaURmrpAAwWGpXycoXamtcU6sS8JZu/z~Z~Z%28%28%28%5ETrag%29%29.html#
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
recommendation verbose URL: https://ipfs.io/ipfs/Qmdx6xdEhKJ98FYsKaURmrpAAwWGpXycoXamtcU6sS8JZu/z~Z~Z%28%28%28%5ETrag%29%29.html#
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o