ipfs.io
Open in
urlscan Pro
209.94.90.1
Malicious Activity!
Public Scan
Submission: On July 26 via api from US — Scanned from DE
Summary
TLS certificate: Issued by WE1 on June 14th 2024. Valid for: 3 months.
This is the only time ipfs.io was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 209.94.90.1 209.94.90.1 | 40680 (PROTOCOL) (PROTOCOL) | |
2 | 2a04:4e42:200... 2a04:4e42:200::649 | 54113 (FASTLY) (FASTLY) | |
2 | 3.165.113.58 3.165.113.58 | 16509 (AMAZON-02) (AMAZON-02) | |
1 1 | 142.250.184.196 142.250.184.196 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:831::2004 | 15169 (GOOGLE) (GOOGLE) | |
7 | 4 |
ASN16509 (AMAZON-02, US)
PTR: server-3-165-113-58.cdg50.r.cloudfront.net
logo.clearbit.com |
ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f4.1e100.net
www.google.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
clearbit.com
logo.clearbit.com — Cisco Umbrella Rank: 46929 |
1011 B |
2 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 1211 |
30 KB |
2 |
ipfs.io
ipfs.io — Cisco Umbrella Rank: 90575 |
10 KB |
1 |
gstatic.com
t1.gstatic.com |
667 B |
1 |
google.com
1 redirects
www.google.com — Cisco Umbrella Rank: 10 |
19 B |
7 | 5 |
Domain | Requested by | |
---|---|---|
2 | logo.clearbit.com |
ipfs.io
|
2 | code.jquery.com |
ipfs.io
|
2 | ipfs.io |
ipfs.io
|
1 | t1.gstatic.com | |
1 | www.google.com | 1 redirects |
7 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ipfs.io WE1 |
2024-06-14 - 2024-09-12 |
3 months | crt.sh |
*.jquery.com Sectigo ECC Domain Validation Secure Server CA |
2024-06-25 - 2025-06-25 |
a year | crt.sh |
clearbit.com Amazon RSA 2048 M03 |
2024-01-22 - 2025-02-18 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://ipfs.io/ipfs/Qmdx6xdEhKJ98FYsKaURmrpAAwWGpXycoXamtcU6sS8JZu/z~Z~Z%28%28%28%5ETrag%29%29.html
Frame ID: E8E88468C259463B17FAE51F6ED61209
Requests: 4 HTTP requests in this frame
Frame:
https://ipfs.io/ipfs/Qmdx6xdEhKJ98FYsKaURmrpAAwWGpXycoXamtcU6sS8JZu/z~Z~Z%28%28%28%5ETrag%29%29.html
Frame ID: B2181A6F36A48FA4A71D024ED1D60F49
Requests: 3 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 5- https://www.google.com/s2/favicons?domain=microsoft.com HTTP 301
- https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
z~Z~Z%28%28%28%5ETrag%29%29.html
ipfs.io/ipfs/Qmdx6xdEhKJ98FYsKaURmrpAAwWGpXycoXamtcU6sS8JZu/ |
14 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.min.js
code.jquery.com/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
live.com
logo.clearbit.com/ |
618 B 1011 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
z~Z~Z%28%28%28%5ETrag%29%29.html
ipfs.io/ipfs/Qmdx6xdEhKJ98FYsKaURmrpAAwWGpXycoXamtcU6sS8JZu/ Frame B218 |
14 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.min.js
code.jquery.com/ Frame B218 |
85 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
live.com
logo.clearbit.com/ Frame B218 |
618 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
faviconV2
t1.gstatic.com/ Redirect Chain
|
123 B 667 B |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 function| $ function| jQuery function| stopHtmlRender function| randomString function| isBase64 function| _0x23c5db function| _0x5dde function| _0x2cf3 function| checkImage0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
ipfs.io
logo.clearbit.com
t1.gstatic.com
www.google.com
142.250.184.196
209.94.90.1
2a00:1450:4001:831::2004
2a04:4e42:200::649
3.165.113.58
352a123b5fc60b04834709b12bd417da8aec2c4319e6486c31f6826e9e591eed
3ea2a9db3120e97f8d78629056c4c7ceaa88a5384d5522e6ed09395584527b87
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
a1fab8fc3cf9fb9554b6d0fcab8236be7a22ceadec82ce0704cf79d3973c1139