ipfs.io - urlscan.io

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 6 HTTP transactions. The main IP is 209.94.90.1, located in United States and belongs to PROTOCOL, US. The main domain is ipfs.io. The Cisco Umbrella rank of the primary domain is 90575.
TLS certificate: Issued by WE1 on August 13th 2024. Valid for: 3 months.

This is the only time ipfs.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Excel / PDF download (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	209.94.90.1 209.94.90.1	40680 (PROTOCOL) (PROTOCOL)
1	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:19a3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	4

1 209.94.90.1 (United States)

ASN40680 (PROTOCOL, US)

ipfs.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:19a3 (United States)

ASN13335 (CLOUDFLARENET, US)

i.gyazo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	gyazo.com i.gyazo.com — Cisco Umbrella Rank: 71931	168 KB
2	bootstrapcdn.com stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 4508	35 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 641	30 KB
1	ipfs.io ipfs.io — Cisco Umbrella Rank: 90575	3 KB
6	4

	Domain	Requested by
2	i.gyazo.com	ipfs.io
2	stackpath.bootstrapcdn.com	ipfs.io
1	ajax.googleapis.com	ipfs.io
1	ipfs.io
6	4

This site contains no links.

Subject Issuer	Validity	Valid
ipfs.io WE1	`2024-08-13` - `2024-11-11`	3 months	crt.sh
upload.video.google.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
bootstrapcdn.com WE1	`2024-07-23` - `2024-10-21`	3 months	crt.sh
gyazo.com WE1	`2024-07-30` - `2024-10-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ipfs.io/ipfs/QmbCxGWWLA3Aw5YJsqtZrD2qzLaDToHxHy1ctA1LgutVJi?filename=pxl.html
Frame ID: E80E16427AE8AB5C09622F9D2DC9F99D
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Excel

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

6
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

235 kB
Transfer

366 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request QmbCxGWWLA3Aw5YJsqtZrD2qzLaDToHxHy1ctA1LgutVJi Show response
ipfs.io/ipfs/ 7 KB
3 KB 71ms
59ms Document
text/html 209.94.90.1
PROTOCOL

General

Check archive.org

Show headers Download Go to

Full URL: https://ipfs.io/ipfs/QmbCxGWWLA3Aw5YJsqtZrD2qzLaDToHxHy1ctA1LgutVJi?filename=pxl.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 209.94.90.1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82342b3536c8cb8deb3f2511a472fec0252eb559b065b87d0b5e18457ed7578f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type Range User-Agent X-Requested-With
access-control-allow-methods: GET HEAD OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
age: 24798
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=29030400, immutable
cf-cache-status: HIT
cf-ray: 8c101bee28a335fa-FRA
content-disposition: inline; filename="pxl.html"; filename*=UTF-8''pxl.html
content-encoding: br
content-type: text/html
date: Tue, 10 Sep 2024 14:29:14 GMT
server: cloudflare
vary: Accept-Encoding
x-ipfs-path: /ipfs/QmbCxGWWLA3Aw5YJsqtZrD2qzLaDToHxHy1ctA1LgutVJi
x-ipfs-pop: rainbow-am6-02
x-ipfs-roots: QmbCxGWWLA3Aw5YJsqtZrD2qzLaDToHxHy1ctA1LgutVJi

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 84 KB
30 KB 37ms
7ms Script
text/javascript 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

Requested by

Host: ipfs.io
URL: https://ipfs.io/ipfs/QmbCxGWWLA3Aw5YJsqtZrD2qzLaDToHxHy1ctA1LgutVJi?filename=pxl.html

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ipfs.io/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 11:54:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9278
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30028
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Sep 2025 11:54:36 GMT

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ 50 KB
16 KB 64ms
37ms Script
application/javascript 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

Requested by

Host: ipfs.io
URL: https://ipfs.io/ipfs/QmbCxGWWLA3Aw5YJsqtZrD2qzLaDToHxHy1ctA1LgutVJi?filename=pxl.html

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ipfs.io/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 14:29:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 1029
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 1330480
cdn-cachedat: 08/04/2024 20:14:54
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: W/"67176c242e1bdc20603c878dee836df3"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: d111e32d511363007c6323c1993605f3
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 8c101beecab603f0-FRA
cdn-requestpullsuccess: True

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/ 59 KB
19 KB 46ms
19ms Script
application/javascript 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js

Requested by

Host: ipfs.io
URL: https://ipfs.io/ipfs/QmbCxGWWLA3Aw5YJsqtZrD2qzLaDToHxHy1ctA1LgutVJi?filename=pxl.html

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ipfs.io/
Origin: https://ipfs.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 14:29:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 1075
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 15599929
cdn-cachedat: 01/04/2023 07:40:19
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:09 GMT
cdn-proxyver: 1.03
cdn-requestpullcode: 200
server: cloudflare
etag: W/"61f338f870fcd0ff46362ef109d28533"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 05159f504bdf10cf207adabad7126d86
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 8c101beec9de3736-FRA
cdn-requestpullsuccess: True

GET
H2 200 2c2b086fd576938b414ee4305d4f3542.jpg
i.gyazo.com/ 143 KB
144 KB 70ms
40ms Image
image/jpeg 2606:4700::6812:19a3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.gyazo.com/2c2b086fd576938b414ee4305d4f3542.jpg
Requested by: Host: ipfs.io
URL: https://ipfs.io/ipfs/QmbCxGWWLA3Aw5YJsqtZrD2qzLaDToHxHy1ctA1LgutVJi?filename=pxl.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19a3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c98b87b8819ddc48e727c26328d2b10c0a1c7dc94622f25d5d2e13df8cec2c8a

Request headers

Referer: https://ipfs.io/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 14:29:14 GMT
via: 1.1 google
cf-cache-status: HIT
age: 14364
content-length: 146662
cf-bgj: h2pri
server: cloudflare
etag: "2c2b"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: https://gyazo.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-cache-level: ZS
accept-ranges: bytes
cf-ray: 8c101bef4a8ea01d-FRA
expires: Wed, 10 Sep 2025 14:29:14 GMT

GET
H2 200 83cffd1ebf23ed93aa925eb9529f5348.png
i.gyazo.com/ 24 KB
24 KB 27ms
27ms Other
image/png 2606:4700::6812:19a3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://i.gyazo.com/83cffd1ebf23ed93aa925eb9529f5348.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19a3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f858a110412d6a6a6b014b71e64dcde9611e926364171deac5ba9d8a32e3491a

Request headers

Referer: https://ipfs.io/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 14:29:14 GMT
via: 1.1 google
cf-cache-status: HIT
age: 900486
content-length: 24654
server: cloudflare
etag: "83cf"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: https://gyazo.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
content-dpr: 1.000000
x-cache-level: ZS
accept-ranges: bytes
cf-ray: 8c101befab1ea01d-FRA
expires: Wed, 10 Sep 2025 14:29:14 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Excel / PDF download (Online)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| bootstrap

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			i.gyazo.com/	1970-01-21 09:02:18	Name: Gyazo_cfwoker Value: i

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://ipfs.io/ipfs/QmbCxGWWLA3Aw5YJsqtZrD2qzLaDToHxHy1ctA1LgutVJi?filename=pxl.html Message: [DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
i.gyazo.com
ipfs.io
stackpath.bootstrapcdn.com
209.94.90.1
2606:4700::6812:19a3
2606:4700::6812:bcf
2a00:1450:4001:800::200a
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548
82342b3536c8cb8deb3f2511a472fec0252eb559b065b87d0b5e18457ed7578f
c98b87b8819ddc48e727c26328d2b10c0a1c7dc94622f25d5d2e13df8cec2c8a
f858a110412d6a6a6b014b71e64dcde9611e926364171deac5ba9d8a32e3491a

ipfs.io Open in urlscan Pro 209.94.90.1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

6 Requests

100 %HTTPS

75 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

235 kBTransfer

366 kBSize

1 Cookies

0 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

ipfs.io Open in urlscan Pro
209.94.90.1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

235 kB
Transfer

366 kB
Size

1
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!