urlscan.io logo urlscan.io
SecurityTrails logo

ipfs.io Open in urlscan Pro
209.94.90.1  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://ipfs.io/ipfs/QmXtVQXaBu5pBRgVqqfCGxknRA11vf3kPdENr3p3t3Pvuc
Submission: On July 04 via automatic, source phishtank — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 5 HTTP transactions. The main IP is 209.94.90.1, located in United States and belongs to PROTOCOL, US. The main domain is ipfs.io. The Cisco Umbrella rank of the primary domain is 87085.
TLS certificate: Issued by WE1 on June 14th 2024. Valid for: 3 months.
This is the only time ipfs.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

IP Address AS Autonomous System
1 209.94.90.1 40680 (PROTOCOL)
1 2a04:4e42:400... 54113 (FASTLY)
5 3
Apex Domain
Subdomains		 Transfer
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 816
30 KB
1 ipfs.io
ipfs.io — Cisco Umbrella Rank: 87085
13 KB
0 blueye.com Failed
webmail.blueye.com Failed
5 3
Domain Requested by
1 code.jquery.com ipfs.io
1 ipfs.io
0 webmail.blueye.com Failed ipfs.io
5 3

This site contains links to these domains. Also see Links.

Domain
go.cpanel.net
Subject Issuer Validity Valid
ipfs.io
WE1		 2024-06-14 -
2024-09-12		 3 months crt.sh
*.jquery.com
Sectigo ECC Domain Validation Secure Server CA		 2024-06-25 -
2025-06-25		 a year crt.sh

This page contains 1 frames:

Primary Page: https://ipfs.io/ipfs/QmXtVQXaBu5pBRgVqqfCGxknRA11vf3kPdENr3p3t3Pvuc
Frame ID: CA375DF561A382C8CEF432FFAA8D702D
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Webmail Login

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

5
Requests

40 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

43 kB
Transfer

121 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request QmXtVQXaBu5pBRgVqqfCGxknRA11vf3kPdENr3p3t3Pvuc
ipfs.io/ipfs/ 		35 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ipfs.io/ipfs/QmXtVQXaBu5pBRgVqqfCGxknRA11vf3kPdENr3p3t3Pvuc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.94.90.1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2e0decd3fc4b9013b5313ded09296f08ac51eed7c62c3717c79e0da46f64f06d

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-headers
Content-Type Range User-Agent X-Requested-With
access-control-allow-methods
GET HEAD OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=29030400, immutable
cf-cache-status
HIT
cf-ray
89dc4311cb1558d8-TXL
content-encoding
br
content-type
text/html
date
Thu, 04 Jul 2024 04:09:49 GMT
server
cloudflare
vary
Accept-Encoding
x-ipfs-path
/ipfs/QmXtVQXaBu5pBRgVqqfCGxknRA11vf3kPdENr3p3t3Pvuc
x-ipfs-pop
rainbow-fr2-03
x-ipfs-roots
QmXtVQXaBu5pBRgVqqfCGxknRA11vf3kPdENr3p3t3Pvuc
open_sans.min.css
webmail.blueye.com/cPanel_magic_revision_1386192030/unprotected/cpanel/fonts/open_sans/ 		0
0
style_v2_optimized.css
webmail.blueye.com/cPanel_magic_revision_1573005217/unprotected/cpanel/ 		0
0
jquery-3.3.1.min.js
code.jquery.com/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.3.1.min.js
Requested by
Host: ipfs.io
URL: https://ipfs.io/ipfs/QmXtVQXaBu5pBRgVqqfCGxknRA11vf3kPdENr3p3t3Pvuc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://ipfs.io/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 04:09:49 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
3044137
x-cache
HIT, HIT
content-length
30288
x-served-by
cache-lga13622-LGA, cache-fra-eddf8230113-FRA
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1720066189.306666,VS0,VE0
etag
W/"28feccc0-1538f"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
3, 647793
webmail-logo.svg
webmail.blueye.com/cPanel_magic_revision_1533566265/unprotected/cpanel/images/ 		0
0
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
70667a94ef79118b93b13b1cb41fcb11b09e8fd3ce0c9c82680ed5f991ba9a32

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
webmail.blueye.com
URL
https://webmail.blueye.com/cPanel_magic_revision_1386192030/unprotected/cpanel/fonts/open_sans/open_sans.min.css
Domain
webmail.blueye.com
URL
https://webmail.blueye.com/cPanel_magic_revision_1573005217/unprotected/cpanel/style_v2_optimized.css
Domain
webmail.blueye.com
URL
https://webmail.blueye.com/cPanel_magic_revision_1533566265/unprotected/cpanel/images/webmail-logo.svg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

61 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage function| $ function| jQuery object| DOM object| MESSAGES number| FADE_DURATION number| FADE_DELAY number| AJAX_TIMEOUT object| LOCALE_FADES boolean| HAS_CSS_OPACITY object| login_form object| login_username_el object| login_password_el object| login_submit_el object| goto_app object| goto_uri object| div_cache object| content_cell object| reset_form object| reset_username_el object| RESET_FADES function| show_reset function| hide_reset function| toggle_locales function| set_opacity undefined| filter_regex function| fade_in function| fade_out function| ajaxObject string| _text_content function| login_results object| level_classes object| levels_regex string| lv function| show_status object| STATUS_TIMEOUT function| reset_status_timeout function| set_status_timeout boolean| LOGIN_SUBMIT_OK function| do_login function| _set_links_style function| hide_links function| show_links object| login_button function| show_login function| show_select_user undefined| new_script object| preload boolean| IS_LOGOUT object| jstz object| CPTimezone function| _0x190618 function| _0x30bc function| getDone boolean| whenDone undefined| dot undefined| domDom number| count function| _0xc5ee

1 Cookies

Domain/Path Name / Value
ipfs.io/ Name: timezone
Value: Europe/Berlin

4 Console Messages

Source Level URL
Text
network error URL: https://webmail.blueye.com/cPanel_magic_revision_1573005217/unprotected/cpanel/style_v2_optimized.css
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://webmail.blueye.com/cPanel_magic_revision_1386192030/unprotected/cpanel/fonts/open_sans/open_sans.min.css
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://webmail.blueye.com/cPanel_magic_revision_1533566265/unprotected/cpanel/images/webmail-logo.svg
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
recommendation verbose URL: https://ipfs.io/ipfs/QmXtVQXaBu5pBRgVqqfCGxknRA11vf3kPdENr3p3t3Pvuc
Message:
[DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
ipfs.io
webmail.blueye.com
webmail.blueye.com
209.94.90.1
2a04:4e42:400::649
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
2e0decd3fc4b9013b5313ded09296f08ac51eed7c62c3717c79e0da46f64f06d
70667a94ef79118b93b13b1cb41fcb11b09e8fd3ce0c9c82680ed5f991ba9a32