URL: https://ipfs.io/ipfs/QmVb1cwRjaGw4uARLvzL78TCp121P7v8v58dCz2rRaVqTY/TATDTSSDSSTSYHS.html
Submission: On August 06 via api from US — Scanned from CA

Summary

This website contacted 4 IPs in 1 countries across 5 domains to perform 7 HTTP transactions. The main IP is 209.94.90.1, located in United States and belongs to PROTOCOL, US. The main domain is ipfs.io. The Cisco Umbrella rank of the primary domain is 90575.
TLS certificate: Issued by WE1 on June 14th 2024. Valid for: 3 months.
This is the only time ipfs.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

IP Address AS Autonomous System
2 209.94.90.1 40680 (PROTOCOL)
2 151.101.194.137 54113 (FASTLY)
2 18.173.166.38 16509 (AMAZON-02)
1 1 142.251.174.104 15169 (GOOGLE)
1 142.251.111.99 15169 (GOOGLE)
7 4
Apex Domain
Subdomains
Transfer
2 clearbit.com
logo.clearbit.com — Cisco Umbrella Rank: 46929
1000 B
2 jquery.com
code.jquery.com — Cisco Umbrella Rank: 1211
30 KB
2 ipfs.io
ipfs.io — Cisco Umbrella Rank: 90575
10 KB
1 gstatic.com
t3.gstatic.com
667 B
1 google.com
www.google.com — Cisco Umbrella Rank: 10
18 B
7 5
Domain Requested by
2 logo.clearbit.com ipfs.io
2 code.jquery.com ipfs.io
2 ipfs.io ipfs.io
1 t3.gstatic.com
1 www.google.com 1 redirects
7 5

This site contains no links.

Subject Issuer Validity Valid
ipfs.io
WE1
2024-06-14 -
2024-09-12
3 months crt.sh
*.jquery.com
Sectigo ECC Domain Validation Secure Server CA
2024-06-25 -
2025-06-25
a year crt.sh
clearbit.com
Amazon RSA 2048 M03
2024-01-22 -
2025-02-18
a year crt.sh

This page contains 2 frames:

Primary Page: https://ipfs.io/ipfs/QmVb1cwRjaGw4uARLvzL78TCp121P7v8v58dCz2rRaVqTY/TATDTSSDSSTSYHS.html
Frame ID: BEC1E242DC77FC502B02BDEC5016551E
Requests: 4 HTTP requests in this frame

Frame: https://ipfs.io/ipfs/QmVb1cwRjaGw4uARLvzL78TCp121P7v8v58dCz2rRaVqTY/TATDTSSDSSTSYHS.html
Frame ID: 065E1B2BD935EEB20EF1403D2F1E47B0
Requests: 3 HTTP requests in this frame

Screenshot

Page Title

Session Expired!

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

86 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

4
IPs

1
Countries

41 kB
Transfer

198 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • https://www.google.com/s2/favicons?domain=microsoft.com HTTP 301
  • https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16

7 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request TATDTSSDSSTSYHS.html
ipfs.io/ipfs/QmVb1cwRjaGw4uARLvzL78TCp121P7v8v58dCz2rRaVqTY/
14 KB
5 KB
Document
General
Full URL
https://ipfs.io/ipfs/QmVb1cwRjaGw4uARLvzL78TCp121P7v8v58dCz2rRaVqTY/TATDTSSDSSTSYHS.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.94.90.1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3ea2a9db3120e97f8d78629056c4c7ceaa88a5384d5522e6ed09395584527b87

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type Range User-Agent X-Requested-With
access-control-allow-methods
GET HEAD OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
age
699713
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=29030400, immutable
cf-cache-status
HIT
cf-ray
8af151138e03abb8-YYZ
content-encoding
br
content-type
text/html
date
Tue, 06 Aug 2024 19:08:38 GMT
server
cloudflare
vary
Accept-Encoding
x-ipfs-path
/ipfs/QmVb1cwRjaGw4uARLvzL78TCp121P7v8v58dCz2rRaVqTY/TATDTSSDSSTSYHS.html
x-ipfs-pop
rainbow-dc13-07
x-ipfs-roots
QmVb1cwRjaGw4uARLvzL78TCp121P7v8v58dCz2rRaVqTY,QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy
jquery-3.2.1.min.js
code.jquery.com/
85 KB
30 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.2.1.min.js
Requested by
Host: ipfs.io
URL: https://ipfs.io/ipfs/QmVb1cwRjaGw4uARLvzL78TCp121P7v8v58dCz2rRaVqTY/TATDTSSDSSTSYHS.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Referer
https://ipfs.io/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 06 Aug 2024 19:08:38 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
17519884
x-cache
HIT, HIT
content-length
30125
x-served-by
cache-lga21971-LGA, cache-yyz4567-YYZ
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1722971318.488009,VS0,VE0
etag
W/"28feccc0-15283"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
80396, 41484
live.com
logo.clearbit.com/
618 B
1000 B
Image
General
Full URL
https://logo.clearbit.com/live.com
Requested by
Host: ipfs.io
URL: https://ipfs.io/ipfs/QmVb1cwRjaGw4uARLvzL78TCp121P7v8v58dCz2rRaVqTY/TATDTSSDSSTSYHS.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.166.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-166-38.mia3.r.cloudfront.net
Software
Clearbit /
Resource Hash
a1fab8fc3cf9fb9554b6d0fcab8236be7a22ceadec82ce0704cf79d3973c1139
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://ipfs.io/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 08:07:28 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-envoy-response-flags
-
via
1.1 7d0ecdea847700fc2409a4284e67fcc0.cloudfront.net (CloudFront)
server
Clearbit
x-amz-cf-pop
MIA3-P7
age
1854070
x-cache
Hit from cloudfront
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=2592000
content-length
618
x-amz-cf-id
H0w_BmTzKNj1okEu4tH3wNhLMPl49W4airy8Ad8amxXykQ3e22vhxA==
TATDTSSDSSTSYHS.html
ipfs.io/ipfs/QmVb1cwRjaGw4uARLvzL78TCp121P7v8v58dCz2rRaVqTY/ Frame 065E
14 KB
5 KB
Document
General
Full URL
https://ipfs.io/ipfs/QmVb1cwRjaGw4uARLvzL78TCp121P7v8v58dCz2rRaVqTY/TATDTSSDSSTSYHS.html
Requested by
Host: ipfs.io
URL: https://ipfs.io/ipfs/QmVb1cwRjaGw4uARLvzL78TCp121P7v8v58dCz2rRaVqTY/TATDTSSDSSTSYHS.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.94.90.1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3ea2a9db3120e97f8d78629056c4c7ceaa88a5384d5522e6ed09395584527b87

Request headers

Referer
https://ipfs.io/ipfs/QmVb1cwRjaGw4uARLvzL78TCp121P7v8v58dCz2rRaVqTY/TATDTSSDSSTSYHS.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type Range User-Agent X-Requested-With
access-control-allow-methods
GET HEAD OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
age
699713
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=29030400, immutable
cf-cache-status
HIT
cf-ray
8af151153f9fabb8-YYZ
content-encoding
br
content-type
text/html
date
Tue, 06 Aug 2024 19:08:38 GMT
server
cloudflare
vary
Accept-Encoding
x-ipfs-path
/ipfs/QmVb1cwRjaGw4uARLvzL78TCp121P7v8v58dCz2rRaVqTY/TATDTSSDSSTSYHS.html
x-ipfs-pop
rainbow-dc13-07
x-ipfs-roots
QmVb1cwRjaGw4uARLvzL78TCp121P7v8v58dCz2rRaVqTY,QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy
jquery-3.2.1.min.js
code.jquery.com/ Frame 065E
85 KB
0
Script
General
Full URL
https://code.jquery.com/jquery-3.2.1.min.js
Requested by
Host: ipfs.io
URL: https://ipfs.io/ipfs/QmVb1cwRjaGw4uARLvzL78TCp121P7v8v58dCz2rRaVqTY/TATDTSSDSSTSYHS.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Referer
https://ipfs.io/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 06 Aug 2024 19:08:38 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
17519884
x-cache
HIT, HIT
content-length
30125
x-served-by
cache-lga21971-LGA, cache-yyz4567-YYZ
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1722971318.488009,VS0,VE0
etag
W/"28feccc0-15283"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
80396, 41484
live.com
logo.clearbit.com/ Frame 065E
618 B
0
Image
General
Full URL
https://logo.clearbit.com/live.com
Requested by
Host: ipfs.io
URL: https://ipfs.io/ipfs/QmVb1cwRjaGw4uARLvzL78TCp121P7v8v58dCz2rRaVqTY/TATDTSSDSSTSYHS.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.166.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-166-38.mia3.r.cloudfront.net
Software
Clearbit /
Resource Hash
a1fab8fc3cf9fb9554b6d0fcab8236be7a22ceadec82ce0704cf79d3973c1139
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://ipfs.io/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 08:07:28 GMT
via
1.1 7d0ecdea847700fc2409a4284e67fcc0.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-envoy-response-flags
-
server
Clearbit
x-amz-cf-pop
MIA3-P7
age
1854070
x-cache
Hit from cloudfront
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=2592000
content-length
618
x-amz-cf-id
H0w_BmTzKNj1okEu4tH3wNhLMPl49W4airy8Ad8amxXykQ3e22vhxA==
faviconV2
t3.gstatic.com/
Redirect Chain
  • https://www.google.com/s2/favicons?domain=microsoft.com
  • https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16
123 B
667 B
Other
General
Full URL
https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16
Protocol
H2
Server
142.251.111.99 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bk-in-f99.1e100.net
Software
sffe /
Resource Hash
352a123b5fc60b04834709b12bd417da8aec2c4319e6486c31f6826e9e591eed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ipfs.io/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sat, 03 Aug 2024 09:53:11 GMT
x-content-type-options
nosniff
age
292528
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
123
x-xss-protection
0
last-modified
Wed, 29 Nov 2017 12:34:19 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="media-favicon"
report-to
{"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
content-location
https://www.microsoft.com/favicon.ico?v2
expires
Sat, 10 Aug 2024 09:53:11 GMT

Redirect headers

date
Tue, 06 Aug 2024 19:08:38 GMT
x-content-type-options
nosniff
server
sffe
content-type
text/html; charset=UTF-8
location
https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16
cache-control
public, max-age=1800
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
333
x-xss-protection
0
expires
Tue, 06 Aug 2024 19:38:38 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| $ function| jQuery function| stopHtmlRender function| randomString function| isBase64 function| _0x23c5db function| _0x5dde function| _0x2cf3 function| checkImage

0 Cookies

4 Console Messages

Source Level URL
Text
security warning URL: about:blank
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
recommendation verbose URL: https://ipfs.io/ipfs/QmVb1cwRjaGw4uARLvzL78TCp121P7v8v58dCz2rRaVqTY/TATDTSSDSSTSYHS.html
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
security warning URL: https://ipfs.io/ipfs/QmVb1cwRjaGw4uARLvzL78TCp121P7v8v58dCz2rRaVqTY/TATDTSSDSSTSYHS.html#
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
recommendation verbose URL: https://ipfs.io/ipfs/QmVb1cwRjaGw4uARLvzL78TCp121P7v8v58dCz2rRaVqTY/TATDTSSDSSTSYHS.html#
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o