urlscan.io logo urlscan.io
SecurityTrails logo

ipfs.io
209.94.90.1  Malicious Activity! Public Scan Open in urlscan Pro

Go To Rescan Add Verdict Report
Submitted URL: https://shimmering-sixth-fear.glitch.me/ 6mo old
Effective URL: https://ipfs.io/ipfs/bafybeih7c35cd3agnlnf5s63qu7wgrabgva45oqjnoic7em3cetcu5m2va/ 11yr old
Submission: On December 18 via api from NL — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 6 HTTP transactions. The main IP is 209.94.90.1, located in United States and belongs to PROTOCOL, US. The main domain is ipfs.io. The Cisco Umbrella rank of the primary domain is 104407. 11yr old
TLS certificate: Issued by WE1 on November 29th 2025. Valid for: 3mo.
This is the only time ipfs.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 2a04:4e42::571 54113 (FASTLY)
1 4 209.94.90.1 40680 (PROTOCOL)
2 104.17.25.14 13335 (CLOUDFLAR...)
1 2400:52e0:1a0... 200325 (BunnyCDN ...)
6 3
Apex Domain
Subdomains		 Transfer
4 ipfs.io
ipfs.io — Cisco Umbrella Rank: 104407 11yr old
7 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 246 13yr old
173 KB
1 ipfs.tech
ipfs.tech 5yr old
5 KB
1 glitch.me
shimmering-sixth-fear.glitch.me 6mo old
243 B
6 4
Domain Requested by
4 ipfs.io 1 redirects ipfs.io
2 cdnjs.cloudflare.com ipfs.io
cdnjs.cloudflare.com
1 ipfs.tech
1 shimmering-sixth-fear.glitch.me 1 redirects
6 4

This site contains no links.

Subject Issuer Validity Valid
ipfs.io
WE1		 2025-11-29 -
2026-02-27		 3mo crt.sh
cdnjs.cloudflare.com
WE1		 2025-11-15 -
2026-02-13		 3mo crt.sh

This page contains 1 frames:

Primary Page: https://ipfs.io/ipfs/bafybeih7c35cd3agnlnf5s63qu7wgrabgva45oqjnoic7em3cetcu5m2va/
Frame ID: 733C8004191349CAFEF81AE7B0DB6EE2
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Webmail

Page URL History Show full URLs

  1. https://shimmering-sixth-fear.glitch.me/ HTTP 308
    https://ipfs.io/ipfs/bafybeih7c35cd3agnlnf5s63qu7wgrabgva45oqjnoic7em3cetcu5m2va/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

6
Requests

83 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

184 kB
Transfer

282 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://shimmering-sixth-fear.glitch.me/ HTTP 308
    https://ipfs.io/ipfs/bafybeih7c35cd3agnlnf5s63qu7wgrabgva45oqjnoic7em3cetcu5m2va/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://ipfs.io/favicon.ico HTTP 301
  • https://ipfs.tech/favicon.ico

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
ipfs.io/ipfs/bafybeih7c35cd3agnlnf5s63qu7wgrabgva45oqjnoic7em3cetcu5m2va/
Redirect Chain
  • https://shimmering-sixth-fear.glitch.me/
  • https://ipfs.io/ipfs/bafybeih7c35cd3agnlnf5s63qu7wgrabgva45oqjnoic7em3cetcu5m2va/
7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ipfs.io/ipfs/bafybeih7c35cd3agnlnf5s63qu7wgrabgva45oqjnoic7em3cetcu5m2va/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.94.90.1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e34871f6c8a7f07800490be2dc90a5d10639185edd39839fd3f0f534e492e1b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 18_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Mobile/15E148 Safari/604.1

Response headers

access-control-allow-headers
Content-Type Range User-Agent X-Requested-With
access-control-allow-methods
GET HEAD OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
age
97628
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=29030400, immutable
cf-cache-status
HIT
cf-ray
9b0049dd89b499bc-CDG
content-encoding
br
content-type
text/html
date
Thu, 18 Dec 2025 17:13:02 GMT
priority
u=0,i
server
cloudflare
server-timing
cfExtPri
vary
Accept-Encoding
x-ipfs-path
/ipfs/bafybeih7c35cd3agnlnf5s63qu7wgrabgva45oqjnoic7em3cetcu5m2va/
x-ipfs-pop
rainbow-fr2-01
x-ipfs-roots
bafybeih7c35cd3agnlnf5s63qu7wgrabgva45oqjnoic7em3cetcu5m2va
x-robots-tag
noindex, nofollow

Redirect headers

accept-ranges
bytes
access-control-allow-origin
*
content-length
0
date
Thu, 18 Dec 2025 17:13:02 GMT
location
https://ipfs.io/ipfs/bafybeih7c35cd3agnlnf5s63qu7wgrabgva45oqjnoic7em3cetcu5m2va/
retry-after
0
server
Varnish
via
1.1 varnish
x-cache
HIT
x-cache-hits
0
x-glitch-project-name
shimmering-sixth-fear
x-served-by
cache-lon420119-LON
x-timer
S1766077982.278278,VS0,VE0
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/ 		100 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css
Requested by
Host: ipfs.io
URL: https://ipfs.io/ipfs/bafybeih7c35cd3agnlnf5s63qu7wgrabgva45oqjnoic7em3cetcu5m2va/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c880eb3d25c765d399840aa204fec22b3230310991089f14781f09a35ed80b8a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 18_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Mobile/15E148 Safari/604.1
Referer
https://ipfs.io/

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"656632a7-49ab"
age
1169302
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4aVgOcRMraXQ2i8m9SwMnLL2o5UNUbGUsmovOJUUh4ZgEyowZP6SyttVoEmtuchMPdh%2FDL8v2lu06CB8a%2BgwI6ntKrNlyWiWObrgueq4iB%2BK7TYqP8LLuseJMAgqmq2oKVKD2cg%2F"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Tue, 08 Dec 2026 17:13:02 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 18 Dec 2025 17:13:02 GMT
content-type
text/css; charset=utf-8
last-modified
Tue, 28 Nov 2023 18:34:15 GMT
vary
Accept-Encoding
priority
u=0,i=?0
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
9b0049de1b318f0a-CDG
accept-ranges
bytes
access-control-allow-origin
*
content-length
18859
server
cloudflare
webm.svg
ipfs.io/ipfs/bafybeih7c35cd3agnlnf5s63qu7wgrabgva45oqjnoic7em3cetcu5m2va/ 		5 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ipfs.io/ipfs/bafybeih7c35cd3agnlnf5s63qu7wgrabgva45oqjnoic7em3cetcu5m2va/webm.svg
Requested by
Host: ipfs.io
URL: https://ipfs.io/ipfs/bafybeih7c35cd3agnlnf5s63qu7wgrabgva45oqjnoic7em3cetcu5m2va/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.94.90.1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
cloudflare /
Resource Hash
998cd48cdc0414f694d0a3a299dd2beb1134769d5666c7e5567e7d20b4174ef8

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 18_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Mobile/15E148 Safari/604.1
Referer
https://ipfs.io/ipfs/bafybeih7c35cd3agnlnf5s63qu7wgrabgva45oqjnoic7em3cetcu5m2va/

Response headers

x-robots-tag
noindex, nofollow
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
content-encoding
br
cf-cache-status
HIT
etag
W/"bafkreiezrtkizxaect3jjufdukm52k7lce2hnhkwm3d6kvt6puqlif2o7a"
age
290187
x-ipfs-path
/ipfs/bafybeih7c35cd3agnlnf5s63qu7wgrabgva45oqjnoic7em3cetcu5m2va/webm.svg
access-control-allow-methods
GET, HEAD, OPTIONS
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 18 Dec 2025 17:13:02 GMT
x-ipfs-roots
bafybeih7c35cd3agnlnf5s63qu7wgrabgva45oqjnoic7em3cetcu5m2va,bafkreiezrtkizxaect3jjufdukm52k7lce2hnhkwm3d6kvt6puqlif2o7a
content-type
image/svg+xml
vary
Accept-Encoding
x-ipfs-pop
rainbow-am6-03
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
priority
u=2,i
cache-control
public, max-age=29030400, immutable
cf-ray
9b0049ddfa0e99bc-CDG
access-control-allow-origin
*
server
cloudflare
cP.svg
ipfs.io/ipfs/bafybeih7c35cd3agnlnf5s63qu7wgrabgva45oqjnoic7em3cetcu5m2va/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ipfs.io/ipfs/bafybeih7c35cd3agnlnf5s63qu7wgrabgva45oqjnoic7em3cetcu5m2va/cP.svg
Requested by
Host: ipfs.io
URL: https://ipfs.io/ipfs/bafybeih7c35cd3agnlnf5s63qu7wgrabgva45oqjnoic7em3cetcu5m2va/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.94.90.1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6dd0995738dcc707d6fa2861e759e60f920839ede3a6badfa04a611b37e90e09

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 18_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Mobile/15E148 Safari/604.1
Referer
https://ipfs.io/ipfs/bafybeih7c35cd3agnlnf5s63qu7wgrabgva45oqjnoic7em3cetcu5m2va/

Response headers

x-robots-tag
noindex, nofollow
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
content-encoding
br
cf-cache-status
HIT
etag
W/"bafkreidn2cmvoog4y4d5n6rimhtvtzqpsiedt3pdu25n7ickmentp2iobe"
age
1495232
x-ipfs-path
/ipfs/bafybeih7c35cd3agnlnf5s63qu7wgrabgva45oqjnoic7em3cetcu5m2va/cP.svg
access-control-allow-methods
GET, HEAD, OPTIONS
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 18 Dec 2025 17:13:02 GMT
x-ipfs-roots
bafybeih7c35cd3agnlnf5s63qu7wgrabgva45oqjnoic7em3cetcu5m2va,bafkreidn2cmvoog4y4d5n6rimhtvtzqpsiedt3pdu25n7ickmentp2iobe
content-type
image/svg+xml
vary
Accept-Encoding
x-ipfs-pop
rainbow-am6-05
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
priority
u=2,i
cache-control
public, max-age=29030400, immutable
cf-ray
9b0049ddfa0f99bc-CDG
access-control-allow-origin
*
server
cloudflare
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/webfonts/ 		153 KB
154 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/webfonts/fa-solid-900.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f4c5a5b297e623bc159679563a4d1eb16e409ca3b57698fbc00fd2c907dadae0
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 18_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Mobile/15E148 Safari/604.1
Origin
https://ipfs.io
Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css

Response headers

cf-cdnjs-via
cfworker/kv
cf-cache-status
HIT
etag
"656632a7-26374"
age
1283037
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w%2BetlM2G%2F8nM3Fd83kjc004hl3tFv3YkP00SEcY8hj81uR5aRBA%2FNcNzp9xd%2BrxehhL%2B2xopMFkER8Fa2q3Un1Wr3i1gWubNbdfClmGak7PBCm2v%2BLxD3yZxyvKOv%2BQyO6i3yKLs"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Tue, 08 Dec 2026 17:13:02 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 18 Dec 2025 17:13:02 GMT
content-type
application/octet-stream; charset=utf-8
last-modified
Tue, 28 Nov 2023 18:34:15 GMT
vary
Accept-Encoding
priority
u=0,i=?0
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
9b0049de59bf7879-CDG
accept-ranges
bytes
access-control-allow-origin
*
content-length
156532
server
cloudflare
favicon.ico
ipfs.tech/
Redirect Chain
  • https://ipfs.io/favicon.ico
  • https://ipfs.tech/favicon.ico
15 KB
5 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://ipfs.tech/favicon.ico
Protocol
H2
Server
2400:52e0:1a00::1347:1 Chicago, United States, ASN200325 (BunnyCDN BUNNYWAY, informacijske storitve d.o.o., SI),
Reverse DNS
Software
BunnyCDN-IL1-1347 /
Resource Hash
94a9fefbbe42310c03ff1e52c1f753c21038805f632867ea78930a52c445a456
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 18_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Mobile/15E148 Safari/604.1
Referer
https://ipfs.io/

Response headers

cdn-status
200
x-request-id
5ded06c5dea43dc42cc7e9d2865726cb
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
content-encoding
br
x-ipfs-path
/ipfs/bafybeibb7bijpaz4kp5qrde45ui66lrzeqdb6kjabyorafmfzc6v6cls7q/favicon.ico
etag
W/"bafkreieuvh7pxpscgegah7y6kla7ou6cca4iax3dfbt6u6etbjjmirneky"
access-control-allow-methods
GET, HEAD, OPTIONS
x-content-type-options
nosniff
date
Thu, 18 Dec 2025 17:13:02 GMT
x-ipfs-roots
bafybeibb7bijpaz4kp5qrde45ui66lrzeqdb6kjabyorafmfzc6v6cls7q,bafkreieuvh7pxpscgegah7y6kla7ou6cca4iax3dfbt6u6etbjjmirneky
cdn-cachedat
09/22/2025 11:15:49
vary
Accept-Encoding
content-type
image/x-icon
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
x-cache-status
MISS
strict-transport-security
max-age=31536000; includeSubDomains
cdn-requestpullcode
200
cache-control
max-age=60, stale-while-revalidate=3600
cdn-requestpullsuccess
True
cdn-requesttime
0
cdn-cache
HIT
cdn-requestid
7a9c3a6c1731d36df7442a4250b144e6
cdn-pullzone
2016121
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.34
access-control-allow-origin
*
x-xss-protection
0
cdn-edgestorageid
718
server
BunnyCDN-IL1-1347
cdn-requestcountrycode
FR

Redirect headers

location
https://ipfs.tech/favicon.ico
cf-cache-status
HIT
cf-ray
9b0049deeab899bc-CDG
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 18 Dec 2025 17:13:02 GMT
content-type
text/html
vary
Accept-Encoding
server
cloudflare
x-ipfs-pop
rainbow-am6-04
priority
u=1,i

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

1 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

object| 0

0 Cookies

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://ipfs.io/ipfs/bafybeih7c35cd3agnlnf5s63qu7wgrabgva45oqjnoic7em3cetcu5m2va/
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o