urlscan.io logo urlscan.io
SecurityTrails logo

ipfs.io Open in urlscan Pro
209.94.90.1  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://gateway.ipfs.io/ipfs/bafkreic3yupbfkhmpxbmjpy7hlrpn3s6bb2fbt2afyjizud6dor2c6yxcm
Effective URL: https://ipfs.io/ipfs/bafkreic3yupbfkhmpxbmjpy7hlrpn3s6bb2fbt2afyjizud6dor2c6yxcm
Submission: On May 17 via api from LU — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 6 HTTP transactions. The main IP is 209.94.90.1, located in United States and belongs to PROTOCOL, US. The main domain is ipfs.io. The Cisco Umbrella rank of the primary domain is 65949.
TLS certificate: Issued by GTS CA 1P5 on April 16th 2024. Valid for: 3 months.
This is the only time ipfs.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 2 209.94.90.1 40680 (PROTOCOL)
1 104.17.24.14 13335 (CLOUDFLAR...)
1 2a04:4e42:200... 54113 (FASTLY)
2 2a00:1450:400... 15169 (GOOGLE)
6 5
Apex Domain
Subdomains		 Transfer
2 googleusercontent.com
lh3.googleusercontent.com — Cisco Umbrella Rank: 44
193 KB
2 ipfs.io
gateway.ipfs.io — Cisco Umbrella Rank: 316196
ipfs.io — Cisco Umbrella Rank: 65949
30 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 776
78 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 237
14 KB
0 lopapscop.ws Failed
ob0usmzfroj.lopapscop.ws Failed
6 5
Domain Requested by
2 lh3.googleusercontent.com
1 code.jquery.com ipfs.io
1 cdnjs.cloudflare.com ipfs.io
1 ipfs.io
1 gateway.ipfs.io 1 redirects
0 ob0usmzfroj.lopapscop.ws Failed code.jquery.com
6 6

This site contains no links.

Subject Issuer Validity Valid
ipfs.io
GTS CA 1P5		 2024-04-16 -
2024-07-15		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh
*.googleusercontent.com
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://ipfs.io/ipfs/bafkreic3yupbfkhmpxbmjpy7hlrpn3s6bb2fbt2afyjizud6dor2c6yxcm
Frame ID: 55DC738870D0F5D8F542E30531566350
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://gateway.ipfs.io/ipfs/bafkreic3yupbfkhmpxbmjpy7hlrpn3s6bb2fbt2afyjizud6dor2c6yxcm HTTP 301
    https://ipfs.io/ipfs/bafkreic3yupbfkhmpxbmjpy7hlrpn3s6bb2fbt2afyjizud6dor2c6yxcm Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

6
Requests

83 %
HTTPS

50 %
IPv6

5
Domains

6
Subdomains

5
IPs

3
Countries

315 kB
Transfer

541 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://gateway.ipfs.io/ipfs/bafkreic3yupbfkhmpxbmjpy7hlrpn3s6bb2fbt2afyjizud6dor2c6yxcm HTTP 301
    https://ipfs.io/ipfs/bafkreic3yupbfkhmpxbmjpy7hlrpn3s6bb2fbt2afyjizud6dor2c6yxcm Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request bafkreic3yupbfkhmpxbmjpy7hlrpn3s6bb2fbt2afyjizud6dor2c6yxcm
ipfs.io/ipfs/
Redirect Chain
  • https://gateway.ipfs.io/ipfs/bafkreic3yupbfkhmpxbmjpy7hlrpn3s6bb2fbt2afyjizud6dor2c6yxcm
  • https://ipfs.io/ipfs/bafkreic3yupbfkhmpxbmjpy7hlrpn3s6bb2fbt2afyjizud6dor2c6yxcm
39 KB
30 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ipfs.io/ipfs/bafkreic3yupbfkhmpxbmjpy7hlrpn3s6bb2fbt2afyjizud6dor2c6yxcm
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.94.90.1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5bc51e12a8ec7dc2c4bf1f3ae2f6ee5e087450cf402e128cd07e1ba3a17b1713

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-headers
Content-Type Range User-Agent X-Requested-With
access-control-allow-methods
GET HEAD OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
age
2021162
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=29030400, immutable
cf-cache-status
HIT
cf-ray
885090e5ab6c4dcc-FRA
content-encoding
br
content-type
text/html
date
Fri, 17 May 2024 03:36:55 GMT
server
cloudflare
vary
Accept-Encoding
x-ipfs-path
/ipfs/bafkreic3yupbfkhmpxbmjpy7hlrpn3s6bb2fbt2afyjizud6dor2c6yxcm
x-ipfs-pop
rainbow-fr2-02
x-ipfs-roots
bafkreic3yupbfkhmpxbmjpy7hlrpn3s6bb2fbt2afyjizud6dor2c6yxcm

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=3600
cf-ray
885090e58b524dcc-FRA
content-length
167
content-type
text/html
date
Fri, 17 May 2024 03:36:55 GMT
expires
Fri, 17 May 2024 04:36:55 GMT
location
https://ipfs.io/ipfs/bafkreic3yupbfkhmpxbmjpy7hlrpn3s6bb2fbt2afyjizud6dor2c6yxcm
server
cloudflare
vary
Accept-Encoding
crypto-js.min.js
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/ 		47 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
Requested by
Host: ipfs.io
URL: https://ipfs.io/ipfs/bafkreic3yupbfkhmpxbmjpy7hlrpn3s6bb2fbt2afyjizud6dor2c6yxcm
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ipfs.io/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 17 May 2024 03:36:55 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
9035
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
13972
last-modified
Sat, 14 Aug 2021 20:33:09 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"61182885-3694"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XfARdF3OEDn9HSVOfW6VBQ5xBrOHAMFKQ1ZsEueCo0tmf%2BHB4J0LL7aRXDcamnJzdnmWuGMGCG4jtm0YH2cNfWdYtHbISL3YR982fXvEFhetG1NmexKohvy3glRJfBWvSP5Y2ShP"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
885090e5d9039bec-FRA
expires
Wed, 07 May 2025 03:36:55 GMT
jquery-1.9.1.js
code.jquery.com/ 		262 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-1.9.1.js
Requested by
Host: ipfs.io
URL: https://ipfs.io/ipfs/bafkreic3yupbfkhmpxbmjpy7hlrpn3s6bb2fbt2afyjizud6dor2c6yxcm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ipfs.io/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 17 May 2024 03:36:56 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
3542481
x-cache
HIT, HIT
content-length
79506
x-served-by
cache-lga21952-LGA, cache-fra-etou8220101-FRA
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1715917016.044019,VS0,VE0
etag
W/"28feccc0-4185d"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
16, 8623
AJFCJaXhZo6cUCNh1ssNQzSV3jc1ppd5Vt2HN5GjHL82rJR25OrOigrMWVvBpwQN6BD4T_qHdwh2spOZ9bKA-BqcHsttYMUy5sxc-E99nKe9pgDJsCX0icydpRhjm97W_S4_6cism2sTCOp-Oxa807yjCEw=w1580-h720-s-no
lh3.googleusercontent.com/pw/ 		192 KB
193 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/pw/AJFCJaXhZo6cUCNh1ssNQzSV3jc1ppd5Vt2HN5GjHL82rJR25OrOigrMWVvBpwQN6BD4T_qHdwh2spOZ9bKA-BqcHsttYMUy5sxc-E99nKe9pgDJsCX0icydpRhjm97W_S4_6cism2sTCOp-Oxa807yjCEw=w1580-h720-s-no?authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
c51ecfdbb39612d629bbbfa57896c63dc52971d7bcf78f1795944be16274a8eb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ipfs.io/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 17 May 2024 03:36:56 GMT
x-content-type-options
nosniff
server
fife
etag
"v51"
vary
Origin
content-type
image/gif
access-control-expose-headers
Content-Length
cache-control
private, max-age=86400, no-transform
cross-origin-resource-policy
cross-origin
content-disposition
inline;filename="Flashback - Jul 5, 2023 00_04_12.gif"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
197044
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
AMWts8CjWLE-4lSHnzZVyyi38RiG_iHUev92wvk3GXVlZur4_v68tJc5TxPcsfc6Vo4P2_Sa5_Dg4wBjO9x0q0xYFQKyjpg1zURhvOLxyPhDhPJg_Z8XDFduSWtavIhhZp_z9dX4zrOp2jk9GCWUmL_6qus=s128-no
lh3.googleusercontent.com/pw/ 		330 B
647 B 		Other
General
Check archive.org
Download Go to
Full URL
https://lh3.googleusercontent.com/pw/AMWts8CjWLE-4lSHnzZVyyi38RiG_iHUev92wvk3GXVlZur4_v68tJc5TxPcsfc6Vo4P2_Sa5_Dg4wBjO9x0q0xYFQKyjpg1zURhvOLxyPhDhPJg_Z8XDFduSWtavIhhZp_z9dX4zrOp2jk9GCWUmL_6qus=s128-no
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
fea8fbaec75213e1af8005edfcdc94e7b5d7dca6ddb4e262d66e4756bda96d54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ipfs.io/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 17 May 2024 03:36:56 GMT
x-content-type-options
nosniff
server
fife
etag
"v30"
vary
Origin
content-type
image/png
access-control-expose-headers
Content-Length
cache-control
private, max-age=86400, no-transform
cross-origin-resource-policy
cross-origin
content-disposition
inline;filename="logo-off-1.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
330
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
ob0usmzfroj.lopapscop.ws/obufsssssssscaaatoion/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
ob0usmzfroj.lopapscop.ws
URL
https://ob0usmzfroj.lopapscop.ws/obufsssssssscaaatoion/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

149 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| CryptoJS string| HIcbQbCY function| _0xc1681e function| _0x2429f4 function| _0xd030e9 function| _0xc13dc5 function| _0x3d3c7c function| _0x3b8271 function| _0xd74b4b function| _0x5ac71c function| _0x3647a0 function| _0x1d08da function| _0x49bee6 function| _0x40e26f function| _0xe3eb1 function| _0x159e47 function| _0x4f6a7e function| _0x177aa7 function| _0x2910cb function| _0x472abb function| _0x3c0da9 function| _0xa33610 function| _0x390946 function| _0x1d7061 function| _0x441e0a function| _0x23a8f6 function| _0x431bbb function| _0xfd83ef function| _0x399dcd function| _0x1370db function| _0x1f0b31 function| _0x2677ba function| _0x9798d3 function| _0x2b252c function| _0x161dbe function| _0x3d08cf function| _0x148460 function| _0x26cfae function| _0x541e92 function| _0x45f069 function| _0xe26be function| _0x17a865 function| _0x5dd4cb function| _0x49d05e function| _0x5a59fd function| _0x1fb5b5 function| _0x46102a function| _0x5ce20f function| _0xc6fdfb function| _0x4b1736 function| _0x6aedad function| _0x528436 function| _0x3b58f2 function| _0x188021 function| _0x182604 function| _0x38cb22 function| _0x30cdf4 function| _0x398ca4 function| _0x1791df function| _0x24f870 function| _0x59f3ce function| _0x9d5afe function| _0x55bc4b function| _0x1e9c4d function| _0x1d6864 function| _0x440c6c function| _0x5c81e5 function| _0x3e6117 function| _0x1540f9 function| _0x558a28 function| _0x22fe1b function| _0x2db4a1 function| _0x9c0e9 function| _0x1e8bf9 function| _0x25b3e9 function| _0x256150 function| _0x2d73e3 function| _0x526962 function| _0xa064a6 function| _0x141450 function| _0x339d62 function| _0x56c556 function| _0x38950f function| _0x2bbda7 function| _0x4a2244 function| _0x3a1dcb function| _0x427af3 function| _0x2d5a74 function| _0x4e6479 function| _0x3ba424 function| _0x555936 function| _0x9e482 function| _0x2689bb function| _0x571011 function| _0x454523 function| _0x113a12 function| _0x4bae81 function| _0x12b948 function| _0x569243 function| _0x9212e7 function| _0x18fd5f function| _0x4055b8 function| _0x48d45e function| _0x31dda4 function| _0x4e57b4 function| _0x351cfe function| _0x145269 function| _0x284511 function| _0x183d96 function| _0x32cdcb function| _0xa74090 function| _0x180af9 function| _0x2f0794 function| _0x2db320 function| _0x1bd6db function| _0x54d94e function| _0x44b25f function| _0x5d8fe2 function| _0x323d3f function| _0x313da4 function| _0x2d83c4 function| _0x2934ad function| _0x26ca4a function| _0x5324ca function| _0xb25122 function| _0x2a80d9 function| _0x1d3af7 function| _0x4f23ee function| _0x37f4fc function| _0x1238cf function| _0x21ccea function| _0x45d9d5 function| _0x259f52 function| _0xe72f58 function| _0xa4031d function| _0x1fce6b function| _0x4fccdc function| _0x5cab00 function| _0x34e4 function| _0x304c object| _0x2720 string| IGOBZL string| cbbg string| kaka90nal string| ka45k459final2 string| kak0011afinal number| countttingerr function| $ function| jQuery

0 Cookies