ipfs.io Open in urlscan Pro
209.94.90.1 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://ipfs.io/ipns/k51qzi5uqu5dkzrgb3wrqlazrqcnjpohvvetlx4pxnhsao0mflus9pv0c27scz
Effective URL:
https://ipfs.io/ipns/k51qzi5uqu5dkzrgb3wrqlazrqcnjpohvvetlx4pxnhsao0mflus9pv0c27scz
Submission: On July 07 via api (July 7th 2024, 3:19:29 pm UTC) from BY — Scanned from DE

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 5 domains to perform 11 HTTP transactions. The main IP is 209.94.90.1, located in United States and belongs to PROTOCOL, US. The main domain is ipfs.io. The Cisco Umbrella rank of the primary domain is 98046.
TLS certificate: Issued by WE1 on June 14th 2024. Valid for: 3 months.

This is the only time ipfs.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online) WeTransfer (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	209.94.90.1 209.94.90.1	40680 (PROTOCOL) (PROTOCOL)
4	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
2	2a04:4e42:200... 2a04:4e42:200::649	54113 (FASTLY) (FASTLY)
1	104.26.12.205 104.26.12.205	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.217.23.106 172.217.23.106	15169 (GOOGLE) (GOOGLE)
1	18.239.50.38 18.239.50.38	16509 (AMAZON-02) (AMAZON-02)
11	7

1 209.94.90.1 (United States)

ASN40680 (PROTOCOL, US)

ipfs.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

firebasestorage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.12.205 (None, )

ASN13335 (CLOUDFLARENET, US)

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.106 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f10.1e100.net

firebasestorage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.239.50.38 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-50-38.ams58.r.cloudfront.net

prod-cdn.wetransfer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	googleapis.com firebasestorage.googleapis.com — Cisco Umbrella Rank: 6632 ajax.googleapis.com — Cisco Umbrella Rank: 530	118 KB
2	jquery.com code.jquery.com — Cisco Umbrella Rank: 847	108 KB
1	wetransfer.net prod-cdn.wetransfer.net — Cisco Umbrella Rank: 60824	41 KB
1	ipify.org api.ipify.org — Cisco Umbrella Rank: 2170	154 B
1	ipfs.io ipfs.io — Cisco Umbrella Rank: 98046	3 KB
11	5

	Domain	Requested by
5	firebasestorage.googleapis.com	ipfs.io firebasestorage.googleapis.com
2	code.jquery.com	ipfs.io
1	prod-cdn.wetransfer.net
1	api.ipify.org	code.jquery.com
1	ajax.googleapis.com	ipfs.io
1	ipfs.io
11	6

This site contains no links.

Subject Issuer	Validity	Valid
ipfs.io WE1	`2024-06-14` - `2024-09-12`	3 months	crt.sh
upload.video.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
ipify.org GTS CA 1P5	`2024-05-19` - `2024-08-17`	3 months	crt.sh
wetransfer.net Amazon RSA 2048 M02	`2024-06-30` - `2025-07-29`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://ipfs.io/ipns/k51qzi5uqu5dkzrgb3wrqlazrqcnjpohvvetlx4pxnhsao0mflus9pv0c27scz
Frame ID: 19318A911ED7F61D629F09BD8E9FDF2A
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WeTransfer

Page URL History Show full URLs

http://ipfs.io/ipns/k51qzi5uqu5dkzrgb3wrqlazrqcnjpohvvetlx4pxnhsao0mflus9pv0c27scz HTTP 307
https://ipfs.io/ipns/k51qzi5uqu5dkzrgb3wrqlazrqcnjpohvvetlx4pxnhsao0mflus9pv0c27scz Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

100 %
HTTPS

43 %
IPv6

5
Domains

6
Subdomains

7
IPs

3
Countries

271 kB
Transfer

575 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://ipfs.io/ipns/k51qzi5uqu5dkzrgb3wrqlazrqcnjpohvvetlx4pxnhsao0mflus9pv0c27scz HTTP 307
https://ipfs.io/ipns/k51qzi5uqu5dkzrgb3wrqlazrqcnjpohvvetlx4pxnhsao0mflus9pv0c27scz Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request k51qzi5uqu5dkzrgb3wrqlazrqcnjpohvvetlx4pxnhsao0mflus9pv0c27scz Show response
ipfs.io/ipns/
Redirect Chain

http://ipfs.io/ipns/k51qzi5uqu5dkzrgb3wrqlazrqcnjpohvvetlx4pxnhsao0mflus9pv0c27scz
https://ipfs.io/ipns/k51qzi5uqu5dkzrgb3wrqlazrqcnjpohvvetlx4pxnhsao0mflus9pv0c27scz

14 KB
3 KB

218ms
157ms

Document
text/html

209.94.90.1
PROTOCOL

General

Check archive.org

Show headers Download Go to

Full URL: https://ipfs.io/ipns/k51qzi5uqu5dkzrgb3wrqlazrqcnjpohvvetlx4pxnhsao0mflus9pv0c27scz
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 209.94.90.1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fa44a1c1671b5249f8ba0843d50992b141f3bdbaa99be78733f50196b8d83db4

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type Range User-Agent X-Requested-With
access-control-allow-methods: GET HEAD OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=3153599
cf-cache-status: HIT
cf-ray: 89f8d0085f2b4504-TXL
content-encoding: br
content-type: text/html
date: Sun, 07 Jul 2024 15:19:24 GMT
last-modified: Mon, 10 Jun 2024 12:06:35 GMT
server: cloudflare
vary: Accept-Encoding
x-ipfs-path: /ipns/k51qzi5uqu5dkzrgb3wrqlazrqcnjpohvvetlx4pxnhsao0mflus9pv0c27scz
x-ipfs-pop: rainbow-am6-02
x-ipfs-roots: QmQ3q87gMsrz8xgjAxTToHfivckvSHFB9Fz2m8JRcgrSWB

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://ipfs.io/ipns/k51qzi5uqu5dkzrgb3wrqlazrqcnjpohvvetlx4pxnhsao0mflus9pv0c27scz
Non-Authoritative-Reason: HSTS

GET
H2 200 I050%2Fmain.css
firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/o/ 8 KB
8 KB 649ms
545ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/o/I050%2Fmain.css?alt=media&token=cb848bcc-f8fe-4928-a77c-58e57a69dd40
Requested by: Host: ipfs.io
URL: https://ipfs.io/ipns/k51qzi5uqu5dkzrgb3wrqlazrqcnjpohvvetlx4pxnhsao0mflus9pv0c27scz
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: ece4cba0bb3fdc4d762a7e183d1fd34daeec817d4a87dcd488b31ae33e319328

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://ipfs.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 15:19:24 GMT
x-guploader-uploadid: ACJd0Nqz-nebKuTetkTqesIoX1jU4-vP63yyVVK3koPtxSEczYQDJFbbB4NcCyITREnbtdQrr03tkpTPWw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''main.css
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8044
last-modified: Mon, 07 Mar 2022 22:19:52 GMT
server: UploadServer
etag: "920dbe23f81e47a344a8d18be8c8caef"
x-goog-generation: 1646691592319341
content-type: text/css
x-goog-hash: crc32c=ufOHVw==, md5=kg2+I/geR6NEqNGL6MjK7w==
cache-control: private, max-age=0
x-goog-stored-content-length: 8044
x-goog-meta-firebasestoragedownloadtokens: cb848bcc-f8fe-4928-a77c-58e57a69dd40
accept-ranges: bytes
expires: Sun, 07 Jul 2024 15:19:24 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 84 KB
30 KB 140ms
42ms Script
text/javascript 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

Requested by

Host: ipfs.io
URL: https://ipfs.io/ipns/k51qzi5uqu5dkzrgb3wrqlazrqcnjpohvvetlx4pxnhsao0mflus9pv0c27scz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://ipfs.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Jul 2024 12:13:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 183941
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30028
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 05 Jul 2025 12:13:43 GMT

GET
H2 200 jquery-3.1.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 138ms
40ms Script
application/javascript 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.1.1.min.js
Requested by: Host: ipfs.io
URL: https://ipfs.io/ipns/k51qzi5uqu5dkzrgb3wrqlazrqcnjpohvvetlx4pxnhsao0mflus9pv0c27scz
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://ipfs.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 15:19:24 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 25564963
x-cache: HIT, HIT
content-length: 30070
x-served-by: cache-lga21947-LGA, cache-cph2320046-CPH
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1720365565.500765,VS0,VE0
etag: W/"28feccc0-152b5"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 88, 30604

GET
H2 200 jquery-3.3.1.js Show response
code.jquery.com/ 265 KB
79 KB 136ms
38ms Script
application/javascript 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.3.1.js
Requested by: Host: ipfs.io
URL: https://ipfs.io/ipns/k51qzi5uqu5dkzrgb3wrqlazrqcnjpohvvetlx4pxnhsao0mflus9pv0c27scz
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Origin: https://ipfs.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
Referer: https://ipfs.io/
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 15:19:24 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 25564911
x-cache: HIT, HIT
content-length: 80268
x-served-by: cache-lga21980-LGA, cache-cph2320036-CPH
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1720365565.501036,VS0,VE0
etag: W/"28feccc0-42587"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 86, 2227

GET
H2 200 I050%2Flogo.png
firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/o/ 9 KB
9 KB 522ms
521ms Image
image/png 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/o/I050%2Flogo.png?alt=media&token=75c8e702-5b9d-4134-bb5e-8b751b4f5f13
Requested by: Host: ipfs.io
URL: https://ipfs.io/ipns/k51qzi5uqu5dkzrgb3wrqlazrqcnjpohvvetlx4pxnhsao0mflus9pv0c27scz
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: ee77f6a227f8001e6e1c127bfe8f67d52dd42b77fc262904a058f23147f51d70

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://ipfs.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 15:19:25 GMT
x-guploader-uploadid: ACJd0Noh_-UXBzpiYdnwLjLpvzg-9X_rK8kAKlxgUWo8r4XvKXsBOp5ddVXrphjBBphzZfjR7USeJsG0Ag
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''logo.png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9385
last-modified: Mon, 07 Mar 2022 22:02:47 GMT
server: UploadServer
etag: "507019be54750ffb69077ba64a3cc089"
x-goog-generation: 1646690567798954
content-type: image/png
x-goog-hash: crc32c=Ad5Z6A==, md5=UHAZvlR1D/tpB3umSjzAiQ==
cache-control: private, max-age=0
x-goog-stored-content-length: 9385
x-goog-meta-firebasestoragedownloadtokens: 75c8e702-5b9d-4134-bb5e-8b751b4f5f13
accept-ranges: bytes
expires: Sun, 07 Jul 2024 15:19:25 GMT

GET
H2 200 veno%2Fmain.js Show response
firebasestorage.googleapis.com/v0/b/rssefe-7fa4d.appspot.com/o/ 5 KB
5 KB 660ms
556ms Script
text/javascript 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://firebasestorage.googleapis.com/v0/b/rssefe-7fa4d.appspot.com/o/veno%2Fmain.js?alt=media&token=3cd70645-7fe8-4ede-aef6-ff646e63b91b
Requested by: Host: ipfs.io
URL: https://ipfs.io/ipns/k51qzi5uqu5dkzrgb3wrqlazrqcnjpohvvetlx4pxnhsao0mflus9pv0c27scz
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 945cc030ca3cd2499c1db160177525e93be38a39026f9980b52bd77d78f316f4

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://ipfs.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 15:19:24 GMT
x-guploader-uploadid: ACJd0NpiPc_1CA5lCrjbHk_GTjkL3Ys7F1zvWrK6z4TwRVgYVXyHtrNpsjFBqVRZLv4HM0J_kslD3bcKFQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''main.js
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5015
last-modified: Tue, 12 Mar 2024 16:25:17 GMT
server: UploadServer
etag: "4b6c7c113b9ac9b67f60bbc0e7cf8380"
x-goog-generation: 1710260717539903
content-type: text/javascript
x-goog-hash: crc32c=FbW05w==, md5=S2x8ETuaybZ/YLvA58+DgA==
cache-control: private, max-age=0
x-goog-stored-content-length: 5015
x-goog-meta-firebasestoragedownloadtokens: 3cd70645-7fe8-4ede-aef6-ff646e63b91b
accept-ranges: bytes
expires: Sun, 07 Jul 2024 15:19:24 GMT

GET
H2 200 I050%2Fbg.png
firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/o/ 65 KB
65 KB 406ms
406ms Image
image/png 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/o/I050%2Fbg.png?alt=media&token=3b78ae90-4a27-49ab-a814-45026ba68427
Requested by: Host: firebasestorage.googleapis.com
URL: https://firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/o/I050%2Fmain.css?alt=media&token=cb848bcc-f8fe-4928-a77c-58e57a69dd40
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 2dc6d25edaeca3041ce7dfbd184de4da16a2b240487a9ef7c5d5e2522173f483

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/o/I050%2Fmain.css?alt=media&token=cb848bcc-f8fe-4928-a77c-58e57a69dd40
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 15:19:25 GMT
x-guploader-uploadid: ACJd0NqdK1JCl8-eqhbWXHuXllJjSJQYLrpzovG4J088PUHovPYrywS4z6wuyiS2SKY9o-0Qctn3bMq8YA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''bg.png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66648
last-modified: Mon, 07 Mar 2022 22:04:56 GMT
server: UploadServer
etag: "8a5348c90c872a6c740b0347dafde418"
x-goog-generation: 1646690696395496
content-type: image/png
x-goog-hash: crc32c=hfhRMg==, md5=ilNIyQyHKmx0CwNH2v3kGA==
cache-control: private, max-age=0
x-goog-stored-content-length: 66648
x-goog-meta-firebasestoragedownloadtokens: 3b78ae90-4a27-49ab-a814-45026ba68427
accept-ranges: bytes
expires: Sun, 07 Jul 2024 15:19:25 GMT

GET
H2 200 / Show response
api.ipify.org/ 21 B
154 B 230ms
138ms XHR
application/json 104.26.12.205
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.3.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d189c5e6207aeb72c92e212854f1f87c747215fea0255195dd6d65c43796dd8

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://ipfs.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 15:19:25 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin
content-type: application/json
access-control-allow-origin: *
cf-ray: 89f8d00e5f6435e5-FRA
content-length: 21

GET
H3 400 Freight-Sans-Medium.otf
firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/fonts/ 0
0 123ms
44ms Font
application/json 172.217.23.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/fonts/Freight-Sans-Medium.otf

Requested by

Host: firebasestorage.googleapis.com
URL: https://firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/o/I050%2Fmain.css?alt=media&token=cb848bcc-f8fe-4928-a77c-58e57a69dd40

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f10.1e100.net

Software

UploadServer /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/o/I050%2Fmain.css?alt=media&token=cb848bcc-f8fe-4928-a77c-58e57a69dd40
Origin: https://ipfs.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 15:19:25 GMT
x-content-type-options: nosniff
server: UploadServer
x-guploader-uploadid: ACJd0NoSHjWFE4oU8UuIytRyaX4AcIGpMWW_Fo7456ef6sY1BD4IPmE2E6dF1_JwDlu_fevTAPg9JrraNbE33v8
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Content-Length, Content-Range, Date, Expires, Server, Transfer-Encoding, X-Firebase-Storage-XSRF, X-GUploader-UploadID, X-Google-Trace
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 84
expires: Sun, 07 Jul 2024 15:19:25 GMT

GET
H2 200 favicon-a34a7465.ico
prod-cdn.wetransfer.net/packs/media/images/ 41 KB
41 KB 140ms
44ms Other
image/vnd.microsoft.icon 18.239.50.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-cdn.wetransfer.net/packs/media/images/favicon-a34a7465.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.50.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-50-38.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d12161435ace47c6883360e08466508593325f134c1852b1d0e6e75d5f76adda

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://ipfs.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 02 Sep 2023 01:18:30 GMT
via: 1.1 b744839339b269ebb49818cc6c300b6a.cloudfront.net (CloudFront)
last-modified: Fri, 01 Sep 2023 18:20:32 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P3
age: 26748056
etag: "692e1c7339c359b6412f059c9c9a0474"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/vnd.microsoft.icon
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 41566
x-amz-cf-id: lDtYPjKykEYF-wpTeinwlKljAZa7Mzo4dccjFAvt8c_-yTq0i1gyaQ==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online) WeTransfer (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://ipfs.io/ipns/k51qzi5uqu5dkzrgb3wrqlazrqcnjpohvvetlx4pxnhsao0mflus9pv0c27scz(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://ipfs.io/ipns/k51qzi5uqu5dkzrgb3wrqlazrqcnjpohvvetlx4pxnhsao0mflus9pv0c27scz(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://ipfs.io/ipns/k51qzi5uqu5dkzrgb3wrqlazrqcnjpohvvetlx4pxnhsao0mflus9pv0c27scz(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.1.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://ipfs.io/ipns/k51qzi5uqu5dkzrgb3wrqlazrqcnjpohvvetlx4pxnhsao0mflus9pv0c27scz(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.3.1.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://ipfs.io/ipns/k51qzi5uqu5dkzrgb3wrqlazrqcnjpohvvetlx4pxnhsao0mflus9pv0c27scz(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://firebasestorage.googleapis.com/v0/b/rssefe-7fa4d.appspot.com/o/veno%2Fmain.js?alt=media&token=3cd70645-7fe8-4ede-aef6-ff646e63b91b, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
recommendation	verbose	URL: https://ipfs.io/ipns/k51qzi5uqu5dkzrgb3wrqlazrqcnjpohvvetlx4pxnhsao0mflus9pv0c27scz Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://firebasestorage.googleapis.com/v0/b/author-a3da0.appspot.com/fonts/Freight-Sans-Medium.otf Message: Failed to load resource: the server responded with a status of 400 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
api.ipify.org
code.jquery.com
firebasestorage.googleapis.com
ipfs.io
prod-cdn.wetransfer.net
104.26.12.205
172.217.23.106
18.239.50.38
209.94.90.1
2a00:1450:4001:80e::200a
2a00:1450:4001:811::200a
2a04:4e42:200::649
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
2dc6d25edaeca3041ce7dfbd184de4da16a2b240487a9ef7c5d5e2522173f483
5d189c5e6207aeb72c92e212854f1f87c747215fea0255195dd6d65c43796dd8
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
945cc030ca3cd2499c1db160177525e93be38a39026f9980b52bd77d78f316f4
d12161435ace47c6883360e08466508593325f134c1852b1d0e6e75d5f76adda
d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad
ece4cba0bb3fdc4d762a7e183d1fd34daeec817d4a87dcd488b31ae33e319328
ee77f6a227f8001e6e1c127bfe8f67d52dd42b77fc262904a058f23147f51d70
fa44a1c1671b5249f8ba0843d50992b141f3bdbaa99be78733f50196b8d83db4

ipfs.io Open in urlscan Pro 209.94.90.1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

43 %IPv6

5 Domains

6 Subdomains

7 IPs

3 Countries

271 kBTransfer

575 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

0 Cookies

7 Console Messages

Indicators

ipfs.io Open in urlscan Pro
209.94.90.1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

43 %
IPv6

5
Domains

6
Subdomains

7
IPs

3
Countries

271 kB
Transfer

575 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!