bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link Open in urlscan Pro
209.94.90.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Submission: On May 29 via automatic, source phishtank (May 29th 2024, 9:35:57 pm UTC) — Scanned from DE

Summary HTTP 8 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 8 HTTP transactions. The main IP is 209.94.90.3, located in United States and belongs to PROTOCOL, US. The main domain is bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link.
TLS certificate: Issued by E1 on April 16th 2024. Valid for: 3 months.

This is the only time bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
5	209.94.90.3 209.94.90.3	40680 (PROTOCOL) (PROTOCOL)
1	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
8	3

5 209.94.90.3 (United States)

ASN40680 (PROTOCOL, US)

bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	dweb.link bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link	57 KB
1	gstatic.com encrypted-tbn0.gstatic.com	8 KB
0	computerhope.com Failed www.computerhope.com Failed
0	16mb.com Failed www.wqe.16mb.com Failed
8	4

	Domain	Requested by
5	bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link	bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link
1	encrypted-tbn0.gstatic.com	bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link
0	www.computerhope.com Failed	bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link
0	www.wqe.16mb.com Failed	bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link
8	4

This site contains links to these domains. Also see Links.

Domain
get.adobe.com

Subject Issuer	Validity	Valid
dweb.link E1	`2024-04-16` - `2024-07-15`	3 months	crt.sh
*.gstatic.com WR2	`2024-05-13` - `2024-08-05`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Frame ID: C6242A1A9547168655A733F1253822CE
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Download Document - Adobe Sign In

Page Statistics

8
Requests

75 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

64 kB
Transfer

152 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://get.adobe.com/reader/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/ 83 KB
50 KB 51ms
21ms Document
text/html 209.94.90.3
PROTOCOL

General

Check archive.org

Show headers Download Go to

Full URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 209.94.90.3 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 632de02c198517de02a7837d714c16cab8b6bae690f6cbf3adfad7c0d0faab06

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-headers: Content-Type Range User-Agent X-Requested-With
access-control-allow-methods: GET HEAD OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
age: 272272
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=29030400, immutable
cf-cache-status: HIT
cf-ray: 88b99de6bfc930ca-FRA
content-encoding: br
content-type: text/html
date: Wed, 29 May 2024 21:35:53 GMT
server: cloudflare
vary: Accept-Encoding
x-ipfs-path: /ipfs/bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay/
x-ipfs-pop: rainbow-fr2-03
x-ipfs-roots: bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay

GET
H3 410 SpryValidationTextField.css
bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/Adobe%20Sign%20In_files/ 0
0 40ms
40ms Stylesheet
text/html 209.94.90.3
PROTOCOL

General

Check archive.org

Show headers Download Go to

Full URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/Adobe%20Sign%20In_files/SpryValidationTextField.css
Requested by: Host: bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link
URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 209.94.90.3 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 21:35:53 GMT
cf-cache-status: EXPIRED
x-ipfs-pop: rainbow-fr2-02
server: cloudflare
vary: Accept-Encoding
content-type: text/html
cf-ray: 88b99de6f80b30ca-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 images
encrypted-tbn0.gstatic.com/ 7 KB
8 KB 45ms
10ms Image
image/png 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRGA-AAufqAvH_jrYtr_AztiK6QCMXUXp6vxIwAP23kiRbekdSl

Requested by

Host: bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link
URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de2c1a0cfc9fe2a92c3151d4ac11a5582323963d7107258571ab420819e4b97c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 01:55:59 GMT
x-content-type-options: nosniff
age: 70794
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7494
x-xss-protection: 0
last-modified: Sat, 27 Jul 2019 08:06:30 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 29 May 2025 01:55:59 GMT

GET
H3 410 style.css
bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/Adobe%20Sign%20In_files/ 0
0 38ms
38ms Stylesheet
text/html 209.94.90.3
PROTOCOL

General

Check archive.org

Show headers Download Go to

Full URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/Adobe%20Sign%20In_files/style.css
Requested by: Host: bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link
URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 209.94.90.3 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 21:35:53 GMT
cf-cache-status: EXPIRED
x-ipfs-pop: rainbow-fr2-02
server: cloudflare
vary: Accept-Encoding
content-type: text/html
cf-ray: 88b99de6f80d30ca-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 410 SpryValidationTextField.js
bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/Adobe%20Sign%20In_files/ 0
0 37ms
37ms Script
text/html 209.94.90.3
PROTOCOL

General

Check archive.org

Show headers Download Go to

Full URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/Adobe%20Sign%20In_files/SpryValidationTextField.js
Requested by: Host: bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link
URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 209.94.90.3 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 21:35:53 GMT
cf-cache-status: EXPIRED
x-ipfs-pop: rainbow-fr2-02
server: cloudflare
vary: Accept-Encoding
content-type: text/html
cf-ray: 88b99de6f81030ca-FRA
alt-svc: h3=":443"; ma=86400

GET
DATA 200
OK truncated
/ 48 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b017df1defe56bb74395e69cf291beea481d7f97cdbe2cd50e9ea9f86f5570ca

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/jpeg

GET pdf-logo.png
www.wqe.16mb.com/b/Adobe%20Sign%20In_files/ 0
0

GET
DATA 200
OK truncated
/ 7 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 151a92f94a4b7825a6e371c967e7250d86d058496e5b4a97b857d61c324af806

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H3 410 bg_form.png
bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/images/ 7 KB
7 KB 40ms
40ms Image
text/html 209.94.90.3
PROTOCOL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/images/bg_form.png
Requested by: Host: bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link
URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 209.94.90.3 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 15d6c6b7d16b7a250f0a86e4a7d4e53cb7f8452a2e6cae9ae7a65c141bd4f27d

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 21:35:53 GMT
cf-cache-status: EXPIRED
x-ipfs-pop: rainbow-fr2-02
server: cloudflare
vary: Accept-Encoding
content-type: text/html
cf-ray: 88b99de7385630ca-FRA
alt-svc: h3=":443"; ma=86400

GET acrobatpdf.jpg
www.computerhope.com/jargon/p/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.wqe.16mb.com
URL: https://www.wqe.16mb.com/b/Adobe%20Sign%20In_files/pdf-logo.png

Domain: www.computerhope.com
URL: https://www.computerhope.com/jargon/p/acrobatpdf.jpg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| MM_goToURL function| validateForm undefined| sprytextfield1 undefined| sprytextfield2

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/	1970-01-20 20:58:21	Name: __cflb Value: 0H28vbaGpB9Jkc9ucM5HbYjKxB98a2aU1EKrS6w9Cur

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/(Line 273) Message: Mixed Content: The page at 'https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/' was loaded over HTTPS, but requested an insecure element 'http://www.wqe.16mb.com/b/Adobe%20Sign%20In_files/pdf-logo.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
network	error	URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/Adobe%20Sign%20In_files/SpryValidationTextField.js Message: Failed to load resource: the server responded with a status of 410 ()
network	error	URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/Adobe%20Sign%20In_files/style.css Message: Failed to load resource: the server responded with a status of 410 ()
network	error	URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/Adobe%20Sign%20In_files/SpryValidationTextField.css Message: Failed to load resource: the server responded with a status of 410 ()
security	warning	URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/ Message: Mixed Content: The page at 'https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/' was loaded over HTTPS, but requested an insecure element 'http://www.computerhope.com/jargon/p/acrobatpdf.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
network	error	URL: https://bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link/images/bg_form.png Message: Failed to load resource: the server responded with a status of 410 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link
encrypted-tbn0.gstatic.com
www.computerhope.com
www.wqe.16mb.com
www.computerhope.com
www.wqe.16mb.com
209.94.90.3
2a00:1450:4001:806::200e
151a92f94a4b7825a6e371c967e7250d86d058496e5b4a97b857d61c324af806
15d6c6b7d16b7a250f0a86e4a7d4e53cb7f8452a2e6cae9ae7a65c141bd4f27d
632de02c198517de02a7837d714c16cab8b6bae690f6cbf3adfad7c0d0faab06
b017df1defe56bb74395e69cf291beea481d7f97cdbe2cd50e9ea9f86f5570ca
de2c1a0cfc9fe2a92c3151d4ac11a5582323963d7107258571ab420819e4b97c

bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link Open in urlscan Pro 209.94.90.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

8 Requests

75 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

3 IPs

2 Countries

64 kBTransfer

152 kBSize

1 Cookies

1 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

6 Console Messages

Indicators

bafkreiddfxqcygmfc7pafj4dpvyuyfwkxc3lvzuq63f7hlp227anb6vlay.ipfs.dweb.link Open in urlscan Pro
209.94.90.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

75 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

64 kB
Transfer

152 kB
Size

1
Cookies

8 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!