ipfs.io - urlscan.io

Summary

This website contacted 4 IPs in 1 countries across 5 domains to perform 7 HTTP transactions. The main IP is 209.94.90.1, located in United States and belongs to PROTOCOL, US. The main domain is ipfs.io. The Cisco Umbrella rank of the primary domain is 90575.
TLS certificate: Issued by WE1 on June 14th 2024. Valid for: 3 months.

This is the only time ipfs.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address	AS Autonomous System
2	209.94.90.1 209.94.90.1	40680 (PROTOCOL) (PROTOCOL)
2	151.101.194.137 151.101.194.137	54113 (FASTLY) (FASTLY)
2	18.239.183.118 18.239.183.118	16509 (AMAZON-02) (AMAZON-02)
1 1	142.251.163.103 142.251.163.103	15169 (GOOGLE) (GOOGLE)
1	209.85.232.104 209.85.232.104	15169 (GOOGLE) (GOOGLE)
7	4

2 209.94.90.1 (United States)

ASN40680 (PROTOCOL, US)

ipfs.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.194.137 (San Francisco, United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.239.183.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-183-118.bos50.r.cloudfront.net

logo.clearbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.163.103 (Farmingdale, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: wv-in-f103.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.85.232.104 (United States)

ASN15169 (GOOGLE, US)
PTR: qt-in-f104.1e100.net

t2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	clearbit.com logo.clearbit.com — Cisco Umbrella Rank: 46929	1004 B
2	jquery.com code.jquery.com — Cisco Umbrella Rank: 1211	30 KB
2	ipfs.io ipfs.io — Cisco Umbrella Rank: 90575	10 KB
1	gstatic.com t2.gstatic.com	665 B
1	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 10	19 B
7	5

	Domain	Requested by
2	logo.clearbit.com	ipfs.io
2	code.jquery.com	ipfs.io
2	ipfs.io	ipfs.io
1	t2.gstatic.com
1	www.google.com	1 redirects
7	5

This site contains no links.

Subject Issuer	Validity	Valid
ipfs.io WE1	`2024-06-14` - `2024-09-12`	3 months	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
clearbit.com Amazon RSA 2048 M03	`2024-01-22` - `2025-02-18`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html
Frame ID: A9A70D17392F68C3E9287404465FF9A6
Requests: 4 HTTP requests in this frame

Frame: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html
Frame ID: 026D7486E38D8E10D95DE1F82AC2A123
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Session Expired!

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

86 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

4
IPs

1
Countries

41 kB
Transfer

198 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://www.google.com/s2/favicons?domain=microsoft.com HTTP 301
https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy Show response
ipfs.io/ipfs/ 14 KB
5 KB 93ms
35ms Document
text/html 209.94.90.1
PROTOCOL

General

Check archive.org

Show headers Download Go to

Full URL: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 209.94.90.1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ea2a9db3120e97f8d78629056c4c7ceaa88a5384d5522e6ed09395584527b87

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type Range User-Agent X-Requested-With
access-control-allow-methods: GET HEAD OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
age: 560
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=29030400, immutable
cf-cache-status: HIT
cf-ray: 8a8a96b03fdeac4c-YYZ
content-disposition: inline; filename="~%2523GTB_0498488TU%2520-.html"; filename*=UTF-8''~%2523GTB_0498488TU%2520-.html
content-encoding: br
content-type: text/html
date: Thu, 25 Jul 2024 07:55:36 GMT
server: cloudflare
vary: Accept-Encoding
x-ipfs-path: /ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy
x-ipfs-pop: rainbow-dc13-06
x-ipfs-roots: QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy

GET
H2 200 jquery-3.2.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 81ms
23ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.2.1.min.js
Requested by: Host: ipfs.io
URL: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Referer: https://ipfs.io/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 25 Jul 2024 07:55:36 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 16442702
x-cache: HIT, HIT
content-length: 30125
x-served-by: cache-lga21971-LGA, cache-yyz4532-YYZ
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1721894136.456670,VS0,VE0
etag: W/"28feccc0-15283"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 80396, 4741

GET
H2 200 live.com
logo.clearbit.com/ 618 B
1004 B 132ms
42ms Image
image/png 18.239.183.118
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://logo.clearbit.com/live.com

Requested by

Host: ipfs.io
URL: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

18.239.183.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-239-183-118.bos50.r.cloudfront.net

Software

Clearbit /

Resource Hash

a1fab8fc3cf9fb9554b6d0fcab8236be7a22ceadec82ce0704cf79d3973c1139

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ipfs.io/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 16 Jul 2024 08:07:28 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-response-flags: -
via: 1.1 ed0934ec01ea9cc7d841313a8f4658f0.cloudfront.net (CloudFront)
server: Clearbit
x-amz-cf-pop: BOS50-P4
age: 776888
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
content-length: 618
x-amz-cf-id: leNPBojxN91fTQsnJpk2qikMX_G9JRDdDOlG6XZXq8QRZn2iRlsDlA==

GET
H2 200 QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy Show response
ipfs.io/ipfs/ Frame 026D 14 KB
5 KB 33ms
33ms Document
text/html 209.94.90.1
PROTOCOL

General

Check archive.org

Show headers Download Go to

Full URL: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html
Requested by: Host: ipfs.io
URL: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 209.94.90.1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ea2a9db3120e97f8d78629056c4c7ceaa88a5384d5522e6ed09395584527b87

Request headers

Referer: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type Range User-Agent X-Requested-With
access-control-allow-methods: GET HEAD OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
age: 560
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=29030400, immutable
cf-cache-status: HIT
cf-ray: 8a8a96b13829ac4c-YYZ
content-disposition: inline; filename="~%2523GTB_0498488TU%2520-.html"; filename*=UTF-8''~%2523GTB_0498488TU%2520-.html
content-encoding: br
content-type: text/html
date: Thu, 25 Jul 2024 07:55:36 GMT
server: cloudflare
vary: Accept-Encoding
x-ipfs-path: /ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy
x-ipfs-pop: rainbow-dc13-06
x-ipfs-roots: QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy

GET
H2 200 jquery-3.2.1.min.js Show response
code.jquery.com/ Frame 026D 85 KB
0 81ms
23ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.2.1.min.js
Requested by: Host: ipfs.io
URL: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Referer: https://ipfs.io/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 25 Jul 2024 07:55:36 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 16442702
x-cache: HIT, HIT
content-length: 30125
x-served-by: cache-lga21971-LGA, cache-yyz4532-YYZ
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1721894136.456670,VS0,VE0
etag: W/"28feccc0-15283"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 80396, 4741

GET
H2 200 live.com
logo.clearbit.com/ Frame 026D 618 B
0 132ms
42ms Image
image/png 18.239.183.118
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://logo.clearbit.com/live.com

Requested by

Host: ipfs.io
URL: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

18.239.183.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-239-183-118.bos50.r.cloudfront.net

Software

Clearbit /

Resource Hash

a1fab8fc3cf9fb9554b6d0fcab8236be7a22ceadec82ce0704cf79d3973c1139

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ipfs.io/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 16 Jul 2024 08:07:28 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-response-flags: -
via: 1.1 ed0934ec01ea9cc7d841313a8f4658f0.cloudfront.net (CloudFront)
server: Clearbit
x-amz-cf-pop: BOS50-P4
age: 776888
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
content-length: 618
x-amz-cf-id: leNPBojxN91fTQsnJpk2qikMX_G9JRDdDOlG6XZXq8QRZn2iRlsDlA==

GET
H2

200

faviconV2
t2.gstatic.com/
Redirect Chain

https://www.google.com/s2/favicons?domain=microsoft.com
https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16

123 B
665 B

673ms
50ms

Other
image/png

209.85.232.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16

Protocol

H2

Server

209.85.232.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qt-in-f104.1e100.net

Software

sffe /

Resource Hash

352a123b5fc60b04834709b12bd417da8aec2c4319e6486c31f6826e9e591eed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ipfs.io/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 25 Jul 2024 07:55:26 GMT
x-content-type-options: nosniff
age: 11
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123
x-xss-protection: 0
last-modified: Wed, 29 Nov 2017 12:34:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-location: https://www.microsoft.com/favicon.ico?v2
expires: Thu, 01 Aug 2024 07:55:26 GMT

Redirect headers

date: Thu, 25 Jul 2024 07:38:47 GMT
x-content-type-options: nosniff
server: sffe
age: 1009
content-type: text/html; charset=UTF-8
location: https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16
cache-control: public, max-age=1800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 333
x-xss-protection: 0
expires: Thu, 25 Jul 2024 08:08:47 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: about:blank Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
recommendation	verbose	URL: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
security	warning	URL: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html# Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
recommendation	verbose	URL: https://ipfs.io/ipfs/QmV2Wt5mtPxEP2x3pwDn5K93pBDv7jEHKsqzWLmqv1DLFy?filename=~%2523GTB_0498488TU%2520-.html# Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
ipfs.io
logo.clearbit.com
t2.gstatic.com
www.google.com
142.251.163.103
151.101.194.137
18.239.183.118
209.85.232.104
209.94.90.1
352a123b5fc60b04834709b12bd417da8aec2c4319e6486c31f6826e9e591eed
3ea2a9db3120e97f8d78629056c4c7ceaa88a5384d5522e6ed09395584527b87
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
a1fab8fc3cf9fb9554b6d0fcab8236be7a22ceadec82ce0704cf79d3973c1139

ipfs.io Open in urlscan Pro 209.94.90.1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

7 Requests

86 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

4 IPs

1 Countries

41 kBTransfer

198 kBSize

0 Cookies

0 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

0 Cookies

4 Console Messages

Indicators

ipfs.io Open in urlscan Pro
209.94.90.1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

86 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

4
IPs

1
Countries

41 kB
Transfer

198 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!