Report - bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com/

Report Overview

Submitted URL
bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com/
IP
104.17.96.13
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-25 21:42:24
Access
public
Website Title
Sharing Link Validation
Final URL
bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com/
Tags
suspicious
urlquery detections
Suspicious - Suspicious Javascript code

Detections

urlquery
3
Network Intrusion Detection
1
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-25	994 B	13 kB	142.250.74.106
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18	2024-04-25	601 B	26 kB	104.18.11.207
bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com	unknown	2018-12-05	2024-02-10	2024-02-16	1.2 kB	630 kB	104.17.64.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-25 21:41:57	low	Client IP	104.17.64.14	ET INFO Peer to Peer File Sharing Service Domain in TLS SNI (cf-ipfs .com)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-03-28	medium	bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com/	Office365
2024-03-28	medium	bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com/	Office365

PhishTank

Scan Date	Severity	Indicator	Alert
2024-02-10	medium	bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com/	Other
2024-02-10	medium	bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com/favicon.ico	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com/	1.9 MB	2024-02-10	2024-04-26
Pretty URL bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com/ IP 104.17.64.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-10 14:32:07 Last Seen2024-04-26 06:47:38 Times Seen9 Hash e10021746e3c8615d1a5ca2703443212 bc7565a8e5295fc1af7648487ec0a00d09ef282b bfd1b2e49c91d45350a3d54ae12a6f2f24f276380b7dd12ebd621669abab8d28 Loading...

	unknown	285 B	2024-01-11	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-11 04:48:06 Last Seen2024-04-26 06:47:38 Times Seen15 Hash 3cbda0a675ee2fc6e4a9ded23bdcbcda 4d100180089f2ba7c1ff81c3f4b00df09142f588 b54c6d7e4f7d5b8e21f0d991d991534afcda432f1fc4d2f8e286df0b9d6b8d93 Loading...

	unknown	1.9 kB	2024-02-10	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-10 14:32:07 Last Seen2024-04-26 06:47:38 Times Seen9 Hash 32a80ed68e242667c8d7a71fcafabfa0 4b8c48d46692f573117466b68d5e7437c2bddd2e c44668e44d801cd3ae2cf07d3e97b4e71454d4d5f49410de29f8f46ebf434cad Loading...

	unknown	511 B	2024-01-23	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-23 02:41:25 Last Seen2024-04-26 06:47:38 Times Seen11 Hash 2bc4da8094c897dc155da6935d5c11d9 292eb732a5fb9bd33b5c4c720d62516095b0f4cd 0c39d89c5996007d8fda9b1d2089f58d227984b9a7903f8473d8bedfd3ce53e1 Loading...

		Size	First Seen	Last Seen
	#1 Write - 8ec87180968d07a2b640b998fe69c419	630 kB	2024-02-10	2024-04-26
Pretty Observations First Seen2024-02-10 14:32:07 Last Seen2024-04-26 06:47:38 Times Seen9 Hash 8ec87180968d07a2b640b998fe69c419 4ecd4050b26092144941f682259d9c4440498429 df4d10fa509af0a6e693009cf06f83ff1eb9b74f7791d7ec8661c7960f3e9381 Loading...

HTTP Transactions (5)

URL IP Response Size

maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

104.18.11.207

200 OK

25 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectbootstrapcdn.com
Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63
ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT

File type
ASCII text, with very long lines (65325)
Size
25 kB (25310 bytes)
Hash
450fc463b8b1a349df717056fbb3e078
895125a4522a3b10ee7ada06ee6503587cbf95c5
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

HTTP Headers

GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com
DNT: 1
Connection: keep-alive
Referer: https://bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 21:41:58 GMT
content-type: text/css; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: W/"450fc463b8b1a349df717056fbb3e078"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 03/18/2024 12:51:41
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1048
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 2744018eedf3ae51fb8e3d0abd361da2
cdn-cache: HIT
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 87a1801258cb56ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com/

104.17.64.14

200 OK

628 kB

URL User Request GET HTTP/2
bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com/
IP
104.17.64.14:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectcf-ipfs.com
Fingerprint46:AD:9B:E1:02:E3:A8:FE:9B:E2:86:B5:A1:5C:07:B9:B7:3B:17:14
ValiditySat, 16 Mar 2024 23:28:47 GMT - Fri, 14 Jun 2024 23:28:46 GMT

File type
HTML document, ASCII text, with very long lines (65536), with no line terminators
Size
628 kB (628291 bytes)
Hash
425f9f9c0ecd390f05cac6e5e176d2e5
571a03c6e1e72c642232e034ca78775e82f402e4
ecf6873daaa550f655dce70d21ab7c3b4b50c4cfaa3a0efad3b9e525d013a147

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Suspicious Javascript code
OpenPhish	phishing	Office365
PhishTank	phishing	Other

HTTP Headers

GET / HTTP/1.1
Host: bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 21:41:58 GMT
content-type: text/html
cf-ray: 87a1800c0bd3568a-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 49954
cache-control: public, max-age=29030400, immutable
etag: W/"bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe"
vary: Accept-Encoding
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
x-cf-ipfs-cache-status: hit
x-ipfs-path: /ipfs/bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe/
x-ipfs-roots: bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe
set-cookie: __cf_bm=F_fkvJqZ1HKlCbePxjKusgh2mtJ_Jw162xaKTsKaUO0-1714081318-1.0.1.1-EbsILVey2QPBqg5IxpJcO39dRafNV7HcYKl69zGzGF60HnNFl0i4gsSesPkD0itcawPPDZ9ViwCHFoTl8HYAAQ; path=/; expires=Thu, 25-Apr-24 22:11:58 GMT; domain=.bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:600

142.250.74.106

200 OK

5.8 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open+Sans:600
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
ASCII text, with very long lines (5866), with no line terminators
Size
5.8 kB (5776 bytes)
Hash
9058a36d34ebdbd7319ccef4793751d7
9b3926e625b94d15289aaa2bb3289def58c903d4
2fadfb6377bf50301c063dd06f3638492a27f800947df7ccf8f83cb527af6c47

HTTP Headers

GET /css?family=Open+Sans:600 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 25 Apr 2024 21:41:58 GMT
date: Thu, 25 Apr 2024 21:41:58 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com/favicon.ico

104.17.64.14

404 Not Found

191 B

URL GET HTTP/2
bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com/favicon.ico
IP
104.17.64.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com/
Certificate
IssuerLet's Encrypt
Subjectcf-ipfs.com
Fingerprint46:AD:9B:E1:02:E3:A8:FE:9B:E2:86:B5:A1:5C:07:B9:B7:3B:17:14
ValiditySat, 16 Mar 2024 23:28:47 GMT - Fri, 14 Jun 2024 23:28:46 GMT

File type
ASCII text, with no line terminators
Size
191 B (191 bytes)
Hash
398006340608844138c9cf1aad45a91e
fe9409665f0dd7af9a409fc4d7be54dbbb479ba1
7d4435288e9ffbb176b57495573cdc6fbe91dc3cc82b234a056b1852c53c12f8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365
PhishTank	phishing	Other

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com/
Cookie: __cf_bm=F_fkvJqZ1HKlCbePxjKusgh2mtJ_Jw162xaKTsKaUO0-1714081318-1.0.1.1-EbsILVey2QPBqg5IxpJcO39dRafNV7HcYKl69zGzGF60HnNFl0i4gsSesPkD0itcawPPDZ9ViwCHFoTl8HYAAQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Thu, 25 Apr 2024 21:41:59 GMT
content-type: text/plain; charset=utf-8
cf-ray: 87a180131948568a-OSL
cf-cache-status: EXPIRED
access-control-allow-origin: *
cache-control: no-store
vary: Accept-Encoding
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
x-cf-ipfs-cache-status: miss
x-content-type-options: nosniff
x-ipfs-path: /ipfs/bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe/favicon.ico
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:600

142.250.74.106

200 OK

5.8 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Open+Sans:600
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
ASCII text, with very long lines (5866), with no line terminators
Size
5.8 kB (5776 bytes)
Hash
9058a36d34ebdbd7319ccef4793751d7
9b3926e625b94d15289aaa2bb3289def58c903d4
2fadfb6377bf50301c063dd06f3638492a27f800947df7ccf8f83cb527af6c47

HTTP Headers

GET /css?family=Open+Sans:600 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://bafybeibgzqtorxqdbg2n3tjniohkp6a5ypwi6a3duzkzvr3lkvxl5t5eqe.ipfs.cf-ipfs.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 25 Apr 2024 21:41:58 GMT
date: Thu, 25 Apr 2024 21:41:58 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (5)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate