Report - bafybeifrqdfze3piomesklwvzgfkuljsspb2tp6m4llmsjm2fztl6yua3u.ipfs.dweb.link/

Report Overview

Visited public
2025-05-05 10:54:03
Tags
phishing
URL
bafybeifrqdfze3piomesklwvzgfkuljsspb2tp6m4llmsjm2fztl6yua3u.ipfs.dweb.link/
Finishing URL
bafybeifrqdfze3piomesklwvzgfkuljsspb2tp6m4llmsjm2fztl6yua3u.ipfs.dweb.link/
IP / ASN
209.94.90.3
#40680 PROTOCOL
Title
Session expired！
Phishing - Generic phishing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
stackpath.bootstrapcdn.com	2467	2012-05-25	2018-04-05	2025-04-30	497 B	52 kB	104.18.10.207
bafybeifrqdfze3piomesklwvzgfkuljsspb2tp6m4llmsjm2fztl6yua3u.ipfs.dweb.link	unknown	2017-02-24	2025-03-31	2025-03-31	1.1 kB	9.4 kB	209.94.90.3
code.jquery.com	634	2005-12-10	2012-05-21	2025-04-30	470 B	87 kB	151.101.66.137

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-05-05 10:53:42	low	Client IP	209.94.90.3	ET HUNTING Observed IPFS Gateway Domain (ipfs .dweb .link) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

Scan Date	Severity	Indicator	Alert
2024-07-07	medium	bafybeifrqdfze3piomesklwvzgfkuljsspb2tp6m4llmsjm2fztl6yua3u.ipfs.dweb.link/	Other
2024-07-07	medium	bafybeifrqdfze3piomesklwvzgfkuljsspb2tp6m4llmsjm2fztl6yua3u.ipfs.dweb.link/favicon.ico	Other

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-05	medium	bafybeifrqdfze3piomesklwvzgfkuljsspb2tp6m4llmsjm2fztl6yua3u.ipfs.dweb.link	Sinkholed
2025-05-05	medium	bafybeifrqdfze3piomesklwvzgfkuljsspb2tp6m4llmsjm2fztl6yua3u.ipfs.dweb.link	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	bafybeifrqdfze3piomesklwvzgfkuljsspb2tp6m4llmsjm2fztl6yua3u.ipfs.dweb.link/	ScriptElement	3.6 kB	2025-03-31	2025-05-05
Pretty URL bafybeifrqdfze3piomesklwvzgfkuljsspb2tp6m4llmsjm2fztl6yua3u.ipfs.dweb.link/ IP 209.94.90.3 ASN #40680 PROTOCOL Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-31 17:09 Last Seen2025-05-05 10:54 Times Seen2 Hash afc4f981832b8c7eb951db58962441fe 94dd7d2d0172b6c35b4bb437bd2aa25d2b00c4c5 71547785d630205482b9ae65079223721b8d16207b7480716a3666098e294239 Loading...

	code.jquery.com/jquery-3.2.1.min.js	ScriptElement	87 kB	2023-03-07	2025-05-22
Pretty URL code.jquery.com/jquery-3.2.1.min.js IP 151.101.66.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-22 00:17 Times Seen36608 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js	ScriptElement	51 kB	2023-03-07	2025-05-22
Pretty URL stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js IP 104.18.10.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-22 02:26 Times Seen99463 Hash 67176c242e1bdc20603c878dee836df3 27a71b00383d61ef3c489326b3564d698fc1227c 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4 Loading...

HTTP Transactions (4)

URL IP Response Size

bafybeifrqdfze3piomesklwvzgfkuljsspb2tp6m4llmsjm2fztl6yua3u.ipfs.dweb.link/

209.94.90.3

200 OK

7.5 kB

URL User Request GET
bafybeifrqdfze3piomesklwvzgfkuljsspb2tp6m4llmsjm2fztl6yua3u.ipfs.dweb.link/
IP
209.94.90.3:443
ASN
#40680 PROTOCOL

Certificate
IssuerLet's Encrypt
Subjectdweb.link
Fingerprint79:E8:1D:77:5C:83:D4:1A:7E:1E:8F:50:42:55:D3:DA:72:0C:C1:2D
ValiditySat, 05 Apr 2025 13:18:13 GMT - Fri, 04 Jul 2025 13:18:12 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators
Size
7.5 kB (7490 bytes)
Hash
86971692f5d9b138b97a9fc6132bfee4
08ca85fde2a1c72bbad65c906ac45a902aabd5cd
297afab8d2accaa22f162ecee59f5b054e60ea723826bbec212721b81745437a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic phishing
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: bafybeifrqdfze3piomesklwvzgfkuljsspb2tp6m4llmsjm2fztl6yua3u.ipfs.dweb.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 05 May 2025 10:53:42 GMT
content-type: text/html
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: public, max-age=29030400, immutable
x-ipfs-path: /ipfs/bafybeifrqdfze3piomesklwvzgfkuljsspb2tp6m4llmsjm2fztl6yua3u/
x-ipfs-roots: bafybeifrqdfze3piomesklwvzgfkuljsspb2tp6m4llmsjm2fztl6yua3u
x-ipfs-pop: rainbow-fr2-03
cf-cache-status: HIT
set-cookie: __cflb=0H28vpBU6C55AmWKXGAVx2VtNDiXCjUNYzWyv8eV5cx; SameSite=None; Secure; path=/; expires=Tue, 06-May-25 09:53:42 GMT; HttpOnly
vary: Accept-Encoding
x-robots-tag: noindex, nofollow
server: cloudflare
cf-ray: 93afb21619f292c8-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.2.1.min.js

151.101.66.137

200 OK

87 kB

URL GET
code.jquery.com/jquery-3.2.1.min.js
IP
151.101.66.137:443
ASN
#54113 FASTLY

Requested by
https://bafybeifrqdfze3piomesklwvzgfkuljsspb2tp6m4llmsjm2fztl6yua3u.ipfs.dweb.link/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (32058)
Size
87 kB (86659 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

HTTP Headers

GET /jquery-3.2.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bafybeifrqdfze3piomesklwvzgfkuljsspb2tp6m4llmsjm2fztl6yua3u.ipfs.dweb.link/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15283"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 05 May 2025 10:53:43 GMT
age: 5363745
x-served-by: cache-lga21971-LGA, cache-hel1410020-HEL
x-cache: HIT, HIT
x-cache-hits: 29, 311383
x-timer: S1746442423.117247,VS0,VE0
vary: Accept-Encoding
content-length: 30125
X-Firefox-Spdy: h2

stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

104.18.10.207

200 OK

51 kB

URL GET
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bafybeifrqdfze3piomesklwvzgfkuljsspb2tp6m4llmsjm2fztl6yua3u.ipfs.dweb.link/
Certificate
IssuerGoogle Trust Services
Subjectbootstrapcdn.com
Fingerprint90:B1:98:4A:7E:D6:37:CF:9B:DC:7D:67:82:58:17:6C:F7:F6:11:DE
ValiditySun, 16 Mar 2025 01:14:49 GMT - Sat, 14 Jun 2025 02:14:23 GMT

File type
JavaScript source, ASCII text, with very long lines (50758)
Size
51 kB (51039 bytes)
Hash
67176c242e1bdc20603c878dee836df3
27a71b00383d61ef3c489326b3564d698fc1227c
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

HTTP Headers

GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bafybeifrqdfze3piomesklwvzgfkuljsspb2tp6m4llmsjm2fztl6yua3u.ipfs.dweb.link/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 05 May 2025 10:53:43 GMT
content-type: application/javascript; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: US
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: "67176c242e1bdc20603c878dee836df3"
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 10/04/2024 02:53:43
cdn-edgestorageid: 1029
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requesttime: 1
cdn-requestid: c6c8a086d090f1d2baac8a7b0c894894
cdn-cache: HIT
cf-cache-status: HIT
age: 2023836
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 93afb21848370b69-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

bafybeifrqdfze3piomesklwvzgfkuljsspb2tp6m4llmsjm2fztl6yua3u.ipfs.dweb.link/favicon.ico

209.94.90.3

404 Not Found

191 B

URL GET
bafybeifrqdfze3piomesklwvzgfkuljsspb2tp6m4llmsjm2fztl6yua3u.ipfs.dweb.link/favicon.ico
IP
209.94.90.3:443
ASN
#40680 PROTOCOL

Requested by
https://bafybeifrqdfze3piomesklwvzgfkuljsspb2tp6m4llmsjm2fztl6yua3u.ipfs.dweb.link/
Certificate
IssuerLet's Encrypt
Subjectdweb.link
Fingerprint79:E8:1D:77:5C:83:D4:1A:7E:1E:8F:50:42:55:D3:DA:72:0C:C1:2D
ValiditySat, 05 Apr 2025 13:18:13 GMT - Fri, 04 Jul 2025 13:18:12 GMT

File type
ASCII text
Size
191 B (191 bytes)
Hash
5af6a980865e8a2810998d5f368d3035
fd9321926fbc29b9aca69152c7b724d5ef3138f9
13d7d7e596a9bc7897980cb5687f5214701540f2ee3ed97c8b9009beeb5f55d2

Detections

Analyzer	Verdict	Alert
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: bafybeifrqdfze3piomesklwvzgfkuljsspb2tp6m4llmsjm2fztl6yua3u.ipfs.dweb.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bafybeifrqdfze3piomesklwvzgfkuljsspb2tp6m4llmsjm2fztl6yua3u.ipfs.dweb.link/
Cookie: __cflb=0H28vpBU6C55AmWKXGAVx2VtNDiXCjUNYzWyv8eV5cx
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Mon, 05 May 2025 10:53:43 GMT
content-type: text/plain; charset=utf-8
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
x-content-type-options: nosniff
x-ipfs-path: /ipfs/bafybeifrqdfze3piomesklwvzgfkuljsspb2tp6m4llmsjm2fztl6yua3u/favicon.ico
x-ipfs-pop: rainbow-am6-04
cf-cache-status: MISS
priority: u=6,i=?0
vary: Accept-Encoding
x-robots-tag: noindex, nofollow
server: cloudflare
cf-ray: 93afb2196c45be58-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (4)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers