Report - links-2.govdelivery.com/CL0/https:%2F%2Ft.co%2FKhmb9qWFUZ%3Futm_medium=email%26utm_source=govdelivery/1/01010196899ef2e6-c917b698-2497-44d8-b967-d013802aec0c-000000/cjEpiRUK1Hb8SK6KVmzdosAXFWTeaWVto6UrxOk0PiY=403

Report Overview

Visited public
2025-05-01 03:25:09
Tags
URL
links-2.govdelivery.com/CL0/https:%2F%2Ft.co%2FKhmb9qWFUZ%3Futm_medium=email%26utm_source=govdelivery/1/01010196899ef2e6-c917b698-2497-44d8-b967-d013802aec0c-000000/cjEpiRUK1Hb8SK6KVmzdosAXFWTeaWVto6UrxOk0PiY=403
Finishing URL
client.793215-bittrex.com/home/?v=63214
IP / ASN
23.33.119.115
#20940 Akamai International B.V.
Title
Loading...

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
links-2.govdelivery.com	unknown	2001-07-26	2024-06-26	2025-04-29	680 B	662 B	23.36.77.179
1rpc.io	unknown	2022-08-02	2022-08-18	2025-04-30	965 B	762 B	20.105.41.175
client.793215-bittrex.com	unknown	2025-04-29	2025-05-01	2025-05-01	1.1 kB	95 kB	45.159.208.198
t.co	569	2010-04-26	2012-07-25	2025-04-24	523 B	1.3 kB	162.159.140.229
ipfs.io	41400	2014-05-16	2015-09-09	2025-04-25	551 B	1.3 kB	209.94.90.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-05-01 03:24:49	medium	Client IP	209.94.90.1	ET INFO Observed Peer-to-Peer File Sharing Service Domain (ipfs .io in TLS SNI)
2025-05-01 03:24:49	low	Client IP	20.105.41.175	ET INFO Observed Smart Chain Domain in TLS SNI (1rpc .io)
2025-05-01 03:24:49	low	Client IP	20.105.41.175	ET INFO Observed Smart Chain Domain in TLS SNI (1rpc .io)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-01	medium	793215-bittrex.com	Sinkholed
2025-05-01	medium	793215-bittrex.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	ipfs.io/ipfs/QmXm7F2nGe72y5vqZiHWpJyDix6GETqzoRUePax1PiKc5K	ScriptElement	438 B	2025-05-01	2025-05-01
Pretty URL ipfs.io/ipfs/QmXm7F2nGe72y5vqZiHWpJyDix6GETqzoRUePax1PiKc5K IP 209.94.90.1 ASN #40680 PROTOCOL Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-01 03:25 Last Seen2025-05-01 03:25 Times Seen1 Hash f295d8b0d65a70b4c604f6410fb48132 c4d293bf1a4d00013afe23432a8759896a84fcb6 7bfc5207d6ca03bbeff270252a176ba13d9eb73c5b29cebf42fdfb1cc9972f92 Loading...

HTTP Transactions (7)

URL IP Response Size

links-2.govdelivery.com/CL0/https:%2F%2Ft.co%2FKhmb9qWFUZ%3Futm_medium=email%26utm_source=govdelivery/1/01010196899ef2e6-c917b698-2497-44d8-b967-d013802aec0c-000000/cjEpiRUK1Hb8SK6KVmzdosAXFWTeaWVto6UrxOk0PiY=403

23.36.77.179

302 Found

357 B

URL User Request GET
links-2.govdelivery.com/CL0/https:%2F%2Ft.co%2FKhmb9qWFUZ%3Futm_medium=email%26utm_source=govdelivery/1/01010196899ef2e6-c917b698-2497-44d8-b967-d013802aec0c-000000/cjEpiRUK1Hb8SK6KVmzdosAXFWTeaWVto6UrxOk0PiY=403
IP
23.36.77.179:443
ASN
#20940 Akamai International B.V.

Certificate
IssuerLet's Encrypt
Subjectsan1.govdelivery.com
Fingerprint4A:80:45:81:85:4C:09:7A:BE:9A:CC:CF:82:55:6C:01:95:F3:9C:95
ValidityMon, 21 Apr 2025 16:33:43 GMT - Sun, 20 Jul 2025 16:33:42 GMT

File type

Size
357 B (357 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /CL0/https:%2F%2Ft.co%2FKhmb9qWFUZ%3Futm_medium=email%26utm_source=govdelivery/1/01010196899ef2e6-c917b698-2497-44d8-b967-d013802aec0c-000000/cjEpiRUK1Hb8SK6KVmzdosAXFWTeaWVto6UrxOk0PiY=403 HTTP/1.1
Host: links-2.govdelivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
location: https://t.co/Khmb9qWFUZ?utm_medium=email&utm_source=govdelivery
content-length: 0
expires: Thu, 01 May 2025 03:24:48 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Thu, 01 May 2025 03:24:48 GMT
alt-svc: h3=":443"; ma=93600
X-Firefox-Spdy: h2

1rpc.io/eth

20.105.41.175

200 OK

294 B

URL POST
1rpc.io/eth
IP
20.105.41.175:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://ipfs.io/ipfs/QmXm7F2nGe72y5vqZiHWpJyDix6GETqzoRUePax1PiKc5K
Certificate
IssuerLet's Encrypt
Subject1rpc.io
Fingerprint0B:6B:DE:F1:26:68:B8:5C:A6:FA:04:17:D1:1A:37:F4:E0:D9:02:BF
ValidityFri, 11 Apr 2025 01:15:00 GMT - Thu, 10 Jul 2025 01:14:59 GMT

File type
JSON text data
Size
294 B (294 bytes)
Hash
bb6216d2ec8d348608c3f506618277be
b054d630ac7474820a4c9b381095fe8bc36d36c2
74096fbe452cb87a1f42d734632ee322f3946e08f8c844ffb9fe7274cec3fa6d

HTTP Headers

POST /eth HTTP/1.1
Host: 1rpc.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ipfs.io/
Content-Type: application/json
Content-Length: 136
Origin: https://ipfs.io
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/json
access-control-allow-origin: *
date: Thu, 01 May 2025 03:24:49 GMT
content-length: 294
X-Firefox-Spdy: h2

client.793215-bittrex.com/favicon.ico

45.159.208.198

404 Not Found

551 B

URL GET
client.793215-bittrex.com/favicon.ico
IP
45.159.208.198:443
ASN
#56971 Cgi Global Limited

Requested by
https://client.793215-bittrex.com/home/?v=63214
Certificate
IssuerLet's Encrypt
Subjectclient.793215-bittrex.com
Fingerprint07:F9:36:1D:60:F6:DF:39:BD:BB:84:F2:CD:61:3A:BB:44:D5:1E:2D
ValidityTue, 29 Apr 2025 05:49:15 GMT - Mon, 28 Jul 2025 05:49:14 GMT

File type
HTML document, ASCII text
Size
551 B (551 bytes)
Hash
cd784cb186771eb0607b4c5ba68baaef
8feb3b68c90cec1bd700b7f325d101c4389e3746
5b67aab6729e489486bc9aea82bf0942b47a72d42897b6c0b28e6d3ee21c7d1d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: client.793215-bittrex.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://client.793215-bittrex.com/home/?v=63214
Cookie: PHPSESSID=75b32j7e98tot3ajam6g7dn800
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Thu, 01 May 2025 03:24:59 GMT
content-type: text/html
last-modified: Tue, 29 Apr 2025 06:47:48 GMT
etag: W/"227-633e52dbf4031"
content-encoding: br
X-Firefox-Spdy: h2

t.co/Khmb9qWFUZ?utm_medium=email&utm_source=govdelivery

162.159.140.229

200 OK

357 B

URL User Request GET
t.co/Khmb9qWFUZ?utm_medium=email&utm_source=govdelivery
IP
162.159.140.229:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectt.co
Fingerprint09:38:0C:0D:8B:31:C3:39:19:3F:79:68:3D:31:3C:4D:C7:4C:11:8B
ValidityMon, 24 Mar 2025 13:17:26 GMT - Sun, 22 Jun 2025 13:17:25 GMT

File type
HTML document, ASCII text, with very long lines (357), with no line terminators
Size
357 B (357 bytes)
Hash
910b577d215358b52085bf4ff85be7b7
34729dedf594043b590b7b241b77869e8f5b8e58
a6cf55d005e9e9981b06aed9978621830c325e009908247c76666e8444c413ab

HTTP Headers

GET /Khmb9qWFUZ?utm_medium=email&utm_source=govdelivery HTTP/1.1
Host: t.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 01 May 2025 03:24:48 GMT
content-type: text/html; charset=utf-8
perf: 7402827104
vary: Origin, accept-encoding
expires: Thu, 01 May 2025 03:29:48 GMT
cache-control: private,max-age=300
x-transaction-id: e1f3fa7a652081d8
x-xss-protection: 0
strict-transport-security: max-age=0
x-response-time: 11
x-connection-hash: a652aa5ceb98fb11db02ba71c8826fc7af97f3ff9f5062a2893c427424cc0c95
cf-cache-status: DYNAMIC
set-cookie: muc=d8fbc173-cd80-4de6-96ad-ce0715e535a8; Max-Age=34214400; Expires=Mon, 01 Jun 2026 03:24:48 GMT; Domain=t.co; Secure; SameSite=None
__cf_bm=tQZI0FoRw7TN.JXy5pa62qP6jghb7lQ8Dm9QUnuMkHM-1746069888-1.0.1.1-lfLAuz4dNKJ5o2KNVREgGiszH3.x1S9Y1X30BtmTdudF3.YUL2qLPmxc2DDUOp8sHVYzyCRQ4ItlkCAlFeMPEBrKHHltb1cV9l7TmSIeRfQ; path=/; expires=Thu, 01-May-25 03:54:48 GMT; domain=.t.co; HttpOnly; Secure; SameSite=None
server: cloudflare tsa_b
cf-ray: 938c2b040e0956bb-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

ipfs.io/ipfs/QmXm7F2nGe72y5vqZiHWpJyDix6GETqzoRUePax1PiKc5K

209.94.90.1

200 OK

503 B

URL User Request GET
ipfs.io/ipfs/QmXm7F2nGe72y5vqZiHWpJyDix6GETqzoRUePax1PiKc5K
IP
209.94.90.1:443
ASN
#40680 PROTOCOL

Certificate
IssuerGoogle Trust Services
Subjectipfs.io
FingerprintB5:5C:88:C4:CF:76:F7:0F:C0:8E:3E:37:B6:38:B9:24:22:00:39:2E
ValiditySun, 06 Apr 2025 13:42:46 GMT - Sat, 05 Jul 2025 14:42:25 GMT

File type
HTML document, ASCII text, with very long lines (502)
Size
503 B (503 bytes)
Hash
ab710b4fa94e11dba1026e9dfde4a225
9c77e9989a68cbd4c10b7cb3b0d2eba10de6364b
dd14a8fef8aa59764d2a697dba06810d7e9facc36cdf6cf06f1659436895fd69

HTTP Headers

GET /ipfs/QmXm7F2nGe72y5vqZiHWpJyDix6GETqzoRUePax1PiKc5K HTTP/1.1
Host: ipfs.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 01 May 2025 03:24:49 GMT
content-type: text/html
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: public, max-age=29030400, immutable
x-ipfs-path: /ipfs/QmXm7F2nGe72y5vqZiHWpJyDix6GETqzoRUePax1PiKc5K
x-ipfs-roots: QmXm7F2nGe72y5vqZiHWpJyDix6GETqzoRUePax1PiKc5K
x-ipfs-pop: rainbow-fr2-03
cf-cache-status: HIT
age: 3648
vary: Accept-Encoding
x-robots-tag: noindex, nofollow
server: cloudflare
cf-ray: 938c2b088ea96ded-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1rpc.io/eth

20.105.41.175

200 OK

0 B

URL OPTIONS
1rpc.io/eth
IP
20.105.41.175:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://ipfs.io/ipfs/QmXm7F2nGe72y5vqZiHWpJyDix6GETqzoRUePax1PiKc5K
Certificate
IssuerLet's Encrypt
Subject1rpc.io
Fingerprint0B:6B:DE:F1:26:68:B8:5C:A6:FA:04:17:D1:1A:37:F4:E0:D9:02:BF
ValidityFri, 11 Apr 2025 01:15:00 GMT - Thu, 10 Jul 2025 01:14:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /eth HTTP/1.1
Host: 1rpc.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ipfs.io/
Origin: https://ipfs.io
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: AutomataGeode/0.1.0
access-control-allow-origin: *
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS
access-control-allow-headers: content-type
access-control-max-age: 86400
access-control-allow-credentials: true
date: Thu, 01 May 2025 03:24:49 GMT
X-Firefox-Spdy: h2

client.793215-bittrex.com/home/?v=63214

45.159.208.198

200 OK

94 kB

URL User Request GET
client.793215-bittrex.com/home/?v=63214
IP
45.159.208.198:443
ASN
#56971 Cgi Global Limited

Certificate
IssuerLet's Encrypt
Subjectclient.793215-bittrex.com
Fingerprint07:F9:36:1D:60:F6:DF:39:BD:BB:84:F2:CD:61:3A:BB:44:D5:1E:2D
ValidityTue, 29 Apr 2025 05:49:15 GMT - Mon, 28 Jul 2025 05:49:14 GMT

File type
JavaScript source, ASCII text, with very long lines (65343), with CRLF line terminators
Size
94 kB (94162 bytes)
Hash
da435f2b3f5de775be1410fae8da3281
b9dfa4d9cc71142e0c0240f48350d37773a4e05d
d0233fb2820c05c0706915da08fc22e71d0fc30e6b91ceecebbd872a2ba6baeb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /home/?v=63214 HTTP/1.1
Host: client.793215-bittrex.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ipfs.io/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 01 May 2025 03:24:51 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=75b32j7e98tot3ajam6g7dn800; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (7)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL POST

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL OPTIONS

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections