Report - bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/

Report Overview

Visited public
2023-12-04 00:57:42
Tags
URL
bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/
Finishing URL
bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/
IP / ASN
209.94.90.1
#40680 PROTOCOL
Title
Session Expired!

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-12-03 05:09:22	480 B	31 kB	151.101.194.137
logo.clearbit.com	27344	2003-07-04	2015-06-30 18:39:45	2023-12-03 01:26:32	998 B	2.3 kB	143.204.55.15
bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link	unknown	2017-02-24	2023-09-04 19:09:43	2023-11-28 00:54:54	1.3 kB	50 kB	209.94.90.1
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2023-11-19 18:48:38	1.0 kB	1.6 kB	142.250.74.164
t2.gstatic.com	unknown	2008-02-11	2013-05-07 02:09:56	2023-12-04 00:41:07	2.3 kB	3.9 kB	142.250.74.100

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-04 00:57:30	low	Client IP	Internal IP	ET HUNTING IPFS Gateway Domain in DNS Lookup (ipfs .dweb .link)
2023-12-04 00:57:30	low	Client IP	Internal IP	ET HUNTING IPFS Gateway Domain in DNS Lookup (ipfs .dweb .link)
2023-12-04 00:57:30	low	Client IP	209.94.90.1	ET HUNTING Observed IPFS Gateway Domain (ipfs .dweb .link) in TLS SNI
2023-12-04 00:57:31	low	Client IP	Internal IP	ET INFO Clearbit Logo Query in DNS Lookup
2023-12-04 00:57:31	low	Client IP	Internal IP	ET INFO Clearbit Logo Query in DNS Lookup

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-11-28	medium	bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/	Generic/Spear Phishing
2023-11-28	medium	bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/	Generic/Spear Phishing

PhishTank

Scan Date	Severity	Indicator	Alert
2023-09-07	medium	bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/	Other
2023-09-07	medium	bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-04	medium	bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link	Sinkholed
2023-12-04	medium	bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	code.jquery.com/jquery-3.2.1.min.js	ScriptElement	87 kB	2023-03-07	2025-05-11
Pretty URL code.jquery.com/jquery-3.2.1.min.js IP 151.101.194.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 18:42 Times Seen36348 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/	ScriptElement	6.3 kB	2024-08-20	2025-01-02
Pretty URL bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/ IP 209.94.90.1 ASN #40680 PROTOCOL Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:53 Last Seen2025-01-02 06:57 Times Seen2 Hash 4c4b44917580af39010b45d99f0a7632 dd7cbef15c08306eb5b5a9eabfb8a85d372634a8 6fd6e67f5dd256f4c12c29e6d64000e112c22b589e6ad30a71a8d54c27fea09f Loading...

HTTP Transactions (11)

URL IP Response Size

code.jquery.com/jquery-3.2.1.min.js

151.101.194.137

200 OK

30 kB

URL GET HTTP/2
code.jquery.com/jquery-3.2.1.min.js
IP
151.101.194.137:443
ASN
#54113 FASTLY

Requested by
https://bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/#
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32058)
Size
30 kB (30125 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

HTTP Headers

GET /jquery-3.2.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15283"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 04 Dec 2023 00:57:25 GMT
age: 6850832
x-served-by: cache-lga21971-LGA, cache-bma1675-BMA
x-cache: HIT, HIT
x-cache-hits: 215, 206314
x-timer: S1701651446.720407,VS0,VE0
vary: Accept-Encoding
content-length: 30125
X-Firefox-Spdy: h2

logo.clearbit.com/live.com

143.204.55.15

200 OK

618 B

URL GET HTTP/2
logo.clearbit.com/live.com
IP
143.204.55.15:443
ASN
#16509 AMAZON-02

Requested by
https://bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/
Certificate
IssuerAmazon
Subjectclearbit.com
FingerprintCE:F9:48:B9:1B:6F:17:74:BE:F2:87:A9:D6:47:48:D7:81:AC:02:31
ValidityMon, 18 Sep 2023 00:00:00 GMT - Thu, 17 Oct 2024 23:59:59 GMT

File type
PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced\012- data
Size
618 B (618 bytes)
Hash
e6f4ae3faed9768872a85280b818ff9f
42c9623d1ea60726d8e1e75733d8d7b4ab336dc1
a1fab8fc3cf9fb9554b6d0fcab8236be7a22ceadec82ce0704cf79d3973c1139

HTTP Headers

GET /live.com HTTP/1.1
Host: logo.clearbit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 618
access-control-allow-origin: *
cache-control: public, max-age=2592000
date: Sat, 11 Nov 2023 21:50:02 GMT
x-envoy-response-flags: -
server: envoy
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-cache: Hit from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 6_grCDS-70Ng1alvoAGG2Xv1D6nRmHyzUe8fWAgAPue7DW1u7kCzNw==
age: 1912043
X-Firefox-Spdy: h2

bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/

209.94.90.1

200 OK

34 kB

URL User Request GET HTTP/2
bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/
IP
209.94.90.1:443
ASN
#40680 PROTOCOL

Certificate
IssuerLet's Encrypt
Subjectdweb.link
Fingerprint8B:0B:A0:28:A6:81:DF:E9:49:F0:E9:A3:20:69:C6:07:BE:D6:16:2C
ValidityMon, 20 Nov 2023 14:59:23 GMT - Sun, 18 Feb 2024 14:59:22 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (32033), with CRLF, LF line terminators
Size
34 kB (34535 bytes)
Hash
84306219ece1d680054ee74e6f4cb2a5
47cd8b8be34d1cdcabf8577cc75eec0aa097fdb8
b7269c5110bd313f3f2ac81dc6b68917b6e5cfa6b414bef03bd0c1ab32bbea5f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty
date: Mon, 04 Dec 2023 00:57:25 GMT
content-type: text/html
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, OPTIONS, GET, POST, OPTIONS
cache-control: public, max-age=29030400, immutable
etag: W/"bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy"
x-ipfs-gateway-host: ipfs-bank6-fr2
x-ipfs-path: /ipfs/bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy/
x-ipfs-roots: bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy
x-ipfs-pop: ipfs-bank6-fr2
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output
x-ipfs-lb-pop: gateway-bank2-fr2
x-proxy-cache: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

www.google.com/s2/favicons?domain=microsoft.com

142.250.74.164

301 Moved Permanently

333 B

URL GET HTTP/2
www.google.com/s2/favicons?domain=microsoft.com
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintB0:8E:97:10:7E:30:90:F6:42:A1:32:63:5C:78:27:D3:A8:F1:05:D1
ValidityMon, 23 Oct 2023 11:24:57 GMT - Mon, 15 Jan 2024 11:24:56 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
333 B (333 bytes)
Hash
c28d72b8d45d4620584507f1cefa3bdc
186a92810d10c19f7587732113cc76f5029a045c
1dff1bcaad427e72d8229c005a58f01b03f60d9ba1778dc2e11b1d5deb5ae22d

HTTP Headers

GET /s2/favicons?domain=microsoft.com HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
location: https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 04 Dec 2023 00:57:26 GMT
expires: Mon, 04 Dec 2023 01:27:26 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 333
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/s2/favicons?domain=microsoft.com

142.250.74.164

301 Moved Permanently

333 B

URL GET HTTP/2
www.google.com/s2/favicons?domain=microsoft.com
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintB0:8E:97:10:7E:30:90:F6:42:A1:32:63:5C:78:27:D3:A8:F1:05:D1
ValidityMon, 23 Oct 2023 11:24:57 GMT - Mon, 15 Jan 2024 11:24:56 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
333 B (333 bytes)
Hash
c28d72b8d45d4620584507f1cefa3bdc
186a92810d10c19f7587732113cc76f5029a045c
1dff1bcaad427e72d8229c005a58f01b03f60d9ba1778dc2e11b1d5deb5ae22d

HTTP Headers

GET /s2/favicons?domain=microsoft.com HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
location: https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16
x-content-type-options: nosniff
server: sffe
content-length: 333
x-xss-protection: 0
date: Mon, 04 Dec 2023 00:57:26 GMT
expires: Mon, 04 Dec 2023 01:27:26 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

logo.clearbit.com/live.com

143.204.55.15

200 OK

618 B

URL GET HTTP/2
logo.clearbit.com/live.com
IP
143.204.55.15:443
ASN
#16509 AMAZON-02

Requested by
https://bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/
Certificate
IssuerAmazon
Subjectclearbit.com
FingerprintCE:F9:48:B9:1B:6F:17:74:BE:F2:87:A9:D6:47:48:D7:81:AC:02:31
ValidityMon, 18 Sep 2023 00:00:00 GMT - Thu, 17 Oct 2024 23:59:59 GMT

File type
PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced\012- data
Size
618 B (618 bytes)
Hash
e6f4ae3faed9768872a85280b818ff9f
42c9623d1ea60726d8e1e75733d8d7b4ab336dc1
a1fab8fc3cf9fb9554b6d0fcab8236be7a22ceadec82ce0704cf79d3973c1139

HTTP Headers

GET /live.com HTTP/1.1
Host: logo.clearbit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 618
access-control-allow-origin: *
cache-control: public, max-age=2592000
date: Sat, 11 Nov 2023 21:50:02 GMT
x-envoy-response-flags: -
server: envoy
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-cache: Hit from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: z8OS8imO74DA-pUKTkqN3GRzTm8FZgHAMOwAj_Eo24rr9xNgeDlyXA==
age: 1912044
X-Firefox-Spdy: h2

t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16

142.250.74.100

123 B

URL
t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16
IP
142.250.74.100:0
ASN
#15169 GOOGLE

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
123 B (123 bytes)
Hash
a8d52f25035a199583096202967555ed
fe806cc8ee0c09aa316b71455e776c023111a029
352a123b5fc60b04834709b12bd417da8aec2c4319e6486c31f6826e9e591eed

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16 HTTP/1.1
Host: t2.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-location: https://www.microsoft.com/favicon.ico?v2
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 123
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 22:29:32 GMT
expires: Wed, 06 Dec 2023 22:29:32 GMT
cache-control: public, max-age=604800
age: 354474
last-modified: Wed, 29 Nov 2017 12:34:19 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16

142.250.74.100

123 B

URL
t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16
IP
142.250.74.100:0
ASN
#15169 GOOGLE

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
123 B (123 bytes)
Hash
a8d52f25035a199583096202967555ed
fe806cc8ee0c09aa316b71455e776c023111a029
352a123b5fc60b04834709b12bd417da8aec2c4319e6486c31f6826e9e591eed

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16 HTTP/1.1
Host: t2.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-location: https://www.microsoft.com/favicon.ico?v2
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 123
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 22:29:32 GMT
expires: Wed, 06 Dec 2023 22:29:32 GMT
cache-control: public, max-age=604800
age: 354474
last-modified: Wed, 29 Nov 2017 12:34:19 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/

209.94.90.1

200 OK

14 kB

URL GET HTTP/2
bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/
IP
209.94.90.1:443
ASN
#40680 PROTOCOL

Requested by
https://bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/
Certificate
IssuerLet's Encrypt
Subjectdweb.link
Fingerprint8B:0B:A0:28:A6:81:DF:E9:49:F0:E9:A3:20:69:C6:07:BE:D6:16:2C
ValidityMon, 20 Nov 2023 14:59:23 GMT - Sun, 18 Feb 2024 14:59:22 GMT

File type

Size
14 kB (13551 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Mon, 04 Dec 2023 00:57:25 GMT
content-type: text/html
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, OPTIONS, GET, POST, OPTIONS
cache-control: public, max-age=29030400, immutable
etag: W/"bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy"
x-ipfs-gateway-host: ipfs-bank6-fr2
x-ipfs-path: /ipfs/bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy/
x-ipfs-roots: bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy
x-ipfs-pop: ipfs-bank6-fr2
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output
x-ipfs-lb-pop: gateway-bank2-fr2
x-proxy-cache: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16

142.250.74.100

200 OK

123 B

URL GET HTTP/2
t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16
IP
142.250.74.100:443
ASN
#15169 GOOGLE

Requested by
https://bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
123 B (123 bytes)
Hash
a8d52f25035a199583096202967555ed
fe806cc8ee0c09aa316b71455e776c023111a029
352a123b5fc60b04834709b12bd417da8aec2c4319e6486c31f6826e9e591eed

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16 HTTP/1.1
Host: t2.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-location: https://www.microsoft.com/favicon.ico?v2
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 123
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 22:29:32 GMT
expires: Wed, 06 Dec 2023 22:29:32 GMT
cache-control: public, max-age=604800
age: 354474
last-modified: Wed, 29 Nov 2017 12:34:19 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16

142.250.74.100

200 OK

123 B

URL GET HTTP/2
t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16
IP
142.250.74.100:443
ASN
#15169 GOOGLE

Requested by
https://bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
123 B (123 bytes)
Hash
a8d52f25035a199583096202967555ed
fe806cc8ee0c09aa316b71455e776c023111a029
352a123b5fc60b04834709b12bd417da8aec2c4319e6486c31f6826e9e591eed

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16 HTTP/1.1
Host: t2.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bafkreib5klpm4x67kb3vql6vrlowk64vr6i3xqr2h3nttnv6r7klfwlgfy.ipfs.dweb.link/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-location: https://www.microsoft.com/favicon.ico?v2
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 123
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 22:29:32 GMT
expires: Wed, 06 Dec 2023 22:29:32 GMT
cache-control: public, max-age=604800
age: 354474
last-modified: Wed, 29 Nov 2017 12:34:19 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (11)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size