news media journalism

English

The domain 'ipfs.io' uses the British Indian Ocean Territory country-code top-level domain (.io) while skipping any subdomain. The second-level label 'ipfs' is 4 characters long containing 1 vowel alongside 3 consonants. It segments into 2 words: i, pfs. Expect 2 characters per word on average. No strong language cues emerged from the frequency lists.

username

pdf2

pdf1

address

email

type

html/57/f8/57f85050-f2e0-47d2-87d2-f869a8c062ca.html.gz

require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers

d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad

2b26394aac8199778cd337d8046535b6ea9cb2dc698e4102029ca963e080e19f

9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.

Regex in its jQuery.htmlPrefilter sometimes may introduce XSS

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability

Axios is vulnerable to Inefficient Regular Expression Complexity

Axios Cross-Site Request Forgery Vulnerability

axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL

## Summary

When Axios runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response.
This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: 'stream'`.

Versions before 1.6.8 depends on follow-redirects before 1.15.6 which could leak the proxy authentication credentials

jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates

parseHTML() executes scripts in event handlers

07921c9a7951c8a5504c172415b8c511d1558395688452b08cd79847989d9e37

4e5813c6ffb65ee0b454e5d1d3cd300aded42aea417dd4c35528808fa03de3f4

viewport

width=device-width, initial-scale=1, shrink-to-fit=no

HSTS header missing - vulnerable to protocol downgrade attacks

CSP header missing - vulnerable to XSS attacks

child-src 'none';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources 'self';trusted-types;worker-src blob: 'self';frame-ancestors 'none';

child-src https:  chrome-untrusted://new-tab-page/ chrome-untrusted://ntp-microsoft-auth/;connect-src chrome://resources chrome://theme 'self';default-src 'self';font-src chrome://resources 'self';img-src chrome://resources chrome://theme chrome://image chrome://favicon2 chrome://app-icon chrome://extension-icon chrome://fileicon blob: data: 'self';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources chrome://webui-test 'self';style-src chrome://resources chrome://theme 'self' 'unsafe-inline';trusted-types parse-html-subset sanitize-inner-html static-types webui-test-script webui-test-html polymer-html-literal polymer-template-event-attribute-policy lit-html-desktop;frame-ancestors 'none';

child-src 'none';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources 'self';trusted-types;frame-ancestors 'none';

base-uri 'none';child-src https:;form-action https://ogs.google.com https://*.corp.google.com;object-src 'none';script-src 'self' 'unsafe-inline' https:;frame-ancestors chrome://new-tab-page/

ipfs.io

Abuse

Admin

Cloudflare-NOC

Cloudflare, Inc.

CLOUDFLARENET

X-UA-Compatible

PasswordField

JQuery

Bootstrap

IPFS

HTTP/3

Font Awesome

Cloudflare Bot Management

Cloudflare

jQuery CDN

cdnjs

Google Hosted Libraries

Heh - Mail

✅ Low Risk - https://ipfs.io/ipfs/bafybeigoig3zw4q4ktewtysvqxvulk44ysrjek55d4lgb4ood6bdekh2ii#alqpthgt@heh.se

Requests	IP Address	Location	AS Autonomous System
8	104.17.24.14	United States	AS13335CLOUDFLARENET
1	216.58.206.68	United States	AS15169GOOGLE
1	104.18.10.207	United States	AS13335CLOUDFLARENET
1	142.250.185.138	United States	AS15169GOOGLE
1	151.101.130.137	United States	AS54113FASTLY
1	104.18.40.68	United States	AS13335CLOUDFLARENET
1	142.250.184.202	United States	AS15169GOOGLE
1	209.94.90.1	United States	AS40680PROTOCOL
15	8	-	-

Security Scan Report: ipfs.io

Summary

AI Security Verdict

High Risk

Risk Factors

Details

Screenshot

Page Load Overview

Language Analysis

Primary Language

Detection Details

Website Classification

Primary Category

All Detected Categories

Detected Features

Domain & IP Information

Detected Technologies12

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

ssdeep (Context Triggered Piecewise Hashing)

sdhash (Similarity Digest Hashing)

Image Hashes

Perceptual Hashes

Other Hashes

Scan History