Hi,

I was receiving this warning report on my Kaspersky anti-virus safe browsing tab:

Type: Threat of data loss

Name: https://gateway.pinata.cloud/ipfs

Can someone help me understand this, and should I be concerned with the activity that I'm trying to carry out that led me to this warning lol

Thanks!

-LeaveItHereDude

Afternoon,

We have defender365 and External SOC that monitors firewall logs ETC. And was wanting to get some advice on how to handle something. The SOC alerts that a computer is reaching out to https[:]//gateway[.]pinata[.]cloud which is blocked by the firewall for P2P, i know that deals with IPFS. I can see in defender EDR that the device did try to connect. The device has tried to contact the piñata address every Monday since the start of August. When looking over the timeline data in defender i don't see a file has referenced for the URL nor is one referenced in the firewall for the hash its looking up in IPFS in the gateway. It just looks like its going to the pinata URL and that is all. Appears to be coming from edge. I wanted to know what the hash was so i could see the file its referring too but their appears to be no hash, which is odd.

I do wonder if this person is going to another site every Monday and its hosting content on the gateway, but can find away to pin point what that site is. In the timeline around the hit for pinata i see many other ad network sites.

Does anyone know how to find if another site is accessing the pinata site? other than manually testing every URL around the entry in the timeline?

Basically i cant figure out what is triggering access to this site....

Thoughts?