urlscan.io logo urlscan.io
SecurityTrails logo

bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.w3s.link Open in urlscan Pro
2606:4700:4400::6812:29a9  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.w3s.link/officeshare.html
Submission: On November 15 via api from LU — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 7 domains to perform 7 HTTP transactions. The main IP is 2606:4700:4400::6812:29a9, located in United States and belongs to CLOUDFLARENET, US. The main domain is bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.w3s.link.
TLS certificate: Issued by WE1 on November 8th 2024. Valid for: 3 months.
This is the only time bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.w3s.link was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sharepoint (Online)

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:440... 13335 (CLOUDFLAR...)
7 2
Domain Requested by
1 bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.w3s.link
0 bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.dweb.link Failed
0 i.gyazo.com Failed bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.w3s.link
0 www.liblogo.com Failed bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.w3s.link
0 aadcdn.msauth.net Failed bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.w3s.link
0 partner.microsoft.com Failed bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.w3s.link
0 code.jquery.com Failed bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.w3s.link
7 7

This site contains no links.

Subject Issuer Validity Valid
*.ipfs.w3s.link
WE1		 2024-11-08 -
2025-02-06		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.w3s.link/officeshare.html
Frame ID: CD1EE516CC380A422C7E8D64A0FA8404
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign | SharePoint

Page Statistics

7
Requests

14 %
HTTPS

100 %
IPv6

7
Domains

7
Subdomains

2
IPs

1
Countries

14 kB
Transfer

31 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.w3s.link/favicon.ico HTTP 307
  • https://bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.dweb.link/favicon.ico

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request officeshare.html
bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.w3s.link/ 		24 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.w3s.link/officeshare.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:29a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
778e76ffbe9c4d7b968a7de6bb29470401c19b29ab1bd2fada9ed0b335021a58
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; form-action 'self'; navigate-to 'self'; connect-src 'self' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; report-to csp-endpoint ; report-uri https://csp-report-to.web3.storage

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.29 Safari/537.36

Response headers

access-control-allow-methods
GET, HEAD
access-control-allow-origin
*
access-control-expose-headers
Link
cache-control
public, max-age=29030400, immutable
cf-ray
8e2b35772f86d9cf-FRA
content-encoding
gzip
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; form-action 'self'; navigate-to 'self'; connect-src 'self' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; report-to csp-endpoint ; report-uri https://csp-report-to.web3.storage
content-type
text/html
date
Fri, 15 Nov 2024 00:43:46 GMT
etag
W/"bafkreidxrz3p7pu4jv5znct5425ssryeahazwknldpjpvwu62cztkaq2la"
reporting-endpoints
csp-endpoint="https://csp-report-to.web3.storage"
server
cloudflare
server-timing
request;dur=1576
vary
Accept-Encoding
x-dotstorage-anchor
9fae4631d45b38cd0eca4ba27955b5941c6f3a0f715397676932d5663ca19fac
x-dotstorage-resolution-id
https://freeway.dag.haus
x-dotstorage-resolution-layer
dotstorage-race
x-freeway-version
2.21.0
jquery-1.11.1.min.js
code.jquery.com/ 		0
0
simplehero_sideimage_400x225_onedrive.ashx
partner.microsoft.com/-/media/mssc/mpn/partner/solutions/images/ 		0
0
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
aadcdn.msauth.net/shared/1.0/content/images/ 		0
0
truncated
/ 		7 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
db307fcef7f95139689007d7a623b340ec21282bd421c4e4b2ba09078f230545

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.29 Safari/537.36
Referer

Response headers

Content-Type
image/png
ou154f186-outlook-logo-file-microsoft-office-outlook-2018-present-svg-wikimedia-commons.png
www.liblogo.com/img-logo/ 		0
0
c49c85c360ae0cf9348b487be7810ec0.png
i.gyazo.com/ 		0
0
favicon.ico
bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.dweb.link/
Redirect Chain
  • https://bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.w3s.link/favicon.ico
  • https://bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.dweb.link/favicon.ico
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
code.jquery.com
URL
https://code.jquery.com/jquery-1.11.1.min.js
Domain
partner.microsoft.com
URL
https://partner.microsoft.com/-/media/mssc/mpn/partner/solutions/images/simplehero_sideimage_400x225_onedrive.ashx
Domain
aadcdn.msauth.net
URL
https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Domain
www.liblogo.com
URL
https://www.liblogo.com/img-logo/ou154f186-outlook-logo-file-microsoft-office-outlook-2018-present-svg-wikimedia-commons.png
Domain
i.gyazo.com
URL
https://i.gyazo.com/c49c85c360ae0cf9348b487be7810ec0.png
Domain
bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.dweb.link
URL
https://bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.dweb.link/favicon.ico

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sharepoint (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| b function| thesubmit function| checkPassy function| a

1 Cookies

Domain/Path Name / Value
.w3s.link/ Name: __cf_bm
Value: pr8n1Nik87jtkEVOcSUfzgdB9ROsVMmH67qZxxSTi.0-1731631426-1.0.1.1-MVOelfpW.AYubWhQru07LUW2gbrWqMCAC9cFq_EVt2zRRXDDemK_FQOGKPk71UXw1X3eHoQAdFG0._PZjyxTzQ

7 Console Messages

Source Level URL
Text
security error URL: https://bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.w3s.link/officeshare.html
Message:
Unrecognized Content-Security-Policy directive 'navigate-to'.
security error URL: https://bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.w3s.link/officeshare.html
Message:
Refused to load the script 'https://code.jquery.com/jquery-1.11.1.min.js' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network". Note that 'script-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
security error URL: https://bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.w3s.link/officeshare.html(Line 417)
Message:
Refused to load the image 'https://partner.microsoft.com/-/media/mssc/mpn/partner/solutions/images/simplehero_sideimage_400x225_onedrive.ashx' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
security error URL: https://bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.w3s.link/officeshare.html(Line 417)
Message:
Refused to load the image 'https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
security error URL: https://bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.w3s.link/officeshare.html(Line 417)
Message:
Refused to load the image 'https://www.liblogo.com/img-logo/ou154f186-outlook-logo-file-microsoft-office-outlook-2018-present-svg-wikimedia-commons.png' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
security error URL: https://bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.w3s.link/officeshare.html
Message:
Refused to load the image 'https://i.gyazo.com/c49c85c360ae0cf9348b487be7810ec0.png' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
recommendation verbose URL: https://bafybeied3ykd6rwigyhlm3tqfluknhi5ypj5tg2lmfoabdrgpb6m5wfyl4.ipfs.w3s.link/officeshare.html
Message:
[DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; form-action 'self'; navigate-to 'self'; connect-src 'self' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; report-to csp-endpoint ; report-uri https://csp-report-to.web3.storage