urlscan.io logo urlscan.io
SecurityTrails logo

bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link Open in urlscan Pro
2606:4700::6812:1634  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/O3.shtml?3mail@b.c
Effective URL: https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/O3.shtml?3mail@b.c
Submission: On April 13 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 8 HTTP transactions. The main IP is 2606:4700::6812:1634, located in United States and belongs to CLOUDFLARENET, US. The main domain is bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 18th 2022. Valid for: a year.
This is the only time bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook Web Access (Online)

Domain & IP information

IP Address AS Autonomous System
3 9 2606:4700::68... 13335 (CLOUDFLAR...)
2 2602:fea2:2::1 40680 (PROTOCOL)
8 3
Domain Requested by
4 bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link 3 redirects
2 bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.dweb.link bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link
1 bafybeiav5qbyvaykatiybnrcgiqk5og7nmapzk6uvhpupyxy2iqh6y4p5a.ipfs.w3s.link bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link
1 bafybeiehhyhjwil3s6qyggut62w3krzbdnp6sc4w5cdgcaldq4jejqbbgi.ipfs.w3s.link bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link
1 bafybeibsenpyyegcaidqcjjmjqtwrnugc5epbkjsubalkm5yd3ygkelw5q.ipfs.w3s.link bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link
1 bafybeifdsvnq3ifynebneex3kxcqmgqownzusnj4m7mws3vnuw3ojpkgem.ipfs.w3s.link bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link
1 bafybeigayvpwg3mtkswxi2kiecrgmm5nvsbeja2nlw6ij7vvjtfnc7g62y.ipfs.w3s.link bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link
8 7

This site contains no links.

Subject Issuer Validity Valid
w3s.link
Cloudflare Inc ECC CA-3		 2022-07-18 -
2023-07-17		 a year crt.sh

This page contains 1 frames:

Primary Page: https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/O3.shtml?3mail@b.c
Frame ID: 74618E4FB6C52A5E9B58E662DFF0346D
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Outlook

Page URL History Show full URLs

  1. http://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/O3.shtml?3mail@b.c HTTP 301
    https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/O3.shtml?3mail@b.c Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

75 %
HTTPS

100 %
IPv6

2
Domains

7
Subdomains

3
IPs

1
Countries

324 kB
Transfer

910 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/O3.shtml?3mail@b.c HTTP 301
    https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/O3.shtml?3mail@b.c Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9
  • https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/css/segoeui-regular.ttf HTTP 307
  • https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.dweb.link/css/segoeui-regular.ttf
Request Chain 10
  • https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/css/segoeui-semilight.ttf HTTP 307
  • https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.dweb.link/css/segoeui-semilight.ttf

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request O3.shtml
bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/
Redirect Chain
  • http://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/O3.shtml?3mail@b.c
  • https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/O3.shtml?3mail@b.c
673 KB
250 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/O3.shtml?3mail@b.c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d2e79527f9a4ddf43f3b7cb53850810c3524152f79db11e53ddcca080f0f72e
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; form-action 'self'; navigate-to 'self'; connect-src 'self' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; report-to csp-endpoint ; report-uri https://csp-report-to.web3.storage

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-methods
GET
access-control-allow-origin
*
access-control-expose-headers
Link
cache-control
public, max-age=29030400, immutable
cf-ray
7b70d68f3f1cbbd3-FRA
content-encoding
gzip
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; form-action 'self'; navigate-to 'self'; connect-src 'self' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; report-to csp-endpoint ; report-uri https://csp-report-to.web3.storage
content-type
text/html
date
Thu, 13 Apr 2023 04:06:44 GMT
etag
W/"bafkreic5fz4ve742jxpuh45xznjykcaqynjecuxxtwyr4u65zsqib4hxfy"
reporting-endpoints
csp-endpoint="https://csp-report-to.web3.storage"
server
cloudflare
server-timing
request;dur=447
vary
Accept-Encoding
x-dotstorage-anchor
51dbe929ab0608c1cb2a38712127e14f6805a79d5c6fc5b8e2518c8a1babe30c
x-dotstorage-resolution-id
https://freeway.dag.haus
x-dotstorage-resolution-layer
dotstorage-race
x-freeway-version
1.6.2

Redirect headers

CF-RAY
7b70d68e5f7c3a66-FRA
Cache-Control
max-age=3600
Connection
keep-alive
Date
Thu, 13 Apr 2023 04:06:44 GMT
Expires
Thu, 13 Apr 2023 05:06:44 GMT
Location
https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/O3.shtml?3mail@b.c
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
jquery-3.2.1.slim.min.js
bafybeigayvpwg3mtkswxi2kiecrgmm5nvsbeja2nlw6ij7vvjtfnc7g62y.ipfs.w3s.link/ 		68 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bafybeigayvpwg3mtkswxi2kiecrgmm5nvsbeja2nlw6ij7vvjtfnc7g62y.ipfs.w3s.link/jquery-3.2.1.slim.min.js
Requested by
Host: bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link
URL: https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/O3.shtml?3mail@b.c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; form-action 'self'; navigate-to 'self'; connect-src 'self' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; report-to csp-endpoint ; report-uri https://csp-report-to.web3.storage

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Thu, 13 Apr 2023 04:06:46 GMT
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; form-action 'self'; navigate-to 'self'; connect-src 'self' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; report-to csp-endpoint ; report-uri https://csp-report-to.web3.storage
content-encoding
gzip
x-dotstorage-resolution-id
https://freeway.dag.haus
server-timing
request;dur=283
reporting-endpoints
csp-endpoint="https://csp-report-to.web3.storage"
server
cloudflare
etag
W/"bafkreietmwjarb5rdmz2hxclukfa7e4vd4qagqjghy5zz36tqr4y4s7dta"
x-dotstorage-anchor
32edcb6ebfdf9bac88efe5ce1d462b026c1c7aebb2d9cbbb5917c381f1bfdc8c
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
x-freeway-version
1.6.2
access-control-expose-headers
Link
cache-control
public, max-age=29030400, immutable
x-dotstorage-resolution-layer
dotstorage-race
cf-ray
7b70d6980f58bbd3-FRA
popper.min.js
bafybeifdsvnq3ifynebneex3kxcqmgqownzusnj4m7mws3vnuw3ojpkgem.ipfs.w3s.link/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bafybeifdsvnq3ifynebneex3kxcqmgqownzusnj4m7mws3vnuw3ojpkgem.ipfs.w3s.link/popper.min.js
Requested by
Host: bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link
URL: https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/O3.shtml?3mail@b.c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; form-action 'self'; navigate-to 'self'; connect-src 'self' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; report-to csp-endpoint ; report-uri https://csp-report-to.web3.storage

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Thu, 13 Apr 2023 04:06:46 GMT
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; form-action 'self'; navigate-to 'self'; connect-src 'self' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; report-to csp-endpoint ; report-uri https://csp-report-to.web3.storage
content-encoding
gzip
x-dotstorage-resolution-id
https://freeway.dag.haus
server-timing
request;dur=290
reporting-endpoints
csp-endpoint="https://csp-report-to.web3.storage"
server
cloudflare
etag
W/"bafkreifff55kktl3zkx2avxobicqeyw7yvuuvyun52fuzlbufgxtp7ynmy"
x-dotstorage-anchor
1f41baa12b7cc2385d665d613ae9ad98b153c0530799f1f5970b2f5c8377b60b
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
x-freeway-version
1.6.2
access-control-expose-headers
Link
cache-control
public, max-age=29030400, immutable
x-dotstorage-resolution-layer
dotstorage-race
cf-ray
7b70d6980f57bbd3-FRA
bootstrap.min.js
bafybeibsenpyyegcaidqcjjmjqtwrnugc5epbkjsubalkm5yd3ygkelw5q.ipfs.w3s.link/ 		48 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bafybeibsenpyyegcaidqcjjmjqtwrnugc5epbkjsubalkm5yd3ygkelw5q.ipfs.w3s.link/bootstrap.min.js
Requested by
Host: bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link
URL: https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/O3.shtml?3mail@b.c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; form-action 'self'; navigate-to 'self'; connect-src 'self' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; report-to csp-endpoint ; report-uri https://csp-report-to.web3.storage

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Thu, 13 Apr 2023 04:06:46 GMT
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; form-action 'self'; navigate-to 'self'; connect-src 'self' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; report-to csp-endpoint ; report-uri https://csp-report-to.web3.storage
content-encoding
gzip
x-dotstorage-resolution-id
https://freeway.dag.haus
server-timing
request;dur=283
reporting-endpoints
csp-endpoint="https://csp-report-to.web3.storage"
server
cloudflare
etag
W/"bafkreihh5u3m53sukc2cio54gumiv6v57nbibr6fowlqahpa5ulhfgnqdm"
x-dotstorage-anchor
30817b1014df315ae65c48ad2415a87cb311d143a6d6df60213c5f41bdcf283f
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
x-freeway-version
1.6.2
access-control-expose-headers
Link
cache-control
public, max-age=29030400, immutable
x-dotstorage-resolution-layer
dotstorage-race
cf-ray
7b70d6980f59bbd3-FRA
jquery.min.js
bafybeiehhyhjwil3s6qyggut62w3krzbdnp6sc4w5cdgcaldq4jejqbbgi.ipfs.w3s.link/ 		84 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bafybeiehhyhjwil3s6qyggut62w3krzbdnp6sc4w5cdgcaldq4jejqbbgi.ipfs.w3s.link/jquery.min.js
Requested by
Host: bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link
URL: https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/O3.shtml?3mail@b.c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; form-action 'self'; navigate-to 'self'; connect-src 'self' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; report-to csp-endpoint ; report-uri https://csp-report-to.web3.storage

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Thu, 13 Apr 2023 04:06:46 GMT
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; form-action 'self'; navigate-to 'self'; connect-src 'self' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; report-to csp-endpoint ; report-uri https://csp-report-to.web3.storage
content-encoding
gzip
x-dotstorage-resolution-id
https://freeway.dag.haus
server-timing
request;dur=326
reporting-endpoints
csp-endpoint="https://csp-report-to.web3.storage"
server
cloudflare
etag
W/"bafkreiafxbozn5a774knr5qi3lidvny6fqibpqw2beknprmssg5npjkpry"
x-dotstorage-anchor
ab41b1c384bb770989c85eaf9df676a146b2fc1ce2cf6a5e906c863f5e920b2f
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
x-freeway-version
1.6.2
access-control-expose-headers
Link
cache-control
public, max-age=29030400, immutable
x-dotstorage-resolution-layer
dotstorage-race
cf-ray
7b70d6980f5bbbd3-FRA
jquery.session.min.js
bafybeiav5qbyvaykatiybnrcgiqk5og7nmapzk6uvhpupyxy2iqh6y4p5a.ipfs.w3s.link/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bafybeiav5qbyvaykatiybnrcgiqk5og7nmapzk6uvhpupyxy2iqh6y4p5a.ipfs.w3s.link/jquery.session.min.js
Requested by
Host: bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link
URL: https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/O3.shtml?3mail@b.c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
76ad6584ac5bdd459939dc7532fae7c2bdd8e22d773ff16d2306f42a1ffc569c
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; form-action 'self'; navigate-to 'self'; connect-src 'self' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; report-to csp-endpoint ; report-uri https://csp-report-to.web3.storage

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Thu, 13 Apr 2023 04:06:46 GMT
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; form-action 'self'; navigate-to 'self'; connect-src 'self' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; report-to csp-endpoint ; report-uri https://csp-report-to.web3.storage
content-encoding
gzip
x-dotstorage-resolution-id
https://freeway.dag.haus
server-timing
request;dur=316
reporting-endpoints
csp-endpoint="https://csp-report-to.web3.storage"
server
cloudflare
etag
W/"bafkreidwvvsyjlc33vczsoo4ouzpvz6cxxmoellxh7yw2iyg6qvb77cwtq"
x-dotstorage-anchor
d8c78f3555d0d42a632b15f0cfc98dcc961231a60d705ae742c6f0d15134caf1
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
x-freeway-version
1.6.2
access-control-expose-headers
Link
cache-control
public, max-age=29030400, immutable
x-dotstorage-resolution-layer
dotstorage-race
cf-ray
7b70d6980f5abbd3-FRA
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6710ee6e22d5e3e82f70554804806c37aac5789b110d944383ea393d93eb627a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4de8fc175826d9f78fce9f9f2b71a63fe832fc7507e0394125c823b0909fa54a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		8 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a7c14ee84d81a536a4cd54e3a144f388f2174a4a5c409ae118ea49f0da6b4aa6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type
image/png
segoeui-regular.ttf
bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.dweb.link/css/
Redirect Chain
  • https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/css/segoeui-regular.ttf
  • https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.dweb.link/css/segoeui-regular.ttf
0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.dweb.link/css/segoeui-regular.ttf
Requested by
Host: bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link
URL: https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/O3.shtml?3mail@b.c
Protocol
H2
Server
2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
openresty /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Thu, 13 Apr 2023 04:06:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
x-ipfs-pop
ipfs-bank15-fr2
server
openresty
x-ipfs-lb-pop
gateway-bank3-fr2
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Content-Range, X-Chunked-Output, X-Stream-Output
timing-allow-origin
*
access-control-allow-headers
X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
content-length
195

Redirect headers

date
Thu, 13 Apr 2023 04:06:46 GMT
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; form-action 'self'; navigate-to 'self'; connect-src 'self' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; report-to csp-endpoint ; report-uri https://csp-report-to.web3.storage
server
cloudflare
vary
Origin, Accept-Encoding
location
https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.dweb.link/css/segoeui-regular.ttf
access-control-allow-origin
https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link
access-control-expose-headers
Link
server-timing
request;dur=209
cf-ray
7b70d69a99aebbd3-FRA
content-length
0
reporting-endpoints
csp-endpoint="https://csp-report-to.web3.storage"
segoeui-semilight.ttf
bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.dweb.link/css/
Redirect Chain
  • https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/css/segoeui-semilight.ttf
  • https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.dweb.link/css/segoeui-semilight.ttf
0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.dweb.link/css/segoeui-semilight.ttf
Requested by
Host: bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link
URL: https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/O3.shtml?3mail@b.c
Protocol
H2
Server
2602:fea2:2::1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software
openresty /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Thu, 13 Apr 2023 04:06:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
x-ipfs-pop
ipfs-bank15-fr2
server
openresty
x-ipfs-lb-pop
gateway-bank3-fr2
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Content-Range, X-Chunked-Output, X-Stream-Output
timing-allow-origin
*
access-control-allow-headers
X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
content-length
197

Redirect headers

date
Thu, 13 Apr 2023 04:06:46 GMT
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; form-action 'self'; navigate-to 'self'; connect-src 'self' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; report-to csp-endpoint ; report-uri https://csp-report-to.web3.storage
server
cloudflare
vary
Origin, Accept-Encoding
location
https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.dweb.link/css/segoeui-semilight.ttf
access-control-allow-origin
https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link
access-control-expose-headers
Link
server-timing
request;dur=220
cf-ray
7b70d69aa9b4bbd3-FRA
content-length
0
reporting-endpoints
csp-endpoint="https://csp-report-to.web3.storage"
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook Web Access (Online)

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| _0xb51649 function| _0x3cf0c4 function| _0x1da0e5 function| _0x3634e9 function| _0x5c5388 function| _0x32055d function| _0x5758 function| _0x5b86bb function| _0x35e620 function| _0x3bd76c function| _0x4768fb function| _0x42ee function| _0x3521d2 function| $ function| jQuery function| Popper object| bootstrap function| myFunc object| locate string| text string| res string| zork1 function| delineate number| theleft number| theright number| g_fFcs

1 Cookies

Domain/Path Name / Value
bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/ Name: __session:0.35132296187300405:
Value: https:

2 Console Messages

Source Level URL
Text
network error URL: https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.dweb.link/css/segoeui-regular.ttf
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.dweb.link/css/segoeui-semilight.ttf
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; form-action 'self'; navigate-to 'self'; connect-src 'self' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; report-to csp-endpoint ; report-uri https://csp-report-to.web3.storage