bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link
Open in
urlscan Pro
2606:4700::6812:1634
Malicious Activity!
Public Scan
Effective URL: https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/O3.shtml?3mail@b.c
Submission: On April 13 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 18th 2022. Valid for: a year.
This is the only time bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Outlook Web Access (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 9 | 2606:4700::68... 2606:4700::6812:1634 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2602:fea2:2::1 2602:fea2:2::1 | 40680 (PROTOCOL) (PROTOCOL) | |
8 | 3 |
ASN13335 (CLOUDFLARENET, US)
ASN40680 (PROTOCOL, US)
bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.dweb.link |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
w3s.link Cloudflare Inc ECC CA-3 |
2022-07-18 - 2023-07-17 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/O3.shtml?3mail@b.c
Frame ID: 74618E4FB6C52A5E9B58E662DFF0346D
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
OutlookPage URL History Show full URLs
-
http://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/O3.shtml?3mail@b.c
HTTP 301
https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/O3.shtml?3mail@b.c Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/O3.shtml?3mail@b.c
HTTP 301
https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/O3.shtml?3mail@b.c Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 9- https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/css/segoeui-regular.ttf HTTP 307
- https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.dweb.link/css/segoeui-regular.ttf
- https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/css/segoeui-semilight.ttf HTTP 307
- https://bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.dweb.link/css/segoeui-semilight.ttf
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
O3.shtml
bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/ Redirect Chain
|
673 KB 250 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.slim.min.js
bafybeigayvpwg3mtkswxi2kiecrgmm5nvsbeja2nlw6ij7vvjtfnc7g62y.ipfs.w3s.link/ |
68 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
bafybeifdsvnq3ifynebneex3kxcqmgqownzusnj4m7mws3vnuw3ojpkgem.ipfs.w3s.link/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
bafybeibsenpyyegcaidqcjjmjqtwrnugc5epbkjsubalkm5yd3ygkelw5q.ipfs.w3s.link/ |
48 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
bafybeiehhyhjwil3s6qyggut62w3krzbdnp6sc4w5cdgcaldq4jejqbbgi.ipfs.w3s.link/ |
84 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.session.min.js
bafybeiav5qbyvaykatiybnrcgiqk5og7nmapzk6uvhpupyxy2iqh6y4p5a.ipfs.w3s.link/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
8 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
segoeui-regular.ttf
bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.dweb.link/css/ Redirect Chain
|
0 0 |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
segoeui-semilight.ttf
bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.dweb.link/css/ Redirect Chain
|
0 0 |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Outlook Web Access (Online)27 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| _0xb51649 function| _0x3cf0c4 function| _0x1da0e5 function| _0x3634e9 function| _0x5c5388 function| _0x32055d function| _0x5758 function| _0x5b86bb function| _0x35e620 function| _0x3bd76c function| _0x4768fb function| _0x42ee function| _0x3521d2 function| $ function| jQuery function| Popper object| bootstrap function| myFunc object| locate string| text string| res string| zork1 function| delineate number| theleft number| theright number| g_fFcs1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link/ | Name: __session:0.35132296187300405: Value: https: |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; form-action 'self'; navigate-to 'self'; connect-src 'self' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://tableland.network https://*.tableland.network ; report-to csp-endpoint ; report-uri https://csp-report-to.web3.storage |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bafybeiav5qbyvaykatiybnrcgiqk5og7nmapzk6uvhpupyxy2iqh6y4p5a.ipfs.w3s.link
bafybeibsenpyyegcaidqcjjmjqtwrnugc5epbkjsubalkm5yd3ygkelw5q.ipfs.w3s.link
bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.dweb.link
bafybeidmldgetzupuknpnu5qp7ngiq7ekndjrmh4yjo75pse5hwrdkumlq.ipfs.w3s.link
bafybeiehhyhjwil3s6qyggut62w3krzbdnp6sc4w5cdgcaldq4jejqbbgi.ipfs.w3s.link
bafybeifdsvnq3ifynebneex3kxcqmgqownzusnj4m7mws3vnuw3ojpkgem.ipfs.w3s.link
bafybeigayvpwg3mtkswxi2kiecrgmm5nvsbeja2nlw6ij7vvjtfnc7g62y.ipfs.w3s.link
2602:fea2:2::1
2606:4700::6812:1634
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7
4de8fc175826d9f78fce9f9f2b71a63fe832fc7507e0394125c823b0909fa54a
5d2e79527f9a4ddf43f3b7cb53850810c3524152f79db11e53ddcca080f0f72e
6710ee6e22d5e3e82f70554804806c37aac5789b110d944383ea393d93eb627a
76ad6584ac5bdd459939dc7532fae7c2bdd8e22d773ff16d2306f42a1ffc569c
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
a7c14ee84d81a536a4cd54e3a144f388f2174a4a5c409ae118ea49f0da6b4aa6
d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b