6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net Open in urlscan Pro
18.66.248.76  Malicious Activity! Public Scan

Submitted URL: https://shapid-piock-1658.pages.dev/
Effective URL: https://6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/8sSAmL4mpDwTKtqE2YypumpCgo95tdzkJGzvyNWaIfE/?ivh=ijtppdpawgneil&eca=
Submission: On August 30 via manual from IN — Scanned from DE

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 13 HTTP transactions. The main IP is 18.66.248.76, located in United States and belongs to AMAZON-02, US. The main domain is 6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net.
TLS certificate: Issued by Amazon RSA 2048 M02 on July 31st 2024. Valid for: a year.
This is the only time 6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: OneDrive (Online)

Domain & IP information

IP Address AS Autonomous System
3 2606:4700:310... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 18.66.248.106 16509 (AMAZON-02)
8 18.66.248.76 16509 (AMAZON-02)
13 4

This site contains no links.

Subject Issuer Validity Valid
shapid-piock-1658.pages.dev
WE1
2024-08-22 -
2024-11-20
3 months crt.sh
instant.page
WE1
2024-07-06 -
2024-10-04
3 months crt.sh
arweave.net
Amazon RSA 2048 M02
2024-07-31 -
2025-08-29
a year crt.sh

This page contains 2 frames:

Primary Page: https://6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/8sSAmL4mpDwTKtqE2YypumpCgo95tdzkJGzvyNWaIfE/?ivh=ijtppdpawgneil&eca=
Frame ID: 0941A7372DEC061464BF2E054326A77A
Requests: 12 HTTP requests in this frame

Frame: https://6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/8sSAmL4mpDwTKtqE2YypumpCgo95tdzkJGzvyNWaIfE/?ivh=ijtppdpawgneil&eca=
Frame ID: 717E06709EA4937882F5BB35BC025114
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Documents - Shared

Page URL History Show full URLs

  1. https://shapid-piock-1658.pages.dev/ Page URL
  2. https://6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/8sSAmL4mpDwTKtqE2YypumpCgo95tdzkJGzvyNWaIfE/?ivh=ijtppdpawgneil&eca= Page URL

Page Statistics

13
Requests

100 %
HTTPS

50 %
IPv6

3
Domains

9
Subdomains

4
IPs

1
Countries

767 kB
Transfer

1081 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://shapid-piock-1658.pages.dev/ Page URL
  2. https://6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/8sSAmL4mpDwTKtqE2YypumpCgo95tdzkJGzvyNWaIfE/?ivh=ijtppdpawgneil&eca= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
shapid-piock-1658.pages.dev/
2 KB
2 KB
Document
General
Full URL
https://shapid-piock-1658.pages.dev/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:310c::ac42:2f2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b8c11e3978e310456f7bbdb10d8bdfc5f962a4bc8c7e350a0d9ad96112358ade
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0, must-revalidate
cf-ray
8bb3afc74ef335f6-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Fri, 30 Aug 2024 09:17:14 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oYcAlNK7P%2BzztSpFkcyV%2BjgWn9KdMEdiU5m1ZyO3X6RSgDNoPp9MtRgXg0vQ8t7YIw2lmjYKdNGsb7U3hHkBAtHCl34mEquhZ1ilmXG01mf4HDCOpLYtG3sfv4cQ%2FuRXvunao7WlfUdh4oXRe0BICF9pXece36uULVg%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
index-0b2a0c45.js
shapid-piock-1658.pages.dev/assets/
140 KB
47 KB
Script
General
Full URL
https://shapid-piock-1658.pages.dev/assets/index-0b2a0c45.js
Requested by
Host: shapid-piock-1658.pages.dev
URL: https://shapid-piock-1658.pages.dev/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:310c::ac42:2f2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
719c2d7c7ca454658af137b59edc545dc304ed620b8b3189526ea4fb9ff2e9e2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://shapid-piock-1658.pages.dev/
Origin
https://shapid-piock-1658.pages.dev
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 30 Aug 2024 09:17:14 GMT
content-encoding
br
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"2cc7c38a3fd9997a0fc3bc40492198c5"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YLoUXNpu2SekWhpKDuCSdi%2FJY0TwMWq%2BZzM%2FlK1dJ0NjjCX5bgwMY84AInApSuBpNBBPBtjCO3%2BmsXuoV9rMj%2BL2t1t%2F643QonxwkEuU0b33f55IQTMtbiN5u4tjWbRUs6v7c%2BgXhxqLJYaPFfg1MqOxTyO9I4KQcU8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
8bb3afc7ffbd35f6-FRA
alt-svc
h3=":443"; ma=86400
index-b9c8798f.css
shapid-piock-1658.pages.dev/assets/
847 B
873 B
Stylesheet
General
Full URL
https://shapid-piock-1658.pages.dev/assets/index-b9c8798f.css
Requested by
Host: shapid-piock-1658.pages.dev
URL: https://shapid-piock-1658.pages.dev/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:310c::ac42:2f2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b9c8798f228f20af1ed3acff490990093fc8340b9f82e2a870017486072152fa
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://shapid-piock-1658.pages.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 30 Aug 2024 09:17:14 GMT
content-encoding
br
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"06012f26602f616446c1ff6471b3461b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2BF6UKCtvDtxHtNilDtJLxIrdZRcaAhG1%2BuHdFfccTqcxnlMD7Lcp17q8YrUmdrFgA%2Bqn796M8c4MmhpNKzHYnQZh6n5ohopBGwmX4n1Dt3MTBS%2FWk2uL%2BA4d0YAGe8RNUmRWF2zdozbSOohWBU%2Bfzz9zCIoedElFgk%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
8bb3afc7ffbe35f6-FRA
alt-svc
h3=":443"; ma=86400
5.2.0
instant.page/
3 KB
1 KB
Script
General
Full URL
https://instant.page/5.2.0
Requested by
Host: shapid-piock-1658.pages.dev
URL: https://shapid-piock-1658.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:e763 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8b3644ac5b264c8d3d09222feeea6aa208432f4e46900037dd60bc9834b3c250

Request headers

Referer
https://shapid-piock-1658.pages.dev/
Origin
https://shapid-piock-1658.pages.dev
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 30 Aug 2024 09:17:15 GMT
content-encoding
br
server
cloudflare
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
cf-ray
8bb3afc8dfd5d394-FRA
/
6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/8sSAmL4mpDwTKtqE2YypumpCgo95tdzkJGzvyNWaIfE/ Frame 717E
0
0
Document
General
Full URL
https://6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/8sSAmL4mpDwTKtqE2YypumpCgo95tdzkJGzvyNWaIfE/?ivh=ijtppdpawgneil&eca=
Requested by
Host: shapid-piock-1658.pages.dev
URL: https://shapid-piock-1658.pages.dev/assets/index-0b2a0c45.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-106.dus51.r.cloudfront.net
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=3600; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://shapid-piock-1658.pages.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
380674
cache-control
public,must-revalidate,max-age=2592000
content-length
572
content-type
text/html; charset=utf-8
date
Sun, 25 Aug 2024 23:32:41 GMT
etag
8sSAmL4mpDwTKtqE2YypumpCgo95tdzkJGzvyNWaIfE
strict-transport-security
max-age=3600; includeSubDomains; preload
vary
Origin
via
1.1 8e487d5d50ba943ec340041b0945bbf4.cloudfront.net (CloudFront)
x-amz-cf-id
u2IU_ocHilUMPHGvV0IYGq7viIDJ5EelnjVlCeRuAUqxuX8ncPw2kQ==
x-amz-cf-pop
DUS51-P1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
x-trace
EMlMCJRkn
x-xss-protection
1; mode=block
Primary Request /
6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/8sSAmL4mpDwTKtqE2YypumpCgo95tdzkJGzvyNWaIfE/
572 B
1 KB
Document
General
Full URL
https://6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/8sSAmL4mpDwTKtqE2YypumpCgo95tdzkJGzvyNWaIfE/?ivh=ijtppdpawgneil&eca=
Requested by
Host: shapid-piock-1658.pages.dev
URL: https://shapid-piock-1658.pages.dev/assets/index-0b2a0c45.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-76.dus51.r.cloudfront.net
Software
/
Resource Hash
527f13ea84fa2566a1d188d128439f20bf429d18412671f6f1ba3fd48eac378e
Security Headers
Name Value
Strict-Transport-Security max-age=3600; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://shapid-piock-1658.pages.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
380676
cache-control
public,must-revalidate,max-age=2592000
content-length
572
content-type
text/html; charset=utf-8
date
Sun, 25 Aug 2024 23:32:41 GMT
etag
8sSAmL4mpDwTKtqE2YypumpCgo95tdzkJGzvyNWaIfE
strict-transport-security
max-age=3600; includeSubDomains; preload
vary
Origin
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-amz-cf-id
fr7HSq4tf1hHfJHrJykcHE3dGtIRB3UdzP2q8th-4lQWTl2kqT_svQ==
x-amz-cf-pop
DUS51-P1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
x-trace
EMlMCJRkn
x-xss-protection
1; mode=block
oWVCLNssWT5eKuJgM5fktRyRW_Po_kDybSKFn9iGBBU
ufsuelg3frmt4xrk4jqdhf7ewuojcw7t5d7eb4tnekcz7wegaqkq.arweave.net/
5 KB
2 KB
Stylesheet
General
Full URL
https://ufsuelg3frmt4xrk4jqdhf7ewuojcw7t5d7eb4tnekcz7wegaqkq.arweave.net/oWVCLNssWT5eKuJgM5fktRyRW_Po_kDybSKFn9iGBBU
Requested by
Host: 6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net
URL: https://6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/8sSAmL4mpDwTKtqE2YypumpCgo95tdzkJGzvyNWaIfE/?ivh=ijtppdpawgneil&eca=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-76.dus51.r.cloudfront.net
Software
/
Resource Hash
71b396d1fbd98b15448ae8f1bfa283942f5657c48709ed8ee370b9c2d3ed9cd1
Security Headers
Name Value
Strict-Transport-Security max-age=3600; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 30 Aug 2024 09:17:16 GMT
content-encoding
br
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=3600; includeSubDomains; preload
x-amz-cf-pop
DUS51-P1
x-trace
M5MXhkH7WA
age
1
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
text/css; charset=utf-8
cache-control
public,must-revalidate,max-age=2592000
x-amz-cf-id
Xu-MET2sR3CAc6z1DNQN3wE287exyYcy0pEiBPpHNQhnXtrVhQ3wvg==
x-xss-protection
1; mode=block
4KDoHIGMl7p-e6TMM0X1mzyyOi4iRJlQ9YyJhlgPolI
4cqoqhebrsl3u7t3utgdgrpvtm6leoroejcjsuhvrseymwapujja.arweave.net/
300 KB
82 KB
Script
General
Full URL
https://4cqoqhebrsl3u7t3utgdgrpvtm6leoroejcjsuhvrseymwapujja.arweave.net/4KDoHIGMl7p-e6TMM0X1mzyyOi4iRJlQ9YyJhlgPolI
Requested by
Host: 6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net
URL: https://6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/8sSAmL4mpDwTKtqE2YypumpCgo95tdzkJGzvyNWaIfE/?ivh=ijtppdpawgneil&eca=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-76.dus51.r.cloudfront.net
Software
/
Resource Hash
0b62152bb6e209ef8d1de97b1559c0e723ac28337df2b99e91d189411237c2fa
Security Headers
Name Value
Strict-Transport-Security max-age=3600; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/
Origin
https://6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sun, 25 Aug 2024 23:17:15 GMT
content-encoding
gzip
via
1.1 0616b48dd6be4cda83365410ecccbda4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=3600; includeSubDomains; preload
x-amz-cf-pop
DUS51-P1
age
381602
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
x-trace
pH77cfv_1
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
access-control-expose-headers
X-ArNS-TTL-Seconds,X-ArNS-Resolved-Id
cache-control
public,must-revalidate,max-age=2592000
x-amz-cf-id
61KpRf5v4ht_HLMZGTXJpxwqLKdXWNIS5u9FGZlji-yKyT0zN5aLnQ==
BN0Pf0fzAPsa_fZocU6NEtNp1W_nzrHz7ciWljXuNq0
atoq672h6mapwgx56zuhctuncljwtvlp47hld47nzcljmnpog2wq.arweave.net/
15 KB
15 KB
Image
General
Full URL
https://atoq672h6mapwgx56zuhctuncljwtvlp47hld47nzcljmnpog2wq.arweave.net/BN0Pf0fzAPsa_fZocU6NEtNp1W_nzrHz7ciWljXuNq0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-76.dus51.r.cloudfront.net
Software
/
Resource Hash
7253f301aa0fd63fad4935c51eba121f766a630a9f47b25d24cd7b281e3ca943
Security Headers
Name Value
Strict-Transport-Security max-age=3600; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sun, 25 Aug 2024 20:48:42 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=3600; includeSubDomains; preload
x-amz-cf-pop
DUS51-P1
age
390515
x-cache
Hit from cloudfront
content-length
14950
x-xss-protection
1; mode=block
x-trace
Sk4UrEGfq
etag
BN0Pf0fzAPsa_fZocU6NEtNp1W_nzrHz7ciWljXuNq0
vary
Origin
content-type
image/png
cache-control
public,must-revalidate,max-age=2592000
accept-ranges
bytes
x-amz-cf-id
BeIplDKe4mfOWZUs85u6sLfq6Z9XDt-M1e76ngBCCLyyXiDVf9nvcw==
-QY0d6YY7HzWUOTIBcQxqn3cfzf2jpSwiL74DGgOSCM
7eddi55gddwhzvsq4tealrbrvj65y7zx62hjjmeix34ay2aojarq.arweave.net/
8 KB
8 KB
Image
General
Full URL
https://7eddi55gddwhzvsq4tealrbrvj65y7zx62hjjmeix34ay2aojarq.arweave.net/-QY0d6YY7HzWUOTIBcQxqn3cfzf2jpSwiL74DGgOSCM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-76.dus51.r.cloudfront.net
Software
/
Resource Hash
5eedb987a0d26a60527854460e67bb0762de152f45b5be580de5aa21e524d309
Security Headers
Name Value
Strict-Transport-Security max-age=3600; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sun, 25 Aug 2024 23:01:51 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=3600; includeSubDomains; preload
x-amz-cf-pop
DUS51-P1
age
382526
x-cache
Hit from cloudfront
content-length
8183
x-xss-protection
1; mode=block
x-trace
xhQrqTZs9
etag
-QY0d6YY7HzWUOTIBcQxqn3cfzf2jpSwiL74DGgOSCM
vary
Origin
content-type
image/png
cache-control
public,must-revalidate,max-age=2592000
accept-ranges
bytes
x-amz-cf-id
qcwrtt1UgP4YHdayBdgqln0hlpTxQymBlg4MJ214MokIKkcuoranlQ==
FDbLoUrD_JRxGhhzmxI9pnfY7SqWz-mgIy5rGtMUB0M
cq3mxikkyp6ji4i2dbzzwer5uz35r3jks3h6tibdfzvrvuyua5bq.arweave.net/
603 KB
604 KB
Image
General
Full URL
https://cq3mxikkyp6ji4i2dbzzwer5uz35r3jks3h6tibdfzvrvuyua5bq.arweave.net/FDbLoUrD_JRxGhhzmxI9pnfY7SqWz-mgIy5rGtMUB0M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-76.dus51.r.cloudfront.net
Software
/
Resource Hash
5fbc55c7aca8515003db933fbfc27147afea85b30c666bee69d1a535c6e5d7fe
Security Headers
Name Value
Strict-Transport-Security max-age=3600; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sun, 25 Aug 2024 23:01:51 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=3600; includeSubDomains; preload
x-amz-cf-pop
DUS51-P1
age
382526
x-cache
Hit from cloudfront
content-length
617715
x-xss-protection
1; mode=block
x-trace
o7fI9lgIj
etag
FDbLoUrD_JRxGhhzmxI9pnfY7SqWz-mgIy5rGtMUB0M
vary
Origin
content-type
image/gif
cache-control
public,must-revalidate,max-age=2592000
accept-ranges
bytes
x-amz-cf-id
k-dZob9Ipug_J-Q0DPnM8sf8wELmwrqFfzlz5kbS5zXsNmatn34SjQ==
n5rJjEdVzgtEru5lDv7hJzxKVbtMQ9iymk69Wbvwx-o
t6nmtdchkxhawrfo5zsq57xbe46euvn3jrb5rmu2j26vto7qy7va.arweave.net/
4 KB
4 KB
Image
General
Full URL
https://t6nmtdchkxhawrfo5zsq57xbe46euvn3jrb5rmu2j26vto7qy7va.arweave.net/n5rJjEdVzgtEru5lDv7hJzxKVbtMQ9iymk69Wbvwx-o
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-76.dus51.r.cloudfront.net
Software
/
Resource Hash
edbb4350f8cf14ac0ddb276f154736d24574a9764a2e83b8f23926c4a9b5d504
Security Headers
Name Value
Strict-Transport-Security max-age=3600; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sun, 25 Aug 2024 20:50:05 GMT
content-encoding
br
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=3600; includeSubDomains; preload
x-amz-cf-pop
DUS51-P1
x-trace
6NHHWtYSq
age
390432
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public,must-revalidate,max-age=2592000
x-amz-cf-id
qo5KHs80m4H0gPsidOrAsZCV_9yvEWOTdE4gC0E3Ah5bM0V_kW6Ing==
x-xss-protection
1; mode=block
favicon.ico
6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/
0
324 B
Other
General
Full URL
https://6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-76.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=3600; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/8sSAmL4mpDwTKtqE2YypumpCgo95tdzkJGzvyNWaIfE/?ivh=ijtppdpawgneil&eca=
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sun, 25 Aug 2024 23:32:43 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=3600; includeSubDomains; preload
x-amz-cf-pop
DUS51-P1
x-trace
hZRaTW606N
age
380674
vary
Origin
x-cache
Hit from cloudfront
x-amz-cf-id
VlsIWBEGhu1mxIKwN4GMY5HbY3JIsIQTxhCc5P3LSsgKmnMscc1Cdg==
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: OneDrive (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4cqoqhebrsl3u7t3utgdgrpvtm6leoroejcjsuhvrseymwapujja.arweave.net
6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net
7eddi55gddwhzvsq4tealrbrvj65y7zx62hjjmeix34ay2aojarq.arweave.net
atoq672h6mapwgx56zuhctuncljwtvlp47hld47nzcljmnpog2wq.arweave.net
cq3mxikkyp6ji4i2dbzzwer5uz35r3jks3h6tibdfzvrvuyua5bq.arweave.net
instant.page
shapid-piock-1658.pages.dev
t6nmtdchkxhawrfo5zsq57xbe46euvn3jrb5rmu2j26vto7qy7va.arweave.net
ufsuelg3frmt4xrk4jqdhf7ewuojcw7t5d7eb4tnekcz7wegaqkq.arweave.net
18.66.248.106
18.66.248.76
2606:4700:310c::ac42:2f2f
2606:4700::6813:e763
0b62152bb6e209ef8d1de97b1559c0e723ac28337df2b99e91d189411237c2fa
527f13ea84fa2566a1d188d128439f20bf429d18412671f6f1ba3fd48eac378e
5eedb987a0d26a60527854460e67bb0762de152f45b5be580de5aa21e524d309
5fbc55c7aca8515003db933fbfc27147afea85b30c666bee69d1a535c6e5d7fe
719c2d7c7ca454658af137b59edc545dc304ed620b8b3189526ea4fb9ff2e9e2
71b396d1fbd98b15448ae8f1bfa283942f5657c48709ed8ee370b9c2d3ed9cd1
7253f301aa0fd63fad4935c51eba121f766a630a9f47b25d24cd7b281e3ca943
8b3644ac5b264c8d3d09222feeea6aa208432f4e46900037dd60bc9834b3c250
b8c11e3978e310456f7bbdb10d8bdfc5f962a4bc8c7e350a0d9ad96112358ade
b9c8798f228f20af1ed3acff490990093fc8340b9f82e2a870017486072152fa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
edbb4350f8cf14ac0ddb276f154736d24574a9764a2e83b8f23926c4a9b5d504