6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net
Open in
urlscan Pro
18.66.248.76
Malicious Activity!
Public Scan
Effective URL: https://6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/8sSAmL4mpDwTKtqE2YypumpCgo95tdzkJGzvyNWaIfE/?ivh=ijtppdpawgneil&eca=
Submission: On August 30 via manual from IN — Scanned from DE
Summary
TLS certificate: Issued by Amazon RSA 2048 M02 on July 31st 2024. Valid for: a year.
This is the only time 6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OneDrive (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 2606:4700:310... 2606:4700:310c::ac42:2f2f | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6813:e763 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 18.66.248.106 18.66.248.106 | 16509 (AMAZON-02) (AMAZON-02) | |
8 | 18.66.248.76 18.66.248.76 | 16509 (AMAZON-02) (AMAZON-02) | |
13 | 4 |
ASN13335 (CLOUDFLARENET, US)
shapid-piock-1658.pages.dev |
ASN16509 (AMAZON-02, US)
PTR: server-18-66-248-106.dus51.r.cloudfront.net
6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net |
ASN16509 (AMAZON-02, US)
PTR: server-18-66-248-76.dus51.r.cloudfront.net
Domain | Requested by | |
---|---|---|
3 | 6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net |
shapid-piock-1658.pages.dev
|
3 | shapid-piock-1658.pages.dev |
shapid-piock-1658.pages.dev
|
1 | t6nmtdchkxhawrfo5zsq57xbe46euvn3jrb5rmu2j26vto7qy7va.arweave.net | |
1 | cq3mxikkyp6ji4i2dbzzwer5uz35r3jks3h6tibdfzvrvuyua5bq.arweave.net | |
1 | 7eddi55gddwhzvsq4tealrbrvj65y7zx62hjjmeix34ay2aojarq.arweave.net | |
1 | atoq672h6mapwgx56zuhctuncljwtvlp47hld47nzcljmnpog2wq.arweave.net | |
1 | 4cqoqhebrsl3u7t3utgdgrpvtm6leoroejcjsuhvrseymwapujja.arweave.net |
6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net
|
1 | ufsuelg3frmt4xrk4jqdhf7ewuojcw7t5d7eb4tnekcz7wegaqkq.arweave.net |
6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net
|
1 | instant.page |
shapid-piock-1658.pages.dev
|
13 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
shapid-piock-1658.pages.dev WE1 |
2024-08-22 - 2024-11-20 |
3 months | crt.sh |
instant.page WE1 |
2024-07-06 - 2024-10-04 |
3 months | crt.sh |
arweave.net Amazon RSA 2048 M02 |
2024-07-31 - 2025-08-29 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/8sSAmL4mpDwTKtqE2YypumpCgo95tdzkJGzvyNWaIfE/?ivh=ijtppdpawgneil&eca=
Frame ID: 0941A7372DEC061464BF2E054326A77A
Requests: 12 HTTP requests in this frame
Frame:
https://6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/8sSAmL4mpDwTKtqE2YypumpCgo95tdzkJGzvyNWaIfE/?ivh=ijtppdpawgneil&eca=
Frame ID: 717E06709EA4937882F5BB35BC025114
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Documents - SharedPage URL History Show full URLs
- https://shapid-piock-1658.pages.dev/ Page URL
- https://6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/8sSAmL4mpDwTKtqE2YypumpCgo95tdzkJGzvyNWaIfE/?ivh=ijtppdpawgneil&eca= Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://shapid-piock-1658.pages.dev/ Page URL
- https://6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/8sSAmL4mpDwTKtqE2YypumpCgo95tdzkJGzvyNWaIfE/?ivh=ijtppdpawgneil&eca= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
/
shapid-piock-1658.pages.dev/ |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index-0b2a0c45.js
shapid-piock-1658.pages.dev/assets/ |
140 KB 47 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index-b9c8798f.css
shapid-piock-1658.pages.dev/assets/ |
847 B 873 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5.2.0
instant.page/ |
3 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/8sSAmL4mpDwTKtqE2YypumpCgo95tdzkJGzvyNWaIfE/ Frame 717E |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/8sSAmL4mpDwTKtqE2YypumpCgo95tdzkJGzvyNWaIfE/ |
572 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
oWVCLNssWT5eKuJgM5fktRyRW_Po_kDybSKFn9iGBBU
ufsuelg3frmt4xrk4jqdhf7ewuojcw7t5d7eb4tnekcz7wegaqkq.arweave.net/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4KDoHIGMl7p-e6TMM0X1mzyyOi4iRJlQ9YyJhlgPolI
4cqoqhebrsl3u7t3utgdgrpvtm6leoroejcjsuhvrseymwapujja.arweave.net/ |
300 KB 82 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
BN0Pf0fzAPsa_fZocU6NEtNp1W_nzrHz7ciWljXuNq0
atoq672h6mapwgx56zuhctuncljwtvlp47hld47nzcljmnpog2wq.arweave.net/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
-QY0d6YY7HzWUOTIBcQxqn3cfzf2jpSwiL74DGgOSCM
7eddi55gddwhzvsq4tealrbrvj65y7zx62hjjmeix34ay2aojarq.arweave.net/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FDbLoUrD_JRxGhhzmxI9pnfY7SqWz-mgIy5rGtMUB0M
cq3mxikkyp6ji4i2dbzzwer5uz35r3jks3h6tibdfzvrvuyua5bq.arweave.net/ |
603 KB 604 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
n5rJjEdVzgtEru5lDv7hJzxKVbtMQ9iymk69Wbvwx-o
t6nmtdchkxhawrfo5zsq57xbe46euvn3jrb5rmu2j26vto7qy7va.arweave.net/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net/ |
0 324 B |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OneDrive (Online)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
4cqoqhebrsl3u7t3utgdgrpvtm6leoroejcjsuhvrseymwapujja.arweave.net
6lcibgf6e2sdyezk3kcntdfjxjvefauppg25zzbentx4rvm2ehyq.arweave.net
7eddi55gddwhzvsq4tealrbrvj65y7zx62hjjmeix34ay2aojarq.arweave.net
atoq672h6mapwgx56zuhctuncljwtvlp47hld47nzcljmnpog2wq.arweave.net
cq3mxikkyp6ji4i2dbzzwer5uz35r3jks3h6tibdfzvrvuyua5bq.arweave.net
instant.page
shapid-piock-1658.pages.dev
t6nmtdchkxhawrfo5zsq57xbe46euvn3jrb5rmu2j26vto7qy7va.arweave.net
ufsuelg3frmt4xrk4jqdhf7ewuojcw7t5d7eb4tnekcz7wegaqkq.arweave.net
18.66.248.106
18.66.248.76
2606:4700:310c::ac42:2f2f
2606:4700::6813:e763
0b62152bb6e209ef8d1de97b1559c0e723ac28337df2b99e91d189411237c2fa
527f13ea84fa2566a1d188d128439f20bf429d18412671f6f1ba3fd48eac378e
5eedb987a0d26a60527854460e67bb0762de152f45b5be580de5aa21e524d309
5fbc55c7aca8515003db933fbfc27147afea85b30c666bee69d1a535c6e5d7fe
719c2d7c7ca454658af137b59edc545dc304ed620b8b3189526ea4fb9ff2e9e2
71b396d1fbd98b15448ae8f1bfa283942f5657c48709ed8ee370b9c2d3ed9cd1
7253f301aa0fd63fad4935c51eba121f766a630a9f47b25d24cd7b281e3ca943
8b3644ac5b264c8d3d09222feeea6aa208432f4e46900037dd60bc9834b3c250
b8c11e3978e310456f7bbdb10d8bdfc5f962a4bc8c7e350a0d9ad96112358ade
b9c8798f228f20af1ed3acff490990093fc8340b9f82e2a870017486072152fa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
edbb4350f8cf14ac0ddb276f154736d24574a9764a2e83b8f23926c4a9b5d504