wickedwalk.website Open in urlscan Pro
168.235.110.252 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://wickedwalk.website/
Submission Tags: phishingrod
Submission: On October 27 via api (October 27th 2024, 6:29:26 am UTC) from DE — Scanned from CA

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 8 HTTP transactions. The main IP is 168.235.110.252, located in United States and belongs to RAMNODE, US. The main domain is wickedwalk.website.
TLS certificate: Issued by R11 on October 27th 2024. Valid for: 3 months.

This is the only time wickedwalk.website was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
6	168.235.110.252 168.235.110.252	3842 (RAMNODE) (RAMNODE)
2	23.62.164.14 23.62.164.14	16625 (AKAMAI-AS) (AKAMAI-AS)
8	2

6 168.235.110.252 (United States)

ASN3842 (RAMNODE, US)
PTR: rivendell.ponymail.net

wickedwalk.website	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.62.164.14 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-62-164-14.deploy.static.akamaitechnologies.com

api.weather.gov	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	wickedwalk.website wickedwalk.website	9 KB
2	weather.gov api.weather.gov — Cisco Umbrella Rank: 24236	3 KB
8	2

	Domain	Requested by
6	wickedwalk.website	wickedwalk.website
2	api.weather.gov	wickedwalk.website
8	2

This site contains no links.

Subject Issuer	Validity	Valid
wickedwalk.website R11	`2024-10-27` - `2025-01-25`	3 months	crt.sh
weather.gov DigiCert TLS RSA SHA256 2020 CA1	`2024-09-30` - `2025-06-10`	8 months	crt.sh

This page contains 1 frames:

Primary Page: https://wickedwalk.website/
Frame ID: 8EB5571B1C9C9DDC6A52B5948C607107
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Wicked Walk

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

12 kB
Transfer

15 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
wickedwalk.website/ 7 KB
2 KB 3630ms
363ms Document
text/html 168.235.110.252
RAMNODE

General

Check archive.org

Show headers Download Go to

Full URL: https://wickedwalk.website/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 168.235.110.252 , United States, ASN3842 (RAMNODE, US),
Reverse DNS: rivendell.ponymail.net
Software: nginx/1.18.0 /
Resource Hash: 3bc732d440d94b11a12c5ee33e60cd7cd9832ecb29e5f852af52e0bd08f77adb

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 27 Oct 2024 06:29:21 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx/1.18.0

GET
H2 200 colors.css
wickedwalk.website/ 474 B
598 B 40ms
37ms Stylesheet
text/css 168.235.110.252
RAMNODE

General

Check archive.org

Show headers Download Go to

Full URL: https://wickedwalk.website/colors.css
Requested by: Host: wickedwalk.website
URL: https://wickedwalk.website/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 168.235.110.252 , United States, ASN3842 (RAMNODE, US),
Reverse DNS: rivendell.ponymail.net
Software: nginx/1.18.0 /
Resource Hash: 2ee0ba86652c02292c9f5680f9261cca89c0241253649286e95d6f1344dddd9d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://wickedwalk.website/

Response headers

accept-ranges: bytes
content-length: 474
date: Sun, 27 Oct 2024 06:29:21 GMT
etag: "61f73710-1da"
content-type: text/css
last-modified: Mon, 31 Jan 2022 01:10:40 GMT
server: nginx/1.18.0

GET
H2 200 nav.css
wickedwalk.website/ 1 KB
1 KB 40ms
38ms Stylesheet
text/css 168.235.110.252
RAMNODE

General

Check archive.org

Show headers Download Go to

Full URL: https://wickedwalk.website/nav.css
Requested by: Host: wickedwalk.website
URL: https://wickedwalk.website/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 168.235.110.252 , United States, ASN3842 (RAMNODE, US),
Reverse DNS: rivendell.ponymail.net
Software: nginx/1.18.0 /
Resource Hash: a924de68e02275053f269f4f6c916dd72c1ab1b3a3da6bb7c3dee2aa6b98e81d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://wickedwalk.website/

Response headers

accept-ranges: bytes
content-length: 1050
date: Sun, 27 Oct 2024 06:29:21 GMT
etag: "61f71cf3-41a"
content-type: text/css
last-modified: Sun, 30 Jan 2022 23:19:15 GMT
server: nginx/1.18.0

GET
H2 200 routelist.css
wickedwalk.website/ 4 KB
4 KB 42ms
40ms Stylesheet
text/css 168.235.110.252
RAMNODE

General

Check archive.org

Show headers Download Go to

Full URL: https://wickedwalk.website/routelist.css
Requested by: Host: wickedwalk.website
URL: https://wickedwalk.website/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 168.235.110.252 , United States, ASN3842 (RAMNODE, US),
Reverse DNS: rivendell.ponymail.net
Software: nginx/1.18.0 /
Resource Hash: 35c265fec12eb405802dc406481450eb805a8b78c3487893febc3d62e27d7145

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://wickedwalk.website/

Response headers

accept-ranges: bytes
content-length: 3658
date: Sun, 27 Oct 2024 06:29:21 GMT
etag: "61f7413a-e4a"
content-type: text/css
last-modified: Mon, 31 Jan 2022 01:54:02 GMT
server: nginx/1.18.0

GET
H2 200 weather.css
wickedwalk.website/ 211 B
335 B 42ms
40ms Stylesheet
text/css 168.235.110.252
RAMNODE

General

Check archive.org

Show headers Download Go to

Full URL: https://wickedwalk.website/weather.css
Requested by: Host: wickedwalk.website
URL: https://wickedwalk.website/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 168.235.110.252 , United States, ASN3842 (RAMNODE, US),
Reverse DNS: rivendell.ponymail.net
Software: nginx/1.18.0 /
Resource Hash: 28888da5bb254f12e0bd4354d73c1c05caa9594cea3036b893601f74cd678a00

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://wickedwalk.website/

Response headers

accept-ranges: bytes
content-length: 211
date: Sun, 27 Oct 2024 06:29:21 GMT
etag: "61f721fe-d3"
content-type: text/css
last-modified: Sun, 30 Jan 2022 23:40:46 GMT
server: nginx/1.18.0

GET
H2 200 skc
api.weather.gov/icons/land/night/ 580 B
954 B 1654ms
63ms Image
image/png 23.62.164.14
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://api.weather.gov/icons/land/night/skc?size=small

Requested by

Host: wickedwalk.website
URL: https://wickedwalk.website/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.62.164.14 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-62-164-14.deploy.static.akamaitechnologies.com

Software

nginx/1.20.1 /

Resource Hash

976252dfff6dbea54e605ab7e6396a3de4dfd80229cddd94d793889eb6131ae8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://wickedwalk.website/

Response headers

x-edge-request-id: 289ea11e
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
x-request-id: b522a17f-6e9a-4088-a451-157410dbe5c8
access-control-expose-headers: X-Correlation-Id, X-Request-Id, X-Server-Id
cache-control: public, max-age=2475675, s-maxage=604800
x-correlation-id: 82652d25
etag: "182ff3c38c60e4dbcec18c4d0909093e"
expires: Sun, 24 Nov 2024 22:10:37 GMT
access-control-allow-origin: *
x-server-id: vm-lnx-nids-apiapp2.ncep.noaa.gov
content-length: 580
date: Sun, 27 Oct 2024 06:29:22 GMT
content-type: image/png
server: nginx/1.20.1

GET
H2 200 few
api.weather.gov/icons/land/night/ 2 KB
2 KB 1655ms
64ms Image
image/png 23.62.164.14
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://api.weather.gov/icons/land/night/few?size=small

Requested by

Host: wickedwalk.website
URL: https://wickedwalk.website/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.62.164.14 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-62-164-14.deploy.static.akamaitechnologies.com

Software

nginx/1.20.1 /

Resource Hash

3c34d3fb14fdc8bed60af9b5dda37210ecdbf3ba25b8ea553cd7759b2de0077b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://wickedwalk.website/

Response headers

x-edge-request-id: 289ea11f
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
x-request-id: e3bbfbb9-0cce-471b-abc6-254a0784344a
access-control-expose-headers: X-Correlation-Id, X-Request-Id, X-Server-Id
cache-control: public, max-age=1714747, s-maxage=604800
x-correlation-id: 2008d0
etag: "ec9e4deb48d45dc2b1127399cd554d4a"
expires: Sat, 16 Nov 2024 02:48:29 GMT
access-control-allow-origin: *
x-server-id: vm-bldr-nids-apiapp6.ncep.noaa.gov
content-length: 1745
date: Sun, 27 Oct 2024 06:29:22 GMT
content-type: image/png
server: nginx/1.20.1

GET
H2 404 favicon.ico
wickedwalk.website/ 1013 B
712 B 39ms
38ms Other
text/html 168.235.110.252
RAMNODE

General

Check archive.org

Show headers Download Go to

Full URL: https://wickedwalk.website/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 168.235.110.252 , United States, ASN3842 (RAMNODE, US),
Reverse DNS: rivendell.ponymail.net
Software: nginx/1.18.0 /
Resource Hash: 7762e8659c1a15201ae638656b76e183c02658c2edfe6ebfe9d9a2a6bf410656

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://wickedwalk.website/

Response headers

content-encoding: gzip
date: Sun, 27 Oct 2024 06:29:23 GMT
etag: W/"6600f18e-3f5"
content-type: text/html
server: nginx/1.18.0

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| updateCountdowns

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.wickedwalk.website/	1970-01-21 01:59:54	Name: PHPSESSID Value: qgejrkm890ugr9rqadb59gq5oq

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://wickedwalk.website/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.weather.gov
wickedwalk.website
168.235.110.252
23.62.164.14
28888da5bb254f12e0bd4354d73c1c05caa9594cea3036b893601f74cd678a00
2ee0ba86652c02292c9f5680f9261cca89c0241253649286e95d6f1344dddd9d
35c265fec12eb405802dc406481450eb805a8b78c3487893febc3d62e27d7145
3bc732d440d94b11a12c5ee33e60cd7cd9832ecb29e5f852af52e0bd08f77adb
3c34d3fb14fdc8bed60af9b5dda37210ecdbf3ba25b8ea553cd7759b2de0077b
7762e8659c1a15201ae638656b76e183c02658c2edfe6ebfe9d9a2a6bf410656
976252dfff6dbea54e605ab7e6396a3de4dfd80229cddd94d793889eb6131ae8
a924de68e02275053f269f4f6c916dd72c1ab1b3a3da6bb7c3dee2aa6b98e81d

wickedwalk.website Open in urlscan Pro 168.235.110.252 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

12 kBTransfer

15 kBSize

1 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

wickedwalk.website Open in urlscan Pro
168.235.110.252 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

12 kB
Transfer

15 kB
Size

1
Cookies

8 HTTP transactions
0 data transactions