![](/screenshots/924ae907-73fa-4f78-987f-ab804b1a5cd5.png)
66bl4vk7pbiwxkazmdfqgu6onyhsoch4dbdvllo4u737jn6wu36q.arweave.net
Open in
urlscan Pro
143.204.9.119
Malicious Activity!
Public Scan
Effective URL: https://66bl4vk7pbiwxkazmdfqgu6onyhsoch4dbdvllo4u737jn6wu36q.arweave.net/94K-VV94UWuoGWDLA1PObg8nCPwYR1Wt3Kf39LfWpv0/
Submission: On October 05 via automatic, source phishtank — Scanned from AU
Summary
TLS certificate: Issued by Amazon on May 5th 2022. Valid for: a year.
This is the only time 66bl4vk7pbiwxkazmdfqgu6onyhsoch4dbdvllo4u737jn6wu36q.arweave.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: 1&1 Ionos (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 116.0.23.221 116.0.23.221 | 38719 (DREAMSCAP...) (DREAMSCAPE-AS-AP Dreamscape Networks Limited) | |
1 2 | 143.204.9.119 143.204.9.119 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 3 |
ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU)
PTR: kidili.instanthosting.com.au
visionts.com.au |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-9-119.mxp64.r.cloudfront.net
arweave.net | |
66bl4vk7pbiwxkazmdfqgu6onyhsoch4dbdvllo4u737jn6wu36q.arweave.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
arweave.net
1 redirects
arweave.net — Cisco Umbrella Rank: 143828 66bl4vk7pbiwxkazmdfqgu6onyhsoch4dbdvllo4u737jn6wu36q.arweave.net |
559 KB |
1 |
visionts.com.au
visionts.com.au |
388 B |
2 | 2 |
Domain | Requested by | |
---|---|---|
1 | 66bl4vk7pbiwxkazmdfqgu6onyhsoch4dbdvllo4u737jn6wu36q.arweave.net |
visionts.com.au
|
1 | arweave.net | 1 redirects |
1 | visionts.com.au | |
2 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.ionos.com |
ias.ionos.com |
my.ionos.com |
hidrive.ionos.com |
archive.ionos.com |
www.ionos-status.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
visionts.com.au cPanel, Inc. Certification Authority |
2022-09-25 - 2022-12-24 |
3 months | crt.sh |
arweave.net Amazon |
2022-05-05 - 2023-06-03 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://66bl4vk7pbiwxkazmdfqgu6onyhsoch4dbdvllo4u737jn6wu36q.arweave.net/94K-VV94UWuoGWDLA1PObg8nCPwYR1Wt3Kf39LfWpv0/
Frame ID: FE51CFDDFA49E29EAEAAD37FF2F0F759
Requests: 8 HTTP requests in this frame
Screenshot
![](/screenshots/924ae907-73fa-4f78-987f-ab804b1a5cd5.png)
Page Title
Webmail Login | 1&1 IONOSPage URL History Show full URLs
- https://visionts.com.au/o/redacted@abuse.ionos.com Page URL
-
https://arweave.net/94K-VV94UWuoGWDLA1PObg8nCPwYR1Wt3Kf39LfWpv0/
HTTP 302
https://66bl4vk7pbiwxkazmdfqgu6onyhsoch4dbdvllo4u737jn6wu36q.arweave.net/94K-VV94UWuoGWDLA1PObg8nCPwYR1Wt3Kf39LfWpv0/ Page URL
Page Statistics
14 Outgoing links
These are links going to different origins than the main page.
Title: Webmail
Search URL Search Domain Scan URL
Title: Get started, it's free
Search URL Search Domain Scan URL
Title: iOS
Search URL Search Domain Scan URL
Title: Android
Search URL Search Domain Scan URL
Title: Thunderbird
Search URL Search Domain Scan URL
Title: Outlook
Search URL Search Domain Scan URL
Title: Apple Mail
Search URL Search Domain Scan URL
Title: email programs (POP/IMAP)
Search URL Search Domain Scan URL
Title: My IONOS
Search URL Search Domain Scan URL
Title: HiDrive
Search URL Search Domain Scan URL
Title: E-Mail-Archive
Search URL Search Domain Scan URL
Title: All Systems Operational
Search URL Search Domain Scan URL
Title: 1&1 IONOS Inc. • 2020
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://visionts.com.au/o/redacted@abuse.ionos.com Page URL
-
https://arweave.net/94K-VV94UWuoGWDLA1PObg8nCPwYR1Wt3Kf39LfWpv0/
HTTP 302
https://66bl4vk7pbiwxkazmdfqgu6onyhsoch4dbdvllo4u737jn6wu36q.arweave.net/94K-VV94UWuoGWDLA1PObg8nCPwYR1Wt3Kf39LfWpv0/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
2 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
redacted@abuse.ionos.com
visionts.com.au/o/ |
155 B 388 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
66bl4vk7pbiwxkazmdfqgu6onyhsoch4dbdvllo4u737jn6wu36q.arweave.net/94K-VV94UWuoGWDLA1PObg8nCPwYR1Wt3Kf39LfWpv0/ Redirect Chain
|
1 MB 559 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
62 KB 62 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
320 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
48 KB 48 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
42 KB 42 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
68 KB 68 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
256 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: 1&1 Ionos (Telecommunication)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| savepage_ShadowLoader string| hash0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
66bl4vk7pbiwxkazmdfqgu6onyhsoch4dbdvllo4u737jn6wu36q.arweave.net
arweave.net
visionts.com.au
116.0.23.221
143.204.9.119
2e1587380141daff4e10a8e3db8f7ae5887102ab7576bff43049590f637ac20b
3e1e3dc4031d466e08d15e1890b38604c3245663cec8fc079e2e8fd610099647
7b9feb80ea5281aa93196b4992ae330897202a99156057d0e03324ffb0f5f507
b0390aa3e137e3e49d7d6ed5d86c208fec1dd45ff8a56836c3f86c2e32cd2d7a
b2cb42c6d4031c756b760a6b5da7b09d6bc7952089f7bf69cae5b3117ddaabd2
c8e1724edab4d29c68d698c71f04db98774a5ba4fb432e4d37bfb0beecdac987
d78e7ad4838a9fb4db11451b1db78ccd0b0c7b28f5787684ce2870918ce27bb5