www.antionemister.icu Open in urlscan Pro
2606:4700:3037::681b:b20e Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.antionemister.icu/Jxetw/jxxx122396woadxcb/Y_bGDz7guDH1h8cds-Tb6V3Ptk2vZY6hO9L_ll8SWSw/9KdvRY_i-_UJWfpiCRJmgktg5reL...
Effective URL:
http://www.antionemister.icu/apple/orange2/skin0322.php?sid=741573&h=Y_bGDz7guDH1h8cds-Tb6V3Ptk2vZY6hO9L_ll8SWSw/9KdvRY_i-_UJ...
Submission: On March 03 via api (March 3rd 2020, 5:09:45 pm UTC) from US

Summary HTTP 64 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 64 HTTP transactions. The main IP is 2606:4700:3037::681b:b20e, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.antionemister.icu.

This is the only time www.antionemister.icu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Lion's Den Scam (Online) Weightloss Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
59	2606:4700:303... 2606:4700:3037::681b:b20e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE)
1 2	2606:4700:20:... 2606:4700:20::681a:f49	13335 (CLOUDFLAR...) (CLOUDFLARENET)
64	4

59 2606:4700:3037::681b:b20e (United States)

ASN13335 (CLOUDFLARENET, US)

www.antionemister.icu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:f49 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

freegeoip.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
59	antionemister.icu www.antionemister.icu	2 MB
2	freegeoip.net freegeoip.net Failed	216 B
2	gstatic.com fonts.gstatic.com	34 KB
0	Failed function sub() { [native code] }. Failed
64	4

	Domain	Requested by
59	www.antionemister.icu	www.antionemister.icu
2	freegeoip.net	www.antionemister.icu
2	fonts.gstatic.com	www.antionemister.icu
0	97a24d60-f200-4f95-9256-68f117fe2c42 Failed	www.antionemister.icu
64	4

This site contains links to these domains. Also see Links.

Domain
www.microroof.com
www.facebook.com

Subject Issuer	Validity	Valid
*.google.com GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh

This page contains 2 frames:

Primary Page: http://www.antionemister.icu/apple/orange2/skin0322.php?sid=741573&h=Y_bGDz7guDH1h8cds-Tb6V3Ptk2vZY6hO9L_ll8SWSw/9KdvRY_i-_UJWfpiCRJmgktg5reLfSl5rUwHVKfMv7Dlh4Jba3cOId2P9yosyl9Xn12e-Zn7q0GRgUaq0P6EbGLiEH_A2X7BjYUhYZjl0NvtZ6yObi5x7TCtNTg68Ae-rApzwv4YW5bJp2k8zAFbuA
Frame ID: D7DAE68DAB4A5AC9E85894B54679389B
Requests: 70 HTTP requests in this frame

Frame: http://www.antionemister.icu/apple/orange2/skin0322_files/blank.htm
Frame ID: 70FD3461A3CBD35216123C60E1C626C6
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.antionemister.icu/Jxetw/jxxx122396woadxcb/Y_bGDz7guDH1h8cds-Tb6V3Ptk2vZY6hO9L_ll8SWSw/9KdvRY_i... Page URL
http://www.antionemister.icu/offer.php?id=28&sid=741573&h=Y_bGDz7guDH1h8cds-Tb6V3Ptk2vZY6hO9L_ll8SWSw/9Kd... Page URL
http://www.antionemister.icu/apple/orange2/skin0322.php?sid=741573&h=Y_bGDz7guDH1h8cds-Tb6V3Ptk2vZY6hO9L_... Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

64
Requests

3 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

1789 kB
Transfer

3460 kB
Size

1
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.microroof.com/LN9NBH7/L733WLF/?creative_id=56154&sub1=skin0322&sub2=741573&sub3=Y_bGDz7guDH1h8cds-Tb6V3Ptk2vZY6hO9L_ll8SWSw/9KdvRY_i-_UJWfpiCRJmgktg5reLfSl5rUwHVKfMv7Dlh4Jba3cOId2P9yosyl9Xn12e-Zn7q0GRgUaq0P6EbGLiEH_A2X7BjYUhYZjl0NvtZ6yObi5x7TCtNTg68Ae-rApzwv4YW5bJp2k8zAFbuA
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/celia.kilgard

Search URL Search Domain Scan URL

URL: https://www.facebook.com/alannismartini

Search URL Search Domain Scan URL

URL: https://www.facebook.com/amanda.hickam

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.antionemister.icu/Jxetw/jxxx122396woadxcb/Y_bGDz7guDH1h8cds-Tb6V3Ptk2vZY6hO9L_ll8SWSw/9KdvRY_i-_UJWfpiCRJmgktg5reLfSl5rUwHVKfMv7Dlh4Jba3cOId2P9yosyl9Xn12e-Zn7q0GRgUaq0P6EbGLiEH_A2X7BjYUhYZjl0NvtZ6yObi5x7TCtNTg68Ae-rApzwv4YW5bJp2k8zAFbuA Page URL
http://www.antionemister.icu/offer.php?id=28&sid=741573&h=Y_bGDz7guDH1h8cds-Tb6V3Ptk2vZY6hO9L_ll8SWSw/9KdvRY_i-_UJWfpiCRJmgktg5reLfSl5rUwHVKfMv7Dlh4Jba3cOId2P9yosyl9Xn12e-Zn7q0GRgUaq0P6EbGLiEH_A2X7BjYUhYZjl0NvtZ6yObi5x7TCtNTg68Ae-rApzwv4YW5bJp2k8zAFbuA Page URL
http://www.antionemister.icu/apple/orange2/skin0322.php?sid=741573&h=Y_bGDz7guDH1h8cds-Tb6V3Ptk2vZY6hO9L_ll8SWSw/9KdvRY_i-_UJWfpiCRJmgktg5reLfSl5rUwHVKfMv7Dlh4Jba3cOId2P9yosyl9Xn12e-Zn7q0GRgUaq0P6EbGLiEH_A2X7BjYUhYZjl0NvtZ6yObi5x7TCtNTg68Ae-rApzwv4YW5bJp2k8zAFbuA Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 65

https://freegeoip.net/json/ HTTP 301
http://freegeoip.net/shutdown

Request Chain 66

https://freegeoip.net/json/?callback=jQuery111209264747407835687_1583255368569&_=1583255368570 HTTP 301
http://freegeoip.net/shutdown

64 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Cookie set 9KdvRY_i-_UJWfpiCRJmgktg5reLfSl5rUwHVKfMv7Dlh4Jba3cOId2P9yosyl9Xn12e-Zn7q0GRgUaq0P6EbGLiEH_A2X7BjYUhYZjl0NvtZ6yObi5x7TCtNTg68Ae-rApzwv4YW5bJp2k8zAFbuA Show response
www.antionemister.icu/Jxetw/jxxx122396woadxcb/Y_bGDz7guDH1h8cds-Tb6V3Ptk2vZY6hO9L_ll8SWSw/ 688 B
810 B 222ms
204ms Document
text/html 2606:4700:3037::681b:b20e
CLOUDFLARENET

General

www.antionemister.icu Open in urlscan Pro 2606:4700:3037::681b:b20e Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

64 Requests

3 %HTTPS

100 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

1789 kBTransfer

3460 kBSize

1 Cookies

4 Outgoing links

Page URL History

Redirected requests

64 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.antionemister.icu Open in urlscan Pro
2606:4700:3037::681b:b20e Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

64
Requests

3 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

1789 kB
Transfer

3460 kB
Size

1
Cookies

64 HTTP transactions
8 data transactions