yjelm.love-in-air.net Open in urlscan Pro
52.211.95.198 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://o1lc.app.link/Gcxaym9u5Q?fb_action_ids=363317490906473&fb_action_types=og.shares
Effective URL:
https://yjelm.love-in-air.net/c/679efeecdc3b4d07?&click_id=remok5bcd49ddc4107393335411&s1=14079&s2=48108&s3=&s5=
Submission: On October 22 via manual (October 22nd 2018, 3:54:16 am UTC) from RO

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 8 domains to perform 17 HTTP transactions. The main IP is 52.211.95.198, located in Dublin, Ireland and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is yjelm.love-in-air.net.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on June 29th 2018. Valid for: a year.

This is the only time yjelm.love-in-air.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Porn Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2600:9000:204... 2600:9000:2043:9200:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	67.199.248.10 67.199.248.10	395224 (BITLY-AS) (BITLY-AS - Bitly Inc)
2	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2600:9000:204... 2600:9000:2043:3600:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	52.211.95.198 52.211.95.198	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
12	2.16.186.99 2.16.186.99	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
17	5

1 2600:9000:2043:9200:19:9934:6a80:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

o1lc.app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.199.248.10 (United States) 1 redirects

ASN395224 (BITLY-AS - Bitly Inc, US)

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::2001 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

thelastseasoncpa.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2043:3600:19:9934:6a80:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

02tm.app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.211.95.198 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-211-95-198.eu-west-1.compute.amazonaws.com

xbavr.freedating.mobi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
yjelm.love-in-air.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2.16.186.99 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-99.deploy.static.akamaitechnologies.com

cdn-aimi.akamaized.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	akamaized.net cdn-aimi.akamaized.net	1 MB
2	blogspot.com thelastseasoncpa.blogspot.com	3 KB
2	app.link 2 redirects o1lc.app.link 02tm.app.link	1 KB
1	gstatic.com fonts.gstatic.com	14 KB
1	googleapis.com fonts.googleapis.com	488 B
1	love-in-air.net yjelm.love-in-air.net	2 KB
1	freedating.mobi 1 redirects xbavr.freedating.mobi	906 B
1	bit.ly 1 redirects bit.ly	359 B
17	8

	Domain	Requested by
12	cdn-aimi.akamaized.net	yjelm.love-in-air.net
2	thelastseasoncpa.blogspot.com	thelastseasoncpa.blogspot.com
1	fonts.gstatic.com	yjelm.love-in-air.net
1	fonts.googleapis.com	yjelm.love-in-air.net
1	yjelm.love-in-air.net	thelastseasoncpa.blogspot.com
1	xbavr.freedating.mobi	1 redirects
1	02tm.app.link	1 redirects
1	bit.ly	1 redirects
1	o1lc.app.link	1 redirects
17	9

This site contains no links.

Subject Issuer	Validity	Valid
*.googleusercontent.com Google Internet Authority G3	`2018-10-02` - `2018-12-25`	3 months	crt.sh
*.love-in-air.net COMODO RSA Domain Validation Secure Server CA	`2018-06-29` - `2019-06-29`	a year	crt.sh
a248.e.akamai.net DigiCert ECC Secure Server CA	`2018-01-23` - `2019-01-19`	a year	crt.sh
*.googleapis.com Google Internet Authority G3	`2018-10-02` - `2018-12-25`	3 months	crt.sh
*.google.com Google Internet Authority G3	`2018-10-02` - `2018-12-25`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://yjelm.love-in-air.net/c/679efeecdc3b4d07?&click_id=remok5bcd49ddc4107393335411&s1=14079&s2=48108&s3=&s5=
Frame ID: 257C27DE722F661B632C703FA2A522F4
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://o1lc.app.link/Gcxaym9u5Q?fb_action_ids=363317490906473&fb_action_types=og.shares HTTP 307
http://bit.ly/2xqY3qk?fb_action_ids=363317490906473&fb_action_types=og.shares&_branch_matc... HTTP 301
https://thelastseasoncpa.blogspot.com/ Page URL
https://02tm.app.link/GcRzc5AFUL HTTP 307
https://xbavr.freedating.mobi/c/da57dc555e50572d?s1=14079&s2=48108&click_id=BUNDA-06&j1=1&j3=1&_branch_mat... HTTP 302
https://yjelm.love-in-air.net/c/679efeecdc3b4d07?&click_id=remok5bcd49ddc4107393335411&s1=14079&s2=48108&s... Page URL

Detected technologies

Java (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /GSE/i

OpenGSE (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /GSE/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

17
Requests

100 %
HTTPS

63 %
IPv6

8
Domains

9
Subdomains

5
IPs

3
Countries

1286 kB
Transfer

1481 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://o1lc.app.link/Gcxaym9u5Q?fb_action_ids=363317490906473&fb_action_types=og.shares HTTP 307
http://bit.ly/2xqY3qk?fb_action_ids=363317490906473&fb_action_types=og.shares&_branch_match_id=582765901059425188 HTTP 301
https://thelastseasoncpa.blogspot.com/ Page URL
https://02tm.app.link/GcRzc5AFUL HTTP 307
https://xbavr.freedating.mobi/c/da57dc555e50572d?s1=14079&s2=48108&click_id=BUNDA-06&j1=1&j3=1&_branch_match_id=582765901059425188 HTTP 302
https://yjelm.love-in-air.net/c/679efeecdc3b4d07?&click_id=remok5bcd49ddc4107393335411&s1=14079&s2=48108&s3=&s5= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://o1lc.app.link/Gcxaym9u5Q?fb_action_ids=363317490906473&fb_action_types=og.shares HTTP 307
http://bit.ly/2xqY3qk?fb_action_ids=363317490906473&fb_action_types=og.shares&_branch_match_id=582765901059425188 HTTP 301
https://thelastseasoncpa.blogspot.com/

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/
thelastseasoncpa.blogspot.com/
Redirect Chain

https://o1lc.app.link/Gcxaym9u5Q?fb_action_ids=363317490906473&fb_action_types=og.shares
http://bit.ly/2xqY3qk?fb_action_ids=363317490906473&fb_action_types=og.shares&_branch_match_id=582765901059425188
https://thelastseasoncpa.blogspot.com/

2 KB
1 KB

158ms
143ms

Document
text/html

2a00:1450:4001:81c::2001
Google LLC

General

Domain/Path	Expires	Name / Value
yjelm.love-in-air.net/	1970-01-18 20:32:52	Name: scriptHash Value: 203411_14079_48108
yjelm.love-in-air.net/	1970-01-18 19:51:06	Name: unique_id Value: 5bbb28485972c341398566
yjelm.love-in-air.net/	1970-01-18 19:51:06	Name: unique_1395779 Value: unique_1395779

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

yjelm.love-in-air.net Open in urlscan Pro 52.211.95.198 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

63 %IPv6

8 Domains

9 Subdomains

5 IPs

3 Countries

1286 kBTransfer

1481 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

3 Cookies

Security Headers

Indicators

yjelm.love-in-air.net Open in urlscan Pro
52.211.95.198 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

63 %
IPv6

8
Domains

9
Subdomains

5
IPs

3
Countries

1286 kB
Transfer

1481 kB
Size

3
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!