yjelm.love-in-air.net
Open in
urlscan Pro
52.211.95.198
Malicious Activity!
Public Scan
Effective URL: https://yjelm.love-in-air.net/c/679efeecdc3b4d07?&click_id=remok5bcd49ddc4107393335411&s1=14079&s2=48108&s3=&s5=
Submission: On October 22 via manual from RO
Summary
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on June 29th 2018. Valid for: a year.
This is the only time yjelm.love-in-air.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Porn Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2600:9000:204... 2600:9000:2043:9200:19:9934:6a80:93a1 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 1 | 67.199.248.10 67.199.248.10 | 395224 (BITLY-AS) (BITLY-AS - Bitly Inc) | |
2 | 2a00:1450:400... 2a00:1450:4001:81c::2001 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 1 | 2600:9000:204... 2600:9000:2043:3600:19:9934:6a80:93a1 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 2 | 52.211.95.198 52.211.95.198 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
12 | 2.16.186.99 2.16.186.99 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2a00:1450:400... 2a00:1450:4001:80b::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2a00:1450:400... 2a00:1450:4001:80b::2003 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
17 | 5 |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
o1lc.app.link |
ASN15169 (GOOGLE - Google LLC, US)
thelastseasoncpa.blogspot.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
02tm.app.link |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-211-95-198.eu-west-1.compute.amazonaws.com
xbavr.freedating.mobi | |
yjelm.love-in-air.net |
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-99.deploy.static.akamaitechnologies.com
cdn-aimi.akamaized.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
akamaized.net
cdn-aimi.akamaized.net |
1 MB |
2 |
blogspot.com
thelastseasoncpa.blogspot.com |
3 KB |
2 |
app.link
2 redirects
o1lc.app.link 02tm.app.link |
1 KB |
1 |
gstatic.com
fonts.gstatic.com |
14 KB |
1 |
googleapis.com
fonts.googleapis.com |
488 B |
1 |
love-in-air.net
yjelm.love-in-air.net |
2 KB |
1 |
freedating.mobi
1 redirects
xbavr.freedating.mobi |
906 B |
1 |
bit.ly
1 redirects
bit.ly |
359 B |
17 | 8 |
Domain | Requested by | |
---|---|---|
12 | cdn-aimi.akamaized.net |
yjelm.love-in-air.net
|
2 | thelastseasoncpa.blogspot.com |
thelastseasoncpa.blogspot.com
|
1 | fonts.gstatic.com |
yjelm.love-in-air.net
|
1 | fonts.googleapis.com |
yjelm.love-in-air.net
|
1 | yjelm.love-in-air.net |
thelastseasoncpa.blogspot.com
|
1 | xbavr.freedating.mobi | 1 redirects |
1 | 02tm.app.link | 1 redirects |
1 | bit.ly | 1 redirects |
1 | o1lc.app.link | 1 redirects |
17 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.googleusercontent.com Google Internet Authority G3 |
2018-10-02 - 2018-12-25 |
3 months | crt.sh |
*.love-in-air.net COMODO RSA Domain Validation Secure Server CA |
2018-06-29 - 2019-06-29 |
a year | crt.sh |
a248.e.akamai.net DigiCert ECC Secure Server CA |
2018-01-23 - 2019-01-19 |
a year | crt.sh |
*.googleapis.com Google Internet Authority G3 |
2018-10-02 - 2018-12-25 |
3 months | crt.sh |
*.google.com Google Internet Authority G3 |
2018-10-02 - 2018-12-25 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://yjelm.love-in-air.net/c/679efeecdc3b4d07?&click_id=remok5bcd49ddc4107393335411&s1=14079&s2=48108&s3=&s5=
Frame ID: 257C27DE722F661B632C703FA2A522F4
Requests: 17 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://o1lc.app.link/Gcxaym9u5Q?fb_action_ids=363317490906473&fb_action_types=og.shares
HTTP 307
http://bit.ly/2xqY3qk?fb_action_ids=363317490906473&fb_action_types=og.shares&_branch_matc... HTTP 301
https://thelastseasoncpa.blogspot.com/ Page URL
-
https://02tm.app.link/GcRzc5AFUL
HTTP 307
https://xbavr.freedating.mobi/c/da57dc555e50572d?s1=14079&s2=48108&click_id=BUNDA-06&j1=1&j3=1&_branch_mat... HTTP 302
https://yjelm.love-in-air.net/c/679efeecdc3b4d07?&click_id=remok5bcd49ddc4107393335411&s1=14079&s2=48108&s... Page URL
Detected technologies
Java (Programming Languages) ExpandDetected patterns
- headers server /GSE/i
OpenGSE (Web Servers) Expand
Detected patterns
- headers server /GSE/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://o1lc.app.link/Gcxaym9u5Q?fb_action_ids=363317490906473&fb_action_types=og.shares
HTTP 307
http://bit.ly/2xqY3qk?fb_action_ids=363317490906473&fb_action_types=og.shares&_branch_match_id=582765901059425188 HTTP 301
https://thelastseasoncpa.blogspot.com/ Page URL
-
https://02tm.app.link/GcRzc5AFUL
HTTP 307
https://xbavr.freedating.mobi/c/da57dc555e50572d?s1=14079&s2=48108&click_id=BUNDA-06&j1=1&j3=1&_branch_match_id=582765901059425188 HTTP 302
https://yjelm.love-in-air.net/c/679efeecdc3b4d07?&click_id=remok5bcd49ddc4107393335411&s1=14079&s2=48108&s3=&s5= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://o1lc.app.link/Gcxaym9u5Q?fb_action_ids=363317490906473&fb_action_types=og.shares HTTP 307
- http://bit.ly/2xqY3qk?fb_action_ids=363317490906473&fb_action_types=og.shares&_branch_match_id=582765901059425188 HTTP 301
- https://thelastseasoncpa.blogspot.com/
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
thelastseasoncpa.blogspot.com/ Redirect Chain
|
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cookienotice.js
thelastseasoncpa.blogspot.com/js/ |
6 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
679efeecdc3b4d07
yjelm.love-in-air.net/c/ Redirect Chain
|
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
cdn-aimi.akamaized.net/landings/126241/1521730993/css/ |
17 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script.min.js
cdn-aimi.akamaized.net/landings/126241/1521730993/js/ |
252 KB 75 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
function.js
cdn-aimi.akamaized.net/landings/126241/1521730993/js/ |
768 B 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
avsc4.js
cdn-aimi.akamaized.net/landings/126241/1521730993/js/ |
2 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
backoffer.js
cdn-aimi.akamaized.net/landings/126241/1521730993/js/ |
695 B 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
css
fonts.googleapis.com/ |
767 B 488 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
4.jpg
cdn-aimi.akamaized.net/landings/126241/1521730993/images/ |
291 KB 291 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
3.jpg
cdn-aimi.akamaized.net/landings/126241/1521730993/images/ |
288 KB 289 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2.jpg
cdn-aimi.akamaized.net/landings/126241/1521730993/images/ |
298 KB 299 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1.jpg
cdn-aimi.akamaized.net/landings/126241/1521730993/images/ |
295 KB 295 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pattern.png
cdn-aimi.akamaized.net/landings/126241/1521730993/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
yes.png
cdn-aimi.akamaized.net/landings/126241/1521730993/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
no.png
cdn-aimi.akamaized.net/landings/126241/1521730993/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v14/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Porn Scam (Online)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery number| th_bridge_jump_step string| backOfferUrl boolean| exit3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
yjelm.love-in-air.net/ | Name: scriptHash Value: 203411_14079_48108 |
|
yjelm.love-in-air.net/ | Name: unique_id Value: 5bbb28485972c341398566 |
|
yjelm.love-in-air.net/ | Name: unique_1395779 Value: unique_1395779 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
02tm.app.link
bit.ly
cdn-aimi.akamaized.net
fonts.googleapis.com
fonts.gstatic.com
o1lc.app.link
thelastseasoncpa.blogspot.com
xbavr.freedating.mobi
yjelm.love-in-air.net
2.16.186.99
2600:9000:2043:3600:19:9934:6a80:93a1
2600:9000:2043:9200:19:9934:6a80:93a1
2a00:1450:4001:80b::2003
2a00:1450:4001:80b::200a
2a00:1450:4001:81c::2001
52.211.95.198
67.199.248.10
06d10ddd446ea86ebea46a23a233c9a5fd8df1ce12dfde397d6edbf273f3b852
0c3555a2e5cfad54d71e6e46952ae113e78a7473f8b8af0cd6c34fc9520462f0
26cf457270ac5bff605429d8c96f2d527c929f2873385bf6f5223bcc71be9bb9
322d600431f53fb186989dad7e4ed1365b0d3012a808cd114390855a0dce16a6
39370a86c2b63583f0db550ef27bd7360a4c8b66e2d45df1d4d7c3b6d0ec4efb
4b7f1fe15626316cde2a1de45abe6ec03522d836c718f658e2cbfbb39dd96aaa
52726fb580d6bffc46615863ddbf4c319524b5a68fb484be2972bdad4fd0310d
5cbc28ef1cf07ab8956014b581aa2b96baac861237975813702e63c886b0c004
65d5facad742c9e5e01d58e40423ac5bf25ef4dd70dc91d647192e26896349ab
6b63329e124595fb04a3532a9a81e6d0433028defc8274de6f36d7245ee27c5a
6bfdecff876226c1e233f71e7b0b1a6e0eb238281a52156c39f051691dd88a43
88719b7f053967ff3db42fcf271e5e5f48449ca28796cf81ff3c58741f0a2f76
c4e62e899d387cd5be4770f35d30a90a4a0b7690e5a70fe510d61192a55df2fb
ec62c124bbbff692f4ead1c13b55796d561140d544fb16e9cea575f9979832dd
fedd7527d1cceee3052bf4bb62e76d56e8200a115d8a2affae23a125578b7ad1