www2.originalmechanicszz.xyz Open in urlscan Pro
2606:4700::6812:4795 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://bit.ly/2J54kuG
Effective URL:
https://www2.originalmechanicszz.xyz/claim/ytvtcl-comp/1911-bnd-ab-gogl-sp-i11-s10-cmp-gb-en1.html?region=Hammersmith%20and%20Fulham&...
Submission: On March 22 via api (March 22nd 2020, 5:05:49 pm UTC) from BE

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 4 countries across 6 domains to perform 17 HTTP transactions. The main IP is 2606:4700::6812:4795, located in United States and belongs to CLOUDFLARENET, US. The main domain is www2.originalmechanicszz.xyz.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on December 30th 2019. Valid for: 9 months.

This is the only time www2.originalmechanicszz.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.199.248.11 67.199.248.11	396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD)
1 1	103.254.139.146 103.254.139.146	38719 (DREAMSCAP...) (DREAMSCAPE-AS-AP Dreamscape Networks Limited)
1	185.63.253.116 185.63.253.116	134512 (HWSPL-AS-...) (HWSPL-AS-AP HostPalace Web Solution PVT LTD)
1 1	104.18.26.185 104.18.26.185	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	2606:4700::68... 2606:4700::6812:4795	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:816::200a	15169 (GOOGLE) (GOOGLE)
17	3

1 67.199.248.11 (United States) 1 redirects

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.254.139.146 (Australia) 1 redirects

ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU)
PTR: vs-gryba4base.au.syrahost.com

azfdr3652.live-on.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.63.253.116 (Amsterdam, Netherlands)

ASN134512 (HWSPL-AS-AP HostPalace Web Solution PVT LTD, IN)
PTR: mail.copiawealthandtax.net

viaprio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.26.185 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.wbtutorials.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2606:4700::6812:4795 (United States)

ASN13335 (CLOUDFLARENET, US)

www2.originalmechanicszz.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	originalmechanicszz.xyz www2.originalmechanicszz.xyz	87 KB
1	googleapis.com ajax.googleapis.com	30 KB
1	wbtutorials.com 1 redirects www.wbtutorials.com	1 KB
1	viaprio.com viaprio.com	443 B
1	live-on.net 1 redirects azfdr3652.live-on.net	238 B
1	bit.ly 1 redirects bit.ly	295 B
17	6

	Domain	Requested by
15	www2.originalmechanicszz.xyz	viaprio.com www2.originalmechanicszz.xyz
1	ajax.googleapis.com	www2.originalmechanicszz.xyz
1	www.wbtutorials.com	1 redirects
1	viaprio.com
1	azfdr3652.live-on.net	1 redirects
1	bit.ly	1 redirects
17	6

This site contains no links.

Subject Issuer	Validity	Valid
www.viaprio.com Go Daddy Secure Certificate Authority - G2	`2019-07-15` - `2020-07-15`	a year	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-12-30` - `2020-10-09`	9 months	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www2.originalmechanicszz.xyz/claim/ytvtcl-comp/1911-bnd-ab-gogl-sp-i11-s10-cmp-gb-en1.html?region=Hammersmith%20and%20Fulham&td=www.wbtutorials.com&brand=Desktop&model=Desktop&cep=je84OLECeTdKhwURSLZ8A8jNfB_3ZVhHu1FawiQQgZcXkd5elksKK-jBR83jKjRFfkuZR-SoKidpEdd-jQgekOLmSaF1aet7etdx9NCUXcyvjlKwz5dKNtLNxDIISyySYkCOptQXX0_G8c1aJJx15I5KNPk2qsBdxRWKDckG3vrpyV71lk4zpFWxMw3ssLOI9sSUijAtk-8XcpZe0mBeZos2O5ekZnvMM9WX06rWWBCB_vupiKbBaVWIan_SfYJGjHfNk_ipG5rMSxzvEy82e6LMRgR3oo-aC0Tz0plsx8HA4nVdatpRLFPBoW19vuaFEOkjlTPeEI9aEONFuUQmh0wa4L2wW-ri_XdqqdC2xIcEiIZjJZJa-rLqjp_aCeYVVmZPucMzfSmckAho6SbEPQ&lptoken=151b842189fa85283313&4=&3=&5=&6=&7=&8=472176&2=&1=891545114&s1=472176&s0=891545114
Frame ID: D370CBA037D33CA44367F1E6FBD4232A
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://bit.ly/2J54kuG HTTP 301
http://azfdr3652.live-on.net/1539479ea2296731wm0HP0BP39bAr66146PU HTTP 302
https://viaprio.com/fff799f6d77613c000/15b-1539479-2296731-66146-0-/08296 Page URL
https://www.wbtutorials.com/e7d741a7-d679-46b5-82e0-fb8353334c97?4=&3=&5=&6=&7=&8=472176&2=&1=891545114&... HTTP 302
https://www2.originalmechanicszz.xyz/claim/ytvtcl-comp/1911-bnd-ab-gogl-sp-i11-s10-cmp-gb-en1.html?region=Hammers... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

17
Requests

100 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

3
IPs

4
Countries

117 kB
Transfer

343 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://bit.ly/2J54kuG HTTP 301
http://azfdr3652.live-on.net/1539479ea2296731wm0HP0BP39bAr66146PU HTTP 302
https://viaprio.com/fff799f6d77613c000/15b-1539479-2296731-66146-0-/08296 Page URL
https://www.wbtutorials.com/e7d741a7-d679-46b5-82e0-fb8353334c97?4=&3=&5=&6=&7=&8=472176&2=&1=891545114&s1=472176&s0=891545114 HTTP 302
https://www2.originalmechanicszz.xyz/claim/ytvtcl-comp/1911-bnd-ab-gogl-sp-i11-s10-cmp-gb-en1.html?region=Hammersmith%20and%20Fulham&td=www.wbtutorials.com&brand=Desktop&model=Desktop&cep=je84OLECeTdKhwURSLZ8A8jNfB_3ZVhHu1FawiQQgZcXkd5elksKK-jBR83jKjRFfkuZR-SoKidpEdd-jQgekOLmSaF1aet7etdx9NCUXcyvjlKwz5dKNtLNxDIISyySYkCOptQXX0_G8c1aJJx15I5KNPk2qsBdxRWKDckG3vrpyV71lk4zpFWxMw3ssLOI9sSUijAtk-8XcpZe0mBeZos2O5ekZnvMM9WX06rWWBCB_vupiKbBaVWIan_SfYJGjHfNk_ipG5rMSxzvEy82e6LMRgR3oo-aC0Tz0plsx8HA4nVdatpRLFPBoW19vuaFEOkjlTPeEI9aEONFuUQmh0wa4L2wW-ri_XdqqdC2xIcEiIZjJZJa-rLqjp_aCeYVVmZPucMzfSmckAho6SbEPQ&lptoken=151b842189fa85283313&4=&3=&5=&6=&7=&8=472176&2=&1=891545114&s1=472176&s0=891545114 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://bit.ly/2J54kuG HTTP 301
http://azfdr3652.live-on.net/1539479ea2296731wm0HP0BP39bAr66146PU HTTP 302
https://viaprio.com/fff799f6d77613c000/15b-1539479-2296731-66146-0-/08296

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Cookie set 08296 Show response
viaprio.com/fff799f6d77613c000/15b-1539479-2296731-66146-0-/
Redirect Chain

https://bit.ly/2J54kuG
http://azfdr3652.live-on.net/1539479ea2296731wm0HP0BP39bAr66146PU
https://viaprio.com/fff799f6d77613c000/15b-1539479-2296731-66146-0-/08296

189 B
443 B

1072ms
556ms

Document
text/html

185.63.253.116
HWSPL-AS-AP HostP...

General

www2.originalmechanicszz.xyz Open in urlscan Pro 2606:4700::6812:4795 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

33 %IPv6

6 Domains

6 Subdomains

3 IPs

4 Countries

117 kBTransfer

343 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

1 Cookies

Indicators

www2.originalmechanicszz.xyz Open in urlscan Pro
2606:4700::6812:4795 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

3
IPs

4
Countries

117 kB
Transfer

343 kB
Size

1
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!