159.89.145.125
Open in
urlscan Pro
159.89.145.125
Malicious Activity!
Public Scan
Effective URL: http://159.89.145.125/anglerscovey.stream/2/windows/chrome/indexaf0f.html?q=2b312d3838382d3430302d31373434&ua=5541...
Submission: On July 25 via manual from US
Summary
This is the only time 159.89.145.125 was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft Defender (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 159.89.145.125 159.89.145.125 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean) | |
1 | 2a00:1450:400... 2a00:1450:4001:810::2008 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
9 | 66.198.240.25 66.198.240.25 | 55293 (A2HOSTING) (A2HOSTING - A2 Hosting) | |
2 | 2a00:1450:400... 2a00:1450:4001:810::200e | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
23 | 5 |
ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
159.89.145.125 |
ASN55293 (A2HOSTING - A2 Hosting, Inc., US)
PTR: a2ss37.a2hosting.com
anglerscovey.stream |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
anglerscovey.stream
anglerscovey.stream |
148 KB |
2 |
google-analytics.com
www.google-analytics.com |
14 KB |
1 |
googletagmanager.com
www.googletagmanager.com |
25 KB |
0 |
fontsizes.org
Failed
fontsizes.org Failed |
|
23 | 4 |
Domain | Requested by | |
---|---|---|
9 | anglerscovey.stream |
159.89.145.125
|
2 | www.google-analytics.com |
www.googletagmanager.com
159.89.145.125 |
1 | www.googletagmanager.com |
159.89.145.125
|
0 | fontsizes.org Failed |
159.89.145.125
|
23 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
anglerscovey.stream Let's Encrypt Authority X3 |
2018-05-30 - 2018-08-28 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
http://159.89.145.125/anglerscovey.stream/2/windows/chrome/indexaf0f.html?q=2b312d3838382d3430302d31373434&ua=55412d37373532343034342d32
Frame ID: 6142E26A2BFCF4AD0B54B864A1C49553
Requests: 22 HTTP requests in this frame
Frame:
https://anglerscovey.stream/2/windows/chrome/index_files/a.htm
Frame ID: B5F431A46995E9A6000D5488F9DEAF64
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://159.89.145.125/?semcid=amazon.social.google.gt-c-en.car&SEMDTL=a1894432125.b144522333757.d1... Page URL
- http://159.89.145.125/anglerscovey.stream/2/index.html Page URL
- http://159.89.145.125/anglerscovey.stream/2/windows/chrome/indexaf0f.html?q=2b312d3838382d3430302d... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- headers server /php\/?([\d.]+)?/i
CentOS (Operating Systems) Expand
Detected patterns
- headers server /CentOS/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
- env /^gaGlobal$/i
Google Tag Manager (Tag Managers) Expand
Detected patterns
- env /^google_tag_manager$/i
Twitter Bootstrap () Expand
Detected patterns
- html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://159.89.145.125/?semcid=amazon.social.google.gt-c-en.car&SEMDTL=a1894432125.b144522333757.d1260449266131.e1c.f11t1.g1kwd-295205470739.h1e.i1.j11027028.k1.l1g.m1.n1&gclsrc=aw.ds&url=https://www.amazon.com/FOCUSPOWER-Bluetooth-Smallest-Invisible-Headphone/dp/B01M2ZOLLP/?url=https://www.amazon.com/FOCUSPOWER-Bluetooth-Smallest-Invisible-Headphone/dp/B01M2ZOLLP/&id=72 Page URL
- http://159.89.145.125/anglerscovey.stream/2/index.html Page URL
- http://159.89.145.125/anglerscovey.stream/2/windows/chrome/indexaf0f.html?q=2b312d3838382d3430302d31373434&ua=55412d37373532343034342d32 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
159.89.145.125/ |
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
backblue.gif
159.89.145.125/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fade.gif
159.89.145.125/ |
828 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.html
159.89.145.125/anglerscovey.stream/2/ |
716 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.1.1.min.js
159.89.145.125/anglerscovey.stream/2/ |
85 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-include.js
159.89.145.125/anglerscovey.stream/2/ |
583 B 891 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
fontinit.php
fontsizes.org/3.0.1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
indexaf0f.html
159.89.145.125/anglerscovey.stream/2/windows/chrome/ |
90 KB 90 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
js
www.googletagmanager.com/gtag/ |
72 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.css
anglerscovey.stream/2/windows/chrome/index_files/ |
118 KB 119 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
anglerscovey.stream/2/windows/chrome/index_files/ |
23 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
translator.css
anglerscovey.stream/2/windows/chrome/index_files/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
alert.css
anglerscovey.stream/2/windows/chrome/index_files/ |
3 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
windows.png
anglerscovey.stream/2/windows/chrome/index_files/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
analytics.js
www.google-analytics.com/ |
34 KB 14 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
collect
www.google-analytics.com/r/ |
35 B 111 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
a.htm
anglerscovey.stream/2/windows/chrome/index_files/ Frame B5F4 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
glyphicons-halflings-regular.woff2
anglerscovey.stream/2/windows/chrome/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fr.mp3
anglerscovey.stream/2/windows/chrome/ |
0 0 |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fr.mp3
anglerscovey.stream/2/windows/chrome/ |
160 KB 0 |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js15_as.js
anglerscovey.stream/2/windows/s10.histats.com/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
glyphicons-halflings-regular.woff
anglerscovey.stream/2/windows/chrome/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
glyphicons-halflings-regular.ttf
anglerscovey.stream/2/windows/chrome/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- fontsizes.org
- URL
- http://fontsizes.org/3.0.1/fontinit.php
- Domain
- anglerscovey.stream
- URL
- https://anglerscovey.stream/2/windows/chrome/fonts/glyphicons-halflings-regular.woff2
- Domain
- anglerscovey.stream
- URL
- https://anglerscovey.stream/2/windows/chrome/fonts/glyphicons-halflings-regular.woff
- Domain
- anglerscovey.stream
- URL
- https://anglerscovey.stream/2/windows/chrome/fonts/glyphicons-halflings-regular.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft Defender (Consumer)31 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| gtag object| dataLayer object| google_tag_manager string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData function| getURLParameter string| error string| stroka function| toggleFullScreen string| subid string| clickid string| postback boolean| cl boolean| isFullScreen function| kzogExQSrDChY4Iq function| setCookie function| hTRnKeAy1lgYB4La function| gpAkSJDl9ENT5gLQ function| eKxJS2GzrfWPEjgm function| hCPNapvlhFicLoDm function| hxvw7JrbMUZBqVhN function| f5WOxk2dF74GMRLf function| dsfsf function| addEvent function| removeEvent string| nomer string| red object| _Hasync3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
159.89.145.125/ | Name: _gat_gtag_UA_106562603_2 Value: 1 |
|
159.89.145.125/ | Name: _gid Value: GA1.1.722954617.1532525687 |
|
159.89.145.125/ | Name: _ga Value: GA1.1.968326509.1532525687 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
anglerscovey.stream
fontsizes.org
www.google-analytics.com
www.googletagmanager.com
anglerscovey.stream
fontsizes.org
159.89.145.125
2a00:1450:4001:810::2008
2a00:1450:4001:810::200e
66.198.240.25
370b4c73ec814629486d544efb63738fe0532d332c87737d568f0240a335c8f6
3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
4840ce73dca79f85b593a8e0063a9d989c91fe5fe15957cd8426ab3ab011bdfb
5ecd3c65a71650f10ddc799403b682af2d866e50fc1ea30e972fd8c7df3f77e7
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
9e590c1c5e7601413a44e2c7b8611dab5fb2ee6d6287d3c88bf137465279ef54
a7fdd2397e0f7290cbf6c599af043bf91d351d755e5fcbcf7cef9f5bf8fc252f
af51e56cb805c77f4317638331a45578d5566302002cc11907c6f7539bc1a7d4
b809cdcf8cddf73245f98400be326be4831a53924798a1c71c6f17c790bb4496
be73c78eb557e4a4e97a422585b5a646ad3359d79eea72938cb07d41e22c8629
e4113c5c9a786841db2b70edc02f02da379b2a37605580dafbabd0f8036c33e9
f791e5bcfc17b62bd8df9a3a4c6b69f4599f0b859eb3466ac6e128970812b563