lemonaidhealth.shop - urlscan.io

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 3 HTTP transactions. The main IP is 2606:4700:3037::ac43:c95f, located in United States and belongs to CLOUDFLARENET, US. The main domain is lemonaidhealth.shop.

This is the only time lemonaidhealth.shop was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	2606:4700:303... 2606:4700:3037::ac43:c95f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	64.225.92.243 64.225.92.243	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 1	5.187.6.178 5.187.6.178	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
1	2606:4700:303... 2606:4700:3032::6815:3cd	() ()
3	3

2 2606:4700:3037::ac43:c95f (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

lemonaidhealth.shop	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.225.92.243 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)

cloud.antibot.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 5.187.6.178 (Frankfurt am Main, Germany) 1 redirects

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)
PTR: kvmde48-16366.fornex.org

tdirec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3032::6815:3cd (None, )

ASN- ()

anonymdrug.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	lemonaidhealth.shop 1 redirects lemonaidhealth.shop	6 KB
1	anonymdrug.com anonymdrug.com
1	tdirec.com 1 redirects tdirec.com	774 B
1	antibot.cloud cloud.antibot.cloud	334 B
3	4

	Domain	Requested by
2	lemonaidhealth.shop	1 redirects
1	anonymdrug.com	lemonaidhealth.shop
1	tdirec.com	1 redirects
1	cloud.antibot.cloud	lemonaidhealth.shop
3	4

This site contains no links.

Subject Issuer	Validity	Valid
cloud.antibot.cloud Sectigo RSA Domain Validation Secure Server CA	`2021-01-25` - `2022-01-25`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-22` - `2022-09-21`	a year	crt.sh

This page contains 1 frames:

Frame: https://anonymdrug.com/
Frame ID: 1F3871DB64C4B82868896A1288907DDB
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

3
Requests

67 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

5 kB
Transfer

9 kB
Size

9
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

http://lemonaidhealth.shop/ HTTP 301
https://tdirec.com/fs HTTP 302
https://anonymdrug.com/

3 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response lemonaidhealth.shop/	9 KB 5 KB	264ms 247ms	Document text/html	2606:4700:3037::ac43:c95f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://lemonaidhealth.shop/ Protocol HTTP/1.1 Server 2606:4700:3037::ac43:c95f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.3.18 Resource Hash `998ae74712ffba60fa552f6f1f3bae5dabcf79af2d22501b2937f926c4fcc9f6` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Date Wed, 03 Nov 2021 21:16:25 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive x-powered-by PHP/7.3.18 x-powered-cms AntiBot.Cloud (See: https://antibot.cloud/) x-robots-tag noindex expires Mon, 26 Jul 1997 05:00:00 GMT cache-control no-store, no-cache, must-revalidate CF-Cache-Status DYNAMIC Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Now7t3a5IVFF13EpRa9uAE4pIstIT6CSpGOvbtphInvnjWxUffHyCXpZ7c0k13%2F5IuMmgFTYEssrYuAvHDZEkvoamT2rBg3ydO5YiZWHdD%2Bj3GSdh0SYm4R00yuGX54lFCFL6r8QCbr89c7UqzJXEm8"}],"group":"cf-nel","max_age":604800} NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare CF-RAY 6a889f9fbd573745-MXP Content-Encoding gzip alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
POST H2	200	antibot7.php cloud.antibot.cloud/	72 B 334 B	75ms 46ms	XHR text/html	64.225.92.243 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://cloud.antibot.cloud/antibot7.php Requested by Host: lemonaidhealth.shop URL: http://lemonaidhealth.shop/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 64.225.92.243 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx / Resource Hash Request headers Referer http://lemonaidhealth.shop/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Content-type application/x-www-form-urlencoded; Response headers date Wed, 03 Nov 2021 21:16:26 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods POST content-type text/html; charset=UTF-8 access-control-allow-origin * cache-control no-store, no-cache, must-revalidate access-control-allow-headers * expires Mon, 26 Jul 1997 05:00:00 GMT
GET H2	200	/ anonymdrug.com/ Redirect Chain http://lemonaidhealth.shop/ https://tdirec.com/fs https://anonymdrug.com/	0 0	3099ms 3030ms	Document text/html	2606:4700:3032::6815:3cd
General Check archive.org Show headers Download Go to Full URL https://anonymdrug.com/ Requested by Host: lemonaidhealth.shop URL: http://lemonaidhealth.shop/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::6815:3cd -, , ASN (), Reverse DNS Software cloudflare / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer http://lemonaidhealth.shop/ Response headers date Wed, 03 Nov 2021 21:16:29 GMT content-type text/html; charset=utf-8 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F7bhZJghHQcAuTkLIVHM9IBQeJfumDsEKEIz4%2FQtqxwPDgG2GY7QV4HRzTm9H%2FcK8alZjHQA1xcspoVKjtX1CtkO4VaOKctgGxYzeTvypRJWmEgZ4ZkAyPgQcQdfpLJd2IHSjYKuzfUxk0nMZQ%3D%3D"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 6a889fa9abf83762-MXP content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Redirect headers Server nginx Date Wed, 03 Nov 2021 21:16:27 GMT Content-Type text/html; charset=UTF-8 Content-Length 0 Connection keep-alive Cache-Control no-cache, no-store, must-revalidate,post-check=0,pre-check=0 Expires 0 Last-Modified Wed, 03 Nov 2021 21:16:27 GMT Location https://anonymdrug.com/ Pragma no-cache X-Content-Type-Options nosniff

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
lemonaidhealth.shop/	1970-01-20 07:11:50	Name: antibot_uid Value: d32d4c3d345447b4e0cdce0ee8700564
lemonaidhealth.shop/	1970-01-19 22:40:38	Name: antibot_country Value: DE
lemonaidhealth.shop/	1970-01-19 22:40:38	Name: antibot_lang Value: de
lemonaidhealth.shop/	1970-01-19 22:40:38	Name: antibot_ptr Value: 2001%3A0ac8%3A0036%3A0006%3A0208%3A0000%3A0000%3A0001
lemonaidhealth.shop/	1970-01-19 22:40:38	Name: antibot_43e940e09a0fe09ca12905c365713c95 Value: 2582f792b5e92ae0850d43a8524fa0d3
lemonaidhealth.shop/	1970-01-19 22:27:40	Name: antibot_referer Value: http%3A%2F%2Flemonaidhealth.shop%2F
lemonaidhealth.shop/	1970-01-19 22:27:40	Name: antibot_hits Value: 2
tdirec.com/	1970-01-19 23:10:52	Name: _subid Value: vju6b3d8t3a
tdirec.com/	1970-01-19 23:10:52	Name: d8165 Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM0XCI6MTYzNTk3NDE4N30sXCJjYW1wYWlnbnNcIjp7XCIxM1wiOjE2MzU5NzQxODd9LFwidGltZVwiOjE2MzU5NzQxODd9In0.0DCCG7ZvgFUjVcrQQwLvqVF2PEM4paPNCWTGDlzXpWg

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

anonymdrug.com
cloud.antibot.cloud
lemonaidhealth.shop
tdirec.com
2606:4700:3032::6815:3cd
2606:4700:3037::ac43:c95f
5.187.6.178
64.225.92.243
998ae74712ffba60fa552f6f1f3bae5dabcf79af2d22501b2937f926c4fcc9f6

lemonaidhealth.shop Open in urlscan Pro 2606:4700:3037::ac43:c95f Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

3 Requests

67 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

3 IPs

2 Countries

5 kBTransfer

9 kBSize

9 Cookies

0 Outgoing links

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

9 Cookies

Indicators

lemonaidhealth.shop Open in urlscan Pro
2606:4700:3037::ac43:c95f Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

67 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

5 kB
Transfer

9 kB
Size

9
Cookies

3 HTTP transactions
0 data transactions