www.resignationrest.xyz Open in urlscan Pro
2606:4700:3033::ac43:8956 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.resignationrest.xyz/kurijo/sbspswg766916qaqxcjok/GGHO3Cd6h6ovFWjhJV3TPXHCsLgW9gGEhCsAy2B6c6U/Xf-QPZxNpNqH-VFUdBsqWau...
Effective URL:
http://www.resignationrest.xyz/clicks/chapter2/diamondsmile0415.php?sid=835566&h=GGHO3Cd6h6ovFWjhJV3TPXHCsLgW9gGEhCsAy2B6c6U/Xf...
Submission Tags: falconsandbox
Submission: On November 30 via api (November 30th 2020, 6:14:54 am UTC) from US

Summary HTTP 91 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 6 domains to perform 91 HTTP transactions. The main IP is 2606:4700:3033::ac43:8956, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.resignationrest.xyz.

This is the only time www.resignationrest.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Weightloss Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
54	2606:4700:303... 2606:4700:3033::ac43:8956	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:818::2008	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:820::200a	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a00:1450:400... 2a00:1450:4001:814::2003	15169 (GOOGLE) (GOOGLE)
15	54.189.134.137 54.189.134.137	16509 (AMAZON-02) (AMAZON-02)
91	7

54 2606:4700:3033::ac43:8956 (United States)

ASN13335 (CLOUDFLARENET, US)

www.resignationrest.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:820::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:814::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 54.189.134.137 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-189-134-137.us-west-2.compute.amazonaws.com

hurrifyme.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
54	resignationrest.xyz www.resignationrest.xyz	2 MB
17	googleapis.com ajax.googleapis.com fonts.googleapis.com	165 KB
15	hurrifyme.com hurrifyme.com	111 KB
2	gstatic.com fonts.gstatic.com	28 KB
2	bing.com bat.bing.com	9 KB
1	googletagmanager.com www.googletagmanager.com	38 KB
91	6

	Domain	Requested by
54	www.resignationrest.xyz	www.resignationrest.xyz
15	hurrifyme.com	ajax.googleapis.com hurrifyme.com www.resignationrest.xyz
14	fonts.googleapis.com	www.resignationrest.xyz hurrifyme.com
3	ajax.googleapis.com	www.resignationrest.xyz ajax.googleapis.com
2	fonts.gstatic.com	fonts.googleapis.com
2	bat.bing.com	www.resignationrest.xyz
1	www.googletagmanager.com	www.resignationrest.xyz
91	7

This site contains links to these domains. Also see Links.

Domain
hyperstech.com

Subject Issuer	Validity	Valid
*.google-analytics.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2020-10-27` - `2021-04-27`	6 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
www.hurrifyme.com Sectigo RSA Domain Validation Secure Server CA	`2019-06-26` - `2021-06-28`	2 years	crt.sh

This page contains 2 frames:

Primary Page: http://www.resignationrest.xyz/clicks/chapter2/diamondsmile0415.php?sid=835566&h=GGHO3Cd6h6ovFWjhJV3TPXHCsLgW9gGEhCsAy2B6c6U/Xf-QPZxNpNqH-VFUdBsqWauyRz-JdXW3prqR049auJUoJWnw-vKY3jPOxxXp4eBy6Q3AspKxHiqvgqbuYc840PLNl6Fv6ySSIqX_W4J2fRiOFHmEK2okjuCI1hSOSUc-yDq_xVwBU7FYK61IBh4J-g
Frame ID: 592ED7712DD80C860EDE3C8EBDC85874
Requests: 90 HTTP requests in this frame

Frame: http://www.resignationrest.xyz/clicks/chapter2/diamondsmile0415_files/a.htm
Frame ID: E1575F76F763DFC7A50A2F610058EA6F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.resignationrest.xyz/kurijo/sbspswg766916qaqxcjok/GGHO3Cd6h6ovFWjhJV3TPXHCsLgW9gGEhCsAy2B6c6U/Xf-... Page URL
http://www.resignationrest.xyz/offer.php?id=109&sid=835566&h=GGHO3Cd6h6ovFWjhJV3TPXHCsLgW9gGEhCsAy2B6c6U/Xf... Page URL
http://www.resignationrest.xyz/clicks/chapter2/diamondsmile0415.php?sid=835566&h=GGHO3Cd6h6ovFWjhJV3TPXHCsL... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

91
Requests

37 %
HTTPS

86 %
IPv6

6
Domains

7
Subdomains

7
IPs

2
Countries

2332 kB
Transfer

3235 kB
Size

3
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://hyperstech.com/intl/order.php?prod=diamondsmile&net=2979&aff=835566&sid=GGHO3Cd6h6ovFWjhJV3TPXHCsLgW9gGEhCsAy2B6c6U/Xf-QPZxNpNqH-VFUdBsqWauyRz-JdXW3prqR049auJUoJWnw-vKY3jPOxxXp4eBy6Q3AspKxHiqvgqbuYc840PLNl6Fv6ySSIqX_W4J2fRiOFHmEK2okjuCI1hSOSUc-yDq_xVwBU7FYK61IBh4J-g

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.resignationrest.xyz/kurijo/sbspswg766916qaqxcjok/GGHO3Cd6h6ovFWjhJV3TPXHCsLgW9gGEhCsAy2B6c6U/Xf-QPZxNpNqH-VFUdBsqWauyRz-JdXW3prqR049auJUoJWnw-vKY3jPOxxXp4eBy6Q3AspKxHiqvgqbuYc840PLNl6Fv6ySSIqX_W4J2fRiOFHmEK2okjuCI1hSOSUc-yDq_xVwBU7FYK61IBh4J-g Page URL
http://www.resignationrest.xyz/offer.php?id=109&sid=835566&h=GGHO3Cd6h6ovFWjhJV3TPXHCsLgW9gGEhCsAy2B6c6U/Xf-QPZxNpNqH-VFUdBsqWauyRz-JdXW3prqR049auJUoJWnw-vKY3jPOxxXp4eBy6Q3AspKxHiqvgqbuYc840PLNl6Fv6ySSIqX_W4J2fRiOFHmEK2okjuCI1hSOSUc-yDq_xVwBU7FYK61IBh4J-g Page URL
http://www.resignationrest.xyz/clicks/chapter2/diamondsmile0415.php?sid=835566&h=GGHO3Cd6h6ovFWjhJV3TPXHCsLgW9gGEhCsAy2B6c6U/Xf-QPZxNpNqH-VFUdBsqWauyRz-JdXW3prqR049auJUoJWnw-vKY3jPOxxXp4eBy6Q3AspKxHiqvgqbuYc840PLNl6Fv6ySSIqX_W4J2fRiOFHmEK2okjuCI1hSOSUc-yDq_xVwBU7FYK61IBh4J-g Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 60

http://bat.bing.com/bat.js HTTP 307
https://bat.bing.com/bat.js

91 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Cookie set Xf-QPZxNpNqH-VFUdBsqWauyRz-JdXW3prqR049auJUoJWnw-vKY3jPOxxXp4eBy6Q3AspKxHiqvgqbuYc840PLNl6Fv6ySSIqX_W4J2fRiOFHmEK2okjuCI1hSOSUc-yDq_xVwBU7FYK61IBh4J-g Show response
www.resignationrest.xyz/kurijo/sbspswg766916qaqxcjok/GGHO3Cd6h6ovFWjhJV3TPXHCsLgW9gGEhCsAy2B6c6U/ 1 KB
1 KB 98ms
83ms Document
text/html 2606:4700:3033::ac43:8956
CLOUDFLARENET

General

Domain/Path	Expires	Name / Value
.resignationrest.xyz/	1970-01-19 14:42:00	Name: _uetvid Value: 534c2dc032d311eb947473f6a18bbf18
.resignationrest.xyz/	1970-01-19 14:20:03	Name: _uetsid Value: 534c0f7032d311eb9478b54d07572f4e
.resignationrest.xyz/	1970-01-19 15:01:48	Name: __cfduid Value: d46f412751070b9ad1785b5d30afabe321606716876

www.resignationrest.xyz Open in urlscan Pro 2606:4700:3033::ac43:8956 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

91 Requests

37 %HTTPS

86 %IPv6

6 Domains

7 Subdomains

7 IPs

2 Countries

2332 kBTransfer

3235 kBSize

3 Cookies

1 Outgoing links

Page URL History

Redirected requests

91 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.resignationrest.xyz Open in urlscan Pro
2606:4700:3033::ac43:8956 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

91
Requests

37 %
HTTPS

86 %
IPv6

6
Domains

7
Subdomains

7
IPs

2
Countries

2332 kB
Transfer

3235 kB
Size

3
Cookies

91 HTTP transactions
0 data transactions