sknieiproet.com Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://sknieiproet.com/44yo011te5tq.html
Submission: On July 28 via automatic, source phishtank (July 28th 2023, 10:29:08 pm UTC) — Scanned from NL

Summary HTTP 8 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 8 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is sknieiproet.com.
TLS certificate: Issued by E1 on July 8th 2023. Valid for: 3 months.

This is the only time sknieiproet.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Steam (Gaming)

Domain & IP information

	IP Address	AS Autonomous System
2	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700:303... 2606:4700:3033::6815:113a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	3

2 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

sknieiproet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:3033::6815:113a (United States)

ASN13335 (CLOUDFLARENET, US)

ru-anyxnxx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	ru-anyxnxx.com ru-anyxnxx.com	1 KB
2	sknieiproet.com sknieiproet.com	428 KB
8	2

	Domain	Requested by
6	ru-anyxnxx.com	sknieiproet.com
2	sknieiproet.com	sknieiproet.com
8	2

This site contains links to these domains. Also see Links.

Domain
store.steampowered.com
steamcommunity.com
help.steampowered.com

Subject Issuer	Validity	Valid
sknieiproet.com E1	`2023-07-08` - `2023-10-06`	3 months	crt.sh
ru-anyxnxx.com GTS CA 1P5	`2023-07-19` - `2023-10-17`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://sknieiproet.com/44yo011te5tq.html
Frame ID: 7831600549DC59368CFF0A2EE3F35BBF
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign In

Page Statistics

8
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

429 kB
Transfer

1301 kB
Size

0
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://store.steampowered.com/
Title: STORE

Search URL Search Domain Scan URL

URL: https://steamcommunity.com/
Title: COMMUNITY

Search URL Search Domain Scan URL

URL: https://store.steampowered.com/about/
Title: ABOUT

Search URL Search Domain Scan URL

URL: https://help.steampowered.com/
Title: SUPPORT

Search URL Search Domain Scan URL

URL: https://help.steampowered.com/wizard/HelpWithLogin
Title: Help, I can't sign in

Search URL Search Domain Scan URL

URL: https://store.steampowered.com/mobile
Title: Steam Mobile App

Search URL Search Domain Scan URL

URL: https://store.steampowered.com/join
Title: Join Steam

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
7 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request 44yo011te5tq.html Show response sknieiproet.com/	51 KB 30 KB	242ms 145ms	Document text/html	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sknieiproet.com/44yo011te5tq.html? Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `afc16565d6ee22bbd8127874b7ba0c561bf76fb89da8479f61a2b61d02871e36` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7ee08f08ec590e64-AMS content-encoding br content-type text/html date Fri, 28 Jul 2023 22:29:03 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jsUiUB7PJQGmkvCnoCghzq9O%2BEoNIOt9de1g%2BxoTYHwEYcJsIcWPxm8x2L3LdfO9iVa2w2EqiIA5rx6QfbQecnNQwFuyuV97gvO0R5R2orpb18H74MmGGczurzA5iVoZzHSj%2FHJ3tlBVjcAcBSk%3D"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H2	200	44n5s2on0spz.js Show response sknieiproet.com/	1 MB 398 KB	42ms 41ms	Script application/javascript	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sknieiproet.com/44n5s2on0spz.js Requested by Host: sknieiproet.com URL: https://sknieiproet.com/44yo011te5tq.html? Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7abd685c8ae78e7d50448c0bb5c1d1446004ebb1c8b501db544b10f46a15e520` Request headers accept-language nl-NL,nl;q=0.9 Referer https://sknieiproet.com/44yo011te5tq.html? User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Fri, 28 Jul 2023 22:29:03 GMT content-encoding br cf-cache-status HIT last-modified Sat, 22 Jul 2023 18:15:32 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 48451 etag W/"64bc1cc4-10d87c" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aQKF7xELsrCr%2FLQlX9eCfIoila%2FGHCB7Ja7BWb57XXGUqhCVoqrFXWFGsNGMDxNHrqdmYpWdEqcHzzvLM9t%2BFHEwKppg2BpJgY7juaZW%2F7ys5KWV8vtdOQISOrB1mHwEtxjK%2BIVKrRGrpqLJ2Ek%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 cf-ray 7ee08f0a3ded0e64-AMS alt-svc h3=":443"; ma=86400 expires Sat, 29 Jul 2023 09:01:32 GMT
OPTIONS H2	200	dyhskkhemockrodwyxmcrlfdemwaiznrbunpimubtzyeln ru-anyxnxx.com/	0 0	174ms 91ms	Preflight text/html	2606:4700:3033::6815:113a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ru-anyxnxx.com/dyhskkhemockrodwyxmcrlfdemwaiznrbunpimubtzyeln Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::6815:113a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash Request headers Accept / Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://sknieiproet.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept access-control-allow-origin * allow POST alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7ee08f0bfe740b5c-AMS content-encoding br content-type text/html; charset=utf-8 date Fri, 28 Jul 2023 22:29:04 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8s%2F11WT3khdMdc3DgxWwzytVd8bQvNS5z2%2BHE8j%2BTEeoh35kEOj7NXTLEWKnfE4g%2BJAKQQAHeEYmKWVr14s6wK0xDmleO5fUQ%2FOiB9BkPQtKSO8zSYwbBdsM3Q%2FUp8fd9jg43YapDYIil7bkdw%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare x-powered-by Express
POST H2	200	dyhskkhemockrodwyxmcrlfdemwaiznrbunpimubtzyeln Show response ru-anyxnxx.com/	46 B 394 B	225ms 224ms	XHR application/json	2606:4700:3033::6815:113a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ru-anyxnxx.com/dyhskkhemockrodwyxmcrlfdemwaiznrbunpimubtzyeln Requested by Host: sknieiproet.com URL: https://sknieiproet.com/44n5s2on0spz.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::6815:113a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `adfbc98dba8bfaf9455189f0c8585f73e15c1322c0b6bfa6405971373646b22e` Request headers Accept application/json, text/plain, / Referer https://sknieiproet.com/ accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Content-Type application/json Response headers date Fri, 28 Jul 2023 22:29:04 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"2e-MbzoxoH+X7zFFQkXkID0NUK6fno" x-powered-by Express report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X5NbbvYmbbaCesGvXBfT6hl7%2Bs0YF4OiGkq%2BwgPQn9k9%2FMqjHVR5mCnYbxHiwKDrR%2Fo%2FI%2BPcEdI2hv73MabRFYbD2yvFyCUuaEZs13i1wTo7epd%2F61%2BJcKLK9bkJa%2BakTeWVrQ7pQ1%2BR73Yq1w%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 access-control-allow-origin * cf-ray 7ee08f0c8f580b5c-AMS access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept content-length 46 alt-svc h3=":443"; ma=86400
GET DATA	200 OK	truncated /	291 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `23341256db7f44b1f3811880fa2bae6b7748bbf6b62c544a162e38cf0d5c5082` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	61 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `42c062de8dcd760b409c57fb256a68db9435008f1097d3940131ee0ac9a43d27` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	122 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `9a75f8cc40bbe9c9499e7b2d3bab98a447685a361489357a111479517005c954` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `fc9e6260a2706ae146282d77e67bc1b74688435f8912ab4c1932641eec28bffa` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	11 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6cb869df089146c12efb5e9c968e911c314842624ba6f052a11346ac734cadc8` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	33 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a59657d4f7db10fefd0c0812bc93e00fa5bb4469b7ab55cebd41a0a9961f8e44` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ae9f6c61e25d15882bf57bde193d10d375bd315c9741cabda11d700fd1bb7dd1` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Content-Type image/png
POST H3	200	cmighfwvelprccoqk Show response ru-anyxnxx.com/	71 B 583 B	442ms 442ms	XHR application/json	2606:4700:3033::6815:113a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ru-anyxnxx.com/cmighfwvelprccoqk Requested by Host: sknieiproet.com URL: https://sknieiproet.com/44n5s2on0spz.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:113a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `0712ee07f07f3e420019e10c60a85e1b4de28d002e940c9573c032655eedb332` Request headers Accept application/json, text/plain, / Referer https://sknieiproet.com/ accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Content-Type application/json Response headers date Fri, 28 Jul 2023 22:29:04 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express etag W/"47-1eE9QQzGxCTPnyT1J1mv7hSGWEM" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2xMAjlV7NwxLIe4KdP7YREEuVxOCjsQy0rxBilIHUj%2Bh4PR%2FZQUokU%2FmIo7ULdvzDzfWD9gPtptjJ16cLQD32JG%2FsHfA2OjTPcu2%2FaxxZfMDANSh1Ffs61OrrEVZbs9%2BCkxsNggzRM8psR7emg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 access-control-allow-origin * cf-ray 7ee08f0e7aba0c25-AMS access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept alt-svc h3=":443"; ma=86400
OPTIONS H3	200	cmighfwvelprccoqk ru-anyxnxx.com/	0 0	56ms 56ms	Preflight text/html	2606:4700:3033::6815:113a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ru-anyxnxx.com/cmighfwvelprccoqk Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:113a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash Request headers Accept / Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://sknieiproet.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept access-control-allow-origin * allow POST alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7ee08f0e2a9f0c25-AMS content-encoding br content-type text/html; charset=utf-8 date Fri, 28 Jul 2023 22:29:04 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vXBdnxDqfznG2e2pvMta362Waj4oXDFw%2F%2BHwDdfkKnXCPGvzWMnHFr5yJtVQvrP21Ppq4fnQzdh%2BVhWx9v4vYDzUdGOEUUV53fzxzW1XpoLkcpRBMoeYBqQz7alo1PsxHxpAf33C6ajZZJDiJw%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare x-powered-by Express
OPTIONS H3	200	cyskhloweirncjgyk ru-anyxnxx.com/	0 0	44ms 43ms	Preflight text/html	2606:4700:3033::6815:113a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ru-anyxnxx.com/cyskhloweirncjgyk Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:113a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash Request headers Accept / Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://sknieiproet.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept access-control-allow-origin * allow POST alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7ee08f1dc86a0c25-AMS content-encoding br content-type text/html; charset=utf-8 date Fri, 28 Jul 2023 22:29:06 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m5vl3pqlk4n0NVzMxKOI6wtdXPD4woNgpy6hpyJAYZK7cIpBeDV8%2BzuPdJc%2FOQR%2Frhf%2Bai5qmKwgP2qggUWXCeditsbxT4u06sQ3BQeTjhE82M8GRRjlbWirX9VYM4iYGINDCqkXfYDw%2BagF%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare x-powered-by Express
POST H3	200	cyskhloweirncjgyk Show response ru-anyxnxx.com/	12 B 525 B	179ms 178ms	XHR application/json	2606:4700:3033::6815:113a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ru-anyxnxx.com/cyskhloweirncjgyk Requested by Host: sknieiproet.com URL: https://sknieiproet.com/44n5s2on0spz.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:113a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e` Request headers Accept application/json, text/plain, / Referer https://sknieiproet.com/ accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Content-Type application/json Response headers date Fri, 28 Jul 2023 22:29:07 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"c-W8b47RZH5mUQPFFL7w2Ud28rDAA" x-powered-by Express report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hz53PhrnwsTg4eAvhehyk7hqvxyPOHGUpc4Cs%2Fg2i%2Bs%2BN%2BmWSKXo95ZzAm%2BidKufgJAIr7tDnmQKSehEQEEi%2F2SZZcsv5kkmc97EZisj%2FWnRQuIbcZIdERLzx%2BbAVs9e4sRcEAHsBzx6cBOBMw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 access-control-allow-origin * cf-ray 7ee08f1e187f0c25-AMS access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept content-length 12 alt-svc h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Steam (Gaming)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| m0_0xa2c0 function| m0_0x3eb0 function| cl

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ru-anyxnxx.com
sknieiproet.com
2606:4700:3033::6815:113a
2a06:98c1:3121::3
0712ee07f07f3e420019e10c60a85e1b4de28d002e940c9573c032655eedb332
23341256db7f44b1f3811880fa2bae6b7748bbf6b62c544a162e38cf0d5c5082
42c062de8dcd760b409c57fb256a68db9435008f1097d3940131ee0ac9a43d27
587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e
6cb869df089146c12efb5e9c968e911c314842624ba6f052a11346ac734cadc8
7abd685c8ae78e7d50448c0bb5c1d1446004ebb1c8b501db544b10f46a15e520
9a75f8cc40bbe9c9499e7b2d3bab98a447685a361489357a111479517005c954
a59657d4f7db10fefd0c0812bc93e00fa5bb4469b7ab55cebd41a0a9961f8e44
adfbc98dba8bfaf9455189f0c8585f73e15c1322c0b6bfa6405971373646b22e
ae9f6c61e25d15882bf57bde193d10d375bd315c9741cabda11d700fd1bb7dd1
afc16565d6ee22bbd8127874b7ba0c561bf76fb89da8479f61a2b61d02871e36
fc9e6260a2706ae146282d77e67bc1b74688435f8912ab4c1932641eec28bffa

sknieiproet.com Open in urlscan Pro 2a06:98c1:3121::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

8 Requests

100 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

429 kBTransfer

1301 kBSize

0 Cookies

7 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Indicators

sknieiproet.com Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

429 kB
Transfer

1301 kB
Size

0
Cookies

8 HTTP transactions
7 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!