www.amwd.online Open in urlscan Pro
139.144.28.216 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.amwd.online/4cvRhk108MPCV23zaoehzdevs108BKOWIKBGYULFWTS332/113451d9
Effective URL:
http://www.amwd.online/news?q=Not%20allowed!%20list
Submission Tags: @phish_report
Submission: On September 01 via api (September 1st 2023, 11:36:47 pm UTC) from FI — Scanned from FI

Summary HTTP 4 Redirects Links 25 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 4 HTTP transactions. The main IP is 139.144.28.216, located in Atlanta, United States and belongs to AKAMAI-LINODE-AP Akamai Connected Cloud, SG. The main domain is www.amwd.online.

This is the only time www.amwd.online was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

	IP Address	AS Autonomous System
3	139.144.28.216 139.144.28.216	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
1 1	151.101.194.132 151.101.194.132	54113 (FASTLY) (FASTLY)
1	2a02:26f0:310... 2a02:26f0:3100:38b::2313	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2

3 139.144.28.216 (Atlanta, United States)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 139-144-28-216.ip.linodeusercontent.com

www.amwd.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.132 (United States) 1 redirects

ASN54113 (FASTLY, US)

feeds.foxnews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3100:38b::2313 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

moxie.foxnews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	amwd.online www.amwd.online	5 KB
2	foxnews.com 1 redirects feeds.foxnews.com — Cisco Umbrella Rank: 322931 moxie.foxnews.com — Cisco Umbrella Rank: 62146	41 KB
4	2

	Domain	Requested by
3	www.amwd.online	www.amwd.online
1	moxie.foxnews.com
1	feeds.foxnews.com	1 redirects
4	3

This site contains links to these domains. Also see Links.

Domain
www.foxnews.com

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://www.amwd.online/news?q=Not%20allowed!%20list
Frame ID: F8CD52CA497F72AF5C882D03E5B29F26
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Fox News World RSS Feed - mx06-out.cloud.vadesecure.com

Page URL History Show full URLs

http://www.amwd.online/4cvRhk108MPCV23zaoehzdevs108BKOWIKBGYULFWTS332/113451d9 Page URL
http://www.amwd.online/t/4cvRhk108MPCV23zaoehzdevs108BKOWIKBGYULFWTS332/113451d9 Page URL
http://www.amwd.online/news?q=Not%20allowed!%20list Page URL

Page Statistics

4
Requests

0 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

45 kB
Transfer

138 kB
Size

0
Cookies

25 Outgoing links

These are links going to different origins than the main page.

URL: https://www.foxnews.com/world/united-kingdom-serial-burglar-1-million-crime-binge-caught-because-apple-airtag-gets-years-prison
Title: Serial burglar in $1 million crime binge caught because of Apple AirTag gets 6 years in prison

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/us-warns-isis-return-critics-accuse-syrias-assad-stirring-ethnic-tensions
Title: US warns of ISIS return as critics accuse Syria's Assad of stirring 'ethnic' tensions

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/9-soldiers-dead-syria-attacks-al-qaida-linked-militants-rise-northwest-activists-say
Title: 9 soldiers dead in Syria as attacks by al-Qaida-linked militants rise in the Northwest, activists say

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/russias-students-return-school-face-new-patriotism-boosting-lessons-kremlin-continues-war-ukraine
Title: Russia’s students return to school, face new patriotism-boosting lessons as Kremlin continues war in Ukraine

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/over-2000-russian-troops-take-part-military-exercises-belarus-near-borders-nato-countries
Title: Over 2,000 Russian troops take part in military exercises in Belarus near borders of NATO countries

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/wagner-group-flag-seen-flying-prigozhin-crash-site-russia
Title: Wagner Group flag seen flying at Prigozhin crash site in Russia

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/18-suspected-gang-members-killed-south-african-police-shootout
Title: 18 suspected gang members killed in South African police shootout

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/thailands-king-reduces-prison-sentence-former-prime-minister-thaksin-shinawatra-single-year
Title: Thailand's king reduces prison sentence of former Prime Minister Thaksin Shinawatra to a single year

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/emergency-services-now-begin-identifying-remains-south-african-fire-left-least-74-dead
Title: Emergency services must now begin identifying remains from South African fire that left at least 74 dead

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/tourists-shot-dead-riding-jet-skis-unfriendly-countrys-sea-border
Title: Tourists shot dead after riding jet skis across unfriendly country's sea border

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/zelenskyy-ukraine-developed-400-mile-range-weapons-strike-russian-airport
Title: Zelenskyy says Ukraine has developed 400-mile range weapons following strike on Russian airport

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/killing-endangered-brown-bear-near-national-park-leaves-2-cubs-motherless-sparks-outrage-italy
Title: Killing of endangered brown bear near national park leaves 2 cubs motherless, sparks outrage in Italy

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/british-government-orders-over-100-schools-keep-buildings-closed-due-aging-concrete-concerns
Title: British government orders over 100 schools to keep buildings closed due to concerns over aging concrete

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/violence-during-congolese-protests-leads-over-40-deaths-56-injuries
Title: Violence during Congolese protests leads to over 40 deaths, 56 injuries

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/local-elections-open-russia-controlled-regions-ukraine
Title: Local elections open in Russia-controlled regions of Ukraine

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/israel-unveils-advanced-surveillance-plane-ai-powered-sensors-unprecedented
Title: Israel unveils 'most advanced' surveillance plane with AI-powered sensors: 'Unprecedented'

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/us-military-urges-halt-clashes-eastern-syria-concerns-isis-resurgence
Title: US military urges halt to clashes in eastern Syria amid concerns of ISIS resurgence

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/chinese-cities-introduce-measures-boost-real-estate-sector
Title: Chinese cities introduce measures to boost real estate sector

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/australia-introduces-law-empowering-gig-workers-negotiate-minimum-pay-conditions
Title: Australia introduces law empowering gig workers to negotiate minimum pay and conditions

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/uber-launches-electric-bike-service-kenya-aiming-emissions-free-platform-2040
Title: Uber launches electric bike service in Kenya, aiming for emissions-free platform by 2040

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/us-denies-blocking-chip-sales-middle-east
Title: US denies blocking chip sales to Middle East

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/allegiant-air-raises-concerns-mexican-governments-transparency-flight-operations
Title: Allegiant air raises concerns about Mexican government's transparency on flight operations

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/iran-accuses-israel-sabotaging-ballistic-missile-program-sending-faulty-parts
Title: Iran accuses Israel of sabotaging its ballistic missile program by sending faulty parts

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/airstrike-southern-syria-hits-alleged-drug-factory
Title: Airstrike on southern Syria hits alleged drug factory

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/greece-sends-100-more-firefighters-countrys-northeast-blaze-flares-13th-day
Title: Greece sends 100 more firefighters to country's northeast as blaze flares up in 13th day

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.amwd.online/4cvRhk108MPCV23zaoehzdevs108BKOWIKBGYULFWTS332/113451d9 Page URL
http://www.amwd.online/t/4cvRhk108MPCV23zaoehzdevs108BKOWIKBGYULFWTS332/113451d9 Page URL
http://www.amwd.online/news?q=Not%20allowed!%20list Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://feeds.foxnews.com/foxnews/world HTTP 301
https://moxie.foxnews.com/google-publisher/world.xml

4 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	113451d9 Show response www.amwd.online/4cvRhk108MPCV23zaoehzdevs108BKOWIKBGYULFWTS332/	458 B 712 B	351ms 151ms	Document text/html	139.144.28.216 AKAMAI-LINODE-AP ...
General Check archive.org Show headers Download Go to Full URL http://www.amwd.online/4cvRhk108MPCV23zaoehzdevs108BKOWIKBGYULFWTS332/113451d9 Protocol HTTP/1.1 Server 139.144.28.216 Atlanta, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG), Reverse DNS 139-144-28-216.ip.linodeusercontent.com Software / Resource Hash `0f3a07f36d6bddee418f7d7548bc165b09817e10764a359d2773388cdec9ff8a` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers Content-Length 458 Content-Type text/html; charset=utf-8 Date Fri, 01 Sep 2023 23:36:42 GMT X-Address gin_throttle_mw_360000000000_185.212.149.206 X-Ratelimit-Limit 10 X-Ratelimit-Remaining 9 X-Ratelimit-Reset 1693615002
GET H/1.1	200 OK	113451d9 Show response www.amwd.online/t/4cvRhk108MPCV23zaoehzdevs108BKOWIKBGYULFWTS332/	182 B 436 B	311ms 310ms	Document text/html	139.144.28.216 AKAMAI-LINODE-AP ...
General Check archive.org Show headers Download Go to Full URL http://www.amwd.online/t/4cvRhk108MPCV23zaoehzdevs108BKOWIKBGYULFWTS332/113451d9 Requested by Host: www.amwd.online URL: http://www.amwd.online/4cvRhk108MPCV23zaoehzdevs108BKOWIKBGYULFWTS332/113451d9 Protocol HTTP/1.1 Server 139.144.28.216 Atlanta, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG), Reverse DNS 139-144-28-216.ip.linodeusercontent.com Software / Resource Hash `5c617bcac438974c13e0f98c1bb7c1580af07aa66d94c68102fb5803d293171e` Request headers Referer http://www.amwd.online/4cvRhk108MPCV23zaoehzdevs108BKOWIKBGYULFWTS332/113451d9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers Content-Length 182 Content-Type text/html; charset=utf-8 Date Fri, 01 Sep 2023 23:36:43 GMT X-Address gin_throttle_mw_360000000000_185.212.149.206 X-Ratelimit-Limit 10 X-Ratelimit-Remaining 8 X-Ratelimit-Reset 1693615002
GET H/1.1	200 OK	Primary Request news Show response www.amwd.online/	3 KB 3 KB	151ms 151ms	Document text/html	139.144.28.216 AKAMAI-LINODE-AP ...
General Check archive.org Show headers Download Go to Full URL http://www.amwd.online/news?q=Not%20allowed!%20list Requested by Host: www.amwd.online URL: http://www.amwd.online/t/4cvRhk108MPCV23zaoehzdevs108BKOWIKBGYULFWTS332/113451d9 Protocol HTTP/1.1 Server 139.144.28.216 Atlanta, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG), Reverse DNS 139-144-28-216.ip.linodeusercontent.com Software / Resource Hash `9518be2369ca857b90cf6be1065b054b9e094e0de80945a601ab1dec1017c772` Request headers Referer http://www.amwd.online/t/4cvRhk108MPCV23zaoehzdevs108BKOWIKBGYULFWTS332/113451d9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers Content-Type text/html; charset=utf-8 Date Fri, 01 Sep 2023 23:36:44 GMT Transfer-Encoding chunked X-Address gin_throttle_mw_360000000000_185.212.149.206 X-Ratelimit-Limit 10 X-Ratelimit-Remaining 7 X-Ratelimit-Reset 1693615002
GET H2	200	world.xml Show response moxie.foxnews.com/google-publisher/ Redirect Chain https://feeds.foxnews.com/foxnews/world https://moxie.foxnews.com/google-publisher/world.xml	134 KB 41 KB	314ms 82ms	Fetch text/xml	2a02:26f0:3100:38b::2313 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://moxie.foxnews.com/google-publisher/world.xml Protocol H2 Server 2a02:26f0:3100:38b::2313 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Express Resource Hash `da8d83b4a73ad094036779be5c7d8bfb3bc08e6d35be4463df552362c0849e55` Request headers accept-language fi-FI,fi;q=0.9 Referer http://www.amwd.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers x-cache-hits 0, 805, 1 date Fri, 01 Sep 2023 23:36:45 GMT content-encoding gzip x-amzn-remapped-content-length 137272 x-moxiev2-version 1.0.0 x-origin prod_moxie x-powered-by Express x-amzn-requestid dabb76d9-9c49-4b64-9767-c9ce72c4de4d x-amz-apigw-id KmayzHmkoAMEQnw= content-length 40779 x-served-by cache-iad-kiad7000170-IAD, cache-iad-kiad7000170-IAD, cache-fra-etou8220057-FRA x-forwarded-host moxie.foxnews.com x-timer S1693611405.395509,VS0,VE1 etag W/"21838-kDrPOvgDBb2hDu741tltrYlk1Ho" x-amzn-trace-id Root=1-64f271ab-48ee3c8278cd3f774148c41d;Sampled=0;lineage=5b3254cd:0 vary Accept-Encoding access-control-allow-methods GET,POST,OPTIONS content-type text/xml; charset=utf-8 access-control-allow-origin * cache-control public, max-age=26 access-control-allow-credentials false access-control-max-age 86400 accept-ranges bytes x-debug-path /prod/fn/google-publisher/world.xml access-control-allow-headers * expires Fri, 01 Sep 2023 23:37:11 GMT Redirect headers date Fri, 01 Sep 2023 23:36:45 GMT via 1.1 varnish x-cache HIT content-length 0 x-served-by cache-hel1410024-HEL x-timer S1693611405.101026,VS0,VE0 access-control-max-age 86400 access-control-allow-methods GET,HEAD,POST,OPTIONS location https://moxie.foxnews.com/google-publisher/world.xml access-control-allow-origin * access-control-expose-headers etag access-control-allow-credentials false accept-ranges bytes access-control-allow-headers * retry-after 0 x-cache-hits 0

Verdicts & Comments Add Verdict or Comment

Malicious page.url
Submitted on September 1st 2023, 11:37:33 pm UTC — From United States

Threats: Malware Unwanted Software Potentially Harmful Application
Comment: MALWARE: http://www.amwd.online/4cvRhk108MPCV23zaoehzdevs108BKOWIKBGYULFWTS332/113451d9 sent by RUSSIAN BOTNET using harvested emails and malicious websites: http://www.amwd.online https://tinyurl.com/25qksosn https://tinyurl.com/25qksosn https://tinyurl.com/25qksosn https://tinyurl.com/25qksosn https://tinyurl.com/25qksosn http://liquidlearninggroup.com http://filteringirs.com http://sedgwickx.com https://www.sornonline.com http://chakirin.com http://livisaing.com

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

feeds.foxnews.com
moxie.foxnews.com
www.amwd.online
139.144.28.216
151.101.194.132
2a02:26f0:3100:38b::2313
0f3a07f36d6bddee418f7d7548bc165b09817e10764a359d2773388cdec9ff8a
5c617bcac438974c13e0f98c1bb7c1580af07aa66d94c68102fb5803d293171e
9518be2369ca857b90cf6be1065b054b9e094e0de80945a601ab1dec1017c772
da8d83b4a73ad094036779be5c7d8bfb3bc08e6d35be4463df552362c0849e55

www.amwd.online Open in urlscan Pro 139.144.28.216 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

4 Requests

0 %HTTPS

33 %IPv6

2 Domains

3 Subdomains

2 IPs

2 Countries

45 kBTransfer

138 kBSize

0 Cookies

25 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Malicious page.url Submitted on September 1st 2023, 11:37:33 pm UTC — From United States

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

0 JavaScript Global Variables

0 Cookies

Indicators

www.amwd.online Open in urlscan Pro
139.144.28.216 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

0 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

45 kB
Transfer

138 kB
Size

0
Cookies

4 HTTP transactions
0 data transactions

Malicious page.url
Submitted on September 1st 2023, 11:37:33 pm UTC — From United States

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!