sknieiproet.com Open in urlscan Pro
2a06:98c1:3120::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://sknieiproet.com/44yo011te5tq.html
Submission: On July 22 via api (July 22nd 2023, 10:59:34 pm UTC) from JP — Scanned from NL

Summary HTTP 8 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 8 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is sknieiproet.com.
TLS certificate: Issued by E1 on July 8th 2023. Valid for: 3 months.

This is the only time sknieiproet.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Steam (Gaming)

Domain & IP information

	IP Address	AS Autonomous System
2	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700:303... 2606:4700:3036::ac43:dec3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	3

2 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

sknieiproet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:3036::ac43:dec3 (United States)

ASN13335 (CLOUDFLARENET, US)

ru-anyxnxx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	ru-anyxnxx.com ru-anyxnxx.com	1 KB
2	sknieiproet.com sknieiproet.com	428 KB
8	2

	Domain	Requested by
6	ru-anyxnxx.com	sknieiproet.com
2	sknieiproet.com	sknieiproet.com
8	2

This site contains links to these domains. Also see Links.

Domain
store.steampowered.com
steamcommunity.com
help.steampowered.com

Subject Issuer	Validity	Valid
sknieiproet.com E1	`2023-07-08` - `2023-10-06`	3 months	crt.sh
ru-anyxnxx.com GTS CA 1P5	`2023-07-19` - `2023-10-17`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://sknieiproet.com/44yo011te5tq.html
Frame ID: 1AACCDE33A73EAD890025B55CDAFF315
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign In

Page Statistics

8
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

429 kB
Transfer

1301 kB
Size

0
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://store.steampowered.com/
Title: STORE

Search URL Search Domain Scan URL

URL: https://steamcommunity.com/
Title: COMMUNITY

Search URL Search Domain Scan URL

URL: https://store.steampowered.com/about/
Title: ABOUT

Search URL Search Domain Scan URL

URL: https://help.steampowered.com/
Title: SUPPORT

Search URL Search Domain Scan URL

URL: https://help.steampowered.com/wizard/HelpWithLogin
Title: Help, I can't sign in

Search URL Search Domain Scan URL

URL: https://store.steampowered.com/mobile
Title: Steam Mobile App

Search URL Search Domain Scan URL

URL: https://store.steampowered.com/join
Title: Join Steam

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
7 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request 44yo011te5tq.html Show response sknieiproet.com/	51 KB 30 KB	296ms 215ms	Document text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sknieiproet.com/44yo011te5tq.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `afc16565d6ee22bbd8127874b7ba0c561bf76fb89da8479f61a2b61d02871e36` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7eaf4b5bcdf0b761-AMS content-encoding br content-type text/html date Sat, 22 Jul 2023 22:59:29 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AddLNueDlm6wnBVFAkFITappconbu5GHYutl7kwYZzTLY1SA2L%2BhCIhyoMZLJK%2BDqLimE%2BAluC1NaBowTmt3PL670Ik5D7DzqwS29u%2BZhy01VpABw6oxhn5yS7B23prX4HcEQIEL88fbEO4iiVk%3D"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H2	200	44n5s2on0spz.js Show response sknieiproet.com/	1 MB 398 KB	39ms 39ms	Script application/javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sknieiproet.com/44n5s2on0spz.js Requested by Host: sknieiproet.com URL: https://sknieiproet.com/44yo011te5tq.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7abd685c8ae78e7d50448c0bb5c1d1446004ebb1c8b501db544b10f46a15e520` Request headers accept-language nl-NL,nl;q=0.9 Referer https://sknieiproet.com/44yo011te5tq.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Response headers date Sat, 22 Jul 2023 22:59:29 GMT content-encoding br cf-cache-status HIT last-modified Sun, 18 Jun 2023 20:53:04 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 37626 etag W/"648f6eb0-10d87c" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FZakutT%2BCHBXzMWTUMzUedEZYJUVswu2d%2F60fAp7%2FrJv7BSZ%2FuZb2Bz2Zh92sxTl9ICgoi552FyfHWL6RaT9u%2FIujRdtDhFupXOECUh6K9c3nMTswx8uIvyUTZZDtdy6%2BNtD9g%2FUOHKJHH5orQw%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 cf-ray 7eaf4b5dbfe4b761-AMS alt-svc h3=":443"; ma=86400 expires Sun, 23 Jul 2023 12:32:23 GMT
OPTIONS H2	200	duxmpmbbcormkvstklmvkoirinmahnedqdqaitkwcdpjhn ru-anyxnxx.com/	0 0	205ms 122ms	Preflight text/html	2606:4700:3036::ac43:dec3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ru-anyxnxx.com/duxmpmbbcormkvstklmvkoirinmahnedqdqaitkwcdpjhn Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:dec3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash Request headers Accept / Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://sknieiproet.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Response headers access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept access-control-allow-origin * allow POST alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7eaf4b5f994cb73d-AMS content-encoding br content-type text/html; charset=utf-8 date Sat, 22 Jul 2023 22:59:29 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LN%2FS2V7pIzuudEuV5F3nqX9GIQbb3bvIbIczkfQcJ4US%2FaAyyZ7cNOiWKmxZcX%2B91ha5XP9g9A8CPwgL38pTiyQoXTBfDM9g6ftvamDsmoTpkSjixnJ6mrK0NKYhegthHF86F9VgMjUb6RWT7g%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare x-powered-by Express
POST H2	200	duxmpmbbcormkvstklmvkoirinmahnedqdqaitkwcdpjhn Show response ru-anyxnxx.com/	46 B 413 B	262ms 261ms	XHR application/json	2606:4700:3036::ac43:dec3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ru-anyxnxx.com/duxmpmbbcormkvstklmvkoirinmahnedqdqaitkwcdpjhn Requested by Host: sknieiproet.com URL: https://sknieiproet.com/44n5s2on0spz.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:dec3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `adfbc98dba8bfaf9455189f0c8585f73e15c1322c0b6bfa6405971373646b22e` Request headers Accept application/json, text/plain, / Referer https://sknieiproet.com/ accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Content-Type application/json Response headers date Sat, 22 Jul 2023 22:59:30 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"2e-MbzoxoH+X7zFFQkXkID0NUK6fno" x-powered-by Express report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x75qPOPHknk5IRKGQf%2BVtZXaXVMo8apatewZiakmc%2ByKD055DmUr3OaIiOEUEvvwEhJeMfufSZUaFKqKyMM5yxhs%2B5Bx6PNCoQqn0%2FnULSV6JaKeTnI%2BdltXJA9ReBjapzSyy%2FGCd1JE6ykLNw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 access-control-allow-origin * cf-ray 7eaf4b6069f3b73d-AMS access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept content-length 46 alt-svc h3=":443"; ma=86400
GET DATA	200 OK	truncated /	291 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `23341256db7f44b1f3811880fa2bae6b7748bbf6b62c544a162e38cf0d5c5082` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	61 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `42c062de8dcd760b409c57fb256a68db9435008f1097d3940131ee0ac9a43d27` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	122 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `9a75f8cc40bbe9c9499e7b2d3bab98a447685a361489357a111479517005c954` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `fc9e6260a2706ae146282d77e67bc1b74688435f8912ab4c1932641eec28bffa` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	11 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6cb869df089146c12efb5e9c968e911c314842624ba6f052a11346ac734cadc8` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	33 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a59657d4f7db10fefd0c0812bc93e00fa5bb4469b7ab55cebd41a0a9961f8e44` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ae9f6c61e25d15882bf57bde193d10d375bd315c9741cabda11d700fd1bb7dd1` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Response headers Content-Type image/png
POST H3	200	cvrthlkdewphckauk Show response ru-anyxnxx.com/	71 B 583 B	394ms 393ms	XHR application/json	2606:4700:3036::ac43:dec3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ru-anyxnxx.com/cvrthlkdewphckauk Requested by Host: sknieiproet.com URL: https://sknieiproet.com/44n5s2on0spz.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:dec3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `43074637a7e45c70b5a2f36711884bae64ed6a8ca02cb268048ebd66a8cda674` Request headers Accept application/json, text/plain, / Referer https://sknieiproet.com/ accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Content-Type application/json Response headers date Sat, 22 Jul 2023 22:59:30 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express etag W/"47-dn3Bu5B0AdBOTxOZKcPzEK751Y4" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h7sPVBxFkDBs2Llh9n2q3%2B7SWEPCKZ%2BLB2THayd6ThsAIBE3qNz3%2BWpDVjAXsLvq3ZxPgGIq%2FyZSaYTTnfOFN7DlQP2XSeCouoDKqZdfBWHU9d68tiDtphXcKhDo9IM2XgiEgvUujLkZZ8sZ5w%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 access-control-allow-origin * cf-ray 7eaf4b629c02b966-AMS access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept alt-svc h3=":443"; ma=86400
OPTIONS H3	200	cvrthlkdewphckauk ru-anyxnxx.com/	0 0	55ms 54ms	Preflight text/html	2606:4700:3036::ac43:dec3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ru-anyxnxx.com/cvrthlkdewphckauk Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:dec3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash Request headers Accept / Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://sknieiproet.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Response headers access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept access-control-allow-origin * allow POST alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7eaf4b623bb4b966-AMS content-encoding br content-type text/html; charset=utf-8 date Sat, 22 Jul 2023 22:59:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GYsZggKoXb1%2Bea4nM6u6UKWiDvTxpdrQv7PJLYAOKdh%2Fxofs44e5xLiyBULqLQV3nH5Cq5vSRjN7w5ARAPuPNDh3PIxNrxLBdQGQo18E9lEjN9Asbf3Ey7%2FUuJBlWDXITm0Qe5VdBhlOd%2BinWA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare x-powered-by Express
POST H3	200	cxrchqqkenlfceuck Show response ru-anyxnxx.com/	12 B 519 B	186ms 186ms	XHR application/json	2606:4700:3036::ac43:dec3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ru-anyxnxx.com/cxrchqqkenlfceuck Requested by Host: sknieiproet.com URL: https://sknieiproet.com/44n5s2on0spz.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:dec3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e` Request headers Accept application/json, text/plain, / Referer https://sknieiproet.com/ accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Content-Type application/json Response headers date Sat, 22 Jul 2023 22:59:32 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"c-W8b47RZH5mUQPFFL7w2Ud28rDAA" x-powered-by Express report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i89zoNLac6lnVrdEzFtAgWn9PEBUPre2oY47yYe1ZrnLPkKhYDPa0v%2BxGkCWfBlNQsf1FJAqGo4rcvBK4QCHoZL9hoiGsGOi4QfnORRbDvM%2FXJ294b7YrADfAeNeiDrG%2BZbUoRxrBJuU1%2BIjxg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 access-control-allow-origin * cf-ray 7eaf4b71da03b966-AMS access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept content-length 12 alt-svc h3=":443"; ma=86400
OPTIONS H3	200	cxrchqqkenlfceuck ru-anyxnxx.com/	0 0	46ms 46ms	Preflight text/html	2606:4700:3036::ac43:dec3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ru-anyxnxx.com/cxrchqqkenlfceuck Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:dec3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash Request headers Accept / Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://sknieiproet.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Response headers access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept access-control-allow-origin * allow POST alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7eaf4b7199c3b966-AMS content-encoding br content-type text/html; charset=utf-8 date Sat, 22 Jul 2023 22:59:32 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7GCmtG%2BgDjw0YOnJGIRmujVddTGuClY7N4L1nMFpVoPmj1qzNF3%2B9Z%2B9aXCzpjfkFItTSpdMuQtsIv8Sg58djamn0ikFRAhWaPTi%2FD2j4O7WnkLvVXQOvuEXj%2FGLx%2F145nyujvmVPysrrL4iEg%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare x-powered-by Express

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Steam (Gaming)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| m0_0xa2c0 function| m0_0x3eb0 function| cl

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ru-anyxnxx.com
sknieiproet.com
2606:4700:3036::ac43:dec3
2a06:98c1:3120::3
23341256db7f44b1f3811880fa2bae6b7748bbf6b62c544a162e38cf0d5c5082
42c062de8dcd760b409c57fb256a68db9435008f1097d3940131ee0ac9a43d27
43074637a7e45c70b5a2f36711884bae64ed6a8ca02cb268048ebd66a8cda674
587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e
6cb869df089146c12efb5e9c968e911c314842624ba6f052a11346ac734cadc8
7abd685c8ae78e7d50448c0bb5c1d1446004ebb1c8b501db544b10f46a15e520
9a75f8cc40bbe9c9499e7b2d3bab98a447685a361489357a111479517005c954
a59657d4f7db10fefd0c0812bc93e00fa5bb4469b7ab55cebd41a0a9961f8e44
adfbc98dba8bfaf9455189f0c8585f73e15c1322c0b6bfa6405971373646b22e
ae9f6c61e25d15882bf57bde193d10d375bd315c9741cabda11d700fd1bb7dd1
afc16565d6ee22bbd8127874b7ba0c561bf76fb89da8479f61a2b61d02871e36
fc9e6260a2706ae146282d77e67bc1b74688435f8912ab4c1932641eec28bffa

sknieiproet.com Open in urlscan Pro 2a06:98c1:3120::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

8 Requests

100 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

429 kBTransfer

1301 kBSize

0 Cookies

7 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Indicators

sknieiproet.com Open in urlscan Pro
2a06:98c1:3120::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

429 kB
Transfer

1301 kB
Size

0
Cookies

8 HTTP transactions
7 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!