www.logicalhandler.com Open in urlscan Pro
2.16.186.113 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://antoffrirmot.tk/
Effective URL:
http://www.logicalhandler.com/ZbflEf6M?clickid=5c2fa3c43aa2230001df8eda&source=46&r=650cf2f3-51f4-e711-a367-f7801280a94b&s=aeb...
Submission: On January 04 via manual (January 4th 2019, 6:20:02 pm UTC) from US

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 5 countries across 11 domains to perform 20 HTTP transactions. The main IP is 2.16.186.113, located in European Union and belongs to AKAMAI-ASN1, US. The main domain is www.logicalhandler.com.

This is the only time www.logicalhandler.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Fake Flash Update

Domain & IP information

	IP Address	AS Autonomous System
2 2	176.103.62.13 176.103.62.13	59729 (ITL-) (ITL-)
1 3	184.154.47.14 184.154.47.14	32475 (SINGLEHOP...) (SINGLEHOP-LLC - SingleHop LLC)
1 3	107.6.174.198 107.6.174.198	32475 (SINGLEHOP...) (SINGLEHOP-LLC - SingleHop LLC)
1	205.147.93.131 205.147.93.131	393676 (ZENEDGE) (ZENEDGE - Oracle Corporation)
1 2	107.23.120.125 107.23.120.125	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 1	54.172.94.62 54.172.94.62	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 1	212.92.39.34 212.92.39.34	24592 (NEXICA-AS) (NEXICA-AS)
1	212.32.250.4 212.32.250.4	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2 2	2.16.186.120 2.16.186.120	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	2.16.186.113 2.16.186.113	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	52.85.182.92 52.85.182.92	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
6	2.16.186.64 2.16.186.64	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
20	9

2 176.103.62.13 (Ukraine) 2 redirects

ASN59729 (ITL-, BG)

antoffrirmot.tk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 184.154.47.14 (Chicago, United States) 1 redirects

ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US)
PTR: server04.com-2.mobi

my.search-www.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 107.6.174.198 (Amsterdam, Netherlands) 1 redirects

ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US)
PTR: bigfish.setupcentral.network

in.clklinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.147.93.131 (North Miami Beach, United States)

ASN393676 (ZENEDGE - Oracle Corporation, US)

istric.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.23.120.125 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-107-23-120-125.compute-1.amazonaws.com

pop.bid	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.172.94.62 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-172-94-62.compute-1.amazonaws.com

usd.jehoiakim-fau.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.92.39.34 (Barcelona, Spain) 1 redirects

ASN24592 (NEXICA-AS, ES)

play.leadzupc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.32.250.4 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

adright.go2affise.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.16.186.120 (European Union) 2 redirects

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-120.deploy.static.akamaitechnologies.com

www.memoom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.16.186.113 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-113.deploy.static.akamaitechnologies.com

www.logicalhandler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.182.92 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-182-92.fra50.r.cloudfront.net

dfgftt4ecf1of.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2.16.186.64 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-64.deploy.static.akamaitechnologies.com

www.logicalhandler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	logicalhandler.com www.logicalhandler.com	105 KB
3	clklinks.com 1 redirects in.clklinks.com	4 KB
3	search-www.info 1 redirects my.search-www.info	5 KB
2	memoom.com 2 redirects www.memoom.com	2 KB
2	pop.bid pop.bid Failed	800 B
2	antoffrirmot.tk 2 redirects antoffrirmot.tk	918 B
1	cloudfront.net dfgftt4ecf1of.cloudfront.net	4 KB
1	go2affise.com adright.go2affise.com	505 B
1	leadzupc.com 1 redirects play.leadzupc.com	509 B
1	jehoiakim-fau.com 1 redirects usd.jehoiakim-fau.com	809 B
1	istric.com istric.com	3 KB
20	11

	Domain	Requested by
11	www.logicalhandler.com	www.logicalhandler.com
3	in.clklinks.com	1 redirects my.search-www.info in.clklinks.com
3	my.search-www.info	1 redirects my.search-www.info
2	www.memoom.com	2 redirects
2	pop.bid	istric.com
2	antoffrirmot.tk	2 redirects
1	dfgftt4ecf1of.cloudfront.net	www.logicalhandler.com
1	adright.go2affise.com	pop.bid
1	play.leadzupc.com	1 redirects
1	usd.jehoiakim-fau.com	1 redirects
1	istric.com
20	11

This site contains no links.

Subject Issuer	Validity	Valid
in.clklinks.com Let's Encrypt Authority X3	`2018-12-20` - `2019-03-20`	3 months	crt.sh
istric.com Let's Encrypt Authority X3	`2018-11-19` - `2019-02-17`	3 months	crt.sh
*.go2affise.com Go Daddy Secure Certificate Authority - G2	`2017-12-08` - `2019-12-08`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://www.logicalhandler.com/ZbflEf6M?clickid=5c2fa3c43aa2230001df8eda&source=46&r=650cf2f3-51f4-e711-a367-f7801280a94b&s=aebed87a-fc93-4448-8632-faef29418a5a&client=chrome&st=aHR0cDovL3d3dy5sb2dpY2FsaGFuZGxlci5jb20%253d&h=ShtBRBACEAsHBwgUAwEfCAZtBgYLCAoKBgEcCwACBggFAh8ICgMHBhMVEVlCGggKBgcJCwEBAggAFRVVEwMRBgcIUV8FUAIUBgFUDB9cAAcAFFIDBA8fXwAOAQgBCAJZCw1VFB0bX0BWGggbX0JFSQkfHU9FThlaXl5aU1NUWlhZUl1cQR5RV18bGxRCXhEKXE1eVRsUQVpaEggJAgEbFFJdQxIITEBMUks%253D&e=1&u=aHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tLzBhNDUvMzFjNjExMjYtMjQ4MS00N2Q2LTlmYjYtYjkxZGE4ZjUvNTU2OTc0YjctNTE3NS00ZTVhLTgzOWYtYzk3OTQwZjEvUGxheWVyLmRtZz9jbGlja2lkPTVjMmZhM2M0M2FhMjIzMDAwMWRmOGVkYSZzb3VyY2U9NDYmcj02NTBjZjJmMy01MWY0LWU3MTEtYTM2Ny1mNzgwMTI4MGE5NGImcz1hZWJlZDg3YS1mYzkzLTQ0NDgtODYzMi1mYWVmMjk0MThhNWEmY2xpZW50PWNocm9tZSZzdD1hSFIwY0RvdkwzZDNkeTVzYjJkcFkyRnNhR0Z1Wkd4bGNpNWpiMjAlMjUzZA%3d%3d
Frame ID: DB05923758A3CFEA348175FD4750989C
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://antoffrirmot.tk/ HTTP 302
http://antoffrirmot.tk/index/?mbR6DV HTTP 302
http://my.search-www.info/?utm_medium=4c23b9fecf7dfd895dfe0da99e857f3bee8e9d42&utm_campaign=80848 Page URL
http://my.search-www.info/?utm_term=6642708029030532096&clickverify=1&utm_content=e6c2c6dcd68fd49594fc... Page URL
http://my.search-www.info/proc.php?781c08badebe96e06d9e548eb6d12623ff6bfcda HTTP 302
https://in.clklinks.com/in.html?campaign=58500fec724faa9b59248365d547186e&s1=dvx&cid=664270802903053... Page URL
https://in.clklinks.com/in.php?campaign=58500fec724faa9b59248365d547186e&s1=dvx&cid=6642708029030532... Page URL
https://in.clklinks.com/out.php?v=38f805b98a5f7b7f477ab684e5819f2d HTTP 302
https://istric.com/portent/netbios/acl/1-17961-4534301f5fd104f1b0901a8c73d9560d?tvu=WW_MS&subid... Page URL
http://pop.bid/go/216668/456926 Page URL
http://pop.bid/ad/ad?p=216668&w=456926&t=c7d61751655a6c00&r=aHR0cHMlM0ElMkYlMkZpc3RyaWMuY29... HTTP 303
http://usd.jehoiakim-fau.com/zcvisitor/516e4c68-104d-11e9-a546-125a613b7fb8?campaignid=47378330-0461-11e9... HTTP 302
https://play.leadzupc.com/?m=GHPOP1545310252&offer_id=1095352&a=zr516e4c68104d11e9a546125a613b7fb8b38f... HTTP 302
https://adright.go2affise.com/click?pid=46&offer_id=315231&sub1=cfghzxda0&sub2=1546625989mb17758050238 Page URL
http://www.memoom.com/W7TwC8Enu6v0cF7OTmZ?clickid=5c2fa3c43aa2230001df8eda&source=46&e=3&r=650cf2f... HTTP 302
http://www.memoom.com/MfaGgrceaTk?clickid=5c2fa3c43aa2230001df8eda&source=46&r=650cf2f3-51f4-e711-... HTTP 302
http://www.logicalhandler.com/ZbflEf6M?clickid=5c2fa3c43aa2230001df8eda&source=46&r=650cf2f3-51f4-e711-a36... Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

20
Requests

20 %
HTTPS

0 %
IPv6

11
Domains

11
Subdomains

9
IPs

5
Countries

121 kB
Transfer

213 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://antoffrirmot.tk/ HTTP 302
http://antoffrirmot.tk/index/?mbR6DV HTTP 302
http://my.search-www.info/?utm_medium=4c23b9fecf7dfd895dfe0da99e857f3bee8e9d42&utm_campaign=80848 Page URL
http://my.search-www.info/?utm_term=6642708029030532096&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8db283b08186b684859a9ba999d9f0f3fafef6b0d8f8f4ba95d8dfe8dbdaefeced96919584e6e7d5e5cbcdc8c9fecececdc2f3c0c1c3c2c4c1fca8c8f9fefffcfdf2f3f0f1f6f7f0f5eaebe856 Page URL
http://my.search-www.info/proc.php?781c08badebe96e06d9e548eb6d12623ff6bfcda HTTP 302
https://in.clklinks.com/in.html?campaign=58500fec724faa9b59248365d547186e&s1=dvx&cid=6642708029030532096&pubid=1608 Page URL
https://in.clklinks.com/in.php?campaign=58500fec724faa9b59248365d547186e&s1=dvx&cid=6642708029030532096&pubid=1608&m=O1uvaSuoaF2vOmWMIoD1ZhcHD_HckaJdbndI-qE5hEGK4NPIeqPK4NdDet_z4n5lZSGle9pAkju7D7k5Ab533.5xxMidk4JAI_2AIBuMD4kMeq_cLed Page URL
https://in.clklinks.com/out.php?v=38f805b98a5f7b7f477ab684e5819f2d HTTP 302
https://istric.com/portent/netbios/acl/1-17961-4534301f5fd104f1b0901a8c73d9560d?tvu=WW_MS&subid=f5adef963902396f2a82901c3af718bd&ext1=dvx Page URL
http://pop.bid/go/216668/456926 Page URL
http://pop.bid/ad/ad?p=216668&w=456926&t=c7d61751655a6c00&r=aHR0cHMlM0ElMkYlMkZpc3RyaWMuY29tJTJG&vw=1600&vh=1200 HTTP 303
http://usd.jehoiakim-fau.com/zcvisitor/516e4c68-104d-11e9-a546-125a613b7fb8?campaignid=47378330-0461-11e9-8666-0ebb138d3962 HTTP 302
https://play.leadzupc.com/?m=GHPOP1545310252&offer_id=1095352&a=zr516e4c68104d11e9a546125a613b7fb8b38f14c2590b4adda6fbc4b31b3b6120035154c7fa644998b4&pubid=india-rom-fIYI2Hma HTTP 302
https://adright.go2affise.com/click?pid=46&offer_id=315231&sub1=cfghzxda0&sub2=1546625989mb17758050238 Page URL
http://www.memoom.com/W7TwC8Enu6v0cF7OTmZ?clickid=5c2fa3c43aa2230001df8eda&source=46&e=3&r=650cf2f3-51f4-e711-a367-f7801280a94b HTTP 302
http://www.memoom.com/MfaGgrceaTk?clickid=5c2fa3c43aa2230001df8eda&source=46&r=650cf2f3-51f4-e711-a367-f7801280a94b&d=ShtBRBACEAsHBwgUAwEfCAZtBgYLCAoKBgEcCAYOBgkKAh8ICgMHBhMVEVxCSBADFWxTX191VA5_sl_GxsUXUlXEggaWk1DRgsWHEdFTxxVWFFYWlJcWllcXVtTQxdQX18aHhteRhMDAAEDAAALBgYBCx8SVlRCGw1YRFVfHBBcXl0VDF9MX1weGkFeFQxfTF9cHhpCWl4UCwgDCB4aUV1HFAtNQUVXFBBWU1oTAxFYRkxCSg0ZHkoAHlNVU0NYWFBOQB5RV18WB1cFDBwDA1sECAYEBxQBBAoJHw0AUgcUClZQDh9bDgdVWAtWBxcHDAEPBg1RBx8NAw4CGwVcBlEfAAEAURtSAAQJBghUCBhmXVhKVUAWVlRQFEw%253D&x=2&s=aebed87a-fc93-4448-8632-faef29418a5a&client=chrome&st=aHR0cDovL3d3dy5sb2dpY2FsaGFuZGxlci5jb20%253d HTTP 302
http://www.logicalhandler.com/ZbflEf6M?clickid=5c2fa3c43aa2230001df8eda&source=46&r=650cf2f3-51f4-e711-a367-f7801280a94b&s=aebed87a-fc93-4448-8632-faef29418a5a&client=chrome&st=aHR0cDovL3d3dy5sb2dpY2FsaGFuZGxlci5jb20%253d&h=ShtBRBACEAsHBwgUAwEfCAZtBgYLCAoKBgEcCwACBggFAh8ICgMHBhMVEVlCGggKBgcJCwEBAggAFRVVEwMRBgcIUV8FUAIUBgFUDB9cAAcAFFIDBA8fXwAOAQgBCAJZCw1VFB0bX0BWGggbX0JFSQkfHU9FThlaXl5aU1NUWlhZUl1cQR5RV18bGxRCXhEKXE1eVRsUQVpaEggJAgEbFFJdQxIITEBMUks%253D&e=1&u=aHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tLzBhNDUvMzFjNjExMjYtMjQ4MS00N2Q2LTlmYjYtYjkxZGE4ZjUvNTU2OTc0YjctNTE3NS00ZTVhLTgzOWYtYzk3OTQwZjEvUGxheWVyLmRtZz9jbGlja2lkPTVjMmZhM2M0M2FhMjIzMDAwMWRmOGVkYSZzb3VyY2U9NDYmcj02NTBjZjJmMy01MWY0LWU3MTEtYTM2Ny1mNzgwMTI4MGE5NGImcz1hZWJlZDg3YS1mYzkzLTQ0NDgtODYzMi1mYWVmMjk0MThhNWEmY2xpZW50PWNocm9tZSZzdD1hSFIwY0RvdkwzZDNkeTVzYjJkcFkyRnNhR0Z1Wkd4bGNpNWpiMjAlMjUzZA%3d%3d Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://antoffrirmot.tk/ HTTP 302
http://antoffrirmot.tk/index/?mbR6DV HTTP 302
http://my.search-www.info/?utm_medium=4c23b9fecf7dfd895dfe0da99e857f3bee8e9d42&utm_campaign=80848

Request Chain 2

http://my.search-www.info/proc.php?781c08badebe96e06d9e548eb6d12623ff6bfcda HTTP 302
https://in.clklinks.com/in.html?campaign=58500fec724faa9b59248365d547186e&s1=dvx&cid=6642708029030532096&pubid=1608

Request Chain 4

https://in.clklinks.com/out.php?v=38f805b98a5f7b7f477ab684e5819f2d HTTP 302
https://istric.com/portent/netbios/acl/1-17961-4534301f5fd104f1b0901a8c73d9560d?tvu=WW_MS&subid=f5adef963902396f2a82901c3af718bd&ext1=dvx

Request Chain 7

http://pop.bid/ad/ad?p=216668&w=456926&t=c7d61751655a6c00&r=aHR0cHMlM0ElMkYlMkZpc3RyaWMuY29tJTJG&vw=1600&vh=1200 HTTP 303
http://usd.jehoiakim-fau.com/zcvisitor/516e4c68-104d-11e9-a546-125a613b7fb8?campaignid=47378330-0461-11e9-8666-0ebb138d3962 HTTP 302
https://play.leadzupc.com/?m=GHPOP1545310252&offer_id=1095352&a=zr516e4c68104d11e9a546125a613b7fb8b38f14c2590b4adda6fbc4b31b3b6120035154c7fa644998b4&pubid=india-rom-fIYI2Hma HTTP 302
https://adright.go2affise.com/click?pid=46&offer_id=315231&sub1=cfghzxda0&sub2=1546625989mb17758050238

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Cookie set / Show response
my.search-www.info/
Redirect Chain

http://antoffrirmot.tk/
http://antoffrirmot.tk/index/?mbR6DV
http://my.search-www.info/?utm_medium=4c23b9fecf7dfd895dfe0da99e857f3bee8e9d42&utm_campaign=80848

5 KB
3 KB

224ms
106ms

Document
text/html

184.154.47.14
SingleHop LLC

General

www.logicalhandler.com Open in urlscan Pro 2.16.186.113 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

20 %HTTPS

0 %IPv6

11 Domains

11 Subdomains

9 IPs

5 Countries

121 kBTransfer

213 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

Indicators

www.logicalhandler.com Open in urlscan Pro
2.16.186.113 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

20 %
HTTPS

0 %
IPv6

11
Domains

11
Subdomains

9
IPs

5
Countries

121 kB
Transfer

213 kB
Size

0
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!