businessnews.club Open in urlscan Pro
2606:4700:30::6812:235e Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://vizt.me/qzjKrok
Effective URL:
https://businessnews.club/?a=25&c=33&entity=biz10
Submission: On November 15 via manual (November 15th 2018, 9:34:41 pm UTC) from GB

Summary HTTP 47 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 6 domains to perform 47 HTTP transactions. The main IP is 2606:4700:30::6812:235e, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is businessnews.club.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on November 6th 2018. Valid for: a year.

This is the only time businessnews.club was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Investment Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	54.208.14.139 54.208.14.139	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
43	2606:4700:30:... 2606:4700:30::6812:235e	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2606:4700::68... 2606:4700::6813:c797	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:825::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	54.77.89.199 54.77.89.199	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	185.166.214.145 185.166.214.145	49635 (SILICON) (SILICON)
1	2606:4700::68... 2606:4700::6813:c497	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
47	5

1 54.208.14.139 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-208-14-139.compute-1.amazonaws.com

vizt.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

43 2606:4700:30::6812:235e (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

businessnews.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:c797 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:825::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.77.89.199 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-77-89-199.eu-west-1.compute.amazonaws.com

roitrack.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.166.214.145 (Spain)

ASN49635 (SILICON, ES)
PTR: 634fef50-2526-45bb-a5d0-20db51404637.clouding.host

linkroi.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:c497 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
43	businessnews.club businessnews.club	2 MB
2	cloudflare.com cdnjs.cloudflare.com	83 KB
1	linkroi.net linkroi.net	623 B
1	roitrack.net 1 redirects roitrack.net	107 B
1	googleapis.com ajax.googleapis.com	29 KB
1	vizt.me 1 redirects vizt.me	143 B
47	6

	Domain	Requested by
43	businessnews.club	businessnews.club
2	cdnjs.cloudflare.com	businessnews.club
1	linkroi.net	businessnews.club
1	roitrack.net	1 redirects
1	ajax.googleapis.com	businessnews.club
1	vizt.me	1 redirects
47	6

This site contains links to these domains. Also see Links.

Domain
linkroi.net

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2018-11-06` - `2019-11-06`	a year	crt.sh
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-09-22` - `2019-03-31`	6 months	crt.sh
*.googleapis.com Google Internet Authority G3	`2018-10-30` - `2019-01-22`	3 months	crt.sh
*.linkroi.net AlphaSSL CA - SHA256 - G2	`2018-11-13` - `2019-11-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://businessnews.club/?a=25&c=33&entity=biz10
Frame ID: E9DD15712F51909DF1ED503F8DD6C04C
Requests: 47 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://vizt.me/qzjKrok HTTP 303
https://businessnews.club/?a=25&c=33&entity=biz10 Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+font-awesome(?:\.min)?\.css/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js/i
env /^jQuery$/i

Twitter Bootstrap () Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i
script /(?:twitter\.github\.com\/bootstrap|bootstrap(?:\.js|\.min\.js))/i

Page Statistics

47
Requests

100 %
HTTPS

57 %
IPv6

6
Domains

6
Subdomains

5
IPs

3
Countries

2290 kB
Transfer

2581 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://linkroi.net/?a=25&c=33&entity=biz10
Title:

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://vizt.me/qzjKrok HTTP 303
https://businessnews.club/?a=25&c=33&entity=biz10 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://roitrack.net/i.ashx?a=25&c=33 HTTP 302
https://linkroi.net/i.ashx?a=25&c=33&ckm_rd=1

47 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
businessnews.club/
Redirect Chain

http://vizt.me/qzjKrok
https://businessnews.club/?a=25&c=33&entity=biz10

93 KB
15 KB

151ms
70ms

Document
text/html

2606:4700:30::6812:235e
Cloudflare

General

businessnews.club Open in urlscan Pro 2606:4700:30::6812:235e Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

47 Requests

100 %HTTPS

57 %IPv6

6 Domains

6 Subdomains

5 IPs

3 Countries

2290 kBTransfer

2581 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

47 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

businessnews.club Open in urlscan Pro
2606:4700:30::6812:235e Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

47
Requests

100 %
HTTPS

57 %
IPv6

6
Domains

6
Subdomains

5
IPs

3
Countries

2290 kB
Transfer

2581 kB
Size

1
Cookies

47 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!