lostember.ml Open in urlscan Pro
2606:4700:3037::6815:2fbd Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://lostember.ml/
Submission Tags: https://sinking.yachts sinking-yachts phishing Search All
Submission: On March 14 via manual (March 14th 2022, 6:34:18 am UTC) from US — Scanned from DE

Summary HTTP 16 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 16 HTTP transactions. The main IP is 2606:4700:3037::6815:2fbd, located in United States and belongs to CLOUDFLARENET, US. The main domain is lostember.ml.
TLS certificate: Issued by E1 on February 15th 2022. Valid for: 3 months.

This is the only time lostember.ml was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 2 votes Show Verdicts

Domain & IP information

	IP Address	AS Autonomous System
7	2606:4700:303... 2606:4700:3037::6815:2fbd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:809::200a	15169 (GOOGLE) (GOOGLE)
2	104.18.24.217 104.18.24.217	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	92.123.225.26 92.123.225.26	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
16	5

7 2606:4700:3037::6815:2fbd (United States)

ASN13335 (CLOUDFLARENET, US)

lostember.ml	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.24.217 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.cloudflare.steamstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 92.123.225.26 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a92-123-225-26.deploy.static.akamaitechnologies.com

cdn.akamai.steamstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	lostember.ml lostember.ml	15 KB
4	steamstatic.com cdn.cloudflare.steamstatic.com — Cisco Umbrella Rank: 10796 cdn.akamai.steamstatic.com — Cisco Umbrella Rank: 10447	31 MB
3	gstatic.com fonts.gstatic.com	108 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	2 KB
16	4

	Domain	Requested by
7	lostember.ml	lostember.ml
3	fonts.gstatic.com	fonts.googleapis.com
2	cdn.akamai.steamstatic.com	lostember.ml
2	cdn.cloudflare.steamstatic.com	lostember.ml
2	fonts.googleapis.com	lostember.ml
16	5

This site contains links to these domains. Also see Links.

Domain
cdn.discordapp.com
store.tecknix.com
twitter.com
discord.gg
t.co

Subject Issuer	Validity	Valid
*.lostember.ml E1	`2022-02-15` - `2022-05-16`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-18` - `2022-07-17`	a year	crt.sh
cdn.akamai.steamstatic.com R3	`2022-02-07` - `2022-05-08`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://lostember.ml/
Frame ID: 2CD82BBBAE343FC4ADDAB9F6F0089D85
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Lost Ember - Home

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

16
Requests

100 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

32221 kB
Transfer

32276 kB
Size

0
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://cdn.discordapp.com/attachments/942504639885086800/942507704117760050/Steam_DLC.zip
Title: Download

Search URL Search Domain Scan URL

URL: https://store.tecknix.com/

Search URL Search Domain Scan URL

URL: https://twitter.com/

Search URL Search Domain Scan URL

URL: https://discord.gg/

Search URL Search Domain Scan URL

URL: https://t.co/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
lostember.ml/ 8 KB
3 KB 346ms
285ms Document
text/html 2606:4700:3037::6815:2fbd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lostember.ml/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:2fbd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7029b0db10af4190979ba4aad947a30b2b6298ca692da2a4a68687df7df21c9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Mon, 14 Mar 2022 06:34:12 GMT
content-type: text/html; charset=utf-8
fly-request-id: 01FY3J4RM8XRDBS1CVDMKT5PCK-fra
x-amz-id-2: Ec41e0g8XFg9YPL6zguYINkuhduiGXKPPWPzncq2O+GD6L+2V4CFUR4AT9cuZL82f4dt/NTi4Zo=
x-amz-request-id: ZDKK3H8M1AWVHNJQ
last-modified: Wed, 16 Feb 2022 16:19:40 GMT
cache-control: no-cache
x-amz-version-id: izjn2MWW2cFUi07DahjVzNmiXm87mWWy
via: 1.1 fly.io
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qxusLXjojAezQkGmWATMXEhMLDoujsH6IsFgGLLuCUSbw9%2BnknWSC8mIkwegyyFm%2FvqdnDBbLvBCKPrAcLW0hkTjxIBgyqE6%2FehFpKDuok4hyVaVZrNS5poEvl6lX%2Fd46YBFXjABE7J5eoE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6ebafb715d6a8fce-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 rawline.css
lostember.ml/css/ 3 KB
659 B 240ms
238ms Stylesheet
text/css 2606:4700:3037::6815:2fbd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lostember.ml/css/rawline.css
Requested by: Host: lostember.ml
URL: https://lostember.ml/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:2fbd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d32020199339b2a5a849c4174db575834bf42cf5d3314530ec4161fb432f90f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://lostember.ml/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 06:34:12 GMT
via: 1.1 fly.io
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: ZDKVDGR9SXYKAGKE
cf-ray: 6ebafb733fdf8fce-FRA
last-modified: Wed, 16 Feb 2022 16:19:40 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: ke/GtFjdfL39BzP4W2TXLivS7hA8SmJvwJa0R/pQ9THgAoIJQLk4r+wgqhLPJTYH34DbVHWAnuM=
fly-request-id: 01FY3J4RWQWEJFAJH77DQ7843E-fra
server: cloudflare
etag: W/"78f37622065f3d53f84433f1691c7da1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FlkHMdf7rHk9R5Zncl%2FZOyYwTb57wyHMCu2IVv8EiAOViOtgSNMAlGQVUjApq9G0eLtkZrmJZqPC%2FvZTNO2kKSz7tJmPmTelpUbDn1cNd2YkAbZVhDIjZn72wrvqasujik1mjSdj12hy6p0%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: e0QGqq_bgY4HU7LpP_FOlGJhITui70Hd
cache-control: max-age=14400
content-type: text/css; charset=utf-8

GET
H2 200 css2
fonts.googleapis.com/ 10 KB
710 B 132ms
47ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Raleway:wght@300;400;500;600;700;800&display=swap

Requested by

Host: lostember.ml
URL: https://lostember.ml/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

df566c7dd52ac72dbc248d470a94fc918f79207048edfb6bbbd1c623d8603e7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://lostember.ml/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 14 Mar 2022 06:34:12 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 14 Mar 2022 06:34:12 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 14 Mar 2022 06:34:12 GMT

GET
H2 200 css2
fonts.googleapis.com/ 31 KB
2 KB 131ms
47ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Bebas+Neue&family=Montserrat:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: lostember.ml
URL: https://lostember.ml/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c89832598995c209bd509c3c1f0b5cae1888e22d569096c6747db19d79607563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://lostember.ml/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 14 Mar 2022 06:34:12 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 14 Mar 2022 06:34:12 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 14 Mar 2022 06:34:12 GMT

GET
H2 404 all.min.css
lostember.ml/ajax/libs/font-awesome/6.0.0-beta2/css/ 0
0 197ms
197ms Stylesheet
text/html 2606:4700:3037::6815:2fbd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lostember.ml/ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css
Requested by: Host: lostember.ml
URL: https://lostember.ml/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:2fbd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://lostember.ml/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 06:34:12 GMT
via: 1.1 fly.io
cf-cache-status: MISS
fly-request-id: 01FY3J4RZ7ZBWK9KDETJ82BV1R-fra
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sskfbFBNEaynV64%2FEjrbRku2N00rSdMe6Es0%2FyReAUVa7dOfyp%2ByDbyGU%2FXC%2Fc8aSjpYWqQvbMVVVFFTq9F6%2BoDBJOM1nxg%2B%2BNeDXZD7ZIJ8Dp6mD4aYg0HmwCq6PM3r8a9NJJkTyV5Wc6s%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6ebafb733fe08fce-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3672

GET
H2 404 reset.css
lostember.ml/assets/ 0
0 202ms
202ms Stylesheet
text/html 2606:4700:3037::6815:2fbd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lostember.ml/assets/reset.css
Requested by: Host: lostember.ml
URL: https://lostember.ml/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:2fbd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://lostember.ml/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 06:34:12 GMT
via: 1.1 fly.io
cf-cache-status: MISS
fly-request-id: 01FY3J4RCF1H1FH0B1F8E5DMZM-fra
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y%2F4A7W2ZrZ8s4yMKicfH7mlNxPURH2WAYHHUD%2FK%2FY7ZLn04n%2BmyzH%2FeW9pOoXVWehQN69kd7YI8oSBVvPP2t%2B2L%2FxuwICAZ4ObbwVGm%2BPbSMUHG%2BHmyzHgh4ISV1QRNsqFPjqJNdG7bJUcY%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6ebafb733fe18fce-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3672

GET
H2 200 index.css
lostember.ml/assets/ 16 KB
4 KB 204ms
203ms Stylesheet
text/css 2606:4700:3037::6815:2fbd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lostember.ml/assets/index.css
Requested by: Host: lostember.ml
URL: https://lostember.ml/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:2fbd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8fa1a4be9888a51d489cf4e6619ce63a374fd67cee02146d3c5e54760df05a4e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://lostember.ml/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 06:34:12 GMT
via: 1.1 fly.io
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: ZDKMCBW3HRPHYV6Q
cf-ray: 6ebafb733fe28fce-FRA
last-modified: Wed, 16 Feb 2022 16:19:40 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: UQXBR2WlcOwyoxCcrWD9V6s84ROLKOHhG6s4RgzoCRAOl6wZ7+r1iHP/dKghHsv1b9bM1AkiIaY=
fly-request-id: 01FY3J4RXPR20Z7GD4CQKMQ3C7-fra
server: cloudflare
etag: W/"14e74172600744766809cf1dd86ef4ce"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5ADC4J%2BXZrPka3fMyy%2BKTlcOs62aeWjRlzie9AdcCVp%2FN5Ss%2BeL9zxGEKj%2BmzCCKC4AzEZ7dRFfXWpThySc9XcEupteARINlm93M%2B%2BBPzfpp4iKgeuQr6r5WicE05kFTmU1vL9%2BVI6ebCDo%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: y8CUVRJQDVq6tTFA6f2nl7bCKwysyCyb
cache-control: max-age=14400
content-type: text/css; charset=utf-8

GET
H3 404 background.png
lostember.ml/assets/images/ 4 KB
4 KB 192ms
191ms Image
text/html 2606:4700:3037::6815:2fbd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lostember.ml/assets/images/background.png
Requested by: Host: lostember.ml
URL: https://lostember.ml/assets/index.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:2fbd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 39636ae7f7de3deacfe55d573d85d1bb5c349440065b16e573e5e3c62a0e3fb6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://lostember.ml/assets/index.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 06:34:12 GMT
via: 1.1 fly.io
cf-cache-status: MISS
fly-request-id: 01FY3J4S4EJ6AZYPAHS5N2H4YC-fra
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HYu1VwY7vPMQpRb9IIrafsV4WOGyhR0WRwmUGHysX6BOvmw92sUH%2FCfL06KzgRVirwaYgFZJ7FJs3nL5suSAP2beZGl7Z3sf5c0IoeBKWCE52g27daG6Fd%2FhFDNLru4L60s%2B4x91gQpzDEk%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6ebafb74be32912a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3672

GET
H3 404 clouds_repeat.png
lostember.ml/s.cdpn.io/1231630/ 4 KB
4 KB 200ms
200ms Image
text/html 2606:4700:3037::6815:2fbd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lostember.ml/s.cdpn.io/1231630/clouds_repeat.png
Requested by: Host: lostember.ml
URL: https://lostember.ml/assets/index.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:2fbd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 39636ae7f7de3deacfe55d573d85d1bb5c349440065b16e573e5e3c62a0e3fb6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://lostember.ml/assets/index.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 06:34:12 GMT
via: 1.1 fly.io
cf-cache-status: MISS
fly-request-id: 01FY3J4RKWKNK7KYSZ1FBR9AK2-fra
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dYbLareeqEfLR0Tm%2BgkzbVMIskzCIvZV1QYqB8mnDylxaRSsTytAoZU2sv26NzufuiTh%2F1vH2nx9cKkZ74QE%2BWemEwk5sPETlFePQqkUUglYgkTYfEdR3dEs2PmWxuBJKNWOGwvvrFETXhE%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6ebafb74be34912a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3672

GET
H2 200 header.jpg
cdn.cloudflare.steamstatic.com/steam/apps/1880890/ 50 KB
50 KB 61ms
23ms Image
image/jpeg 104.18.24.217
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.cloudflare.steamstatic.com/steam/apps/1880890/header.jpg?t=1643120835
Requested by: Host: lostember.ml
URL: https://lostember.ml/assets/index.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.24.217 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 05f5b22c46dc30992364cfc1784041bd28dc49b224ebe85b13b80ab4c9752429

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://lostember.ml/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 06:34:12 GMT
cf-cache-status: HIT
age: 477863
content-length: 51215
last-modified: Thu, 20 Jan 2022 11:18:18 GMT
server: cloudflare
etag: "61e944fa-c80f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
expires: Tue, 15 Mar 2022 17:49:49 GMT
cache-control: max-age=604800, public
accept-ranges: bytes
cf-ray: 6ebafb74ff88692b-FRA
cf-bgj: h2pri

GET
H2 200 ss_302daf01160beed17cc364a056e2443402c9ebef.600x338.jpg
cdn.cloudflare.steamstatic.com/steam/apps/1880890/ 62 KB
62 KB 63ms
26ms Image
image/jpeg 104.18.24.217
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.cloudflare.steamstatic.com/steam/apps/1880890/ss_302daf01160beed17cc364a056e2443402c9ebef.600x338.jpg?t=1643120835
Requested by: Host: lostember.ml
URL: https://lostember.ml/assets/index.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.24.217 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29567672a53aef8b5730a30df73d4d3014240231542bd27e8f2c0dca607b5184

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://lostember.ml/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 06:34:12 GMT
cf-cache-status: HIT
age: 310037
content-length: 62987
last-modified: Tue, 18 Jan 2022 15:38:44 GMT
server: cloudflare
etag: "61e6df04-f60b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
expires: Thu, 17 Mar 2022 16:26:55 GMT
cache-control: max-age=604800, public
accept-ranges: bytes
cf-ray: 6ebafb74ff8a692b-FRA
cf-bgj: h2pri

GET
H/1.1 200
OK Announcement_Trailer_22November_HD_60_1_animals_low.gif
cdn.akamai.steamstatic.com/steam/apps/1880890/extras/ 15 MB
15 MB 62ms
12ms Image
image/gif 92.123.225.26
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.akamai.steamstatic.com/steam/apps/1880890/extras/Announcement_Trailer_22November_HD_60_1_animals_low.gif?t=1643120835
Requested by: Host: lostember.ml
URL: https://lostember.ml/assets/index.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.26 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-26.deploy.static.akamaitechnologies.com
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: c0e66ae8b821ea5bb566bb54d82d9c292ef20ec105a0df85d59b3874d5a6a51e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://lostember.ml/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 06:34:12 GMT
Last-Modified: Tue, 18 Jan 2022 15:30:14 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "61e6dd06-f56b9c"
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=342930
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 16083868
Expires: Fri, 18 Mar 2022 05:49:42 GMT

GET
H/1.1 200
OK Announcement_Trailer_22November_HD_60_1_wolf_low.gif
cdn.akamai.steamstatic.com/steam/apps/1880890/extras/ 16 MB
16 MB 77ms
27ms Image
image/gif 92.123.225.26
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.akamai.steamstatic.com/steam/apps/1880890/extras/Announcement_Trailer_22November_HD_60_1_wolf_low.gif?t=1643120835
Requested by: Host: lostember.ml
URL: https://lostember.ml/assets/index.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.26 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-26.deploy.static.akamaitechnologies.com
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 33d74c5c89f5bcedaabd73ac0934144c41fccf2e49fd89aec9967636d2feaf9b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://lostember.ml/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 06:34:12 GMT
Last-Modified: Tue, 18 Jan 2022 15:30:14 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "61e6dd06-fe4ee3"
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=352021
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 16666339
Expires: Fri, 18 Mar 2022 08:21:13 GMT

GET
H2 200 1Ptug8zYS_SKggPNyC0ITw.woff2
fonts.gstatic.com/s/raleway/v26/ 46 KB
46 KB 264ms
182ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/raleway/v26/1Ptug8zYS_SKggPNyC0ITw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Raleway:wght@300;400;500;600;700;800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2101735d43a8d486dbc5139500a78420766cc673a3610363ce9525526c3f5149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://lostember.ml
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 18:48:55 GMT
x-content-type-options: nosniff
age: 474317
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47312
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 00:15:33 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 08 Mar 2023 18:48:55 GMT

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v23/ 30 KB
31 KB 178ms
96ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v23/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Bebas+Neue&family=Montserrat:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://lostember.ml
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 08:55:44 GMT
x-content-type-options: nosniff
age: 423508
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30876
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 00:11:59 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 09 Mar 2023 08:55:44 GMT

GET
H2 200 JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2
fonts.gstatic.com/s/montserrat/v23/ 31 KB
31 KB 289ms
226ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v23/JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98f2013859261e38a2f4c4016bc2acf1a77b0034fe977f702cefb302849a874d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://lostember.ml
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 19:02:23 GMT
x-content-type-options: nosniff
age: 473509
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31872
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 00:12:06 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 08 Mar 2023 19:02:23 GMT

Verdicts & Comments Add Verdict or Comment

Malicious page.domain
Submitted on March 14th 2022, 6:34:18 am UTC — From United States

Threats: Phishing
Comment: This domain is present in the Sinking Yachts anti-phishing list. More Info: https://sinking.yachts

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://lostember.ml/ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://lostember.ml/assets/reset.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://lostember.ml/assets/images/background.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://lostember.ml/s.cdpn.io/1231630/clouds_repeat.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.akamai.steamstatic.com
cdn.cloudflare.steamstatic.com
fonts.googleapis.com
fonts.gstatic.com
lostember.ml
104.18.24.217
2606:4700:3037::6815:2fbd
2a00:1450:4001:809::200a
2a00:1450:4001:812::2003
92.123.225.26
05f5b22c46dc30992364cfc1784041bd28dc49b224ebe85b13b80ab4c9752429
2101735d43a8d486dbc5139500a78420766cc673a3610363ce9525526c3f5149
29567672a53aef8b5730a30df73d4d3014240231542bd27e8f2c0dca607b5184
33d74c5c89f5bcedaabd73ac0934144c41fccf2e49fd89aec9967636d2feaf9b
39636ae7f7de3deacfe55d573d85d1bb5c349440065b16e573e5e3c62a0e3fb6
8d32020199339b2a5a849c4174db575834bf42cf5d3314530ec4161fb432f90f
8fa1a4be9888a51d489cf4e6619ce63a374fd67cee02146d3c5e54760df05a4e
98f2013859261e38a2f4c4016bc2acf1a77b0034fe977f702cefb302849a874d
b7029b0db10af4190979ba4aad947a30b2b6298ca692da2a4a68687df7df21c9
c0e66ae8b821ea5bb566bb54d82d9c292ef20ec105a0df85d59b3874d5a6a51e
c89832598995c209bd509c3c1f0b5cae1888e22d569096c6747db19d79607563
c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8
df566c7dd52ac72dbc248d470a94fc918f79207048edfb6bbbd1c623d8603e7c

lostember.ml Open in urlscan Pro 2606:4700:3037::6815:2fbd Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 2 votes Show Verdicts

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

60 %IPv6

4 Domains

5 Subdomains

5 IPs

3 Countries

32221 kBTransfer

32276 kBSize

0 Cookies

5 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Malicious page.domain Submitted on March 14th 2022, 6:34:18 am UTC — From United States

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

3 JavaScript Global Variables

0 Cookies

4 Console Messages

Indicators

lostember.ml Open in urlscan Pro
2606:4700:3037::6815:2fbd Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

32221 kB
Transfer

32276 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Malicious page.domain
Submitted on March 14th 2022, 6:34:18 am UTC — From United States

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!