icloud.com-area.live Open in urlscan Pro
162.223.31.2  Malicious Activity! Public Scan

URL: http://icloud.com-area.live/admin/login.php
Submission: On October 25 via api from US

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 162.223.31.2, located in Los Angeles, United States and belongs to QUICKPACKET, US. The main domain is icloud.com-area.live.
This is the only time icloud.com-area.live was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: iPanel (Consumer)

Domain & IP information

IP Address AS Autonomous System
12 162.223.31.2 46261 (QUICKPACKET)
1 2a00:1450:400... 15169 (GOOGLE)
13 2
Apex Domain
Subdomains
Transfer
12 com-area.live
icloud.com-area.live
122 KB
1 googleapis.com
ajax.googleapis.com
33 KB
13 2
Domain Requested by
12 icloud.com-area.live icloud.com-area.live
1 ajax.googleapis.com icloud.com-area.live
13 2

This site contains no links.

Subject Issuer Validity Valid
upload.video.google.com
GTS CA 1O1
2020-10-06 -
2020-12-29
3 months crt.sh

This page contains 1 frames:

Primary Page: http://icloud.com-area.live/admin/login.php
Frame ID: 7BDDE0B9D20D4C570D9A8EFA9D07A474
Requests: 13 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • html /<link [^>]+(?:\/([\d.]+)\/)?animate\.(?:min\.)?css/i

Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

13
Requests

8 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

155 kB
Transfer

662 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request login.php
icloud.com-area.live/admin/
5 KB
2 KB
Document
General
Full URL
http://icloud.com-area.live/admin/login.php
Protocol
HTTP/1.1
Server
162.223.31.2 Los Angeles, United States, ASN46261 (QUICKPACKET, US),
Reverse DNS
srv.fastssdserver.com
Software
nginx /
Resource Hash
c7e8c5057e222ef66d033d55b96feda65e736f8a406dfa943d60c7d8206e2c99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
icloud.com-area.live
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx
Date
Sun, 25 Oct 2020 08:02:49 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Nginx-Cache-Status
BYPASS
X-Server-Powered-By
Engintron
Content-Encoding
gzip
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.0/
94 KB
33 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Requested by
Host: icloud.com-area.live
URL: http://icloud.com-area.live/admin/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://icloud.com-area.live/admin/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 23 Oct 2020 13:54:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
151721
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33576
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 23 Oct 2021 13:54:08 GMT
main.css
icloud.com-area.live/admin/css/
124 KB
20 KB
Stylesheet
General
Full URL
http://icloud.com-area.live/admin/css/main.css
Requested by
Host: icloud.com-area.live
URL: http://icloud.com-area.live/admin/login.php
Protocol
HTTP/1.1
Server
162.223.31.2 Los Angeles, United States, ASN46261 (QUICKPACKET, US),
Reverse DNS
srv.fastssdserver.com
Software
nginx /
Resource Hash
a52810444235b6ce1dd4f518998a650f2497bf9b549dfe29d66ccf4a23c3f340

Request headers

Referer
http://icloud.com-area.live/admin/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
public
Date
Sun, 25 Oct 2020 08:02:49 GMT
Content-Encoding
gzip
Last-Modified
Sun, 28 Apr 2019 18:07:38 GMT
Server
nginx
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Tue, 24 Nov 2020 08:02:49 GMT
animate.css
icloud.com-area.live/admin/css/
69 KB
5 KB
Stylesheet
General
Full URL
http://icloud.com-area.live/admin/css/animate.css
Requested by
Host: icloud.com-area.live
URL: http://icloud.com-area.live/admin/login.php
Protocol
HTTP/1.1
Server
162.223.31.2 Los Angeles, United States, ASN46261 (QUICKPACKET, US),
Reverse DNS
srv.fastssdserver.com
Software
nginx /
Resource Hash
0f43aedbc350e90a0daf474f41eec2b0b8cb1728ef1019ac3c9df35aafabc9ab

Request headers

Referer
http://icloud.com-area.live/admin/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
public
Date
Sun, 25 Oct 2020 08:02:49 GMT
Content-Encoding
gzip
Last-Modified
Sun, 28 Apr 2019 18:07:38 GMT
Server
nginx
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Tue, 24 Nov 2020 08:02:49 GMT
nav.css
icloud.com-area.live/admin/css/
73 KB
9 KB
Stylesheet
General
Full URL
http://icloud.com-area.live/admin/css/nav.css
Requested by
Host: icloud.com-area.live
URL: http://icloud.com-area.live/admin/login.php
Protocol
HTTP/1.1
Server
162.223.31.2 Los Angeles, United States, ASN46261 (QUICKPACKET, US),
Reverse DNS
srv.fastssdserver.com
Software
nginx /
Resource Hash
413eede177916dc31410315b6d360dc5ea46830ae3d884d9ed225bff8d298c5b

Request headers

Referer
http://icloud.com-area.live/admin/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
public
Date
Sun, 25 Oct 2020 08:02:49 GMT
Content-Encoding
gzip
Last-Modified
Sun, 28 Apr 2019 18:07:36 GMT
Server
nginx
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Tue, 24 Nov 2020 08:02:49 GMT
id.css
icloud.com-area.live/admin/css/
160 KB
25 KB
Stylesheet
General
Full URL
http://icloud.com-area.live/admin/css/id.css
Requested by
Host: icloud.com-area.live
URL: http://icloud.com-area.live/admin/login.php
Protocol
HTTP/1.1
Server
162.223.31.2 Los Angeles, United States, ASN46261 (QUICKPACKET, US),
Reverse DNS
srv.fastssdserver.com
Software
nginx /
Resource Hash
8ed4bdd158f9cbc34e799d9224799207cc85bf156b8f73ec28f180a984d6da25

Request headers

Referer
http://icloud.com-area.live/admin/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
public
Date
Sun, 25 Oct 2020 08:02:49 GMT
Content-Encoding
gzip
Last-Modified
Sun, 28 Apr 2019 18:07:38 GMT
Server
nginx
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Tue, 24 Nov 2020 08:02:49 GMT
mid.css
icloud.com-area.live/admin/css/
17 KB
4 KB
Stylesheet
General
Full URL
http://icloud.com-area.live/admin/css/mid.css
Requested by
Host: icloud.com-area.live
URL: http://icloud.com-area.live/admin/login.php
Protocol
HTTP/1.1
Server
162.223.31.2 Los Angeles, United States, ASN46261 (QUICKPACKET, US),
Reverse DNS
srv.fastssdserver.com
Software
nginx /
Resource Hash
2aa346768884a9fdbdfa8a3b997a447aeadc1d054e7c1071e26cc07b9b37e201

Request headers

Referer
http://icloud.com-area.live/admin/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
public
Date
Sun, 25 Oct 2020 08:02:49 GMT
Content-Encoding
gzip
Last-Modified
Sun, 28 Apr 2019 18:07:34 GMT
Server
nginx
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Tue, 24 Nov 2020 08:02:49 GMT
a.css
icloud.com-area.live/admin/css/
2 KB
918 B
Stylesheet
General
Full URL
http://icloud.com-area.live/admin/css/a.css
Requested by
Host: icloud.com-area.live
URL: http://icloud.com-area.live/admin/login.php
Protocol
HTTP/1.1
Server
162.223.31.2 Los Angeles, United States, ASN46261 (QUICKPACKET, US),
Reverse DNS
srv.fastssdserver.com
Software
nginx /
Resource Hash
b4a6f1826cd0e9e6dfb52acf9379925ec22c28abc323cb2d87456f0f90c9ca2c

Request headers

Referer
http://icloud.com-area.live/admin/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
public
Date
Sun, 25 Oct 2020 08:02:49 GMT
Content-Encoding
gzip
Last-Modified
Sun, 28 Apr 2019 18:07:28 GMT
Server
nginx
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Tue, 24 Nov 2020 08:02:49 GMT
jquery-latest.min.js
icloud.com-area.live/admin/js/
94 KB
33 KB
Script
General
Full URL
http://icloud.com-area.live/admin/js/jquery-latest.min.js
Requested by
Host: icloud.com-area.live
URL: http://icloud.com-area.live/admin/login.php
Protocol
HTTP/1.1
Server
162.223.31.2 Los Angeles, United States, ASN46261 (QUICKPACKET, US),
Reverse DNS
srv.fastssdserver.com
Software
nginx /
Resource Hash
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Referer
http://icloud.com-area.live/admin/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
public
Date
Sun, 25 Oct 2020 08:02:49 GMT
Content-Encoding
gzip
Last-Modified
Sun, 28 Apr 2019 18:08:06 GMT
Server
nginx
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Tue, 24 Nov 2020 08:02:49 GMT
ipmid.png
icloud.com-area.live/admin/images/
19 KB
19 KB
Image
General
Full URL
http://icloud.com-area.live/admin/images/ipmid.png
Requested by
Host: icloud.com-area.live
URL: http://icloud.com-area.live/admin/login.php
Protocol
HTTP/1.1
Server
162.223.31.2 Los Angeles, United States, ASN46261 (QUICKPACKET, US),
Reverse DNS
srv.fastssdserver.com
Software
nginx /
Resource Hash
b42296d9b1e9697465a6c4162ce85f23379feab94d949f9739e2e1898ba06c34

Request headers

Referer
http://icloud.com-area.live/admin/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
public
Date
Sun, 25 Oct 2020 08:02:49 GMT
Last-Modified
Thu, 04 Apr 2019 20:58:22 GMT
Server
nginx
Content-Type
image/png
Cache-Control
max-age=5184000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
19003
Expires
Thu, 24 Dec 2020 08:02:49 GMT
ajax-loader.gif
icloud.com-area.live/admin/images/
4 KB
4 KB
Image
General
Full URL
http://icloud.com-area.live/admin/images/ajax-loader.gif
Requested by
Host: icloud.com-area.live
URL: http://icloud.com-area.live/admin/login.php
Protocol
HTTP/1.1
Server
162.223.31.2 Los Angeles, United States, ASN46261 (QUICKPACKET, US),
Reverse DNS
srv.fastssdserver.com
Software
nginx /
Resource Hash
4dc14fe5df68d2ae899e237faf9264d6df02605dd655368cb856cd6ce75c7573

Request headers

Referer
http://icloud.com-area.live/admin/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
public
Date
Sun, 25 Oct 2020 08:02:49 GMT
Last-Modified
Wed, 10 Apr 2019 14:14:50 GMT
Server
nginx
Content-Type
image/gif
Cache-Control
max-age=5184000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4176
Expires
Thu, 24 Dec 2020 08:02:49 GMT
Lato-Light.woff
icloud.com-area.live/admin/font/
0
0
Font
General
Full URL
http://icloud.com-area.live/admin/font/Lato-Light.woff
Requested by
Host: icloud.com-area.live
URL: http://icloud.com-area.live/admin/css/mid.css
Protocol
HTTP/1.1
Server
162.223.31.2 Los Angeles, United States, ASN46261 (QUICKPACKET, US),
Reverse DNS
srv.fastssdserver.com
Software
nginx /
Resource Hash

Request headers

Origin
http://icloud.com-area.live
Referer
http://icloud.com-area.live/admin/css/mid.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 25 Oct 2020 08:02:49 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
Server
nginx
Connection
keep-alive
Vary
Accept-Encoding
Content-Type
text/html; charset=iso-8859-1
Lato-Light.ttf
icloud.com-area.live/admin/font/
0
0
Font
General
Full URL
http://icloud.com-area.live/admin/font/Lato-Light.ttf
Requested by
Host: icloud.com-area.live
URL: http://icloud.com-area.live/admin/css/mid.css
Protocol
HTTP/1.1
Server
162.223.31.2 Los Angeles, United States, ASN46261 (QUICKPACKET, US),
Reverse DNS
srv.fastssdserver.com
Software
nginx /
Resource Hash

Request headers

Origin
http://icloud.com-area.live
Referer
http://icloud.com-area.live/admin/css/mid.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 25 Oct 2020 08:02:50 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
Server
nginx
Connection
keep-alive
Vary
Accept-Encoding
Content-Type
text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: iPanel (Consumer)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| myFunction function| $ function| jQuery function| showt function| movetoNext function| movetoback function| gotonext

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block