upgradeseparatetypetheclicks.icu Open in urlscan Pro
100.24.228.132 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://upgradeseparatetypetheclicks.icu/l00qEJUIOVdcCSoKDIpXgTCAPJhKsB6GixS_ShH4zMo?cid=w9A0RJJCC3O8LDQIHKOCPJEE&sid=lime
Submission: On December 09 via manual (December 9th 2018, 10:41:01 pm UTC) from US

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 11 HTTP transactions. The main IP is 100.24.228.132, located in United States and belongs to AMAZON-AES - Amazon.com, Inc., US. The main domain is upgradeseparatetypetheclicks.icu.

This is the only time upgradeseparatetypetheclicks.icu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Apple Software Update (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	100.24.228.132 100.24.228.132	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
10	143.204.98.149 143.204.98.149	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
11	2

1 100.24.228.132 (United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-100-24-228-132.compute-1.amazonaws.com

upgradeseparatetypetheclicks.icu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 143.204.98.149 (Wilmington, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-98-149.fra50.r.cloudfront.net

dyo2sa0t1lfkm.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	cloudfront.net dyo2sa0t1lfkm.cloudfront.net	149 KB
1	upgradeseparatetypetheclicks.icu upgradeseparatetypetheclicks.icu	24 KB
11	2

	Domain	Requested by
10	dyo2sa0t1lfkm.cloudfront.net	upgradeseparatetypetheclicks.icu
1	upgradeseparatetypetheclicks.icu
11	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://upgradeseparatetypetheclicks.icu/l00qEJUIOVdcCSoKDIpXgTCAPJhKsB6GixS_ShH4zMo?cid=w9A0RJJCC3O8LDQIHKOCPJEE&sid=lime
Frame ID: FCC9581CDBB771D337ECFC08D36A5CD5
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

11
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

173 kB
Transfer

168 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set l00qEJUIOVdcCSoKDIpXgTCAPJhKsB6GixS_ShH4zMo Show response upgradeseparatetypetheclicks.icu/	24 KB 24 KB	217ms 98ms	Document text/html	100.24.228.132 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://upgradeseparatetypetheclicks.icu/l00qEJUIOVdcCSoKDIpXgTCAPJhKsB6GixS_ShH4zMo?cid=w9A0RJJCC3O8LDQIHKOCPJEE&sid=lime Protocol HTTP/1.1 Server 100.24.228.132 , United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-100-24-228-132.compute-1.amazonaws.com Software nginx / Resource Hash `7f3d381347b55299235acbe56797358267df5724d2ba397b3afb6bff53517308` Request headers Host upgradeseparatetypetheclicks.icu Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Sun, 09 Dec 2018 22:40:45 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive Set-Cookie session=f54e2fbd-1c1b-4a6e-ad20-0e8d2f0ed24f Server nginx
GET H/1.1	200 OK	arrow__blue.png dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/	2 KB 3 KB	43ms 8ms	Image image/png	143.204.98.149 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/arrow__blue.png Requested by Host: upgradeseparatetypetheclicks.icu URL: http://upgradeseparatetypetheclicks.icu/l00qEJUIOVdcCSoKDIpXgTCAPJhKsB6GixS_ShH4zMo?cid=w9A0RJJCC3O8LDQIHKOCPJEE&sid=lime Protocol HTTP/1.1 Server 143.204.98.149 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-98-149.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash `5bbee510c3b5965532d53185cadd47753740b6445f2b9bded3849424fcd2661a` Request headers Referer http://upgradeseparatetypetheclicks.icu/l00qEJUIOVdcCSoKDIpXgTCAPJhKsB6GixS_ShH4zMo?cid=w9A0RJJCC3O8LDQIHKOCPJEE&sid=lime User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 21 Nov 2018 12:50:22 GMT Via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc5.cloudfront.net (CloudFront) x-amz-meta-crossftp-original-file-date-iso8601 2017-01-30T08:48:38.478Z Server AmazonS3 Age 11580 ETag "6d26faedbdd557f7dcd86e9060de347f" X-Cache Hit from cloudfront Content-Type image/png Last-Modified Mon, 30 Jan 2017 13:50:57 GMT Connection keep-alive Accept-Ranges bytes Content-Length 2266 X-Amz-Cf-Id tFNQmJNBtDuo23-Jg-7sHr0Sqbx_z3OrGoVZXdP_PJGcI4AMEAvpVw==
GET H/1.1	200 OK	pattern__safari1.jpg dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/	25 KB 25 KB	35ms 6ms	Image image/jpeg	143.204.98.149 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/pattern__safari1.jpg Requested by Host: upgradeseparatetypetheclicks.icu URL: http://upgradeseparatetypetheclicks.icu/l00qEJUIOVdcCSoKDIpXgTCAPJhKsB6GixS_ShH4zMo?cid=w9A0RJJCC3O8LDQIHKOCPJEE&sid=lime Protocol HTTP/1.1 Server 143.204.98.149 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-98-149.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash `7b4d70d5fb64a31f115e1e853b7272e1415ffec2234e78e00847350c23d607fe` Request headers Referer http://upgradeseparatetypetheclicks.icu/l00qEJUIOVdcCSoKDIpXgTCAPJhKsB6GixS_ShH4zMo?cid=w9A0RJJCC3O8LDQIHKOCPJEE&sid=lime User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 21 Nov 2018 12:50:22 GMT Via 1.1 cb57b06fc1bc940d0cf018d7f2b56bdb.cloudfront.net (CloudFront) x-amz-meta-crossftp-original-file-date-iso8601 2017-01-31T09:32:59.097Z Server AmazonS3 Age 11580 ETag "918dfef192de7b99284e969e75d6cc29" X-Cache Hit from cloudfront Content-Type image/jpeg Last-Modified Thu, 15 Feb 2018 14:46:36 GMT Connection keep-alive Accept-Ranges bytes Content-Length 25293 X-Amz-Cf-Id o6HkVe6_Qb4yE0ASdHnq2MLy88xTF5Km6PQB9UseGlfs5he9t7j8Yw==
GET H/1.1	200 OK	pattern__safari-arrow.png dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/	3 KB 4 KB	34ms 7ms	Image image/png	143.204.98.149 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/pattern__safari-arrow.png Requested by Host: upgradeseparatetypetheclicks.icu URL: http://upgradeseparatetypetheclicks.icu/l00qEJUIOVdcCSoKDIpXgTCAPJhKsB6GixS_ShH4zMo?cid=w9A0RJJCC3O8LDQIHKOCPJEE&sid=lime Protocol HTTP/1.1 Server 143.204.98.149 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-98-149.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash `7c48ecdfda540af22ecb4d9638c8c0082e401cc4b45aa2df46c976ec80d38c12` Request headers Referer http://upgradeseparatetypetheclicks.icu/l00qEJUIOVdcCSoKDIpXgTCAPJhKsB6GixS_ShH4zMo?cid=w9A0RJJCC3O8LDQIHKOCPJEE&sid=lime User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 21 Nov 2018 12:50:22 GMT Via 1.1 055d899361491602a9ef1eb0cdc5e337.cloudfront.net (CloudFront) x-amz-meta-crossftp-original-file-date-iso8601 2017-01-30T12:13:47.914Z Server AmazonS3 Age 11580 ETag "496171f7f5272b0c3b8ae1d526110caf" X-Cache Hit from cloudfront Content-Type image/png Last-Modified Mon, 30 Jan 2017 13:51:01 GMT Connection keep-alive Accept-Ranges bytes Content-Length 3478 X-Amz-Cf-Id JroiBHKwFFa4zPzJPjpS-bAykfoQnBaDmfPwzRKxBX3PIlQ_CsPCkA==
GET H/1.1	200 OK	clean_k.png dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/	81 KB 81 KB	30ms 8ms	Image image/png	143.204.98.149 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/clean_k.png Requested by Host: upgradeseparatetypetheclicks.icu URL: http://upgradeseparatetypetheclicks.icu/l00qEJUIOVdcCSoKDIpXgTCAPJhKsB6GixS_ShH4zMo?cid=w9A0RJJCC3O8LDQIHKOCPJEE&sid=lime Protocol HTTP/1.1 Server 143.204.98.149 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-98-149.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash `2b6f66d6fc25784ab605c93008f911e7e99a78e5de23e0a489ee0f20f0bc2319` Request headers Referer http://upgradeseparatetypetheclicks.icu/l00qEJUIOVdcCSoKDIpXgTCAPJhKsB6GixS_ShH4zMo?cid=w9A0RJJCC3O8LDQIHKOCPJEE&sid=lime User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 21 Nov 2018 12:50:20 GMT Via 1.1 632ee301c4920b52f2463aa9e978c57f.cloudfront.net (CloudFront) Last-Modified Mon, 01 Oct 2018 08:43:22 GMT Server AmazonS3 Age 11580 ETag "03bf1d883e59c49a3564d917790bf834" x-amz-meta-origin-date-iso8601 2018-10-01T08:42:43.636Z X-Cache Hit from cloudfront Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 82521 X-Amz-Cf-Id kTAQDRaOSsENys9BhSfI3wAWLTSBMQgqjTcEzuaYNM2ibWy01m3V7A==
GET H/1.1	200 OK	downloadgif.gif dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/	12 KB 12 KB	31ms 9ms	Image image/gif	143.204.98.149 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/downloadgif.gif Requested by Host: upgradeseparatetypetheclicks.icu URL: http://upgradeseparatetypetheclicks.icu/l00qEJUIOVdcCSoKDIpXgTCAPJhKsB6GixS_ShH4zMo?cid=w9A0RJJCC3O8LDQIHKOCPJEE&sid=lime Protocol HTTP/1.1 Server 143.204.98.149 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-98-149.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash `d714e144f5890b10e5bfb765e0ea6c31737ee11031131a0c306cc2645ef7ba81` Request headers Referer http://upgradeseparatetypetheclicks.icu/l00qEJUIOVdcCSoKDIpXgTCAPJhKsB6GixS_ShH4zMo?cid=w9A0RJJCC3O8LDQIHKOCPJEE&sid=lime User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 21 Nov 2018 12:50:20 GMT Via 1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront) x-amz-meta-crossftp-original-file-date-iso8601 2015-03-09T08:38:13.325Z Server AmazonS3 Age 43946 ETag "71d508a5a418c2eab6ac59dab52e5f53" X-Cache Hit from cloudfront Content-Type image/gif Last-Modified Mon, 06 Jun 2016 13:29:02 GMT Connection keep-alive Accept-Ranges bytes Content-Length 11787 X-Amz-Cf-Id hlsJNe-mGg67r1oHMZrMWEQCV4M7naRSLfHuIdx1vlxlMHZ3PUGiag==
GET H/1.1	200 OK	downloadactive.png dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/	4 KB 5 KB	29ms 7ms	Image image/png	143.204.98.149 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/downloadactive.png Requested by Host: upgradeseparatetypetheclicks.icu URL: http://upgradeseparatetypetheclicks.icu/l00qEJUIOVdcCSoKDIpXgTCAPJhKsB6GixS_ShH4zMo?cid=w9A0RJJCC3O8LDQIHKOCPJEE&sid=lime Protocol HTTP/1.1 Server 143.204.98.149 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-98-149.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash `85ca0e8a71da7cb9f6da2faad0b491818b83b721a03dd71a9e6c1fd23cc355fe` Request headers Referer http://upgradeseparatetypetheclicks.icu/l00qEJUIOVdcCSoKDIpXgTCAPJhKsB6GixS_ShH4zMo?cid=w9A0RJJCC3O8LDQIHKOCPJEE&sid=lime User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 23 Nov 2018 12:06:21 GMT Via 1.1 bab8148a65b29113f79cf2725076287d.cloudfront.net (CloudFront) x-amz-meta-crossftp-original-file-date-iso8601 2015-03-09T08:30:35.401Z Server AmazonS3 Age 43946 ETag "759894fc31058cbee5c154ddf8109da6" X-Cache Hit from cloudfront Content-Type image/png Last-Modified Mon, 06 Jun 2016 13:29:02 GMT Connection keep-alive Accept-Ranges bytes Content-Length 4367 X-Amz-Cf-Id YFGqLAeAa3xbAUE26iIjnt_3fbZhFRbS3Kj7ytYlJHADGi-Ev8_VMQ==
GET H/1.1	200 OK	ok.png dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/	3 KB 4 KB	14ms 12ms	Image image/png	143.204.98.149 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/ok.png Requested by Host: upgradeseparatetypetheclicks.icu URL: http://upgradeseparatetypetheclicks.icu/l00qEJUIOVdcCSoKDIpXgTCAPJhKsB6GixS_ShH4zMo?cid=w9A0RJJCC3O8LDQIHKOCPJEE&sid=lime Protocol HTTP/1.1 Server 143.204.98.149 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-98-149.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash `60bc686d0dbd4a721a5b96df034ac04067756297cf097ad6f4338b0e37c95af1` Request headers Referer http://upgradeseparatetypetheclicks.icu/l00qEJUIOVdcCSoKDIpXgTCAPJhKsB6GixS_ShH4zMo?cid=w9A0RJJCC3O8LDQIHKOCPJEE&sid=lime User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 21 Nov 2018 12:50:20 GMT Via 1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront) x-amz-meta-crossftp-original-file-date-iso8601 2015-03-09T08:27:57.299Z Server AmazonS3 Age 43946 ETag "8735b3e852676168da0cb997fc397c4d" X-Cache Hit from cloudfront Content-Type image/png Last-Modified Mon, 06 Jun 2016 13:29:04 GMT Connection keep-alive Accept-Ranges bytes Content-Length 3387 X-Amz-Cf-Id tJ8xRIuDmqbQ2B9V2BmI5FZRwEGbpAZle_zkiyoRN0iF7EFJOUVW3A==
GET H/1.1	200 OK	okactive.png dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/	3 KB 4 KB	14ms 12ms	Image image/png	143.204.98.149 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/okactive.png Requested by Host: upgradeseparatetypetheclicks.icu URL: http://upgradeseparatetypetheclicks.icu/l00qEJUIOVdcCSoKDIpXgTCAPJhKsB6GixS_ShH4zMo?cid=w9A0RJJCC3O8LDQIHKOCPJEE&sid=lime Protocol HTTP/1.1 Server 143.204.98.149 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-98-149.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash `2755c2a109a7dc442afa20ab5ea319eca18f94a8ea7c05e2dddb6e1264501e23` Request headers Referer http://upgradeseparatetypetheclicks.icu/l00qEJUIOVdcCSoKDIpXgTCAPJhKsB6GixS_ShH4zMo?cid=w9A0RJJCC3O8LDQIHKOCPJEE&sid=lime User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 22 Nov 2018 12:05:10 GMT Via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc5.cloudfront.net (CloudFront) x-amz-meta-crossftp-original-file-date-iso8601 2015-03-09T08:29:12.912Z Server AmazonS3 Age 43946 ETag "2b9dd1759bf55999fc392c5dbb6bb6f7" X-Cache Hit from cloudfront Content-Type image/png Last-Modified Mon, 06 Jun 2016 13:29:05 GMT Connection keep-alive Accept-Ranges bytes Content-Length 3437 X-Amz-Cf-Id NPS9097u1Dm-6kldYE_IpqCs_SuWU4xqEV03E5SeBwXyMwc0QyyTbg==
GET H/1.1	200 OK	okactive@2x.png dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/	4 KB 5 KB	9ms 8ms	Image image/png	143.204.98.149 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/okactive@2x.png Requested by Host: upgradeseparatetypetheclicks.icu URL: http://upgradeseparatetypetheclicks.icu/l00qEJUIOVdcCSoKDIpXgTCAPJhKsB6GixS_ShH4zMo?cid=w9A0RJJCC3O8LDQIHKOCPJEE&sid=lime Protocol HTTP/1.1 Server 143.204.98.149 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-98-149.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash `a8b80ca1f74242b77cbf0ac6ec3e8076757aa54578434944a4e4df767c9cf6ad` Request headers Referer http://upgradeseparatetypetheclicks.icu/l00qEJUIOVdcCSoKDIpXgTCAPJhKsB6GixS_ShH4zMo?cid=w9A0RJJCC3O8LDQIHKOCPJEE&sid=lime User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 21 Nov 2018 12:50:20 GMT Via 1.1 bab8148a65b29113f79cf2725076287d.cloudfront.net (CloudFront) x-amz-meta-crossftp-original-file-date-iso8601 2015-03-09T08:42:33.705Z Server AmazonS3 Age 43946 ETag "370305f8f631cc0642d7bf0d8d7f51e2" X-Cache Hit from cloudfront Content-Type image/png Last-Modified Mon, 06 Jun 2016 13:29:05 GMT Connection keep-alive Accept-Ranges bytes Content-Length 4484 X-Amz-Cf-Id J0QLZXLSOa5BlP6TGPi4p1PtnKegMDoYMMaTR2XwKhE4jZaRu5Uvxw==
GET H/1.1	200 OK	downloadactive@2x.png dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/	7 KB 7 KB	12ms 11ms	Image image/png	143.204.98.149 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/downloadactive@2x.png Requested by Host: upgradeseparatetypetheclicks.icu URL: http://upgradeseparatetypetheclicks.icu/l00qEJUIOVdcCSoKDIpXgTCAPJhKsB6GixS_ShH4zMo?cid=w9A0RJJCC3O8LDQIHKOCPJEE&sid=lime Protocol HTTP/1.1 Server 143.204.98.149 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-98-149.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash `911a71457c0146a07bd5d48ef8556f7a802c9feddf63d59750453ff76a443484` Request headers Referer http://upgradeseparatetypetheclicks.icu/l00qEJUIOVdcCSoKDIpXgTCAPJhKsB6GixS_ShH4zMo?cid=w9A0RJJCC3O8LDQIHKOCPJEE&sid=lime User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 21 Nov 2018 12:50:22 GMT Via 1.1 055d899361491602a9ef1eb0cdc5e337.cloudfront.net (CloudFront) x-amz-meta-crossftp-original-file-date-iso8601 2015-03-09T08:39:32.396Z Server AmazonS3 Age 43946 ETag "1cd55b247bf699786c644652ea0d1973" X-Cache Hit from cloudfront Content-Type image/png Last-Modified Mon, 06 Jun 2016 13:29:02 GMT Connection keep-alive Accept-Ranges bytes Content-Length 6790 X-Amz-Cf-Id Q0IrSvK0V7CIvDgj0z-iIDP7fSJngMObKDS97195hXIS_uAfMuWW9A==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Apple Software Update (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| showStep

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			upgradeseparatetypetheclicks.icu/	1969-12-31 23:59:59	Name: session Value: f54e2fbd-1c1b-4a6e-ad20-0e8d2f0ed24f

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dyo2sa0t1lfkm.cloudfront.net
upgradeseparatetypetheclicks.icu
100.24.228.132
143.204.98.149
2755c2a109a7dc442afa20ab5ea319eca18f94a8ea7c05e2dddb6e1264501e23
2b6f66d6fc25784ab605c93008f911e7e99a78e5de23e0a489ee0f20f0bc2319
5bbee510c3b5965532d53185cadd47753740b6445f2b9bded3849424fcd2661a
60bc686d0dbd4a721a5b96df034ac04067756297cf097ad6f4338b0e37c95af1
7b4d70d5fb64a31f115e1e853b7272e1415ffec2234e78e00847350c23d607fe
7c48ecdfda540af22ecb4d9638c8c0082e401cc4b45aa2df46c976ec80d38c12
7f3d381347b55299235acbe56797358267df5724d2ba397b3afb6bff53517308
85ca0e8a71da7cb9f6da2faad0b491818b83b721a03dd71a9e6c1fd23cc355fe
911a71457c0146a07bd5d48ef8556f7a802c9feddf63d59750453ff76a443484
a8b80ca1f74242b77cbf0ac6ec3e8076757aa54578434944a4e4df767c9cf6ad
d714e144f5890b10e5bfb765e0ea6c31737ee11031131a0c306cc2645ef7ba81

upgradeseparatetypetheclicks.icu Open in urlscan Pro 100.24.228.132 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

11 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

173 kBTransfer

168 kBSize

1 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

1 Cookies

Indicators

upgradeseparatetypetheclicks.icu Open in urlscan Pro
100.24.228.132 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

173 kB
Transfer

168 kB
Size

1
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!