icecreambossnc.top
Open in
urlscan Pro
2606:4700:30::681b:b389
Malicious Activity!
Public Scan
Effective URL: https://icecreambossnc.top/10324/04711/0221/login.php?cmd=login_submit&id=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a...
Submission: On June 26 via manual from IN
Summary
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on June 25th 2019. Valid for: a year.
This is the only time icecreambossnc.top was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sharepoint (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 3 | 2606:4700:30:... 2606:4700:30::681b:9852 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
3 6 | 2606:4700:30:... 2606:4700:30::681b:b389 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 2a00:1450:400... 2a00:1450:4001:820::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
6 | 4 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
londongiftshops.xyz |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
icecreambossnc.top |
ASN15169 (GOOGLE - Google LLC, US)
ajax.googleapis.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
icecreambossnc.top
3 redirects
icecreambossnc.top |
27 KB |
3 |
londongiftshops.xyz
2 redirects
londongiftshops.xyz |
774 B |
1 |
googleapis.com
ajax.googleapis.com |
30 KB |
0 |
smallenvelop.com
Failed
smallenvelop.com Failed |
|
6 | 4 |
Domain | Requested by | |
---|---|---|
6 | icecreambossnc.top |
3 redirects
londongiftshops.xyz
icecreambossnc.top |
3 | londongiftshops.xyz | 2 redirects |
1 | ajax.googleapis.com |
icecreambossnc.top
|
0 | smallenvelop.com Failed |
icecreambossnc.top
|
6 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-06-25 - 2020-06-24 |
a year | crt.sh |
*.googleapis.com Google Internet Authority G3 |
2019-06-11 - 2019-09-03 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://icecreambossnc.top/10324/04711/0221/login.php?cmd=login_submit&id=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348&session=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348
Frame ID: C93CD7562FC461CF8701C356FC061E3B
Requests: 6 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://londongiftshops.xyz/email@@=
HTTP 301
http://londongiftshops.xyz/email@@=/ HTTP 301
https://londongiftshops.xyz/email@@=/ Page URL
-
https://icecreambossnc.top/10324/04711/0221?email=
HTTP 301
http://icecreambossnc.top/10324/04711/0221/?email= HTTP 301
https://icecreambossnc.top/10324/04711/0221/?email= HTTP 302
https://icecreambossnc.top/10324/04711/0221/login.php?cmd=login_submit&id=19ddcf8b8089d9f9a86eeb54532cf... Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://londongiftshops.xyz/email@@=
HTTP 301
http://londongiftshops.xyz/email@@=/ HTTP 301
https://londongiftshops.xyz/email@@=/ Page URL
-
https://icecreambossnc.top/10324/04711/0221?email=
HTTP 301
http://icecreambossnc.top/10324/04711/0221/?email= HTTP 301
https://icecreambossnc.top/10324/04711/0221/?email= HTTP 302
https://icecreambossnc.top/10324/04711/0221/login.php?cmd=login_submit&id=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348&session=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://londongiftshops.xyz/email@@= HTTP 301
- http://londongiftshops.xyz/email@@=/ HTTP 301
- https://londongiftshops.xyz/email@@=/
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
londongiftshops.xyz/email@@=/ Redirect Chain
|
110 B 153 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
login.php
icecreambossnc.top/10324/04711/0221/ Redirect Chain
|
2 KB 924 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p1.png
icecreambossnc.top/10324/04711/0221/images/ |
24 KB 24 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xt.png
icecreambossnc.top/10324/04711/0221/images/ |
640 B 835 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Preloader_11.gif
smallenvelop.com/wp-content/uploads/2014/08/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- smallenvelop.com
- URL
- https://smallenvelop.com/wp-content/uploads/2014/08/Preloader_11.gif
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sharepoint (Online)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
icecreambossnc.top
londongiftshops.xyz
smallenvelop.com
smallenvelop.com
2606:4700:30::681b:9852
2606:4700:30::681b:b389
2a00:1450:4001:820::200a
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
baf7249d49a36166ddda23bd34f312495116e2b6519e2c49289ca3637af43b99
ce50eaaaa4d608a8bb8ab01ce9c7084ab717e82c044f76f5bc5dabe5a733406c
e6d5db84c26e55b5329470030c7ecbee6cfdc3d164ef2ddfeb2d00ccc992c652
f3bc26188b3d3b7f91b6685e3718a067f50b33a9fb9666bebdf8167e0eea344f