icecreambossnc.top Open in urlscan Pro
2606:4700:30::681b:b389  Malicious Activity! Public Scan

Submitted URL: https://londongiftshops.xyz/email@@=
Effective URL: https://icecreambossnc.top/10324/04711/0221/login.php?cmd=login_submit&id=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a...
Submission: On June 26 via manual from IN

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 6 HTTP transactions. The main IP is 2606:4700:30::681b:b389, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is icecreambossnc.top.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on June 25th 2019. Valid for: a year.
This is the only time icecreambossnc.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sharepoint (Online)

Domain & IP information

IP Address AS Autonomous System
2 3 2606:4700:30:... 13335 (CLOUDFLAR...)
3 6 2606:4700:30:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
6 4
Apex Domain
Subdomains
Transfer
6 icecreambossnc.top
icecreambossnc.top
27 KB
3 londongiftshops.xyz
londongiftshops.xyz
774 B
1 googleapis.com
ajax.googleapis.com
30 KB
0 smallenvelop.com Failed
smallenvelop.com Failed
6 4
Domain Requested by
6 icecreambossnc.top 3 redirects londongiftshops.xyz
icecreambossnc.top
3 londongiftshops.xyz 2 redirects
1 ajax.googleapis.com icecreambossnc.top
0 smallenvelop.com Failed icecreambossnc.top
6 4

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2
2019-06-25 -
2020-06-24
a year crt.sh
*.googleapis.com
Google Internet Authority G3
2019-06-11 -
2019-09-03
3 months crt.sh

This page contains 1 frames:

Primary Page: https://icecreambossnc.top/10324/04711/0221/login.php?cmd=login_submit&id=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348&session=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348
Frame ID: C93CD7562FC461CF8701C356FC061E3B
Requests: 6 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://londongiftshops.xyz/email@@= HTTP 301
    http://londongiftshops.xyz/email@@=/ HTTP 301
    https://londongiftshops.xyz/email@@=/ Page URL
  2. https://icecreambossnc.top/10324/04711/0221?email= HTTP 301
    http://icecreambossnc.top/10324/04711/0221/?email= HTTP 301
    https://icecreambossnc.top/10324/04711/0221/?email= HTTP 302
    https://icecreambossnc.top/10324/04711/0221/login.php?cmd=login_submit&id=19ddcf8b8089d9f9a86eeb54532cf... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

6
Requests

83 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

56 kB
Transfer

111 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://londongiftshops.xyz/email@@= HTTP 301
    http://londongiftshops.xyz/email@@=/ HTTP 301
    https://londongiftshops.xyz/email@@=/ Page URL
  2. https://icecreambossnc.top/10324/04711/0221?email= HTTP 301
    http://icecreambossnc.top/10324/04711/0221/?email= HTTP 301
    https://icecreambossnc.top/10324/04711/0221/?email= HTTP 302
    https://icecreambossnc.top/10324/04711/0221/login.php?cmd=login_submit&id=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348&session=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://londongiftshops.xyz/email@@= HTTP 301
  • http://londongiftshops.xyz/email@@=/ HTTP 301
  • https://londongiftshops.xyz/email@@=/

6 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
londongiftshops.xyz/email@@=/
Redirect Chain
  • https://londongiftshops.xyz/email@@=
  • http://londongiftshops.xyz/email@@=/
  • https://londongiftshops.xyz/email@@=/
110 B
153 B
Document
General
Full URL
https://londongiftshops.xyz/email@@=/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681b:9852 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f3bc26188b3d3b7f91b6685e3718a067f50b33a9fb9666bebdf8167e0eea344f

Request headers

:method
GET
:authority
londongiftshops.xyz
:scheme
https
:path
/email@@=/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
accept-encoding
gzip, deflate, br
cookie
__cfduid=d5552a69553e77a78473f2942ee30faab1561569494
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Wed, 26 Jun 2019 17:18:14 GMT
content-type
text/html; charset=UTF-8
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
4ed0d6dc5da264c1-FRA
content-encoding
br

Redirect headers

Date
Wed, 26 Jun 2019 17:18:14 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
max-age=3600
Expires
Wed, 26 Jun 2019 18:18:14 GMT
Location
https://londongiftshops.xyz/email@@=/
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
4ed0d6dc38a4beb5-FRA
Primary Request login.php
icecreambossnc.top/10324/04711/0221/
Redirect Chain
  • https://icecreambossnc.top/10324/04711/0221?email=
  • http://icecreambossnc.top/10324/04711/0221/?email=
  • https://icecreambossnc.top/10324/04711/0221/?email=
  • https://icecreambossnc.top/10324/04711/0221/login.php?cmd=login_submit&id=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348&session=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a8...
2 KB
924 B
Document
General
Full URL
https://icecreambossnc.top/10324/04711/0221/login.php?cmd=login_submit&id=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348&session=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348
Requested by
Host: londongiftshops.xyz
URL: https://londongiftshops.xyz/email@@=/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681b:b389 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
baf7249d49a36166ddda23bd34f312495116e2b6519e2c49289ca3637af43b99

Request headers

:method
GET
:authority
icecreambossnc.top
:scheme
https
:path
/10324/04711/0221/login.php?cmd=login_submit&id=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348&session=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
accept-encoding
gzip, deflate, br
cookie
__cfduid=d3075b159098d9862fd14b06644b882651561569494
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Wed, 26 Jun 2019 17:18:15 GMT
content-type
text/html; charset=UTF-8
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
4ed0d6e04db4d705-FRA
content-encoding
br

Redirect headers

status
302
date
Wed, 26 Jun 2019 17:18:15 GMT
content-type
text/html; charset=UTF-8
location
login.php?cmd=login_submit&id=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348&session=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
4ed0d6dee867d705-FRA
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/
84 KB
30 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Requested by
Host: icecreambossnc.top
URL: https://icecreambossnc.top/10324/04711/0221/login.php?cmd=login_submit&id=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348&session=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://icecreambossnc.top/10324/04711/0221/login.php?cmd=login_submit&id=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348&session=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 18 Jun 2019 13:28:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
705001
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
30028
x-xss-protection
0
last-modified
Tue, 20 Dec 2016 18:17:03 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 17 Jun 2020 13:28:14 GMT
p1.png
icecreambossnc.top/10324/04711/0221/images/
24 KB
24 KB
Image
General
Full URL
https://icecreambossnc.top/10324/04711/0221/images/p1.png
Requested by
Host: icecreambossnc.top
URL: https://icecreambossnc.top/10324/04711/0221/login.php?cmd=login_submit&id=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348&session=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681b:b389 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6d5db84c26e55b5329470030c7ecbee6cfdc3d164ef2ddfeb2d00ccc992c652

Request headers

Referer
https://icecreambossnc.top/10324/04711/0221/login.php?cmd=login_submit&id=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348&session=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 26 Jun 2019 17:18:15 GMT
cf-cache-status
HIT
age
35
status
200
content-length
24719
pragma
public
last-modified
Thu, 02 Aug 2018 09:54:18 GMT
server
cloudflare
etag
"5b62d4ca-608f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
4ed0d6e128c0d705-FRA
expires
Fri, 26 Jul 2019 17:18:15 GMT
xt.png
icecreambossnc.top/10324/04711/0221/images/
640 B
835 B
Image
General
Full URL
https://icecreambossnc.top/10324/04711/0221/images/xt.png
Requested by
Host: icecreambossnc.top
URL: https://icecreambossnc.top/10324/04711/0221/login.php?cmd=login_submit&id=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348&session=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681b:b389 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce50eaaaa4d608a8bb8ab01ce9c7084ab717e82c044f76f5bc5dabe5a733406c

Request headers

Referer
https://icecreambossnc.top/10324/04711/0221/login.php?cmd=login_submit&id=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348&session=19ddcf8b8089d9f9a86eeb54532cf34819ddcf8b8089d9f9a86eeb54532cf348
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 26 Jun 2019 17:18:15 GMT
cf-cache-status
HIT
age
35
status
200
content-length
640
pragma
public
last-modified
Thu, 02 Aug 2018 09:54:42 GMT
server
cloudflare
etag
"5b62d4e2-280"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
4ed0d6e128c2d705-FRA
expires
Fri, 26 Jul 2019 17:18:15 GMT
Preloader_11.gif
smallenvelop.com/wp-content/uploads/2014/08/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
smallenvelop.com
URL
https://smallenvelop.com/wp-content/uploads/2014/08/Preloader_11.gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sharepoint (Online)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery

0 Cookies