fastertypefresh-theclicks.icu
Open in
urlscan Pro
100.24.228.132
Malicious Activity!
Public Scan
Effective URL: http://fastertypefresh-theclicks.icu/_aXvH6rK4hjpkD0vcAHQu051UjRY85zUkGUmMnNZeE0?cid=7tmzpdsl93&sid=5582
Submission: On March 07 via api from US
Summary
This is the only time fastertypefresh-theclicks.icu was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Apple Software Update (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 88.214.207.128 88.214.207.128 | 46636 (NATCOWEB) (NATCOWEB - NatCoWeb Corp.) | |
2 2 | 46.229.167.130 46.229.167.130 | 39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS) | |
1 1 | 64.111.192.97 64.111.192.97 | 23393 (NUCDN) (NUCDN - NuCDN LLC) | |
1 1 | 34.228.97.32 34.228.97.32 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
1 | 100.24.228.132 100.24.228.132 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
10 | 143.204.208.175 143.204.208.175 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
11 | 2 |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-228-97-32.compute-1.amazonaws.com
tracker1027-973701781.us-east-1.elb.amazonaws.com |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-100-24-228-132.compute-1.amazonaws.com
fastertypefresh-theclicks.icu |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-208-175.fra53.r.cloudfront.net
dyo2sa0t1lfkm.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
cloudfront.net
dyo2sa0t1lfkm.cloudfront.net |
149 KB |
2 |
t2lgo.com
2 redirects
t2lgo.com |
821 B |
1 |
fastertypefresh-theclicks.icu
fastertypefresh-theclicks.icu |
24 KB |
1 |
amazonaws.com
1 redirects
tracker1027-973701781.us-east-1.elb.amazonaws.com |
272 B |
1 |
feston.pro
1 redirects
feston.pro |
349 B |
1 |
mysearchweb.net
1 redirects
mysearchweb.net |
381 B |
11 | 6 |
Domain | Requested by | |
---|---|---|
10 | dyo2sa0t1lfkm.cloudfront.net |
fastertypefresh-theclicks.icu
|
2 | t2lgo.com | 2 redirects |
1 | fastertypefresh-theclicks.icu | |
1 | tracker1027-973701781.us-east-1.elb.amazonaws.com | 1 redirects |
1 | feston.pro | 1 redirects |
1 | mysearchweb.net | 1 redirects |
11 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://fastertypefresh-theclicks.icu/_aXvH6rK4hjpkD0vcAHQu051UjRY85zUkGUmMnNZeE0?cid=7tmzpdsl93&sid=5582
Frame ID: C6FA2EF18D7C205087A40C14421F61AA
Requests: 11 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://mysearchweb.net/sn/neqw.cgi?6&seoref=¶meter=$keyword&se=$se&ur=1&HTTP_REFERER=http%3A%2F...
HTTP 302
http://t2lgo.com/Gmxa0?pass[filename]=Clickshare+Launcher+ HTTP 302
http://feston.pro/?group_id=3&ext_click_id=pqmcza5mz6&pub_account_id=MXP5PjoL0vnjlEchNyc--MvF8... HTTP 302
http://t2lgo.com/Y3zM9?sid5=xt9qeywygn&pub_account_id=MXP5PjoL0vnjlEchNyc--MvF8UHyZTJzsg7doQP... HTTP 302
http://tracker1027-973701781.us-east-1.elb.amazonaws.com/fds56f3f35fg4h5sf4g/dfsa3f23g54hg5d4dcfgrc/?utm_source=624&utm_campaign=7909... HTTP 302
http://fastertypefresh-theclicks.icu/_aXvH6rK4hjpkD0vcAHQu051UjRY85zUkGUmMnNZeE0?cid=7tmzpdsl93&sid=5582 Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://mysearchweb.net/sn/neqw.cgi?6&seoref=¶meter=$keyword&se=$se&ur=1&HTTP_REFERER=http%3A%2F%2Fclicksharelauncherdownload.pcfreedownloadx.com%2F&default_keyword=Clickshare+Launcher+Download
HTTP 302
http://t2lgo.com/Gmxa0?pass[filename]=Clickshare+Launcher+ HTTP 302
http://feston.pro/?group_id=3&ext_click_id=pqmcza5mz6&pub_account_id=MXP5PjoL0vnjlEchNyc--MvF8UHyZTJzsg7doQPe15IGEEYifwC00lPkyCq8Im_IjfBmct9WLCs___&ext_pub_account_id=&h=9386d64f8030129e8546591d64026d8b&fn=Clickshare+Launcher+ HTTP 302
http://t2lgo.com/Y3zM9?sid5=xt9qeywygn&pub_account_id=MXP5PjoL0vnjlEchNyc--MvF8UHyZTJzsg7doQPe15IGEEYifwC00lPkyCq8Im_IjfBmct9WLCs___ HTTP 302
http://tracker1027-973701781.us-east-1.elb.amazonaws.com/fds56f3f35fg4h5sf4g/dfsa3f23g54hg5d4dcfgrc/?utm_source=624&utm_campaign=7909440&clck=7tmzpdsl93&sid=5582 HTTP 302
http://fastertypefresh-theclicks.icu/_aXvH6rK4hjpkD0vcAHQu051UjRY85zUkGUmMnNZeE0?cid=7tmzpdsl93&sid=5582 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
_aXvH6rK4hjpkD0vcAHQu051UjRY85zUkGUmMnNZeE0
fastertypefresh-theclicks.icu/ Redirect Chain
|
24 KB 24 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clean_k.png
dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/ |
81 KB 81 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
downloadgif.gif
dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/ |
12 KB 12 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
downloadactive.png
dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ok.png
dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
okactive.png
dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
okactive@2x.png
dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
downloadactive@2x.png
dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow__blue.png
dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pattern__safari1.jpg
dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/ |
25 KB 25 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pattern__safari-arrow.png
dyo2sa0t1lfkm.cloudfront.net/lps/flash_mac/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Apple Software Update (Online)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| showStep1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
fastertypefresh-theclicks.icu/ | Name: session Value: 696a6c86-291b-475d-833b-38aa490dc856 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
dyo2sa0t1lfkm.cloudfront.net
fastertypefresh-theclicks.icu
feston.pro
mysearchweb.net
t2lgo.com
tracker1027-973701781.us-east-1.elb.amazonaws.com
100.24.228.132
143.204.208.175
34.228.97.32
46.229.167.130
64.111.192.97
88.214.207.128
2755c2a109a7dc442afa20ab5ea319eca18f94a8ea7c05e2dddb6e1264501e23
2b6f66d6fc25784ab605c93008f911e7e99a78e5de23e0a489ee0f20f0bc2319
5bbee510c3b5965532d53185cadd47753740b6445f2b9bded3849424fcd2661a
60bc686d0dbd4a721a5b96df034ac04067756297cf097ad6f4338b0e37c95af1
710fff93efdcb4aecd311d6331b2250b777a62e10e0d7b7eabd468703e22875a
7b4d70d5fb64a31f115e1e853b7272e1415ffec2234e78e00847350c23d607fe
7c48ecdfda540af22ecb4d9638c8c0082e401cc4b45aa2df46c976ec80d38c12
85ca0e8a71da7cb9f6da2faad0b491818b83b721a03dd71a9e6c1fd23cc355fe
911a71457c0146a07bd5d48ef8556f7a802c9feddf63d59750453ff76a443484
a8b80ca1f74242b77cbf0ac6ec3e8076757aa54578434944a4e4df767c9cf6ad
d714e144f5890b10e5bfb765e0ea6c31737ee11031131a0c306cc2645ef7ba81