savebestonline-theclicks.icu Open in urlscan Pro
52.72.36.238 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://prkrls.info/wprt30?x=Free%204x6%20index%20card%20template
Effective URL:
http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID]
Submission: On February 27 via manual (February 27th 2019, 2:27:18 pm UTC) from US

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 5 domains to perform 12 HTTP transactions. The main IP is 52.72.36.238, located in Ashburn, United States and belongs to AMAZON-AES - Amazon.com, Inc., US. The main domain is savebestonline-theclicks.icu.

This is the only time savebestonline-theclicks.icu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Apple Software Update (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	176.114.8.23 176.114.8.23	56485 (THEHOST-AS) (THEHOST-AS)
1	78.140.165.14 78.140.165.14	35415 (WEBZILLA) (WEBZILLA)
1 1	34.225.190.7 34.225.190.7	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	52.72.36.238 52.72.36.238	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
10	13.32.222.240 13.32.222.240	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
12	3

1 176.114.8.23 (Ukraine) 1 redirects

ASN56485 (THEHOST-AS, UA)
PTR: alldownttt777.com

prkrls.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 78.140.165.14 (Netherlands)

ASN35415 (WEBZILLA, NL)

iomecwoienv.host	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.225.190.7 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-225-190-7.compute-1.amazonaws.com

volume.vuer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.72.36.238 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-72-36-238.compute-1.amazonaws.com

savebestonline-theclicks.icu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 13.32.222.240 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-222-240.fra56.r.cloudfront.net

dh4vbtdpu4esr.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	cloudfront.net dh4vbtdpu4esr.cloudfront.net	149 KB
1	savebestonline-theclicks.icu savebestonline-theclicks.icu	24 KB
1	vuer.net 1 redirects volume.vuer.net	297 B
1	iomecwoienv.host iomecwoienv.host	6 KB
1	prkrls.info 1 redirects prkrls.info	317 B
12	5

	Domain	Requested by
10	dh4vbtdpu4esr.cloudfront.net	savebestonline-theclicks.icu
1	savebestonline-theclicks.icu	iomecwoienv.host
1	volume.vuer.net	1 redirects
1	iomecwoienv.host
1	prkrls.info	1 redirects
12	5

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID]
Frame ID: 1E037F21C667D2AE2098025195A5B378
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://prkrls.info/wprt30?x=Free%204x6%20index%20card%20template HTTP 302
http://iomecwoienv.host/mmd/?token=698c0715ebe28229973598369befe109d70d0cd9&q= Page URL
https://volume.vuer.net/dwe/rru/?utm_source=444&utm_campaign=7937902&qs1=&clck=ADaedlz6TAAA-P8BAERFM... HTTP 302
http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtU... Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

12
Requests

0 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

3
IPs

3
Countries

179 kB
Transfer

173 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://prkrls.info/wprt30?x=Free%204x6%20index%20card%20template HTTP 302
http://iomecwoienv.host/mmd/?token=698c0715ebe28229973598369befe109d70d0cd9&q= Page URL
https://volume.vuer.net/dwe/rru/?utm_source=444&utm_campaign=7937902&qs1=&clck=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA HTTP 302
http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID] Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://prkrls.info/wprt30?x=Free%204x6%20index%20card%20template HTTP 302
http://iomecwoienv.host/mmd/?token=698c0715ebe28229973598369befe109d70d0cd9&q=

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Cookie set / iomecwoienv.host/mmd/ Redirect Chain http://prkrls.info/wprt30?x=Free%204x6%20index%20card%20template http://iomecwoienv.host/mmd/?token=698c0715ebe28229973598369befe109d70d0cd9&q=	5 KB 6 KB	63ms 22ms	Document text/html	78.140.165.14 WEBZILLA
General Check archive.org Show headers Download Go to Full URL http://iomecwoienv.host/mmd/?token=698c0715ebe28229973598369befe109d70d0cd9&q= Protocol HTTP/1.1 Server 78.140.165.14 , Netherlands, ASN35415 (WEBZILLA, NL), Reverse DNS Software nginx/1.14.0 / Resource Hash Request headers Host iomecwoienv.host Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Server nginx/1.14.0 Date Wed, 27 Feb 2019 14:27:02 GMT Content-Type text/html; charset=utf-8 Transfer-Encoding chunked Connection keep-alive Set-Cookie bd_context=OjM1o8YEPT9tWYe7fz9go3RPHgPH2djg8JHmnEBWiZe9F8O5JL+21lDZQGQAHxgC9QASlXbGJ+lreZPLBH2YFFU7LXRx0724VNw1vRTK0DiUE0pzkpropZlbHwrCUav27+r/X1ubhb2SoCHbx7B7Ry+f6xIoVddX5BjV7wZe0oNHxDO/5tzF7dBP5rOo7q87b0qMnvwecR2Y3zKJarXRDbj/4CqRPm7ef+1vifeQzWYnfNC6xtSEI37i3B/cjOeZt6QD6t7g2MpaJ6rzNJsv5OPPqT53f/3HMn1wYIQkoIyYMQB1T5O6tjwMbOHhkOjp251B9I5YQKl8Cwi7dTeT; Expires=Thu, 27 Feb 2020 14:27:02 GMT Redirect headers Date Wed, 27 Feb 2019 14:27:02 GMT Server Apache/2.4.7 (Ubuntu) X-Powered-By PHP/5.5.9-1ubuntu4.26 Location http://iomecwoienv.host/mmd/?token=698c0715ebe28229973598369befe109d70d0cd9&q= Content-Length 0 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	Primary Request Cookie set 02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI Show response savebestonline-theclicks.icu/ Redirect Chain https://volume.vuer.net/dwe/rru/?utm_source=444&utm_campaign=7937902&qs1=&clck=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID]	24 KB 24 KB	223ms 98ms	Document text/html	52.72.36.238 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID] Requested by Host: iomecwoienv.host URL: http://iomecwoienv.host/mmd/?token=698c0715ebe28229973598369befe109d70d0cd9&q= Protocol HTTP/1.1 Server 52.72.36.238 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-52-72-36-238.compute-1.amazonaws.com Software nginx / Resource Hash `5dfe24bbcb431bb79aeef2fd4fbd8caf6bea12d2382d8ba8e06d4dbfaa15a29b` Request headers Host savebestonline-theclicks.icu Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer http://iomecwoienv.host/ Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://iomecwoienv.host/ Response headers Date Wed, 27 Feb 2019 14:27:02 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive Set-Cookie session=eace59c8-b10f-43db-b2d4-f0c5f2655f19 Server nginx Redirect headers Date Wed, 27 Feb 2019 14:27:02 GMT Content-Type text/html Content-Length 158 Connection keep-alive Location http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID] Server nginx
GET H/1.1	200 OK	arrow__blue.png dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/	2 KB 3 KB	132ms 8ms	Image image/png	13.32.222.240 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/arrow__blue.png Requested by Host: savebestonline-theclicks.icu URL: http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID] Protocol HTTP/1.1 Server 13.32.222.240 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-13-32-222-240.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash `5bbee510c3b5965532d53185cadd47753740b6445f2b9bded3849424fcd2661a` Request headers Referer http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID] User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 26 Feb 2019 21:59:55 GMT Via 1.1 852d9d8bb32e82e505d63b5dd4b1e6e1.cloudfront.net (CloudFront) x-amz-meta-crossftp-original-file-date-iso8601 2017-01-30T08:48:38.478Z Server AmazonS3 Age 85543 ETag "6d26faedbdd557f7dcd86e9060de347f" X-Cache Hit from cloudfront Content-Type image/png Last-Modified Mon, 30 Jan 2017 13:50:57 GMT Connection keep-alive Accept-Ranges bytes Content-Length 2266 X-Amz-Cf-Id PI-8vfaad8haj6zWDYrFUYjU29pYTUBjZQgPKF-lEMs3GW47cGXa7Q==
GET H/1.1	200 OK	pattern__safari1.jpg dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/	25 KB 25 KB	133ms 9ms	Image image/jpeg	13.32.222.240 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/pattern__safari1.jpg Requested by Host: savebestonline-theclicks.icu URL: http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID] Protocol HTTP/1.1 Server 13.32.222.240 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-13-32-222-240.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash `7b4d70d5fb64a31f115e1e853b7272e1415ffec2234e78e00847350c23d607fe` Request headers Referer http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID] User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 27 Feb 2019 12:12:26 GMT Via 1.1 852d9d8bb32e82e505d63b5dd4b1e6e1.cloudfront.net (CloudFront) x-amz-meta-crossftp-original-file-date-iso8601 2017-01-31T09:32:59.097Z Server AmazonS3 Age 46415 ETag "918dfef192de7b99284e969e75d6cc29" X-Cache Hit from cloudfront Content-Type image/jpeg Last-Modified Thu, 15 Feb 2018 14:46:36 GMT Connection keep-alive Accept-Ranges bytes Content-Length 25293 X-Amz-Cf-Id lpT6FqwzFDrsddCKK9XaMjYCiHCQM8lwcZoYqTlnSqDzZmPBy7BXyw==
GET H/1.1	200 OK	pattern__safari-arrow.png dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/	3 KB 4 KB	133ms 9ms	Image image/png	13.32.222.240 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/pattern__safari-arrow.png Requested by Host: savebestonline-theclicks.icu URL: http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID] Protocol HTTP/1.1 Server 13.32.222.240 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-13-32-222-240.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash `7c48ecdfda540af22ecb4d9638c8c0082e401cc4b45aa2df46c976ec80d38c12` Request headers Referer http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID] User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 26 Feb 2019 18:36:04 GMT Via 1.1 3664cc1fd21a07e55327a9c256fa758a.cloudfront.net (CloudFront) x-amz-meta-crossftp-original-file-date-iso8601 2017-01-30T12:13:47.914Z Server AmazonS3 Age 71460 ETag "496171f7f5272b0c3b8ae1d526110caf" X-Cache Hit from cloudfront Content-Type image/png Last-Modified Mon, 30 Jan 2017 13:51:01 GMT Connection keep-alive Accept-Ranges bytes Content-Length 3478 X-Amz-Cf-Id B13Rlcrm5H0IANoJit7sztxRqRAhZEihPjuCRe-cl32yuVKKTVyTmQ==
GET H/1.1	200 OK	clean_k.png dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/	81 KB 81 KB	132ms 8ms	Image image/png	13.32.222.240 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/clean_k.png Requested by Host: savebestonline-theclicks.icu URL: http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID] Protocol HTTP/1.1 Server 13.32.222.240 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-13-32-222-240.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash `2b6f66d6fc25784ab605c93008f911e7e99a78e5de23e0a489ee0f20f0bc2319` Request headers Referer http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID] User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 27 Feb 2019 12:12:24 GMT Via 1.1 617456b5ad99c756ee702b235ecfe148.cloudfront.net (CloudFront) Last-Modified Mon, 01 Oct 2018 08:43:22 GMT Server AmazonS3 Age 64705 ETag "03bf1d883e59c49a3564d917790bf834" x-amz-meta-origin-date-iso8601 2018-10-01T08:42:43.636Z X-Cache Hit from cloudfront Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 82521 X-Amz-Cf-Id tCs4q9zd60l491_zSvmf-6SDgPHau6hyg_c7KNTLCIV8NiB14YgfNw==
GET H/1.1	200 OK	downloadgif.gif dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/	12 KB 12 KB	141ms 18ms	Image image/gif	13.32.222.240 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/downloadgif.gif Requested by Host: savebestonline-theclicks.icu URL: http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID] Protocol HTTP/1.1 Server 13.32.222.240 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-13-32-222-240.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash `d714e144f5890b10e5bfb765e0ea6c31737ee11031131a0c306cc2645ef7ba81` Request headers Referer http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID] User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Sat, 03 Nov 2018 19:34:50 GMT Via 1.1 3664cc1fd21a07e55327a9c256fa758a.cloudfront.net (CloudFront) x-amz-meta-crossftp-original-file-date-iso8601 2015-03-09T08:38:13.325Z Server AmazonS3 Age 59228 ETag "71d508a5a418c2eab6ac59dab52e5f53" X-Cache Hit from cloudfront Content-Type image/gif Last-Modified Mon, 06 Jun 2016 13:29:02 GMT Connection keep-alive Accept-Ranges bytes Content-Length 11787 X-Amz-Cf-Id 6auSH36pxKd9q0Iq-oUn8DTUlu8Am4m41g5YujQXlti24rgQNIGWeQ==
GET H/1.1	200 OK	downloadactive.png dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/	4 KB 5 KB	136ms 13ms	Image image/png	13.32.222.240 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/downloadactive.png Requested by Host: savebestonline-theclicks.icu URL: http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID] Protocol HTTP/1.1 Server 13.32.222.240 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-13-32-222-240.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash `85ca0e8a71da7cb9f6da2faad0b491818b83b721a03dd71a9e6c1fd23cc355fe` Request headers Referer http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID] User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Sat, 03 Nov 2018 19:34:50 GMT Via 1.1 5d4ff22febf83d261f03aa068f5bdc04.cloudfront.net (CloudFront) x-amz-meta-crossftp-original-file-date-iso8601 2015-03-09T08:30:35.401Z Server AmazonS3 Age 71460 ETag "759894fc31058cbee5c154ddf8109da6" X-Cache Hit from cloudfront Content-Type image/png Last-Modified Mon, 06 Jun 2016 13:29:02 GMT Connection keep-alive Accept-Ranges bytes Content-Length 4367 X-Amz-Cf-Id MQI_zyXYgM3v4YCpiTJaSRPMhWkLR2BU-d6GzuzkDEig7x-wbUQGtg==
GET H/1.1	200 OK	ok.png dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/	3 KB 4 KB	13ms 12ms	Image image/png	13.32.222.240 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/ok.png Requested by Host: savebestonline-theclicks.icu URL: http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID] Protocol HTTP/1.1 Server 13.32.222.240 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-13-32-222-240.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash `60bc686d0dbd4a721a5b96df034ac04067756297cf097ad6f4338b0e37c95af1` Request headers Referer http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID] User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 27 Feb 2019 12:15:07 GMT Via 1.1 3664cc1fd21a07e55327a9c256fa758a.cloudfront.net (CloudFront) x-amz-meta-crossftp-original-file-date-iso8601 2015-03-09T08:27:57.299Z Server AmazonS3 Age 64322 ETag "8735b3e852676168da0cb997fc397c4d" X-Cache Hit from cloudfront Content-Type image/png Last-Modified Mon, 06 Jun 2016 13:29:04 GMT Connection keep-alive Accept-Ranges bytes Content-Length 3387 X-Amz-Cf-Id B2b9bRr-MCxegRLI139GC7XMQNb4He97gZE6CrQxrdmFgvVB76u6sQ==
GET H/1.1	200 OK	okactive.png dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/	3 KB 4 KB	14ms 13ms	Image image/png	13.32.222.240 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/okactive.png Requested by Host: savebestonline-theclicks.icu URL: http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID] Protocol HTTP/1.1 Server 13.32.222.240 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-13-32-222-240.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash `2755c2a109a7dc442afa20ab5ea319eca18f94a8ea7c05e2dddb6e1264501e23` Request headers Referer http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID] User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 27 Feb 2019 12:15:08 GMT Via 1.1 852d9d8bb32e82e505d63b5dd4b1e6e1.cloudfront.net (CloudFront) x-amz-meta-crossftp-original-file-date-iso8601 2015-03-09T08:29:12.912Z Server AmazonS3 Age 7916 ETag "2b9dd1759bf55999fc392c5dbb6bb6f7" X-Cache Hit from cloudfront Content-Type image/png Last-Modified Mon, 06 Jun 2016 13:29:05 GMT Connection keep-alive Accept-Ranges bytes Content-Length 3437 X-Amz-Cf-Id Zl5tEBb7tePo4qDsnhoSkL5AfHBZLk5x_qDBVeLHYDWhlW2SvpgUtQ==
GET H/1.1	200 OK	okactive@2x.png dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/	4 KB 5 KB	12ms 11ms	Image image/png	13.32.222.240 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/okactive@2x.png Requested by Host: savebestonline-theclicks.icu URL: http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID] Protocol HTTP/1.1 Server 13.32.222.240 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-13-32-222-240.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash `a8b80ca1f74242b77cbf0ac6ec3e8076757aa54578434944a4e4df767c9cf6ad` Request headers Referer http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID] User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 27 Feb 2019 12:15:07 GMT Via 1.1 5d4ff22febf83d261f03aa068f5bdc04.cloudfront.net (CloudFront) x-amz-meta-crossftp-original-file-date-iso8601 2015-03-09T08:42:33.705Z Server AmazonS3 Age 55161 ETag "370305f8f631cc0642d7bf0d8d7f51e2" X-Cache Hit from cloudfront Content-Type image/png Last-Modified Mon, 06 Jun 2016 13:29:05 GMT Connection keep-alive Accept-Ranges bytes Content-Length 4484 X-Amz-Cf-Id nc8YE9jzGhVU4tnmTW37NBDH76wqJzsBHow7lyaZTIrRmzxGZmKjlQ==
GET H/1.1	200 OK	downloadactive@2x.png dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/	7 KB 7 KB	10ms 9ms	Image image/png	13.32.222.240 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/downloadactive@2x.png Requested by Host: savebestonline-theclicks.icu URL: http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID] Protocol HTTP/1.1 Server 13.32.222.240 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-13-32-222-240.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash `911a71457c0146a07bd5d48ef8556f7a802c9feddf63d59750453ff76a443484` Request headers Referer http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID] User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 27 Feb 2019 01:43:10 GMT Via 1.1 852d9d8bb32e82e505d63b5dd4b1e6e1.cloudfront.net (CloudFront) x-amz-meta-crossftp-original-file-date-iso8601 2015-03-09T08:39:32.396Z Server AmazonS3 Age 60953 ETag "1cd55b247bf699786c644652ea0d1973" X-Cache Hit from cloudfront Content-Type image/png Last-Modified Mon, 06 Jun 2016 13:29:02 GMT Connection keep-alive Accept-Ranges bytes Content-Length 6790 X-Amz-Cf-Id bV4D1HHx244vflaJ2Q6H3rlN7cdmVLRwkGKXZTku5B3urOKtSz67Iw==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Apple Software Update (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| showStep

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			savebestonline-theclicks.icu/	1969-12-31 23:59:59	Name: session Value: eace59c8-b10f-43db-b2d4-f0c5f2655f19

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dh4vbtdpu4esr.cloudfront.net
iomecwoienv.host
prkrls.info
savebestonline-theclicks.icu
volume.vuer.net
13.32.222.240
176.114.8.23
34.225.190.7
52.72.36.238
78.140.165.14
2755c2a109a7dc442afa20ab5ea319eca18f94a8ea7c05e2dddb6e1264501e23
2b6f66d6fc25784ab605c93008f911e7e99a78e5de23e0a489ee0f20f0bc2319
5bbee510c3b5965532d53185cadd47753740b6445f2b9bded3849424fcd2661a
5dfe24bbcb431bb79aeef2fd4fbd8caf6bea12d2382d8ba8e06d4dbfaa15a29b
60bc686d0dbd4a721a5b96df034ac04067756297cf097ad6f4338b0e37c95af1
7b4d70d5fb64a31f115e1e853b7272e1415ffec2234e78e00847350c23d607fe
7c48ecdfda540af22ecb4d9638c8c0082e401cc4b45aa2df46c976ec80d38c12
85ca0e8a71da7cb9f6da2faad0b491818b83b721a03dd71a9e6c1fd23cc355fe
911a71457c0146a07bd5d48ef8556f7a802c9feddf63d59750453ff76a443484
a8b80ca1f74242b77cbf0ac6ec3e8076757aa54578434944a4e4df767c9cf6ad
d714e144f5890b10e5bfb765e0ea6c31737ee11031131a0c306cc2645ef7ba81

savebestonline-theclicks.icu Open in urlscan Pro 52.72.36.238 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

0 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

3 IPs

3 Countries

179 kBTransfer

173 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

Indicators

savebestonline-theclicks.icu Open in urlscan Pro
52.72.36.238 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

0 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

3
IPs

3
Countries

179 kB
Transfer

173 kB
Size

1
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!