savebestonline-theclicks.icu
Open in
urlscan Pro
52.72.36.238
Malicious Activity!
Public Scan
Effective URL: http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID]
Submission: On February 27 via manual from US
Summary
This is the only time savebestonline-theclicks.icu was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Apple Software Update (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 176.114.8.23 176.114.8.23 | 56485 (THEHOST-AS) (THEHOST-AS) | |
1 | 78.140.165.14 78.140.165.14 | 35415 (WEBZILLA) (WEBZILLA) | |
1 1 | 34.225.190.7 34.225.190.7 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
1 | 52.72.36.238 52.72.36.238 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
10 | 13.32.222.240 13.32.222.240 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
12 | 3 |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-225-190-7.compute-1.amazonaws.com
volume.vuer.net |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-72-36-238.compute-1.amazonaws.com
savebestonline-theclicks.icu |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-222-240.fra56.r.cloudfront.net
dh4vbtdpu4esr.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
cloudfront.net
dh4vbtdpu4esr.cloudfront.net |
149 KB |
1 |
savebestonline-theclicks.icu
savebestonline-theclicks.icu |
24 KB |
1 |
vuer.net
1 redirects
volume.vuer.net |
297 B |
1 |
iomecwoienv.host
iomecwoienv.host |
6 KB |
1 |
prkrls.info
1 redirects
prkrls.info |
317 B |
12 | 5 |
Domain | Requested by | |
---|---|---|
10 | dh4vbtdpu4esr.cloudfront.net |
savebestonline-theclicks.icu
|
1 | savebestonline-theclicks.icu |
iomecwoienv.host
|
1 | volume.vuer.net | 1 redirects |
1 | iomecwoienv.host | |
1 | prkrls.info | 1 redirects |
12 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID]
Frame ID: 1E037F21C667D2AE2098025195A5B378
Requests: 12 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://prkrls.info/wprt30?x=Free%204x6%20index%20card%20template
HTTP 302
http://iomecwoienv.host/mmd/?token=698c0715ebe28229973598369befe109d70d0cd9&q= Page URL
-
https://volume.vuer.net/dwe/rru/?utm_source=444&utm_campaign=7937902&qs1=&clck=ADaedlz6TAAA-P8BAERFM...
HTTP 302
http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtU... Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://prkrls.info/wprt30?x=Free%204x6%20index%20card%20template
HTTP 302
http://iomecwoienv.host/mmd/?token=698c0715ebe28229973598369befe109d70d0cd9&q= Page URL
-
https://volume.vuer.net/dwe/rru/?utm_source=444&utm_campaign=7937902&qs1=&clck=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA
HTTP 302
http://savebestonline-theclicks.icu/02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI?cid=ADaedlz6TAAA-P8BAERFMwASAEtUFQgA&sid=[SUB_ID] Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://prkrls.info/wprt30?x=Free%204x6%20index%20card%20template HTTP 302
- http://iomecwoienv.host/mmd/?token=698c0715ebe28229973598369befe109d70d0cd9&q=
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
/
iomecwoienv.host/mmd/ Redirect Chain
|
5 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Cookie set
02B8nytU9EnHqLmXMnV5XpFBI2WVLwdn8pTQyIk1jxI
savebestonline-theclicks.icu/ Redirect Chain
|
24 KB 24 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow__blue.png
dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pattern__safari1.jpg
dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/ |
25 KB 25 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pattern__safari-arrow.png
dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clean_k.png
dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/ |
81 KB 81 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
downloadgif.gif
dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/ |
12 KB 12 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
downloadactive.png
dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ok.png
dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
okactive.png
dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
okactive@2x.png
dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
downloadactive@2x.png
dh4vbtdpu4esr.cloudfront.net/lps/flash_mac/images/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Apple Software Update (Online)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| showStep1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
savebestonline-theclicks.icu/ | Name: session Value: eace59c8-b10f-43db-b2d4-f0c5f2655f19 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
dh4vbtdpu4esr.cloudfront.net
iomecwoienv.host
prkrls.info
savebestonline-theclicks.icu
volume.vuer.net
13.32.222.240
176.114.8.23
34.225.190.7
52.72.36.238
78.140.165.14
2755c2a109a7dc442afa20ab5ea319eca18f94a8ea7c05e2dddb6e1264501e23
2b6f66d6fc25784ab605c93008f911e7e99a78e5de23e0a489ee0f20f0bc2319
5bbee510c3b5965532d53185cadd47753740b6445f2b9bded3849424fcd2661a
5dfe24bbcb431bb79aeef2fd4fbd8caf6bea12d2382d8ba8e06d4dbfaa15a29b
60bc686d0dbd4a721a5b96df034ac04067756297cf097ad6f4338b0e37c95af1
7b4d70d5fb64a31f115e1e853b7272e1415ffec2234e78e00847350c23d607fe
7c48ecdfda540af22ecb4d9638c8c0082e401cc4b45aa2df46c976ec80d38c12
85ca0e8a71da7cb9f6da2faad0b491818b83b721a03dd71a9e6c1fd23cc355fe
911a71457c0146a07bd5d48ef8556f7a802c9feddf63d59750453ff76a443484
a8b80ca1f74242b77cbf0ac6ec3e8076757aa54578434944a4e4df767c9cf6ad
d714e144f5890b10e5bfb765e0ea6c31737ee11031131a0c306cc2645ef7ba81