![](/screenshots/62ab0f16-7bf8-4d08-9efa-138cd9b28262.png)
nowinstallupgrade.getgreatandsecurecontent.club
Open in
urlscan Pro
163.172.127.186
Malicious Activity!
Public Scan
Effective URL: https://nowinstallupgrade.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uTkgdKPxQw9OrxARJeQx-ExLBCg2mrRIw1esqjkLeUfWg..&...
Submission: On November 28 via manual from NL
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on November 28th 2018. Valid for: 3 months.
This is the only time nowinstallupgrade.getgreatandsecurecontent.club was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Apple Software Update (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 4 | 72.52.4.90 72.52.4.90 | 32787 (PROLEXIC-...) (PROLEXIC-TECHNOLOGIES-DDOS-MITIGATION-NETWORK - Akamai Technologies) | |
2 | 205.234.175.175 205.234.175.175 | 30081 (CACHENETW...) (CACHENETWORKS - CacheNetworks) | |
1 1 | 34.192.66.37 34.192.66.37 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
1 | 18.195.174.160 18.195.174.160 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 18.184.38.55 18.184.38.55 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
2 2 | 195.154.41.240 195.154.41.240 | 12876 (AS12876) (AS12876) | |
1 1 | 163.172.125.151 163.172.125.151 | 12876 (AS12876) (AS12876) | |
1 | 163.172.127.186 163.172.127.186 | 12876 (AS12876) (AS12876) | |
8 | 2600:9000:204... 2600:9000:2047:6000:0:1c7c:cc80:21 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
17 | 7 |
ASN32787 (PROLEXIC-TECHNOLOGIES-DDOS-MITIGATION-NETWORK - Akamai Technologies, Inc., US)
PTR: a72-52-4-90.deploy.static.akamaitechnologies.com
sedo.rekenmachine.nl |
ASN30081 (CACHENETWORKS - CacheNetworks, Inc., US)
PTR: vip1.G-anycast1.cachefly.net
img.sedoparking.com |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-192-66-37.compute-1.amazonaws.com
usa.xanthos-alf.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
wait.contenthostload.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-184-38-55.eu-central-1.compute.amazonaws.com
pereams-pubstees.com |
ASN12876 (AS12876, FR)
PTR: 195-154-41-240.rev.poneytelecom.eu
redirect8.admedit.net |
ASN12876 (AS12876, FR)
PTR: 163-172-125-151.rev.poneytelecom.eu
www.getgreatandsecurelinkingfree.club |
ASN12876 (AS12876, FR)
PTR: 163-172-127-186.rev.poneytelecom.eu
nowinstallupgrade.getgreatandsecurecontent.club |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
d3pkjdk5khxwdu.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
cloudfront.net
d3pkjdk5khxwdu.cloudfront.net |
88 KB |
4 |
rekenmachine.nl
2 redirects
sedo.rekenmachine.nl |
5 KB |
2 |
admedit.net
redirect8.admedit.net Failed |
720 B |
2 |
sedoparking.com
img.sedoparking.com |
31 KB |
1 |
getgreatandsecurecontent.club
nowinstallupgrade.getgreatandsecurecontent.club |
7 KB |
1 |
getgreatandsecurelinkingfree.club
1 redirects
www.getgreatandsecurelinkingfree.club |
473 B |
1 |
pereams-pubstees.com
pereams-pubstees.com Failed |
904 B |
1 |
contenthostload.com
wait.contenthostload.com |
2 KB |
1 |
xanthos-alf.com
1 redirects
usa.xanthos-alf.com |
991 B |
17 | 9 |
Domain | Requested by | |
---|---|---|
8 | d3pkjdk5khxwdu.cloudfront.net |
nowinstallupgrade.getgreatandsecurecontent.club
|
4 | sedo.rekenmachine.nl |
2 redirects
sedo.rekenmachine.nl
|
2 | redirect8.admedit.net | |
2 | img.sedoparking.com |
sedo.rekenmachine.nl
|
1 | nowinstallupgrade.getgreatandsecurecontent.club | |
1 | www.getgreatandsecurelinkingfree.club | 1 redirects |
1 | pereams-pubstees.com | |
1 | wait.contenthostload.com |
sedo.rekenmachine.nl
|
1 | usa.xanthos-alf.com | 1 redirects |
17 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
nowinstallupgrade.getgreatandsecurecontent.club Let's Encrypt Authority X3 |
2018-11-28 - 2019-02-26 |
3 months | crt.sh |
*.cloudfront.net DigiCert Global CA G2 |
2018-10-08 - 2019-10-09 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://nowinstallupgrade.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uTkgdKPxQw9OrxARJeQx-ExLBCg2mrRIw1esqjkLeUfWg..&cid=wBFBHJ46MOP846II1K8PHAPM&sid=950d4c92-e418-48ee-9215-ece2aef9679ewBFBHJ46MOP846II1K8PHAPM&v_id=Qm8Tt9hYku0l7ptiq3XyrTiBics69LDE-ozEMmUFDOE.
Frame ID: E5D111B649864F5C1EC220D54E915BB3
Requests: 17 HTTP requests in this frame
Screenshot
![](/screenshots/62ab0f16-7bf8-4d08-9efa-138cd9b28262.png)
Page URL History Show full URLs
- http://sedo.rekenmachine.nl/ Page URL
-
http://sedo.rekenmachine.nl/search/redirect.php?f=http%3A%2F%2Fusa.xanthos-alf.com%2Fzcvisitor%2F268b3ed...
HTTP 302
http://sedo.rekenmachine.nl/search/tcerider.php?f=http%3A%2F%2Fusa.xanthos-alf.com%2Fzcvisitor%2F268b3ed... HTTP 302
http://usa.xanthos-alf.com/zcvisitor/268b3ed3-f316-11e8-a74b-0a5e15d69540?campaignid=f5a029f0-f18c-11e8... HTTP 302
http://wait.contenthostload.com/zp-redirect?target=https%3A%2F%2Fredirect8.admedit.net%2Fadvertise%2F%3Fadow... Page URL
- http://pereams-pubstees.com/redirect?target=BASE64aHR0cHM6Ly9yZWRpcmVjdDguYWRtZWRpdC5uZXQvYWR2ZXJ0aXNlLz... Page URL
-
https://redirect8.admedit.net/advertise/?adown=8851&cmp=576&ctrack=wBFBHJ46MOP846II1K8PHAPM&ptrack=950d4c9...
HTTP 302
https://redirect8.admedit.net/advertise/refine.php?adown=8851&ptrack=950d4c92-e418-48ee-9215-ece2aef9679ew... HTTP 302
https://www.getgreatandsecurelinkingfree.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ.&cid=wBFBHJ46MOP846II1K8P... HTTP 302
https://nowinstallupgrade.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uTkgdKPxQw9OrxARJeQx-ExLBCg2... Page URL
Detected technologies
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://sedo.rekenmachine.nl/ Page URL
-
http://sedo.rekenmachine.nl/search/redirect.php?f=http%3A%2F%2Fusa.xanthos-alf.com%2Fzcvisitor%2F268b3ed3-f316-11e8-a74b-0a5e15d69540%3Fcampaignid%3Df5a029f0-f18c-11e8-9600-0ebb138d3962&v=NjNhMjQ4MWI3MjI0MTczOTY0NWIwNTZmMjQ4ZDIxYTkJMQlzZWRvLnJla2VubWFjaGluZS5ubDViZmU5ZmNkNmI2NWU2LjA5ODUwMDA3CXNlZG8ucmVrZW5tYWNoaW5lLm5sNWJmZTlmY2Q2YjZjOTcuMTM1MzczNDEJMTU0MzQxMzcwOQlhZF8zMV8w&l=NglBRFMJZDU4OGIwNGZhODQwMzlhMjc3MGQ3YjE5YjBhMGVhY2UJMAkyMAkJMzEJMQkxCTAJMmNkYzNmNzBhODU5Y2E5ZGY2NGM2N2U0MGIxNDY2MzYJCTE5MDc4MTkzNAljCTAJCXJla2VubWFjaGluZQkxMTAxCTMxCTEJMTQJMTU0MzQxMzcwOQkwLjAwNTIJTgkwCTAJMAkJCQkJCXNlZG8ucmVrZW5tYWNoaW5lLm5sNWJmZTlmY2Q2YjY1ZTYuMDk4NTAwMDcJMAkJMQkwCTExMTcJNzk2OTU5NzMJCTE4NS4xNDUuMzguMjMy
HTTP 302
http://sedo.rekenmachine.nl/search/tcerider.php?f=http%3A%2F%2Fusa.xanthos-alf.com%2Fzcvisitor%2F268b3ed3-f316-11e8-a74b-0a5e15d69540%3Fcampaignid%3Df5a029f0-f18c-11e8-9600-0ebb138d3962&v=NjNhMjQ4MWI3MjI0MTczOTY0NWIwNTZmMjQ4ZDIxYTkJMQlzZWRvLnJla2VubWFjaGluZS5ubDViZmU5ZmNkNmI2NWU2LjA5ODUwMDA3CXNlZG8ucmVrZW5tYWNoaW5lLm5sNWJmZTlmY2Q2YjZjOTcuMTM1MzczNDEJMTU0MzQxMzcwOQlhZF8zMV8w&l=NglBRFMJZDU4OGIwNGZhODQwMzlhMjc3MGQ3YjE5YjBhMGVhY2UJMAkyMAkJMzEJMQkxCTAJMmNkYzNmNzBhODU5Y2E5ZGY2NGM2N2U0MGIxNDY2MzYJCTE5MDc4MTkzNAljCTAJCXJla2VubWFjaGluZQkxMTAxCTMxCTEJMTQJMTU0MzQxMzcwOQkwLjAwNTIJTgkwCTAJMAkJCQkJCXNlZG8ucmVrZW5tYWNoaW5lLm5sNWJmZTlmY2Q2YjY1ZTYuMDk4NTAwMDcJMAkJMQkwCTExMTcJNzk2OTU5NzMJCTE4NS4xNDUuMzguMjMy HTTP 302
http://usa.xanthos-alf.com/zcvisitor/268b3ed3-f316-11e8-a74b-0a5e15d69540?campaignid=f5a029f0-f18c-11e8-9600-0ebb138d3962 HTTP 302
http://wait.contenthostload.com/zp-redirect?target=https%3A%2F%2Fredirect8.admedit.net%2Fadvertise%2F%3Fadown%3D8851%26cmp%3D576%26ctrack%3DwBFBHJ46MOP846II1K8PHAPM%26ptrack%3D950d4c92-e418-48ee-9215-ece2aef9679ewBFBHJ46MOP846II1K8PHAPM&caid=070c1353-7cf9-442b-9a91-c18dcd7d994f&zpid=268b3ed3-f316-11e8-a74b-0a5e15d69540&cid=wBFBHJ46MOP846II1K8PHAPM&rt=DJ Page URL
- http://pereams-pubstees.com/redirect?target=BASE64aHR0cHM6Ly9yZWRpcmVjdDguYWRtZWRpdC5uZXQvYWR2ZXJ0aXNlLz9hZG93bj04ODUxJmNtcD01NzYmY3RyYWNrPXdCRkJISjQ2TU9QODQ2SUkxSzhQSEFQTSZwdHJhY2s9OTUwZDRjOTItZTQxOC00OGVlLTkyMTUtZWNlMmFlZjk2Nzlld0JGQkhKNDZNT1A4NDZJSTFLOFBIQVBN&ts=1543413710415&hash=ihfaeSNNdmixRH9t-xGPp0Z9agDNXU61tYE95I12Foc&rm=DJ Page URL
-
https://redirect8.admedit.net/advertise/?adown=8851&cmp=576&ctrack=wBFBHJ46MOP846II1K8PHAPM&ptrack=950d4c92-e418-48ee-9215-ece2aef9679ewBFBHJ46MOP846II1K8PHAPM
HTTP 302
https://redirect8.admedit.net/advertise/refine.php?adown=8851&ptrack=950d4c92-e418-48ee-9215-ece2aef9679ewBFBHJ46MOP846II1K8PHAPM&ctrack=wBFBHJ46MOP846II1K8PHAPM&cmp=576&t=1543413710&rh=8&avs=avs5&utm_src=5&sids=7 HTTP 302
https://www.getgreatandsecurelinkingfree.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ.&cid=wBFBHJ46MOP846II1K8PHAPM&sid=950d4c92-e418-48ee-9215-ece2aef9679ewBFBHJ46MOP846II1K8PHAPM HTTP 302
https://nowinstallupgrade.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uTkgdKPxQw9OrxARJeQx-ExLBCg2mrRIw1esqjkLeUfWg..&cid=wBFBHJ46MOP846II1K8PHAPM&sid=950d4c92-e418-48ee-9215-ece2aef9679ewBFBHJ46MOP846II1K8PHAPM&v_id=Qm8Tt9hYku0l7ptiq3XyrTiBics69LDE-ozEMmUFDOE. Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- http://sedo.rekenmachine.nl/search/redirect.php?f=http%3A%2F%2Fusa.xanthos-alf.com%2Fzcvisitor%2F268b3ed3-f316-11e8-a74b-0a5e15d69540%3Fcampaignid%3Df5a029f0-f18c-11e8-9600-0ebb138d3962&v=NjNhMjQ4MWI3MjI0MTczOTY0NWIwNTZmMjQ4ZDIxYTkJMQlzZWRvLnJla2VubWFjaGluZS5ubDViZmU5ZmNkNmI2NWU2LjA5ODUwMDA3CXNlZG8ucmVrZW5tYWNoaW5lLm5sNWJmZTlmY2Q2YjZjOTcuMTM1MzczNDEJMTU0MzQxMzcwOQlhZF8zMV8w&l=NglBRFMJZDU4OGIwNGZhODQwMzlhMjc3MGQ3YjE5YjBhMGVhY2UJMAkyMAkJMzEJMQkxCTAJMmNkYzNmNzBhODU5Y2E5ZGY2NGM2N2U0MGIxNDY2MzYJCTE5MDc4MTkzNAljCTAJCXJla2VubWFjaGluZQkxMTAxCTMxCTEJMTQJMTU0MzQxMzcwOQkwLjAwNTIJTgkwCTAJMAkJCQkJCXNlZG8ucmVrZW5tYWNoaW5lLm5sNWJmZTlmY2Q2YjY1ZTYuMDk4NTAwMDcJMAkJMQkwCTExMTcJNzk2OTU5NzMJCTE4NS4xNDUuMzguMjMy HTTP 302
- http://sedo.rekenmachine.nl/search/tcerider.php?f=http%3A%2F%2Fusa.xanthos-alf.com%2Fzcvisitor%2F268b3ed3-f316-11e8-a74b-0a5e15d69540%3Fcampaignid%3Df5a029f0-f18c-11e8-9600-0ebb138d3962&v=NjNhMjQ4MWI3MjI0MTczOTY0NWIwNTZmMjQ4ZDIxYTkJMQlzZWRvLnJla2VubWFjaGluZS5ubDViZmU5ZmNkNmI2NWU2LjA5ODUwMDA3CXNlZG8ucmVrZW5tYWNoaW5lLm5sNWJmZTlmY2Q2YjZjOTcuMTM1MzczNDEJMTU0MzQxMzcwOQlhZF8zMV8w&l=NglBRFMJZDU4OGIwNGZhODQwMzlhMjc3MGQ3YjE5YjBhMGVhY2UJMAkyMAkJMzEJMQkxCTAJMmNkYzNmNzBhODU5Y2E5ZGY2NGM2N2U0MGIxNDY2MzYJCTE5MDc4MTkzNAljCTAJCXJla2VubWFjaGluZQkxMTAxCTMxCTEJMTQJMTU0MzQxMzcwOQkwLjAwNTIJTgkwCTAJMAkJCQkJCXNlZG8ucmVrZW5tYWNoaW5lLm5sNWJmZTlmY2Q2YjY1ZTYuMDk4NTAwMDcJMAkJMQkwCTExMTcJNzk2OTU5NzMJCTE4NS4xNDUuMzguMjMy HTTP 302
- http://usa.xanthos-alf.com/zcvisitor/268b3ed3-f316-11e8-a74b-0a5e15d69540?campaignid=f5a029f0-f18c-11e8-9600-0ebb138d3962 HTTP 302
- http://wait.contenthostload.com/zp-redirect?target=https%3A%2F%2Fredirect8.admedit.net%2Fadvertise%2F%3Fadown%3D8851%26cmp%3D576%26ctrack%3DwBFBHJ46MOP846II1K8PHAPM%26ptrack%3D950d4c92-e418-48ee-9215-ece2aef9679ewBFBHJ46MOP846II1K8PHAPM&caid=070c1353-7cf9-442b-9a91-c18dcd7d994f&zpid=268b3ed3-f316-11e8-a74b-0a5e15d69540&cid=wBFBHJ46MOP846II1K8PHAPM&rt=DJ
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
![]() sedo.rekenmachine.nl/ |
4 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.4.2.min.js
img.sedoparking.com/js/ |
52 KB 27 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js_preloader.gif
img.sedoparking.com/images/ |
4 KB 5 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tsc.php
sedo.rekenmachine.nl/search/ |
0 175 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
![]() wait.contenthostload.com/ Redirect Chain
|
966 B 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
redirect
pereams-pubstees.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
redirect
pereams-pubstees.com/ |
610 B 904 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
redirect8.admedit.net/advertise/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
![]() nowinstallupgrade.getgreatandsecurecontent.club/ Redirect Chain
|
44 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
logobook3.png
d3pkjdk5khxwdu.cloudfront.net/lps/flash_mac/images/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
commands_3.png
d3pkjdk5khxwdu.cloudfront.net/lps/flash_mac/images/ |
14 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
flash_windows.png
d3pkjdk5khxwdu.cloudfront.net/lps/om_flash/images/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
logo.png
d3pkjdk5khxwdu.cloudfront.net/lps/FlashOfficial_T/images/ |
851 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
arrow__blue.png
d3pkjdk5khxwdu.cloudfront.net/lps/flash_mac/images/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
pattern__safari1.jpg
d3pkjdk5khxwdu.cloudfront.net/lps/flash_mac/images/ |
25 KB 25 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
pattern__safari-arrow.png
d3pkjdk5khxwdu.cloudfront.net/lps/flash_mac/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
shadow.png
d3pkjdk5khxwdu.cloudfront.net/lps/newLPs/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- pereams-pubstees.com
- URL
- http://pereams-pubstees.com/redirect?target=BASE64aHR0cHM6Ly9yZWRpcmVjdDguYWRtZWRpdC5uZXQvYWR2ZXJ0aXNlLz9hZG93bj04ODUxJmNtcD01NzYmY3RyYWNrPXdCRkJISjQ2TU9QODQ2SUkxSzhQSEFQTSZwdHJhY2s9OTUwZDRjOTItZTQxOC00OGVlLTkyMTUtZWNlMmFlZjk2Nzlld0JGQkhKNDZNT1A4NDZJSTFLOFBIQVBN&ts=1543413710415&hash=ihfaeSNNdmixRH9t-xGPp0Z9agDNXU61tYE95I12Foc&rm=DJ
- Domain
- redirect8.admedit.net
- URL
- https://redirect8.admedit.net/advertise/?adown=8851&cmp=576&ctrack=wBFBHJ46MOP846II1K8PHAPM&ptrack=950d4c92-e418-48ee-9215-ece2aef9679ewBFBHJ46MOP846II1K8PHAPM
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Apple Software Update (Online)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| nAgt string| browserimg number| verOffset function| dragElement function| hide_download function| showStep3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
nowinstallupgrade.getgreatandsecurecontent.club/ | Name: dist_id Value: 7090 |
|
nowinstallupgrade.getgreatandsecurecontent.club/ | Name: lp_id Value: 2745 |
|
nowinstallupgrade.getgreatandsecurecontent.club/ | Name: channel Value: sofi2_mac_soupertrouper |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
d3pkjdk5khxwdu.cloudfront.net
img.sedoparking.com
nowinstallupgrade.getgreatandsecurecontent.club
pereams-pubstees.com
redirect8.admedit.net
sedo.rekenmachine.nl
usa.xanthos-alf.com
wait.contenthostload.com
www.getgreatandsecurelinkingfree.club
pereams-pubstees.com
redirect8.admedit.net
163.172.125.151
163.172.127.186
18.184.38.55
18.195.174.160
195.154.41.240
205.234.175.175
2600:9000:2047:6000:0:1c7c:cc80:21
34.192.66.37
72.52.4.90
25b13e2e8af4969b966c36d6700b019e506dc5151ea6d63224e8827ac318de91
437732c13947ebcfbc91f7a808671fbdb87f2b697cadf3833c44682e942e19e9
5377ef31bb10d31f7c6d96dd13f32bcdef03e1fb41f81f3eb3a73808d94d9842
5bbee510c3b5965532d53185cadd47753740b6445f2b9bded3849424fcd2661a
5f6ad7031600056b578a6e8c6b34bc718d13125cc8256aa4a9050e549576f81a
6bd771653c6ed9b640ced176672d514c67342d866b2931ef541184b6aa7ba7ed
6e4dbb3765776bf45d616041e17f6374e8c6ca94f5c21f6f8c6322f622c04492
7042d74123543320ebaa64b677ea4d4a4ebc9f304a2a29369520c801b8e839b0
7b4d70d5fb64a31f115e1e853b7272e1415ffec2234e78e00847350c23d607fe
7c48ecdfda540af22ecb4d9638c8c0082e401cc4b45aa2df46c976ec80d38c12
a758ae0536764924b776fcfda61e99b776cc29bd0770395187f3adedadf0bc32
e186f74c971a978c1daf20bb51a1b71bcb075d8d09d678ee1d12665c136b1487