www.united-drug.co.th Open in urlscan Pro
61.19.251.44 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html
Submission: On May 02 via automatic, source openphish (May 2nd 2018, 6:22:33 pm UTC)

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 15 HTTP transactions. The main IP is 61.19.251.44, located in Thailand and belongs to CAT-AP The Communication Authoity of Thailand, CAT, TH. The main domain is www.united-drug.co.th.

This is the only time www.united-drug.co.th was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Yahoo (Online)

Domain & IP information

	IP Address	AS Autonomous System
12	61.19.251.44 61.19.251.44	9931 (CAT-AP Th...) (CAT-AP The Communication Authoity of Thailand)
1 2	2.16.186.80 2.16.186.80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2.16.186.41 2.16.186.41	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	35.157.120.137 35.157.120.137	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
15	4

12 61.19.251.44 (Thailand)

ASN9931 (CAT-AP The Communication Authoity of Thailand, CAT, TH)
PTR: mail.eighteggs.com

www.united-drug.co.th	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.16.186.80 (European Union) 1 redirects

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-80.deploy.akamaitechnologies.com

b.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.186.41 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-41.deploy.akamaitechnologies.com

w.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.157.120.137 (Frankfurt, Germany) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-157-120-137.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	united-drug.co.th www.united-drug.co.th	411 KB
3	sharethis.com 1 redirects w.sharethis.com l.sharethis.com	5 KB
2	scorecardresearch.com 1 redirects b.scorecardresearch.com	1 KB
15	3

	Domain	Requested by
12	www.united-drug.co.th	www.united-drug.co.th
2	l.sharethis.com	1 redirects
2	b.scorecardresearch.com	1 redirects www.united-drug.co.th
1	w.sharethis.com	www.united-drug.co.th
15	4

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 2 frames:

Primary Page: http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html
Frame ID: 4324060385AC1705FC56EFE7476A5A72
Requests: 13 HTTP requests in this frame

Frame: http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/getSegment.htm
Frame ID: CAE97400234E5DB4137607C167137D07
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

15
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

4
IPs

3
Countries

415 kB
Transfer

430 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11

http://b.scorecardresearch.com/b?c1=7&c2=8097938&rn=1066469846&c7=http%3A%2F%2Fwww.united-drug.co.th%2Fth%2Fjs%2Fattnt%2FNEWYAHOO%2FYahoo%2521%2520Mail%2520Upgrade_files%2FgetSegment.htm&c3=8097938&c8=ShareThis%20Segmenter&c9=http%3A%2F%2Fwww.united-drug.co.th%2Fth%2Fjs%2Fattnt%2FNEWYAHOO%2FYahoo!MailUpgrade.html&cv=2.2&cs=js HTTP 302
http://b.scorecardresearch.com/b2?c1=7&c2=8097938&rn=1066469846&c7=http%3A%2F%2Fwww.united-drug.co.th%2Fth%2Fjs%2Fattnt%2FNEWYAHOO%2FYahoo%2521%2520Mail%2520Upgrade_files%2FgetSegment.htm&c3=8097938&c8=ShareThis%20Segmenter&c9=http%3A%2F%2Fwww.united-drug.co.th%2Fth%2Fjs%2Fattnt%2FNEWYAHOO%2FYahoo!MailUpgrade.html&cv=2.2&cs=js

Request Chain 13

http://l.sharethis.com/pview?event=pview&source=share4x&publisher=null&hostname=www.united-drug.co.th&location=%2Fth%2Fjs%2Fattnt%2FNEWYAHOO%2FYahoo!MailUpgrade.html&url=http%3A%2F%2Fwww.united-drug.co.th%2Fth%2Fjs%2Fattnt%2FNEWYAHOO%2FYahoo!MailUpgrade.html&sessionID=1525285343051.29748&fpc=6f69f6a-16322174f4c-6533bd40-1&ts1525285343383.0 HTTP 301
http://l.sharethis.com/sc?cm=ZGABLVrqAd8AAAASZVL2Aw%3D%3D&uid=true&url=http%3A%2F%2Fwww.united-drug.co.th%2Fth%2Fjs%2Fattnt%2FNEWYAHOO%2FYahoo%21MailUpgrade.html

15 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Yahoo!MailUpgrade.html Show response www.united-drug.co.th/th/js/attnt/NEWYAHOO/	12 KB 12 KB	1479ms 219ms	Document text/html	61.19.251.44 CAT-AP The Commun...
General Check archive.org Show headers Download Go to Full URL http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html Protocol HTTP/1.1 Server 61.19.251.44 , Thailand, ASN9931 (CAT-AP The Communication Authoity of Thailand, CAT, TH), Reverse DNS mail.eighteggs.com Software Apache / Resource Hash `604fb033b645f2b9ae386effd307651e1490676197669f8f595eef529e8fbd0b` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.united-drug.co.th Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Cache-Control no-cache Connection keep-alive Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Wed, 02 May 2018 18:22:22 GMT Last-Modified Wed, 16 Jul 2014 11:07:42 GMT Server Apache Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 11798
GET H/1.1	200 OK	buttons.css www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/	23 KB 24 KB	220ms 219ms	Stylesheet text/css	61.19.251.44 CAT-AP The Commun...
General Check archive.org Show headers Download Go to Full URL http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/buttons.css Requested by Host: www.united-drug.co.th URL: http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html Protocol HTTP/1.1 Server 61.19.251.44 , Thailand, ASN9931 (CAT-AP The Communication Authoity of Thailand, CAT, TH), Reverse DNS mail.eighteggs.com Software Apache / Resource Hash `822afa8620d12cc8fabc0de752af5e68845457e834b0fc75c3eb6562f0c97c18` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.united-drug.co.th User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept text/css,/;q=0.1 Referer http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html Connection keep-alive Cache-Control no-cache Referer http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Wed, 02 May 2018 18:22:22 GMT Last-Modified Wed, 16 Jul 2014 05:56:02 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 23891
GET H/1.1	200 OK	mail-bg-v3.png www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/	37 KB 38 KB	231ms 230ms	Image image/png	61.19.251.44 CAT-AP The Commun...
General Check archive.org Show headers Download Go to Show image Full URL http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/mail-bg-v3.png Requested by Host: www.united-drug.co.th URL: http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html Protocol HTTP/1.1 Server 61.19.251.44 , Thailand, ASN9931 (CAT-AP The Communication Authoity of Thailand, CAT, TH), Reverse DNS mail.eighteggs.com Software Apache / Resource Hash `e40949fef718c5b1f84aecec489db51618eee0746343a5745b84caef1f08abfd` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.united-drug.co.th User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html Connection keep-alive Cache-Control no-cache Referer http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Wed, 02 May 2018 18:22:22 GMT Last-Modified Wed, 16 Jul 2014 05:56:02 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 38171
GET H/1.1	200 OK	paper-hole_v2.png www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/	169 KB 169 KB	224ms 223ms	Image image/png	61.19.251.44 CAT-AP The Commun...
General Check archive.org Show headers Download Go to Show image Full URL http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/paper-hole_v2.png Requested by Host: www.united-drug.co.th URL: http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html Protocol HTTP/1.1 Server 61.19.251.44 , Thailand, ASN9931 (CAT-AP The Communication Authoity of Thailand, CAT, TH), Reverse DNS mail.eighteggs.com Software Apache / Resource Hash `d9ac0cabe482dcbca87e18c9a81e32a8005ee21cce55be9806821d52d857aef9` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.united-drug.co.th User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html Connection keep-alive Cache-Control no-cache Referer http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Wed, 02 May 2018 18:22:23 GMT Last-Modified Wed, 16 Jul 2014 05:56:02 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 172826
GET H/1.1	200 OK	jVal.css www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/	2 KB 2 KB	440ms 219ms	Stylesheet text/css	61.19.251.44 CAT-AP The Commun...
General Check archive.org Show headers Download Go to Full URL http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/jVal.css Requested by Host: www.united-drug.co.th URL: http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html Protocol HTTP/1.1 Server 61.19.251.44 , Thailand, ASN9931 (CAT-AP The Communication Authoity of Thailand, CAT, TH), Reverse DNS mail.eighteggs.com Software Apache / Resource Hash `b35745e800e632b0aa428e986b447dad09c176fad80e0f86c49835d31e12c685` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.united-drug.co.th User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept text/css,/;q=0.1 Referer http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html Connection keep-alive Cache-Control no-cache Referer http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Wed, 02 May 2018 18:22:23 GMT Last-Modified Wed, 16 Jul 2014 05:56:02 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 1723
GET H/1.1	200 OK	buttons_002.css www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/	17 KB 18 KB	440ms 218ms	Stylesheet text/css	61.19.251.44 CAT-AP The Commun...
General Check archive.org Show headers Download Go to Full URL http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/buttons_002.css Requested by Host: www.united-drug.co.th URL: http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html Protocol HTTP/1.1 Server 61.19.251.44 , Thailand, ASN9931 (CAT-AP The Communication Authoity of Thailand, CAT, TH), Reverse DNS mail.eighteggs.com Software Apache / Resource Hash `a65ea805e6801a47485849e2c6668facb5c458ffcad3c60393cb28f63e28cbf9` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.united-drug.co.th User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept text/css,/;q=0.1 Referer http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html Connection keep-alive Cache-Control no-cache Referer http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Wed, 02 May 2018 18:22:23 GMT Last-Modified Wed, 16 Jul 2014 05:56:02 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 17762
GET H/1.1	200 OK	javascriptfunctions.js Show response www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/	2 KB 2 KB	452ms 229ms	Script application/javascript	61.19.251.44 CAT-AP The Commun...
General Check archive.org Show headers Download Go to Full URL http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/javascriptfunctions.js Requested by Host: www.united-drug.co.th URL: http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html Protocol HTTP/1.1 Server 61.19.251.44 , Thailand, ASN9931 (CAT-AP The Communication Authoity of Thailand, CAT, TH), Reverse DNS mail.eighteggs.com Software Apache / Resource Hash `063fa79fdfb74c97ec80902a50fc478b92a6ad681d94b8776b7c88fe817e5f70` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.united-drug.co.th User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept / Referer http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html Connection keep-alive Cache-Control no-cache Referer http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Wed, 02 May 2018 18:22:23 GMT Last-Modified Wed, 16 Jul 2014 05:56:02 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 2129
GET H/1.1	200 OK	jquery_002.js Show response www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/	89 KB 90 KB	231ms 231ms	Script application/javascript	61.19.251.44 CAT-AP The Commun...
General Check archive.org Show headers Download Go to Full URL http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/jquery_002.js Requested by Host: www.united-drug.co.th URL: http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html Protocol HTTP/1.1 Server 61.19.251.44 , Thailand, ASN9931 (CAT-AP The Communication Authoity of Thailand, CAT, TH), Reverse DNS mail.eighteggs.com Software Apache / Resource Hash `daa9a7565d6e53d5c8bb9c5117760da97bf488259401444aac11f71abbfa63a6` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.united-drug.co.th User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept / Referer http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html Connection keep-alive Cache-Control no-cache Referer http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Wed, 02 May 2018 18:22:23 GMT Last-Modified Wed, 16 Jul 2014 05:56:02 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 91555
GET H/1.1	200 OK	jVal.js Show response www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/	8 KB 8 KB	223ms 222ms	Script application/javascript	61.19.251.44 CAT-AP The Commun...
General Check archive.org Show headers Download Go to Full URL http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/jVal.js Requested by Host: www.united-drug.co.th URL: http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html Protocol HTTP/1.1 Server 61.19.251.44 , Thailand, ASN9931 (CAT-AP The Communication Authoity of Thailand, CAT, TH), Reverse DNS mail.eighteggs.com Software Apache / Resource Hash `ddfcde6b3d91c22bf284f701b9d3320512cf8301ee43505abd058d042400e7f6` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.united-drug.co.th User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept / Referer http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html Connection keep-alive Cache-Control no-cache Referer http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Wed, 02 May 2018 18:22:23 GMT Last-Modified Wed, 16 Jul 2014 05:56:02 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 8131
GET H/1.1	200 OK	buttons.js Show response www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/	45 KB 45 KB	229ms 229ms	Script application/javascript	61.19.251.44 CAT-AP The Commun...
General Check archive.org Show headers Download Go to Full URL http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/buttons.js Requested by Host: www.united-drug.co.th URL: http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html Protocol HTTP/1.1 Server 61.19.251.44 , Thailand, ASN9931 (CAT-AP The Communication Authoity of Thailand, CAT, TH), Reverse DNS mail.eighteggs.com Software Apache / Resource Hash `a4a09a2806c0bdffdffee03073f56732acba6a435473d227c8c57a9073c41ea8` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.united-drug.co.th User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept / Referer http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html Connection keep-alive Cache-Control no-cache Referer http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Wed, 02 May 2018 18:22:23 GMT Last-Modified Wed, 16 Jul 2014 05:56:02 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 45997
GET H/1.1	200 OK	yahoolog.png www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/	3 KB 3 KB	232ms 231ms	Image image/png	61.19.251.44 CAT-AP The Commun...
General Check archive.org Show headers Download Go to Show image Full URL http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/yahoolog.png Requested by Host: www.united-drug.co.th URL: http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html Protocol HTTP/1.1 Server 61.19.251.44 , Thailand, ASN9931 (CAT-AP The Communication Authoity of Thailand, CAT, TH), Reverse DNS mail.eighteggs.com Software Apache / Resource Hash `f2b46b60179796b76b63b4d0d08364128a91ed5681cdb857775be64a7fd45134` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.united-drug.co.th User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html Connection keep-alive Cache-Control no-cache Referer http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Wed, 02 May 2018 18:22:23 GMT Last-Modified Wed, 16 Jul 2014 05:56:02 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 2606
GET H/1.1	200 OK	getSegment.htm Show response www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/ Frame CAE9	799 B 1 KB	230ms 229ms	Document text/html	61.19.251.44 CAT-AP The Commun...
General Check archive.org Show headers Download Go to Full URL http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/getSegment.htm Requested by Host: www.united-drug.co.th URL: http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html Protocol HTTP/1.1 Server 61.19.251.44 , Thailand, ASN9931 (CAT-AP The Communication Authoity of Thailand, CAT, TH), Reverse DNS mail.eighteggs.com Software Apache / Resource Hash `ed862c231506f3ee5216049c8af5fc5a1a6c6b47006a92ec5f5e31efbcd57a90` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.united-drug.co.th Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html Connection keep-alive Cache-Control no-cache Upgrade-Insecure-Requests 1 Referer http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Wed, 02 May 2018 18:22:24 GMT Last-Modified Wed, 16 Jul 2014 05:56:02 GMT Server Apache Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 799
GET H/1.1	204 No Content	b2 b.scorecardresearch.com/ Frame CAE9 Redirect Chain http://b.scorecardresearch.com/b?c1=7&c2=8097938&rn=1066469846&c7=http%3A%2F%2Fwww.united-drug.co.th%2Fth%2Fjs%2Fattnt%2FNEWYAHOO%2FYahoo%2521%2520Mail%2520Upgrade_files%2FgetSegment.htm&c3=8097938... http://b.scorecardresearch.com/b2?c1=7&c2=8097938&rn=1066469846&c7=http%3A%2F%2Fwww.united-drug.co.th%2Fth%2Fjs%2Fattnt%2FNEWYAHOO%2FYahoo%2521%2520Mail%2520Upgrade_files%2FgetSegment.htm&c3=809793...	0 248 B	6ms 6ms	Image text/plain	2.16.186.80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL http://b.scorecardresearch.com/b2?c1=7&c2=8097938&rn=1066469846&c7=http%3A%2F%2Fwww.united-drug.co.th%2Fth%2Fjs%2Fattnt%2FNEWYAHOO%2FYahoo%2521%2520Mail%2520Upgrade_files%2FgetSegment.htm&c3=8097938&c8=ShareThis%20Segmenter&c9=http%3A%2F%2Fwww.united-drug.co.th%2Fth%2Fjs%2Fattnt%2FNEWYAHOO%2FYahoo!MailUpgrade.html&cv=2.2&cs=js Requested by Host: www.united-drug.co.th URL: http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/getSegment.htm Protocol HTTP/1.1 Server 2.16.186.80 , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a2-16-186-80.deploy.akamaitechnologies.com Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/getSegment.htm User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Pragma no-cache Date Wed, 02 May 2018 18:22:23 GMT Cache-Control private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate Connection keep-alive Content-Length 0 Expires Mon, 01 Jan 1990 00:00:00 GMT Redirect headers Location http://b.scorecardresearch.com/b2?c1=7&c2=8097938&rn=1066469846&c7=http%3A%2F%2Fwww.united-drug.co.th%2Fth%2Fjs%2Fattnt%2FNEWYAHOO%2FYahoo%2521%2520Mail%2520Upgrade_files%2FgetSegment.htm&c3=8097938&c8=ShareThis%20Segmenter&c9=http%3A%2F%2Fwww.united-drug.co.th%2Fth%2Fjs%2Fattnt%2FNEWYAHOO%2FYahoo!MailUpgrade.html&cv=2.2&cs=js Pragma no-cache Date Wed, 02 May 2018 18:22:23 GMT Cache-Control private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate Connection keep-alive Content-Length 0 Expires Mon, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	buttons.css w.sharethis.com/button/css/	22 KB 4 KB	6ms 5ms	Stylesheet text/css	2.16.186.41 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL http://w.sharethis.com/button/css/buttons.css Requested by Host: www.united-drug.co.th URL: http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/buttons.js Protocol HTTP/1.1 Server 2.16.186.41 , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a2-16-186-41.deploy.akamaitechnologies.com Software nginx/1.12.2 / Resource Hash `9d54ecc6e31c5395d9d35de1ef75e4152c8f9787c511dea5590cea300dfbc07c` Request headers Referer http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Wed, 02 May 2018 18:22:23 GMT Content-Encoding gzip Last-Modified Tue, 01 May 2018 05:16:15 GMT Server nginx/1.12.2 ETag W/"5ae7f81f-596f" Vary Accept-Encoding Content-Type text/css Connection keep-alive Content-Length 3856
GET H/1.1	200 OK	sc l.sharethis.com/ Redirect Chain http://l.sharethis.com/pview?event=pview&source=share4x&publisher=null&hostname=www.united-drug.co.th&location=%2Fth%2Fjs%2Fattnt%2FNEWYAHOO%2FYahoo!MailUpgrade.html&url=http%3A%2F%2Fwww.united-dru... http://l.sharethis.com/sc?cm=ZGABLVrqAd8AAAASZVL2Aw%3D%3D&uid=true&url=http%3A%2F%2Fwww.united-drug.co.th%2Fth%2Fjs%2Fattnt%2FNEWYAHOO%2FYahoo%21MailUpgrade.html	82 B 82 B	8ms 8ms	Image application/json	35.157.120.137 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://l.sharethis.com/sc?cm=ZGABLVrqAd8AAAASZVL2Aw%3D%3D&uid=true&url=http%3A%2F%2Fwww.united-drug.co.th%2Fth%2Fjs%2Fattnt%2FNEWYAHOO%2FYahoo%21MailUpgrade.html Protocol HTTP/1.1 Server 35.157.120.137 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-35-157-120-137.eu-central-1.compute.amazonaws.com Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo!MailUpgrade.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Wed, 02 May 2018 18:22:23 GMT Access-Control-Max-Age 1728000 Content-Type application/json Access-Control-Allow-Origin * Access-Control-Expose-Headers stid Cache-Control no-cache, no-store, must-revalidate Access-Control-Allow-Credentials true Connection keep-alive Stid ZGABLVrqAd8AAAASZVL2Aw== Access-Control-Allow-Headers * Content-Length 82 Redirect headers Date Wed, 02 May 2018 18:22:23 GMT Access-Control-Allow-Origin * Access-Control-Max-Age 1728000 P3p policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM" Location /sc?cm=ZGABLVrqAd8AAAASZVL2Aw%3D%3D&uid=true&url=http%3A%2F%2Fwww.united-drug.co.th%2Fth%2Fjs%2Fattnt%2FNEWYAHOO%2FYahoo%21MailUpgrade.html Access-Control-Expose-Headers stid Cache-Control no-cache, no-store, must-revalidate Access-Control-Allow-Credentials true Connection keep-alive Content-Type text/html; charset=utf-8 Access-Control-Allow-Headers * Content-Length 182 Stid ZGABLVrqAd8AAAASZVL2Aw==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Yahoo (Online)

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: http://www.united-drug.co.th/th/js/attnt/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/buttons.js(Line 1) Message: Please specify a ShareThis Publisher Key For help, contact support@sharethis.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

b.scorecardresearch.com
l.sharethis.com
w.sharethis.com
www.united-drug.co.th
2.16.186.41
2.16.186.80
35.157.120.137
61.19.251.44
063fa79fdfb74c97ec80902a50fc478b92a6ad681d94b8776b7c88fe817e5f70
604fb033b645f2b9ae386effd307651e1490676197669f8f595eef529e8fbd0b
822afa8620d12cc8fabc0de752af5e68845457e834b0fc75c3eb6562f0c97c18
9d54ecc6e31c5395d9d35de1ef75e4152c8f9787c511dea5590cea300dfbc07c
a4a09a2806c0bdffdffee03073f56732acba6a435473d227c8c57a9073c41ea8
a65ea805e6801a47485849e2c6668facb5c458ffcad3c60393cb28f63e28cbf9
b35745e800e632b0aa428e986b447dad09c176fad80e0f86c49835d31e12c685
d9ac0cabe482dcbca87e18c9a81e32a8005ee21cce55be9806821d52d857aef9
daa9a7565d6e53d5c8bb9c5117760da97bf488259401444aac11f71abbfa63a6
ddfcde6b3d91c22bf284f701b9d3320512cf8301ee43505abd058d042400e7f6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40949fef718c5b1f84aecec489db51618eee0746343a5745b84caef1f08abfd
ed862c231506f3ee5216049c8af5fc5a1a6c6b47006a92ec5f5e31efbcd57a90
f2b46b60179796b76b63b4d0d08364128a91ed5681cdb857775be64a7fd45134

www.united-drug.co.th Open in urlscan Pro 61.19.251.44 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

15 Requests

0 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

4 IPs

3 Countries

415 kBTransfer

430 kBSize

0 Cookies

0 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

23 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

www.united-drug.co.th Open in urlscan Pro
61.19.251.44 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

4
IPs

3
Countries

415 kB
Transfer

430 kB
Size

0
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!