drugaffect.icu
Open in
urlscan Pro
2606:4700:30::681b:809f
Malicious Activity!
Public Scan
Effective URL: https://drugaffect.icu/AuthenticateToView/
Submission: On March 07 via manual from US
Summary
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on March 4th 2019. Valid for: a year.
This is the only time drugaffect.icu was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 124.47.150.19 124.47.150.19 | 136792 (MIMECAST-...) (MIMECAST-AS-AP Mimecast Australia Pty Ltd) | |
2 2 | 67.199.248.10 67.199.248.10 | 395224 (BITLY-AS) (BITLY-AS - Bitly Inc) | |
1 21 | 2606:4700:30:... 2606:4700:30::681b:809f | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 1 | 2606:4700:30:... 2606:4700:30::681b:819f | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 51.15.74.77 51.15.74.77 | 12876 (AS12876) (AS12876) | |
21 | 2 |
ASN136792 (MIMECAST-AS-AP Mimecast Australia Pty Ltd, AU)
PTR: protect-au.mimecast.com
protect-au.mimecast.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
drugaffect.icu |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
drugaffect.icu |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
drugaffect.icu
2 redirects
drugaffect.icu |
328 KB |
2 |
bit.ly
2 redirects
bit.ly |
760 B |
2 |
mimecast.com
2 redirects
protect-au.mimecast.com |
920 B |
1 |
ibb.co
i.ibb.co |
9 KB |
21 | 4 |
Domain | Requested by | |
---|---|---|
22 | drugaffect.icu |
2 redirects
drugaffect.icu
|
2 | bit.ly | 2 redirects |
2 | protect-au.mimecast.com | 2 redirects |
1 | i.ibb.co |
drugaffect.icu
|
21 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-03-04 - 2020-03-04 |
a year | crt.sh |
ibb.co Let's Encrypt Authority X3 |
2019-02-01 - 2019-05-02 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://drugaffect.icu/AuthenticateToView/
Frame ID: 225F186AE66DBA5EBECFA50A5987351F
Requests: 21 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://protect-au.mimecast.com/s/3UeYClx1xmcOoW9ATGSJSA?domain=bit.ly
HTTP 307
https://protect-au.mimecast.com/redirect/eNpVkMtqwzAQRX_FaG07khPHcVYJoVBom0UhhZaAkeXBUSpLqh4ppvTfO-6Dtjtp5tw... HTTP 307
https://bit.ly/2VCNqYH HTTP 301
https://drugaffect.icu/font/rdi.htm Page URL
-
https://bit.ly/2EIlZFV
HTTP 301
https://drugaffect.icu/AuthenticateToView HTTP 301
http://drugaffect.icu/AuthenticateToView/ HTTP 301
https://drugaffect.icu/AuthenticateToView/ Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /cloudflare/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+font-awesome(?:\.min)?\.css/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
Twitter Bootstrap () Expand
Detected patterns
- html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i
- script /(?:twitter\.github\.com\/bootstrap|bootstrap(?:\.js|\.min\.js))/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://protect-au.mimecast.com/s/3UeYClx1xmcOoW9ATGSJSA?domain=bit.ly
HTTP 307
https://protect-au.mimecast.com/redirect/eNpVkMtqwzAQRX_FaG07khPHcVYJoVBom0UhhZaAkeXBUSpLqh4ppvTfO-6Dtjtp5tw7d-aNOGEDWZNe9n2UHWwGrtXYcanGXJgh55GkRBlB1iwlDskiJeBlh_9FVVbVoq5XKQlD2JsO0IfSJQqkxeeC5oxW-bLOlwxrdhIVZZ2S6BS2TyFYvz7OjrNWhlyNx1nxsNu_PF4jC1Okq6dme6izomp228NqW5RlU1BW0zllTdnwGMANLMOBGavqaklXrJyjtvWYrcRQlmNq8qPFDheT7e4E4vlwf4sFEX0wAzjxlf0P6nXnsHJWYHS_abnqzaviJ-fV71Uc9NJopKwzAUTIeMwHOYDgPkzUZBPbMwI3UndqTHh3kR6SaI1OHFwkvGaJRTiR-mKkgIT3DmAAHRKhuJwM8LB3Jmq8HPle-HND8W-z9w8Naoni HTTP 307
https://bit.ly/2VCNqYH HTTP 301
https://drugaffect.icu/font/rdi.htm Page URL
-
https://bit.ly/2EIlZFV
HTTP 301
https://drugaffect.icu/AuthenticateToView HTTP 301
http://drugaffect.icu/AuthenticateToView/ HTTP 301
https://drugaffect.icu/AuthenticateToView/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://protect-au.mimecast.com/s/3UeYClx1xmcOoW9ATGSJSA?domain=bit.ly HTTP 307
- https://protect-au.mimecast.com/redirect/eNpVkMtqwzAQRX_FaG07khPHcVYJoVBom0UhhZaAkeXBUSpLqh4ppvTfO-6Dtjtp5tw7d-aNOGEDWZNe9n2UHWwGrtXYcanGXJgh55GkRBlB1iwlDskiJeBlh_9FVVbVoq5XKQlD2JsO0IfSJQqkxeeC5oxW-bLOlwxrdhIVZZ2S6BS2TyFYvz7OjrNWhlyNx1nxsNu_PF4jC1Okq6dme6izomp228NqW5RlU1BW0zllTdnwGMANLMOBGavqaklXrJyjtvWYrcRQlmNq8qPFDheT7e4E4vlwf4sFEX0wAzjxlf0P6nXnsHJWYHS_abnqzaviJ-fV71Uc9NJopKwzAUTIeMwHOYDgPkzUZBPbMwI3UndqTHh3kR6SaI1OHFwkvGaJRTiR-mKkgIT3DmAAHRKhuJwM8LB3Jmq8HPle-HND8W-z9w8Naoni HTTP 307
- https://bit.ly/2VCNqYH HTTP 301
- https://drugaffect.icu/font/rdi.htm
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
rdi.htm
drugaffect.icu/font/ Redirect Chain
|
69 B 273 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
drugaffect.icu/AuthenticateToView/ Redirect Chain
|
5 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
drugaffect.icu/AuthenticateToView/vendor/bootstrap/css/ |
122 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
drugaffect.icu/AuthenticateToView/fonts/font-awesome-4.7.0/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
material-design-iconic-font.min.css
drugaffect.icu/AuthenticateToView/fonts/iconic/css/ |
69 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
animate.css
drugaffect.icu/AuthenticateToView/vendor/animate/ |
23 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hamburgers.min.css
drugaffect.icu/AuthenticateToView/vendor/css-hamburgers/ |
19 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
animsition.min.css
drugaffect.icu/AuthenticateToView/vendor/animsition/css/ |
27 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
select2.min.css
drugaffect.icu/AuthenticateToView/vendor/select2/ |
15 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
daterangepicker.css
drugaffect.icu/AuthenticateToView/vendor/daterangepicker/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
util.css
drugaffect.icu/AuthenticateToView/css/ |
85 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
drugaffect.icu/AuthenticateToView/css/ |
10 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Office-365-logo.png
i.ibb.co/grz1RGH/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
drugaffect.icu/AuthenticateToView/css/ |
120 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
drugaffect.icu/AuthenticateToView/js/ |
82 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
drugaffect.icu/AuthenticateToView/js/ |
36 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.js
drugaffect.icu/AuthenticateToView/js/ |
75 B 163 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Poppins-Bold.ttf
drugaffect.icu/AuthenticateToView/fonts/poppins/ |
138 KB 61 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Poppins-Regular.ttf
drugaffect.icu/AuthenticateToView/fonts/poppins/ |
142 KB 62 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Material-Design-Iconic-Font.woff2
drugaffect.icu/AuthenticateToView/fonts/iconic/fonts/ |
37 KB 38 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Poppins-Medium.ttf
drugaffect.icu/AuthenticateToView/fonts/poppins/ |
140 KB 62 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.drugaffect.icu/ | Name: __cfduid Value: dd634aee3f3dbe4e93248f3efa7744db81552001560 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bit.ly
drugaffect.icu
i.ibb.co
protect-au.mimecast.com
124.47.150.19
2606:4700:30::681b:809f
2606:4700:30::681b:819f
51.15.74.77
67.199.248.10
14020e649186932b88a7f815ad52ff939db3e2ba4228cad195831d1825acb54a
2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515
210933fb1bb4e846d37ef00c92cae636ac35633132cf2157c7ac879f27f82068
2425ebbc021bfdd18fe55edbeeb1539d22a217212c14430a7d4d75266a333bbc
27751cc48fb8c009d013ffb85f0f2b1db36530791eca74d317aec90d34f09b39
3149a74d701ee7dd476f83694f8962062a456b5abbdea234101d30aff2738bcd
31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87
45870260a29fa7d3e0eff8cdd91993fb4a9ce4cced3d7b72c3ef7d24380bfc2d
4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
80aa5497ff31b2c001474d9432f0853c11d200a67ea4f9852ab2f7ee2fedd9c2
8d39ffc169b0985dde0f1b4a0b2dedd8fd9cd51d50c6eab32004bb959ce6b895
9bf87f7140c085febf881462c536ee73cf9183670811342d3dc1fd0f7a762a0d
9e4450a60b4d6d5b4a8304ade07576767dc3f64f7653b0f95bce43bf11d854b2
ac46ee31417a1d6c752eeedff92f496643a0ba453ef345ff12e18ea08acfc0c3
c493991dfa712d1fee861d41c18152e5f8663807484506a23ae97917f6fbbf7b
dec3e9f0190a504ed0c8f4a5e957c107206ba106cac4a1bbb6cbac6369a16d56
e8eea96e29a7c0a72612ab85ca3229979666467a28349642c2176e7189a1a39c
e9a3cae8169fca24aa10de13154b380f6f41ddc3c8b3bf277f93b1a0246bbb80
ec8a879697858ad9df48daa756226d57829e1f73fbd1a51e533daa2cce91d6ea