s3.amazonaws.com
Open in
urlscan Pro
52.216.227.43
Malicious Activity!
Public Scan
Submission: On February 25 via manual from TW
Summary
TLS certificate: Issued by DigiCert Baltimore CA-2 G2 on August 4th 2020. Valid for: a year.
This is the only time s3.amazonaws.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Fake Flash UpdateDomain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
16 | 52.216.227.43 52.216.227.43 | 16509 (AMAZON-02) (AMAZON-02) | |
16 | 1 |
ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com
s3.amazonaws.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
amazonaws.com
s3.amazonaws.com |
304 KB |
16 | 1 |
Domain | Requested by | |
---|---|---|
16 | s3.amazonaws.com |
s3.amazonaws.com
|
16 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
s3.amazonaws.com DigiCert Baltimore CA-2 G2 |
2020-08-04 - 2021-08-09 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://s3.amazonaws.com/bc0d/98013AA16BBFE34794D7F60/1208/136623772
Frame ID: 07916047D66800E1FAF17AC84D9AC445
Requests: 16 HTTP requests in this frame
Screenshot
Detected technologies
Amazon Web Services (PaaS) ExpandDetected patterns
- headers server /^AmazonS3$/i
Amazon S3 (Miscellaneous) Expand
Detected patterns
- headers server /^AmazonS3$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
136623772
s3.amazonaws.com/bc0d/98013AA16BBFE34794D7F60/1208/ |
64 KB 64 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0a5474b9-563f-4990-bc58-432cc0d.css
s3.amazonaws.com/bc0d/98013AA16BBFE34794D7F60/1208/2CF5467DF287374/ |
363 B 718 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
89A3088C1E
s3.amazonaws.com/bc0d/98013AA16BBFE34794D7F60/1208/06e9/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1647
s3.amazonaws.com/bc0d/98013AA16BBFE34794D7F60/1208/d3d406ba-104d-4942-ba14-0584c3c6722/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
_z1p
s3.amazonaws.com/bc0d/98013AA16BBFE34794D7F60/1208/CF2257C2D03419/ |
14 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
7D37
s3.amazonaws.com/bc0d/98013AA16BBFE34794D7F60/1208/030d7659/ |
45 KB 46 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1519
s3.amazonaws.com/bc0d/98013AA16BBFE34794D7F60/1208/XRfbiOylK0e4G5wUUn/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
4408.gif
s3.amazonaws.com/bc0d/98013AA16BBFE34794D7F60/1208/d606e8fc-a127-4ef8-a217-3723a5/ |
12 KB 12 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
92E5BD696C0A334C9417.gif
s3.amazonaws.com/bc0d/98013AA16BBFE34794D7F60/1208/735c98a2-8863-405f-b3d2-02af31b66/ |
12 KB 12 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0556.gif
s3.amazonaws.com/bc0d/98013AA16BBFE34794D7F60/1208/29799/ |
12 KB 12 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
7d3656c
s3.amazonaws.com/bc0d/98013AA16BBFE34794D7F60/1208/2491/ |
963 B 1 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
5746
s3.amazonaws.com/bc0d/98013AA16BBFE34794D7F60/1208/A6F7D9E9D1F31/ |
91 KB 91 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
xymsRdjAkEuZs
s3.amazonaws.com/bc0d/98013AA16BBFE34794D7F60/1208/13b2f/ |
3 KB 3 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
3fd070dc-f398-43ea-a052-6b6
s3.amazonaws.com/bc0d/98013AA16BBFE34794D7F60/1208/lH_M/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
136623772
s3.amazonaws.com/bc0d/98013AA16BBFE34794D7F60/1208/ |
16 KB 16 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
s3.amazonaws.com/stats/ |
437 B 437 B |
Image
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Fake Flash Update18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated string| nAgt string| browserimg number| verOffset function| dragElement function| hide_download function| showStep object| botDetect function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
s3.amazonaws.com
52.216.227.43
051cd112887d94667bf8a6b36d85017be8cc5868c863e0b37d9b1e4232f3d077
2432c8182bc66485145bf7c07050ef27aca54f00390d4b1653b745f53aa8b4a3
5377ef31bb10d31f7c6d96dd13f32bcdef03e1fb41f81f3eb3a73808d94d9842
838d364789d7aa8ca6ade0dbf146e7ce82c98afc7ce1eba8273f3f3a13f89b1b
8c25ade0a1d20dfb962dbc265e60d98d90544f13ce586820e3c3dc2baae64e81
9d5b9baabd14da6e5c0deb7efe179f34cced6ac9bf8a964a3f92478a91d17061
a5e2fce7db19a100fc0ca6044b4ed65eacb741430c6cc2e2f8df2002d6e6994f
add0694dfac6c68b67a92c82e2b4ef1dc87bf3eef3875985c9ac761b7d63050d
aed2d4348180f74b6f177c26ff8236bcc9bbdae74188915cc6041dd6be8cadc5
d2db97fb183308458169b308f781e301e2541bbe99cab9628f82ed888d1b9de1
da1d9e0ae80ec0b4bfe25a802d202e43ce40de47c4a8c2766bca26345b2bb547
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f8c160703de84169dc013f17d77d5725b658e1b6a955ec826fbc0acc38787663
fc49e31ae7285e36fff43e40102c9fe7ec7077aac1eb6fefb459365a9e5c4be1
fc6794d645499060064d2bef41d52ff7dd3c4265eefdf9afb809b68fb7fe4553