account-maintenance.com Open in urlscan Pro
34.230.155.77 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://urldefense.proofpoint.com/v2/url?u=http-3A__account-2Dmaintenance.com_de6b34957a-3Fl-3D15&d=DwMFaQ&c=DoGwaW7xZGbGmXiNhIO5O...
Effective URL:
http://account-maintenance.com/load_training?guid=de6b34957a&correlation_id=d5978916-9fb1-4a6b-b3ae-23b67430e565
Submission: On November 06 via manual (November 6th 2017, 9:59:07 pm UTC) from US

Summary HTTP 151 Redirects Behaviour Indicators

Summary

This website contacted 14 IPs in 3 countries across 12 domains to perform 151 HTTP transactions. The main IP is 34.230.155.77, located in Ashburn, United States and belongs to AMAZON-AES - Amazon.com, Inc., US. The main domain is account-maintenance.com.

This is the only time account-maintenance.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Phishing Simulation (Internet)

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.231.154.66 67.231.154.66	22843 (PROOFPOIN...) (PROOFPOINT-ASN-US-EAST - Proofpoint)
45	34.230.155.77 34.230.155.77	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
21	52.216.64.200 52.216.64.200	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2a02:26f0:78:... 2a02:26f0:78:187::196	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	52.222.146.252 52.222.146.252	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	2a00:1450:400... 2a00:1450:4001:81c::200a	15169 (GOOGLE) (GOOGLE - Google Inc.)
1 6	2a00:1450:400... 2a00:1450:4001:821::200e	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	2a00:1450:400... 2a00:1450:400c:c04::9c	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	2a00:1450:400... 2a00:1450:4001:821::200a	15169 (GOOGLE) (GOOGLE - Google Inc.)
2	2a00:1450:400... 2a00:1450:4001:821::2003	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	52.222.146.128 52.222.146.128	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	52.216.1.184 52.216.1.184	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	151.101.114.110 151.101.114.110	54113 (FASTLY) (FASTLY - Fastly)
1	162.247.242.18 162.247.242.18	23467 (NEWRELIC-...) (NEWRELIC-AS-1 - New Relic)
151	14

1 67.231.154.66 (Sunnyvale, United States) 1 redirects

ASN22843 (PROOFPOINT-ASN-US-EAST - Proofpoint, Inc., US)
PTR: urldefense.proofpoint.com

urldefense.proofpoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

45 34.230.155.77 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-230-155-77.compute-1.amazonaws.com

account-maintenance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 52.216.64.200 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-1-w.amazonaws.com

tslp.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:78:187::196 (European Union)

ASN20940 (AKAMAI-ASN1, US)

java.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.222.146.252 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-222-146-252.fra53.r.cloudfront.net

d2wy8f7a9ursnm.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81c::200a (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:821::200e (Ireland) 1 redirects

ASN15169 (GOOGLE - Google Inc., US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9c (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::200a (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:821::2003 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.146.128 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-222-146-128.fra53.r.cloudfront.net

d25q7gseii1o1q.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.216.1.184 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-1-w.amazonaws.com

tslp.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tscontent.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.110 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.242.18 (United States)

ASN23467 (NEWRELIC-AS-1 - New Relic, US)
PTR: bam-6.nr-data.net

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
45	account-maintenance.com account-maintenance.com	30 KB
23	amazonaws.com tslp.s3.amazonaws.com tscontent.s3.amazonaws.com	375 KB
6	google-analytics.com 1 redirects www.google-analytics.com	29 KB
4	googleapis.com ajax.googleapis.com fonts.googleapis.com	99 KB
3	cloudfront.net d2wy8f7a9ursnm.cloudfront.net d25q7gseii1o1q.cloudfront.net	7 KB
2	gstatic.com fonts.gstatic.com	17 KB
2	java.com java.com	36 KB
1	nr-data.net bam.nr-data.net	57 B
1	newrelic.com js-agent.newrelic.com	9 KB
1	doubleclick.net stats.g.doubleclick.net	53 B
1	proofpoint.com 1 redirects urldefense.proofpoint.com	179 B
0	threatsim.com Failed dataentry.threatsim.com Failed
151	12

	Domain	Requested by
45	account-maintenance.com	account-maintenance.com
22	tslp.s3.amazonaws.com	account-maintenance.com
6	www.google-analytics.com	1 redirects account-maintenance.com
3	ajax.googleapis.com	account-maintenance.com
2	fonts.gstatic.com	account-maintenance.com
2	d2wy8f7a9ursnm.cloudfront.net	account-maintenance.com
2	java.com	account-maintenance.com
1	bam.nr-data.net	js-agent.newrelic.com
1	js-agent.newrelic.com	account-maintenance.com
1	tscontent.s3.amazonaws.com	account-maintenance.com
1	d25q7gseii1o1q.cloudfront.net	account-maintenance.com
1	fonts.googleapis.com	account-maintenance.com
1	stats.g.doubleclick.net	account-maintenance.com
1	urldefense.proofpoint.com	1 redirects
0	dataentry.threatsim.com Failed	account-maintenance.com
151	15

This site contains no links.

Subject Issuer	Validity	Valid
*.s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2017-09-22` - `2019-01-03`	a year	crt.sh
www.java.com Symantec Class 3 ECC 256 bit EV CA - G2	`2017-03-06` - `2019-05-05`	2 years	crt.sh
*.google-analytics.com Google Internet Authority G3	`2017-10-24` - `2018-01-16`	3 months	crt.sh
*.g.doubleclick.net Google Internet Authority G3	`2017-11-01` - `2018-01-24`	3 months	crt.sh
*.googleapis.com Google Internet Authority G2	`2017-10-24` - `2017-12-29`	2 months	crt.sh
*.google.com Google Internet Authority G2	`2017-10-24` - `2017-12-29`	2 months	crt.sh
*.cloudfront.net Symantec Class 3 Secure Server CA - G4	`2016-10-26` - `2017-12-17`	a year	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2017-10-19` - `2018-05-04`	6 months	crt.sh
*.nr-data.net GeoTrust SSL CA - G3	`2017-07-18` - `2018-03-17`	8 months	crt.sh

This page contains 1 frames:

Primary Page: http://account-maintenance.com/load_training?guid=de6b34957a&correlation_id=d5978916-9fb1-4a6b-b3ae-23b67430e565
Frame ID: 29172.1
Requests: 151 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://urldefense.proofpoint.com/v2/url?u=http-3A__account-2Dmaintenance.com_de6b34957a-3Fl-3D15&d=DwMFaQ&c=D... HTTP 302
http://account-maintenance.com/de6b34957a?l=15 Page URL
http://account-maintenance.com/load_training?guid=de6b34957a&correlation_id=d5978916-9fb1-4a6b-b3ae-23b6743... Page URL

Detected technologies

Apache Traffic Server (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /ATS\/?([\d.]+)?/i

BugSnag (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /bugsnag.*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js/i

Page Statistics

151
Requests

26 %
HTTPS

43 %
IPv6

12
Domains

15
Subdomains

14
IPs

3
Countries

601 kB
Transfer

913 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://urldefense.proofpoint.com/v2/url?u=http-3A__account-2Dmaintenance.com_de6b34957a-3Fl-3D15&d=DwMFaQ&c=DoGwaW7xZGbGmXiNhIO5Ow&r=iotwdFgiwyDtg2tr3P8AU6MkD3MB2RPFCh2jtIGOG1o&m=GpH21LZQ11uCzfZpmWunNATk_zZXDnaDix6KiwaQqOc&s=nv1LUnxTCNs5phM5J-3E78iEX4UCvq8mut0WmUJxXOk&e= HTTP 302
http://account-maintenance.com/de6b34957a?l=15 Page URL
http://account-maintenance.com/load_training?guid=de6b34957a&correlation_id=d5978916-9fb1-4a6b-b3ae-23b67430e565 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://urldefense.proofpoint.com/v2/url?u=http-3A__account-2Dmaintenance.com_de6b34957a-3Fl-3D15&d=DwMFaQ&c=DoGwaW7xZGbGmXiNhIO5Ow&r=iotwdFgiwyDtg2tr3P8AU6MkD3MB2RPFCh2jtIGOG1o&m=GpH21LZQ11uCzfZpmWunNATk_zZXDnaDix6KiwaQqOc&s=nv1LUnxTCNs5phM5J-3E78iEX4UCvq8mut0WmUJxXOk&e= HTTP 302
http://account-maintenance.com/de6b34957a?l=15

Request Chain 15

http://www.google-analytics.com/analytics.js HTTP 307
https://www.google-analytics.com/analytics.js

Request Chain 48

http://www.google-analytics.com/r/collect?v=1&_v=j65&a=2132905487&t=pageview&_s=1&dl=http%3A%2F%2Faccount-maintenance.com%2Fde6b34957a%3Fl%3D15&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABI~&jid=1134904233&gjid=1195592446&cid=286341275.1510005535&tid=UA-83403-17&_gid=1778728966.1510005535&_r=1&z=1285216288 HTTP 307
https://www.google-analytics.com/r/collect?v=1&_v=j65&a=2132905487&t=pageview&_s=1&dl=http%3A%2F%2Faccount-maintenance.com%2Fde6b34957a%3Fl%3D15&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABI~&jid=1134904233&gjid=1195592446&cid=286341275.1510005535&tid=UA-83403-17&_gid=1778728966.1510005535&_r=1&z=1285216288 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-83403-17&cid=286341275.1510005535&jid=1134904233&_gid=1778728966.1510005535&gjid=1195592446&_v=j65&z=1285216288

Request Chain 49

http://www.google-analytics.com/collect?v=1&_v=j65&a=2132905487&t=pageview&_s=2&dl=http%3A%2F%2Faccount-maintenance.com%2Fde6b34957a%3Fl%3D15&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABI~&jid=&gjid=&cid=286341275.1510005535&uid=de6b34957a&tid=UA-83403-17&_gid=1778728966.1510005535&z=1042489925 HTTP 307
https://www.google-analytics.com/collect?v=1&_v=j65&a=2132905487&t=pageview&_s=2&dl=http%3A%2F%2Faccount-maintenance.com%2Fde6b34957a%3Fl%3D15&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABI~&jid=&gjid=&cid=286341275.1510005535&uid=de6b34957a&tid=UA-83403-17&_gid=1778728966.1510005535&z=1042489925

Request Chain 101

http://www.google-analytics.com/analytics.js HTTP 307
https://www.google-analytics.com/analytics.js

Request Chain 109

http://www.google-analytics.com/collect?v=1&_v=j65&a=940552509&t=pageview&_s=1&dl=http%3A%2F%2Faccount-maintenance.com%2Fload_training%3Fguid%3Dde6b34957a%26correlation_id%3Dd5978916-9fb1-4a6b-b3ae-23b67430e565&ul=en-us&de=UTF-8&dt=You%20have%20been%20Phished!&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=AACAAEABI~&jid=&gjid=&cid=286341275.1510005535&tid=UA-83403-17&_gid=1778728966.1510005535&z=114588857 HTTP 307
https://www.google-analytics.com/collect?v=1&_v=j65&a=940552509&t=pageview&_s=1&dl=http%3A%2F%2Faccount-maintenance.com%2Fload_training%3Fguid%3Dde6b34957a%26correlation_id%3Dd5978916-9fb1-4a6b-b3ae-23b67430e565&ul=en-us&de=UTF-8&dt=You%20have%20been%20Phished!&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=AACAAEABI~&jid=&gjid=&cid=286341275.1510005535&tid=UA-83403-17&_gid=1778728966.1510005535&z=114588857

Request Chain 110

http://www.google-analytics.com/collect?v=1&_v=j65&a=940552509&t=pageview&_s=2&dl=http%3A%2F%2Faccount-maintenance.com%2Fload_training%3Fguid%3Dde6b34957a%26correlation_id%3Dd5978916-9fb1-4a6b-b3ae-23b67430e565&ul=en-us&de=UTF-8&dt=You%20have%20been%20Phished!&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=QACAAEABI~&jid=&gjid=&cid=286341275.1510005535&tid=UA-83403-17&_gid=1778728966.1510005535&z=1893659315 HTTP 307
https://www.google-analytics.com/collect?v=1&_v=j65&a=940552509&t=pageview&_s=2&dl=http%3A%2F%2Faccount-maintenance.com%2Fload_training%3Fguid%3Dde6b34957a%26correlation_id%3Dd5978916-9fb1-4a6b-b3ae-23b67430e565&ul=en-us&de=UTF-8&dt=You%20have%20been%20Phished!&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=QACAAEABI~&jid=&gjid=&cid=286341275.1510005535&tid=UA-83403-17&_gid=1778728966.1510005535&z=1893659315

151 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Cookie set de6b34957a Show response
account-maintenance.com/
Redirect Chain

https://urldefense.proofpoint.com/v2/url?u=http-3A__account-2Dmaintenance.com_de6b34957a-3Fl-3D15&d=DwMFaQ&c=DoGwaW7xZGbGmXiNhIO5Ow&r=iotwdFgiwyDtg2tr3P8AU6MkD3MB2RPFCh2jtIGOG1o&m=GpH21LZQ11uCzfZpm...
http://account-maintenance.com/de6b34957a?l=15

19 KB
7 KB

2500ms
122ms

Document
text/html

34.230.155.77
Amazon.com

General

Domain/Path	Expires	Name / Value
.account-maintenance.com/	1970-01-18 11:28:11	Name: _gid Value: GA1.2.1778728966.1510005535
.account-maintenance.com/	1970-01-19 04:57:57	Name: _ga Value: GA1.2.286341275.1510005535
account-maintenance.com/	1970-01-01 00:00:00	Name: link_clicked_de6b34957a Value: 2
.account-maintenance.com/	1970-01-18 11:26:45	Name: _gat Value: 1
account-maintenance.com/	1970-01-01 00:00:00	Name: EXFILGUID Value: de6b34957a

account-maintenance.com Open in urlscan Pro 34.230.155.77 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

151 Requests

26 %HTTPS

43 %IPv6

12 Domains

15 Subdomains

14 IPs

3 Countries

601 kBTransfer

913 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

151 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

account-maintenance.com Open in urlscan Pro
34.230.155.77 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

151
Requests

26 %
HTTPS

43 %
IPv6

12
Domains

15
Subdomains

14
IPs

3
Countries

601 kB
Transfer

913 kB
Size

5
Cookies

151 HTTP transactions
0 data transactions