e66cde258cb7434ca2504b93cf9ec0ce.s3.amazonaws.com
Open in
urlscan Pro
52.218.88.114
Malicious Activity!
Public Scan
Effective URL: https://e66cde258cb7434ca2504b93cf9ec0ce.s3.amazonaws.com/35776.html
Submission Tags: 7482023
Submission: On April 07 via api from US — Scanned from DE
Summary
TLS certificate: Issued by Amazon on December 15th 2021. Valid for: a year.
This is the only time e66cde258cb7434ca2504b93cf9ec0ce.s3.amazonaws.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: IRS (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 67.199.248.13 67.199.248.13 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 | 52.218.88.114 52.218.88.114 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:80f::200a | 15169 (GOOGLE) (GOOGLE) | |
1 11 | 103.153.182.184 103.153.182.184 | 140947 (SNTHOSTIN...) (SNTHOSTINGS-AS-AP SnTHostings) | |
12 | 3 |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: cname.bitly.com
irsgovpayment.com |
ASN16509 (AMAZON-02, US)
PTR: s3-3-w.amazonaws.com
e66cde258cb7434ca2504b93cf9ec0ce.s3.amazonaws.com |
ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN)
PTR: 103.153.182.184.static.snthostings.com
swr3w234324de.ru |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
swr3w234324de.ru
1 redirects
swr3w234324de.ru |
43 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 282 |
33 KB |
1 |
amazonaws.com
e66cde258cb7434ca2504b93cf9ec0ce.s3.amazonaws.com |
2 KB |
1 |
irsgovpayment.com
1 redirects
irsgovpayment.com |
278 B |
12 | 4 |
Domain | Requested by | |
---|---|---|
11 | swr3w234324de.ru |
1 redirects
e66cde258cb7434ca2504b93cf9ec0ce.s3.amazonaws.com
swr3w234324de.ru |
1 | ajax.googleapis.com |
e66cde258cb7434ca2504b93cf9ec0ce.s3.amazonaws.com
|
1 | e66cde258cb7434ca2504b93cf9ec0ce.s3.amazonaws.com | |
1 | irsgovpayment.com | 1 redirects |
12 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.s3.amazonaws.com Amazon |
2021-12-15 - 2022-12-03 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-03-21 - 2022-06-13 |
3 months | crt.sh |
*.swr3w234324de.ru R3 |
2022-04-03 - 2022-07-02 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://e66cde258cb7434ca2504b93cf9ec0ce.s3.amazonaws.com/35776.html
Frame ID: 4FA90EC6A7120C3B75187436896239E6
Requests: 2 HTTP requests in this frame
Frame:
https://swr3w234324de.ru/asdf/QXNpYQ==07-04-202205-34-43pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aUnNJV1V3emVNU1k5ZTJqVUVzPQ==UGFraXN0YW4=VUVzPQ==RsIWUwzeMSY9e2j/?Key=QXNpYQ==07-04-202205-34-43pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aUnNJV1V3emVNU1k5ZTJqVUVzPQ==UGFraXN0YW4=VUVzPQ==RsIWUwzeMSY9e2j&rand=13InboxLightaspxn_QXNpYQ==07-04-202205-34-43pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aUnNJV1V3emVNU1k5ZTJqVUVzPQ==UGFraXN0YW4=VUVzPQ==RsIWUwzeMSY9e2j_UnNJV1V3emVNU1k5ZTJq-&cf719dd8aba316f132d960fdb3d235211bf1dc2534eb4e774fdfbd803688e402
Frame ID: AC8C07783A39098B22BAB63913EC8894
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://irsgovpayment.com/update
HTTP 302
https://e66cde258cb7434ca2504b93cf9ec0ce.s3.amazonaws.com/35776.html Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://irsgovpayment.com/update
HTTP 302
https://e66cde258cb7434ca2504b93cf9ec0ce.s3.amazonaws.com/35776.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 2- https://swr3w234324de.ru/asdf/QXNpYQ==07-04-202205-34-43pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aUnNJV1V3emVNU1k5ZTJqVUVzPQ==UGFraXN0YW4=VUVzPQ==RsIWUwzeMSY9e2j?Key=QXNpYQ==07-04-202205-34-43pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aUnNJV1V3emVNU1k5ZTJqVUVzPQ==UGFraXN0YW4=VUVzPQ==RsIWUwzeMSY9e2j&rand=13InboxLightaspxn_QXNpYQ==07-04-202205-34-43pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aUnNJV1V3emVNU1k5ZTJqVUVzPQ==UGFraXN0YW4=VUVzPQ==RsIWUwzeMSY9e2j_UnNJV1V3emVNU1k5ZTJq-&cf719dd8aba316f132d960fdb3d235211bf1dc2534eb4e774fdfbd803688e402 HTTP 301
- https://swr3w234324de.ru/asdf/QXNpYQ==07-04-202205-34-43pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aUnNJV1V3emVNU1k5ZTJqVUVzPQ==UGFraXN0YW4=VUVzPQ==RsIWUwzeMSY9e2j/?Key=QXNpYQ==07-04-202205-34-43pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aUnNJV1V3emVNU1k5ZTJqVUVzPQ==UGFraXN0YW4=VUVzPQ==RsIWUwzeMSY9e2j&rand=13InboxLightaspxn_QXNpYQ==07-04-202205-34-43pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aUnNJV1V3emVNU1k5ZTJqVUVzPQ==UGFraXN0YW4=VUVzPQ==RsIWUwzeMSY9e2j_UnNJV1V3emVNU1k5ZTJq-&cf719dd8aba316f132d960fdb3d235211bf1dc2534eb4e774fdfbd803688e402
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
35776.html
e66cde258cb7434ca2504b93cf9ec0ce.s3.amazonaws.com/ Redirect Chain
|
1 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.10.2/ |
91 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
swr3w234324de.ru/asdf/ Frame AC8C |
1 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
swr3w234324de.ru/asdf/QXNpYQ==07-04-202205-34-43pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aUnNJV1V3emVNU1k5ZTJqVUVzPQ==UGFraXN0YW4=VUVzPQ==RsIWUwzeMSY9e2j/ Frame AC8C Redirect Chain
|
7 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
navigation-gecko.css
swr3w234324de.ru/asdf/QXNpYQ==07-04-202205-34-43pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aUnNJV1V3emVNU1k5ZTJqVUVzPQ==UGFraXN0YW4=VUVzPQ==RsIWUwzeMSY9e2j/css/ Frame AC8C |
3 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles-gecko.css
swr3w234324de.ru/asdf/QXNpYQ==07-04-202205-34-43pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aUnNJV1V3emVNU1k5ZTJqVUVzPQ==UGFraXN0YW4=VUVzPQ==RsIWUwzeMSY9e2j/css/ Frame AC8C |
12 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icce-gecko.css
swr3w234324de.ru/asdf/QXNpYQ==07-04-202205-34-43pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aUnNJV1V3emVNU1k5ZTJqVUVzPQ==UGFraXN0YW4=VUVzPQ==RsIWUwzeMSY9e2j/css/ Frame AC8C |
13 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
irslogo.gif
swr3w234324de.ru/asdf/QXNpYQ==07-04-202205-34-43pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aUnNJV1V3emVNU1k5ZTJqVUVzPQ==UGFraXN0YW4=VUVzPQ==RsIWUwzeMSY9e2j/images/ Frame AC8C |
2 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1x1-transparent.gif
swr3w234324de.ru/asdf/QXNpYQ==07-04-202205-34-43pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aUnNJV1V3emVNU1k5ZTJqVUVzPQ==UGFraXN0YW4=VUVzPQ==RsIWUwzeMSY9e2j/images/ Frame AC8C |
43 B 284 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1x1-grey.gif
swr3w234324de.ru/asdf/QXNpYQ==07-04-202205-34-43pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aUnNJV1V3emVNU1k5ZTJqVUVzPQ==UGFraXN0YW4=VUVzPQ==RsIWUwzeMSY9e2j/images/ Frame AC8C |
43 B 284 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
red-arrow.gif
swr3w234324de.ru/asdf/QXNpYQ==07-04-202205-34-43pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aUnNJV1V3emVNU1k5ZTJqVUVzPQ==UGFraXN0YW4=VUVzPQ==RsIWUwzeMSY9e2j/images/ Frame AC8C |
184 B 425 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
top-transparent.gif
swr3w234324de.ru/asdf/QXNpYQ==07-04-202205-34-43pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aUnNJV1V3emVNU1k5ZTJqVUVzPQ==UGFraXN0YW4=VUVzPQ==RsIWUwzeMSY9e2j/images/en/ Frame AC8C |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: IRS (Government)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails function| $ function| jQuery function| calcHeight object| jQuery1102042202651797513811 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.irsgovpayment.com/ | Name: _bit Value: m37hyG-d9920d8ca43aa567a8-00X |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
e66cde258cb7434ca2504b93cf9ec0ce.s3.amazonaws.com
irsgovpayment.com
swr3w234324de.ru
103.153.182.184
2a00:1450:4001:80f::200a
52.218.88.114
67.199.248.13
3ab89f5e7274e11b034c58d36626bb1e0c105fdb1b1eb8ff049d5f703861ea5c
675d94e5e93cdf5de2adbd2ded68a1c779601a4583a6cb8ced73b55f89282531
6e455e200278cfb8b87bfb23195d0c09f886b09069e9a3a56e17c85224e1678f
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
984f0a18749fb1ecb93ac942a469036db3ab53bc67b5ddd05b674f2844dbdff2
a1fc43f372c7ea48d9028f87c3ae129e045e2671c378c07d19e162a7be72a845
b7e3f5fe3264de4a77fdeddcb4d9c51b00d2f4c7b938d397c82540eedc450b37
c35adc2a505934b6747cfe52e17f8579f9a6c6ec4acf7c9473f1ad0355c34db4
c3c2be650f8b26f1440136df0eb1d3f7c37dfa69c77dd86cc42d8cd9013d4640
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
db5d64a9ea32ed3abb874f295003ef2465cecc2f669efe951930e182c34a5013
dd2a9dbcf3b44428a85d7e78342d4ec5aa0ac12a56f890e74b673c79f21c32cd