windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com Open in urlscan Pro
52.216.129.11  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.htm Show response windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/	69 KB 70 KB	417ms 115ms	Document text/html	52.216.129.11 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.129.11 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1-w.amazonaws.com Software AmazonS3 / Resource Hash 68d8c1ea1db9ecbe459fb24a3027d909830971db036417adb8e3aa6a1769f12e Request headers Host windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Sec-Fetch-User ?1 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Sec-Fetch-Site none Sec-Fetch-Mode navigate Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Sec-Fetch-User ?1 Response headers x-amz-id-2 YzUCVCoVZNpowbsRU/amO2GWALCZ4uk0l/ayaX65CccwOGQTHx7tNhF63FYPYOBB6G7QEwwqxpQ= x-amz-request-id A7AF53B23EBBB570 Date Tue, 21 Jan 2020 07:51:11 GMT Last-Modified Tue, 21 Jan 2020 02:02:26 GMT ETag "706786f203508cb42cf179e3c4bda777" Accept-Ranges bytes Content-Type text/html Content-Length 70879 Server AmazonS3
GET H2	200	css fonts.googleapis.com/	2 KB 506 B	18ms 17ms	Stylesheet text/css	2a00:1450:4001:80b::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Titillium+Web:400,700 Requested by Host: windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com URL: https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 642e5e0499717db14eb22a8df45d9e5687cb659d5ca53b7d55e7ec3bb6b37118 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding br last-modified Tue, 21 Jan 2020 07:51:11 GMT server ESF access-control-allow-origin * date Tue, 21 Jan 2020 07:51:11 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 status 200 alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin x-xss-protection 0 expires Tue, 21 Jan 2020 07:51:11 GMT
GET H/1.1	200 OK	style.css windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/files/	2 KB 2 KB	252ms 105ms	Stylesheet text/css	52.216.129.11 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/files/style.css Requested by Host: windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com URL: https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.129.11 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1-w.amazonaws.com Software AmazonS3 / Resource Hash 8c5bc2da769a808653559f02db5f3dcf58a0a9ae69d14239a071e65a6b2d6e95 Request headers Referer https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers Date Tue, 21 Jan 2020 07:51:12 GMT Last-Modified Tue, 21 Jan 2020 02:02:45 GMT Server AmazonS3 x-amz-request-id 23907EFEFC9B90A6 ETag "7b8250d8b4ee5d534e8562a064f8f1e6" Content-Type text/css Accept-Ranges bytes Content-Length 2133 x-amz-id-2 85CVo/gKddH8XohK0PLMfLqeMd8Mcnz7kE3m7ACBZNDPEgaPUaJllnQZQXpghGnkWjN03ISvkTA=
GET		/ geoapi123.appspot.com/	0 0
GET H2	200	js Show response www.googletagmanager.com/gtag/	73 KB 27 KB	39ms 38ms	Script application/javascript	2a00:1450:4001:820::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-156010145-4 Requested by Host: windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com URL: https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:820::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 7f06005aa2fb337dadbcf070179079f5c58a7eb117fab3b4ad22bed8e7ef87c3 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers date Tue, 21 Jan 2020 07:51:11 GMT content-encoding br last-modified Tue, 21 Jan 2020 06:00:00 GMT server Google Tag Manager access-control-allow-origin http://www.googletagmanager.com vary Accept-Encoding content-type application/javascript; charset=UTF-8 status 200 alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control content-length 27819 x-xss-protection 0 expires Tue, 21 Jan 2020 07:51:11 GMT
GET H/1.1	200 OK	background-2.png windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/files/	251 KB 251 KB	306ms 131ms	Image image/png	52.216.129.11 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/files/background-2.png Requested by Host: windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com URL: https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.129.11 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1-w.amazonaws.com Software AmazonS3 / Resource Hash 7d491eb4e40a92a8ca95435b3e5bcbbad3dfd7d891ae44f8a83070fd63797024 Request headers Referer https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers Date Tue, 21 Jan 2020 07:51:12 GMT Last-Modified Tue, 21 Jan 2020 02:02:48 GMT Server AmazonS3 x-amz-request-id 0B65248928149424 ETag "bff452474f34852523e73bee286954d4" Content-Type image/png Accept-Ranges bytes Content-Length 256547 x-amz-id-2 6iBb/9L8BfKdUdEG7m1GfuicuvzBjfrUmGodbgv2AmCLl0yXMWy5QaE99qiTVIG693XZajFhLB4=
GET H/1.1	200 OK	alert.jpg windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/files/	37 KB 37 KB	365ms 131ms	Image image/jpeg	52.216.129.11 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/files/alert.jpg Requested by Host: windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com URL: https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.129.11 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1-w.amazonaws.com Software AmazonS3 / Resource Hash 6bdecd9bf45a8f40ded1f5d7febf79f16631ea2c7f61979f8a7400c0633611f6 Request headers Referer https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers Date Tue, 21 Jan 2020 07:51:12 GMT Last-Modified Tue, 21 Jan 2020 02:02:46 GMT Server AmazonS3 x-amz-request-id 69F5BD06CA19F643 ETag "15f70e6624b2664be5538da4a40b2297" Content-Type image/jpeg Accept-Ranges bytes Content-Length 37513 x-amz-id-2 BFD6y2uYBO6lDtPFIwusN/vb0gqqUZXFmgo7YaJYUvQd/UkPEp9mg5eyInYQY7tEKzu0zPZh46o=
GET H/1.1	200 OK	microsoft.png windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/files/	977 B 1 KB	106ms 106ms	Image image/png	52.216.129.11 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/files/microsoft.png Requested by Host: windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com URL: https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.129.11 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1-w.amazonaws.com Software AmazonS3 / Resource Hash 844a92ee435552f7f26b4ec467220c537841f8245a16bbb265975ce4b3081f36 Request headers Referer https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers Date Tue, 21 Jan 2020 07:51:12 GMT Last-Modified Tue, 21 Jan 2020 02:02:45 GMT Server AmazonS3 x-amz-request-id EDFB4C2DE8E1E003 ETag "ab563722ebc08ab73e4c72a3fa0d28c7" Content-Type image/png Accept-Ranges bytes Content-Length 977 x-amz-id-2 DipGUe457qtieWkhmp7NkLs6skphRFOsZAQ/9FjB1XDyFmbD00LQVscec8PWt0JRAXnVTXxE0dA=
GET H2	200	tcc_l.combined.1.0.6.min.js Show response img1.wsimg.com/tcc/	12 KB 5 KB	108ms 36ms	Script application/x-javascript	2.20.21.198 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js Requested by Host: windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com URL: https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.20.21.198 , Ascension Island, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a2-20-21-198.deploy.static.akamaitechnologies.com Software / Resource Hash aa5c1ec4d2ea00eb517eadeb3b65e55b577b7a5ed42d7c2611d15d9050c18350 Request headers Referer https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers date Tue, 21 Jan 2020 07:51:11 GMT content-encoding gzip last-modified Fri, 31 Mar 2017 16:26:41 GMT access-control-allow-origin * etag "52ef5c943baad21:0" vary Accept-Encoding content-type application/x-javascript status 200 cache-control max-age=31536000 accept-ranges bytes timing-allow-origin * content-length 4564 expires Wed, 20 Jan 2021 07:51:11 GMT
GET H/1.1	200 OK	css.css windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/	655 B 1010 B	155ms 117ms	Stylesheet text/css	52.216.129.11 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/css.css Requested by Host: windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com URL: https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.129.11 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1-w.amazonaws.com Software AmazonS3 / Resource Hash c38865468ef3bc8fd6705dd62ff33fe740ab5726db9a582c9055a80730909f7a Request headers Referer https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers Date Tue, 21 Jan 2020 07:51:12 GMT Last-Modified Tue, 21 Jan 2020 02:01:55 GMT Server AmazonS3 x-amz-request-id 97111A64CB51B0E0 ETag "4b15778fb4d238f6a6fc1d0bffaa7eb3" Content-Type text/css Accept-Ranges bytes Content-Length 655 x-amz-id-2 +Z57s3/kgOgYuNSAg5595J5APuYz7BB39RQzawGzqMLRqkz9n34SjISq6syrrbLpnCFm2JpKj1I=
GET H/1.1	403 Forbidden	mem5YaGs126MiZpBA-UNirkOUuhs.ttf windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/s/opensans/v15/	0 0	107ms 107ms	Font application/xml	52.216.129.11 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/s/opensans/v15/mem5YaGs126MiZpBA-UNirkOUuhs.ttf Requested by Host: windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com URL: https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.129.11 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1-w.amazonaws.com Software AmazonS3 / Resource Hash Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Referer https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/css.css Origin https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com Response headers Date Tue, 21 Jan 2020 07:51:11 GMT Server AmazonS3 x-amz-request-id 9A640C12E53EAD36 Transfer-Encoding chunked x-amz-id-2 luYSWNFMpOwp1t3r0KbKaePsm9ZOv3Cc6hj/yBMjc2Y7p2BBaYfts/KZLSVXjbdigGsaZOL6lpc= Content-Type application/xml
GET H/1.1	403 Forbidden	mem5YaGs126MiZpBA-UN7rgOUuhs.ttf windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/s/opensans/v15/	0 0	212ms 110ms	Font application/xml	52.216.129.11 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/s/opensans/v15/mem5YaGs126MiZpBA-UN7rgOUuhs.ttf Requested by Host: windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com URL: https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.129.11 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1-w.amazonaws.com Software AmazonS3 / Resource Hash Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Referer https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/css.css Origin https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com Response headers Date Tue, 21 Jan 2020 07:51:11 GMT Server AmazonS3 x-amz-request-id CA003DED94D218B8 Transfer-Encoding chunked x-amz-id-2 zc+zjQlWnz7PCv2VMeF6Z5qkT5kw2hRrZP32IVycTzpcgyIMO45W6gQO65//xnvrJkedcNaZOu8= Content-Type application/xml
GET H/1.1	206 Partial Content	alertmicrosoft.mp3 windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/files/	101 KB 0	232ms 138ms	Media audio/mp3	52.216.129.11 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/files/alertmicrosoft.mp3 Requested by Host: windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com URL: https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.129.11 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1-w.amazonaws.com Software AmazonS3 / Resource Hash Request headers Referer https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm Accept-Encoding identity;q=1, *;q=0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Range bytes=0- Response headers Date Tue, 21 Jan 2020 07:51:12 GMT Last-Modified Tue, 21 Jan 2020 02:02:47 GMT Server AmazonS3 x-amz-request-id 9B6B1A673A4728C2 ETag "6ed16685648cc6c15a7da8263543a65c" Content-Type audio/mp3 Content-Range bytes 0-143452/143453 Accept-Ranges bytes Content-Length 143453 x-amz-id-2 uh1F8EG+iLdVtV5H9N0lVH6SWmChqWHQrAazqiXsliah5Z5B5XSWSph816sufmZaOlAUEpywUmU=
GET H/1.1	206 Partial Content	warning.mp3 windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/files/	13 KB 14 KB	109ms 103ms	Media audio/mp3	52.216.129.11 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/files/warning.mp3 Requested by Host: windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com URL: https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.129.11 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1-w.amazonaws.com Software AmazonS3 / Resource Hash f4d5cae00178437f63e868ded066dde7503207230142ab3c37ef8ca70a03574d Request headers Referer https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm Accept-Encoding identity;q=1, *;q=0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Range bytes=0- Response headers Date Tue, 21 Jan 2020 07:51:12 GMT Last-Modified Tue, 21 Jan 2020 02:02:46 GMT Server AmazonS3 x-amz-request-id A33698D4A37966A4 ETag "00b0b7579d355157c552145ce7720cb2" Content-Type audio/mp3 Content-Range bytes 0-13668/13669 Accept-Ranges bytes Content-Length 13669 x-amz-id-2 BuChbClJGAq7vlPU474DpvyR9e1ww+Uv3Cj8CL2z/QMbV89W0H4DpShplVXIPSXfbOwbl9dT6gg=
GET H2	200	analytics.js Show response www.google-analytics.com/	43 KB 17 KB	6ms 6ms	Script text/javascript	2a00:1450:4001:814::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-156010145-4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Mon, 19 Aug 2019 17:22:41 GMT server Golfe2 age 4658 date Tue, 21 Jan 2020 06:33:33 GMT vary Accept-Encoding content-type text/javascript status 200 cache-control public, max-age=7200 alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 content-length 17803 expires Tue, 21 Jan 2020 08:33:33 GMT
GET H2	200	collect www.google-analytics.com/r/	35 B 111 B	14ms 14ms	Image image/gif	2a00:1450:4001:814::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1919486151&t=pageview&_s=1&dl=https%3A%2F%2Fwindows-security-alert-spyware-found-system-blocked.s3.amazonaws.com%2Fchrome_win%2Findex.htm&ul=en-us&de=UTF-8&dt=Microsoft%20Official%20Support&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=1236918898&gjid=1492918982&cid=524359786.1579593071&tid=UA-156010145-4&_gid=247649087.1579593071&_r=1&gtm=2ou181&z=1665662010 Requested by Host: windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com URL: https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers pragma no-cache date Tue, 21 Jan 2020 07:51:11 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 access-control-allow-origin * content-type image/gif status 200 cache-control no-cache, no-store, must-revalidate alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 content-length 35 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	event img.secureserver.net/t/1/tl/	43 B 689 B	231ms 141ms	Image image/gif	95.100.73.41 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://img.secureserver.net/t/1/tl/event?cts=1579593071967&tce=1579593070863&tcs=1579593070574&tdc=1579593071765&tdclee=1579593071542&tdcles=1579593071542&tdi=1579593071542&tdl=1579593070987&tdle=1579593070574&tdls=1579593070562&tfs=1579593070561&tns=1579593070561&trqs=1579593070864&tre=1579593071140&trps=1579593070978&tles=1579593071765&tlee=1579593071766&ht=perf&dh=windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com&ua=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_6)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F79.0.3945.88%20Safari%2F537.36&vci=1533544596&cv=1.0.6&z=1094043899&vg=228be370-1969-4dbb-8286-00df297dc8cf&vtg=228be370-1969-4dbb-8286-00df297dc8cf&ap=cpsh&trfd=%7B%22cts%22%3A1579593071541%2C%22tccl.baseHost%22%3A%22secureserver.net%22%2C%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22a2plcpnl0830%22%7D&dp=%2Fchrome_win%2Findex.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 95.100.73.41 , Ascension Island, ASN16625 (AKAMAI-AS, US), Reverse DNS a95-100-73-41.deploy.static.akamaitechnologies.com Software / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Security Headers Name Value Strict-Transport-Security max-age=31536000 ; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Referer https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers Strict-Transport-Security max-age=31536000 ; includeSubDomains X-Content-Type-Options nosniff Date Tue, 21 Jan 2020 07:51:12 GMT X-Frame-Options DENY Access-Control-Allow-Methods GET, PUT, POST, DELETE, OPTIONS Content-Type image/gif Access-Control-Allow-Origin https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com, * Access-Control-Max-Age 1000 Cache-Control private Connection keep-alive X-Robots-Tag noindex, nofollow Access-Control-Allow-Headers Origin, X-Requested-With, Content-Type, Accept Content-Length 43 X-XSS-Protection 1; mode=block
GET H2	200	NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzY5abuWI.woff2 fonts.gstatic.com/s/titilliumweb/v8/	11 KB 12 KB	6ms 6ms	Font font/woff2	2a00:1450:4001:800::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/titilliumweb/v8/NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzY5abuWI.woff2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash cd6f4900abc2da200ad96c75852facfd8872610ce9dd259acf3cc82507490dd3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Referer https://fonts.googleapis.com/css?family=Titillium+Web:400,700 Origin https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com Response headers date Thu, 21 Nov 2019 15:01:36 GMT x-content-type-options nosniff last-modified Mon, 22 Jul 2019 19:24:58 GMT server sffe age 5244576 content-type font/woff2 status 200 alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * access-control-allow-origin * content-length 11744 x-xss-protection 0 expires Fri, 20 Nov 2020 15:01:36 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

geoapi123.appspot.com

URL

http://geoapi123.appspot.com/

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Tech Support Scam (Consumer)

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate string| phone_number function| evali function| gtag object| dataLayer object| google_tag_manager function| eval1 object| _trfd string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| tcg function| tcp object| perfhandler object| TCCTracker object| _trfq object| true

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/	1970-01-19 06:46:33	Name: _gat_gtag_UA_156010145_4 Value: 1
			.windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/	1970-01-19 06:47:59	Name: _gid Value: GA1.4.247649087.1579593071
			.windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/	1970-01-20 00:17:45	Name: _ga Value: GA1.4.524359786.1579593071

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	(Line 1) Message: City fails!!!

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
geoapi123.appspot.com
img.secureserver.net
img1.wsimg.com
windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com
www.google-analytics.com
www.googletagmanager.com
geoapi123.appspot.com
2.20.21.198
2a00:1450:4001:800::2003
2a00:1450:4001:80b::200a
2a00:1450:4001:814::200e
2a00:1450:4001:820::2008
52.216.129.11
95.100.73.41
642e5e0499717db14eb22a8df45d9e5687cb659d5ca53b7d55e7ec3bb6b37118
68d8c1ea1db9ecbe459fb24a3027d909830971db036417adb8e3aa6a1769f12e
6bdecd9bf45a8f40ded1f5d7febf79f16631ea2c7f61979f8a7400c0633611f6
7d491eb4e40a92a8ca95435b3e5bcbbad3dfd7d891ae44f8a83070fd63797024
7f06005aa2fb337dadbcf070179079f5c58a7eb117fab3b4ad22bed8e7ef87c3
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
844a92ee435552f7f26b4ec467220c537841f8245a16bbb265975ce4b3081f36
8c5bc2da769a808653559f02db5f3dcf58a0a9ae69d14239a071e65a6b2d6e95
aa5c1ec4d2ea00eb517eadeb3b65e55b577b7a5ed42d7c2611d15d9050c18350
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
c38865468ef3bc8fd6705dd62ff33fe740ab5726db9a582c9055a80730909f7a
cd6f4900abc2da200ad96c75852facfd8872610ce9dd259acf3cc82507490dd3
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
f4d5cae00178437f63e868ded066dde7503207230142ab3c37ef8ca70a03574d