windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com
Open in
urlscan Pro
52.216.129.11
Malicious Activity!
Public Scan
Effective URL: https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm
Submission: On January 21 via manual from PH
Summary
TLS certificate: Issued by DigiCert Baltimore CA-2 G2 on November 9th 2019. Valid for: a year.
This is the only time windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Tech Support Scam (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 52.216.129.11 52.216.129.11 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:80b::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:820::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2.20.21.198 2.20.21.198 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 2a00:1450:400... 2a00:1450:4001:814::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 95.100.73.41 95.100.73.41 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 2a00:1450:400... 2a00:1450:4001:800::2003 | 15169 (GOOGLE) (GOOGLE) | |
18 | 8 |
ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-20-21-198.deploy.static.akamaitechnologies.com
img1.wsimg.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN16625 (AKAMAI-AS, US)
PTR: a95-100-73-41.deploy.static.akamaitechnologies.com
img.secureserver.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
amazonaws.com
windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com |
376 KB |
2 |
google-analytics.com
www.google-analytics.com |
18 KB |
1 |
gstatic.com
fonts.gstatic.com |
12 KB |
1 |
secureserver.net
img.secureserver.net |
689 B |
1 |
wsimg.com
img1.wsimg.com |
5 KB |
1 |
googletagmanager.com
www.googletagmanager.com |
27 KB |
1 |
googleapis.com
fonts.googleapis.com |
506 B |
0 |
appspot.com
Failed
geoapi123.appspot.com Failed |
|
18 | 8 |
Domain | Requested by | |
---|---|---|
10 | windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com |
windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com
|
2 | www.google-analytics.com |
www.googletagmanager.com
windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com |
1 | fonts.gstatic.com | |
1 | img.secureserver.net | |
1 | img1.wsimg.com |
windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com
|
1 | www.googletagmanager.com |
windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com
|
1 | fonts.googleapis.com |
windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com
|
0 | geoapi123.appspot.com Failed |
windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com
|
18 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.s3.amazonaws.com DigiCert Baltimore CA-2 G2 |
2019-11-09 - 2021-03-12 |
a year | crt.sh |
*.storage.googleapis.com GTS CA 1O1 |
2019-12-20 - 2020-03-13 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2019-12-20 - 2020-03-13 |
3 months | crt.sh |
*.wsimg.com Starfield Secure Certificate Authority - G2 |
2018-09-25 - 2020-09-25 |
2 years | crt.sh |
*.secureserver.net Starfield Secure Certificate Authority - G2 |
2019-10-22 - 2021-10-22 |
2 years | crt.sh |
*.google.com GTS CA 1O1 |
2019-12-20 - 2020-03-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/index.htm
Frame ID: CE9712AF2E69166ADF4BE7FD623CB8A2
Requests: 18 HTTP requests in this frame
Screenshot
Detected technologies
Amazon Web Services (PaaS) ExpandDetected patterns
- headers server /^AmazonS3$/i
Amazon S3 (Miscellaneous) Expand
Detected patterns
- headers server /^AmazonS3$/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Google Font API (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.htm
windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/ |
69 KB 70 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
2 KB 506 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/files/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
geoapi123.appspot.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
73 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
background-2.png
windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/files/ |
251 KB 251 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
alert.jpg
windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/files/ |
37 KB 37 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft.png
windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/files/ |
977 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tcc_l.combined.1.0.6.min.js
img1.wsimg.com/tcc/ |
12 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css.css
windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/ |
655 B 1010 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mem5YaGs126MiZpBA-UNirkOUuhs.ttf
windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/s/opensans/v15/ |
0 0 |
Font
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mem5YaGs126MiZpBA-UN7rgOUuhs.ttf
windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/s/opensans/v15/ |
0 0 |
Font
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
alertmicrosoft.mp3
windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/files/ |
101 KB 0 |
Media
audio/mp3 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
warning.mp3
windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/chrome_win/files/ |
13 KB 14 KB |
Media
audio/mp3 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
43 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/r/ |
35 B 111 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
event
img.secureserver.net/t/1/tl/ |
43 B 689 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzY5abuWI.woff2
fonts.gstatic.com/s/titilliumweb/v8/ |
11 KB 12 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- geoapi123.appspot.com
- URL
- http://geoapi123.appspot.com/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Tech Support Scam (Consumer)21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate string| phone_number function| evali function| gtag object| dataLayer object| google_tag_manager function| eval1 object| _trfd string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| tcg function| tcp object| perfhandler object| TCCTracker object| _trfq object| true3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/ | Name: _gat_gtag_UA_156010145_4 Value: 1 |
|
.windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/ | Name: _gid Value: GA1.4.247649087.1579593071 |
|
.windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com/ | Name: _ga Value: GA1.4.524359786.1579593071 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
fonts.gstatic.com
geoapi123.appspot.com
img.secureserver.net
img1.wsimg.com
windows-security-alert-spyware-found-system-blocked.s3.amazonaws.com
www.google-analytics.com
www.googletagmanager.com
geoapi123.appspot.com
2.20.21.198
2a00:1450:4001:800::2003
2a00:1450:4001:80b::200a
2a00:1450:4001:814::200e
2a00:1450:4001:820::2008
52.216.129.11
95.100.73.41
642e5e0499717db14eb22a8df45d9e5687cb659d5ca53b7d55e7ec3bb6b37118
68d8c1ea1db9ecbe459fb24a3027d909830971db036417adb8e3aa6a1769f12e
6bdecd9bf45a8f40ded1f5d7febf79f16631ea2c7f61979f8a7400c0633611f6
7d491eb4e40a92a8ca95435b3e5bcbbad3dfd7d891ae44f8a83070fd63797024
7f06005aa2fb337dadbcf070179079f5c58a7eb117fab3b4ad22bed8e7ef87c3
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
844a92ee435552f7f26b4ec467220c537841f8245a16bbb265975ce4b3081f36
8c5bc2da769a808653559f02db5f3dcf58a0a9ae69d14239a071e65a6b2d6e95
aa5c1ec4d2ea00eb517eadeb3b65e55b577b7a5ed42d7c2611d15d9050c18350
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
c38865468ef3bc8fd6705dd62ff33fe740ab5726db9a582c9055a80730909f7a
cd6f4900abc2da200ad96c75852facfd8872610ce9dd259acf3cc82507490dd3
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
f4d5cae00178437f63e868ded066dde7503207230142ab3c37ef8ca70a03574d