colpayments.s3.eu-west-2.amazonaws.com
Open in
urlscan Pro
52.95.148.18
Malicious Activity!
Public Scan
Submission: On September 02 via automatic, source openphish — Scanned from GB
Summary
TLS certificate: Issued by Amazon on December 9th 2021. Valid for: a year.
This is the only time colpayments.s3.eu-west-2.amazonaws.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UK Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
16 | 52.95.148.18 52.95.148.18 | 16509 (AMAZON-02) (AMAZON-02) | |
16 | 1 |
ASN16509 (AMAZON-02, US)
PTR: s3-r-w.eu-west-2.amazonaws.com
colpayments.s3.eu-west-2.amazonaws.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
amazonaws.com
colpayments.s3.eu-west-2.amazonaws.com |
849 KB |
16 | 1 |
Domain | Requested by | |
---|---|---|
16 | colpayments.s3.eu-west-2.amazonaws.com |
colpayments.s3.eu-west-2.amazonaws.com
|
16 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.s3.eu-west-2.amazonaws.com Amazon |
2021-12-09 - 2022-11-24 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://colpayments.s3.eu-west-2.amazonaws.com/costofliving/step2.html
Frame ID: 46F0F0084C07D47CE468B5A588BE34BC
Requests: 16 HTTP requests in this frame
Screenshot
Page Title
Register your details - Cost of Living PaymentDetected technologies
Google Tag Manager (Tag Managers) ExpandDetected patterns
- googletagmanager\.com/ns\.html[^>]+></iframe>
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
step2.html
colpayments.s3.eu-west-2.amazonaws.com/costofliving/ |
20 KB 20 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles-govuk.02c1e0f5c755799daa22.css
colpayments.s3.eu-west-2.amazonaws.com/costofliving/step2_files/ |
54 KB 55 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles-common.05b79b0d9cca8c220a8d.css
colpayments.s3.eu-west-2.amazonaws.com/costofliving/step2_files/ |
178 KB 178 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
analytics.js.download
colpayments.s3.eu-west-2.amazonaws.com/costofliving/step2_files/ |
49 KB 50 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gtm.js.download
colpayments.s3.eu-west-2.amazonaws.com/costofliving/step2_files/ |
149 KB 150 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
govuk_logo_crown_print.1f27d633e8ee5dd6b2dc.png
colpayments.s3.eu-west-2.amazonaws.com/costofliving/step2_files/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
print.b3968944d81d470d83d2.css
colpayments.s3.eu-west-2.amazonaws.com/costofliving/step2_files/ |
1 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vendor.19cbfea38844b01d03e1.js.download
colpayments.s3.eu-west-2.amazonaws.com/costofliving/step2_files/ |
10 KB 10 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
claimant.def6069b5a0c522fde14.js.download
colpayments.s3.eu-west-2.amazonaws.com/costofliving/step2_files/ |
381 KB 381 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
govuk_logo_crown.c5ab2acf8e317746f37e.png
colpayments.s3.eu-west-2.amazonaws.com/costofliving/images/govuk/ |
243 B 243 B |
Image
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
GDSTransportWebsite-Light.328f803c1225e3e5a477.woff2
colpayments.s3.eu-west-2.amazonaws.com/costofliving/fonts/ |
0 0 |
Font
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
GDSTransportWebsite-Bold.eb02843dd7cb8b40bfd3.woff2
colpayments.s3.eu-west-2.amazonaws.com/costofliving/fonts/ |
0 0 |
Font
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
open-government-licence.a3af4682908e608fdee1.png
colpayments.s3.eu-west-2.amazonaws.com/costofliving/images/govuk/ |
243 B 243 B |
Image
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
govuk-crest.403d21ad3e77f2fc321f.png
colpayments.s3.eu-west-2.amazonaws.com/costofliving/images/govuk/ |
243 B 243 B |
Image
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
GDSTransportWebsite-Light.ce858125dfcfb3c7f511.woff
colpayments.s3.eu-west-2.amazonaws.com/costofliving/fonts/ |
0 0 |
Font
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
GDSTransportWebsite-Bold.fe13e7cd6a11d8ac1393.woff
colpayments.s3.eu-west-2.amazonaws.com/costofliving/fonts/ |
0 0 |
Font
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UK Government (Government)21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| gaTagManagerPropertyIdElem string| gaTagManagerPropertyId object| dataLayer object| html5 function| setImmediate function| clearImmediate object| regeneratorRuntime object| uc object| google_tag_data function| ga object| gaplugins object| google_tag_manager0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
colpayments.s3.eu-west-2.amazonaws.com
52.95.148.18
0ded813a4b1def09ce1b5ce005507d3b04e80a7bb272f0259dc45d177ccccd94
219788935330929c26c81f6d7021e7bb06cfbfa6d048e26ad8695de9239a8510
334971dac2aa27b5180da766aa3088f6d98dfc504ff197a83c8fd520e6ccd61f
432666b7c47e6a94638f4743e1e579bab2074f7bdbabf9d7a8142d24047f0767
48d4e9eeec553313a4a210a5f3a3d63b08d79f24a8e06ba2a899c86929a31e0c
4acb92d7e2eb69e6a68d0eb04e9a8a46204eaf260b0a2a7123c6faaf3bd867dd
5bb7ce9cafce26264afb1ad00c851433f2cfd9c75eecae78c870a9ec7ac03d43
6011a8866ad46e7f9bd78d6e360e0d2af525c9c69aa27dc8cbafd67a295c2676
78910ec0b2d46b9f4933556ba3d6863ca9bbcbefa8a4c811dce36f7026d04de8
8e6034dcb463cf2080dbf7fa5a843ea6b8bc1383b5e09c98ef84787b4dab36e4
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
b5f556ebed8090c450bea4d7fc6d09d6b38d03a2407d2dd609273bc216600ddc