d12svcgttuqh2w.cloudfront.net Open in urlscan Pro
216.137.61.245  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response d12svcgttuqh2w.cloudfront.net/	69 KB 7 KB	729ms 723ms	Document text/html	216.137.61.245 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://d12svcgttuqh2w.cloudfront.net/ Protocol HTTP/1.1 Server 216.137.61.245 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-216-137-61-245.fra2.r.cloudfront.net Software nginx/1.12.2 / Resource Hash a20d50770431c5eccdc34899369091250dc3f273b2798a5b1e4d853be606ed03 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host d12svcgttuqh2w.cloudfront.net Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control no-cache Connection keep-alive Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Mon, 30 Apr 2018 22:30:06 GMT Content-Encoding gzip Last-Modified Mon, 19 Feb 2018 17:38:26 GMT Server nginx/1.12.2 Transfer-Encoding chunked X-Cache Miss from cloudfront Content-Type text/html Via 1.1 10e95c517e657ad53448fce5195e9cba.cloudfront.net (CloudFront) Connection keep-alive X-Amz-Cf-Id YrIKkly9u9JOOLlI9Qn-_8IXGNUPrVwJykTKPcmfK-4BryyxRkTQYQ==
GET S	200	css fonts.googleapis.com/	524 B 575 B	37ms 15ms	Stylesheet text/css	172.217.22.42 Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Titillium+Web:400,700 Requested by Host: d12svcgttuqh2w.cloudfront.net URL: http://d12svcgttuqh2w.cloudfront.net/ Protocol SPDY Server 172.217.22.42 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s16-in-f10.1e100.net Software ESF / Resource Hash 103f94713fcf6d1356d310ef766552aba0d1f132e2c5e01c1e9ee97c764d67c8 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer http://d12svcgttuqh2w.cloudfront.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers date Mon, 30 Apr 2018 22:30:06 GMT content-encoding gzip server ESF status 200 x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400 timing-allow-origin * alt-svc hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35" x-xss-protection 1; mode=block expires Mon, 30 Apr 2018 22:30:06 GMT
GET H/1.1	503 Service Unavailable	/ geoapi123.appspot.com/	0 0	140ms 120ms	Script text/html	172.217.22.84 Google LLC
General Check archive.org Show headers Download Go to Full URL http://geoapi123.appspot.com/ Requested by Host: d12svcgttuqh2w.cloudfront.net URL: http://d12svcgttuqh2w.cloudfront.net/ Protocol HTTP/1.1 Server 172.217.22.84 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s17-in-f20.1e100.net Software Google Frontend / Resource Hash Request headers Referer http://d12svcgttuqh2w.cloudfront.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers X-Cloud-Trace-Context 2c74be4ddf33e7f43a3f82139a738d3d Server Google Frontend Date Mon, 30 Apr 2018 22:30:06 GMT Content-Length 970 Content-Type text/html
GET H/1.1	200 OK	style.css d12svcgttuqh2w.cloudfront.net/	2 KB 1 KB	724ms 724ms	Stylesheet text/css	216.137.61.245 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://d12svcgttuqh2w.cloudfront.net/style.css Requested by Host: d12svcgttuqh2w.cloudfront.net URL: http://d12svcgttuqh2w.cloudfront.net/ Protocol HTTP/1.1 Server 216.137.61.245 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-216-137-61-245.fra2.r.cloudfront.net Software nginx/1.12.2 / Resource Hash af799a6513553c4aa0e6c1ba49c34043563b2fbe2ff87708584220908890b982 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host d12svcgttuqh2w.cloudfront.net User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept text/css,*/*;q=0.1 Referer http://d12svcgttuqh2w.cloudfront.net/ Connection keep-alive Cache-Control no-cache Referer http://d12svcgttuqh2w.cloudfront.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Mon, 30 Apr 2018 22:30:06 GMT Content-Encoding gzip Last-Modified Mon, 19 Feb 2018 15:37:27 GMT Server nginx/1.12.2 Transfer-Encoding chunked X-Cache Miss from cloudfront Content-Type text/css Via 1.1 10e95c517e657ad53448fce5195e9cba.cloudfront.net (CloudFront) Connection keep-alive X-Amz-Cf-Id bSLzC9BTMEIJf-j6i8iKdORsvclF08EVF4PfKxAJbbmkhA8UA7_COw==
GET H/1.1	200 OK	background-2.png d12svcgttuqh2w.cloudfront.net/	251 KB 251 KB	596ms 590ms	Image image/png	216.137.61.14 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://d12svcgttuqh2w.cloudfront.net/background-2.png Requested by Host: d12svcgttuqh2w.cloudfront.net URL: http://d12svcgttuqh2w.cloudfront.net/ Protocol HTTP/1.1 Server 216.137.61.14 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-216-137-61-14.fra2.r.cloudfront.net Software nginx/1.12.2 / Resource Hash 166dedb9f977c9f52f3e1b475e1c19ec9f0559a3c13de1b1da6d6aaf44bff2ea Request headers Pragma no-cache Accept-Encoding gzip, deflate Host d12svcgttuqh2w.cloudfront.net User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept image/webp,image/apng,image/*,*/*;q=0.8 Referer http://d12svcgttuqh2w.cloudfront.net/ Connection keep-alive Cache-Control no-cache Referer http://d12svcgttuqh2w.cloudfront.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Mon, 30 Apr 2018 22:30:06 GMT Via 1.1 bb93dfaee440e32ac88831363641e2c2.cloudfront.net (CloudFront) Last-Modified Mon, 19 Feb 2018 15:37:27 GMT Server nginx/1.12.2 X-Cache Miss from cloudfront Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 256524 X-Amz-Cf-Id hZ8Yjq2G_DbojT7StKLZ4PRpPzn0ih2yAsKPsMtoRq7TANcJF81_aQ==
GET H/1.1	200 OK	alert.jpg d12svcgttuqh2w.cloudfront.net/	37 KB 38 KB	707ms 707ms	Image image/jpeg	216.137.61.245 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://d12svcgttuqh2w.cloudfront.net/alert.jpg Requested by Host: d12svcgttuqh2w.cloudfront.net URL: http://d12svcgttuqh2w.cloudfront.net/ Protocol HTTP/1.1 Server 216.137.61.245 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-216-137-61-245.fra2.r.cloudfront.net Software nginx/1.12.2 / Resource Hash c73175a61d649c35682fbe86a7843ba99bad811cba32cb6e59d50cae3bdf34ca Request headers Pragma no-cache Accept-Encoding gzip, deflate Host d12svcgttuqh2w.cloudfront.net User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept image/webp,image/apng,image/*,*/*;q=0.8 Referer http://d12svcgttuqh2w.cloudfront.net/ Connection keep-alive Cache-Control no-cache Referer http://d12svcgttuqh2w.cloudfront.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Mon, 30 Apr 2018 22:30:07 GMT Via 1.1 10e95c517e657ad53448fce5195e9cba.cloudfront.net (CloudFront) Last-Modified Mon, 19 Feb 2018 15:37:27 GMT Server nginx/1.12.2 X-Cache Miss from cloudfront Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Content-Length 38167 X-Amz-Cf-Id qXvjxr7aocaIQcpgHcNbTFrhQv2KhyLgFMV3guwV87zs1CgiudgdrQ==
GET H/1.1	200 OK	microsoft.png d12svcgttuqh2w.cloudfront.net/	977 B 1 KB	381ms 375ms	Image image/png	216.137.61.244 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://d12svcgttuqh2w.cloudfront.net/microsoft.png Requested by Host: d12svcgttuqh2w.cloudfront.net URL: http://d12svcgttuqh2w.cloudfront.net/ Protocol HTTP/1.1 Server 216.137.61.244 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-216-137-61-244.fra2.r.cloudfront.net Software nginx/1.12.2 / Resource Hash 844a92ee435552f7f26b4ec467220c537841f8245a16bbb265975ce4b3081f36 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host d12svcgttuqh2w.cloudfront.net User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept image/webp,image/apng,image/*,*/*;q=0.8 Referer http://d12svcgttuqh2w.cloudfront.net/ Connection keep-alive Cache-Control no-cache Referer http://d12svcgttuqh2w.cloudfront.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Mon, 30 Apr 2018 22:30:07 GMT Via 1.1 87de52593927dfce090da0b24ddc3123.cloudfront.net (CloudFront) Last-Modified Mon, 19 Feb 2018 15:37:27 GMT Server nginx/1.12.2 X-Cache Miss from cloudfront Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 977 X-Amz-Cf-Id KcYSRtUJY9Kk3ILVchk12PSNR1FdlA_HRg2IkpNc2s2vjj_SR3CUGw==
GET S	200	css fonts.googleapis.com/	730 B 330 B	14ms 14ms	Stylesheet text/css	172.217.22.42 Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Open+Sans:400,600,700 Requested by Host: d12svcgttuqh2w.cloudfront.net URL: http://d12svcgttuqh2w.cloudfront.net/ Protocol SPDY Server 172.217.22.42 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s16-in-f10.1e100.net Software ESF / Resource Hash a6b774d1722b797b51d8acde49b44e031bcc5800ce07d431aa016dbdbb96b083 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer http://d12svcgttuqh2w.cloudfront.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers date Mon, 30 Apr 2018 22:30:06 GMT content-encoding gzip server ESF status 200 x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400 timing-allow-origin * alt-svc hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35" x-xss-protection 1; mode=block expires Mon, 30 Apr 2018 22:30:06 GMT
GET S	200	analytics.js Show response www.google-analytics.com/	34 KB 14 KB	28ms 6ms	Script text/javascript	172.217.22.78 Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: d12svcgttuqh2w.cloudfront.net URL: http://d12svcgttuqh2w.cloudfront.net/ Protocol SPDY Server 172.217.22.78 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s17-in-f78.1e100.net Software Golfe2 / Resource Hash 2218bbf47b340278b7b696dbe3af4eed89edffa709c19abd6747b18147c3a675 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer http://d12svcgttuqh2w.cloudfront.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Thu, 12 Apr 2018 18:13:11 GMT server Golfe2 age 5641 date Mon, 30 Apr 2018 20:56:06 GMT vary Accept-Encoding content-type text/javascript status 200 cache-control public, max-age=7200 timing-allow-origin * alt-svc hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 14353 expires Mon, 30 Apr 2018 22:56:06 GMT
GET S	200	mem5YaGs126MiZpBA-UNirkOUuhs.ttf fonts.gstatic.com/s/opensans/v15/	27 KB 18 KB	6ms 6ms	Font font/ttf	172.217.22.67 Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UNirkOUuhs.ttf Requested by Host: d12svcgttuqh2w.cloudfront.net URL: http://d12svcgttuqh2w.cloudfront.net/ Protocol SPDY Server 172.217.22.67 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s17-in-f67.1e100.net Software sffe / Resource Hash 74461248f0a3edd43acbe67fbd98bb8bc6f26bb6b2e8b948c4757724717bde5c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Referer https://fonts.googleapis.com/css?family=Open+Sans:400,600,700 Origin http://d12svcgttuqh2w.cloudfront.net Response headers date Thu, 08 Feb 2018 18:08:02 GMT content-encoding gzip x-content-type-options nosniff age 7014125 status 200 alt-svc hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 18442 x-xss-protection 1; mode=block last-modified Wed, 11 Oct 2017 21:49:53 GMT server sffe vary Accept-Encoding content-type font/ttf access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Fri, 08 Feb 2019 18:08:02 GMT
GET S	200	mem5YaGs126MiZpBA-UN7rgOUuhs.ttf fonts.gstatic.com/s/opensans/v15/	28 KB 18 KB	6ms 6ms	Font font/ttf	172.217.22.67 Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN7rgOUuhs.ttf Requested by Host: d12svcgttuqh2w.cloudfront.net URL: http://d12svcgttuqh2w.cloudfront.net/ Protocol SPDY Server 172.217.22.67 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s17-in-f67.1e100.net Software sffe / Resource Hash 0782a52179d0e25f19c39b43253795b25787d65abdbd8bfa38be0f21a4512748 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Referer https://fonts.googleapis.com/css?family=Open+Sans:400,600,700 Origin http://d12svcgttuqh2w.cloudfront.net Response headers date Thu, 08 Feb 2018 18:00:16 GMT content-encoding gzip x-content-type-options nosniff age 7014591 status 200 alt-svc hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 18670 x-xss-protection 1; mode=block last-modified Wed, 11 Oct 2017 21:49:43 GMT server sffe vary Accept-Encoding content-type font/ttf access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Fri, 08 Feb 2019 18:00:16 GMT
GET S	200	NaPecZTIAOhVxoMyOr9n_E7fdMPmCA.ttf fonts.gstatic.com/s/titilliumweb/v6/	29 KB 17 KB	6ms 6ms	Font font/ttf	172.217.22.67 Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/titilliumweb/v6/NaPecZTIAOhVxoMyOr9n_E7fdMPmCA.ttf Requested by Host: d12svcgttuqh2w.cloudfront.net URL: http://d12svcgttuqh2w.cloudfront.net/ Protocol SPDY Server 172.217.22.67 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s17-in-f67.1e100.net Software sffe / Resource Hash b9ebdf76330ecf5ad89b191de82e35ed78803e7a2fc424db5515902bda209ef3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Referer https://fonts.googleapis.com/css?family=Titillium+Web:400,700 Origin http://d12svcgttuqh2w.cloudfront.net Response headers date Thu, 08 Feb 2018 18:46:47 GMT content-encoding gzip x-content-type-options nosniff age 7011800 status 200 alt-svc hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 17682 x-xss-protection 1; mode=block last-modified Wed, 11 Oct 2017 18:27:35 GMT server sffe vary Accept-Encoding content-type font/ttf access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Fri, 08 Feb 2019 18:46:47 GMT
GET H/1.1	206 Partial Content	alertmicrosoft.mp3 d12svcgttuqh2w.cloudfront.net/	140 KB 141 KB	494ms 488ms	Media audio/mpeg	216.137.61.75 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://d12svcgttuqh2w.cloudfront.net/alertmicrosoft.mp3 Requested by Host: d12svcgttuqh2w.cloudfront.net URL: http://d12svcgttuqh2w.cloudfront.net/ Protocol HTTP/1.1 Server 216.137.61.75 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-216-137-61-75.fra2.r.cloudfront.net Software nginx/1.12.2 / Resource Hash 8dd75a13c2b410a988bccc7e5cbd38291e79d7f1f0c6f715109c8f66129edae4 Request headers Pragma no-cache Accept-Encoding identity;q=1, *;q=0 Host d12svcgttuqh2w.cloudfront.net User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 chrome-proxy frfr Accept */* Cache-Control no-cache Referer http://d12svcgttuqh2w.cloudfront.net/ Connection keep-alive Range bytes=0- Referer http://d12svcgttuqh2w.cloudfront.net/ Accept-Encoding identity;q=1, *;q=0 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Range bytes=0- chrome-proxy frfr Response headers Date Mon, 30 Apr 2018 22:30:07 GMT Via 1.1 7a5407bd3564d5f8494603c5f2d0661f.cloudfront.net (CloudFront) Last-Modified Mon, 19 Feb 2018 15:37:27 GMT Server nginx/1.12.2 X-Cache Miss from cloudfront Content-Type audio/mpeg Content-Range bytes 0-143452/143453 Connection keep-alive Accept-Ranges bytes Content-Length 143453 X-Amz-Cf-Id KBs0Bw_KL_4A3l9dzhVDIKVhJR7LC8k9i5WK8pG14iEKWKN3nRuQ9Q==
GET H/1.1	206 Partial Content	warning.mp3 d12svcgttuqh2w.cloudfront.net/	13 KB 14 KB	467ms 462ms	Media audio/mpeg	216.137.61.251 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://d12svcgttuqh2w.cloudfront.net/warning.mp3 Requested by Host: d12svcgttuqh2w.cloudfront.net URL: http://d12svcgttuqh2w.cloudfront.net/ Protocol HTTP/1.1 Server 216.137.61.251 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-216-137-61-251.fra2.r.cloudfront.net Software nginx/1.12.2 / Resource Hash f4d5cae00178437f63e868ded066dde7503207230142ab3c37ef8ca70a03574d Request headers Pragma no-cache Accept-Encoding identity;q=1, *;q=0 Host d12svcgttuqh2w.cloudfront.net User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 chrome-proxy frfr Accept */* Cache-Control no-cache Referer http://d12svcgttuqh2w.cloudfront.net/ Connection keep-alive Range bytes=0- Referer http://d12svcgttuqh2w.cloudfront.net/ Accept-Encoding identity;q=1, *;q=0 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Range bytes=0- chrome-proxy frfr Response headers Date Mon, 30 Apr 2018 22:30:07 GMT Via 1.1 bc4389d82338e569938d96a220607237.cloudfront.net (CloudFront) Last-Modified Mon, 19 Feb 2018 15:37:27 GMT Server nginx/1.12.2 X-Cache Miss from cloudfront Content-Type audio/mpeg Content-Range bytes 0-13668/13669 Connection keep-alive Accept-Ranges bytes Content-Length 13669 X-Amz-Cf-Id bXzy0nLMBiXq4FYp7nZgfdYK1YaoxSAVavW8V8bwmzRNq-dfIEjsYA==
GET S	200	collect www.google-analytics.com/r/	35 B 199 B	13ms 13ms	Image image/gif	172.217.22.78 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/r/collect?v=1&_v=j67&a=1870038287&t=pageview&_s=1&dl=http%3A%2F%2Fd12svcgttuqh2w.cloudfront.net%2F&ul=en-us&de=UTF-8&dt=Microsoft%20Official%20Support&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=1172102233&gjid=689511270&cid=2082455566.1525127407&tid=UA-69406307-2&_gid=1393766016.1525127407&_r=1&z=1483887425 Requested by Host: d12svcgttuqh2w.cloudfront.net URL: http://d12svcgttuqh2w.cloudfront.net/ Protocol SPDY Server 172.217.22.78 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s17-in-f78.1e100.net Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer http://d12svcgttuqh2w.cloudfront.net/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers pragma no-cache date Mon, 30 Apr 2018 22:30:07 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 status 200 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate alt-svc hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 35 expires Fri, 01 Jan 1990 00:00:00 GMT
GET S	200	NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzZg.ttf fonts.gstatic.com/s/titilliumweb/v6/	28 KB 16 KB	7ms 6ms	Font font/ttf	172.217.22.67 Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/titilliumweb/v6/NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzZg.ttf Protocol SPDY Server 172.217.22.67 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s17-in-f67.1e100.net Software sffe / Resource Hash b79ab56c96c2a5e39be7101bee0f18cc315dc9aeb831e8b1fa92f9e013aa2498 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Referer https://fonts.googleapis.com/css?family=Titillium+Web:400,700 Origin http://d12svcgttuqh2w.cloudfront.net Response headers date Thu, 08 Feb 2018 23:20:38 GMT content-encoding gzip x-content-type-options nosniff age 6995370 status 200 alt-svc hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 16756 x-xss-protection 1; mode=block last-modified Wed, 11 Oct 2017 18:26:19 GMT server sffe vary Accept-Encoding content-type font/ttf access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Fri, 08 Feb 2019 23:20:38 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Tech Support Scam (Consumer)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| phone_number function| evali string| GoogleAnalyticsObject function| ga function| eval1 object| gaplugins object| gaGlobal object| gaData

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.d12svcgttuqh2w.cloudfront.net/	1970-01-18 15:40:13	Name: _gid Value: GA1.3.1393766016.1525127407
			.d12svcgttuqh2w.cloudfront.net/	1970-01-18 15:38:47	Name: _gat Value: 1
			.d12svcgttuqh2w.cloudfront.net/	1970-01-19 09:09:59	Name: _ga Value: GA1.3.2082455566.1525127407

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	(Line 1) Message: City fails!!!

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d12svcgttuqh2w.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
geoapi123.appspot.com
www.google-analytics.com
172.217.22.42
172.217.22.67
172.217.22.78
172.217.22.84
216.137.61.14
216.137.61.244
216.137.61.245
216.137.61.251
216.137.61.75
0782a52179d0e25f19c39b43253795b25787d65abdbd8bfa38be0f21a4512748
103f94713fcf6d1356d310ef766552aba0d1f132e2c5e01c1e9ee97c764d67c8
166dedb9f977c9f52f3e1b475e1c19ec9f0559a3c13de1b1da6d6aaf44bff2ea
2218bbf47b340278b7b696dbe3af4eed89edffa709c19abd6747b18147c3a675
74461248f0a3edd43acbe67fbd98bb8bc6f26bb6b2e8b948c4757724717bde5c
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
844a92ee435552f7f26b4ec467220c537841f8245a16bbb265975ce4b3081f36
8dd75a13c2b410a988bccc7e5cbd38291e79d7f1f0c6f715109c8f66129edae4
a20d50770431c5eccdc34899369091250dc3f273b2798a5b1e4d853be606ed03
a6b774d1722b797b51d8acde49b44e031bcc5800ce07d431aa016dbdbb96b083
af799a6513553c4aa0e6c1ba49c34043563b2fbe2ff87708584220908890b982
b79ab56c96c2a5e39be7101bee0f18cc315dc9aeb831e8b1fa92f9e013aa2498
b9ebdf76330ecf5ad89b191de82e35ed78803e7a2fc424db5515902bda209ef3
c73175a61d649c35682fbe86a7843ba99bad811cba32cb6e59d50cae3bdf34ca
f4d5cae00178437f63e868ded066dde7503207230142ab3c37ef8ca70a03574d