394878548754877834874587-secondary.z19.web.core.windows.net
Open in
urlscan Pro
52.239.156.97
Malicious Activity!
Public Scan
Effective URL: https://394878548754877834874587-secondary.z19.web.core.windows.net/
Submission: On December 16 via automatic, source phishtank
Summary
TLS certificate: Issued by Microsoft RSA TLS CA 01 on November 9th 2020. Valid for: a year.
This is the only time 394878548754877834874587-secondary.z19.web.core.windows.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: AWS (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 52.239.156.97 52.239.156.97 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
3 | 52.217.97.228 52.217.97.228 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 52.46.159.144 52.46.159.144 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 13.226.157.122 13.226.157.122 | 16509 (AMAZON-02) (AMAZON-02) | |
7 | 5 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
394878548754877834874587-secondary.z19.web.core.windows.net |
ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
aws-signin-website-assets.s3.amazonaws.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-226-157-122.dus51.r.cloudfront.net
d1.awsstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
amazonaws.com
aws-signin-website-assets.s3.amazonaws.com |
406 KB |
2 |
amazon.com
signin.aws.amazon.com |
30 KB |
1 |
awsstatic.com
d1.awsstatic.com |
61 KB |
1 |
windows.net
394878548754877834874587-secondary.z19.web.core.windows.net |
142 KB |
7 | 4 |
Domain | Requested by | |
---|---|---|
3 | aws-signin-website-assets.s3.amazonaws.com |
394878548754877834874587-secondary.z19.web.core.windows.net
|
2 | signin.aws.amazon.com |
394878548754877834874587-secondary.z19.web.core.windows.net
|
1 | d1.awsstatic.com |
394878548754877834874587-secondary.z19.web.core.windows.net
|
1 | 394878548754877834874587-secondary.z19.web.core.windows.net | |
7 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.web.core.windows.net Microsoft RSA TLS CA 01 |
2020-11-09 - 2021-11-09 |
a year | crt.sh |
*.s3.amazonaws.com DigiCert Baltimore CA-2 G2 |
2019-11-09 - 2021-03-12 |
a year | crt.sh |
us-east-1.signin.aws Amazon |
2020-08-18 - 2021-08-10 |
a year | crt.sh |
d1.awsstatic.com Amazon |
2020-08-02 - 2021-09-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://394878548754877834874587-secondary.z19.web.core.windows.net/
Frame ID: 316E358A8AF26738AF3610A32E234925
Requests: 12 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
394878548754877834874587-secondary.z19.web.core.windows.net/ |
141 KB 142 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
components.css
aws-signin-website-assets.s3.amazonaws.com/css/ |
383 KB 383 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
grid.css
aws-signin-website-assets.s3.amazonaws.com/css/ |
18 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utilities.css
aws-signin-website-assets.s3.amazonaws.com/css/ |
3 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aws-signin.css
signin.aws.amazon.com/static/css/ |
25 KB 27 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
u2f-mfa.css
signin.aws.amazon.com/static/css/ |
1 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics%20signin.16b1f43c3d7b4970a4f6b8205df727fe646cd501.png
d1.awsstatic.com/Digital%20Marketing/sitemerch/sign-in/en/ |
60 KB 61 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
511 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
226 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
389 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
622 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: AWS (Online)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated number| currentYear function| handleLanguageOptions function| changeLanguage string| hash0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
394878548754877834874587-secondary.z19.web.core.windows.net
aws-signin-website-assets.s3.amazonaws.com
d1.awsstatic.com
signin.aws.amazon.com
13.226.157.122
52.217.97.228
52.239.156.97
52.46.159.144
095a716973efa65689c85d85b231e0acbba9789870424b963d514a7cfdb563bc
0b1e68b1025d14dce1b3c8cf22e6d3e73ce099bc1ec98e3c11857db320f166fb
15ad7487d0aa0f1bd6531ecb0f95310350d79b3c095a951ad96e327a880cbd4b
295437df86381a56ae94b2a5491f916167b1f85db261f4ac2f53111973c09f15
4af0107a578dd0cb3372ab4aa657d37b9fb4eebdeb18899b07db3b451e4aa916
7a737084bd5a4661430f762340fe06a8ccd231b2e300afcfc88601cf6ac0f4e2
81517fb3d42a3fc5cf136de03a24877fad0ccc66ea5b67008ed8105b4f1c3ae4
8d82b1e7faa7f2cdecd63fbe12c5a878d88a70bf383a552c1e66f03d2b795f38
a53ae559feabec44a9d5a9f722f34d9fb0f70d010d9fc0b36ba3bc5caadf37bc
cd1aff9ed552c5215dbc722ca84a468504d2fbe0da8d159bf942b83aca4ae177
d13820cdf75388b299511df5691dd2d6cb2be9c6b879e30f0af767201e6d124e
e89be6bba4cc671c3fe91a5b721d263f88c1e3d1e1bbcccbb035fd7b524f6aa7