perpendicular-sleigher.s3.us-east-2.amazonaws.com Open in urlscan Pro
52.219.105.194 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://is.gd/Kyl9yN
Effective URL:
https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/guarabu/index.html
Submission: On April 13 via manual (April 13th 2021, 4:22:35 pm UTC) from US

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 11 HTTP transactions. The main IP is 52.219.105.194, located in Columbus, United States and belongs to AMAZON-02, US. The main domain is perpendicular-sleigher.s3.us-east-2.amazonaws.com.
TLS certificate: Issued by DigiCert Baltimore CA-2 G2 on January 14th 2021. Valid for: a year.

This is the only time perpendicular-sleigher.s3.us-east-2.amazonaws.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: OneDrive (Online)

Domain & IP information

	IP Address	AS Autonomous System
2 2	2606:4700:20:... 2606:4700:20::6819:ea35	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.219.105.194 52.219.105.194	16509 (AMAZON-02) (AMAZON-02)
10	2606:4700:303... 2606:4700:3037::ac43:d32a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2

2 2606:4700:20::6819:ea35 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

is.gd	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.219.105.194 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-r-w.us-east-2.amazonaws.com

perpendicular-sleigher.s3.us-east-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700:3037::ac43:d32a (United States)

ASN13335 (CLOUDFLARENET, US)

smtptemp.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	smtptemp.site smtptemp.site	189 KB
2	is.gd 2 redirects is.gd	1 KB
1	amazonaws.com perpendicular-sleigher.s3.us-east-2.amazonaws.com	77 KB
11	3

	Domain	Requested by
10	smtptemp.site	perpendicular-sleigher.s3.us-east-2.amazonaws.com
2	is.gd	2 redirects
1	perpendicular-sleigher.s3.us-east-2.amazonaws.com
11	3

This site contains no links.

Subject Issuer	Validity	Valid
*.s3.us-east-2.amazonaws.com DigiCert Baltimore CA-2 G2	`2021-01-14` - `2022-01-18`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-05` - `2022-03-04`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/guarabu/index.html
Frame ID: E70B8F320CB30950535233A075AFA03F
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://is.gd/Kyl9yN HTTP 301
https://is.gd/Kyl9yN HTTP 301
https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/guarabu/index.html Page URL

Detected technologies

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers server /^AmazonS3$/i

Amazon S3 (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

headers server /^AmazonS3$/i

Page Statistics

11
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

265 kB
Transfer

397 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://is.gd/Kyl9yN HTTP 301
https://is.gd/Kyl9yN HTTP 301
https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/guarabu/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.html Show response perpendicular-sleigher.s3.us-east-2.amazonaws.com/guarabu/ Redirect Chain http://is.gd/Kyl9yN https://is.gd/Kyl9yN https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/guarabu/index.html	76 KB 77 KB	507ms 146ms	Document text/html	52.219.105.194 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/guarabu/index.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.219.105.194 Columbus, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-r-w.us-east-2.amazonaws.com Software AmazonS3 / Resource Hash `86ca5fdb1ed73c8d3cd91b7a8bcf45f630574a3d59464a5d826bf07e8def99fd` Request headers Host perpendicular-sleigher.s3.us-east-2.amazonaws.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-amz-id-2 RdAWzsGM7SI+c25qIEoc6qLH9dGmQ4aPdc6JncwakhCkfNm1aDCSFGR7mV3Fq6Hqu3XpEmyeKas= x-amz-request-id CXH9TGVTKDMXNG29 Date Tue, 13 Apr 2021 16:22:19 GMT Last-Modified Tue, 13 Apr 2021 15:36:48 GMT ETag "3bfd0617dc2d8ae02a7330196ea0618b" x-amz-storage-class REDUCED_REDUNDANCY Accept-Ranges bytes Content-Type text/html Content-Length 77946 Server AmazonS3 Redirect headers date Tue, 13 Apr 2021 16:22:17 GMT content-type text/html; charset=UTF-8 set-cookie __cfduid=d8172bacc4b86e868bdfeaa3197d3bc6d1618330937; expires=Thu, 13-May-21 16:22:17 GMT; path=/; domain=.is.gd; HttpOnly; SameSite=Lax; Secure location https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/guarabu/index.html cf-cache-status DYNAMIC cf-request-id 096da380650000dfcf2719f000000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=n%2FqN2fyt5rrqghp4SXyjM1IlxA2YDh7oT1T%2B5hxudYCnDxnciGPF5DpewZrKrq1srEv6t7Ccy59ByVzA8QH4GbNc1zGGHCk1vcsDKv8JgtUl7A%3D%3D"}],"max_age":604800} nel {"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 63f608470ad6dfcf-FRA
GET H2	200	bootstrap.min.css smtptemp.site/email-list/onedrivedbhcsyd32/img-css/	157 KB 21 KB	197ms 165ms	Stylesheet text/css	2606:4700:3037::ac43:d32a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://smtptemp.site/email-list/onedrivedbhcsyd32/img-css/bootstrap.min.css Requested by Host: perpendicular-sleigher.s3.us-east-2.amazonaws.com URL: https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/guarabu/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:d32a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c` Request headers Referer https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 16:22:18 GMT content-encoding br cf-cache-status MISS nel {"max_age":604800,"report_to":"cf-nel"} alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 096da3841500004a8b51208000000001 last-modified Thu, 18 Mar 2021 15:48:48 GMT server cloudflare etag W/"60537660-27293" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=7JwhiVlMACacBjPbbsKDqWYNbVFF%2BhaIaIe7HkS3xxcOf3FSr%2FaEwrluNgKluGDdm8sAOo0HKskYX4HNTrYP3DXxsZ2TrG17H4sxkKmc2MAZsu18jqZBoZNx"}],"max_age":604800,"group":"cf-nel"} content-type text/css cache-control max-age=315360000 cf-ray 63f6084ce9734a8b-FRA expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	3.png smtptemp.site/email-list/onedrivedbhcsyd32/img-css/	8 KB 9 KB	153ms 121ms	Image image/png	2606:4700:3037::ac43:d32a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://smtptemp.site/email-list/onedrivedbhcsyd32/img-css/3.png Requested by Host: perpendicular-sleigher.s3.us-east-2.amazonaws.com URL: https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/guarabu/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:d32a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `cbba2402feb0b7a6cacf40ccfeb5b2d5ea9e12c4fd7784585914a5d5febec453` Request headers Referer https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 16:22:18 GMT cf-cache-status MISS nel {"max_age":604800,"report_to":"cf-nel"} alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 8171 cf-request-id 096da3841a00004a8bce014000000001 last-modified Thu, 18 Mar 2021 15:48:47 GMT server cloudflare etag "6053765f-1feb" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=kAS8c2gUcrK3kMA1Dl9dkttPUjDZEgWXgEJA5jPV7pyVEhbulMUim%2FAYrzHkiG%2BwhmwVe%2BTjkbXnRrOCPpcIWw1I3M596SHQl8nstM2gcN5Uhb9RAtFmW5Dm"}],"max_age":604800,"group":"cf-nel"} content-type image/png cache-control max-age=315360000 accept-ranges bytes cf-ray 63f6084ce97b4a8b-FRA expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	5.png smtptemp.site/email-list/onedrivedbhcsyd32/img-css/	12 KB 13 KB	147ms 116ms	Image image/png	2606:4700:3037::ac43:d32a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://smtptemp.site/email-list/onedrivedbhcsyd32/img-css/5.png Requested by Host: perpendicular-sleigher.s3.us-east-2.amazonaws.com URL: https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/guarabu/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:d32a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `fd2568a85b9b6337ce89cc0fe85a80704180ce9be1027fa96d11f3eb90b94401` Request headers Referer https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 16:22:18 GMT cf-cache-status MISS nel {"max_age":604800,"report_to":"cf-nel"} alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 12554 cf-request-id 096da3841600004a8bafb0a000000001 last-modified Thu, 18 Mar 2021 15:48:43 GMT server cloudflare etag "6053765b-310a" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=CANcv6z6X9ejhPQMMu5U8gZifKxu2BPh0z%2FoWjuhJbumxOc3EiB%2BPXo%2F%2FiRySDaKy6rRtffjbYt1PY%2BSoFEH7jYK6k6IpCalcr8Fe3Ps0Llkcr9LW8L6Qtmx"}],"max_age":604800,"group":"cf-nel"} content-type image/png cache-control max-age=315360000 accept-ranges bytes cf-ray 63f6084ce9774a8b-FRA expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	6.png smtptemp.site/email-list/onedrivedbhcsyd32/img-css/	9 KB 10 KB	153ms 122ms	Image image/png	2606:4700:3037::ac43:d32a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://smtptemp.site/email-list/onedrivedbhcsyd32/img-css/6.png Requested by Host: perpendicular-sleigher.s3.us-east-2.amazonaws.com URL: https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/guarabu/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:d32a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `172f4e7bb8722658406f6e13a53f5a7a3a9083e128d12e8047fc55f8d0f8fa37` Request headers Referer https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 16:22:18 GMT cf-cache-status MISS nel {"max_age":604800,"report_to":"cf-nel"} alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 9727 cf-request-id 096da3841700004a8bce013000000001 last-modified Thu, 18 Mar 2021 15:48:50 GMT server cloudflare etag "60537662-25ff" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=a4gn1uzU3ieG7M0LfFJAxu%2Fx2h0kMhRib0N%2F7Qz0NbgjZBl4OxRPA7FdZEvMXSaND9WQomlOkClOCvP3kmKD%2FykKghTGICMmyhIXjpH5OBt4ru92KaH%2BJ9rw"}],"max_age":604800,"group":"cf-nel"} content-type image/png cache-control max-age=315360000 accept-ranges bytes cf-ray 63f6084ce97a4a8b-FRA expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	7.png smtptemp.site/email-list/onedrivedbhcsyd32/img-css/	12 KB 13 KB	142ms 111ms	Image image/png	2606:4700:3037::ac43:d32a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://smtptemp.site/email-list/onedrivedbhcsyd32/img-css/7.png Requested by Host: perpendicular-sleigher.s3.us-east-2.amazonaws.com URL: https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/guarabu/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:d32a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9d2c57835ca05ea901cdc07680921aef273c35bb043941db3b468a2adb7f3f82` Request headers Referer https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 16:22:18 GMT cf-cache-status MISS nel {"max_age":604800,"report_to":"cf-nel"} alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 12065 cf-request-id 096da3841700004a8b5eba9000000001 last-modified Thu, 18 Mar 2021 15:48:50 GMT server cloudflare etag "60537662-2f21" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=UScGmkdNvo2OIyJPGTSfBBGtrSUauWW9QC5gvJaYDGiZo4v9n7TTf4zHCIdEFbsSBw4einQPfQVOKHkwf625gT7c0fLJhRpcXLpfqTc38Hy4wYvOSseMqryl"}],"max_age":604800,"group":"cf-nel"} content-type image/png cache-control max-age=315360000 accept-ranges bytes cf-ray 63f6084ce97e4a8b-FRA expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	8.png smtptemp.site/email-list/onedrivedbhcsyd32/img-css/	9 KB 9 KB	149ms 118ms	Image image/png	2606:4700:3037::ac43:d32a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://smtptemp.site/email-list/onedrivedbhcsyd32/img-css/8.png Requested by Host: perpendicular-sleigher.s3.us-east-2.amazonaws.com URL: https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/guarabu/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:d32a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d8f5475680fc496ea93eacfd03a943b973b26ed321bce038b02f64ee3bf4916f` Request headers Referer https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 16:22:18 GMT cf-cache-status MISS nel {"max_age":604800,"report_to":"cf-nel"} alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 8804 cf-request-id 096da3841700004a8b9d10a000000001 last-modified Thu, 18 Mar 2021 15:48:49 GMT server cloudflare etag "60537661-2264" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=AWoluXE%2FjPzHhazdsxH5DwLBjR5TCOTpnm3788M63Eobw1Efegk13w2BgJrtuSa29YKPFtrk3D%2FqVrMkMIN%2BQGHGdE%2BfAPHOpg4m1F4lB0BVtAXpFzyG2P5W"}],"max_age":604800,"group":"cf-nel"} content-type image/png cache-control max-age=315360000 accept-ranges bytes cf-ray 63f6084ce97c4a8b-FRA expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	9.png smtptemp.site/email-list/onedrivedbhcsyd32/img-css/	9 KB 10 KB	130ms 117ms	Image image/png	2606:4700:3037::ac43:d32a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://smtptemp.site/email-list/onedrivedbhcsyd32/img-css/9.png Requested by Host: perpendicular-sleigher.s3.us-east-2.amazonaws.com URL: https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/guarabu/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:d32a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `273f5fe56e9a657897a81292f054876d116e9cc40589908854cb8f538dacffaa` Request headers Referer https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 16:22:18 GMT cf-cache-status MISS nel {"max_age":604800,"report_to":"cf-nel"} alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 9546 cf-request-id 096da3841800004a8b9a241000000001 last-modified Thu, 18 Mar 2021 15:48:48 GMT server cloudflare etag "60537660-254a" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=RyfIeyHQMXswBcqpy3ponbZBYshn61AoLhHQtd1hHRI%2BHiuRh2ZjJvnppb%2FwZKM8Swh900xs%2F8MWgN7%2Fcuat0znub20tklDXNy%2FpXm%2FWyJrsmD3QxD6VmfZS"}],"max_age":604800,"group":"cf-nel"} content-type image/png cache-control max-age=315360000 accept-ranges bytes cf-ray 63f6084ce97f4a8b-FRA expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	10.png smtptemp.site/email-list/onedrivedbhcsyd32/img-css/	9 KB 9 KB	130ms 117ms	Image image/png	2606:4700:3037::ac43:d32a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://smtptemp.site/email-list/onedrivedbhcsyd32/img-css/10.png Requested by Host: perpendicular-sleigher.s3.us-east-2.amazonaws.com URL: https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/guarabu/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:d32a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2477b4b08ccdc262123a0e0029b7d45fc557ea9d553718aa480ace142c58cccf` Request headers Referer https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 16:22:18 GMT cf-cache-status MISS nel {"max_age":604800,"report_to":"cf-nel"} alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 9226 cf-request-id 096da3841600004a8ba6161000000001 last-modified Thu, 18 Mar 2021 15:48:49 GMT server cloudflare etag "60537661-240a" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tsuRU9xQzKYeXFMcAuerVehMVoTyX5HyBpyPo%2Bt7AcWYydaYjKmpeO7lisEaRz%2BrCDzgAnqf3EaOrrYNh5g%2FtUs%2BBjFysO9U2Yw3UlXa7RtkIlrCpP3IXHYX"}],"max_age":604800,"group":"cf-nel"} content-type image/png cache-control max-age=315360000 accept-ranges bytes cf-ray 63f6084ce9764a8b-FRA expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	11.png smtptemp.site/email-list/onedrivedbhcsyd32/img-css/	12 KB 12 KB	128ms 115ms	Image image/png	2606:4700:3037::ac43:d32a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://smtptemp.site/email-list/onedrivedbhcsyd32/img-css/11.png Requested by Host: perpendicular-sleigher.s3.us-east-2.amazonaws.com URL: https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/guarabu/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:d32a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `cd9a5febfc8486b2ea7f266070cb03523ad5f7cdc5af22ac2db8ae3552a2578d` Request headers Referer https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 16:22:18 GMT cf-cache-status MISS nel {"max_age":604800,"report_to":"cf-nel"} alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 12280 cf-request-id 096da3841a00004a8b80339000000001 last-modified Thu, 18 Mar 2021 15:48:48 GMT server cloudflare etag "60537660-2ff8" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Flg8BuFvabBD604leTAub6LTgKKEVI1FsFhl0xJkZurdFd0U3S9m2HWZY4J3VOGELDTWcs8rIZVgOSgCuM220jOLe%2BQoRE9KzkUU5O3gfZvWZqVuQozyJYkB"}],"max_age":604800,"group":"cf-nel"} content-type image/png cache-control max-age=315360000 accept-ranges bytes cf-ray 63f6084ce9784a8b-FRA expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	12.png smtptemp.site/email-list/onedrivedbhcsyd32/img-css/	83 KB 84 KB	241ms 228ms	Image image/png	2606:4700:3037::ac43:d32a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://smtptemp.site/email-list/onedrivedbhcsyd32/img-css/12.png Requested by Host: perpendicular-sleigher.s3.us-east-2.amazonaws.com URL: https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/guarabu/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:d32a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f980da766be71a530a32fb7fc66fd4d2e30cd33630d9c24b9720f72c94e9ae9d` Request headers Referer https://perpendicular-sleigher.s3.us-east-2.amazonaws.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 13 Apr 2021 16:22:18 GMT cf-cache-status MISS nel {"max_age":604800,"report_to":"cf-nel"} alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 85435 cf-request-id 096da3841600004a8b8b0e2000000001 last-modified Thu, 18 Mar 2021 15:48:47 GMT server cloudflare etag "6053765f-14dbb" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VVMqLif6KBrlFY%2F5AHQGgb3HSKzu%2FGsDu4kbEbl%2BS9LzxbSdThoVLTq6Wdgh8AM3qPc3bHJYWVtGiN3oZfqo58SMOkOBAAPdrRXFoeiDop0vBdBSEAl7WCu4"}],"max_age":604800,"group":"cf-nel"} content-type image/png cache-control max-age=315360000 accept-ranges bytes cf-ray 63f6084ce9744a8b-FRA expires Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: OneDrive (Online)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

is.gd
perpendicular-sleigher.s3.us-east-2.amazonaws.com
smtptemp.site
2606:4700:20::6819:ea35
2606:4700:3037::ac43:d32a
52.219.105.194
172f4e7bb8722658406f6e13a53f5a7a3a9083e128d12e8047fc55f8d0f8fa37
2477b4b08ccdc262123a0e0029b7d45fc557ea9d553718aa480ace142c58cccf
273f5fe56e9a657897a81292f054876d116e9cc40589908854cb8f538dacffaa
680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c
86ca5fdb1ed73c8d3cd91b7a8bcf45f630574a3d59464a5d826bf07e8def99fd
9d2c57835ca05ea901cdc07680921aef273c35bb043941db3b468a2adb7f3f82
cbba2402feb0b7a6cacf40ccfeb5b2d5ea9e12c4fd7784585914a5d5febec453
cd9a5febfc8486b2ea7f266070cb03523ad5f7cdc5af22ac2db8ae3552a2578d
d8f5475680fc496ea93eacfd03a943b973b26ed321bce038b02f64ee3bf4916f
f980da766be71a530a32fb7fc66fd4d2e30cd33630d9c24b9720f72c94e9ae9d
fd2568a85b9b6337ce89cc0fe85a80704180ce9be1027fa96d11f3eb90b94401

perpendicular-sleigher.s3.us-east-2.amazonaws.com Open in urlscan Pro 52.219.105.194 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

2 IPs

1 Countries

265 kBTransfer

397 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

0 Cookies

Indicators

perpendicular-sleigher.s3.us-east-2.amazonaws.com Open in urlscan Pro
52.219.105.194 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

265 kB
Transfer

397 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!