s3.amazonaws.com
Open in
urlscan Pro
52.217.101.62
Malicious Activity!
Public Scan
Submission: On January 02 via manual from CA
Summary
TLS certificate: Issued by DigiCert Baltimore CA-2 G2 on August 4th 2020. Valid for: a year.
This is the only time s3.amazonaws.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Fake Flash UpdateDomain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 52.217.101.62 52.217.101.62 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:824::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2.16.177.57 2.16.177.57 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
13 | 3 |
ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com
s3.amazonaws.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-177-57.deploy.static.akamaitechnologies.com
www.opticalprogress.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
amazonaws.com
s3.amazonaws.com |
172 KB |
1 |
opticalprogress.com
www.opticalprogress.com |
203 B |
1 |
gstatic.com
fonts.gstatic.com |
9 KB |
13 | 3 |
Domain | Requested by | |
---|---|---|
11 | s3.amazonaws.com |
s3.amazonaws.com
|
1 | www.opticalprogress.com |
s3.amazonaws.com
|
1 | fonts.gstatic.com |
s3.amazonaws.com
|
13 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
s3.amazonaws.com DigiCert Baltimore CA-2 G2 |
2020-08-04 - 2021-08-09 |
a year | crt.sh |
*.gstatic.com GTS CA 1O1 |
2020-11-10 - 2021-02-02 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://s3.amazonaws.com/1675/6868/898EA83AEEC06B488/B6542FC675?subaff=13729932&subid_short=c6b1da58837d109954bd520c924226cc&g=adc5cb9d-dff5-4814-be83-66f869149d61&s=8231dab9-cea5-40e3-8eba-65d12f1ca53c&client=chrome&st=aHR0cDovL3d3dy5vcHRpY2FscHJvZ3Jlc3MuY29t&h=VhNLRBANGgEDAAUAAQgdAgZsAgoIABsLCwccBQkHAQADGRwJCAgHCBEfEF1dEwMDAg4OBQIEBRQGFRJRFQIRUlZXGFJbCVYaXFVVBxkZCQgEH1VdCwAfAhtXAQYLBgwKVwQFDx0bXEJTGgkRWkBZQUoKHRhLAB1TWUxLVl5TQEsdUF1ZDx0bQ1UVAl1GXlgBE0lTWxUCAQILAQETWlRCFQJHQUdRUA%253D%253D&e=1&u=aHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL2JkYzFhYjBhLTJkMmEtNDQzMC1hODEyL1hLc3ByL3drZk43Y3FCL2ExaS85MzkwOUFFNTdDOEMwRUM2M0Y3Q0M0MUZDMTRBQzY2Qg%3d%3d
Frame ID: D35139FC78721528DA0589FBC5B02EAC
Requests: 13 HTTP requests in this frame
Screenshot
Detected technologies
Amazon Web Services (PaaS) ExpandDetected patterns
- headers server /^AmazonS3$/i
Amazon S3 (Miscellaneous) Expand
Detected patterns
- headers server /^AmazonS3$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
B6542FC675
s3.amazonaws.com/1675/6868/898EA83AEEC06B488/ |
11 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
umM6Jd0nCUuh9Enqj.css
s3.amazonaws.com/1675/6868/898EA83AEEC06B488/79685C1E85B8674A86F56767CC/ |
363 B 718 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
76f0
s3.amazonaws.com/1675/6868/898EA83AEEC06B488/4A513742D74051/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
D5BEE107E15E1C4ABAB
s3.amazonaws.com/1675/6868/898EA83AEEC06B488/VD7sDO48REqFs/ |
12 KB 13 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
X6L9pqqBoUadML
s3.amazonaws.com/1675/6868/898EA83AEEC06B488/A4FE8/ |
11 KB 12 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
d89c9d00-3850-4d67-a187-1.gif
s3.amazonaws.com/1675/6868/898EA83AEEC06B488/2be4ea42-2d80-/ |
12 KB 12 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
3727.gif
s3.amazonaws.com/1675/6868/898EA83AEEC06B488/160446329/ |
12 KB 12 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
VU8P.gif
s3.amazonaws.com/1675/6868/898EA83AEEC06B488/5b3b38/ |
12 KB 12 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1166
s3.amazonaws.com/1675/6868/898EA83AEEC06B488/7648776/ |
963 B 1 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
8864
s3.amazonaws.com/1675/6868/898EA83AEEC06B488/C701293B/ |
91 KB 91 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
7SIBOGktYUertFUBGfICw
s3.amazonaws.com/1675/6868/898EA83AEEC06B488/1843/ |
3 KB 3 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cJZKeOuBrn4kERxqtaUH3ZBw1xU1rKptJj_0jans920.woff2
fonts.gstatic.com/s/opensans/v14/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
www.opticalprogress.com/stats/ |
0 203 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Fake Flash Update12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| botDetect function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.gstatic.com
s3.amazonaws.com
www.opticalprogress.com
2.16.177.57
2a00:1450:4001:824::2003
52.217.101.62
2432c8182bc66485145bf7c07050ef27aca54f00390d4b1653b745f53aa8b4a3
5d8afcfaa38ed4296cb7df6fbc5873991e57cfcc69d8906df6c46e6c0a96a822
5ead76018cc97aba2305698808cfb86b9cf494d61cad83ad4b6ba3f190f6c32d
838d364789d7aa8ca6ade0dbf146e7ce82c98afc7ce1eba8273f3f3a13f89b1b
8c25ade0a1d20dfb962dbc265e60d98d90544f13ce586820e3c3dc2baae64e81
944de5ab38ac3472bc6c319020bed4254022eae2de5a2e62ecbbcff6756b5c18
aed2d4348180f74b6f177c26ff8236bcc9bbdae74188915cc6041dd6be8cadc5
cd487810c6b351b9751c05e0f3a7034c865c2fdca59e059c0606a425f968f452
d2db97fb183308458169b308f781e301e2541bbe99cab9628f82ed888d1b9de1
da1d9e0ae80ec0b4bfe25a802d202e43ce40de47c4a8c2766bca26345b2bb547
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e74b1224985cc7de4918f5e8a2cd3af5d0ba87a939472dbebe3b582435bc78f0
f8c160703de84169dc013f17d77d5725b658e1b6a955ec826fbc0acc38787663