camping-death-66cbb05f.s3.us-east-2.amazonaws.com
Open in
urlscan Pro
52.219.88.200
Malicious Activity!
Public Scan
Effective URL: https://camping-death-66cbb05f.s3.us-east-2.amazonaws.com/access/login.html?wcos=tfzYWfu8Cm6LNqQ8V6oDr7gU3&forhl=HyhOkMLSWmf6Fy3JnMy3GJ4IW&ngbvkrgvq=W1lhC...
Submission: On March 29 via manual from US
Summary
TLS certificate: Issued by DigiCert Baltimore CA-2 G2 on January 14th 2021. Valid for: a year.
This is the only time camping-death-66cbb05f.s3.us-east-2.amazonaws.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Charles Schwab (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 52.219.88.200 52.219.88.200 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 2a00:1450:400... 2a00:1450:4001:829::200a | 15169 (GOOGLE) (GOOGLE) | |
8 | 2606:4700:303... 2606:4700:3037::6815:4dbc | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 23.79.147.199 23.79.147.199 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
22 | 5 |
ASN16509 (AMAZON-02, US)
PTR: s3-r-w.us-east-2.amazonaws.com
camping-death-66cbb05f.s3.us-east-2.amazonaws.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-79-147-199.deploy.static.akamaitechnologies.com
content.schwab.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
smtptemp.site
smtptemp.site |
223 KB |
4 |
amazonaws.com
camping-death-66cbb05f.s3.us-east-2.amazonaws.com |
158 KB |
2 |
schwab.com
content.schwab.com client.schwab.com Failed |
64 KB |
2 |
googleapis.com
ajax.googleapis.com |
60 KB |
22 | 4 |
Domain | Requested by | |
---|---|---|
8 | smtptemp.site |
camping-death-66cbb05f.s3.us-east-2.amazonaws.com
smtptemp.site |
4 | camping-death-66cbb05f.s3.us-east-2.amazonaws.com |
camping-death-66cbb05f.s3.us-east-2.amazonaws.com
|
2 | content.schwab.com |
smtptemp.site
|
2 | ajax.googleapis.com |
camping-death-66cbb05f.s3.us-east-2.amazonaws.com
|
0 | client.schwab.com Failed |
smtptemp.site
|
22 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.schwab.com |
client.schwab.com |
lms-mgmt.schwab.com |
lms.schwab.com |
brokercheck.finra.org |
www.sipc.org |
www.schwab-global.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.s3.us-east-2.amazonaws.com DigiCert Baltimore CA-2 G2 |
2021-01-14 - 2022-01-18 |
a year | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-03-11 - 2021-06-03 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-03-05 - 2022-03-04 |
a year | crt.sh |
content.schwab.com DigiCert SHA2 Extended Validation Server CA |
2020-07-07 - 2021-07-19 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://camping-death-66cbb05f.s3.us-east-2.amazonaws.com/access/login.html?wcos=tfzYWfu8Cm6LNqQ8V6oDr7gU3&forhl=HyhOkMLSWmf6Fy3JnMy3GJ4IW&ngbvkrgvq=W1lhCmEnTmuc7U9PTsWDWqPM3aX9f&nnkvwissd=uXeCajsS1MQ8TcmYLZkfY
Frame ID: AA49587322AC4C5EC1A70551099E8AE5
Requests: 23 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://camping-death-66cbb05f.s3.us-east-2.amazonaws.com/access/index.html Page URL
- https://camping-death-66cbb05f.s3.us-east-2.amazonaws.com/access/login.html?wcos=tfzYWfu8Cm6LNqQ8V6oDr7gU3&forhl=HyhOkMLSWmf6Fy3JnMy3G... Page URL
Detected technologies
Amazon Web Services (PaaS) ExpandDetected patterns
- headers server /^AmazonS3$/i
Amazon S3 (Miscellaneous) Expand
Detected patterns
- headers server /^AmazonS3$/i
Page Statistics
14 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: SchwabSafe®
Search URL Search Domain Scan URL
Title: The Schwab Security Guarantee
Search URL Search Domain Scan URL
Title: Schwab Homepage
Search URL Search Domain Scan URL
Title: Forgot login ID or password?
Search URL Search Domain Scan URL
Title: New user?
Search URL Search Domain Scan URL
Title: Log in to mobile
Search URL Search Domain Scan URL
Title: Web Browser Information
Search URL Search Domain Scan URL
Title: FINRA's BrokerCheck
Search URL Search Domain Scan URL
Title: member SIPC
Search URL Search Domain Scan URL
Title: non-U.S. residents
Search URL Search Domain Scan URL
Title: Learn more >
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://camping-death-66cbb05f.s3.us-east-2.amazonaws.com/access/index.html Page URL
- https://camping-death-66cbb05f.s3.us-east-2.amazonaws.com/access/login.html?wcos=tfzYWfu8Cm6LNqQ8V6oDr7gU3&forhl=HyhOkMLSWmf6Fy3JnMy3GJ4IW&ngbvkrgvq=W1lhCmEnTmuc7U9PTsWDWqPM3aX9f&nnkvwissd=uXeCajsS1MQ8TcmYLZkfY Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
index.html
camping-death-66cbb05f.s3.us-east-2.amazonaws.com/access/ |
75 KB 75 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login.html
camping-death-66cbb05f.s3.us-east-2.amazonaws.com/access/ |
83 KB 83 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
layoutf86f.css
smtptemp.site/email-list/schwab/css/ |
121 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
contentf86f.css
smtptemp.site/email-list/schwab/css/ |
41 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
masterf86f.css
smtptemp.site/email-list/schwab/css/ |
120 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ps.css
smtptemp.site/email-list/schwab/css/ |
85 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
file68b6.css
smtptemp.site/email-list/schwab/css/ |
26 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
smtptemp.site/email-list/schwab/css/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-component-responsive-secondary
camping-death-66cbb05f.s3.us-east-2.amazonaws.com/bundles/styles/lib/ |
0 0 |
Stylesheet
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SMART_BANNER_ICON_BACKGROUND_COLOR_Copy.png
smtptemp.site/email-list/schwab/images/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loginlogoutpsd7308.png
smtptemp.site/email-list/schwab/images/ |
134 KB 135 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Schwab-Icon-Font.ttf
camping-death-66cbb05f.s3.us-east-2.amazonaws.com/fonts/ |
0 0 |
Font
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
schwabsafe_logo.svg
content.schwab.com/web/login/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
background_image_exblur_dev2b.jpg
content.schwab.com/web/login/ |
61 KB 61 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
CharlesModern-Light.woff
client.schwab.com/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
CharlesModern-Regular.woff
client.schwab.com/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Schwab-Icon-Font.woff
smtptemp.site/email-list/schwab/css/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
CharlesModern-Light.ttf
client.schwab.com/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
CharlesModern-Regular.ttf
client.schwab.com/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Schwab-Icon-Font.ttf
smtptemp.site/email-list/schwab/css/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- client.schwab.com
- URL
- https://client.schwab.com/fonts/CharlesModern-Light.woff?v=1.0.0
- Domain
- client.schwab.com
- URL
- https://client.schwab.com/fonts/CharlesModern-Regular.woff?v=1.0.0
- Domain
- smtptemp.site
- URL
- https://smtptemp.site/email-list/schwab/css/fonts/Schwab-Icon-Font.woff?51abjd
- Domain
- client.schwab.com
- URL
- https://client.schwab.com/fonts/CharlesModern-Light.ttf?v=1.0.0
- Domain
- client.schwab.com
- URL
- https://client.schwab.com/fonts/CharlesModern-Regular.ttf?v=1.0.0
- Domain
- smtptemp.site
- URL
- https://smtptemp.site/email-list/schwab/css/fonts/Schwab-Icon-Font.ttf?51abjd
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Charles Schwab (Financial)23 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| _0x1712 function| _0x2dda object| Zlib function| $ function| jQuery function| mg function| getBaseHref function| randomInteger function| randomString function| getdomainpartofemail function| get_email_hash function| validateEmail function| geturlparameter function| get_rand_url_pars0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
camping-death-66cbb05f.s3.us-east-2.amazonaws.com
client.schwab.com
content.schwab.com
smtptemp.site
client.schwab.com
smtptemp.site
23.79.147.199
2606:4700:3037::6815:4dbc
2a00:1450:4001:829::200a
52.219.88.200
0c1f7d2d3fa4ed7ec3cf2519cd017ddb5bc8de757e00ed8f84cd8991059a0631
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
2ccc4d3be744a29473fefe2f313fdae488f460b85a47e8427f748358a54ba048
3519e15519d8d5907d23f987d4ee35366f6c50b201200d1db91f5db5902f1a80
4128f7e0469a7c17a238524efe6ef384aa36f303f662cd38ab6484806e738840
4b087b662039a00620a148b844f2f8f580d39c0b05537cfce33060383da09ce7
4f380d4dbff23ca3aa1acba5c7683e1541e9e7b7ba7028f45693d5f000e02738
689137464c584b5cc1afb209ecf7e0ef9b0ac8648b0d0945561edaf46f650c40
9735741384abae44bb29f9da6df9a3a285e68928c44e055dd431fef269c1cbb1
c43819a6148d57b994b8840eeb6ece04e8bfb19898771febb644a31e237b4074
d11d92322c0adc2bd5ba1acc1c26b4158fe89c90fa6544f8d998a569941d2f14
d58baaec57a03c2d4bc11ccaff0464974d9f6a988c55233ca1966289f28ae038
e87107962df2fa9db2bfb003dcb609f364cc8964242f1a7f8af98239e44ca472
f6253665cb203eb7b241ad30a4146d4692b3157649e634eba22c1daaedd57c25