s3.amazonaws.com Open in urlscan Pro
52.216.18.251  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.htm Show response s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/	69 KB 69 KB	225ms 133ms	Document text/html	52.216.18.251 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm Protocol HTTP/1.1 Server 52.216.18.251 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software AmazonS3 / Resource Hash 978a134736a8c60a8634fe7176fab9d23f00a8af6d0a47c9c346f5fa0b8d25a8 Request headers Host s3.amazonaws.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 1E92D2E5867F6C95E003BC09D6771491 Response headers x-amz-id-2 2yGeIMSIp4XGs1KBu1NuleMfCJNqS5T8EbTE8eE3kGdHWzHDf8MX9PpkC9FT8XLTVwDeQdoEOgo= x-amz-request-id DFD3C3F229CCF195 Date Thu, 02 Aug 2018 10:32:17 GMT Last-Modified Wed, 01 Aug 2018 17:15:05 GMT ETag "27240a879400184e014c3bb05df54c7c" Accept-Ranges bytes Content-Type text/html Content-Length 70438 Server AmazonS3
GET S	200	css fonts.googleapis.com/	2 KB 557 B	16ms 14ms	Stylesheet text/css	2a00:1450:4001:81d::200a Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Titillium+Web:400,700 Requested by Host: s3.amazonaws.com URL: http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm Protocol SPDY Server 2a00:1450:4001:81d::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software ESF / Resource Hash 3d49296055d42972e1275138fd3f5023fa2cf390a0e6617cf05e97a51d1eda39 Security Headers Name Value Strict-Transport-Security max-age=3600 X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers strict-transport-security max-age=3600 content-encoding gzip last-modified Thu, 02 Aug 2018 10:32:16 GMT server ESF link <https://fonts.gstatic.com>; rel=preconnect; crossorigin status 200 date Thu, 02 Aug 2018 10:32:16 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="44,43,39,35" x-xss-protection 1; mode=block expires Thu, 02 Aug 2018 10:32:16 GMT
GET H/1.1	200 OK	/ Show response geoapi123.appspot.com/	400 B 426 B	142ms 122ms	Script text/html	2a00:1450:4001:81d::2014 Google LLC
General Check archive.org Show headers Download Go to Full URL http://geoapi123.appspot.com/ Requested by Host: s3.amazonaws.com URL: http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm Protocol HTTP/1.1 Server 2a00:1450:4001:81d::2014 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software Google Frontend / Resource Hash 8eb553da27ed9787f002bb2577105a6609e724de5a27096ee22203aaf1f13cdc Request headers Referer http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 02 Aug 2018 10:32:16 GMT Content-Encoding gzip Server Google Frontend Vary Accept-Encoding Content-Type text/html; charset=utf-8 X-Cloud-Trace-Context 9eecd06b3124a914001278ca88e03eb2 Cache-Control private Content-Length 156
GET H/1.1	200 OK	style.css s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/files/	2 KB 2 KB	241ms 143ms	Stylesheet text/css	52.216.18.251 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/files/style.css Requested by Host: s3.amazonaws.com URL: http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm Protocol HTTP/1.1 Server 52.216.18.251 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software AmazonS3 / Resource Hash 8c5bc2da769a808653559f02db5f3dcf58a0a9ae69d14239a071e65a6b2d6e95 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host s3.amazonaws.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,*/*;q=0.1 Referer http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm Connection keep-alive Cache-Control no-cache Referer http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 02 Aug 2018 10:32:18 GMT Last-Modified Wed, 01 Aug 2018 17:15:28 GMT Server AmazonS3 x-amz-request-id D773065DF3C51D44 ETag "7b8250d8b4ee5d534e8562a064f8f1e6" Content-Type text/css Accept-Ranges bytes Content-Length 2133 x-amz-id-2 7c7E6e0d06MyVIcKc3zebwuwY5rSUE0LFe8jNDvnxKNyftR+iFAPbVjnQckG/h65DPInYBYSo9w=
GET H/1.1	200 OK	background-2.png s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/files/	251 KB 251 KB	226ms 163ms	Image image/png	52.216.18.251 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/files/background-2.png Requested by Host: s3.amazonaws.com URL: http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm Protocol HTTP/1.1 Server 52.216.18.251 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software AmazonS3 / Resource Hash 7d491eb4e40a92a8ca95435b3e5bcbbad3dfd7d891ae44f8a83070fd63797024 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host s3.amazonaws.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/*,*/*;q=0.8 Referer http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm Connection keep-alive Cache-Control no-cache Referer http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 02 Aug 2018 10:32:18 GMT Last-Modified Wed, 01 Aug 2018 17:15:26 GMT Server AmazonS3 x-amz-request-id C20C3B259EAE5B68 ETag "bff452474f34852523e73bee286954d4" Content-Type image/png Accept-Ranges bytes Content-Length 256547 x-amz-id-2 TxvTxmqD8jw7wsCqQjSLdbWNMQoJSsgyRoHdCG0ZPc8YjI7t6vsJmY21TDt8231tNwt/yH8cBBo=
GET H/1.1	200 OK	alert.jpg s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/files/	37 KB 37 KB	184ms 184ms	Image image/jpeg	52.216.18.251 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/files/alert.jpg Requested by Host: s3.amazonaws.com URL: http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm Protocol HTTP/1.1 Server 52.216.18.251 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software AmazonS3 / Resource Hash 6bdecd9bf45a8f40ded1f5d7febf79f16631ea2c7f61979f8a7400c0633611f6 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host s3.amazonaws.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/*,*/*;q=0.8 Referer http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm Connection keep-alive Cache-Control no-cache Referer http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 02 Aug 2018 10:32:18 GMT Last-Modified Wed, 01 Aug 2018 17:15:22 GMT Server AmazonS3 x-amz-request-id A0EB54AB49F95C24 ETag "15f70e6624b2664be5538da4a40b2297" Content-Type image/jpeg Accept-Ranges bytes Content-Length 37513 x-amz-id-2 0cLmJukAHPpdLeAK76zAWxLx7vgpH1v3+FoA2aW5J4zyuYY7DLhsTW14zGgk0oljWM9AwjZkOl8=
GET H/1.1	200 OK	microsoft.png s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/files/	977 B 1 KB	174ms 173ms	Image image/png	52.216.18.251 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/files/microsoft.png Requested by Host: s3.amazonaws.com URL: http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm Protocol HTTP/1.1 Server 52.216.18.251 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software AmazonS3 / Resource Hash 844a92ee435552f7f26b4ec467220c537841f8245a16bbb265975ce4b3081f36 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host s3.amazonaws.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/*,*/*;q=0.8 Referer http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm Connection keep-alive Cache-Control no-cache Referer http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 02 Aug 2018 10:32:18 GMT Last-Modified Wed, 01 Aug 2018 17:15:27 GMT Server AmazonS3 x-amz-request-id 823F8F91D3A06A66 ETag "ab563722ebc08ab73e4c72a3fa0d28c7" Content-Type image/png Accept-Ranges bytes Content-Length 977 x-amz-id-2 UFxSRbiZKR8zqqZWyx7qnQU71W6WxgJLWKrd4CWeVbUCmX9bkRfp1dXGd++6QxTgi6svXwTUR74=
GET H/1.1	200 OK	css.css s3.amazonaws.com/microsoft-windows-security-alert-malware-found/	655 B 1010 B	137ms 109ms	Stylesheet text/css	52.216.18.251 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/css.css Requested by Host: s3.amazonaws.com URL: http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm Protocol HTTP/1.1 Server 52.216.18.251 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software AmazonS3 / Resource Hash c38865468ef3bc8fd6705dd62ff33fe740ab5726db9a582c9055a80730909f7a Request headers Pragma no-cache Accept-Encoding gzip, deflate Host s3.amazonaws.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,*/*;q=0.1 Referer http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm Connection keep-alive Cache-Control no-cache Referer http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 02 Aug 2018 10:32:18 GMT Last-Modified Wed, 01 Aug 2018 17:16:45 GMT Server AmazonS3 x-amz-request-id 4D279C43E63697A6 ETag "4b15778fb4d238f6a6fc1d0bffaa7eb3" Content-Type text/css Accept-Ranges bytes Content-Length 655 x-amz-id-2 96X5d75m+cpmoDGzM1X4isze1NXaC2o/+l2XxesVtp+je/sASt03LaaT/zKrFS6HM1awYq+orIw=
GET S	200	tcc_l.combined.1.0.6.min.js Show response img1.wsimg.com/tcc/	12 KB 5 KB	44ms 17ms	Script application/x-javascript	104.103.108.60 Akamai Technologies
General Check archive.org Show headers Download Go to Full URL https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js Requested by Host: s3.amazonaws.com URL: http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm Protocol SPDY Server 104.103.108.60 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a104-103-108-60.deploy.static.akamaitechnologies.com Software / Resource Hash aa5c1ec4d2ea00eb517eadeb3b65e55b577b7a5ed42d7c2611d15d9050c18350 Request headers Referer http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Thu, 02 Aug 2018 10:32:17 GMT content-encoding gzip last-modified Fri, 31 Mar 2017 16:26:41 GMT status 200 etag "52ef5c943baad21:0" vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes timing-allow-origin * content-length 4564 expires Fri, 02 Aug 2019 10:32:17 GMT
GET H/1.1	200 OK	mem5YaGs126MiZpBA-UNirkOUuhs.ttf s3.amazonaws.com/microsoft-windows-security-alert-malware-found/s/opensans/v15/	27 KB 27 KB	157ms 157ms	Font binary/octet-stream	52.216.133.77 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/s/opensans/v15/mem5YaGs126MiZpBA-UNirkOUuhs.ttf Requested by Host: s3.amazonaws.com URL: http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm Protocol HTTP/1.1 Server 52.216.133.77 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software AmazonS3 / Resource Hash 74461248f0a3edd43acbe67fbd98bb8bc6f26bb6b2e8b948c4757724717bde5c Request headers Pragma no-cache Origin http://s3.amazonaws.com Accept-Encoding gzip, deflate Host s3.amazonaws.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept */* Referer http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/css.css Connection keep-alive Cache-Control no-cache User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/css.css Origin http://s3.amazonaws.com Response headers Date Thu, 02 Aug 2018 10:32:18 GMT Last-Modified Wed, 01 Aug 2018 17:16:27 GMT Server AmazonS3 x-amz-request-id 97CC949757647C75 ETag "c062d7d188586db3c4cf61e1ae43b331" Content-Type binary/octet-stream Accept-Ranges bytes Content-Length 27496 x-amz-id-2 i2Y4ig/y/zGGvPPkZ5ZmZB5IVkpHfS7WtmH2foalx5hvbF+mj4EpmBngRmitbE1mHa98jImRI+Q=
GET H/1.1	200 OK	mem5YaGs126MiZpBA-UN7rgOUuhs.ttf s3.amazonaws.com/microsoft-windows-security-alert-malware-found/s/opensans/v15/	28 KB 28 KB	201ms 109ms	Font binary/octet-stream	52.216.18.251 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/s/opensans/v15/mem5YaGs126MiZpBA-UN7rgOUuhs.ttf Requested by Host: s3.amazonaws.com URL: http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm Protocol HTTP/1.1 Server 52.216.18.251 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software AmazonS3 / Resource Hash 0782a52179d0e25f19c39b43253795b25787d65abdbd8bfa38be0f21a4512748 Request headers Pragma no-cache Origin http://s3.amazonaws.com Accept-Encoding gzip, deflate Host s3.amazonaws.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept */* Referer http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/css.css Connection keep-alive Cache-Control no-cache User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/css.css Origin http://s3.amazonaws.com Response headers Date Thu, 02 Aug 2018 10:32:18 GMT Last-Modified Wed, 01 Aug 2018 17:16:25 GMT Server AmazonS3 x-amz-request-id 358CAB0C63CF1E34 ETag "7e08cc656863d52bcb5cd34805ac605b" Content-Type binary/octet-stream Accept-Ranges bytes Content-Length 28192 x-amz-id-2 tugXLcZnV2BWRWfzWoSZwsRbBSeaaw4A0FnnFbCerOs9iD4f1Eayo/bmZic/yvDNFPnB1z5I+pI=
GET S	200	NaPecZTIAOhVxoMyOr9n_E7fdMPmDaZRbrw.woff2 fonts.gstatic.com/s/titilliumweb/v6/	12 KB 12 KB	7ms 6ms	Font font/woff2	2a00:1450:4001:81d::2003 Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/titilliumweb/v6/NaPecZTIAOhVxoMyOr9n_E7fdMPmDaZRbrw.woff2 Requested by Host: s3.amazonaws.com URL: http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm Protocol SPDY Server 2a00:1450:4001:81d::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 00eefad8cfe42f52ba984740be5df503849b4d4603913570d515db8f1bb1fffd Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://fonts.googleapis.com/css?family=Titillium+Web:400,700 Origin http://s3.amazonaws.com Response headers date Fri, 13 Jul 2018 20:22:45 GMT x-content-type-options nosniff last-modified Wed, 11 Oct 2017 18:27:30 GMT server sffe age 1692572 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="44,43,39,35" content-length 12252 x-xss-protection 1; mode=block expires Sat, 13 Jul 2019 20:22:45 GMT
GET H/1.1	206 Partial Content	alertmicrosoft.mp3 s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/files/	96 KB 0	240ms 147ms	Media audio/mp3	52.216.133.77 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/files/alertmicrosoft.mp3 Requested by Host: s3.amazonaws.com URL: http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm Protocol HTTP/1.1 Server 52.216.133.77 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software AmazonS3 / Resource Hash Request headers Pragma no-cache Accept-Encoding identity;q=1, *;q=0 Host s3.amazonaws.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 chrome-proxy frfr Accept */* Cache-Control no-cache Referer http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm Connection keep-alive Range bytes=0- Referer http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm Accept-Encoding identity;q=1, *;q=0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Range bytes=0- chrome-proxy frfr Response headers Date Thu, 02 Aug 2018 10:32:18 GMT Last-Modified Wed, 01 Aug 2018 17:15:25 GMT Server AmazonS3 x-amz-request-id 3CEF5C2D4BF47660 ETag "6ed16685648cc6c15a7da8263543a65c" Content-Type audio/mp3 Content-Range bytes 0-143452/143453 Accept-Ranges bytes Content-Length 143453 x-amz-id-2 WIfpMzbCtVTWffwaH5Sz5s+ens9p8Kq8xq86U1IL9BFgikOSBXs/S6fPnAk3RbG3A4CTKIQIlu8=
GET H/1.1	206 Partial Content	warning.mp3 s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/files/	13 KB 14 KB	175ms 175ms	Media audio/mp3	52.216.18.251 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/files/warning.mp3 Requested by Host: s3.amazonaws.com URL: http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm Protocol HTTP/1.1 Server 52.216.18.251 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software AmazonS3 / Resource Hash f4d5cae00178437f63e868ded066dde7503207230142ab3c37ef8ca70a03574d Request headers Pragma no-cache Accept-Encoding identity;q=1, *;q=0 Host s3.amazonaws.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 chrome-proxy frfr Accept */* Cache-Control no-cache Referer http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm Connection keep-alive Range bytes=0- Referer http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm Accept-Encoding identity;q=1, *;q=0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Range bytes=0- chrome-proxy frfr Response headers Date Thu, 02 Aug 2018 10:32:18 GMT Last-Modified Wed, 01 Aug 2018 17:15:31 GMT Server AmazonS3 x-amz-request-id F8CBB08D562E05BB ETag "00b0b7579d355157c552145ce7720cb2" Content-Type audio/mp3 Content-Range bytes 0-13668/13669 Accept-Ranges bytes Content-Length 13669 x-amz-id-2 nBrXuzCokR7M28/u3V4RHsdXbpNYZG82sa9TYhve++ySWs0NlMvkLQ38SDUY5Bc9qzypaa8EyXo=
GET H/1.1	200 OK	event img.secureserver.net/t/1/tl/	43 B 587 B	300ms 151ms	Image image/gif	45.40.130.22 GoDaddy.com
General Check archive.org Show headers Download Go to Show image Full URL http://img.secureserver.net/t/1/tl/event?cts=1533205938176&tce=1533205936751&tcs=1533205936659&tdc=1533205937975&tdclee=1533205937353&tdcles=1533205937353&tdi=1533205937353&tdl=1533205936886&tdle=1533205936659&tdls=1533205936659&tfs=1533205936658&tns=1533205936658&trqs=1533205936751&tre=1533205937158&trps=1533205936883&tles=1533205937975&tlee=1533205937975&ht=perf&dh=s3.amazonaws.com&ua=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_13_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F67.0.3396.87%20Safari%2F537.36&vci=41082293&cv=1.0.6&z=534103430&vg=1fc813b2-8177-4730-bc56-0f97a8ca6172&vtg=1fc813b2-8177-4730-bc56-0f97a8ca6172&ap=cpsh&trfd=%7B%22cts%22%3A1533205937353%2C%22tccl.baseHost%22%3A%22secureserver.net%22%2C%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22a2plcpnl0830%22%7D&dp=%2Fmicrosoft-windows-security-alert-malware-found%2Fchrome_win%2Findex.htm Protocol HTTP/1.1 Server 45.40.130.22 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-45-40-130-22.ip.secureserver.net Software Microsoft-IIS/8.5 / ARR/2.5, ASP.NET Resource Hash a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7 Request headers Referer http://s3.amazonaws.com/microsoft-windows-security-alert-malware-found/chrome_win/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 02 Aug 2018 10:32:17 GMT Server Microsoft-IIS/8.5 X-Powered-By ARR/2.5, ASP.NET Access-Control-Max-Age 1000 Access-Control-Allow-Methods GET, PUT, POST, DELETE, OPTIONS P3P CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA" Access-Control-Allow-Origin http://s3.amazonaws.com, * Cache-Control 0 Content-Type image/gif Access-Control-Allow-Headers Origin, X-Requested-With, Content-Type, Accept Content-Length 43
GET S	200	NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzY5abuWI.woff2 fonts.gstatic.com/s/titilliumweb/v6/	11 KB 11 KB	6ms 6ms	Font font/woff2	2a00:1450:4001:81d::2003 Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/titilliumweb/v6/NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzY5abuWI.woff2 Protocol SPDY Server 2a00:1450:4001:81d::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash d16b62e9833a9777233cdc8b707d56dc5fe4d50f1999fa677155a6a9ec504b64 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://fonts.googleapis.com/css?family=Titillium+Web:400,700 Origin http://s3.amazonaws.com Response headers date Sat, 14 Jul 2018 12:44:57 GMT x-content-type-options nosniff last-modified Wed, 11 Oct 2017 18:26:23 GMT server sffe age 1633641 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="44,43,39,35" content-length 11612 x-xss-protection 1; mode=block expires Sun, 14 Jul 2019 12:44:57 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Tech Support Scam (Consumer)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| geoip_country_code function| geoip_country_name function| geoip_city function| geoip_region function| geoip_region_name function| geoip_latitude function| geoip_longitude function| geoip_postal_code function| geoip_area_code function| geoip_metro_code string| phone_number function| evali function| eval1 object| _trfd function| tcg function| tcp object| perfhandler object| TCCTracker object| _trfq object| true

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	(Line 1) Message: City fails!!!

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
geoapi123.appspot.com
img.secureserver.net
img1.wsimg.com
s3.amazonaws.com
104.103.108.60
2a00:1450:4001:81d::2003
2a00:1450:4001:81d::200a
2a00:1450:4001:81d::2014
45.40.130.22
52.216.133.77
52.216.18.251
00eefad8cfe42f52ba984740be5df503849b4d4603913570d515db8f1bb1fffd
0782a52179d0e25f19c39b43253795b25787d65abdbd8bfa38be0f21a4512748
3d49296055d42972e1275138fd3f5023fa2cf390a0e6617cf05e97a51d1eda39
6bdecd9bf45a8f40ded1f5d7febf79f16631ea2c7f61979f8a7400c0633611f6
74461248f0a3edd43acbe67fbd98bb8bc6f26bb6b2e8b948c4757724717bde5c
7d491eb4e40a92a8ca95435b3e5bcbbad3dfd7d891ae44f8a83070fd63797024
844a92ee435552f7f26b4ec467220c537841f8245a16bbb265975ce4b3081f36
8c5bc2da769a808653559f02db5f3dcf58a0a9ae69d14239a071e65a6b2d6e95
8eb553da27ed9787f002bb2577105a6609e724de5a27096ee22203aaf1f13cdc
978a134736a8c60a8634fe7176fab9d23f00a8af6d0a47c9c346f5fa0b8d25a8
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
aa5c1ec4d2ea00eb517eadeb3b65e55b577b7a5ed42d7c2611d15d9050c18350
c38865468ef3bc8fd6705dd62ff33fe740ab5726db9a582c9055a80730909f7a
d16b62e9833a9777233cdc8b707d56dc5fe4d50f1999fa677155a6a9ec504b64
f4d5cae00178437f63e868ded066dde7503207230142ab3c37ef8ca70a03574d