s3.amazonaws.com Open in urlscan Pro
52.216.113.69 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://naughty69sexy.site/
Effective URL:
https://s3.amazonaws.com/1790768/98294385/ea8fae0e-29/mOzF?cid=M2019042711-e78b3db19b8f8b8b0a811b9bec276b4b&source=4673&r...
Submission: On April 27 via api (April 27th 2019, 11:56:51 am UTC) from DE

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 11 IPs in 5 countries across 11 domains to perform 21 HTTP transactions. The main IP is 52.216.113.69, located in Ashburn, United States and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is s3.amazonaws.com.
TLS certificate: Issued by DigiCert Baltimore CA-2 G2 on December 3rd 2018. Valid for: a year.

This is the only time s3.amazonaws.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Fake Flash Update

Domain & IP information

	IP Address	AS Autonomous System
1	145.239.253.233 145.239.253.233	16276 (OVH) (OVH)
1 1	185.251.39.233 185.251.39.233	48282 (MCHOST-AS) (MCHOST-AS)
1 2	34.208.236.65 34.208.236.65	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	52.208.172.46 52.208.172.46	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	31.170.100.125 31.170.100.125	201942 (SOLTIA) (SOLTIA)
1	31.170.100.126 31.170.100.126	201942 (SOLTIA) (SOLTIA)
2 2	2.16.186.105 2.16.186.105	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	52.216.113.69 52.216.113.69	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2a00:1450:400... 2a00:1450:4001:81b::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
5	52.216.128.125 52.216.128.125	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	205.185.208.52 205.185.208.52	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
2	2a00:1450:400... 2a00:1450:4001:819::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2.16.186.67 2.16.186.67	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
21	11

1 145.239.253.233 (United Kingdom)

ASN16276 (OVH, FR)
PTR: ns3092269.ip-145-239-253.eu

naughty69sexy.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.251.39.233 (None, ) 1 redirects

ASN48282 (MCHOST-AS, RU)
PTR: host-185-251-39-233.hosted-by-vdsina.ru

nicebabiesfordate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.208.236.65 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-208-236-65.us-west-2.compute.amazonaws.com

a.px9y45.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.208.172.46 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-208-172-46.eu-west-1.compute.amazonaws.com

1d5df09b388.traffic-c.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 31.170.100.125 (None, )

ASN201942 (SOLTIA, ES)

track.fathew.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 31.170.100.126 (None, )

ASN201942 (SOLTIA, ES)

track.fathew.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.16.186.105 (European Union) 2 redirects

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-105.deploy.static.akamaitechnologies.com

www.adminaccessibility.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.216.113.69 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81b::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.216.128.125 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.208.52 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip052.ssl.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:819::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.186.67 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-67.deploy.static.akamaitechnologies.com

www.indexermanagement.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	amazonaws.com s3.amazonaws.com	150 KB
2	gstatic.com fonts.gstatic.com	22 KB
2	googleapis.com fonts.googleapis.com	1 KB
2	adminaccessibility.com 2 redirects www.adminaccessibility.com	2 KB
2	fathew.info track.fathew.info	1 KB
2	px9y45.com 1 redirects a.px9y45.com	1 KB
1	indexermanagement.com www.indexermanagement.com	203 B
1	jquery.com code.jquery.com	30 KB
1	traffic-c.com 1d5df09b388.traffic-c.com	1 KB
1	nicebabiesfordate.com 1 redirects nicebabiesfordate.com	1 KB
1	naughty69sexy.site naughty69sexy.site	408 B
21	11

	Domain	Requested by
10	s3.amazonaws.com	track.fathew.info s3.amazonaws.com
2	fonts.gstatic.com	s3.amazonaws.com
2	fonts.googleapis.com	s3.amazonaws.com
2	www.adminaccessibility.com	2 redirects
2	track.fathew.info	track.fathew.info
2	a.px9y45.com	1 redirects
1	www.indexermanagement.com	s3.amazonaws.com
1	code.jquery.com	s3.amazonaws.com
1	1d5df09b388.traffic-c.com	a.px9y45.com
1	nicebabiesfordate.com	1 redirects
1	naughty69sexy.site
21	11

This site contains no links.

Subject Issuer	Validity	Valid
*.px9y36.com Amazon	`2018-06-30` - `2019-07-30`	a year	crt.sh
traffic-c.com Let's Encrypt Authority X3	`2019-04-19` - `2019-07-18`	3 months	crt.sh
track.fathew.com Let's Encrypt Authority X3	`2019-01-31` - `2019-05-01`	3 months	crt.sh
s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2018-12-03` - `2019-10-25`	a year	crt.sh
*.googleapis.com Google Internet Authority G3	`2019-03-26` - `2019-06-18`	3 months	crt.sh
jquery.org COMODO RSA Domain Validation Secure Server CA	`2018-10-17` - `2020-10-16`	2 years	crt.sh
*.google.com Google Internet Authority G3	`2019-03-26` - `2019-06-18`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://s3.amazonaws.com/1790768/98294385/ea8fae0e-29/mOzF?cid=M2019042711-e78b3db19b8f8b8b0a811b9bec276b4b&source=4673&r=4eb6ab27-19f6-e811-81f7-ed46f4389d4a&s=2595bbe5-af17-4a07-aed9-3b29dbe9b4a0&client=chrome&lm=aHR0cDovL3d3dy5pbmRleGVybWFuYWdlbWVudC5jb20%253d&h=ShtBRBACEAsHBwgUAwQfCgVtBwILDAUKAQEcDQQPAgEKAh8IBQMHBhMVEVlCGggIBA8JAQQBCgsFFRVVEwMRBFdaBFhVBAYUAglUDh9cDwcAFAsBVA8fXFMCB18HAwoBVg1WFB0bX0BWGggbX0JFSUAKHRdBChlXXFhJX1xZRUoZVV5UERwQS1UbDVhEVV8cEEhRUBUMAAsKBx4aUV1HFAtNQUVXRQ%253D%253D&e=1&u=aHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL2QwZTAvQThEQzE1NTMyOTEvUGxheWVyLmRtZz9jaWQ9TTIwMTkwNDI3MTEtZTc4YjNkYjE5YjhmOGI4YjBhODExYjliZWMyNzZiNGImc291cmNlPTQ2NzMmcj00ZWI2YWIyNy0xOWY2LWU4MTEtODFmNy1lZDQ2ZjQzODlkNGEmcz0yNTk1YmJlNS1hZjE3LTRhMDctYWVkOS0zYjI5ZGJlOWI0YTAmY2xpZW50PWNocm9tZSZsbT1hSFIwY0RvdkwzZDNkeTVwYm1SbGVHVnliV0Z1WVdkbGJXVnVkQzVqYjIwJTI1M2Q%3d
Frame ID: 9E69CB50AA8F82CBDC382A3E5CEC679A
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://naughty69sexy.site/ Page URL
https://nicebabiesfordate.com/wbgseobrinmbtg?t=26_love_200 HTTP 302
https://a.px9y45.com/?x=681511264-1525790652&s=91934&pbc=VMULUWmbCqZEuZTwXkpmWwNbxEd Page URL
https://a.px9y45.com/redirect/82dff110-68e3-11e9-8b48-cd5c18021601 HTTP 302
https://1d5df09b388.traffic-c.com/?p=4673&media_type=mainstream&click_id=82dff110-68e3-11e9-8b48-cd5c18021601 Page URL
https://track.fathew.info/f6612a1d516725be822f3424f22fe64f/e3513143202a282b3c89436ac2877991/8c080ce0-0... Page URL
http://www.adminaccessibility.com/9B4UDxzm5ZiR6Mdv1HJz5oW?cid=M2019042711-e78b3db19b8f8b8b0a811b9bec276b4b&sou... HTTP 302
http://www.adminaccessibility.com/P7im90dt?cid=M2019042711-e78b3db19b8f8b8b0a811b9bec276b4b&source=4673&r=4eb6... HTTP 302
https://s3.amazonaws.com/1790768/98294385/ea8fae0e-29/mOzF?cid=M2019042711-e78b3db19b8f8b8b0a811b9bec... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

21
Requests

86 %
HTTPS

15 %
IPv6

11
Domains

11
Subdomains

11
IPs

5
Countries

207 kB
Transfer

267 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://naughty69sexy.site/ Page URL
https://nicebabiesfordate.com/wbgseobrinmbtg?t=26_love_200 HTTP 302
https://a.px9y45.com/?x=681511264-1525790652&s=91934&pbc=VMULUWmbCqZEuZTwXkpmWwNbxEd Page URL
https://a.px9y45.com/redirect/82dff110-68e3-11e9-8b48-cd5c18021601 HTTP 302
https://1d5df09b388.traffic-c.com/?p=4673&media_type=mainstream&click_id=82dff110-68e3-11e9-8b48-cd5c18021601 Page URL
https://track.fathew.info/f6612a1d516725be822f3424f22fe64f/e3513143202a282b3c89436ac2877991/8c080ce0-0655-4932-911f-6defa5590745/?externalid=5iluii065cdf7gmntslc0scgc,13451958,5,4673&Subid=4673&ctrack=1556366197.793875803 Page URL
http://www.adminaccessibility.com/9B4UDxzm5ZiR6Mdv1HJz5oW?cid=M2019042711-e78b3db19b8f8b8b0a811b9bec276b4b&source=4673&a=3&r=4eb6ab27-19f6-e811-81f7-ed46f4389d4a HTTP 302
http://www.adminaccessibility.com/P7im90dt?cid=M2019042711-e78b3db19b8f8b8b0a811b9bec276b4b&source=4673&r=4eb6ab27-19f6-e811-81f7-ed46f4389d4a&d=ShtBRBACEAsHBwgUAwQfCgVtBwILDAUKAQEcCwEBBgEBBh8IBQMHBhMVEVxCSBADFRkADgoABQ4KFg4OAwAHAwoNHVxWDldYVgBXFQAAGFt_pl_Q3USHhpeSVMUCxtbREZIQQMYGUIKHVFfWUhWWVdGSh1TXVUQFRVfQRsJAQEBCgEABwkKBBwQXF5JFQxfTF9cHhpWVVMUC1dGXF4UEEpQFAtXRlxeFBBJVF8TAwICCw8eG1RSQRsJREBNVxUVWVVVEQoQUEZNR0ULFhxDARZTVFZMXldSR0EWUVZaGVUJVgAdeQp9dAcEDAACCwkdaVtXSFxBHlZVVRsbFFVfRxIIGlZUUBRM&t=2&s=2595bbe5-af17-4a07-aed9-3b29dbe9b4a0&client=chrome&lm=aHR0cDovL3d3dy5pbmRleGVybWFuYWdlbWVudC5jb20%253d HTTP 302
https://s3.amazonaws.com/1790768/98294385/ea8fae0e-29/mOzF?cid=M2019042711-e78b3db19b8f8b8b0a811b9bec276b4b&source=4673&r=4eb6ab27-19f6-e811-81f7-ed46f4389d4a&s=2595bbe5-af17-4a07-aed9-3b29dbe9b4a0&client=chrome&lm=aHR0cDovL3d3dy5pbmRleGVybWFuYWdlbWVudC5jb20%253d&h=ShtBRBACEAsHBwgUAwQfCgVtBwILDAUKAQEcDQQPAgEKAh8IBQMHBhMVEVlCGggIBA8JAQQBCgsFFRVVEwMRBFdaBFhVBAYUAglUDh9cDwcAFAsBVA8fXFMCB18HAwoBVg1WFB0bX0BWGggbX0JFSUAKHRdBChlXXFhJX1xZRUoZVV5UERwQS1UbDVhEVV8cEEhRUBUMAAsKBx4aUV1HFAtNQUVXRQ%253D%253D&e=1&u=aHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL2QwZTAvQThEQzE1NTMyOTEvUGxheWVyLmRtZz9jaWQ9TTIwMTkwNDI3MTEtZTc4YjNkYjE5YjhmOGI4YjBhODExYjliZWMyNzZiNGImc291cmNlPTQ2NzMmcj00ZWI2YWIyNy0xOWY2LWU4MTEtODFmNy1lZDQ2ZjQzODlkNGEmcz0yNTk1YmJlNS1hZjE3LTRhMDctYWVkOS0zYjI5ZGJlOWI0YTAmY2xpZW50PWNocm9tZSZsbT1hSFIwY0RvdkwzZDNkeTVwYm1SbGVHVnliV0Z1WVdkbGJXVnVkQzVqYjIwJTI1M2Q%3d Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://nicebabiesfordate.com/wbgseobrinmbtg?t=26_love_200 HTTP 302
https://a.px9y45.com/?x=681511264-1525790652&s=91934&pbc=VMULUWmbCqZEuZTwXkpmWwNbxEd

Request Chain 2

https://a.px9y45.com/redirect/82dff110-68e3-11e9-8b48-cd5c18021601 HTTP 302
https://1d5df09b388.traffic-c.com/?p=4673&media_type=mainstream&click_id=82dff110-68e3-11e9-8b48-cd5c18021601

21 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
naughty69sexy.site/ 166 B
408 B 73ms
26ms Document
text/html 145.239.253.233
OVH

General

s3.amazonaws.com Open in urlscan Pro 52.216.113.69 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

21 Requests

86 %HTTPS

15 %IPv6

11 Domains

11 Subdomains

11 IPs

5 Countries

207 kBTransfer

267 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

0 Cookies

Indicators

s3.amazonaws.com Open in urlscan Pro
52.216.113.69 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

86 %
HTTPS

15 %
IPv6

11
Domains

11
Subdomains

11
IPs

5
Countries

207 kB
Transfer

267 kB
Size

0
Cookies

21 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!