www.ambious.com - urlscan.io

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 4 HTTP transactions. The main IP is 118.189.201.90, located in Singapore, Singapore and belongs to MOBILEONELTD-AS-AP MobileOne Ltd. Mobile/Internet Service Provider Singapore, SG. The main domain is www.ambious.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on February 1st 2020. Valid for: 3 months.

This is the only time www.ambious.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Excel / PDF download (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	118.189.201.90 118.189.201.90	4773 (MOBILEONE...) (MOBILEONELTD-AS-AP MobileOne Ltd. Mobile/Internet Service Provider Singapore)
2	151.101.12.193 151.101.12.193	54113 (FASTLY) (FASTLY)
1 2	192.185.145.5 192.185.145.5	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
4	3

1 118.189.201.90 (Singapore, Singapore)

ASN4773 (MOBILEONELTD-AS-AP MobileOne Ltd. Mobile/Internet Service Provider Singapore, SG)
PTR: 90.201.189.118.static.m1net.com.sg

www.ambious.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.12.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.185.145.5 (Houston, United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: ns1594.websitewelcome.com

download.shia-water.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
shia-water.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	shia-water.org 1 redirects download.shia-water.org shia-water.org	74 KB
2	imgur.com i.imgur.com	5 KB
1	ambious.com www.ambious.com	2 KB
4	3

	Domain	Requested by
2	i.imgur.com	www.ambious.com
1	shia-water.org	www.ambious.com
1	download.shia-water.org	1 redirects
1	www.ambious.com
4	4

This site contains no links.

Subject Issuer	Validity	Valid
ambious.com Let's Encrypt Authority X3	`2020-02-01` - `2020-05-01`	3 months	crt.sh
shia-water.org Let's Encrypt Authority X3	`2020-02-02` - `2020-05-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.ambious.com/wp-content/plugins/none/execel/
Frame ID: E1C1C6231A41E127093D7AE8C9ED0CD2
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

4
Requests

50 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

3
Countries

81 kB
Transfer

85 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

http://download.shia-water.org/excel/pdf.png HTTP 301
https://shia-water.org/download/excel/pdf.png

4 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.ambious.com/wp-content/plugins/none/execel/ 7 KB
2 KB 776ms
244ms Document
text/html 118.189.201.90
MOBILEONELTD-AS-A...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ambious.com/wp-content/plugins/none/execel/

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

118.189.201.90 Singapore, Singapore, ASN4773 (MOBILEONELTD-AS-AP MobileOne Ltd. Mobile/Internet Service Provider Singapore, SG),

Reverse DNS

90.201.189.118.static.m1net.com.sg

Software

nginx /

Resource Hash

cb74db9586fe26769681eac46d19225612bddf602eb5e9f9c82368b5c211f5df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

:method: GET
:authority: www.ambious.com
:scheme: https
:path: /wp-content/plugins/none/execel/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: document
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document

Response headers

status: 200
server: nginx
date: Wed, 18 Mar 2020 01:29:11 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000

GET
H/1.1 200
OK v2dKDaf.png
i.imgur.com/ 3 KB
4 KB 16ms
8ms Image
image/png 151.101.12.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://i.imgur.com/v2dKDaf.png
Requested by: Host: www.ambious.com
URL: https://www.ambious.com/wp-content/plugins/none/execel/
Protocol: HTTP/1.1
Server: 151.101.12.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: 7900a6daf04859fef2501b2cf08851772deae586328d56d79a36e86c689851c5

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 18 Mar 2020 01:29:11 GMT
Age: 1691024
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 3432
X-Served-By: cache-bwi5127-BWI, cache-fra19183-FRA
Last-Modified: Thu, 08 Dec 2016 14:15:11 GMT
Server: cat factory 1.0
X-Timer: S1584494952.874104,VS0,VE1
ETag: "75099623c84266df9d4613b6caa88969"
Access-Control-Allow-Methods: GET, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
cache-control: public, max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 2, 1

GET
H/1.1 200
OK I7G94LL.gif
i.imgur.com/ 543 B
1 KB 17ms
9ms Image
image/gif 151.101.12.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://i.imgur.com/I7G94LL.gif
Requested by: Host: www.ambious.com
URL: https://www.ambious.com/wp-content/plugins/none/execel/
Protocol: HTTP/1.1
Server: 151.101.12.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: 1a99a5a5bc47565a8b69c76e5f6469fc2361ad01c2c1db013dcab55300020e95

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 18 Mar 2020 01:29:11 GMT
Age: 6651578
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 543
X-Served-By: cache-bwi5131-BWI, cache-fra19125-FRA
Last-Modified: Thu, 08 Dec 2016 14:18:49 GMT
Server: cat factory 1.0
X-Timer: S1584494952.874185,VS0,VE1
ETag: "b6a0113af4e29fe6693004e7ce659bd4"
Access-Control-Allow-Methods: GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
cache-control: public, max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 1, 1

GET
H2

200

pdf.png
shia-water.org/download/excel/
Redirect Chain

http://download.shia-water.org/excel/pdf.png
https://shia-water.org/download/excel/pdf.png

73 KB
74 KB

534ms
141ms

Image
image/png

192.185.145.5
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shia-water.org/download/excel/pdf.png

Requested by

Host: www.ambious.com
URL: https://www.ambious.com/wp-content/plugins/none/execel/

Protocol

H2

Security

TLS 1.3, , AES_256_GCM

Server

192.185.145.5 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),

Reverse DNS

ns1594.websitewelcome.com

Software

Apache /

Resource Hash

bfb7362b6a5d508578ebe4f1884a92dba530b76fbe6be8db4a7b771c6aacaccf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 18 Mar 2020 01:29:12 GMT
last-modified: Tue, 25 Jul 2017 10:52:22 GMT
server: Apache
content-type: image/png
status: 200
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 74994

Redirect headers

Date: Wed, 18 Mar 2020 01:29:12 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Location: https://shia-water.org/download/excel/pdf.png
Content-Security-Policy: upgrade-insecure-requests;
Connection: Keep-Alive
Keep-Alive: timeout=5, max=75
Content-Length: 326

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Excel / PDF download (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

download.shia-water.org
i.imgur.com
shia-water.org
www.ambious.com
118.189.201.90
151.101.12.193
192.185.145.5
1a99a5a5bc47565a8b69c76e5f6469fc2361ad01c2c1db013dcab55300020e95
7900a6daf04859fef2501b2cf08851772deae586328d56d79a36e86c689851c5
bfb7362b6a5d508578ebe4f1884a92dba530b76fbe6be8db4a7b771c6aacaccf
cb74db9586fe26769681eac46d19225612bddf602eb5e9f9c82368b5c211f5df

www.ambious.com Open in urlscan Pro 118.189.201.90 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

4 Requests

50 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

3 IPs

3 Countries

81 kBTransfer

85 kBSize

0 Cookies

0 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

www.ambious.com Open in urlscan Pro
118.189.201.90 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

50 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

3
Countries

81 kB
Transfer

85 kB
Size

0
Cookies

4 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!