awsmetrics.com
Open in
urlscan Pro
2600:3c00::f03c:93ff:feed:349c
Malicious Activity!
Public Scan
URL:
https://awsmetrics.com/?rid=7ux8klZ
Submission: On June 07 via manual from US — Scanned from DE
Submission: On June 07 via manual from US — Scanned from DE
Summary
This website contacted 3 IPs
in 1 countries
across 2 domains to perform 14 HTTP transactions.
The main IP is 2600:3c00::f03c:93ff:feed:349c, located in
Richardson, United States and
belongs to AKAMAI-LINODE-AP Akamai Connected Cloud, SG.
The main domain is awsmetrics.com.
TLS certificate: Issued by R3 on May 30th 2023. Valid for: 3 months.
This is the only time awsmetrics.com was scanned on urlscan.io!
TLS certificate: Issued by R3 on May 30th 2023. Valid for: 3 months.
This is the only time awsmetrics.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: AWS (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 4 | 2600:3c00::f0... 2600:3c00::f03c:93ff:feed:349c | 63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud) | |
| 1 | 2600:9000:223... 2600:9000:223c:1c00:19:2ae8:f748:f7e1 | 16509 (AMAZON-02) (AMAZON-02) | |
| 14 | 3 |
4
2600:3c00::f03c:93ff:feed:349c
(Richardson, United States)
ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
| awsmetrics.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 4 |
awsmetrics.com
awsmetrics.com |
216 KB |
| 1 |
awsstatic.com
d1.awsstatic.com — Cisco Umbrella Rank: 44962 |
42 KB |
| 14 | 2 |
| Domain | Requested by | |
|---|---|---|
| 4 | awsmetrics.com |
awsmetrics.com
|
| 1 | d1.awsstatic.com |
awsmetrics.com
|
| 14 | 2 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| aws.amazon.com |
| docs.aws.amazon.com |
| pages.awscloud.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| awsmetrics.com R3 |
2023-05-30 - 2023-08-28 |
3 months | crt.sh |
| d1.awsstatic.com Amazon RSA 2048 M01 |
2023-05-06 - 2024-06-03 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://awsmetrics.com/?rid=7ux8klZ
Frame ID: 7DC33350C4830CA2CCF5F57706693B66
Requests: 15 HTTP requests in this frame
5 Outgoing links
These are links going to different origins than the main page.
URL: https://aws.amazon.com/
Title: Amazon Web Services Login
Title: Amazon Web Services Login
Search URL Search Domain Scan URL
URL: https://docs.aws.amazon.com/console/signin/forgot-password
Title: Learn more
Title: Learn more
Search URL Search Domain Scan URL
URL: https://pages.awscloud.com/AWS_Certification-Campaign-e-book-sm.html?trk=848525af-71b7-4671-a62d-93bc72080911~ha_awssm-8259_tnc&sc_icampaign=aware_certification_signin_propel_global_traincert_200-cert&sc_ichannel=ha&sc_icontent=awssm-8259_tnc&sc_iplace=signin
Search URL Search Domain Scan URL
URL: https://aws.amazon.com/terms/
Title: Terms of Use
Title: Terms of Use
Search URL Search Domain Scan URL
URL: https://aws.amazon.com/privacy/
Title: Privacy Policy
Title: Privacy Policy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
awsmetrics.com/ |
726 KB 216 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
panorama-nav-init.js
awsmetrics.com/js/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
AWSMarketingTargetServiceAnalyticsClientSignin.js
awsmetrics.com/js/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
components.min.css
awsmetrics.com/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
utilities.min.css
awsmetrics.com/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
grid.min.css
awsmetrics.com/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
secondary_button.css
awsmetrics.com/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
vpce_error_page.css
awsmetrics.com/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Site-Merch_AWS-Certification-Propel_Console-Sign-In.38703e5d6aaef403076700b453c82e6efe487b71.png
d1.awsstatic.com/Digital%20Marketing/sitemerch/sign-in/en/ |
42 KB 42 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
privatelink_unauth.svg
awsmetrics.com/fonts/ |
19 B 19 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
components.min.css
awsmetrics.com/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
utilities.min.css
awsmetrics.com/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
grid.min.css
awsmetrics.com/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
secondary_button.css
awsmetrics.com/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- awsmetrics.com
- URL
- https://awsmetrics.com/css/components.min.css
- Domain
- awsmetrics.com
- URL
- https://awsmetrics.com/css/utilities.min.css
- Domain
- awsmetrics.com
- URL
- https://awsmetrics.com/css/grid.min.css
- Domain
- awsmetrics.com
- URL
- https://awsmetrics.com/css/secondary_button.css
- Domain
- awsmetrics.com
- URL
- https://awsmetrics.com/css/vpce_error_page.css
- Domain
- awsmetrics.com
- URL
- https://awsmetrics.com/css/components.min.css
- Domain
- awsmetrics.com
- URL
- https://awsmetrics.com/css/utilities.min.css
- Domain
- awsmetrics.com
- URL
- https://awsmetrics.com/css/grid.min.css
- Domain
- awsmetrics.com
- URL
- https://awsmetrics.com/css/secondary_button.css
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: AWS (Online)64 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend object| u2f undefined| js_api_version function| getParameterByName function| loadInlineJSON function| isIOSWebview function| isBrowserWebAuthnCompatible function| reportMetric function| reportMetrics string| U2F_METRICS_PATH string| CANDIDATE_METRICS_PATH string| U2F_COUPLED_ROOT string| U2F_DECOUPLED_ROOT string| U2F_CANDIDATE_COUPLED_ROOT string| CANDIDATE_ROOT_LOGIN string| U2F_IAM_USER string| U2F_ERROR_CODE string| U2F_CLIENT_LIBRARY_ERROR string| CANDIDATE_MFA_CANCEL string| COMPATIBLE string| INCOMPATIBLE string| UNKNOWN string| INVALID string| IAM_USER_AUTHENTICATION string| IAM_USER_RESET_PASSWORD string| GET_CAPTCHA string| RESET_PASSWORD_REQUEST string| OPT_IN_REGION_FAILURE string| VPCE_FAILURE object| angular boolean| __fwcimLoaded object| fwcim object| AwsUi object| _AwsUiJsxHelpers function| Zepto function| $ string| isU2FCompatible string| contactUsMfaUrl string| passwordExpired string| resyncMfaMessage string| smsMfaLostDeviceHeader string| smsMfaLostDeviceMessage string| smsMfaLostDeviceButton string| u2fAuthenticationError string| forceMobileApp function| requestParameters object| analyticsConfig undefined| targetServiceAnalyticsClient object| response object| targetedContentJson object| eventDetail object| customEvent string| iamChangePasswordUrl object| changePasswordButton undefined| app undefined| account undefined| username undefined| checkboxEnabled undefined| mfaCheckboxEnabled function| IamController function| getMetadata undefined| isFlashDisabled0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
14 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
awsmetrics.com
d1.awsstatic.com
awsmetrics.com
2600:3c00::f03c:93ff:feed:349c
2600:9000:223c:1c00:19:2ae8:f748:f7e1
06a62dfc262f8aaf73fd55f9e44869c0e887d5b56134f1c11505db8679f92c15
8d82b1e7faa7f2cdecd63fbe12c5a878d88a70bf383a552c1e66f03d2b795f38
9c63f3cbcba6e59cfa6905e609d16216d83b4aaf6acf13b6c01bc606d75efaf2
b16e15764b8bc06c5c3f9f19bc8b99fa48e7894aa5a6ccdad65da49bbf564793