18.223.42.51 Open in urlscan Pro
18.223.42.51  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response 18.223.42.51/ket/	11 KB 5 KB	205ms 106ms	Document text/html	18.223.42.51 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://18.223.42.51/ket/ Protocol HTTP/1.1 Server 18.223.42.51 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-18-223-42-51.us-east-2.compute.amazonaws.com Software Apache / Resource Hash ebcd4a1695882de18802c29e3c54851dc70dc7204791c474ca0503579c1022f7 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Host 18.223.42.51 Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id A9119433F7D0536F37F85641E4B7E75A Response headers Date Fri, 10 Aug 2018 16:43:25 GMT Server Apache X-Frame-Options SAMEORIGIN Accept-Ranges bytes X-Mod-Pagespeed 1.13.35.2-0 Vary Accept-Encoding Content-Encoding gzip Cache-Control max-age=0, no-cache, s-maxage=10 Content-Length 4315 Keep-Alive timeout=2, max=100 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H/1.1	404 Not Found	style.html 18.223.42.51/ket/back_files/	0 0	101ms 100ms	Stylesheet text/html	18.223.42.51 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://18.223.42.51/ket/back_files/style.html Requested by Host: 18.223.42.51 URL: http://18.223.42.51/ket/ Protocol HTTP/1.1 Server 18.223.42.51 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-18-223-42-51.us-east-2.compute.amazonaws.com Software Apache / Resource Hash Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 18.223.42.51 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,*/*;q=0.1 Referer http://18.223.42.51/ket/ Connection keep-alive Cache-Control no-cache Referer http://18.223.42.51/ket/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 10 Aug 2018 16:43:25 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=2, max=99 Content-Length 223 X-Frame-Options SAMEORIGIN Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	jquery-1.js+jquery-2.js.pagespeed.jc.Q8lnsyrjhf.js Show response 18.223.42.51/ket/back_files/	14 KB 2 KB	200ms 100ms	Script application/javascript	18.223.42.51 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://18.223.42.51/ket/back_files/jquery-1.js+jquery-2.js.pagespeed.jc.Q8lnsyrjhf.js Requested by Host: 18.223.42.51 URL: http://18.223.42.51/ket/ Protocol HTTP/1.1 Server 18.223.42.51 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-18-223-42-51.us-east-2.compute.amazonaws.com Software Apache / Resource Hash 075d0f3d81e29d5b63d6a857474bf95fdc83c0e4a6bdbf07fc31703d695cd0bd Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 18.223.42.51 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept */* Referer http://18.223.42.51/ket/ Connection keep-alive Cache-Control no-cache Referer http://18.223.42.51/ket/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 10 Aug 2018 16:43:25 GMT Content-Encoding gzip X-Original-Content-Length 11171 Server Apache X-Frame-Options SAMEORIGIN Etag W/"0" Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=31536000 Last-Modified Fri, 10 Aug 2018 16:36:29 GMT Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=100 Content-Length 1739 Expires Sat, 10 Aug 2019 16:36:29 GMT
GET H/1.1	200 OK	xbgimage.jpg.pagespeed.ic.GGOc41CF5S.webp 18.223.42.51/ket/	58 KB 58 KB	100ms 100ms	Image image/webp	18.223.42.51 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://18.223.42.51/ket/xbgimage.jpg.pagespeed.ic.GGOc41CF5S.webp Requested by Host: 18.223.42.51 URL: http://18.223.42.51/ket/ Protocol HTTP/1.1 Server 18.223.42.51 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-18-223-42-51.us-east-2.compute.amazonaws.com Software Apache / Resource Hash 94578ed7f9e065204cb5ee4be5108490ec29046ae043877a5dd52ab83694b36a Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 18.223.42.51 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/*,*/*;q=0.8 Referer http://18.223.42.51/ket/ Connection keep-alive Cache-Control no-cache Referer http://18.223.42.51/ket/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 10 Aug 2018 16:43:25 GMT X-Original-Content-Length 170801 Server Apache Etag W/"0" X-Frame-Options SAMEORIGIN Content-Type image/webp Cache-Control max-age=31536000 Last-Modified Fri, 10 Aug 2018 15:53:37 GMT Connection Keep-Alive Accept-Ranges bytes Link <http://18.223.42.51/ket/bgimage.jpg>; rel="canonical" Content-Length 59222 Keep-Alive timeout=2, max=98 Expires Sat, 10 Aug 2019 15:53:37 GMT
GET H/1.1	206 Partial Content	alert2.mp3 18.223.42.51/ket/	196 KB 196 KB	100ms 100ms	Media audio/mpeg	18.223.42.51 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://18.223.42.51/ket/alert2.mp3 Requested by Host: 18.223.42.51 URL: http://18.223.42.51/ket/ Protocol HTTP/1.1 Server 18.223.42.51 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-18-223-42-51.us-east-2.compute.amazonaws.com Software Apache / Resource Hash fc59bbb18f923747b9cd3f3b23537ff09c5ad2fdfc1505a4800a3f269a234e65 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Pragma no-cache Accept-Encoding identity;q=1, *;q=0 Host 18.223.42.51 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 chrome-proxy frfr Accept */* Cache-Control no-cache Referer http://18.223.42.51/ket/ Connection keep-alive Range bytes=0- Referer http://18.223.42.51/ket/ Accept-Encoding identity;q=1, *;q=0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Range bytes=0- chrome-proxy frfr Response headers Date Fri, 10 Aug 2018 16:43:25 GMT Last-Modified Tue, 07 Aug 2018 12:25:00 GMT Server Apache ETag "31080-572d77b98f859" X-Frame-Options SAMEORIGIN Content-Type audio/mpeg Content-Range bytes 0-200831/200832 Cache-Control s-maxage=10 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=99 Content-Length 200832

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Tech Support Scam (Consumer)

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| gtag object| dataLayer function| getURLParameter function| getSystemInfo object| el function| rfs undefined| wscript function| toggleFullScreen string| mod_pagespeed_i_0pPaRKSW string| mod_pagespeed_TojyyIuE0d string| tollfree string| hhref string| m1 string| m2 function| myFunction function| rtclickcheck string| OSName boolean| puShown number| PopWidth number| PopHeight number| PopFocus object| _Top function| GetWindowHeight function| GetWindowWidth function| GetWindowTop function| GetWindowLeft function| doOpen function| setCookie function| getCookie function| initPu function| checkTarget function| popupSite string| Msg undefined| msg_ch undefined| msg_ff function| msg

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

18.223.42.51
075d0f3d81e29d5b63d6a857474bf95fdc83c0e4a6bdbf07fc31703d695cd0bd
94578ed7f9e065204cb5ee4be5108490ec29046ae043877a5dd52ab83694b36a
ebcd4a1695882de18802c29e3c54851dc70dc7204791c474ca0503579c1022f7
fc59bbb18f923747b9cd3f3b23537ff09c5ad2fdfc1505a4800a3f269a234e65