s3.ap-southeast-1.amazonaws.com
Open in
urlscan Pro
52.219.40.117
Malicious Activity!
Public Scan
Submission: On July 10 via api from JP — Scanned from SG
Summary
TLS certificate: Issued by Amazon RSA 2048 M01 on January 31st 2024. Valid for: a year.
This is the only time s3.ap-southeast-1.amazonaws.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Apple (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
19 | 52.219.40.117 52.219.40.117 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 108.156.139.136 108.156.139.136 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 54.163.234.235 54.163.234.235 | 14618 (AMAZON-AES) (AMAZON-AES) | |
21 | 3 |
ASN16509 (AMAZON-02, US)
PTR: s3-ap-southeast-1.amazonaws.com
s3.ap-southeast-1.amazonaws.com |
ASN16509 (AMAZON-02, US)
PTR: server-108-156-139-136.sin2.r.cloudfront.net
d2fuc4clr7gvcn.cloudfront.net |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-163-234-235.compute-1.amazonaws.com
track.gaug.es |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
amazonaws.com
s3.ap-southeast-1.amazonaws.com |
387 KB |
1 |
gaug.es
track.gaug.es — Cisco Umbrella Rank: 520944 |
389 B |
1 |
cloudfront.net
d2fuc4clr7gvcn.cloudfront.net |
2 KB |
21 | 3 |
Domain | Requested by | |
---|---|---|
19 | s3.ap-southeast-1.amazonaws.com |
s3.ap-southeast-1.amazonaws.com
|
1 | track.gaug.es |
s3.ap-southeast-1.amazonaws.com
|
1 | d2fuc4clr7gvcn.cloudfront.net |
s3.ap-southeast-1.amazonaws.com
|
21 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.s3-ap-southeast-1.amazonaws.com Amazon RSA 2048 M01 |
2024-01-31 - 2025-01-22 |
a year | crt.sh |
*.cloudfront.net Amazon RSA 2048 M01 |
2023-10-10 - 2024-09-19 |
a year | crt.sh |
*.gaug.es Sectigo RSA Domain Validation Secure Server CA |
2024-03-03 - 2025-04-03 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://s3.ap-southeast-1.amazonaws.com/deservinginstancesupprotsg.z13.web.core.windows.net/i0s0s/index.html
Frame ID: 41837FEA77721B561920C3E4986F66B0
Requests: 21 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
s3.ap-southeast-1.amazonaws.com/deservinginstancesupprotsg.z13.web.core.windows.net/i0s0s/ |
15 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Base.css
s3.ap-southeast-1.amazonaws.com/deservinginstancesupprotsg.z13.web.core.windows.net/i0s0s/ |
54 KB 55 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
%40families%3dSF%2bPro%2cv1_7CSF%2bPro%2bIcons%2cv1
s3.ap-southeast-1.amazonaws.com/deservinginstancesupprotsg.z13.web.core.windows.net/i0s0s/fonts/ |
0 0 |
Stylesheet
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
text_tel.js
s3.ap-southeast-1.amazonaws.com/deservinginstancesupprotsg.z13.web.core.windows.net/i0s0s/ |
4 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
contact-us-hero.image.large_2x.jpg
s3.ap-southeast-1.amazonaws.com/deservinginstancesupprotsg.z13.web.core.windows.net/i0s0s/globalnav/apple/ |
194 KB 194 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jp.png
s3.ap-southeast-1.amazonaws.com/deservinginstancesupprotsg.z13.web.core.windows.net/i0s0s/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.12.0.min.js
s3.ap-southeast-1.amazonaws.com/deservinginstancesupprotsg.z13.web.core.windows.net/i0s0s/code.jquery.com/ |
95 KB 95 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
image_large.svg
s3.ap-southeast-1.amazonaws.com/deservinginstancesupprotsg.z13.web.core.windows.net/i0s0s/globalnav/apple/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
image_large.svg
s3.ap-southeast-1.amazonaws.com/deservinginstancesupprotsg.z13.web.core.windows.net/i0s0s/globalnav/links/mac/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
image_large.svg
s3.ap-southeast-1.amazonaws.com/deservinginstancesupprotsg.z13.web.core.windows.net/i0s0s/globalnav/links/ipad/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
image_large.svg
s3.ap-southeast-1.amazonaws.com/deservinginstancesupprotsg.z13.web.core.windows.net/i0s0s/globalnav/links/iphone/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
image_large.svg
s3.ap-southeast-1.amazonaws.com/deservinginstancesupprotsg.z13.web.core.windows.net/i0s0s/globalnav/links/watch/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
image_large.svg
s3.ap-southeast-1.amazonaws.com/deservinginstancesupprotsg.z13.web.core.windows.net/i0s0s/globalnav/links/tv/ |
678 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
image_large.svg
s3.ap-southeast-1.amazonaws.com/deservinginstancesupprotsg.z13.web.core.windows.net/i0s0s/globalnav/links/music/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
image_large.svg
s3.ap-southeast-1.amazonaws.com/deservinginstancesupprotsg.z13.web.core.windows.net/i0s0s/globalnav/links/support/ |
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
image_large.svg
s3.ap-southeast-1.amazonaws.com/deservinginstancesupprotsg.z13.web.core.windows.net/i0s0s/globalnav/search/ |
879 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
image_large.svg
s3.ap-southeast-1.amazonaws.com/deservinginstancesupprotsg.z13.web.core.windows.net/i0s0s/globalnav/bag/ |
892 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
contact-us-hero.image.large_2x.jpg
s3.ap-southeast-1.amazonaws.com/deservinginstancesupprotsg.z13.web.core.windows.net/i0s0s/globalnav/apple/ |
194 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
track.js
d2fuc4clr7gvcn.cloudfront.net/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
track.gif
track.gaug.es/ |
35 B 389 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
s3.ap-southeast-1.amazonaws.com/ |
243 B 520 B |
Other
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Apple (Online)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| defaultNumber string| defaultText object| text function| $ function| jQuery object| _gauges5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
s3.ap-southeast-1.amazonaws.com/ | Name: _gauges_unique_hour Value: 1 |
|
s3.ap-southeast-1.amazonaws.com/ | Name: _gauges_unique_day Value: 1 |
|
s3.ap-southeast-1.amazonaws.com/ | Name: _gauges_unique_month Value: 1 |
|
s3.ap-southeast-1.amazonaws.com/ | Name: _gauges_unique_year Value: 1 |
|
s3.ap-southeast-1.amazonaws.com/ | Name: _gauges_unique Value: 1 |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
d2fuc4clr7gvcn.cloudfront.net
s3.ap-southeast-1.amazonaws.com
track.gaug.es
108.156.139.136
52.219.40.117
54.163.234.235
0c6c01d3e623c9cd934189cf8ad57e9da4dd402e6bb5f884d150286dc58966ad
2328f2a4a358a5e076d84ba3abcc13f5b2b956a635f4c05ac4fe066ab14bdf65
4fed053f80d04caf73fb210e54597b09deca5ad03e42bd27cb32d5fb673feddd
50df47a18c8e561ab12280759861b8cadd0602e80d9dd45f779d8219ece94f8b
544853f2277b0ecbfcb712c75236e1ef2a48bef7190c56dc7c71b57d17d2d45d
5f1ab65fe2ad6b381a1ae036716475bf78c9b2e309528cf22170c1ddeefddcbf
6b808187a61de06a63f471e3a467b4c09177e0830e92eadc8abf6b2348a1a6b7
791ff1954bcb0307883cc4b2a966759f2fc209cc7acf47ecaede22834833398e
79a9e158088d0ee4b3442a5251904ab870b0fba335d814797a9b571b4c556e1f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
885e01a73d766baf9937a960c0aae908497b41c017b7d9fea218302ab3e82649
893a70e6ec4582c41ec1d6909cc7880c19b7bf09f6cbc284055e730ae5b6da76
9d4b71cd0fdcb496b8af7894b4583a418ea9c37d5c20ac1be98508109c1942f1
9fbcea90a1e7ab44c8665aaf7d02b1b4edacc122cb365ea79215e66f2001c837
a4dc7477df90a6e1a4ac5f1bb6a1b02762c4f3ddf6e24ef342748608168dc9ac
ad57653fe63c94d2e8ed3213fccba9f4957cbc2af4bc1e4d9dc1c06eeac8bbe9
b84db3992d270bf349440c18c4f8cf4478af4a739beee93bd398f1fef672651f
df2698e6cf74ed890afa92da10051f880df2ce0b3257b73c5d9ae2f6bea82d3c
ed769224098ec7ef7a4e67518fec552ecefee6950f8141d2e288c0e26b432cf4