s3.sa-east-1.amazonaws.com
Open in
urlscan Pro
16.12.0.8
Malicious Activity!
Public Scan
Submitted URL: http://steamsb.info/
Effective URL: https://s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%...
Submission Tags: phisherman
Submission: On November 10 via api from GB — Scanned from GB
Effective URL: https://s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%...
Submission Tags: phisherman
Submission: On November 10 via api from GB — Scanned from GB
Summary
This website contacted 13 IPs
in 4 countries
across 12 domains to perform 35 HTTP transactions.
The main IP is 16.12.0.8, located in
São Paulo, Brazil and
belongs to AMAZON-02, US.
The main domain is s3.sa-east-1.amazonaws.com.
TLS certificate: Issued by Amazon RSA 2048 M01 on October 10th 2023. Valid for: 9 months.
This is the only time s3.sa-east-1.amazonaws.com was scanned on urlscan.io!
TLS certificate: Issued by Amazon RSA 2048 M01 on October 10th 2023. Valid for: 9 months.
This is the only time s3.sa-east-1.amazonaws.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Tech Support Scam (Consumer)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 | 72.52.179.174 72.52.179.174 | 32244 (LIQUIDWEB) (LIQUIDWEB) | |
| 1 1 | 198.134.116.17 198.134.116.17 | 27257 (WEBAIR-IN...) (WEBAIR-INTERNET) | |
| 1 2 | 173.239.53.32 173.239.53.32 | 27257 (WEBAIR-IN...) (WEBAIR-INTERNET) | |
| 1 | 130.211.29.114 130.211.29.114 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
| 2 | 35.241.15.240 35.241.15.240 | 15169 (GOOGLE) (GOOGLE) | |
| 2 | 2a02:4780:24:... 2a02:4780:24:3e3b:c82a:68ec:de08:77b6 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
| 12 | 16.12.0.8 16.12.0.8 | 16509 (AMAZON-02) (AMAZON-02) | |
| 2 | 2606:4700::68... 2606:4700::6810:5914 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 2 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2a04:4e42::649 2a04:4e42::649 | 54113 (FASTLY) (FASTLY) | |
| 1 | 195.201.57.90 195.201.57.90 | 24940 (HETZNER-AS) (HETZNER-AS) | |
| 1 | 2606:4700:10:... 2606:4700:10::6816:1983 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 35 | 13 |
2
72.52.179.174
(Sedona, United States)
ASN32244 (LIQUIDWEB, US)
PTR: lb01.parklogic.com
ASN32244 (LIQUIDWEB, US)
PTR: lb01.parklogic.com
| steamsb.info |
2
173.239.53.32
(United States)
ASN27257 (WEBAIR-INTERNET, US)
ASN27257 (WEBAIR-INTERNET, US)
| tq.minsonbar.online | |
| xml-v4.minsonbar.online |
1
130.211.29.114
(Kansas City, United States)
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 114.29.211.130.bc.googleusercontent.com
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 114.29.211.130.bc.googleusercontent.com
| cdn.perfdrive.com |
2
35.241.15.240
(Kansas City, United States)
ASN15169 (GOOGLE, US)
PTR: 240.15.241.35.bc.googleusercontent.com
ASN15169 (GOOGLE, US)
PTR: 240.15.241.35.bc.googleusercontent.com
| cas.avalon.perfdrive.com |
2
2a02:4780:24:3e3b:c82a:68ec:de08:77b6
(Meppel, Netherlands)
ASN47583 (AS-HOSTINGER, CY)
ASN47583 (AS-HOSTINGER, CY)
| vegerasoqura.online |
12
16.12.0.8
(São Paulo, Brazil)
ASN16509 (AMAZON-02, US)
PTR: s3-sa-east-1.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: s3-sa-east-1.amazonaws.com
| s3.sa-east-1.amazonaws.com |
1
195.201.57.90
(Gunzenhausen, Germany)
ASN24940 (HETZNER-AS, DE)
PTR: static.90.57.201.195.clients.your-server.de
ASN24940 (HETZNER-AS, DE)
PTR: static.90.57.201.195.clients.your-server.de
| ipwho.is |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 12 |
amazonaws.com
s3.sa-east-1.amazonaws.com |
83 KB |
| 3 |
perfdrive.com
cdn.perfdrive.com — Cisco Umbrella Rank: 20050 cas.avalon.perfdrive.com — Cisco Umbrella Rank: 9249 |
9 KB |
| 2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 223 |
31 KB |
| 2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 335 |
48 KB |
| 2 |
vegerasoqura.online
vegerasoqura.online |
8 KB |
| 2 |
minsonbar.online
1 redirects
tq.minsonbar.online xml-v4.minsonbar.online |
15 KB |
| 2 |
steamsb.info
steamsb.info |
3 KB |
| 1 |
tawk.to
embed.tawk.to — Cisco Umbrella Rank: 9846 |
927 B |
| 1 |
ipwho.is
ipwho.is — Cisco Umbrella Rank: 86087 |
329 B |
| 1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 762 |
27 KB |
| 1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1137 |
7 KB |
| 1 |
junmediadirect1.com
1 redirects
click-v4.junmediadirect1.com — Cisco Umbrella Rank: 129320 |
291 B |
| 35 | 12 |
| Domain | Requested by | |
|---|---|---|
| 12 | s3.sa-east-1.amazonaws.com |
vegerasoqura.online
s3.sa-east-1.amazonaws.com |
| 2 | cdnjs.cloudflare.com |
s3.sa-east-1.amazonaws.com
|
| 2 | cdn.jsdelivr.net |
s3.sa-east-1.amazonaws.com
|
| 2 | vegerasoqura.online |
vegerasoqura.online
|
| 2 | cas.avalon.perfdrive.com |
cdn.perfdrive.com
|
| 2 | steamsb.info |
steamsb.info
|
| 1 | embed.tawk.to |
s3.sa-east-1.amazonaws.com
|
| 1 | ipwho.is |
s3.sa-east-1.amazonaws.com
|
| 1 | code.jquery.com |
s3.sa-east-1.amazonaws.com
|
| 1 | maxcdn.bootstrapcdn.com |
s3.sa-east-1.amazonaws.com
|
| 1 | xml-v4.minsonbar.online | 1 redirects |
| 1 | cdn.perfdrive.com |
tq.minsonbar.online
|
| 1 | tq.minsonbar.online |
steamsb.info
|
| 1 | click-v4.junmediadirect1.com | 1 redirects |
| 35 | 14 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.perfdrive.com Go Daddy Secure Certificate Authority - G2 |
2023-09-21 - 2024-09-26 |
a year | crt.sh |
| cas.avalon.perfdrive.com Go Daddy Secure Certificate Authority - G2 |
2023-07-24 - 2024-08-05 |
a year | crt.sh |
| vegerasoqura.online R3 |
2023-10-04 - 2024-01-02 |
3 months | crt.sh |
| *.s3-sa-east-1.amazonaws.com Amazon RSA 2048 M01 |
2023-10-10 - 2024-07-06 |
9 months | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-05-02 - 2024-05-01 |
a year | crt.sh |
| *.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
| ipwho.is GoGetSSL ECC DV CA |
2023-04-05 - 2024-04-05 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/index%25%40%7D%5B%3F%7D%26%26%25%24%5B%23%25%26%25%5D%5B%5D%3F%24%23%7B%3F_35_7.html
Frame ID: DDC566DEA17228D833CBA46B577583B0
Requests: 36 HTTP requests in this frame
Screenshot
Page Title
ARUK_ERRORCode0x268d3_Security_Er0007ff97Page URL History Show full URLs
- http://steamsb.info/ Page URL
- http://steamsb.info/page/bouncy.php?&bpae=GbhGdC07okx7jUu2C%2FR%2BCA68CckPZgvYS0IdF8S5cqM3znzHqh... Page URL
-
http://click-v4.junmediadirect1.com/click?i=cB9OewqihAA_0
HTTP 302
http://tq.minsonbar.online/filter?q=steamsb.info&i=fKJdMqe2jSc_0&ci=6949167161855226700&t=489569501&h=27 Page URL
-
http://xml-v4.minsonbar.online/click2?i=fKJdMqe2jSc_0&ci=6949167161855226700&j=rv%3Db%26ss%3D1600x1200%26ws...
HTTP 302
https://vegerasoqura.online/?conversion=YHBmtycws0w&bid=0.0156&source_subid=steamsb.info&city=London&sea... Page URL
- https://s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7... Page URL
Detected technologies
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Tawk.to
(Live Chat)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- //embed\.tawk\.to
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Modernizr
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://steamsb.info/ Page URL
- http://steamsb.info/page/bouncy.php?&bpae=GbhGdC07okx7jUu2C%2FR%2BCA68CckPZgvYS0IdF8S5cqM3znzHqh%2FGXUah6U3sH94hBqetJ04fIs%2BNpeA45gDFaCCKTQg32mZplqhpqfYUTm2FMTFDEJy%2FOlpmIx0ooLu2AncjS3x4ucp4m9b7qJccOHuI1IIEDnWUdFjnBg%2FOoMLgOwvXTYBIfuR88W6h%2B9yvPICx%2F6w4VG%2F4DChzffkgU%2B9nnWFdkVDeaiWOrb5CYEhduSa5WM5VOzqfIu1J6qh1ILtMIf%2BPrZrnzBOvPBDzYhV9AlmpxAWBuZDuP1j438Ax7d50nBiQXBGCuuYfDPnr60TgcJ%2BO0Pdly2LbOgJtyA8UQ0qKokkOmtE%2FMlA8bFOuQRnPbfmouTtUXMDfBUNx4O6oqFDwSTVUTaybzbRDwX5hVDxYd3gmKyGgQkXLOINPxd8lwfTATw%3D%3D&redirectType=js&inIframe=false&inPopUp=false Page URL
-
http://click-v4.junmediadirect1.com/click?i=cB9OewqihAA_0
HTTP 302
http://tq.minsonbar.online/filter?q=steamsb.info&i=fKJdMqe2jSc_0&ci=6949167161855226700&t=489569501&h=27 Page URL
-
http://xml-v4.minsonbar.online/click2?i=fKJdMqe2jSc_0&ci=6949167161855226700&j=rv%3Db%26ss%3D1600x1200%26ws%3D1600x1200%26wp%3D0x0%26ce%3D1%26ck%3Djc%26cv%3D5129%26cs%3D1%26fr%3D0%26hc%3D0%26fl%3Dnull%26jv%3Dnull%26sc%3D24%26hr%3D2%26rf%3Dsteamsb.info%26lo%3Dtq.minsonbar.online%26mb%3D0%26hb%3D1%26pl%3DWin32%26ua%3DMozilla%252F5.0%2B%28Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%29%2BAppleWebKit%252F537.36%2B%28KHTML%252C%2Blike%2BGecko%29%2BChrome%252F119.0.6045.123%2BSafari%252F537.36%26tp%3D26%26nd%3D0%26to%3Dnull%26wbd%3D1%26wbde%3D0%26sqm%3D0%26phj%3D0%26nmj%3D0%26sln%3D0%26es%3D0%26er%3D%26shs%3D%26ln%3Den-US%252Cen%26lnl%3D2%26hsc%3D1%26frc%3D1%26dbt%3D1%26prb%3D20030107%26tz%3D0%26hid%3D0%26mq%3D1%26bch%3D%26blv%3D%26my%3D%26geo%3D1%26mmd_ao%3D%26mmd_ai%3D%26mmd_vi%3D%26thx%3D0%26the%3D0%26ths%3D0%26cpc%3D%26ocp%3D%26hwc%3D4%26hrl%3D%26acd%3Dpppmp%26vcd%3Dppp%26pal%3D3%26pai%3D1%26pli%3D1%26win%3D1600x1200%26wout%3D1600x1200%26wpof%3D0x0%26bcld%3D1584x18%26scrp%3D0x0%26scrad%3D1600x1200%26spd%3D24%26pxr%3D1%26sck%3D1%26ckl%3D52%26sls%3D1%26sss%3D1%26six%3D1%26sdb%3D0%26vvr%3DIntel%2BInc.%26vrd%3DIntel%2BIris%2BOpenGL%2BEngine%26pnt%3Ddenied%26cnvs%3D80808080
HTTP 302
https://vegerasoqura.online/?conversion=YHBmtycws0w&bid=0.0156&source_subid=steamsb.info&city=London&search_referrer_domain=steamsb.info&IP=194.74.212.72&pubfeed=343866&query=steamsb.info&state=lnd&zip=EC4R Page URL
- https://s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/index%25%40%7D%5B%3F%7D%26%26%25%24%5B%23%25%26%25%5D%5B%5D%3F%24%23%7B%3F_35_7.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 2- http://click-v4.junmediadirect1.com/click?i=cB9OewqihAA_0 HTTP 302
- http://tq.minsonbar.online/filter?q=steamsb.info&i=fKJdMqe2jSc_0&ci=6949167161855226700&t=489569501&h=27
- http://xml-v4.minsonbar.online/click2?i=fKJdMqe2jSc_0&ci=6949167161855226700&j=rv%3Db%26ss%3D1600x1200%26ws%3D1600x1200%26wp%3D0x0%26ce%3D1%26ck%3Djc%26cv%3D5129%26cs%3D1%26fr%3D0%26hc%3D0%26fl%3Dnull%26jv%3Dnull%26sc%3D24%26hr%3D2%26rf%3Dsteamsb.info%26lo%3Dtq.minsonbar.online%26mb%3D0%26hb%3D1%26pl%3DWin32%26ua%3DMozilla%252F5.0%2B%28Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%29%2BAppleWebKit%252F537.36%2B%28KHTML%252C%2Blike%2BGecko%29%2BChrome%252F119.0.6045.123%2BSafari%252F537.36%26tp%3D26%26nd%3D0%26to%3Dnull%26wbd%3D1%26wbde%3D0%26sqm%3D0%26phj%3D0%26nmj%3D0%26sln%3D0%26es%3D0%26er%3D%26shs%3D%26ln%3Den-US%252Cen%26lnl%3D2%26hsc%3D1%26frc%3D1%26dbt%3D1%26prb%3D20030107%26tz%3D0%26hid%3D0%26mq%3D1%26bch%3D%26blv%3D%26my%3D%26geo%3D1%26mmd_ao%3D%26mmd_ai%3D%26mmd_vi%3D%26thx%3D0%26the%3D0%26ths%3D0%26cpc%3D%26ocp%3D%26hwc%3D4%26hrl%3D%26acd%3Dpppmp%26vcd%3Dppp%26pal%3D3%26pai%3D1%26pli%3D1%26win%3D1600x1200%26wout%3D1600x1200%26wpof%3D0x0%26bcld%3D1584x18%26scrp%3D0x0%26scrad%3D1600x1200%26spd%3D24%26pxr%3D1%26sck%3D1%26ckl%3D52%26sls%3D1%26sss%3D1%26six%3D1%26sdb%3D0%26vvr%3DIntel%2BInc.%26vrd%3DIntel%2BIris%2BOpenGL%2BEngine%26pnt%3Ddenied%26cnvs%3D80808080 HTTP 302
- https://vegerasoqura.online/?conversion=YHBmtycws0w&bid=0.0156&source_subid=steamsb.info&city=London&search_referrer_domain=steamsb.info&IP=194.74.212.72&pubfeed=343866&query=steamsb.info&state=lnd&zip=EC4R
35 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
/
steamsb.info/ |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bouncy.php
steamsb.info/page/ |
697 B 974 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
filter
tq.minsonbar.online/ Redirect Chain
|
15 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
aperture.js
cdn.perfdrive.com/aperture/ |
26 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
jsdata
cas.avalon.perfdrive.com/ |
316 B 384 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
jsdata
cas.avalon.perfdrive.com/ |
211 B 356 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
68 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
vegerasoqura.online/ Redirect Chain
|
16 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
vegerasoqura.online/ |
258 B 422 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
index%25%40%7D%5B%3F%7D%26%26%25%24%5B%23%25%26%25%5D%5B%5D%3F%24%23%7B%3F_35_7.html
s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/ |
36 KB 36 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/ |
158 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/ |
82 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main.css
s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/ |
12 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ |
27 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-1.4.4.min.js
code.jquery.com/ |
77 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
noir.js
s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/ |
0 0 |
Script
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
background.png
s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/ |
136 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
minimize.jpeg
s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wHV3KJb4RXvsWQguMAqp7Yk.png
s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
setting.png
s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/ |
364 B 758 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
que.png
s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/ |
349 B 743 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
BA8xkRpEG9erP23h4tFQHaV.png
s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/ |
25 KB 26 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
bell.png
s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
pc.png
s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
def.png
s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
cross.png
s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
aHSD6nzjhAkxK85YN3wRmpq.jpeg
s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
modernizr.min.js
cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/ |
11 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/ |
82 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
fullscreen.js
s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/ |
245 B 652 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
before.js
s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/ |
366 B 773 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main.js
s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/ |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
light.js
s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
ipwho.is/ |
58 B 329 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
1hd6bo3jl
embed.tawk.to/65325d30a84dd54dc48338d1/ |
2 KB 927 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
0wa0rni0ng0.mp3
s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- s3.sa-east-1.amazonaws.com
- URL
- https://s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/bell.png
- Domain
- s3.sa-east-1.amazonaws.com
- URL
- https://s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/pc.png
- Domain
- s3.sa-east-1.amazonaws.com
- URL
- https://s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/def.png
- Domain
- s3.sa-east-1.amazonaws.com
- URL
- https://s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/cross.png
- Domain
- s3.sa-east-1.amazonaws.com
- URL
- https://s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/aHSD6nzjhAkxK85YN3wRmpq.jpeg
- Domain
- s3.sa-east-1.amazonaws.com
- URL
- https://s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/light.js
- Domain
- s3.sa-east-1.amazonaws.com
- URL
- https://s3.sa-east-1.amazonaws.com/7c79.2f5f.4442.4176.ad34.5e04.9fee.b987.uk.denied/%24%5D%3F%3F%23%23%40%40%7D%25%5D%7D%23%7D%5B%40%25%24%7B%40%24%3F%40/0wa0rni0ng0.mp3
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Tech Support Scam (Consumer)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| $ function| jQuery object| t object| Tawk_API object| Tawk_LoadStart function| getVariableFromURl string| phone string| phone_number string| phone_number2 object| html5 object| Modernizr object| bootstrap string| $_Tawk_AccountKey string| $_Tawk_WidgetId boolean| $_Tawk_Unstable object| $_Tawk undefined| ipadd undefined| city undefined| country10 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| tq.minsonbar.online/ | Name: c369611231 Value: 1831517467 |
|
| .minsonbar.online/ | Name: x3325799 Value: 1831517467 |
|
| .minsonbar.online/ | Name: __ssds Value: 2 |
|
| tq.minsonbar.online/ | Name: jc Value: 5129 |
|
| .minsonbar.online/ | Name: __ssuzjsr2 Value: a9be0cd8e |
|
| .minsonbar.online/ | Name: __uzmaj2 Value: 8efbc06e-f602-40c4-8dd2-0b618542409d |
|
| .minsonbar.online/ | Name: __uzmbj2 Value: 1699632790 |
|
| .minsonbar.online/ | Name: __uzmcj2 Value: 237771027652 |
|
| .minsonbar.online/ | Name: __uzmdj2 Value: 1699632790 |
|
| vegerasoqura.online/ | Name: __cqf Value: YjJ0dldtMXFWVzQyVm5OSEwzZHdUamRNTVcwMVVVdEpPRkJEZEhKelZWRnpZMXBQT0c1MEwySnlkejA9 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cas.avalon.perfdrive.com
cdn.jsdelivr.net
cdn.perfdrive.com
cdnjs.cloudflare.com
click-v4.junmediadirect1.com
code.jquery.com
embed.tawk.to
ipwho.is
maxcdn.bootstrapcdn.com
s3.sa-east-1.amazonaws.com
steamsb.info
tq.minsonbar.online
vegerasoqura.online
xml-v4.minsonbar.online
s3.sa-east-1.amazonaws.com
130.211.29.114
16.12.0.8
173.239.53.32
195.201.57.90
198.134.116.17
2606:4700:10::6816:1983
2606:4700::6810:5914
2606:4700::6811:180e
2606:4700::6812:bcf
2a02:4780:24:3e3b:c82a:68ec:de08:77b6
2a04:4e42::649
35.241.15.240
72.52.179.174
2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515
30fc2e6968807fc6239e9930334db4aad71f005a40b8718720ee33a900869916
31681779c6f394370dad146169896e9ec2b8f7c716c4b1db78c459033e48bf95
3aac2d61558f94c00f0c5d85542e37fef3362cad7f1fe56e05e948821e0c3705
43703d37b8fe2769cb2e12db7aa281dbcca175124d05ff4b0cc3d152534698a4
44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7
4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601
517364f2d45162fb5037437b5b6cb953d00d9b2b3b79ba87d9fe57ea6ee6070c
5e89733d8a8e055100cda68bf7a712ab0e1b24fefee7e39792b47cb5ff7c3cb1
62718563964b0ce2c9c156fbd1c63d781ccb726fd5303fc4cc7127852ca4411a
8d5d7f0a7361ea45135e12c3f9b4a9249abd119d0df47d83c765c2389410c389
9fb91ff0e8c179aea40dbe6842b36fd201654f5647c21dcec41fd18be535d506
a05245b6f7fd752af4a7b0131bbdfdf3eaee6c5a25a81cb498e0f0759189473c
b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b
b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a
b2dc4153ee7019c70a1095d5d1304d540e3bba045d99e141f63e5b13362e5a4e
c1fcde71b0f0fe37308ce346c7044620eed8f9ff809bc98a8c47c0cbb8b5c85f
c60becd7bce002e3acd18c52378a44f79b6d8088f245f1d4cf8c57c7187e2042
d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
df55b8a88e51990519bcd5320b53ade4cf8d9b778b267953a479f726c7036331
ee4bc5fe81fa7c1e8497d79c9c8a96485df217092d334e9b48fa8840fed11d03