ScanMalware.com

Security Scan Report: s3.eu-north-1.amazonaws.com

Submitted: Jun 7, 2026, 1:01:35 AMCompleted: Jun 7, 2026, 1:02:48 AMpubliccompleted
Loading additional data...

Summary

This website contacted 5 IPs in 3 countries across 6 domains to perform 2 HTTP transactions. The main domain is s3.eu-north-1.amazonaws.com and was registered NaN years ago.

Submitted URL: https://s3.eu-north-1.amazonaws.com/lz-east-2.console.aws.amazon.com042/message.html#[email protected]

The Cisco Umbrella rank of the primary domain is #21 of the top 1 million websitesTop 100 Site

AI Security Verdict

Confirmed Scam

Confidence: 92%

9
Risk Score

Phishing login page hosted on Amazon S3, collecting credentials; confirmed scam.

Risk Factors
Cloud storage domain with credential collection form
Email address in URL fragment unrelated to host domain
Anti‑analysis JavaScript (devtools/right‑click blocking)
Domain age information unavailable

Details

Page Title

Webmail Portal Access

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

The domain 's3.eu-north-1.amazonaws.com' uses the commercial generic top-level domain (.com), featuring subdomain 's3.eu-north-1'. Count 9 characters in 'amazonaws' holding 4 vowels versus 5 consonants. Segmentation suggests 3 words: amazon, aw, s. Median word length comes out to 2 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://s3.eu-north-1.amazonaws.com/lz-east-2.console.aws.amazon.com042/message.html#u003cje@sekure.net

Page Load Overview

0.58s
Total Load Time
10
HTTP Requests
9
Domains
205 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:216 chars
Detector Agreement:100%

Website Classification

Primary Category

unknown0% confidence
Type: webapp
Method: structural

All Detected Categories

No categories detected

Detected Features

Login Form

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
2142.250.154.95United States
AS15169Google LLC
2104.18.40.68United States
AS13335Cloudflare, Inc.
223.227.39.200Ottawa, Ontario, Canada
AS13335Cloudflare, Inc.
2151.101.65.155United States
AS54113Fastly, Inc.
23.5.218.239Stockholm, Stockholm County, Sweden
AS16509Amazon.com, Inc.
105--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1DAD3D760F51031EA3323C55972D0FD863219A153D65A8FB7F22F65D88F846CA16B3F2A

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

768:qPy3Gxw/Vc/QWlJxtQOIuiHlq5mzI4X8OAduFKbv2ctg2Bd8JP7ecQVvH1FLRflq:qBw/a1fIuiHlq5mN8lDbNmPbGO

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:139073:gGACgnRPCRAAiJ0i4GCRiACbgJ3IhYZAoIopIxDTowYKxg0UYMLFKABEIQhhYfgRSAEirVSVkwCRBCDJvBIAABA4RQrBJokx

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:3fffe7e7e7e7ffff
Perceptual Hash:a70d8d27278d8d27
Difference Hash:c0002c0c4d0c0800
Wavelet Hash:0f470303c0c0f0f0
Color Hash:#d27a2d

Other Hashes

Crop Resistant:c0002c0c4d0c0800

Scan History

Scan history not available

Unable to load historical scan data