yenta-unrectifiably.s3.us-east-2.amazonaws.com
Open in
urlscan Pro
52.219.80.224
Malicious Activity!
Public Scan
Submission: On April 08 via manual from US
Summary
TLS certificate: Issued by DigiCert Baltimore CA-2 G2 on January 14th 2021. Valid for: a year.
This is the only time yenta-unrectifiably.s3.us-east-2.amazonaws.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DocuSign (Online) Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 52.219.80.224 52.219.80.224 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:812::200a | 15169 (GOOGLE) (GOOGLE) | |
8 | 2606:4700:303... 2606:4700:3037::ac43:d32a | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
13 | 4 |
ASN16509 (AMAZON-02, US)
PTR: s3-r-w.us-east-2.amazonaws.com
yenta-unrectifiably.s3.us-east-2.amazonaws.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
smtptemp.site
smtptemp.site |
251 KB |
1 |
googleapis.com
ajax.googleapis.com |
30 KB |
1 |
amazonaws.com
yenta-unrectifiably.s3.us-east-2.amazonaws.com |
78 KB |
13 | 3 |
Domain | Requested by | |
---|---|---|
8 | smtptemp.site |
yenta-unrectifiably.s3.us-east-2.amazonaws.com
|
1 | ajax.googleapis.com |
yenta-unrectifiably.s3.us-east-2.amazonaws.com
|
1 | yenta-unrectifiably.s3.us-east-2.amazonaws.com | |
13 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.s3.us-east-2.amazonaws.com DigiCert Baltimore CA-2 G2 |
2021-01-14 - 2022-01-18 |
a year | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-03-16 - 2021-06-08 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-03-05 - 2022-03-04 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://yenta-unrectifiably.s3.us-east-2.amazonaws.com/xylophone/index.html
Frame ID: AE8053C72A3D44BCE2315E627A73F86D
Requests: 13 HTTP requests in this frame
Screenshot
Detected technologies
Amazon Web Services (PaaS) ExpandDetected patterns
- headers server /^AmazonS3$/i
Amazon S3 (Miscellaneous) Expand
Detected patterns
- headers server /^AmazonS3$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
yenta-unrectifiably.s3.us-east-2.amazonaws.com/xylophone/ |
77 KB 78 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
docusign.png
smtptemp.site/email-list/docusjjksndks4/assets/ |
13 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
outlook.png
smtptemp.site/email-list/docusjjksndks4/assets/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aol.png
smtptemp.site/email-list/docusjjksndks4/assets/ |
10 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
office.png
smtptemp.site/email-list/docusjjksndks4/assets/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yahoo.png
smtptemp.site/email-list/docusjjksndks4/assets/ |
10 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
other-mails.png
smtptemp.site/email-list/docusjjksndks4/assets/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
left.jpg
smtptemp.site/email-list/docusjjksndks4/assets/ |
104 KB 105 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
right.jpg
smtptemp.site/email-list/docusjjksndks4/assets/ |
78 KB 78 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
open-sans-v18-latin-600.woff2
smtptemp.site/email-list/docusjjksndks4/assets/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
open-sans-v18-latin-600.woff
smtptemp.site/email-list/docusjjksndks4/assets/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
open-sans-v18-latin-600.ttf
smtptemp.site/email-list/docusjjksndks4/assets/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- smtptemp.site
- URL
- https://smtptemp.site/email-list/docusjjksndks4/assets/open-sans-v18-latin-600.woff2
- Domain
- smtptemp.site
- URL
- https://smtptemp.site/email-list/docusjjksndks4/assets/open-sans-v18-latin-600.woff
- Domain
- smtptemp.site
- URL
- https://smtptemp.site/email-list/docusjjksndks4/assets/open-sans-v18-latin-600.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DocuSign (Online) Generic (Online)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| _0x4b06 function| _0x4462 object| Zlib function| templatePage function| $ function| jQuery function| window_opener_xc function| get_extra_data0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
smtptemp.site
yenta-unrectifiably.s3.us-east-2.amazonaws.com
smtptemp.site
2606:4700:3037::ac43:d32a
2a00:1450:4001:812::200a
52.219.80.224
0d779de9cb47bee3f0c6d2545c3369e4563b2e92851543c2de3f8c99b65583e7
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
3d5fd81ba0848bb14740ca1a7cc517a0b644d462764f496edb53f27c60e3e97a
41eef1534871755252f954ab626117c9a2d98cf3d07221dce632f10ea1324538
47a7c60bc13b36dff23c8b2f8da20cc63ca7ed74dd2e9436319d88409d6c405f
ab33fda9523b1e4494bae184f373692ef6d899e98767e95bd691602d2b6b5b0c
cd4529ea24c494e15ceac28a0383175c2f657e73f09f30ae7059a800c6803cd2
d87e41914a5ac0aa97c82b7201cfda49b80280d38eddd2445f55d4fc97b36d94
db75dbb1ae9776fa41a13536656b099acf2a97b8d4ebf2ae136dfbc061e2f7d1
df5b43f7cbf30eb3263a475c6db9c5eb6df900810314d5f6e0565a880b410f17