glebe-lyrate.s3.us-east-2.amazonaws.com
Open in
urlscan Pro
52.219.88.232
Malicious Activity!
Public Scan
Submission Tags: falconsandbox
Submission: On April 07 via api from US
Summary
TLS certificate: Issued by DigiCert Baltimore CA-2 G2 on January 14th 2021. Valid for: a year.
This is the only time glebe-lyrate.s3.us-east-2.amazonaws.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: AOL (Online) Office 365 (Online) Generic (Online) Google (Online) Dropbox (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 52.219.88.232 52.219.88.232 | 16509 (AMAZON-02) (AMAZON-02) | |
17 | 2606:4700:303... 2606:4700:3037::ac43:d32a | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
18 | 2 |
ASN16509 (AMAZON-02, US)
PTR: s3-r-w.us-east-2.amazonaws.com
glebe-lyrate.s3.us-east-2.amazonaws.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
smtptemp.site
smtptemp.site |
195 KB |
1 |
amazonaws.com
glebe-lyrate.s3.us-east-2.amazonaws.com |
85 KB |
18 | 2 |
Domain | Requested by | |
---|---|---|
17 | smtptemp.site |
glebe-lyrate.s3.us-east-2.amazonaws.com
smtptemp.site |
1 | glebe-lyrate.s3.us-east-2.amazonaws.com | |
18 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.s3.us-east-2.amazonaws.com DigiCert Baltimore CA-2 G2 |
2021-01-14 - 2022-01-18 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-03-05 - 2022-03-04 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://glebe-lyrate.s3.us-east-2.amazonaws.com/emmenic/index.html
Frame ID: B59709E942408FFF87E88BDFF5BE6C6B
Requests: 18 HTTP requests in this frame
Screenshot
Detected technologies
Amazon Web Services (PaaS) ExpandDetected patterns
- headers server /^AmazonS3$/i
Amazon S3 (Miscellaneous) Expand
Detected patterns
- headers server /^AmazonS3$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
glebe-lyrate.s3.us-east-2.amazonaws.com/emmenic/ |
84 KB 85 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
featuredcontentglider.js
smtptemp.site/email-list/dropcbnbc211/images/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
smtptemp.site/email-list/dropcbnbc211/images/ |
56 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
R3WinLive1033.css
smtptemp.site/email-list/dropcbnbc211/images/ |
16 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
featuredcontentglider.css
smtptemp.site/email-list/dropcbnbc211/images/ |
2 KB 942 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yahoo.css
smtptemp.site/email-list/dropcbnbc211/images/ |
734 B 544 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aol.css
smtptemp.site/email-list/dropcbnbc211/images/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
newcss.css
smtptemp.site/email-list/dropcbnbc211/images/ |
49 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dropbox_logo.png
smtptemp.site/email-list/dropcbnbc211/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aol-logo.png
smtptemp.site/email-list/dropcbnbc211/images/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Office_365_logo.png
smtptemp.site/email-list/dropcbnbc211/images/ |
25 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
outlook.png
smtptemp.site/email-list/dropcbnbc211/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yahoo.png
smtptemp.site/email-list/dropcbnbc211/images/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
universal_language_settings-21.png
smtptemp.site/email-list/dropcbnbc211/images/ |
199 B 912 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sign-in-boulder-vfl2oGV4v.png
smtptemp.site/email-list/dropcbnbc211/images/ |
67 KB 68 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aol-canvas1.jpg
smtptemp.site/email-list/dropcbnbc211/images/ |
5 KB 5 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
imagesnew.png
smtptemp.site/email-list/dropcbnbc211/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yahoo-login-sprite-1.4.png
smtptemp.site/email-list/dropcbnbc211/images/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: AOL (Online) Office 365 (Online) Generic (Online) Google (Online) Dropbox (Consumer)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| _0x2dba function| _0x2cab object| Zlib object| featuredcontentglider undefined| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
glebe-lyrate.s3.us-east-2.amazonaws.com
smtptemp.site
2606:4700:3037::ac43:d32a
52.219.88.232
0033ddd49d1d23a65264aec8e41fe840059ba9a67de03589ccd56e22fc4016d8
1fb777a7314a12c85b1a991af8c1eae7fc0a9382cd7f4d9c592414b069f3fc0e
3fe90abdd65d54c61976f3bb5977a65e8b78777410c725b28c0c13d861d54548
533c50e7b595aaa54d70af3e3a8b8ea1ddd864d7f70e4c6304260e88f898c86f
59404af2d92c53ad1ee9e21b252c07c77dcba810b248a79d6ae989b1ff63c7d6
6b1af85883b2ab64690488468bf9fb0699b82e0b8c3239129847e726bcd79c1b
7813ef3984ab4a9e109a86c664abe3f249cae313baaf7922c00761050d3fab28
8ae79a4d18eea420af0fd562d43879b569bbd2c622da6deba79f6c202e385361
8bf1652c6821d011190717ef57d9b7018a2293f68a755c34bc9a21db5bddc3c7
9266c6f7b1df08abb0c91bf2d28bff1e5e4b1e1a43e396ec8254c8f861395701
9c7f280a857ff6f1ad8cd70df8dc7b71cdb45fc7d60c774b57ff5375bc325d11
9f86cef4ad68fff9302ceddc1d9d084637731ba2a4e5bfa453e036a0e4195d9a
a99a72143ee8b6d9ead7e1fb4212416d69ecd40c78f80e5625eae063246f813e
b0b8bfed0512e2d54a41bd27a33cd3eff136e4b52e986fd0f6eb74c32a543b1e
c504da63cf64dcc978add87ad775fee670e5856d2dbe055a1d543f3a45068010
c8370a2d050359e9d505acc411e6f457a49b21360a21e6cbc9229bad3a767899
f3e22262b472ee52e51e9f053856daf9a3f7ce59dd66d51f201f1ee7faaf5690
f486dd244f3bae8a006758b411a1b19799d4b23aff2c360ec7b7b72c187deaa3