techie-tell-8b3983c6.s3.us-east-2.amazonaws.com
Open in
urlscan Pro
52.219.84.24
Malicious Activity!
Public Scan
Effective URL: https://techie-tell-8b3983c6.s3.us-east-2.amazonaws.com/cooking/index.html
Submission Tags: phishing
Submission: On March 04 via api from US
Summary
TLS certificate: Issued by DigiCert Baltimore CA-2 G2 on January 14th 2021. Valid for: a year.
This is the only time techie-tell-8b3983c6.s3.us-east-2.amazonaws.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Yahoo (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 67.199.248.11 67.199.248.11 | 396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD) | |
1 | 52.219.84.24 52.219.84.24 | 16509 (AMAZON-02) (AMAZON-02) | |
8 | 2a00:1288:80:... 2a00:1288:80:800::7000 | 203220 (YAHOO-DEB) (YAHOO-DEB) | |
9 | 2 |
ASN16509 (AMAZON-02, US)
PTR: s3-r-w.us-east-2.amazonaws.com
techie-tell-8b3983c6.s3.us-east-2.amazonaws.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
yimg.com
s.yimg.com |
180 KB |
1 |
amazonaws.com
techie-tell-8b3983c6.s3.us-east-2.amazonaws.com |
79 KB |
1 |
bit.ly
1 redirects
bit.ly |
284 B |
9 | 3 |
Domain | Requested by | |
---|---|---|
8 | s.yimg.com |
techie-tell-8b3983c6.s3.us-east-2.amazonaws.com
s.yimg.com |
1 | techie-tell-8b3983c6.s3.us-east-2.amazonaws.com | |
1 | bit.ly | 1 redirects |
9 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.yahoo.com |
help.yahoo.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.s3.us-east-2.amazonaws.com DigiCert Baltimore CA-2 G2 |
2021-01-14 - 2022-01-18 |
a year | crt.sh |
*.yahoo.com DigiCert SHA2 High Assurance Server CA |
2021-02-21 - 2021-04-06 |
a month | crt.sh |
This page contains 2 frames:
Primary Page:
https://techie-tell-8b3983c6.s3.us-east-2.amazonaws.com/cooking/index.html
Frame ID: 8810FF9ACF7F6238CCB365ABEF19CAE9
Requests: 7 HTTP requests in this frame
Frame:
https://s.yimg.com/rq/darla/4-7-1/html/r-sf.html
Frame ID: 7BD1D45863EB7D53C5017ED1F222CD5A
Requests: 2 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://bit.ly/3qlfzSV
HTTP 301
https://techie-tell-8b3983c6.s3.us-east-2.amazonaws.com/cooking/index.html Page URL
Detected technologies
Amazon Web Services (PaaS) ExpandDetected patterns
- headers server /^AmazonS3$/i
Amazon S3 (Miscellaneous) Expand
Detected patterns
- headers server /^AmazonS3$/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://bit.ly/3qlfzSV
HTTP 301
https://techie-tell-8b3983c6.s3.us-east-2.amazonaws.com/cooking/index.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
techie-tell-8b3983c6.s3.us-east-2.amazonaws.com/cooking/ Redirect Chain
|
79 KB 79 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yahoo-main.css
s.yimg.com/wm/mbr/5559811e4fa050d74c5c521311eebe120b64bbc4/ |
451 KB 90 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png
s.yimg.com/rz/p/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yahoo_frontpage_en-US_s_f_w_bestfit_frontpage_2x.png
s.yimg.com/rz/p/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Yahoo_Sans-Regular.woff2
s.yimg.com/cv/ae/sports/fonts/2017/ |
28 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
r-sf.html
s.yimg.com/rq/darla/4-7-1/html/ Frame 7BD1 |
2 KB 1000 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
checkbox-checked.svg
s.yimg.com/wm/mbr/images/ |
1 KB 883 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Yahoo_Sans-Medium.woff2
s.yimg.com/cv/ae/sports/fonts/2017/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sfext-min.js
s.yimg.com/rq/darla/4-7-1/js/ Frame 7BD1 |
63 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Yahoo (Online)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| _0x1935 function| _0x31bf object| Zlib function| templatePage0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bit.ly
s.yimg.com
techie-tell-8b3983c6.s3.us-east-2.amazonaws.com
2a00:1288:80:800::7000
52.219.84.24
67.199.248.11
0fdefe26bac6a6b0b06fe67984582f887af70b7da25d6cb1b401f9074db58338
11b4310df6e27428e7cf86f316abdc10148ac5cf3c8bbbd5b85c88b9f6290c59
4f47ef8ff3dad2a78360ab207cf35ff2905622511c0426109f6e225052cf5637
7ef751a44c2db01056cbdd8e5dc3772ccc817783a190224c49a55c77ad429efd
a4f2fda75be54edc17ff7c1378b26583ed6615bfbe285a5ccd862d85090dd98f
d5312dacbe6f248c6c4b60251d7acf77bc3bc891cd9b880dead36d9babb288c4
e459da7ddb57e6cc620d9527867c860a42bbf9f2024576acf109ceb9d4a08676
eb2783e0f4ae428363f7e36fc4ecb4057dbae329d858efee6775ba60f254a81d
fc0e2df417e7959509df87df6b4de2eb1479c8718bc2d8ab0bc70d3753c68560