maidenhood-untransformative.s3.us-east-2.amazonaws.com
Open in
urlscan Pro
52.219.101.234
Malicious Activity!
Public Scan
Submission Tags: falconsandbox
Submission: On April 14 via api from US
Summary
TLS certificate: Issued by DigiCert Baltimore CA-2 G2 on January 14th 2021. Valid for: a year.
This is the only time maidenhood-untransformative.s3.us-east-2.amazonaws.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Dropbox (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 52.219.101.234 52.219.101.234 | 16509 (AMAZON-02) (AMAZON-02) | |
12 | 2606:4700:303... 2606:4700:3037::6815:4dbc | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
13 | 2 |
ASN16509 (AMAZON-02, US)
PTR: s3-r-w.us-east-2.amazonaws.com
maidenhood-untransformative.s3.us-east-2.amazonaws.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
smtptemp.site
smtptemp.site |
274 KB |
1 |
amazonaws.com
maidenhood-untransformative.s3.us-east-2.amazonaws.com |
76 KB |
13 | 2 |
Domain | Requested by | |
---|---|---|
12 | smtptemp.site |
maidenhood-untransformative.s3.us-east-2.amazonaws.com
|
1 | maidenhood-untransformative.s3.us-east-2.amazonaws.com | |
13 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.s3.us-east-2.amazonaws.com DigiCert Baltimore CA-2 G2 |
2021-01-14 - 2022-01-18 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-03-05 - 2022-03-04 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://maidenhood-untransformative.s3.us-east-2.amazonaws.com/hasteful/index.html
Frame ID: 091C19055EE5DF84C721B9E8478E81B3
Requests: 13 HTTP requests in this frame
Screenshot
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Amazon Web Services (PaaS) Expand
Detected patterns
- headers server /^AmazonS3$/i
Amazon S3 (Miscellaneous) Expand
Detected patterns
- headers server /^AmazonS3$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
maidenhood-untransformative.s3.us-east-2.amazonaws.com/hasteful/ |
76 KB 76 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
smtptemp.site/email-list/dropboxxncbjh23/img/ |
157 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3.png
smtptemp.site/email-list/dropboxxncbjh23/img/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.png
smtptemp.site/email-list/dropboxxncbjh23/img/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4.png
smtptemp.site/email-list/dropboxxncbjh23/img/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1.png
smtptemp.site/email-list/dropboxxncbjh23/img/ |
159 KB 160 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5.png
smtptemp.site/email-list/dropboxxncbjh23/img/ |
19 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6.png
smtptemp.site/email-list/dropboxxncbjh23/img/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7.png
smtptemp.site/email-list/dropboxxncbjh23/img/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8.png
smtptemp.site/email-list/dropboxxncbjh23/img/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
9.png
smtptemp.site/email-list/dropboxxncbjh23/img/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
10.png
smtptemp.site/email-list/dropboxxncbjh23/img/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
11.png
smtptemp.site/email-list/dropboxxncbjh23/img/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Dropbox (Consumer)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| _0x58ff function| _0x7e40 object| Zlib function| templatePage0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
maidenhood-untransformative.s3.us-east-2.amazonaws.com
smtptemp.site
2606:4700:3037::6815:4dbc
52.219.101.234
0f93308e8f3af63289c0972ebc19f91d538ab4133185e31eec655390cd231ed2
1215a1b8650a0d03e5cd0ad9875f4e3f6c32d681154bdc6d833b9d602252ec6e
1a22170e8689cac860ad634c2c585eeeffd8c79c8b559c9f61545728c5e0ada3
1d92bd03a325f5a9d527b2638a9fd7d94fb33f0233864b8a0dbc182c3ee198f3
2d7ced780fde2b5b5f6342bcd304263f5dce39c68ccdb674ebd7734e7881a77e
356cfa5c973f145f67e2052b91afaeac1a3c40c5d9eecaa8ed099c4e3c502b0c
4095652f16e903b0ed845a041bf171a0776959effa0e038c514c65f905aa5a4c
5f3ab965b003703fcb8d9f83428fde9ada9815f4d691eb44a683a128f90e8b6c
680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c
85e3612450762c0f2c359057df01a73bc25ea215f6cc5145e276228f190e4c88
9397bd0c11caf83acc01d7e9d0e2e00661bb950bad9af28d8b39f2b94c446790
a08340a4e6b2d640a445b9b6df23650371e3ab1c3f709da7e51577c39c27a85e
b2564e3ce7d7dc29b1f0e316c8b86c1f2bf8a6c65501d9ba9aa3fdc7da883f0b