tfn41.s3.amazonaws.com
Open in
urlscan Pro
3.5.16.172
Malicious Activity!
Public Scan
Submission Tags: https://phish.report @phish_report Search All
Submission: On August 01 via api from FI — Scanned from FI
Summary
TLS certificate: Issued by Amazon RSA 2048 M01 on March 21st 2023. Valid for: 9 months.
This is the only time tfn41.s3.amazonaws.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Tech Support Scam (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
18 | 3.5.16.172 3.5.16.172 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 2a00:1450:400... 2a00:1450:4001:82a::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:808::2008 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:831::2003 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:831::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 2001:4860:480... 2001:4860:4802:34::36 | 15169 (GOOGLE) (GOOGLE) | |
26 | 6 |
ASN14618 (AMAZON-AES, US)
PTR: s3-1-w.amazonaws.com
tfn41.s3.amazonaws.com |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
amazonaws.com
tfn41.s3.amazonaws.com |
2 MB |
3 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 58 region1.google-analytics.com — Cisco Umbrella Rank: 1914 |
21 KB |
2 |
gstatic.com
fonts.gstatic.com |
43 KB |
2 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 73 |
141 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 79 |
1 KB |
26 | 5 |
Domain | Requested by | |
---|---|---|
18 | tfn41.s3.amazonaws.com |
tfn41.s3.amazonaws.com
|
2 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com |
2 | fonts.gstatic.com |
tfn41.s3.amazonaws.com
|
2 | www.googletagmanager.com |
tfn41.s3.amazonaws.com
www.googletagmanager.com |
1 | region1.google-analytics.com |
www.googletagmanager.com
|
1 | fonts.googleapis.com |
tfn41.s3.amazonaws.com
|
26 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.s3.amazonaws.com Amazon RSA 2048 M01 |
2023-03-21 - 2023-12-19 |
9 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-07-10 - 2023-10-02 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-07-10 - 2023-10-02 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-07-10 - 2023-10-02 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://tfn41.s3.amazonaws.com/Win38/index.html
Frame ID: 71C991B1B42BD6C52D35656E95463477
Requests: 26 HTTP requests in this frame
Screenshot
Page Title
Microsoft Help Support Assistance c0de #D2xdvi7Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Analytics (Analytics) Expand
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtag/js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
tfn41.s3.amazonaws.com/Win38/ |
87 KB 88 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
tfn41.s3.amazonaws.com/Win38/ |
8 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
scripts.js
tfn41.s3.amazonaws.com/Win38/ |
7 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
tfn41.s3.amazonaws.com/Win38/ |
82 KB 83 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
tfn41.s3.amazonaws.com/Win38/ |
59 KB 59 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-awesome.min.css
tfn41.s3.amazonaws.com/Win38/ |
27 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
6 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg.png
tfn41.s3.amazonaws.com/Win38/ |
819 KB 819 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
minimize.jpg
tfn41.s3.amazonaws.com/Win38/ |
17 KB 17 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft.png
tfn41.s3.amazonaws.com/Win38/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
qsbs-firewall.png
tfn41.s3.amazonaws.com/Win38/ |
920 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s-S4-acc.png
tfn41.s3.amazonaws.com/Win38/ |
813 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Z5BR-network.png
tfn41.s3.amazonaws.com/Win38/ |
607 B 1013 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
uZbx-si.png
tfn41.s3.amazonaws.com/Win38/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
-EBq-current.png
tfn41.s3.amazonaws.com/Win38/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nOxp-sett.png
tfn41.s3.amazonaws.com/Win38/ |
463 B 869 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cross.png
tfn41.s3.amazonaws.com/Win38/ |
377 KB 378 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
178 KB 65 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v16/ |
21 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v16/ |
21 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
_Fm7-alert.mp3
tfn41.s3.amazonaws.com/Win38/ |
196 KB 197 KB |
Media
audio/mp3 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
a0ler0tm0s.mp3
tfn41.s3.amazonaws.com/Win38/ |
255 B 544 B |
Media
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
215 KB 76 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
52 KB 21 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 250 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/j/ |
1 B 211 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Tech Support Scam (Consumer)25 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| startScan function| playSound object| date string| current_date string| current_time string| date_time function| $ function| jQuery object| bootstrap object| elem function| openFullscreen function| closeFullscreen string| lang function| showmess object| Helper function| addEvent function| gtag object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaGlobal object| gaplugins object| gaData4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.tfn41.s3.amazonaws.com/ | Name: _ga_0K4M53BF1F Value: GS1.1.1690906033.1.0.1690906033.0.0.0 |
|
.tfn41.s3.amazonaws.com/ | Name: _ga Value: GA1.4.1241553823.1690906034 |
|
.tfn41.s3.amazonaws.com/ | Name: _gid Value: GA1.4.1056752380.1690906034 |
|
.tfn41.s3.amazonaws.com/ | Name: _gat_gtag_UA_164919641_1 Value: 1 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
fonts.gstatic.com
region1.google-analytics.com
tfn41.s3.amazonaws.com
www.google-analytics.com
www.googletagmanager.com
2001:4860:4802:34::36
2a00:1450:4001:808::2008
2a00:1450:4001:82a::200a
2a00:1450:4001:831::2003
2a00:1450:4001:831::200e
3.5.16.172
03ca7651cf34b5547fee4460d33c1b33cec3a7f78af5e29c985af90772a2dcac
1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27
2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515
242352e87d1bfc9de76551b6cf56ea9d2482dea58da42806357f645df44729c2
52b762d47c066e16300675d56cc359b504ffd3239438c96eb973864311bb7b79
63c9e4c1df0754d12f34763743b2b27f3feb148f5794ee39ee66381883ffbaf7
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
772c72ce84fd0ed89126c3582e1f4f7638402ed75052db54c3f3bff7ec638f7c
79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582
92d8510869b3d581401a93130fa72e4b54c5bf28dc8005994c5248d9afbfc37b
9cffd13c2ce05ebe032709a88fa59504e1218a12b175ec40d5aab280c18be51e
9edbf56b360080f5d6765dce77353b8130e9f8316ad34c68f6c2792cdc446321
a85f1e749a829c5c909837844c6b53ce0a9ae2adb7c8eac0e7b96c372c679a0d
c1782a8e7e3ff0043f0b4312520e07f8477299e2ac89a11ec473f847c1bc3dc3
c1d52e31f7fc13cbb3efca8b0ec937ddd97a5ec545c4dad26193429db10d8662
c3ad6aa1c03fd108854f008cfec2753ba623e1470a4d61798b5d8c050e474868
c56a8ae4818963e0d71eda4ebf46b4f2cdd3a238537dc8e99711fb690d272a73
d300d2edd62dfe7de6be807f0979477e27e4add5f70423e1da0f7a58d058ca42
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee4bc5fe81fa7c1e8497d79c9c8a96485df217092d334e9b48fa8840fed11d03
ee94f46aecf6fbed409cc7575ec3beca259bc1d8863401fe9325959426e0d270
f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7
f68fb56eeb438c92833959df23da707039fda73f6938fc3c34ac74283559c217
f92d993f18f031bf17ecd320fb02a63b4b4c6361d80a64a539aef1b1015d9823
fc59bbb18f923747b9cd3f3b23537ff09c5ad2fdfc1505a4800a3f269a234e65