
Comodo issued valid certificate for [scam URL] amazon buckets - dhuyp
https://censys.io/certificates/7ff0e2dd7692fd12020c29298a67787e5b0d07d67d1ec471d536ab317b0e8dac
======
totalthrowaway
That is not Amazon.

    
    
      ~ whois s3-amazonaws.com
       Domain Name: S3-AMAZONAWS.COM
       Registry Domain ID: 2246085106_DOMAIN_COM-VRSN
       Registrar WHOIS Server: whois.namesilo.com
       Registrar URL: http://www.namesilo.com
       Updated Date: 2018-03-31T13:23:14Z
       Creation Date: 2018-03-31T13:07:29Z
       Registry Expiry Date: 2019-03-31T13:07:29Z
       Registrar: NameSilo, LLC
       Registrar IANA ID: 1479
       Registrar Abuse Contact Email: abuse@namesilo.com
       Registrar Abuse Contact Phone: +1.4805240066
       Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
       Name Server: JIM.NS.CLOUDFLARE.COM
       Name Server: OLGA.NS.CLOUDFLARE.COM
       DNSSEC: unsigned
       URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/

~~~
dhuyp
It was from good faith, I was just checking s3.amazonaws.com and censys pop me
that here, bad reading...

------
bashtoni
Buckets are at s3.amazonaws.com, the domain mentioned is s3-amazonaws.com.

You could certainly argue if Comodo doesn't catch stuff like this then what
value are they bringing, but it isn't as serious as the title implies.

~~~
dhuyp
There are some other shady stuff...
[https://censys.io/certificates?q=sni182947.cloudflaressl.com](https://censys.io/certificates?q=sni182947.cloudflaressl.com)

------
dhuyp
Sorry about the initial title, I was tricked by the result
[https://censys.io/certificates?q=s3.amazonaws.com&page=6](https://censys.io/certificates?q=s3.amazonaws.com&page=6)

------
wut42
It's via CloudFlare.

Also the "s3-amazonaws.com" looks like a scam domain.

------
redbeard0x0a
Fortunately, this is not the actual S3 domain, but one that is very similar.
s3<dash>amazonaws instead of s3<dot>amazonaws.

Regardless, this is still shady.

------
jstanley
The bit you're looking for here is the hostname:

> *.s3-amazonaws.com

Edit: but I believe real S3 hostnames are of the form foo.s3.amazonaws.com

~~~
wut42
It's s3-amazonaws.com, not s3.amazonaws.com.

------
donmcronald
That’s a pretty good scam domain. Can’t big companies scan CT logs to be
proactive about those types of domains?

------
jgrahamc
I reported this to Cloudflare's Trust and Safety team and it has been taken
care of.

------
ingenieroariel
Can the title be updated with the word 'fake amazon buckets'?

~~~
dhuyp
Done

------
floatingatoll
Have you reported the scam domain to Amazon Security?

------
rhacker
Is the title of this HN post the article? And link is the proof? Just trying
to understand what's going on. Some kind of attempt of getting a trick domain?

------
hiciu
s3-amazonaws.com? That's not amazon, that's just some random domain.

