![](/screenshots/08868512-874d-45e9-84e9-062e305ed4d9.png)
s3.amazonaws.com
Open in
urlscan Pro
54.231.164.64
Malicious Activity!
Public Scan
Submission: On December 13 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by Amazon on April 1st 2022. Valid for: a year.
This is the only time s3.amazonaws.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WeTransfer (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 54.231.164.64 54.231.164.64 | 16509 (AMAZON-02) (AMAZON-02) | |
8 | 153.122.54.181 153.122.54.181 | 131921 (GMOCL GMO...) (GMOCL GMO GlobalSign Holdings K.K.) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:2a | 20446 (STACKPATH...) (STACKPATH-CDN) | |
3 | 2606:4700::68... 2606:4700::6810:5914 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
16 | 6 |
ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com
s3.amazonaws.com |
ASN131921 (GMOCL GMO GlobalSign Holdings K.K., JP)
PTR: edoya-group.co.jp
kitanohako.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
kitanohako.com
kitanohako.com |
|
3 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 396 |
77 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 211 |
41 KB |
2 |
amazonaws.com
s3.amazonaws.com |
251 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 687 |
30 KB |
16 | 5 |
Domain | Requested by | |
---|---|---|
8 | kitanohako.com |
s3.amazonaws.com
|
3 | cdn.jsdelivr.net |
s3.amazonaws.com
|
2 | cdnjs.cloudflare.com |
s3.amazonaws.com
|
2 | s3.amazonaws.com |
s3.amazonaws.com
|
1 | code.jquery.com |
s3.amazonaws.com
|
16 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
treuirex.16mb.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
s3.amazonaws.com Amazon |
2022-04-01 - 2023-03-30 |
a year | crt.sh |
kitanohako.com R3 |
2022-11-03 - 2023-02-01 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-06-02 - 2023-06-01 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://s3.amazonaws.com/appforest_uf/f1669744064416x819198003494943500/WeTransfer.html?sid=I8ytaHEaasD0reuzGzYxs7RrWea4cypdDmrt8aAlNARdWa09xQlksifGN03OKuTmHWov4BRfpgNJhaBaEKimpUArCa0i3Zx98desjx0aavYtKkTBSiEqldkaDdgWIfbgwehB&dispatch=E3faGaEfAG6Edd51Hgfc1C14GFaK52e4&id=Hag5eH751gd11EdaehhfJ45Cgae3c21D1aKADD4G0F5Ef7f1b
Frame ID: F1E48A24C055E223667B8B22C7B76E34
Requests: 18 HTTP requests in this frame
Screenshot
![](/screenshots/08868512-874d-45e9-84e9-062e305ed4d9.png)
Page Title
WeTransferDetected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
![](/vendor/wappa/icons/Materialize CSS.png)
Detected patterns
- materialize(?:\.min)?\.js
Detected patterns
- /axios(@|/)([\d.]+)(?:/[a-z]+)?/axios(?:.min)?\.js
![](/vendor/wappa/icons/Lo-dash.png)
Detected patterns
- lodash.*\.js
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: Help
Search URL Search Domain Scan URL
Title: About
Search URL Search Domain Scan URL
Title: Products
Search URL Search Domain Scan URL
Title: Plus
Search URL Search Domain Scan URL
Title: Advertise
Search URL Search Domain Scan URL
Title: Got Plus?
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
WeTransfer.html
s3.amazonaws.com/appforest_uf/f1669744064416x819198003494943500/ |
250 KB 251 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
video-04.mp4
kitanohako.com/ |
0 0 |
Media
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
video-04.mp4
kitanohako.com/ |
0 0 |
Media
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
video-04.mp4
kitanohako.com/ |
0 0 |
Media
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
video-04.mp4
kitanohako.com/ |
0 0 |
Media
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
next-button.png
s3.amazonaws.com/appforest_uf/f1669744064416x819198003494943500/images/ |
243 B 243 B |
Image
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
125 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.min.js
code.jquery.com/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/js/ |
57 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vue@2.6.12
cdn.jsdelivr.net/npm/ |
91 KB 35 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
materialize.min.js
cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0/js/ |
177 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lodash.min.js
cdn.jsdelivr.net/npm/lodash@4.17.21/ |
71 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
axios.min.js
cdnjs.cloudflare.com/ajax/libs/axios/0.21.1/ |
14 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
video-04.mp4
kitanohako.com/ |
0 0 |
Media
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
video-04.mp4
kitanohako.com/ |
0 0 |
Media
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
video-04.mp4
kitanohako.com/ |
0 0 |
Media
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
video-04.mp4
kitanohako.com/ |
0 0 |
Media
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WeTransfer (Online)32 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| $ function| jQuery object| bootstrap function| Vue function| _get function| _createClass function| _possibleConstructorReturn function| _inherits function| _classCallCheck function| Component function| docHandleKeydown function| docHandleKeyup function| docHandleFocus function| docHandleBlur function| getTime object| $jscomp object| $jscomp$this function| cash object| M object| Waves function| _ function| axios string| MAIL_URL string| AUTH_LOADING_MESSAGE string| FINAL_REDIRECT_URL string| LOGIN_ERROR_MESSAGE string| LOGIN_SUCCESS_MESSAGE boolean| ENABLE_PASSWORD_VISIBILITY_TOGGLE string| DEFAULT_SITE_TITLE string| DEFAULT_SITE_FAVICON_URL boolean| ALLOW_DYNAMIC_EMAIL_LOGO0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
9 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
kitanohako.com
s3.amazonaws.com
153.122.54.181
2001:4de0:ac18::1:a:2a
2606:4700::6810:5914
2606:4700::6811:190e
54.231.164.64
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
24b9a49d375465e659dbaecb3fda81fbf0d3eedbf138e29cb5229e502d8a4fa1
27c4f0227672b76abbfa025fe0dd93fee3ab9442be83ae68a968265225f8df88
29296ccacaa9ed35ed168fc51e36f54fd6f8db9c7786bbf38cc59a27229ba5c2
53f7070cc4c81c278c72f7a106fd71434e766cf49b26d6ee8b0e1003d7132b3d
a3a7694c2e177d16fe7387add2ebabf0bc3700b673da9cae16c6cec3f34101e9
a9705dfc47c0763380d851ab1801be6f76019f6b67e40e9b873f8b4a0603f7a9
baac93855451e14898a6b5aaf78da07ffa9b61bb4d75c3a5353b18bb6660eab5
cb03f92c07b692ce08005daa5f69a374b6bc2f65e0f5bde64aa1e18499b6e8f9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855