s3.amazonaws.com Open in urlscan Pro
52.217.109.46 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://docsend.com/view/7xcmixgb4h945dii
Effective URL:
https://s3.amazonaws.com/appforest_uf/f1677521067353x917105622648158000/adobe.html
Submission: On February 27 via api (February 27th 2023, 9:01:27 pm UTC) from US — Scanned from DE

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 8 domains to perform 11 HTTP transactions. The main IP is 52.217.109.46, located in Ashburn, United States and belongs to AMAZON-02, US. The main domain is s3.amazonaws.com.
TLS certificate: Issued by Amazon RSA 2048 M01 on December 6th 2022. Valid for: a year.

This is the only time s3.amazonaws.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online) OneDrive (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	3.232.242.170 3.232.242.170	14618 (AMAZON-AES) (AMAZON-AES)
1	52.217.109.46 52.217.109.46	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2620:0:862:ed... 2620:0:862:ed1a::2:b	14907 (WIKIMEDIA) (WIKIMEDIA)
4	2606:4700::68... 2606:4700::6812:8b2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:400d:80e::200a	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:200... 2a04:4e42:200::485	54113 (FASTLY) (FASTLY)
1	162.19.88.69 162.19.88.69	16276 (OVH) (OVH)
11	7

1 3.232.242.170 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-232-242-170.compute-1.amazonaws.com

docsend.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.217.109.46 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:0:862:ed1a::2:b (United States)

ASN14907 (WIKIMEDIA, US)

upload.wikimedia.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:8b2 (United States)

ASN13335 (CLOUDFLARENET, US)

i.gyazo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:80e::200a (Ireland)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.88.69 (France)

ASN16276 (OVH, FR)
PTR: ns3221384.ip-162-19-88.eu

i.postimg.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	gyazo.com i.gyazo.com — Cisco Umbrella Rank: 104547	52 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 788 stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2316	36 KB
1	postimg.cc i.postimg.cc — Cisco Umbrella Rank: 18734	145 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 339	1 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 306	30 KB
1	wikimedia.org upload.wikimedia.org — Cisco Umbrella Rank: 2261	60 KB
1	amazonaws.com s3.amazonaws.com	108 KB
1	docsend.com 1 redirects docsend.com — Cisco Umbrella Rank: 77131	5 KB
11	8

	Domain	Requested by
4	i.gyazo.com	s3.amazonaws.com
1	i.postimg.cc	s3.amazonaws.com
1	cdn.jsdelivr.net	s3.amazonaws.com
1	stackpath.bootstrapcdn.com	s3.amazonaws.com
1	ajax.googleapis.com	s3.amazonaws.com
1	upload.wikimedia.org	s3.amazonaws.com
1	maxcdn.bootstrapcdn.com	s3.amazonaws.com
1	s3.amazonaws.com
1	docsend.com	1 redirects
11	9

This site contains no links.

Subject Issuer	Validity	Valid
s3.amazonaws.com Amazon RSA 2048 M01	`2022-12-06` - `2023-12-05`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-12-30` - `2023-12-30`	a year	crt.sh
*.wikipedia.org DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-10-27` - `2023-11-17`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
postimg.cc R3	`2023-02-18` - `2023-05-19`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://s3.amazonaws.com/appforest_uf/f1677521067353x917105622648158000/adobe.html
Frame ID: 8BAD36A4F71837FDD5F43894403B6DC9
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to your account

Page URL History Show full URLs

https://docsend.com/view/7xcmixgb4h945dii HTTP 302
https://s3.amazonaws.com/appforest_uf/f1677521067353x917105622648158000/adobe.html Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

11
Requests

100 %
HTTPS

63 %
IPv6

8
Domains

9
Subdomains

7
IPs

3
Countries

432 kB
Transfer

640 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://docsend.com/view/7xcmixgb4h945dii HTTP 302
https://s3.amazonaws.com/appforest_uf/f1677521067353x917105622648158000/adobe.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request adobe.html Show response
s3.amazonaws.com/appforest_uf/f1677521067353x917105622648158000/
Redirect Chain

https://docsend.com/view/7xcmixgb4h945dii
https://s3.amazonaws.com/appforest_uf/f1677521067353x917105622648158000/adobe.html

107 KB
108 KB

333ms
109ms

Document
text/html

52.217.109.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/appforest_uf/f1677521067353x917105622648158000/adobe.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.109.46 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 9f7eb7c535be3f7ca855045f970ca818f32bb28ebc25752bf50e8cf0abd6957c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: public,max-age=86400
Content-Length: 109627
Content-Type: text/html
Date: Mon, 27 Feb 2023 21:01:23 GMT
ETag: "03d071a86e538a80eb68a442dcd826c3"
Last-Modified: Mon, 27 Feb 2023 18:04:28 GMT
Server: AmazonS3
x-amz-id-2: hl7nTty8UBK/YUtBCHN3Kb0Hvt6xZcyk6BIV6yjp4m1PWqO/U+neXguHwpWnWN4tTH5UPDM9YsQ=
x-amz-meta-app-version: test
x-amz-meta-appname: microsline
x-amz-request-id: TH6HMZ3MK0BVHKQT
x-amz-server-side-encryption: AES256
x-amz-version-id: IEEJWFq3_bhIakB2CyEYJTPAKHWX5Bx2

Redirect headers

Cache-Control: no-cache
Connection: keep-alive
Content-Encoding: gzip
Content-Security-Policy: script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' https://d2qvtfnm75xrxf.cloudfront.net https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://*.google-analytics.com https://cdn.segment.com https://scripts.kissmetrics.com https://*.id.opendns.com https://js-agent.newrelic.com https://*.nr-data.net https://www.youtube.com https://*.ytimg.com https://vimeo.com https://www.vimeo.com https://www.googletagmanager.com https://www.googleadservices.com https://tagmanager.google.com https://connect.facebook.net https://*.quora.com https://*.bing.com https://api.autopilothq.com https://*.capterra.com https://*.g.doubleclick.net https://js.hs-analytics.net https://js.hs-scripts.com https://js-na1.hs-scripts.com https://js.hscollectedforms.net https://js.hsleadflows.net https://js.stripe.com https://checkout.stripe.com https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://maps.googleapis.com https://static.filestackapi.com https://zapier.com https://d2wy8f7a9ursnm.cloudfront.net https://polyfill.io/v3/polyfill.min.js 'nonce-UpY1X3b7B9cz4v+In19MGA=='; report-uri https://www.dropbox.com/csp_log?policy_name=docsend; default-src 'self'; base-uri 'self'; child-src 'self' blob:; connect-src 'self' blob: https://d2qvtfnm75xrxf.cloudfront.net https://*.previews.dropboxusercontent.com/*/p.m3u8 https://*.dropboxusercontent.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.intercomcdn.com https://uploads.intercomusercontent.com https://sessions.bugsnag.com https://notify.bugsnag.com https://*.browser-intake-datadoghq.com https://*.kissmetrics.com https://*.kissmetrics.io https://api.segment.io https://cdn.segment.com https://*.id.opendns.com https://www.google-analytics.com https://*.g.doubleclick.net https://www.facebook.com https://api.autopilothq.com https://*.filestackapi.com https://cdn.filestackcontent.com https://s3.amazonaws.com https://*.nr-data.net https://*.dropbox.com https://*.dropboxapi.com https://*.dropboxstatic.com https://browser.pipe.aria.microsoft.com https://checkout.stripe.com https://forms.hubspot.com https://*.pubnub.com https://docsend-prod.s3.amazonaws.com; font-src 'self' https: data: chrome-extension:; form-action 'self' https://docsend.com https://*.docsend.com https://intercom.help https://api-iam.intercom.io https://accounts.google.com https://www.linkedin.com https://*.salesforce.com https://www.dropbox.com https://accounts.logme.in https://secure.join.me https://*.okta.com https://*.oktapreview.com https://*.jumpcloud.com https://*.onelogin.com https://zapier.com https://ifttt.com https://www.facebook.com; frame-src 'self' https://d2qvtfnm75xrxf.cloudfront.net https://js.stripe.com https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com https://*.g.doubleclick.net https://tpc.googlesyndication.com https://www.facebook.com https://telemetryservice.firstpartyapps.oaspapps.com https://consent.dropbox.com https://ifttt.com; img-src 'self' https: data: blob: chrome-extension:; media-src 'self' blob: data: https://d2qvtfnm75xrxf.cloudfront.net https://js.intercomcdn.com https://*.dropboxusercontent.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://d2qvtfnm75xrxf.cloudfront.net https://fonts.googleapis.com https://tagmanager.google.com https://static.filestackapi.com https://use.fontawesome.com https://vjs.zencdn.net; worker-src 'self' blob:
Content-Type: text/html; charset=utf-8
Date: Mon, 27 Feb 2023 21:01:22 GMT
Location: https://s3.amazonaws.com/appforest_uf/f1677521067353x917105622648158000/adobe.html
Server: nginx
Strict-Transport-Security: max-age=31556952; includeSubDomains; preload
Transfer-Encoding: chunked
Vary: Accept-Encoding, Origin
Via: 1.1 vegur
X-Frame-Options: DENY
X-Request-Id: 488c6b63-ffce-4471-b48e-ca0108480a5a
X-Runtime: 0.108173

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ 141 KB
22 KB 33ms
16ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

Requested by

Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/appforest_uf/f1677521067353x917105622648158000/adobe.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 21:01:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 941
age: 4733826
cdn-cachedat: 08/03/2022 13:22:01
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: W/"450fc463b8b1a349df717056fbb3e078"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 8f3ad9ccac945f8aa869720049edcaec
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 7a03dafa88712c59-FRA
cdn-requestpullsuccess: True

GET
H2 200 2560px-Adobe_Corporate_logo.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/6/6e/Adobe_Corporate_logo.svg/ 60 KB
60 KB 82ms
26ms Image
image/png 2620:0:862:ed1a::2:b
WIKIMEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://upload.wikimedia.org/wikipedia/commons/thumb/6/6e/Adobe_Corporate_logo.svg/2560px-Adobe_Corporate_logo.svg.png

Requested by

Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/appforest_uf/f1677521067353x917105622648158000/adobe.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:0:862:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US),

Reverse DNS

Software

ATS/9.1.4 /

Resource Hash

6449c34df1ee037c74f51fedd201bbffc2075af302d4d4d62a9257b6d92fe211

Security Headers

Name	Value
Strict-Transport-Security	max-age=106384710; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 14:56:09 GMT
strict-transport-security: max-age=106384710; includeSubDomains; preload
x-content-type-options: nosniff
nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
age: 21913
x-cache-status: hit-front
x-cache: cp3063 hit, cp3065 hit/2
content-disposition: inline;filename*=UTF-8''Adobe_Corporate_logo.svg.png
server-timing: cache;desc="hit-front", host;desc="cp3065"
content-length: 60938
x-client-ip: 2001:ac8:20:3b00:1012:d86b:e670:668f
last-modified: Sat, 20 Aug 2022 11:53:53 GMT
server: ATS/9.1.4
etag: 3e35200aa9c6b638ba7713cf94c148cd
report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 6eae75d87eebc05d2e882397e5ef8480.png
i.gyazo.com/ 18 KB
18 KB 68ms
33ms Image
image/png 2606:4700::6812:8b2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.gyazo.com/6eae75d87eebc05d2e882397e5ef8480.png
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/appforest_uf/f1677521067353x917105622648158000/adobe.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:8b2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 71e729939e175f4ae9d3fcc645d6b7389ec341a47a84950e047197331fdc22f1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 21:01:23 GMT
via: 1.1 google
cf-cache-status: HIT
age: 45124
content-length: 18147
server: cloudflare
etag: "6eae"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: https://gyazo.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-cache-level: ZS
accept-ranges: bytes
cf-ray: 7a03dafaad5c35e4-FRA
expires: Tue, 27 Feb 2024 21:01:23 GMT

GET
H2 200 bbbae26246e9c09acb8668c7485acbf2.png
i.gyazo.com/ 771 B
844 B 69ms
35ms Image
image/png 2606:4700::6812:8b2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.gyazo.com/bbbae26246e9c09acb8668c7485acbf2.png
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/appforest_uf/f1677521067353x917105622648158000/adobe.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:8b2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 57898461712a639d119bdf88b7145919dcc8956c7a271d2e4a1084b29eae6785

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 21:01:23 GMT
via: 1.1 google
cf-cache-status: HIT
age: 45124
content-length: 771
server: cloudflare
etag: "bbba"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: https://gyazo.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-cache-level: ZS
accept-ranges: bytes
cf-ray: 7a03dafaad5f35e4-FRA
expires: Tue, 27 Feb 2024 21:01:23 GMT

GET
H2 200 6a6271e3e40ab27f2c950c82f50136df.png
i.gyazo.com/ 21 KB
21 KB 71ms
37ms Image
image/png 2606:4700::6812:8b2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.gyazo.com/6a6271e3e40ab27f2c950c82f50136df.png
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/appforest_uf/f1677521067353x917105622648158000/adobe.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:8b2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a9b144d6482b78afc4e0a940a1d3c22240f14fa535b808cf4dab9635339569f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 21:01:23 GMT
via: 1.1 google
cf-cache-status: HIT
age: 45124
content-length: 21882
server: cloudflare
etag: "6a62"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: https://gyazo.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-cache-level: ZS
accept-ranges: bytes
cf-ray: 7a03dafaad6135e4-FRA
expires: Tue, 27 Feb 2024 21:01:23 GMT

GET
H2 200 6696ea0b401cbe3fb90177b597c2c051.png
i.gyazo.com/ 11 KB
12 KB 74ms
40ms Image
image/png 2606:4700::6812:8b2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.gyazo.com/6696ea0b401cbe3fb90177b597c2c051.png
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/appforest_uf/f1677521067353x917105622648158000/adobe.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:8b2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ddf5887ce15778102013d5527ec1fd09bc400fa19b91416b36b828ecdbd76ca8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 21:01:23 GMT
via: 1.1 google
cf-cache-status: HIT
age: 45124
content-length: 11741
server: cloudflare
etag: "6696"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: https://gyazo.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-cache-level: ZS
accept-ranges: bytes
cf-ray: 7a03dafaad6235e4-FRA
expires: Tue, 27 Feb 2024 21:01:23 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 84 KB
30 KB 82ms
20ms Script
text/javascript 2a00:1450:400d:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

Requested by

Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/appforest_uf/f1677521067353x917105622648158000/adobe.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Sat, 25 Feb 2023 14:10:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 197466
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30028
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 Feb 2024 14:10:17 GMT

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ 50 KB
14 KB 43ms
16ms Script
application/javascript 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

Requested by

Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/appforest_uf/f1677521067353x917105622648158000/adobe.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 21:01:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 845
age: 4733700
cdn-cachedat: 07/13/2022 17:30:46
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: W/"67176c242e1bdc20603c878dee836df3"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 7bde012c47e0eeb67993e8e75d655340
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 7a03dafa98912c59-FRA
cdn-requestpullsuccess: True

GET
H2 200 jquery.session.min.js Show response
cdn.jsdelivr.net/npm/jquery.session@1.0.0/ 2 KB
1 KB 70ms
14ms Script
application/javascript 2a04:4e42:200::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/jquery.session@1.0.0/jquery.session.min.js

Requested by

Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/appforest_uf/f1677521067353x917105622648158000/adobe.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

76ad6584ac5bdd459939dc7532fae7c2bdd8e22d773ff16d2306f42a1ffc569c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 27 Feb 2023 21:01:23 GMT
x-content-type-options: nosniff
content-encoding: gzip
age: 477636
x-jsd-version: 1.0.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 933
x-served-by: cache-fra-eddf8230025-FRA, cache-hhn-etou8220062-HHN
x-jsd-version-type: version
etag: W/"91d-mUGbC+S4VCL/hIcOVNvYpS3G2rE"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 image.png
i.postimg.cc/2yPv7vkP/ 144 KB
145 KB 175ms
15ms Image
image/png 162.19.88.69
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.postimg.cc/2yPv7vkP/image.png
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/appforest_uf/f1677521067353x917105622648158000/adobe.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.19.88.69 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3221384.ip-162-19-88.eu
Software: nginx /
Resource Hash: 2611674d0e2cf9493a59791e843226b2e4b8967b83f7de6adbdeecfe5b28667e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 21:01:23 GMT
last-modified: Thu, 15 Dec 2022 06:57:36 GMT
server: nginx
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 147924
expires: Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online) OneDrive (Online)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.docsend.com/	1970-01-20 18:44:27	Name: _v_ Value: 695WrdRiN4LjcjsZUl%2F8oA8Z8vyf44HhlkdpYNvWWpZOoioRw%2BSzRuDOX86vImVjVExXD8G2l9ngVa4G9iJ9XO8C7%2BLCQbggfmgEjNg%3D--vjQ%2F%2B7X9I5PkbNzD--E%2BRzEaV6M9OiCgxMyIF%2B5w%3D%3D
.docsend.com/	1970-01-20 19:34:51	Name: _us_ Value: BAhJIg92aWV3ZWQgZG9jBjoGRVQ%3D--86064670cbcb81a84182616ff39e8415292b30d1
.docsend.com/	1969-12-31 23:59:59	Name: _dss_ Value: 18dff15a6b004234996403eade5bff66
i.gyazo.com/	1970-01-20 19:34:51	Name: Gyazo_cfwoker Value: i
s3.amazonaws.com/	1970-01-20 09:58:51	Name: __session:0.04061030464287785: Value: https:

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn.jsdelivr.net
docsend.com
i.gyazo.com
i.postimg.cc
maxcdn.bootstrapcdn.com
s3.amazonaws.com
stackpath.bootstrapcdn.com
upload.wikimedia.org
162.19.88.69
2606:4700::6812:8b2
2606:4700::6812:bcf
2620:0:862:ed1a::2:b
2a00:1450:400d:80e::200a
2a04:4e42:200::485
3.232.242.170
52.217.109.46
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
2611674d0e2cf9493a59791e843226b2e4b8967b83f7de6adbdeecfe5b28667e
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
3a9b144d6482b78afc4e0a940a1d3c22240f14fa535b808cf4dab9635339569f
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
57898461712a639d119bdf88b7145919dcc8956c7a271d2e4a1084b29eae6785
6449c34df1ee037c74f51fedd201bbffc2075af302d4d4d62a9257b6d92fe211
71e729939e175f4ae9d3fcc645d6b7389ec341a47a84950e047197331fdc22f1
76ad6584ac5bdd459939dc7532fae7c2bdd8e22d773ff16d2306f42a1ffc569c
9f7eb7c535be3f7ca855045f970ca818f32bb28ebc25752bf50e8cf0abd6957c
ddf5887ce15778102013d5527ec1fd09bc400fa19b91416b36b828ecdbd76ca8

s3.amazonaws.com Open in urlscan Pro 52.217.109.46 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

63 %IPv6

8 Domains

9 Subdomains

7 IPs

3 Countries

432 kBTransfer

640 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

5 Cookies

Indicators

s3.amazonaws.com Open in urlscan Pro
52.217.109.46 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

63 %
IPv6

8
Domains

9
Subdomains

7
IPs

3
Countries

432 kB
Transfer

640 kB
Size

5
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!