![](/screenshots/36207f17-7f56-43ef-806b-eb53bbf2c019.png)
s3.amazonaws.com
Open in
urlscan Pro
52.217.109.46
Malicious Activity!
Public Scan
Effective URL: https://s3.amazonaws.com/appforest_uf/f1677521067353x917105622648158000/adobe.html
Submission: On February 27 via api from US — Scanned from DE
Summary
TLS certificate: Issued by Amazon RSA 2048 M01 on December 6th 2022. Valid for: a year.
This is the only time s3.amazonaws.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online) OneDrive (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 3.232.242.170 3.232.242.170 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 52.217.109.46 52.217.109.46 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2620:0:862:ed... 2620:0:862:ed1a::2:b | 14907 (WIKIMEDIA) (WIKIMEDIA) | |
4 | 2606:4700::68... 2606:4700::6812:8b2 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:400d:80e::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a04:4e42:200... 2a04:4e42:200::485 | 54113 (FASTLY) (FASTLY) | |
1 | 162.19.88.69 162.19.88.69 | 16276 (OVH) (OVH) | |
11 | 7 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-3-232-242-170.compute-1.amazonaws.com
docsend.com |
ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com
s3.amazonaws.com |
ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com | |
stackpath.bootstrapcdn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
gyazo.com
i.gyazo.com — Cisco Umbrella Rank: 104547 |
52 KB |
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 788 stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2316 |
36 KB |
1 |
postimg.cc
i.postimg.cc — Cisco Umbrella Rank: 18734 |
145 KB |
1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 339 |
1 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 306 |
30 KB |
1 |
wikimedia.org
upload.wikimedia.org — Cisco Umbrella Rank: 2261 |
60 KB |
1 |
amazonaws.com
s3.amazonaws.com |
108 KB |
1 |
docsend.com
1 redirects
docsend.com — Cisco Umbrella Rank: 77131 |
5 KB |
11 | 8 |
Domain | Requested by | |
---|---|---|
4 | i.gyazo.com |
s3.amazonaws.com
|
1 | i.postimg.cc |
s3.amazonaws.com
|
1 | cdn.jsdelivr.net |
s3.amazonaws.com
|
1 | stackpath.bootstrapcdn.com |
s3.amazonaws.com
|
1 | ajax.googleapis.com |
s3.amazonaws.com
|
1 | upload.wikimedia.org |
s3.amazonaws.com
|
1 | maxcdn.bootstrapcdn.com |
s3.amazonaws.com
|
1 | s3.amazonaws.com | |
1 | docsend.com | 1 redirects |
11 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
s3.amazonaws.com Amazon RSA 2048 M01 |
2022-12-06 - 2023-12-05 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-12-30 - 2023-12-30 |
a year | crt.sh |
*.wikipedia.org DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2022-10-27 - 2023-11-17 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-02-08 - 2023-05-03 |
3 months | crt.sh |
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4 |
2022-12-23 - 2024-01-24 |
a year | crt.sh |
postimg.cc R3 |
2023-02-18 - 2023-05-19 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://s3.amazonaws.com/appforest_uf/f1677521067353x917105622648158000/adobe.html
Frame ID: 8BAD36A4F71837FDD5F43894403B6DC9
Requests: 11 HTTP requests in this frame
Screenshot
![](/screenshots/36207f17-7f56-43ef-806b-eb53bbf2c019.png)
Page Title
Sign in to your accountPage URL History Show full URLs
-
https://docsend.com/view/7xcmixgb4h945dii
HTTP 302
https://s3.amazonaws.com/appforest_uf/f1677521067353x917105622648158000/adobe.html Page URL
Detected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://docsend.com/view/7xcmixgb4h945dii
HTTP 302
https://s3.amazonaws.com/appforest_uf/f1677521067353x917105622648158000/adobe.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
adobe.html
s3.amazonaws.com/appforest_uf/f1677521067353x917105622648158000/ Redirect Chain
|
107 KB 108 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ |
141 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2560px-Adobe_Corporate_logo.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/6/6e/Adobe_Corporate_logo.svg/ |
60 KB 60 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6eae75d87eebc05d2e882397e5ef8480.png
i.gyazo.com/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bbbae26246e9c09acb8668c7485acbf2.png
i.gyazo.com/ |
771 B 844 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6a6271e3e40ab27f2c950c82f50136df.png
i.gyazo.com/ |
21 KB 21 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6696ea0b401cbe3fb90177b597c2c051.png
i.gyazo.com/ |
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ |
50 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.session.min.js
cdn.jsdelivr.net/npm/jquery.session@1.0.0/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
image.png
i.postimg.cc/2yPv7vkP/ |
144 KB 145 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online) OneDrive (Online)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery object| bootstrap function| _0x3afe60 function| _0x2dc8 function| _0x59535 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.docsend.com/ | Name: _v_ Value: 695WrdRiN4LjcjsZUl%2F8oA8Z8vyf44HhlkdpYNvWWpZOoioRw%2BSzRuDOX86vImVjVExXD8G2l9ngVa4G9iJ9XO8C7%2BLCQbggfmgEjNg%3D--vjQ%2F%2B7X9I5PkbNzD--E%2BRzEaV6M9OiCgxMyIF%2B5w%3D%3D |
|
.docsend.com/ | Name: _us_ Value: BAhJIg92aWV3ZWQgZG9jBjoGRVQ%3D--86064670cbcb81a84182616ff39e8415292b30d1 |
|
.docsend.com/ | Name: _dss_ Value: 18dff15a6b004234996403eade5bff66 |
|
i.gyazo.com/ | Name: Gyazo_cfwoker Value: i |
|
s3.amazonaws.com/ | Name: __session:0.04061030464287785: Value: https: |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdn.jsdelivr.net
docsend.com
i.gyazo.com
i.postimg.cc
maxcdn.bootstrapcdn.com
s3.amazonaws.com
stackpath.bootstrapcdn.com
upload.wikimedia.org
162.19.88.69
2606:4700::6812:8b2
2606:4700::6812:bcf
2620:0:862:ed1a::2:b
2a00:1450:400d:80e::200a
2a04:4e42:200::485
3.232.242.170
52.217.109.46
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
2611674d0e2cf9493a59791e843226b2e4b8967b83f7de6adbdeecfe5b28667e
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
3a9b144d6482b78afc4e0a940a1d3c22240f14fa535b808cf4dab9635339569f
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
57898461712a639d119bdf88b7145919dcc8956c7a271d2e4a1084b29eae6785
6449c34df1ee037c74f51fedd201bbffc2075af302d4d4d62a9257b6d92fe211
71e729939e175f4ae9d3fcc645d6b7389ec341a47a84950e047197331fdc22f1
76ad6584ac5bdd459939dc7532fae7c2bdd8e22d773ff16d2306f42a1ffc569c
9f7eb7c535be3f7ca855045f970ca818f32bb28ebc25752bf50e8cf0abd6957c
ddf5887ce15778102013d5527ec1fd09bc400fa19b91416b36b828ecdbd76ca8