urlscan.io logo urlscan.io
SecurityTrails logo

fgthyjujyhtbgrvfecdefrgthyj.s3.ap-northeast-3.amazonaws.com Open in urlscan Pro
52.95.181.17  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://theegerco.com/4ABL
Effective URL: https://fgthyjujyhtbgrvfecdefrgthyj.s3.ap-northeast-3.amazonaws.com/cdvfbgasdmhngbfvdcs.html
Submission: On March 03 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 3 countries across 4 domains to perform 2 HTTP transactions. The main IP is 52.95.181.17, located in Osaka, Japan and belongs to AMAZON-02, US. The main domain is fgthyjujyhtbgrvfecdefrgthyj.s3.ap-northeast-3.amazonaws.com.
TLS certificate: Issued by Amazon on August 28th 2020. Valid for: a year.
This is the only time fgthyjujyhtbgrvfecdefrgthyj.s3.ap-northeast-3.amazonaws.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 184.168.131.241 26496 (AS-26496-...)
1 52.95.181.17 16509 (AMAZON-02)
2 2 104.129.25.9 8100 (ASN-QUADR...)
1 2603:1026:206... 8075 (MICROSOFT...)
2 2
Domain Requested by
2 gevdzxrqbywru.gb.net 2 redirects
1 outlook.office.com fgthyjujyhtbgrvfecdefrgthyj.s3.ap-northeast-3.amazonaws.com
1 fgthyjujyhtbgrvfecdefrgthyj.s3.ap-northeast-3.amazonaws.com
1 theegerco.com 1 redirects
2 4

This site contains no links.

Subject Issuer Validity Valid
*.s3.ap-northeast-3.amazonaws.com
Amazon		 2020-08-28 -
2021-08-18		 a year crt.sh
outlook.com
DigiCert Cloud Services CA-1		 2020-06-21 -
2022-06-21		 2 years crt.sh

This page contains 2 frames:

Primary Page: https://fgthyjujyhtbgrvfecdefrgthyj.s3.ap-northeast-3.amazonaws.com/cdvfbgasdmhngbfvdcs.html
Frame ID: 9A23ECAB33B19ACF3BD4C49DBAB67B1B
Requests: 1 HTTP requests in this frame

Frame: https://outlook.office.com/mail/inbox
Frame ID: 658B85C56D6A8643307B70D1EAEDFDAE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://theegerco.com/4ABL HTTP 302
    https://fgthyjujyhtbgrvfecdefrgthyj.s3.ap-northeast-3.amazonaws.com/cdvfbgasdmhngbfvdcs.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^AmazonS3$/i
Overall confidence: 100%
Detected patterns
  • headers server /^AmazonS3$/i

Page Statistics

2
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

2
IPs

3
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://theegerco.com/4ABL HTTP 302
    https://fgthyjujyhtbgrvfecdefrgthyj.s3.ap-northeast-3.amazonaws.com/cdvfbgasdmhngbfvdcs.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://gevdzxrqbywru.gb.net/fvdftry7uj6yhtbrvec HTTP 301
  • https://gevdzxrqbywru.gb.net/fvdftry7uj6yhtbrvec/ HTTP 302
  • https://outlook.office.com/mail/inbox

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request cdvfbgasdmhngbfvdcs.html
fgthyjujyhtbgrvfecdefrgthyj.s3.ap-northeast-3.amazonaws.com/
Redirect Chain
  • http://theegerco.com/4ABL
  • https://fgthyjujyhtbgrvfecdefrgthyj.s3.ap-northeast-3.amazonaws.com/cdvfbgasdmhngbfvdcs.html
153 B
509 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fgthyjujyhtbgrvfecdefrgthyj.s3.ap-northeast-3.amazonaws.com/cdvfbgasdmhngbfvdcs.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.181.17 Osaka, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-r-w.ap-northeast-3.amazonaws.com
Software
AmazonS3 /
Resource Hash
b68f5253267ebb43dacac1288c09c70d16ee0a82d5c5d94af934b25376468082

Request headers

Host
fgthyjujyhtbgrvfecdefrgthyj.s3.ap-northeast-3.amazonaws.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-id-2
sTOxFNJa4ZxIlnEHiorxerkDTkLsfVuyEHwUeFUs4L3bhOqvShZAn63zcNHBJTKq8bzy83XOVtU=
x-amz-request-id
9QCH5TEZ1J9Q0K8R
Date
Wed, 03 Mar 2021 20:47:01 GMT
Last-Modified
Tue, 02 Mar 2021 22:03:18 GMT
ETag
"d74e1ce7472f2a1385dfc33762b7c925"
Accept-Ranges
bytes
Content-Type
text/html
Content-Length
153
Server
AmazonS3

Redirect headers

Server
nginx/1.16.1
Date
Wed, 03 Mar 2021 20:46:59 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
close
Location
https://fgthyjujyhtbgrvfecdefrgthyj.s3.ap-northeast-3.amazonaws.com/cdvfbgasdmhngbfvdcs.html
inbox
outlook.office.com/mail/ Frame 658B
Redirect Chain
  • https://gevdzxrqbywru.gb.net/fvdftry7uj6yhtbrvec
  • https://gevdzxrqbywru.gb.net/fvdftry7uj6yhtbrvec/
  • https://outlook.office.com/mail/inbox
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://outlook.office.com/mail/inbox
Requested by
Host: fgthyjujyhtbgrvfecdefrgthyj.s3.ap-northeast-3.amazonaws.com
URL: https://fgthyjujyhtbgrvfecdefrgthyj.s3.ap-northeast-3.amazonaws.com/cdvfbgasdmhngbfvdcs.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2603:1026:206:8::2 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src *.res.office365.com *.office.net *.cdn.partner.outlook.cn owassets.azureedge.net swx.cdn.skype.com officefluidprodversionedcdn.azureedge.net officefluidprodverizoncdn.azureedge.net 'self'; script-src 'nonce-ik1uGVP042XWGSW7dcudeQ==' *.res.office.com *.res.office365.com *.office.net *.cdn.partner.outlook.cn owassets.azureedge.net wss://*.delve.office.com:443 shellprod.msocdn.com amcdn.msauth.net amcdn.msftauth.net *.bing.com *.skype.com *.skypeassets.com *.delve.office.com *.cdn.office.net *.cdn.partner.outlook.cn static.teams.microsoft.com *.arkoselabs.com fabriciss.azureedge.net *.googleapis.com teams.microsoft.com officefluidprodversionedcdn.azureedge.net 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.yammer.com; style-src *.res.office.com *.res.office365.com *.cdn.office.net *.cdn.partner.outlook.cn owassets.azureedge.net *.res.outlook.com shellprod.msocdn.com *.skype.com *.arkoselabs.com fonts.googleapis.com acthemeconfigs.blob.core.windows.net *.googleapis.com 'self' 'unsafe-inline' *.yammer.com; img-src * data: blob: filesystem: cid:; connect-src blob: data: ninja.outlookweb.io *.res.office.com *.res.office365.com *.office.net *.cdn.partner.outlook.cn owassets.azureedge.net *.services.web.outlook.com *.res.outlook.com spoprod-a.akamaihd.net shellprod.msocdn.com *.bing.com login.live.com *.office.net *.office.com *.office365.com *.officeapps.live.com *.outlook.live.net *.skype.com *.skypeassets.com *.spoppe.com *.onedrive.com substrate.office.de substrate.office.us *.office365-net.de *.office.de *.office365.us browser.pipe.aria.microsoft.com *.gateway.messenger.live.com dev.virtualearth.net *.trouter.skype.com *.trouter.io wss://*.trouter.skype.com wss://*.trouter.skype.com:443 wss://*.trouter.io:443 media.licdn.com *.facebook.com onerm.olsvc.com client.arkoselabs.com *.qas.binginternal.com *.qas.bing.net wss://*.qas.bing.net:443 wss://*.platform.bing.com wss://*.botframework.com:443 wss://augloop.officeppe.com:443 wss://augloop-int.officeppe.com:443 wss://augloop-gcc.office.com:443 wss://augloop.office.com wss://augloop-dogfood.officeppe.com outlook.live.com graph.microsoft.com *.graph.microsoft.com graph.microsoft.de graph.microsoft.us microsoftgraph.chinacloudapi.cn *.googleapis.com *.office.microsoft.com api.box.com api.dropboxapi.com *.users.storage.live.com www.onenote.com *.storage.msn.com asgsmsproxyapi.azurewebsites.net meetingintelligenceppe.westus2.cloudapp.azure.com:9001 wss://*.pushd.svc.ms wss://*.pushs.svc.ms wss://*.pushb.svc.ms wss://*.pushp.svc.ms wss://*.svc.ms nleditor.osi.officeppe.net api.tenor.com pptservicescast.officeapps.live.com *.sharepoint-df.com *.sharepoint.com *.sharepoint.de wss://*.delve.office.com:443 wss://*.loki.delve.office.com:443 wss://*.loki.delve.office.com *.delve.office.com *.loki.delve.office.com loki.delve-gcc.office.com web.vortex.data.microsoft.com *.events.data.microsoft.com *.online.lync.com *.infra.lync.com *.safelinks.protection.outlook.com officefluidprodverizoncdn.azureedge.net 'self' outlook.office365.com teams.microsoft.com *.teams.microsoft.com *.yammer.com *.licdn.com o365auditrealtimeingestion.manage.officeppe.com o365auditrealtimeingestion.manage.officeppe.com:445 o365auditrealtimeingestion.manage.office.com o365auditrealtimeingestion.manage.office.com:445 wss://augloop.office.com wss://*.augloop.office.com outlook.office365.com *.msedge.net wss://augloop.office.com wss://*.augloop.office.com *.sharepoint.de; base-uri browser.pipe.aria.microsoft.com 'self'; form-action *.officeapps.live.com https://*.sharepoint-df.com https://*.sharepoint.com https://*.sharepoint.de *.odwebp.svc.ms *.odwebp.svc.ms https://*.sharepoint-df.com https://*.sharepoint.com https://*.sharepoint.de; object-src *.office.net *.outlook.live.net 'self'; frame-ancestors outlook.live.com *.skype.com 'self' teams.microsoft.com *.teams.microsoft.com outlook.office.com; font-src data: *.res.office.com *.res.office365.com *.office.net *.cdn.partner.outlook.cn owassets.azureedge.net spoprod-a.akamaihd.net *.skype.com fonts.gstatic.com ms-appx-web: sharepointonline.com *.sharepointonline.com *.delve.office.com fs.microsoft.com officefluidprodprvversionedcdn.azureedge.net 'self' *.yammer.com; media-src *.res.office.com *.res.office365.com *.cdn.office.net *.cdn.partner.outlook.cn owassets.azureedge.net *.skype.com *.office.net *.office365.net *.office365-net.de *.office365-net.us *.office365-net.us *.outlook.live.net ssl.gstatic.com 'self' *.yammer.com; frame-src * data: mailto:; manifest-src 'self'; worker-src *.res.office.com *.res.office365.com *.cdn.office.net *.cdn.partner.outlook.cn owassets.azureedge.net 'self'; prefetch-src *.res.office.com *.res.office365.com *.office.net *.cdn.partner.outlook.cn owassets.azureedge.net swx.cdn.skype.com; child-src *.res.office.com *.res.office365.com *.cdn.office.net *.cdn.partner.outlook.cn owassets.azureedge.net 'self'; report-uri ; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains; preload

Request headers

:method
GET
:authority
outlook.office.com
:scheme
https
:path
/mail/inbox
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
object
referer
https://fgthyjujyhtbgrvfecdefrgthyj.s3.ap-northeast-3.amazonaws.com/cdvfbgasdmhngbfvdcs.html
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://fgthyjujyhtbgrvfecdefrgthyj.s3.ap-northeast-3.amazonaws.com/cdvfbgasdmhngbfvdcs.html

Response headers

cache-control
no-cache
pragma
no-cache
content-length
391479
content-type
text/html
expires
-1
server
Microsoft-IIS/10.0
request-id
5aea0015-81ec-4e9e-ba64-989442e6cebb
strict-transport-security
max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains; preload
x-calculatedfetarget
VI1P18901CU001.internal.outlook.com
x-backendhttpstatus
200 200
set-cookie
ClientId=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/ ClientId=BF6FFB6E07204E5081EA702B733DA949; expires=Thu, 03 Mar 2022 20:47:01 GMT; path=/; secure; samesite=none
x-feproxyinfo
VI1P18901CA0006.EURP189.PROD.OUTLOOK.COM
x-calculatedbetarget
VI1PR07MB3519.EURPRD07.PROD.OUTLOOK.COM
x-web-server-version
21.2.23.2
runtime_model
B2
x-beserver
VI1PR07MB3519
content-security-policy
default-src *.res.office365.com *.office.net *.cdn.partner.outlook.cn owassets.azureedge.net swx.cdn.skype.com officefluidprodversionedcdn.azureedge.net officefluidprodverizoncdn.azureedge.net 'self'; script-src 'nonce-ik1uGVP042XWGSW7dcudeQ==' *.res.office.com *.res.office365.com *.office.net *.cdn.partner.outlook.cn owassets.azureedge.net wss://*.delve.office.com:443 shellprod.msocdn.com amcdn.msauth.net amcdn.msftauth.net *.bing.com *.skype.com *.skypeassets.com *.delve.office.com *.cdn.office.net *.cdn.partner.outlook.cn static.teams.microsoft.com *.arkoselabs.com fabriciss.azureedge.net *.googleapis.com teams.microsoft.com officefluidprodversionedcdn.azureedge.net 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.yammer.com; style-src *.res.office.com *.res.office365.com *.cdn.office.net *.cdn.partner.outlook.cn owassets.azureedge.net *.res.outlook.com shellprod.msocdn.com *.skype.com *.arkoselabs.com fonts.googleapis.com acthemeconfigs.blob.core.windows.net *.googleapis.com 'self' 'unsafe-inline' *.yammer.com; img-src * data: blob: filesystem: cid:; connect-src blob: data: ninja.outlookweb.io *.res.office.com *.res.office365.com *.office.net *.cdn.partner.outlook.cn owassets.azureedge.net *.services.web.outlook.com *.res.outlook.com spoprod-a.akamaihd.net shellprod.msocdn.com *.bing.com login.live.com *.office.net *.office.com *.office365.com *.officeapps.live.com *.outlook.live.net *.skype.com *.skypeassets.com *.spoppe.com *.onedrive.com substrate.office.de substrate.office.us *.office365-net.de *.office.de *.office365.us browser.pipe.aria.microsoft.com *.gateway.messenger.live.com dev.virtualearth.net *.trouter.skype.com *.trouter.io wss://*.trouter.skype.com wss://*.trouter.skype.com:443 wss://*.trouter.io:443 media.licdn.com *.facebook.com onerm.olsvc.com client.arkoselabs.com *.qas.binginternal.com *.qas.bing.net wss://*.qas.bing.net:443 wss://*.platform.bing.com wss://*.botframework.com:443 wss://augloop.officeppe.com:443 wss://augloop-int.officeppe.com:443 wss://augloop-gcc.office.com:443 wss://augloop.office.com wss://augloop-dogfood.officeppe.com outlook.live.com graph.microsoft.com *.graph.microsoft.com graph.microsoft.de graph.microsoft.us microsoftgraph.chinacloudapi.cn *.googleapis.com *.office.microsoft.com api.box.com api.dropboxapi.com *.users.storage.live.com www.onenote.com *.storage.msn.com asgsmsproxyapi.azurewebsites.net meetingintelligenceppe.westus2.cloudapp.azure.com:9001 wss://*.pushd.svc.ms wss://*.pushs.svc.ms wss://*.pushb.svc.ms wss://*.pushp.svc.ms wss://*.svc.ms nleditor.osi.officeppe.net api.tenor.com pptservicescast.officeapps.live.com *.sharepoint-df.com *.sharepoint.com *.sharepoint.de wss://*.delve.office.com:443 wss://*.loki.delve.office.com:443 wss://*.loki.delve.office.com *.delve.office.com *.loki.delve.office.com loki.delve-gcc.office.com web.vortex.data.microsoft.com *.events.data.microsoft.com *.online.lync.com *.infra.lync.com *.safelinks.protection.outlook.com officefluidprodverizoncdn.azureedge.net 'self' outlook.office365.com teams.microsoft.com *.teams.microsoft.com *.yammer.com *.licdn.com o365auditrealtimeingestion.manage.officeppe.com o365auditrealtimeingestion.manage.officeppe.com:445 o365auditrealtimeingestion.manage.office.com o365auditrealtimeingestion.manage.office.com:445 wss://augloop.office.com wss://*.augloop.office.com outlook.office365.com *.msedge.net wss://augloop.office.com wss://*.augloop.office.com *.sharepoint.de; base-uri browser.pipe.aria.microsoft.com 'self'; form-action *.officeapps.live.com https://*.sharepoint-df.com https://*.sharepoint.com https://*.sharepoint.de *.odwebp.svc.ms *.odwebp.svc.ms https://*.sharepoint-df.com https://*.sharepoint.com https://*.sharepoint.de; object-src *.office.net *.outlook.live.net 'self'; frame-ancestors outlook.live.com *.skype.com 'self' teams.microsoft.com *.teams.microsoft.com outlook.office.com; font-src data: *.res.office.com *.res.office365.com *.office.net *.cdn.partner.outlook.cn owassets.azureedge.net spoprod-a.akamaihd.net *.skype.com fonts.gstatic.com ms-appx-web: sharepointonline.com *.sharepointonline.com *.delve.office.com fs.microsoft.com officefluidprodprvversionedcdn.azureedge.net 'self' *.yammer.com; media-src *.res.office.com *.res.office365.com *.cdn.office.net *.cdn.partner.outlook.cn owassets.azureedge.net *.skype.com *.office.net *.office365.net *.office365-net.de *.office365-net.us *.office365-net.us *.outlook.live.net ssl.gstatic.com 'self' *.yammer.com; frame-src * data: mailto:; manifest-src 'self'; worker-src *.res.office.com *.res.office365.com *.cdn.office.net *.cdn.partner.outlook.cn owassets.azureedge.net 'self'; prefetch-src *.res.office.com *.res.office365.com *.office.net *.cdn.partner.outlook.cn owassets.azureedge.net swx.cdn.skype.com; child-src *.res.office.com *.res.office365.com *.cdn.office.net *.cdn.partner.outlook.cn owassets.azureedge.net 'self'; report-uri ; upgrade-insecure-requests;
x-app-name
Mail
referrer-policy
no-referrer
x-besku
WCS5
x-rum-validated
1
x-proxy-routingcorrectness
1
x-proxy-backendserverstatus
200
x-feserver
VI1P18901CA0006 AM3PR07CA0128
x-powered-by
ASP.NET
date
Wed, 03 Mar 2021 20:47:01 GMT

Redirect headers

Date
Wed, 03 Mar 2021 20:47:01 GMT
Server
Apache
Location
https://outlook.office.com/mail/inbox
Content-Length
0
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fgthyjujyhtbgrvfecdefrgthyj.s3.ap-northeast-3.amazonaws.com
gevdzxrqbywru.gb.net
outlook.office.com
theegerco.com
104.129.25.9
184.168.131.241
2603:1026:206:8::2
52.95.181.17
b68f5253267ebb43dacac1288c09c70d16ee0a82d5c5d94af934b25376468082