urlscan.io logo urlscan.io
SecurityTrails logo

bbuseruploads.s3.amazonaws.com Open in urlscan Pro
52.217.235.81  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://p.rfihub.com/cm?forward=https://bitbucket.org/sewoso43013/xkllxw/downloads/13.07.2023_state_515.xll#lcvsog
Effective URL: https://bbuseruploads.s3.amazonaws.com/78d6da8b-99df-4097-8cd5-457d44f050e8/downloads/695b3070-2a9c-47e5-b9bf-fecba6db8bb3/13.07.2023_s...
Submission: On July 20 via manual from KR — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 4 domains to perform 1 HTTP transactions. The main IP is 52.217.235.81, located in Ashburn, United States and belongs to AMAZON-02, US. The main domain is bbuseruploads.s3.amazonaws.com. The Cisco Umbrella rank of the primary domain is 418931.
TLS certificate: Issued by Amazon RSA 2048 M01 on March 21st 2023. Valid for: 9 months.
This is the only time bbuseruploads.s3.amazonaws.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

13.07.2023_state_515.xll 641 KB application/x-dosexec
MIME: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Size: 641 KB (655872 bytes, 100% done)
Downloaded from: https://bbuseruploads.s3.amazonaws.com/78d6da8b-99df-4097-8cd5-457d44f050e8/downloads/695b3070-2a9c-47e5-b9bf-fecba6db8bb3/13.07.2023_state_515.xll?response-content-disposition=attachment%3B%20filename%3D%2213.07.2023_state_515.xll%22&AWSAccessKeyId=ASIA6KOSE3BNFXUYDWNZ&Signature=8zQtAIx50PvWxmaFs2faTqW9HlM%3D&x-amz-security-token=FwoGZXIvYXdzECYaDHBdB2r5B8CwXL2BZSK%2BAftw4%2BCAipDw9cVGLdU52RazRJ02YghFriVP1nae70bnsJs2fW5EUkDNBnNjY1WE0jOWq5T7pVJ86jgFM8CQmknE3R7IRDjSaMubbcvZWHvKR%2B2VPQn31ex4uUvUMQCohCTvJKZ1eXgJ%2FFrUcNKU3a5WsMHQujLJXD4Zx3YDL4QcEiz2cxALs%2BA%2Bg%2FDbNIEUB92F12GuN%2BwzTSpjSbM%2FwuppkX7ZRFRl9RiqOgYvp0UNWuy85A8jSsnvsjy3JDsovfripQYyLTcNAYPfrZ9dIEdCo%2B%2BjcdkTePreHOPHUI3ethrRWIF9bMX%2BbYJ8QELF93UmbA%3D%3D&Expires=1689830469#lcvsog

Domain & IP information

IP Address AS Autonomous System
1 1 193.0.160.131 54312 (ROCKETFUEL)
1 1 65.9.66.64 16509 (AMAZON-02)
1 1 2406:da00:ff0... 14618 (AMAZON-AES)
1 52.217.235.81 16509 (AMAZON-02)
1 1
Apex Domain
Subdomains		 Transfer
1 amazonaws.com
bbuseruploads.s3.amazonaws.com — Cisco Umbrella Rank: 418931
1 bitbucket.org
bitbucket.org — Cisco Umbrella Rank: 18275
2 KB
1 rezync.com
live.rezync.com — Cisco Umbrella Rank: 1407
671 B
1 rfihub.com
p.rfihub.com — Cisco Umbrella Rank: 825
877 B
1 4
Domain Requested by
1 bbuseruploads.s3.amazonaws.com
1 bitbucket.org 1 redirects
1 live.rezync.com 1 redirects
1 p.rfihub.com 1 redirects
1 4

This site contains no links.

Subject Issuer Validity Valid
*.s3.amazonaws.com
Amazon RSA 2048 M01		 2023-03-21 -
2023-12-19		 9 months crt.sh

This page contains 1 frames:

Primary Page: https://bbuseruploads.s3.amazonaws.com/78d6da8b-99df-4097-8cd5-457d44f050e8/downloads/695b3070-2a9c-47e5-b9bf-fecba6db8bb3/13.07.2023_state_515.xll?response-content-disposition=attachment%3B%20filename%3D%2213.07.2023_state_515.xll%22&AWSAccessKeyId=ASIA6KOSE3BNFXUYDWNZ&Signature=8zQtAIx50PvWxmaFs2faTqW9HlM%3D&x-amz-security-token=FwoGZXIvYXdzECYaDHBdB2r5B8CwXL2BZSK%2BAftw4%2BCAipDw9cVGLdU52RazRJ02YghFriVP1nae70bnsJs2fW5EUkDNBnNjY1WE0jOWq5T7pVJ86jgFM8CQmknE3R7IRDjSaMubbcvZWHvKR%2B2VPQn31ex4uUvUMQCohCTvJKZ1eXgJ%2FFrUcNKU3a5WsMHQujLJXD4Zx3YDL4QcEiz2cxALs%2BA%2Bg%2FDbNIEUB92F12GuN%2BwzTSpjSbM%2FwuppkX7ZRFRl9RiqOgYvp0UNWuy85A8jSsnvsjy3JDsovfripQYyLTcNAYPfrZ9dIEdCo%2B%2BjcdkTePreHOPHUI3ethrRWIF9bMX%2BbYJ8QELF93UmbA%3D%3D&Expires=1689830469
Frame ID: 041DFBEFB310C91EFFC223F464A76785
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

Page Statistics

1
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

1
IPs

1
Countries

0 kB
Transfer

0 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 13.07.2023_state_515.xll
bbuseruploads.s3.amazonaws.com/78d6da8b-99df-4097-8cd5-457d44f050e8/downloads/695b3070-2a9c-47e5-b9bf-fecba6db8bb3/
Redirect Chain
  • https://p.rfihub.com/cm?forward=https://bitbucket.org/sewoso43013/xkllxw/downloads/13.07.2023_state_515.xll
  • https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=5108559728805354542&referrer={encSite}&forward=https%3A%2F%2Fbitbucket.org%2Fsewoso43013%2Fxkllxw%2Fdownloads%2F13.07.2023_state...
  • https://bitbucket.org/sewoso43013/xkllxw/downloads/13.07.2023_state_515.xll
  • https://bbuseruploads.s3.amazonaws.com/78d6da8b-99df-4097-8cd5-457d44f050e8/downloads/695b3070-2a9c-47e5-b9bf-fecba6db8bb3/13.07.2023_state_515.xll?response-content-disposition=attachment%3B%20file...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://bbuseruploads.s3.amazonaws.com/78d6da8b-99df-4097-8cd5-457d44f050e8/downloads/695b3070-2a9c-47e5-b9bf-fecba6db8bb3/13.07.2023_state_515.xll?response-content-disposition=attachment%3B%20filename%3D%2213.07.2023_state_515.xll%22&AWSAccessKeyId=ASIA6KOSE3BNFXUYDWNZ&Signature=8zQtAIx50PvWxmaFs2faTqW9HlM%3D&x-amz-security-token=FwoGZXIvYXdzECYaDHBdB2r5B8CwXL2BZSK%2BAftw4%2BCAipDw9cVGLdU52RazRJ02YghFriVP1nae70bnsJs2fW5EUkDNBnNjY1WE0jOWq5T7pVJ86jgFM8CQmknE3R7IRDjSaMubbcvZWHvKR%2B2VPQn31ex4uUvUMQCohCTvJKZ1eXgJ%2FFrUcNKU3a5WsMHQujLJXD4Zx3YDL4QcEiz2cxALs%2BA%2Bg%2FDbNIEUB92F12GuN%2BwzTSpjSbM%2FwuppkX7ZRFRl9RiqOgYvp0UNWuy85A8jSsnvsjy3JDsovfripQYyLTcNAYPfrZ9dIEdCo%2B%2BjcdkTePreHOPHUI3ethrRWIF9bMX%2BbYJ8QELF93UmbA%3D%3D&Expires=1689830469
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.217.235.81 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Content-Disposition
attachment; filename="13.07.2023_state_515.xll"
Content-Length
655872
Content-Type
application/vnd.ms-excel
Date
Thu, 20 Jul 2023 04:52:14 GMT
ETag
"4107a02fb898ab0edcda333ec5352fad"
Last-Modified
Sun, 16 Jul 2023 10:09:15 GMT
Server
AmazonS3
x-amz-id-2
Xv59RW2vL5H86j2eUyq7tJK25znOr/zMZ9M4R4FgzkDOBIWeZFh+20HX348+VwYFLvR4fuA5qh0=
x-amz-request-id
B3N924V1QDDXRMQB
x-amz-server-side-encryption
AES256
x-amz-version-id
GatNfQPWoE66FxpMGMSQmyrIX129FzHj

Redirect headers

cache-control
max-age=0, no-cache, no-store, must-revalidate
content-language
en
content-length
0
content-security-policy
object-src 'none'; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; base-uri 'self'; frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org; script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io events.launchdarkly.com app.launchdarkly.com fd-config.us-east-1.prod.public.atl-paas.net bqlf8qjztdtr.statuspage.io https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website
content-type
text/html; charset=utf-8
date
Thu, 20 Jul 2023 04:52:12 GMT
expires
Thu, 20 Jul 2023 04:52:12 GMT
location
https://bbuseruploads.s3.amazonaws.com/78d6da8b-99df-4097-8cd5-457d44f050e8/downloads/695b3070-2a9c-47e5-b9bf-fecba6db8bb3/13.07.2023_state_515.xll?response-content-disposition=attachment%3B%20filename%3D%2213.07.2023_state_515.xll%22&AWSAccessKeyId=ASIA6KOSE3BNFXUYDWNZ&Signature=8zQtAIx50PvWxmaFs2faTqW9HlM%3D&x-amz-security-token=FwoGZXIvYXdzECYaDHBdB2r5B8CwXL2BZSK%2BAftw4%2BCAipDw9cVGLdU52RazRJ02YghFriVP1nae70bnsJs2fW5EUkDNBnNjY1WE0jOWq5T7pVJ86jgFM8CQmknE3R7IRDjSaMubbcvZWHvKR%2B2VPQn31ex4uUvUMQCohCTvJKZ1eXgJ%2FFrUcNKU3a5WsMHQujLJXD4Zx3YDL4QcEiz2cxALs%2BA%2Bg%2FDbNIEUB92F12GuN%2BwzTSpjSbM%2FwuppkX7ZRFRl9RiqOgYvp0UNWuy85A8jSsnvsjy3JDsovfripQYyLTcNAYPfrZ9dIEdCo%2B%2BjcdkTePreHOPHUI3ethrRWIF9bMX%2BbYJ8QELF93UmbA%3D%3D&Expires=1689830469
server
envoy
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Language, Origin
x-b3-traceid
b1f0c54d103ab37f
x-cache-info
not cacheable; response specified "Cache-Control: no-cache"
x-dc-location
Micros-3
x-envoy-upstream-service-time
63
x-frame-options
SAMEORIGIN
x-render-time
0.05012035369873047
x-request-count
1974
x-served-by
84b6b95c0909
x-static-version
b7a246a5c691
x-usage-input-ops
0
x-usage-output-ops
0
x-usage-quota-remaining
999024.547
x-usage-request-cost
989.97
x-usage-system-time
0.000000
x-usage-user-time
0.029699
x-used-mesh
False
x-version
b7a246a5c691
x-view-name
bitbucket.apps.downloads.views.download_file

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Domain/Path Name / Value
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAA_1skzGtoZmFpYWRhbmxobmYCAJr44BIQAAAA
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAA_-MSNjU0sDA1tTQ3srAwMDU2NTE1MRLiM9QtD8xwTTSLLCgzKfcCAFFb0qUlAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAA_-MSNjU0sDA1tTQ3srAwMDU2NTE1MRLiM9QtD8xwTTSLLCgzKfcCAFFb0qUlAAAA
.rezync.com/ Name: zync-uuid
Value: 2e23a179-b3db-4918-a719-0306c1e5af15:1689828731.9127772
live.rezync.com/ Name: sd-session-id
Value: .eJwNzNEKgzAMQNF_ybMdTdqYtD8jVTMom25Y9zLZv6-PFw73gultx1Z220_I5_GxAZZn7dUgX9Dqd7MHZGD0ypyEVD0HjhwJfgM0a62-9qmu3ZBRKCjJzWGdXUyorggm54MfFzQud-SMoyYllYC3hCQi_fMHo4klRg.ZLi9ew.iVWJ0aVtE-DihdAZWLh5VT1UEQY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bbuseruploads.s3.amazonaws.com
bitbucket.org
live.rezync.com
p.rfihub.com
193.0.160.131
2406:da00:ff00::22c0:3470
52.217.235.81
65.9.66.64