ad-exe.s3.amazonaws.com Open in urlscan Pro
52.216.139.187 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://marketing.accessdata.com/e/46432/ftkimager-4-2-0download/5y26qs/1623315207?h=CMVRiSQJ0yFyPkzv_lIt-XDQxQ85ePiwLc3KE9glQ6s
Effective URL:
https://ad-exe.s3.amazonaws.com/AccessData_FTK_Imager_%28x64%29_4.2.0.exe
Submission: On December 13 via manual (December 13th 2019, 7:08:56 am UTC) from AU

Summary HTTP 1 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 1 HTTP transactions. The main IP is 52.216.139.187, located in Ashburn, United States and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is ad-exe.s3.amazonaws.com.
TLS certificate: Issued by DigiCert Baltimore CA-2 G2 on November 9th 2019. Valid for: a year.

This is the only time ad-exe.s3.amazonaws.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	52.21.178.134 52.21.178.134	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	52.216.139.187 52.216.139.187	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	1

2 52.21.178.134 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: pi0-lba1-2-ue1.aws.pardot.com

marketing.accessdata.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.216.139.187 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

ad-exe.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	accessdata.com 2 redirects marketing.accessdata.com	3 KB
1	amazonaws.com ad-exe.s3.amazonaws.com
1	2

	Domain	Requested by
2	marketing.accessdata.com	2 redirects
1	ad-exe.s3.amazonaws.com
1	2

This site contains no links.

Subject Issuer	Validity	Valid
*.s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2019-11-09` - `2021-03-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://ad-exe.s3.amazonaws.com/AccessData_FTK_Imager_%28x64%29_4.2.0.exe
Frame ID: FE258E52B1495BAF0501871733E3DAD4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

Detected technologies

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers server /^AmazonS3$/i

Amazon S3 (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

headers server /^AmazonS3$/i

Page Statistics

1
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request AccessData_FTK_Imager_%28x64%29_4.2.0.exe ad-exe.s3.amazonaws.com/ Redirect Chain https://marketing.accessdata.com/e/46432/ftkimager-4-2-0download/5y26qs/1623315207?h=CMVRiSQJ0yFyPkzv_lIt-XDQxQ85ePiwLc3KE9glQ6s https://marketing.accessdata.com/ftkimager-4.2.0download https://ad-exe.s3.amazonaws.com/AccessData_FTK_Imager_%28x64%29_4.2.0.exe	0 0	601ms 257ms	Document application/x-msdownload	52.216.139.187 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://ad-exe.s3.amazonaws.com/AccessData_FTK_Imager_%28x64%29_4.2.0.exe Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.139.187 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software AmazonS3 / Resource Hash Request headers Host ad-exe.s3.amazonaws.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-User ?1 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Sec-Fetch-Site none Sec-Fetch-Mode navigate Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-User ?1 Response headers x-amz-id-2 guMQuqcoFB4eGr986p7nlnVYXEb20ARKZprkBDplqS05cxCS6B70T6Hc08+oomBS/D3hw99THSU= x-amz-request-id DDA1F4A37D34D85B Date Fri, 13 Dec 2019 07:08:23 GMT Last-Modified Tue, 28 Nov 2017 23:12:31 GMT ETag "0705548c0cf681f7dfcd05e041abd10b-7" x-amz-meta-s3b-last-modified 20171020T221025Z Content-Disposition attachment; filename="AccessData_FTK_Imager_%28x64%29_4.2.0.exe" Accept-Ranges bytes Content-Type application/x-msdownload Content-Length 55928752 Server AmazonS3 Redirect headers Date Fri, 13 Dec 2019 07:08:21 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Set-Cookie flash_message=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=accessdata.com flash_success_message=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=accessdata.com flash_error=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=accessdata.com flash_warning=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=accessdata.com flash_created_object_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=accessdata.com flash_access_message=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=accessdata.com visitor_id46432=412987641; expires=Mon, 10-Dec-2029 07:08:21 GMT; Max-Age=315360000; path=/ visitor_id46432-hash=e5e9e7f95c2fb8019bfb61768ee81647df678b8b90af129ac703e66334ba1e551634acc9678baf2cad09f4d04ec53c9e452def19; expires=Mon, 10-Dec-2029 07:08:21 GMT; Max-Age=315360000; path=/ Location https://ad-exe.s3.amazonaws.com/AccessData_FTK_Imager_%28x64%29_4.2.0.exe P3p CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml" Vary Accept-Encoding,User-Agent Content-Encoding gzip Content-Length 147 Content-Type text/html; charset=UTF-8 X-Pardot-Route 32427ff3465437d362f61c790f7d2406 Server PardotServer X-Pardot-LB 7044ba9c794aba658bc1be2f8b8ad85c Connection keep-alive

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad-exe.s3.amazonaws.com
marketing.accessdata.com
52.21.178.134
52.216.139.187

ad-exe.s3.amazonaws.com Open in urlscan Pro 52.216.139.187 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

1 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

1 IPs

1 Countries

0 kBTransfer

0 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

1 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

0 Cookies

Indicators

ad-exe.s3.amazonaws.com Open in urlscan Pro
52.216.139.187 Public Scan

Screenshot
Live screenshot

Full Image

1
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

1 HTTP transactions
0 data transactions