urlscan.io logo urlscan.io
SecurityTrails logo

loop-185845341-file-8120993876489da.s3.ams03.cloud-object-storage.appdomain.cloud Open in urlscan Pro
159.8.199.241  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://loop-185845341-file-8120993876489da.s3.ams03.cloud-object-storage.appdomain.cloud/index.html
Submission: On January 31 via api from JP — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 2 HTTP transactions. The main IP is 159.8.199.241, located in Amsterdam, Netherlands and belongs to SOFTLAYER, US. The main domain is loop-185845341-file-8120993876489da.s3.ams03.cloud-object-storage.appdomain.cloud.
This is the only time loop-185845341-file-8120993876489da.s3.ams03.cloud-object-storage.appdomain.cloud was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Dotloop (Real Estate)

Domain & IP information

IP Address AS Autonomous System
1 159.8.199.241 36351 (SOFTLAYER)
1 18.66.248.123 16509 (AMAZON-02)
2 2
Apex Domain
Subdomains		 Transfer
1 dotloop.com
www.dotloop.com — Cisco Umbrella Rank: 71378
31 KB
1 appdomain.cloud
loop-185845341-file-8120993876489da.s3.ams03.cloud-object-storage.appdomain.cloud
9 KB
2 2
Domain Requested by
1 www.dotloop.com loop-185845341-file-8120993876489da.s3.ams03.cloud-object-storage.appdomain.cloud
1 loop-185845341-file-8120993876489da.s3.ams03.cloud-object-storage.appdomain.cloud
2 2

This site contains links to these domains. Also see Links.

Domain
www.dotloop.com
Subject Issuer Validity Valid
dotloop.com
Amazon		 2022-09-19 -
2023-10-17		 a year crt.sh

This page contains 1 frames:

Primary Page: http://loop-185845341-file-8120993876489da.s3.ams03.cloud-object-storage.appdomain.cloud/index.html
Frame ID: F8E4731ACBDAC986AEB867FB2283EEB5
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Dotloop | Real Estate Transaction Management Solution

Page Statistics

2
Requests

50 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

40 kB
Transfer

39 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.html
loop-185845341-file-8120993876489da.s3.ams03.cloud-object-storage.appdomain.cloud/ 		9 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://loop-185845341-file-8120993876489da.s3.ams03.cloud-object-storage.appdomain.cloud/index.html
Protocol
HTTP/1.1
Server
159.8.199.241 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS
s3.ams03.objectstorage.softlayer.net
Software
Cleversafe /
Resource Hash
41bfdcedab5c7503f916a97ed3375db14b4b6dc706a16a8f50ef30cc2cefd78b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Accept-Ranges
bytes
Content-Length
9333
Content-Type
text/html
Date
Tue, 31 Jan 2023 01:04:48 GMT
ETag
"285eac45e182dac46155c15a98fabb07"
Last-Modified
Thu, 26 Aug 2021 22:59:11 GMT
Server
Cleversafe
X-Clv-Request-Id
5c66f7c6-9ab3-452e-b5fd-074d1ea377c6
X-Clv-S3-Version
2.5
x-amz-request-id
5c66f7c6-9ab3-452e-b5fd-074d1ea377c6
dotloop_logo.jpg
www.dotloop.com/my/static/images/external/ 		30 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dotloop.com/my/static/images/external/dotloop_logo.jpg
Requested by
Host: loop-185845341-file-8120993876489da.s3.ams03.cloud-object-storage.appdomain.cloud
URL: http://loop-185845341-file-8120993876489da.s3.ams03.cloud-object-storage.appdomain.cloud/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-123.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6439ded0d728f70caa03a4337cf025b3b53b0f2f59942b34478efca88c7b3438

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://loop-185845341-file-8120993876489da.s3.ams03.cloud-object-storage.appdomain.cloud/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id
Qfy_5yMo_iriDDRIv.V.x6Nysra2I2lU
date
Mon, 30 Jan 2023 22:56:56 GMT
via
1.1 c31ad517510d586c0f2aa3c5dbc40b06.cloudfront.net (CloudFront)
last-modified
Thu, 26 Jan 2023 00:20:47 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
7673
etag
"fe6adda60aac94fedfb3b1743166d15d"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/jpeg
x-amz-replication-status
COMPLETED
accept-ranges
bytes
content-length
30955
x-amz-cf-id
NW0zBS15CyRixSVRAmxhMigcGeA8QqgXWMCT4504C8Jar13_kBGIag==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Dotloop (Real Estate)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontentvisibilityautostatechange function| validateForm

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

loop-185845341-file-8120993876489da.s3.ams03.cloud-object-storage.appdomain.cloud
www.dotloop.com
159.8.199.241
18.66.248.123
41bfdcedab5c7503f916a97ed3375db14b4b6dc706a16a8f50ef30cc2cefd78b
6439ded0d728f70caa03a4337cf025b3b53b0f2f59942b34478efca88c7b3438