s3.amazonaws.com Open in urlscan Pro
52.216.242.22  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request PaymentInv.html Show response s3.amazonaws.com/appforest_uf/f1676996841511x917389161033867100/	298 KB 298 KB	822ms 606ms	Document text/html	52.216.242.22 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://s3.amazonaws.com/appforest_uf/f1676996841511x917389161033867100/PaymentInv.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.242.22 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1.amazonaws.com Software AmazonS3 / Resource Hash 5bddcea0cd023656befd9631a42d8cafb86f049aae782203a59fc3ee8cf9a619 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges bytes Cache-Control public,max-age=86400 Content-Length 304793 Content-Type text/html Date Wed, 22 Feb 2023 01:30:04 GMT ETag "eb8f746731c7742f2b5bfcdb7d77b4b9" Last-Modified Tue, 21 Feb 2023 16:27:22 GMT Server AmazonS3 x-amz-id-2 pcj0Etc2SRhUQcr6wh6Z+tiklehM9T89Pl0AurQNrNWDk0Vv6nrJFYb5vBs4waetMjlcebr7Ac0= x-amz-meta-app-version test x-amz-meta-appname serviceauth x-amz-request-id ZP8JJB1R89FBK426 x-amz-server-side-encryption AES256 x-amz-version-id NcZlBvEGIi9.aN0jU5o.nMZjo_8TMie2
GET DATA	200 OK	truncated /	100 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash b14a943dba9df4629d048bd7d735d50d55d1a12bbf836cdc2f87688a4cd29ee4 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers Content-Type image/jpeg
GET H/1.1	404 Not Found	notice-error.png s3.amazonaws.com/cPanel_magic_revision_1352765682/unprotected/cpanel/images/	322 B 322 B	179ms 96ms	Image application/xml	52.216.242.22 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://s3.amazonaws.com/cPanel_magic_revision_1352765682/unprotected/cpanel/images/notice-error.png Requested by Host: s3.amazonaws.com URL: https://s3.amazonaws.com/appforest_uf/f1676996841511x917389161033867100/PaymentInv.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.242.22 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1.amazonaws.com Software AmazonS3 / Resource Hash 3ecbd6e897885820c23d683c543d12b52bae7291a7be1e42a9c5d06aa681e205 Request headers accept-language de-DE,de;q=0.9 Referer https://s3.amazonaws.com/appforest_uf/f1676996841511x917389161033867100/PaymentInv.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers Date Wed, 22 Feb 2023 01:30:04 GMT Server AmazonS3 x-amz-request-id HVH4KZJ43KB2KCTW x-amz-id-2 VXgl4seE9tHjwzTXtH/2/SAWimRdiDz6obqpEcX2VgSWvGqyZs+dDGwjTmMpKyY0S1klQ3xxi0k= Transfer-Encoding chunked Content-Type application/xml
GET H/1.1	404 Not Found	notice-info.png s3.amazonaws.com/cPanel_magic_revision_1352765682/unprotected/cpanel/images/	322 B 322 B	279ms 96ms	Image application/xml	52.216.242.22 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://s3.amazonaws.com/cPanel_magic_revision_1352765682/unprotected/cpanel/images/notice-info.png Requested by Host: s3.amazonaws.com URL: https://s3.amazonaws.com/appforest_uf/f1676996841511x917389161033867100/PaymentInv.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.242.22 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1.amazonaws.com Software AmazonS3 / Resource Hash e4f0a7fc39747d048e2a55ae1f14858831729fba3be63ea70fd2eecfb4c7c322 Request headers accept-language de-DE,de;q=0.9 Referer https://s3.amazonaws.com/appforest_uf/f1676996841511x917389161033867100/PaymentInv.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers Date Wed, 22 Feb 2023 01:30:03 GMT Server AmazonS3 x-amz-request-id HVH5KKPJVY6TF9A9 x-amz-id-2 9yyHO5CoS2TM7OzwedxeApzGzWFG/+JSO122WeyoIcgXNViZArnzMOYkwamaQLmntexHD1/N6lo= Transfer-Encoding chunked Content-Type application/xml
GET H/1.1	404 Not Found	notice-success.png s3.amazonaws.com/cPanel_magic_revision_1352765682/unprotected/cpanel/images/	322 B 322 B	280ms 96ms	Image application/xml	52.216.242.22 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://s3.amazonaws.com/cPanel_magic_revision_1352765682/unprotected/cpanel/images/notice-success.png Requested by Host: s3.amazonaws.com URL: https://s3.amazonaws.com/appforest_uf/f1676996841511x917389161033867100/PaymentInv.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.242.22 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1.amazonaws.com Software AmazonS3 / Resource Hash f28445e087722e14abd65dc31af23aae3791a156651f57f4a7bd5229a7d5dbd0 Request headers accept-language de-DE,de;q=0.9 Referer https://s3.amazonaws.com/appforest_uf/f1676996841511x917389161033867100/PaymentInv.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers Date Wed, 22 Feb 2023 01:30:03 GMT Server AmazonS3 x-amz-request-id HVH20BFN1960QQK4 x-amz-id-2 91Be7m20iLDUvjSzmNH2t4oHA24iyvJGrl/eYlGq+br00ZWbAejIdpEMjHxq4l17s+Xg0ECctqA= Transfer-Encoding chunked Content-Type application/xml
GET H/1.1	404 Not Found	warning.png s3.amazonaws.com/cPanel_magic_revision_1352765682/unprotected/cpanel/images/	322 B 322 B	282ms 98ms	Image application/xml	52.216.242.22 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://s3.amazonaws.com/cPanel_magic_revision_1352765682/unprotected/cpanel/images/warning.png Requested by Host: s3.amazonaws.com URL: https://s3.amazonaws.com/appforest_uf/f1676996841511x917389161033867100/PaymentInv.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.242.22 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1.amazonaws.com Software AmazonS3 / Resource Hash 1d8ad0dfa9b2b697b6784d6f512325dbc1ac6e78bf47cd8a08525898e87aa4ac Request headers accept-language de-DE,de;q=0.9 Referer https://s3.amazonaws.com/appforest_uf/f1676996841511x917389161033867100/PaymentInv.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers Date Wed, 22 Feb 2023 01:30:04 GMT Server AmazonS3 x-amz-request-id HVH54B2HEG6BSC2T x-amz-id-2 VW4c2IhynLVKD2SWpQDGwW+B+pW8fGK+dK8qam/lPXWiC603tLpnmyF/cudkLjRE0wFKQTehtR0= Transfer-Encoding chunked Content-Type application/xml
GET DATA	200 OK	truncated /	71 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 4cf0818dd9010568437158677180d8aa461ec9c52770ee6cef771b5f6d01f3c1 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	404 Not Found	icon-username.png s3.amazonaws.com/cPanel_magic_revision_1335428098/unprotected/cpanel/images/	322 B 322 B	265ms 96ms	Image application/xml	52.216.242.22 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://s3.amazonaws.com/cPanel_magic_revision_1335428098/unprotected/cpanel/images/icon-username.png Requested by Host: s3.amazonaws.com URL: https://s3.amazonaws.com/appforest_uf/f1676996841511x917389161033867100/PaymentInv.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.242.22 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1.amazonaws.com Software AmazonS3 / Resource Hash f45d0e29fb9c687581a591d15f1202a44ad4c347cc91a03a834fa9525208a49d Request headers accept-language de-DE,de;q=0.9 Referer https://s3.amazonaws.com/appforest_uf/f1676996841511x917389161033867100/PaymentInv.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers Date Wed, 22 Feb 2023 01:30:03 GMT Server AmazonS3 x-amz-request-id HVHFEF3KGTNXBDQG x-amz-id-2 3ETnLVnyzb1vAQrfaHSm2llxLhgL/ncDsudXVlWlK+eQ4O3FYiMB4ulHz+CxEgkN+o9cJ/XvzmM= Transfer-Encoding chunked Content-Type application/xml
GET H/1.1	404 Not Found	icon-password.png s3.amazonaws.com/cPanel_magic_revision_1335428098/unprotected/cpanel/images/	322 B 322 B	275ms 95ms	Image application/xml	52.216.242.22 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://s3.amazonaws.com/cPanel_magic_revision_1335428098/unprotected/cpanel/images/icon-password.png Requested by Host: s3.amazonaws.com URL: https://s3.amazonaws.com/appforest_uf/f1676996841511x917389161033867100/PaymentInv.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.242.22 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1.amazonaws.com Software AmazonS3 / Resource Hash 6a17e4e03facc2055ae75d1c91072dea154ee16dfe9211468d76d0769d931f84 Request headers accept-language de-DE,de;q=0.9 Referer https://s3.amazonaws.com/appforest_uf/f1676996841511x917389161033867100/PaymentInv.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers Date Wed, 22 Feb 2023 01:30:04 GMT Server AmazonS3 x-amz-request-id HVHCEZT3ATNA1H7G x-amz-id-2 mtiLpjPWGAcfe3+zT9J9jX8i7vOaYOMAXWusBi0418AfUQ/6v8Yt33qdkKrP2MYP6T3oIqUziPs= Transfer-Encoding chunked Content-Type application/xml
GET H/1.1	404 Not Found	cpanel-logo-tiny.png s3.amazonaws.com/cPanel_magic_revision_1352765682/unprotected/cpanel/images/	322 B 322 B	183ms 92ms	Image application/xml	52.216.242.22 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://s3.amazonaws.com/cPanel_magic_revision_1352765682/unprotected/cpanel/images/cpanel-logo-tiny.png Requested by Host: s3.amazonaws.com URL: https://s3.amazonaws.com/appforest_uf/f1676996841511x917389161033867100/PaymentInv.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.242.22 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1.amazonaws.com Software AmazonS3 / Resource Hash 8966f5c45a29fc5f0268650a17c1349a65d5e2e197c02ad34389df7926203c44 Request headers accept-language de-DE,de;q=0.9 Referer https://s3.amazonaws.com/appforest_uf/f1676996841511x917389161033867100/PaymentInv.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers Date Wed, 22 Feb 2023 01:30:04 GMT Server AmazonS3 x-amz-request-id HVHDDW89JGFK94EF x-amz-id-2 uXcGo+RmUpLgYuSCTlyqXXrs3C1LSx9IfcIlKtDWW9hHaTXkUS40LxLPh1sWejYWP/H3YSE8w7c= Transfer-Encoding chunked Content-Type application/xml

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Adobe (Consumer)

47 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange function| getParm object| DOM object| MESSAGES function| toggle_locales function| fade_in function| fade_out function| ajaxObject function| login_results function| show_status function| reset_status_timeout function| set_status_timeout function| do_login function| _set_links_style function| hide_links function| show_links number| FADE_DURATION number| FADE_DELAY number| AJAX_TIMEOUT object| LOCALE_FADES boolean| HAS_CSS_OPACITY object| login_form object| login_username_el object| login_password_el object| login_submit_el object| div_cache boolean| content_cell object| reset_form object| reset_username_el object| RESET_FADES function| show_reset function| hide_reset function| set_opacity undefined| filter_regex string| _text_content object| level_classes object| levels_regex string| lv object| STATUS_TIMEOUT boolean| LOGIN_SUBMIT_OK object| login_button undefined| new_script object| preload object| resJS boolean| IS_LOGOUT object| EmailField

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://s3.amazonaws.com/cPanel_magic_revision_1352765682/unprotected/cpanel/images/notice-error.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://s3.amazonaws.com/cPanel_magic_revision_1352765682/unprotected/cpanel/images/cpanel-logo-tiny.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://s3.amazonaws.com/cPanel_magic_revision_1352765682/unprotected/cpanel/images/notice-info.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://s3.amazonaws.com/cPanel_magic_revision_1352765682/unprotected/cpanel/images/notice-success.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://s3.amazonaws.com/cPanel_magic_revision_1335428098/unprotected/cpanel/images/icon-username.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://s3.amazonaws.com/cPanel_magic_revision_1352765682/unprotected/cpanel/images/warning.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://s3.amazonaws.com/cPanel_magic_revision_1335428098/unprotected/cpanel/images/icon-password.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

s3.amazonaws.com
52.216.242.22
1d8ad0dfa9b2b697b6784d6f512325dbc1ac6e78bf47cd8a08525898e87aa4ac
3ecbd6e897885820c23d683c543d12b52bae7291a7be1e42a9c5d06aa681e205
4cf0818dd9010568437158677180d8aa461ec9c52770ee6cef771b5f6d01f3c1
5bddcea0cd023656befd9631a42d8cafb86f049aae782203a59fc3ee8cf9a619
6a17e4e03facc2055ae75d1c91072dea154ee16dfe9211468d76d0769d931f84
8966f5c45a29fc5f0268650a17c1349a65d5e2e197c02ad34389df7926203c44
b14a943dba9df4629d048bd7d735d50d55d1a12bbf836cdc2f87688a4cd29ee4
e4f0a7fc39747d048e2a55ae1f14858831729fba3be63ea70fd2eecfb4c7c322
f28445e087722e14abd65dc31af23aae3791a156651f57f4a7bd5229a7d5dbd0
f45d0e29fb9c687581a591d15f1202a44ad4c347cc91a03a834fa9525208a49d