urlscan.io logo urlscan.io
SecurityTrails logo

homefile.archive.us-east-1.oortech.com Open in urlscan Pro
170.106.201.213  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://shoutout.wix.com/so/81P6fxSL4/c?w=ghIcpH_fg1bfdHPZs_v8C56CrbYCVEwaGndTisXeTP4.eyJ1IjoiaHR0cHM6Ly96aWd6YWctY2F0a2l...
Effective URL: https://homefile.archive.us-east-1.oortech.com/dobe?signature=8cbbf8b48fa92625966bc6210ca77e00e95e8dc13289375ff061bd73a353d6b61afccae2c0c2e17fb...
Submission Tags: @phish_report
Submission: On September 02 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 6 domains to perform 6 HTTP transactions. The main IP is 170.106.201.213, located in Ashburn, United States and belongs to TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN. The main domain is homefile.archive.us-east-1.oortech.com.
TLS certificate: Issued by TrustAsia RSA DV TLS CA G2 on March 28th 2024. Valid for: a year.
This is the only time homefile.archive.us-east-1.oortech.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Excel / PDF download (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 34.149.206.255 15169 (GOOGLE)
1 3.213.155.102 14618 (AMAZON-AES)
1 170.106.201.213 132203 (TENCENT-N...)
2 151.101.2.132 54113 (FASTLY)
1 2a04:4e42::649 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
6 5
1    34.149.206.255 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 255.206.149.34.bc.googleusercontent.com
shoutout.wix.com
1    3.213.155.102 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-213-155-102.compute-1.amazonaws.com
zigzag-catkin-fossa.glitch.me
1    170.106.201.213 (Ashburn, United States)

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)
homefile.archive.us-east-1.oortech.com
2    151.101.2.132 (San Francisco, United States)

ASN54113 (FASTLY, US)
cdn.glitch.global
1    2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
1    2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
firebasestorage.googleapis.com
Apex Domain
Subdomains		 Transfer
2 glitch.global
cdn.glitch.global — Cisco Umbrella Rank: 432012
175 KB
1 googleapis.com
firebasestorage.googleapis.com — Cisco Umbrella Rank: 6369
118 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 1211
31 KB
1 oortech.com
homefile.archive.us-east-1.oortech.com
3 KB
1 glitch.me
zigzag-catkin-fossa.glitch.me
1002 B
1 wix.com
shoutout.wix.com — Cisco Umbrella Rank: 187530
540 B
6 6
Domain Requested by
2 cdn.glitch.global homefile.archive.us-east-1.oortech.com
1 firebasestorage.googleapis.com homefile.archive.us-east-1.oortech.com
1 code.jquery.com homefile.archive.us-east-1.oortech.com
1 homefile.archive.us-east-1.oortech.com zigzag-catkin-fossa.glitch.me
1 zigzag-catkin-fossa.glitch.me
1 shoutout.wix.com 1 redirects
6 6

This site contains no links.

Subject Issuer Validity Valid
glitch.com
Amazon RSA 2048 M03		 2023-12-04 -
2025-01-01		 a year crt.sh
*.archive.us-east-1.oortech.com
TrustAsia RSA DV TLS CA G2		 2024-03-28 -
2025-03-28		 a year crt.sh
cdn.glitch.global
R11		 2024-07-29 -
2024-10-27		 3 months crt.sh
*.jquery.com
Sectigo ECC Domain Validation Secure Server CA		 2024-06-25 -
2025-06-25		 a year crt.sh
upload.video.google.com
WR2		 2024-08-05 -
2024-10-28		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://homefile.archive.us-east-1.oortech.com/dobe?signature=8cbbf8b48fa92625966bc6210ca77e00e95e8dc13289375ff061bd73a353d6b61afccae2c0c2e17fbdfe10bfb1b886df6bb422e4524cb20ae21f922f5d43740597109cbae50c61ee42f7be3468c699796f3953801031d75d3605a193a2eb2996&provider=2
Frame ID: 1F3F31BB33DEA7730E1257C5A75C47BF
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

PDF ONLINE DOCUMENT

Page URL History Show full URLs

  1. https://shoutout.wix.com/so/81P6fxSL4/c?w=ghIcpH_fg1bfdHPZs_v8C56CrbYCVEwaGndTisXeTP4.eyJ1IjoiaHR0cHM... HTTP 302
    https://zigzag-catkin-fossa.glitch.me/ Page URL
  2. https://homefile.archive.us-east-1.oortech.com/dobe?signature=8cbbf8b48fa92625966bc6210ca77e00e95e8dc13289375ff061bd73a353d... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

6
Requests

100 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

5
IPs

2
Countries

327 kB
Transfer

563 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://shoutout.wix.com/so/81P6fxSL4/c?w=ghIcpH_fg1bfdHPZs_v8C56CrbYCVEwaGndTisXeTP4.eyJ1IjoiaHR0cHM6Ly96aWd6YWctY2F0a2luLWZvc3NhLmdsaXRjaC5tZS8iLCJyIjoiMmMzZTU3MWUtN2I0Yi00NGMyLWE3YjAtNDU1MzA0M2M2M2IwIiwibSI6Im1haWwiLCJjIjoiMzUxNmRmM2EtZWE1OS00YTYwLWFkYzYtZjgxZGVmMjA0OTcyIn0 HTTP 302
    https://zigzag-catkin-fossa.glitch.me/ Page URL
  2. https://homefile.archive.us-east-1.oortech.com/dobe?signature=8cbbf8b48fa92625966bc6210ca77e00e95e8dc13289375ff061bd73a353d6b61afccae2c0c2e17fbdfe10bfb1b886df6bb422e4524cb20ae21f922f5d43740597109cbae50c61ee42f7be3468c699796f3953801031d75d3605a193a2eb2996&provider=2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://shoutout.wix.com/so/81P6fxSL4/c?w=ghIcpH_fg1bfdHPZs_v8C56CrbYCVEwaGndTisXeTP4.eyJ1IjoiaHR0cHM6Ly96aWd6YWctY2F0a2luLWZvc3NhLmdsaXRjaC5tZS8iLCJyIjoiMmMzZTU3MWUtN2I0Yi00NGMyLWE3YjAtNDU1MzA0M2M2M2IwIiwibSI6Im1haWwiLCJjIjoiMzUxNmRmM2EtZWE1OS00YTYwLWFkYzYtZjgxZGVmMjA0OTcyIn0 HTTP 302
  • https://zigzag-catkin-fossa.glitch.me/

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
zigzag-catkin-fossa.glitch.me/
Redirect Chain
  • https://shoutout.wix.com/so/81P6fxSL4/c?w=ghIcpH_fg1bfdHPZs_v8C56CrbYCVEwaGndTisXeTP4.eyJ1IjoiaHR0cHM6Ly96aWd6YWctY2F0a2luLWZvc3NhLmdsaXRjaC5tZS8iLCJyIjoiMmMzZTU3MWUtN2I0Yi00NGMyLWE3YjAtNDU1MzA0M2M...
  • https://zigzag-catkin-fossa.glitch.me/
637 B
1002 B 		Document
General
Check archive.org
Download Go to
Full URL
https://zigzag-catkin-fossa.glitch.me/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.213.155.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-213-155-102.compute-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
f5e1f966fab28c822e4e55f9e4e07e35e31ed8ec5cf71b8e93ef9ed86d270bb8

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
no-cache
content-length
637
content-type
text/html; charset=utf-8
date
Mon, 02 Sep 2024 06:14:57 GMT
etag
"5e72528843b92a9e7c573c47b431f7ce"
last-modified
Sat, 31 Aug 2024 19:38:46 GMT
server
AmazonS3
x-amz-id-2
yx4wXMGgwvxj1s4vzpsv+K5Q4AeX2bBytDP2kNQXTHWj/XXSGzmN21mujWJVMESBLWfYRzWl7U0=
x-amz-request-id
PG8RG5C8P7FNBV43
x-amz-server-side-encryption
AES256
x-amz-version-id
MN3pOoVyzwgYd7hChxM1iYqbWf985aQs

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Mon, 02 Sep 2024 06:14:56 GMT
glb-x-seen-by
wMMTADooq5AJ3cFomJ/MuXOQWGce7NCZXKms1ErOpBs=
location
https://zigzag-catkin-fossa.glitch.me/
server
Pepyaka
strict-transport-security
max-age=120 ; includeSubDomains
via
1.1 google
x-content-type-options
nosniff
x-seen-by
GilIRCy+Ky2nI9KZaDKzWLxkNjrXdwdgtu6E0yACibU=,m0j2EEknGIVUW/liY8BLLnE0+sv3Cu6axHpMgnDQFcN9UuJLvoOY0uBy3RuVN3og,qYxvFa0bBL43z6b6TutC4aKWmFCNisf3BQ7FxdhwcuBEQfi00LSS7LJu7sdkoLsDNKpW2uVnIsctdaa+/vEEyw==,r6yY0ta7bIKrqK70x072lfaoVXQUkp8BWaIWuR+AZNk=
x-wix-request-id
1725257696.86069743752626323151
Primary Request dobe
homefile.archive.us-east-1.oortech.com/ 		10 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://homefile.archive.us-east-1.oortech.com/dobe?signature=8cbbf8b48fa92625966bc6210ca77e00e95e8dc13289375ff061bd73a353d6b61afccae2c0c2e17fbdfe10bfb1b886df6bb422e4524cb20ae21f922f5d43740597109cbae50c61ee42f7be3468c699796f3953801031d75d3605a193a2eb2996&provider=2
Requested by
Host: zigzag-catkin-fossa.glitch.me
URL: https://zigzag-catkin-fossa.glitch.me/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.106.201.213 Ashburn, United States, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
dfe39e44bbc72df109405c1336a7226623fe4582f4c222553c70c74faab54571
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://zigzag-catkin-fossa.glitch.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Authorization, Content-Length, X-CSRF-Token, token, session, Accept, Origin, Host, Connection, Accept-Encoding, Accept-Language, DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH,HEAD,CONNECT,OPTIONS,TRACE
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Methods, Access-Control-Allow-Headers, Content-Type, token, refresh_token
access-control-max-age
3628800
content-disposition
inline; filename="dobe"
content-encoding
gzip
content-type
text/html
date
Mon, 02 Sep 2024 06:14:57 GMT
last-modified
Wed, 28 Aug 2024 14:11:48 GMT
server
nginx/1.18.0 (Ubuntu)
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
pdf-logo.png
cdn.glitch.global/30e3fd15-1595-4f62-8949-4a92dad3c744/ 		174 KB
175 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.glitch.global/30e3fd15-1595-4f62-8949-4a92dad3c744/pdf-logo.png?v=1703176079035
Requested by
Host: homefile.archive.us-east-1.oortech.com
URL: https://homefile.archive.us-east-1.oortech.com/dobe?signature=8cbbf8b48fa92625966bc6210ca77e00e95e8dc13289375ff061bd73a353d6b61afccae2c0c2e17fbdfe10bfb1b886df6bb422e4524cb20ae21f922f5d43740597109cbae50c61ee42f7be3468c699796f3953801031d75d3605a193a2eb2996&provider=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
288025fbee50a4305bbf24a0b43e82af28300f5087b7adc93e21d111354a7327
Security Headers
Name Value
Content-Security-Policy script-src 'none'

Request headers

Referer
https://homefile.archive.us-east-1.oortech.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
script-src 'none'
via
1.1 varnish, 1.1 varnish
date
Mon, 02 Sep 2024 06:14:58 GMT
x-amz-request-id
8V9GHD81KGCYVWYB
age
2336335
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
178166
x-amz-id-2
UvIEayyNbV8hXfHtj2olZxoPkgj9ompUWKk+nCqcJAHIFrcns9MYHk79E5lQNCQBJHcm4PqH454=
x-served-by
cache-iad-kiad7000134-IAD, cache-fra-etou8220085-FRA
last-modified
Thu, 21 Dec 2023 16:27:58 GMT
server
AmazonS3
x-timer
S1725257698.229904,VS0,VE1
etag
"2be243eaa597e9442b712456427c25d2"
access-control-allow-methods
GET, HEAD, POST
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-cache-hits
2, 0
jquery-3.6.0.min.js
code.jquery.com/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.6.0.min.js
Requested by
Host: homefile.archive.us-east-1.oortech.com
URL: https://homefile.archive.us-east-1.oortech.com/dobe?signature=8cbbf8b48fa92625966bc6210ca77e00e95e8dc13289375ff061bd73a353d6b61afccae2c0c2e17fbdfe10bfb1b886df6bb422e4524cb20ae21f922f5d43740597109cbae50c61ee42f7be3468c699796f3953801031d75d3605a193a2eb2996&provider=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer
https://homefile.archive.us-east-1.oortech.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 02 Sep 2024 06:14:58 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
3275443
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
content-length
30875
x-served-by
cache-lga21931-LGA, cache-hel1410034-HEL
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1725257698.145493,VS0,VE0
etag
W/"28feccc0-15d9d"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
71, 1701686
Adobe.png
firebasestorage.googleapis.com/v0/b/png-images-481bb.appspot.com/o/ 		117 KB
118 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://firebasestorage.googleapis.com/v0/b/png-images-481bb.appspot.com/o/Adobe.png?alt=media&token=a3813f1f-169a-48a6-8172-22d091f87e7c
Requested by
Host: homefile.archive.us-east-1.oortech.com
URL: https://homefile.archive.us-east-1.oortech.com/dobe?signature=8cbbf8b48fa92625966bc6210ca77e00e95e8dc13289375ff061bd73a353d6b61afccae2c0c2e17fbdfe10bfb1b886df6bb422e4524cb20ae21f922f5d43740597109cbae50c61ee42f7be3468c699796f3953801031d75d3605a193a2eb2996&provider=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
c6a474bcc89bf85d1ccaa821fb3d9c8fca16b18a6a5ba8d217c4e3166dec80e1

Request headers

Referer
https://homefile.archive.us-east-1.oortech.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 02 Sep 2024 06:14:58 GMT
x-guploader-uploadid
AD-8ljuSwpCpQeQA-4Ry4Fa1CxiB3AB12izFk3Sxd6NTSAe444SZY1mDTSb0U0etNez4GqLpCqg
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''Adobe.png
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
119844
last-modified
Wed, 10 Apr 2024 11:51:57 GMT
server
UploadServer
etag
"c657d7e769a257c2ed86980292fe4ddc"
x-goog-generation
1712749917474086
content-type
image/png
x-goog-hash
crc32c=sw/mPA==, md5=xlfX52miV8LthpgCkv5N3A==
cache-control
private, max-age=0
x-goog-stored-content-length
119844
x-goog-meta-firebasestoragedownloadtokens
a3813f1f-169a-48a6-8172-22d091f87e7c
accept-ranges
bytes
expires
Mon, 02 Sep 2024 06:14:58 GMT
pdf-logo.png
cdn.glitch.global/30e3fd15-1595-4f62-8949-4a92dad3c744/ 		174 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.glitch.global/30e3fd15-1595-4f62-8949-4a92dad3c744/pdf-logo.png?v=1703176079035
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
288025fbee50a4305bbf24a0b43e82af28300f5087b7adc93e21d111354a7327
Security Headers
Name Value
Content-Security-Policy script-src 'none'

Request headers

Referer
https://homefile.archive.us-east-1.oortech.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
script-src 'none'
via
1.1 varnish, 1.1 varnish
date
Mon, 02 Sep 2024 06:14:58 GMT
x-amz-request-id
8V9GHD81KGCYVWYB
age
2336335
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
178166
x-amz-id-2
UvIEayyNbV8hXfHtj2olZxoPkgj9ompUWKk+nCqcJAHIFrcns9MYHk79E5lQNCQBJHcm4PqH454=
x-served-by
cache-iad-kiad7000134-IAD, cache-fra-etou8220085-FRA
last-modified
Thu, 21 Dec 2023 16:27:58 GMT
server
AmazonS3
x-timer
S1725257698.229904,VS0,VE1
etag
"2be243eaa597e9442b712456427c25d2"
access-control-allow-methods
GET, HEAD, POST
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-cache-hits
2, 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Excel / PDF download (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

1 Cookies

Domain/Path Name / Value
.wix.com/ Name: XSRF-TOKEN
Value: 1725257696|1OeWmiiCbY8A

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://homefile.archive.us-east-1.oortech.com/dobe?signature=8cbbf8b48fa92625966bc6210ca77e00e95e8dc13289375ff061bd73a353d6b61afccae2c0c2e17fbdfe10bfb1b886df6bb422e4524cb20ae21f922f5d43740597109cbae50c61ee42f7be3468c699796f3953801031d75d3605a193a2eb2996&provider=2#x
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o