urlscan.io logo urlscan.io
SecurityTrails logo

prod-blue-bill-stalker.s3.amazonaws.com Open in urlscan Pro
52.95.163.16  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://click.omie.com.br/track/click/30041717/click.omie.com?p=eyJzIjoiR2U4QXhXaDhxVVFkT013Nl9VRGVnU3RXX0hRIiwidiI6MSwicC...
Effective URL: https://prod-blue-bill-stalker.s3.amazonaws.com/apps_1712aa99-1690-45af-9f1b-991c8808016b.pdf?AWSAccessKeyId=ASIA4INFFOTW4ZCYRJPL&Signature=qRWY...
Submission: On April 20 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 2 countries across 3 domains to perform 1 HTTP transactions. The main IP is 52.95.163.16, located in São Paulo, Brazil and belongs to AMAZON-02, US. The main domain is prod-blue-bill-stalker.s3.amazonaws.com.
TLS certificate: Issued by Amazon on December 15th 2021. Valid for: a year.
This is the only time prod-blue-bill-stalker.s3.amazonaws.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

apps_1712aa99-1690-45af-9f1b-991c8808016b.pdf 35 KB application/pdf
MIME: PDF document, version 1.4
Size: 35 KB (35393 bytes, 100% done)
Downloaded from: https://prod-blue-bill-stalker.s3.amazonaws.com/apps_1712aa99-1690-45af-9f1b-991c8808016b.pdf?AWSAccessKeyId=ASIA4INFFOTW4ZCYRJPL&Signature=qRWYg2kKfvk3Pdq8G7LWHfJrofY%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEFsaCXNhLWVhc3QtMSJHMEUCIHZ41zVws1Du9sOQiW2mLX4YWfYZpyDw4uBNSqgJiDzhAiEA1Am6QDTgZz6yIDkjky1uSKjY5RST72VgyLvphcg3guQqnwIIExAAGgw4NDI2OTY4NDg2MjEiDNrCXEgKsLArtN4QsCr8AdzHsJgP7SkDk6%2Fbz4x6ybu60Fy6mlKMzDZbP6se4ylWGsX8TnSM9aQ6tO6PO%2FwuXFsKsIgRywVsKCL5ijxUd3KGt0Q9wJ8xQTe%2B9gAOb%2F%2FX2N7MB1ioEqA83tqbs1%2B4IGdZJ%2F0VT%2B6zYCoikbEGl246FEqET%2Btlwpl3menRwWcdXyIaC5HxGeGsI7W69q3AH%2FgH7BNxMkEGvU7orhOHm924GrFhihMVpGSHu89YhqkLHtGhSCeaJc74qRgZrLjMt7zsRIXf7gRU6SBt1mEsHtbVvHoddGrPpuI01q2Tsm6%2Fpr0FC8LOjOj%2F2C%2FpLIFmWubmM7qhLmDxPWIZzDCmzP%2BSBjqaAf5IpkdW%2Bar727om2aCreedJ9P%2FOqlfnnWeYE85gtKMleR%2Fjditgr6z1OvphWreojFd7HYF5y4qVLoK842lH%2BtYN6Ss5T%2B8H7bosLD6r94yLcx211pexC3D2EJSYixO%2FhZbin%2FgE3Y7yWt4fWyrV%2BVUiennn4vvl2SCBOm9yRp6YLe0IAoSzKNr5SHNlMrp%2FcaLbe00v8lhY70I%3D&Expires=1650542762

Domain & IP information

IP Address AS Autonomous System
1 1 143.204.201.106 16509 (AMAZON-02)
1 1 2600:9000:214... 16509 (AMAZON-02)
1 1 143.204.201.53 16509 (AMAZON-02)
1 52.95.163.16 16509 (AMAZON-02)
1 1
Apex Domain
Subdomains		 Transfer
2 omie.com.br
click.omie.com.br — Cisco Umbrella Rank: 691279
connect.omie.com.br
2 KB
1 amazonaws.com
prod-blue-bill-stalker.s3.amazonaws.com
1 omie.com
click.omie.com
2 KB
1 3
Domain Requested by
1 prod-blue-bill-stalker.s3.amazonaws.com
1 connect.omie.com.br 1 redirects
1 click.omie.com 1 redirects
1 click.omie.com.br 1 redirects
1 4

This site contains no links.

Subject Issuer Validity Valid
*.s3.amazonaws.com
Amazon		 2021-12-15 -
2022-12-03		 a year crt.sh

This page contains 1 frames:

Primary Page: https://prod-blue-bill-stalker.s3.amazonaws.com/apps_1712aa99-1690-45af-9f1b-991c8808016b.pdf?AWSAccessKeyId=ASIA4INFFOTW4ZCYRJPL&Signature=qRWYg2kKfvk3Pdq8G7LWHfJrofY%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEFsaCXNhLWVhc3QtMSJHMEUCIHZ41zVws1Du9sOQiW2mLX4YWfYZpyDw4uBNSqgJiDzhAiEA1Am6QDTgZz6yIDkjky1uSKjY5RST72VgyLvphcg3guQqnwIIExAAGgw4NDI2OTY4NDg2MjEiDNrCXEgKsLArtN4QsCr8AdzHsJgP7SkDk6%2Fbz4x6ybu60Fy6mlKMzDZbP6se4ylWGsX8TnSM9aQ6tO6PO%2FwuXFsKsIgRywVsKCL5ijxUd3KGt0Q9wJ8xQTe%2B9gAOb%2F%2FX2N7MB1ioEqA83tqbs1%2B4IGdZJ%2F0VT%2B6zYCoikbEGl246FEqET%2Btlwpl3menRwWcdXyIaC5HxGeGsI7W69q3AH%2FgH7BNxMkEGvU7orhOHm924GrFhihMVpGSHu89YhqkLHtGhSCeaJc74qRgZrLjMt7zsRIXf7gRU6SBt1mEsHtbVvHoddGrPpuI01q2Tsm6%2Fpr0FC8LOjOj%2F2C%2FpLIFmWubmM7qhLmDxPWIZzDCmzP%2BSBjqaAf5IpkdW%2Bar727om2aCreedJ9P%2FOqlfnnWeYE85gtKMleR%2Fjditgr6z1OvphWreojFd7HYF5y4qVLoK842lH%2BtYN6Ss5T%2B8H7bosLD6r94yLcx211pexC3D2EJSYixO%2FhZbin%2FgE3Y7yWt4fWyrV%2BVUiennn4vvl2SCBOm9yRp6YLe0IAoSzKNr5SHNlMrp%2FcaLbe00v8lhY70I%3D&Expires=1650542762
Frame ID: DFDCEAF57054FBAD49FBCB9AFEC50732
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

Page Statistics

1
Requests

100 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

1
IPs

2
Countries

0 kB
Transfer

0 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request apps_1712aa99-1690-45af-9f1b-991c8808016b.pdf
prod-blue-bill-stalker.s3.amazonaws.com/
Redirect Chain
  • http://click.omie.com.br/track/click/30041717/click.omie.com?p=eyJzIjoiR2U4QXhXaDhxVVFkT013Nl9VRGVnU3RXX0hRIiwidiI6MSwicCI6IntcInVcIjozMDA0MTcxNyxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2NsaWNrLm...
  • https://click.omie.com.br/track/click/30041717/click.omie.com?p=eyJzIjoiR2U4QXhXaDhxVVFkT013Nl9VRGVnU3RXX0hRIiwidiI6MSwicCI6IntcInVcIjozMDA0MTcxNyxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2NsaWNrL...
  • https://click.omie.com/nfs-e-202200000015454-2g6asowb38
  • https://connect.omie.com.br/nfse?redirect=mg_belohorizonte&cnpj=10552544000110&nota=202200000015454&codigo=64682cdc
  • https://prod-blue-bill-stalker.s3.amazonaws.com/apps_1712aa99-1690-45af-9f1b-991c8808016b.pdf?AWSAccessKeyId=ASIA4INFFOTW4ZCYRJPL&Signature=qRWYg2kKfvk3Pdq8G7LWHfJrofY%3D&x-amz-security-token=IQoJb...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://prod-blue-bill-stalker.s3.amazonaws.com/apps_1712aa99-1690-45af-9f1b-991c8808016b.pdf?AWSAccessKeyId=ASIA4INFFOTW4ZCYRJPL&Signature=qRWYg2kKfvk3Pdq8G7LWHfJrofY%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEFsaCXNhLWVhc3QtMSJHMEUCIHZ41zVws1Du9sOQiW2mLX4YWfYZpyDw4uBNSqgJiDzhAiEA1Am6QDTgZz6yIDkjky1uSKjY5RST72VgyLvphcg3guQqnwIIExAAGgw4NDI2OTY4NDg2MjEiDNrCXEgKsLArtN4QsCr8AdzHsJgP7SkDk6%2Fbz4x6ybu60Fy6mlKMzDZbP6se4ylWGsX8TnSM9aQ6tO6PO%2FwuXFsKsIgRywVsKCL5ijxUd3KGt0Q9wJ8xQTe%2B9gAOb%2F%2FX2N7MB1ioEqA83tqbs1%2B4IGdZJ%2F0VT%2B6zYCoikbEGl246FEqET%2Btlwpl3menRwWcdXyIaC5HxGeGsI7W69q3AH%2FgH7BNxMkEGvU7orhOHm924GrFhihMVpGSHu89YhqkLHtGhSCeaJc74qRgZrLjMt7zsRIXf7gRU6SBt1mEsHtbVvHoddGrPpuI01q2Tsm6%2Fpr0FC8LOjOj%2F2C%2FpLIFmWubmM7qhLmDxPWIZzDCmzP%2BSBjqaAf5IpkdW%2Bar727om2aCreedJ9P%2FOqlfnnWeYE85gtKMleR%2Fjditgr6z1OvphWreojFd7HYF5y4qVLoK842lH%2BtYN6Ss5T%2B8H7bosLD6r94yLcx211pexC3D2EJSYixO%2FhZbin%2FgE3Y7yWt4fWyrV%2BVUiennn4vvl2SCBOm9yRp6YLe0IAoSzKNr5SHNlMrp%2FcaLbe00v8lhY70I%3D&Expires=1650542762
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.163.16 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-sa-east-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Content-Length
35393
Content-Type
binary/octet-stream
Date
Wed, 20 Apr 2022 12:06:04 GMT
ETag
"50e2ab3235b4bc296039e88ba52e0dec"
Last-Modified
Wed, 20 Apr 2022 12:06:03 GMT
Server
AmazonS3
x-amz-expiration
expiry-date="Thu, 28 Apr 2022 00:00:00 GMT", rule-id="delete-old-files"
x-amz-id-2
4Br9UmyZckD3KXdU8Ip7HtPFGEqIzEBtu6aCTN+j7SufZPnYZpmUS5bwJMEsS0CnXni2kKdqG3Q=
x-amz-request-id
HT908BR6WXB3EZ03

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
content-type
application/json
date
Wed, 20 Apr 2022 12:06:02 GMT
location
https://prod-blue-bill-stalker.s3.amazonaws.com/apps_1712aa99-1690-45af-9f1b-991c8808016b.pdf?AWSAccessKeyId=ASIA4INFFOTW4ZCYRJPL&Signature=qRWYg2kKfvk3Pdq8G7LWHfJrofY%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEFsaCXNhLWVhc3QtMSJHMEUCIHZ41zVws1Du9sOQiW2mLX4YWfYZpyDw4uBNSqgJiDzhAiEA1Am6QDTgZz6yIDkjky1uSKjY5RST72VgyLvphcg3guQqnwIIExAAGgw4NDI2OTY4NDg2MjEiDNrCXEgKsLArtN4QsCr8AdzHsJgP7SkDk6%2Fbz4x6ybu60Fy6mlKMzDZbP6se4ylWGsX8TnSM9aQ6tO6PO%2FwuXFsKsIgRywVsKCL5ijxUd3KGt0Q9wJ8xQTe%2B9gAOb%2F%2FX2N7MB1ioEqA83tqbs1%2B4IGdZJ%2F0VT%2B6zYCoikbEGl246FEqET%2Btlwpl3menRwWcdXyIaC5HxGeGsI7W69q3AH%2FgH7BNxMkEGvU7orhOHm924GrFhihMVpGSHu89YhqkLHtGhSCeaJc74qRgZrLjMt7zsRIXf7gRU6SBt1mEsHtbVvHoddGrPpuI01q2Tsm6%2Fpr0FC8LOjOj%2F2C%2FpLIFmWubmM7qhLmDxPWIZzDCmzP%2BSBjqaAf5IpkdW%2Bar727om2aCreedJ9P%2FOqlfnnWeYE85gtKMleR%2Fjditgr6z1OvphWreojFd7HYF5y4qVLoK842lH%2BtYN6Ss5T%2B8H7bosLD6r94yLcx211pexC3D2EJSYixO%2FhZbin%2FgE3Y7yWt4fWyrV%2BVUiennn4vvl2SCBOm9yRp6YLe0IAoSzKNr5SHNlMrp%2FcaLbe00v8lhY70I%3D&Expires=1650542762
via
1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
x-amz-apigw-id
Q4OOaH8amjQFaCg=
x-amz-cf-id
F3zRO1BMAsBo0nmKuDvsEVPh3dNSgfUKeSzWcVYRDUbplQWoUSOtKw==
x-amz-cf-pop
FRA53-C1
x-amzn-requestid
09c8e770-28be-411f-9a13-a257003f7d6b
x-amzn-trace-id
Root=1-625ff728-561f433b5261c82a1080f2da;Sampled=0
x-cache
Miss from cloudfront

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored

1 Cookies

Domain/Path Name / Value
click.omie.com.br/ Name: PHPSESSID
Value: c31728152b7dee0155436c8767fa68f3

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

click.omie.com
click.omie.com.br
connect.omie.com.br
prod-blue-bill-stalker.s3.amazonaws.com
143.204.201.106
143.204.201.53
2600:9000:214f:6000:0:224d:2c40:93a1
52.95.163.16