www-view-synchronized-document-onedrive1-file8.s3.us-east-1.amazonaws.com

Summary

This website contacted 4 IPs in 2 countries across 5 domains to perform 6 HTTP transactions. The main IP is 3.5.12.148, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www-view-synchronized-document-onedrive1-file8.s3.us-east-1.amazonaws.com.
TLS certificate: Issued by Amazon RSA 2048 M01 on September 18th 2024. Valid for: a year.

This is the only time www-view-synchronized-document-onedrive1-file8.s3.us-east-1.amazonaws.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1	54.231.225.10 54.231.225.10	16509 (AMAZON-02) (AMAZON-02)
3 6	193.203.174.97 193.203.174.97	47583 (AS-HOSTIN...) (AS-HOSTINGER Hostinger International Limited)
1 1	208.75.122.11 208.75.122.11	40444 (ASN-CC) (ASN-CC)
1 1	54.235.205.181 54.235.205.181	14618 (AMAZON-AES) (AMAZON-AES)
1 1	2606:4700::68... 2606:4700::6811:ce1f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	3.5.12.148 3.5.12.148	14618 (AMAZON-AES) (AMAZON-AES)
6	4

1 54.231.225.10 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-east-1-r-w.amazonaws.com

casenumber08093-newclient-settlement.s3.us-east-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 193.203.174.97 (São Paulo, Brazil) 3 redirects

ASN47583 (AS-HOSTINGER Hostinger International Limited, CY)
PTR: srv637233.hstgr.cloud

www.wipjknat0hjkjsd.es	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 208.75.122.11 (United States) 1 redirects

ASN40444 (ASN-CC, US)
PTR: rs6.net

monmxrhbb.cc.rs6.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.235.205.181 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-235-205-181.compute-1.amazonaws.com

arcg.emlnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:ce1f (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

arcg.activehosted.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.5.12.148 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: s3-r-w.us-east-1.amazonaws.com

www-view-synchronized-document-onedrive1-file8.s3.us-east-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	wipjknat0hjkjsd.es 3 redirects www.wipjknat0hjkjsd.es	4 KB
3	amazonaws.com casenumber08093-newclient-settlement.s3.us-east-1.amazonaws.com www-view-synchronized-document-onedrive1-file8.s3.us-east-1.amazonaws.com	14 KB
1	activehosted.com 1 redirects arcg.activehosted.com	918 B
1	emlnk.com 1 redirects arcg.emlnk.com	186 B
1	rs6.net 1 redirects monmxrhbb.cc.rs6.net	362 B
6	5

	Domain	Requested by
6	www.wipjknat0hjkjsd.es	3 redirects casenumber08093-newclient-settlement.s3.us-east-1.amazonaws.com www.wipjknat0hjkjsd.es
2	www-view-synchronized-document-onedrive1-file8.s3.us-east-1.amazonaws.com	www.wipjknat0hjkjsd.es
1	arcg.activehosted.com	1 redirects
1	arcg.emlnk.com	1 redirects
1	monmxrhbb.cc.rs6.net	1 redirects
1	casenumber08093-newclient-settlement.s3.us-east-1.amazonaws.com
6	6

This site contains no links.

Subject Issuer	Validity	Valid
s3.amazonaws.com Amazon RSA 2048 M01	`2024-09-18` - `2025-09-16`	a year	crt.sh
wipjknat0hjkjsd.es R11	`2024-11-08` - `2025-02-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www-view-synchronized-document-onedrive1-file8.s3.us-east-1.amazonaws.com/Sm6ZS4v28rnrWAGUfRR7bXf6ouLCfISU4uBXtJSjgeSUhwK96ZgNAMxKaA1NTDFPNEq9e6AJhpi5SlRmdWbrsIMYcYNNnVnrYfDEl2e4gUVDLX1AKhtmZSv4cZ8tv4iU1Q9hZ4L7nEUk6p4THkNltpGNdtzIBimXKHiHiyMNdI8jGVQUHolUOBmDWd9Ga2nHi8XywT9Z/ERedirect.html
Frame ID: 5DB4C402FEFC5950882ADE2A432313DF
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Confirm Your Identity

Page URL History Show full URLs

https://casenumber08093-newclient-settlement.s3.us-east-1.amazonaws.com/index.html Page URL
https://www.wipjknat0hjkjsd.es/beehivefolder?utm_source=pauls-newsletter-2315e5.beehiiv.com&utm_medium=news... HTTP 301
https://www.wipjknat0hjkjsd.es/beehivefolder/?utm_source=pauls-newsletter-2315e5.beehiiv.com&utm_medium=new... Page URL
https://monmxrhbb.cc.rs6.net/tn.jsp?f=001OAOw9GFX54AFspRCQNvxEDo5W51URfnVb3hdF6OkLBmgJj6ev0JTcjb_MAUL6tDS... HTTP 302
http://www.wipjknat0hjkjsd.es/constantfolder HTTP 307
https://www.wipjknat0hjkjsd.es/constantfolder HTTP 301
https://www.wipjknat0hjkjsd.es/constantfolder/ Page URL
https://arcg.emlnk.com/lt.php?x=3DZy~GDFUITM6sJ80_I9WOdsAHRTjNQjk-5jXaI4JFWgE8Gtz0y.yOS-1X3zie~ykb HTTP 307
https://arcg.activehosted.com/lt.php?x=3DZy~GDFUITM6sJ80_I9WOdsAHRTjNQjk-5jXaI4JFWgE8Gtz0y.yOS-1X3zie~ykb HTTP 302
https://www.wipjknat0hjkjsd.es/transpondfolder?utm_source=ActiveCampaign&utm_medium=email&utm_content=Unloc... HTTP 301
https://www.wipjknat0hjkjsd.es/transpondfolder/?utm_source=ActiveCampaign&utm_medium=email&utm_content=Unlo... Page URL
https://www-view-synchronized-document-onedrive1-file8.s3.us-east-1.amazonaws.com/Sm6ZS4v28rnrWAGUfRR7bXf6ouLCfISU4uBXtJSjgeSUhwK96ZgNAMxKaA1NTDFPNEq9e6AJhpi5... Page URL

Page Statistics

6
Requests

100 %
HTTPS

17 %
IPv6

5
Domains

6
Subdomains

4
IPs

2
Countries

16 kB
Transfer

20 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://casenumber08093-newclient-settlement.s3.us-east-1.amazonaws.com/index.html Page URL
https://www.wipjknat0hjkjsd.es/beehivefolder?utm_source=pauls-newsletter-2315e5.beehiiv.com&utm_medium=newsletter&utm_campaign=sales-now&_bhlid=95a5732d76b0d87e715a98a1f2ef6740013ce92e HTTP 301
https://www.wipjknat0hjkjsd.es/beehivefolder/?utm_source=pauls-newsletter-2315e5.beehiiv.com&utm_medium=newsletter&utm_campaign=sales-now&_bhlid=95a5732d76b0d87e715a98a1f2ef6740013ce92e Page URL
https://monmxrhbb.cc.rs6.net/tn.jsp?f=001OAOw9GFX54AFspRCQNvxEDo5W51URfnVb3hdF6OkLBmgJj6ev0JTcjb_MAUL6tDST1IEG0tHotPfKDkWsYjCsBDtd8KfLqY2TqFYlxTvybKcO8sxhJaHL5k_Vh2aTaswQC_4HGthNUNgUwvIcrwhH777IBjn4r4Tj456gwl9X1iMDsG_78wckQ==&c=JFFJTreNSBuSFsCgTHnXuXBzBJ5un5orS00FjxUgsNnBSxl19KIicA==&ch=WHfD9AMOSrBudjA6lTYUO4xMjguzz6nxaBGlQHsUPfNlzbb813D69g== HTTP 302
http://www.wipjknat0hjkjsd.es/constantfolder HTTP 307
https://www.wipjknat0hjkjsd.es/constantfolder HTTP 301
https://www.wipjknat0hjkjsd.es/constantfolder/ Page URL
https://arcg.emlnk.com/lt.php?x=3DZy~GDFUITM6sJ80_I9WOdsAHRTjNQjk-5jXaI4JFWgE8Gtz0y.yOS-1X3zie~ykb HTTP 307
https://arcg.activehosted.com/lt.php?x=3DZy~GDFUITM6sJ80_I9WOdsAHRTjNQjk-5jXaI4JFWgE8Gtz0y.yOS-1X3zie~ykb HTTP 302
https://www.wipjknat0hjkjsd.es/transpondfolder?utm_source=ActiveCampaign&utm_medium=email&utm_content=Unlocking%20Potential%3A%20The%20Arc%20of%20Greensboro%20s%20Life-Changing%20Initiatives&utm_campaign=New%20Campaign1 HTTP 301
https://www.wipjknat0hjkjsd.es/transpondfolder/?utm_source=ActiveCampaign&utm_medium=email&utm_content=Unlocking%20Potential%3A%20The%20Arc%20of%20Greensboro%20s%20Life-Changing%20Initiatives&utm_campaign=New%20Campaign1 Page URL
https://www-view-synchronized-document-onedrive1-file8.s3.us-east-1.amazonaws.com/Sm6ZS4v28rnrWAGUfRR7bXf6ouLCfISU4uBXtJSjgeSUhwK96ZgNAMxKaA1NTDFPNEq9e6AJhpi5SlRmdWbrsIMYcYNNnVnrYfDEl2e4gUVDLX1AKhtmZSv4cZ8tv4iU1Q9hZ4L7nEUk6p4THkNltpGNdtzIBimXKHiHiyMNdI8jGVQUHolUOBmDWd9Ga2nHi8XywT9Z/ERedirect.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://www.wipjknat0hjkjsd.es/beehivefolder?utm_source=pauls-newsletter-2315e5.beehiiv.com&utm_medium=newsletter&utm_campaign=sales-now&_bhlid=95a5732d76b0d87e715a98a1f2ef6740013ce92e HTTP 301
https://www.wipjknat0hjkjsd.es/beehivefolder/?utm_source=pauls-newsletter-2315e5.beehiiv.com&utm_medium=newsletter&utm_campaign=sales-now&_bhlid=95a5732d76b0d87e715a98a1f2ef6740013ce92e

Request Chain 2

https://monmxrhbb.cc.rs6.net/tn.jsp?f=001OAOw9GFX54AFspRCQNvxEDo5W51URfnVb3hdF6OkLBmgJj6ev0JTcjb_MAUL6tDST1IEG0tHotPfKDkWsYjCsBDtd8KfLqY2TqFYlxTvybKcO8sxhJaHL5k_Vh2aTaswQC_4HGthNUNgUwvIcrwhH777IBjn4r4Tj456gwl9X1iMDsG_78wckQ==&c=JFFJTreNSBuSFsCgTHnXuXBzBJ5un5orS00FjxUgsNnBSxl19KIicA==&ch=WHfD9AMOSrBudjA6lTYUO4xMjguzz6nxaBGlQHsUPfNlzbb813D69g== HTTP 302
http://www.wipjknat0hjkjsd.es/constantfolder HTTP 307
https://www.wipjknat0hjkjsd.es/constantfolder HTTP 301
https://www.wipjknat0hjkjsd.es/constantfolder/

Request Chain 3

https://arcg.emlnk.com/lt.php?x=3DZy~GDFUITM6sJ80_I9WOdsAHRTjNQjk-5jXaI4JFWgE8Gtz0y.yOS-1X3zie~ykb HTTP 307
https://arcg.activehosted.com/lt.php?x=3DZy~GDFUITM6sJ80_I9WOdsAHRTjNQjk-5jXaI4JFWgE8Gtz0y.yOS-1X3zie~ykb HTTP 302
https://www.wipjknat0hjkjsd.es/transpondfolder?utm_source=ActiveCampaign&utm_medium=email&utm_content=Unlocking%20Potential%3A%20The%20Arc%20of%20Greensboro%20s%20Life-Changing%20Initiatives&utm_campaign=New%20Campaign1 HTTP 301
https://www.wipjknat0hjkjsd.es/transpondfolder/?utm_source=ActiveCampaign&utm_medium=email&utm_content=Unlocking%20Potential%3A%20The%20Arc%20of%20Greensboro%20s%20Life-Changing%20Initiatives&utm_campaign=New%20Campaign1

6 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	index.html Show response casenumber08093-newclient-settlement.s3.us-east-1.amazonaws.com/	888 B 1 KB	247ms 93ms	Document text/html	54.231.225.10 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://casenumber08093-newclient-settlement.s3.us-east-1.amazonaws.com/index.html Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 54.231.225.10 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-us-east-1-r-w.amazonaws.com Software AmazonS3 / Resource Hash `cc60baf082d286b1cda063336fa354393e56aa49b159dcdee4e89bf5c35eecb4` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers Accept-Ranges bytes Content-Length 888 Content-Type text/html Date Thu, 05 Dec 2024 23:49:20 GMT ETag "0e4cda937f51aa92a854eb0f9025a158" Last-Modified Fri, 22 Nov 2024 18:42:46 GMT Server AmazonS3 x-amz-id-2 hFpyyCRczrJk1yo6eYkewoGWP2jZ3WXMzyqfV6K5GaXnMzzphNHKjfQ0CyKtUKEDJyQ8qTUV69Q= x-amz-request-id 4SJCCP7ZP8D0K7BT x-amz-server-side-encryption AES256
GET H/1.1	200 OK	/ Show response www.wipjknat0hjkjsd.es/beehivefolder/ Redirect Chain https://www.wipjknat0hjkjsd.es/beehivefolder?utm_source=pauls-newsletter-2315e5.beehiiv.com&utm_medium=newsletter&utm_campaign=sales-now&_bhlid=95a5732d76b0d87e715a98a1f2ef6740013ce92e https://www.wipjknat0hjkjsd.es/beehivefolder/?utm_source=pauls-newsletter-2315e5.beehiiv.com&utm_medium=newsletter&utm_campaign=sales-now&_bhlid=95a5732d76b0d87e715a98a1f2ef6740013ce92e	1 KB 960 B	136ms 136ms	Document text/html	193.203.174.97 AS-HOSTINGER Host...
General Check archive.org Show headers Download Go to Full URL https://www.wipjknat0hjkjsd.es/beehivefolder/?utm_source=pauls-newsletter-2315e5.beehiiv.com&utm_medium=newsletter&utm_campaign=sales-now&_bhlid=95a5732d76b0d87e715a98a1f2ef6740013ce92e Requested by Host: casenumber08093-newclient-settlement.s3.us-east-1.amazonaws.com URL: https://casenumber08093-newclient-settlement.s3.us-east-1.amazonaws.com/index.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 193.203.174.97 São Paulo, Brazil, ASN47583 (AS-HOSTINGER Hostinger International Limited, CY), Reverse DNS srv637233.hstgr.cloud Software nginx/1.26.2 / Resource Hash `ee135c9fd78c3d4f1d3a94db480f6d26afcf88ad916d0f2eda65661986d251e3` Request headers Referer https://casenumber08093-newclient-settlement.s3.us-east-1.amazonaws.com/index.html Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=utf-8 Date Thu, 05 Dec 2024 23:49:20 GMT ETag W/"673df933-418" Last-Modified Wed, 20 Nov 2024 14:58:59 GMT Server nginx/1.26.2 Transfer-Encoding chunked Redirect headers Connection keep-alive Content-Length 169 Content-Type text/html Date Thu, 05 Dec 2024 23:49:20 GMT Location https://www.wipjknat0hjkjsd.es/beehivefolder/?utm_source=pauls-newsletter-2315e5.beehiiv.com&utm_medium=newsletter&utm_campaign=sales-now&_bhlid=95a5732d76b0d87e715a98a1f2ef6740013ce92e Server nginx/1.26.2
GET H/1.1	200 OK	/ Show response www.wipjknat0hjkjsd.es/constantfolder/ Redirect Chain https://monmxrhbb.cc.rs6.net/tn.jsp?f=001OAOw9GFX54AFspRCQNvxEDo5W51URfnVb3hdF6OkLBmgJj6ev0JTcjb_MAUL6tDST1IEG0tHotPfKDkWsYjCsBDtd8KfLqY2TqFYlxTvybKcO8sxhJaHL5k_Vh2aTaswQC_4HGthNUNgUwvIcrwhH777IBjn... http://www.wipjknat0hjkjsd.es/constantfolder https://www.wipjknat0hjkjsd.es/constantfolder https://www.wipjknat0hjkjsd.es/constantfolder/	802 B 756 B	135ms 135ms	Document text/html	193.203.174.97 AS-HOSTINGER Host...
General Check archive.org Show headers Download Go to Full URL https://www.wipjknat0hjkjsd.es/constantfolder/ Requested by Host: www.wipjknat0hjkjsd.es URL: https://www.wipjknat0hjkjsd.es/beehivefolder/?utm_source=pauls-newsletter-2315e5.beehiiv.com&utm_medium=newsletter&utm_campaign=sales-now&_bhlid=95a5732d76b0d87e715a98a1f2ef6740013ce92e Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 193.203.174.97 São Paulo, Brazil, ASN47583 (AS-HOSTINGER Hostinger International Limited, CY), Reverse DNS srv637233.hstgr.cloud Software nginx/1.26.2 / Resource Hash `800745f490acbaf9697415192b7a2b1bbaed679f64252d484e889d3a17fb0938` Request headers Referer https://www.wipjknat0hjkjsd.es/beehivefolder/?utm_source=pauls-newsletter-2315e5.beehiiv.com&utm_medium=newsletter&utm_campaign=sales-now&_bhlid=95a5732d76b0d87e715a98a1f2ef6740013ce92e Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=utf-8 Date Thu, 05 Dec 2024 23:49:21 GMT ETag W/"673e3167-322" Last-Modified Wed, 20 Nov 2024 18:58:47 GMT Server nginx/1.26.2 Transfer-Encoding chunked Redirect headers Connection keep-alive Content-Length 169 Content-Type text/html Date Thu, 05 Dec 2024 23:49:21 GMT Location https://www.wipjknat0hjkjsd.es/constantfolder/ Server nginx/1.26.2
GET H/1.1	200 OK	/ www.wipjknat0hjkjsd.es/transpondfolder/ Redirect Chain https://arcg.emlnk.com/lt.php?x=3DZy~GDFUITM6sJ80_I9WOdsAHRTjNQjk-5jXaI4JFWgE8Gtz0y.yOS-1X3zie~ykb https://arcg.activehosted.com/lt.php?x=3DZy~GDFUITM6sJ80_I9WOdsAHRTjNQjk-5jXaI4JFWgE8Gtz0y.yOS-1X3zie~ykb https://www.wipjknat0hjkjsd.es/transpondfolder?utm_source=ActiveCampaign&utm_medium=email&utm_content=Unlocking%20Potential%3A%20The%20Arc%20of%20Greensboro%20s%20Life-Changing%20Initiatives&utm_ca... https://www.wipjknat0hjkjsd.es/transpondfolder/?utm_source=ActiveCampaign&utm_medium=email&utm_content=Unlocking%20Potential%3A%20The%20Arc%20of%20Greensboro%20s%20Life-Changing%20Initiatives&utm_c...	1001 B 907 B	136ms 135ms	Document text/html	193.203.174.97 AS-HOSTINGER Host...
General Check archive.org Show headers Download Go to Full URL https://www.wipjknat0hjkjsd.es/transpondfolder/?utm_source=ActiveCampaign&utm_medium=email&utm_content=Unlocking%20Potential%3A%20The%20Arc%20of%20Greensboro%20s%20Life-Changing%20Initiatives&utm_campaign=New%20Campaign1 Requested by Host: www.wipjknat0hjkjsd.es URL: https://www.wipjknat0hjkjsd.es/constantfolder/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 193.203.174.97 São Paulo, Brazil, ASN47583 (AS-HOSTINGER Hostinger International Limited, CY), Reverse DNS srv637233.hstgr.cloud Software nginx/1.26.2 / Resource Hash Request headers Referer https://www.wipjknat0hjkjsd.es/constantfolder/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=utf-8 Date Thu, 05 Dec 2024 23:49:22 GMT ETag W/"673ddade-3e9" Last-Modified Wed, 20 Nov 2024 12:49:34 GMT Server nginx/1.26.2 Transfer-Encoding chunked Redirect headers Connection keep-alive Content-Length 169 Content-Type text/html Date Thu, 05 Dec 2024 23:49:22 GMT Location https://www.wipjknat0hjkjsd.es/transpondfolder/?utm_source=ActiveCampaign&utm_medium=email&utm_content=Unlocking%20Potential%3A%20The%20Arc%20of%20Greensboro%20s%20Life-Changing%20Initiatives&utm_campaign=New%20Campaign1 Server nginx/1.26.2
GET H/1.1	200 OK	Primary Request ERedirect.html Show response www-view-synchronized-document-onedrive1-file8.s3.us-east-1.amazonaws.com/Sm6ZS4v28rnrWAGUfRR7bXf6ouLCfISU4uBXtJSjgeSUhwK96ZgNAMxKaA1NTDFPNEq9e6AJhpi5SlRmdWbrsIMYcYNNnVnrYfDEl2e4gUVDLX1AKhtmZSv4cZ8...	12 KB 12 KB	382ms 112ms	Document text/html	3.5.12.148 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://www-view-synchronized-document-onedrive1-file8.s3.us-east-1.amazonaws.com/Sm6ZS4v28rnrWAGUfRR7bXf6ouLCfISU4uBXtJSjgeSUhwK96ZgNAMxKaA1NTDFPNEq9e6AJhpi5SlRmdWbrsIMYcYNNnVnrYfDEl2e4gUVDLX1AKhtmZSv4cZ8tv4iU1Q9hZ4L7nEUk6p4THkNltpGNdtzIBimXKHiHiyMNdI8jGVQUHolUOBmDWd9Ga2nHi8XywT9Z/ERedirect.html Requested by Host: www.wipjknat0hjkjsd.es URL: https://www.wipjknat0hjkjsd.es/transpondfolder/?utm_source=ActiveCampaign&utm_medium=email&utm_content=Unlocking%20Potential%3A%20The%20Arc%20of%20Greensboro%20s%20Life-Changing%20Initiatives&utm_campaign=New%20Campaign1 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 3.5.12.148 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS s3-r-w.us-east-1.amazonaws.com Software AmazonS3 / Resource Hash `157ee077054536e5c834eb9ba83d293f79ed1e408fa09292e52ed368bc4c351e` Request headers Referer https://www.wipjknat0hjkjsd.es/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers Accept-Ranges bytes Content-Length 11891 Content-Type text/html Date Thu, 05 Dec 2024 23:49:23 GMT ETag "4247401a4902c5831df4640dd0771d49" Last-Modified Tue, 26 Nov 2024 15:12:48 GMT Server AmazonS3 x-amz-id-2 ceQJ9dtrFNHZGVBP8EA3xe+1BXTGTjecGicem8WoNqBs0+VC7Y3kfyRtYHjTyc5kU5QeKOMqoBW28uutcSyuIEYQGR1DA02sqo2ovjttd0Y= x-amz-request-id M4SYK2NZN8S56N2Q x-amz-server-side-encryption AES256
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ff0407d4ec832e14fba9171bc288d0c481c956af888cba44382d147c0dbae6f9` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png
GET H/1.1	403 Forbidden	favicon.ico www-view-synchronized-document-onedrive1-file8.s3.us-east-1.amazonaws.com/	275 B 585 B	66ms 66ms	Other application/xml	3.5.12.148 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://www-view-synchronized-document-onedrive1-file8.s3.us-east-1.amazonaws.com/favicon.ico Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 3.5.12.148 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS s3-r-w.us-east-1.amazonaws.com Software AmazonS3 / Resource Hash `6b34a377b7e1c6c9f3b2105bd1be9d4e7c49060fdf25b36e23e8772343abdbc9` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www-view-synchronized-document-onedrive1-file8.s3.us-east-1.amazonaws.com/Sm6ZS4v28rnrWAGUfRR7bXf6ouLCfISU4uBXtJSjgeSUhwK96ZgNAMxKaA1NTDFPNEq9e6AJhpi5SlRmdWbrsIMYcYNNnVnrYfDEl2e4gUVDLX1AKhtmZSv4cZ8tv4iU1Q9hZ4L7nEUk6p4THkNltpGNdtzIBimXKHiHiyMNdI8jGVQUHolUOBmDWd9Ga2nHi8XywT9Z/ERedirect.html Response headers Transfer-Encoding chunked x-amz-request-id M4SWDR9NWBXA2DG5 Date Thu, 05 Dec 2024 23:49:22 GMT Content-Type application/xml Server AmazonS3 x-amz-id-2 RAZ/KQjvRJybHbR0qybhdAVnPXxJ0cbvgwTcz+roX3iF70gQhpmlMpeLTkk2W9In+NMaxrUyptJth0hTM3pZQz+qNltVimu4basmEpnWBOM=

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| fetchEmailList function| continueLoading function| validateEmail function| fetchRandomWiki

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
arcg.activehosted.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 92a698adc476fde4a935e58b1fc99878
.arcg.activehosted.com/	1970-01-21 02:13:54	Name: cmp613185946 Value: c3e7e72410451ad7598e0bd504c8ad13
.activehosted.com/	1970-01-21 01:30:44	Name: __cf_bm Value: jVOommvtJokHzhZpT4yYZTjo4J.kGod65OijHFO18ZY-1733442562-1.0.1.1-TZ0MDKylbyke5HxY.Ye3MMowJPsWXU._rIgKYDE7NURwMfDJHWaBZ6bq4CSJTNWU3UybZFWZ86_o8MlWvJaNog

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www-view-synchronized-document-onedrive1-file8.s3.us-east-1.amazonaws.com/favicon.ico Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

arcg.activehosted.com
arcg.emlnk.com
casenumber08093-newclient-settlement.s3.us-east-1.amazonaws.com
monmxrhbb.cc.rs6.net
www-view-synchronized-document-onedrive1-file8.s3.us-east-1.amazonaws.com
www.wipjknat0hjkjsd.es
193.203.174.97
208.75.122.11
2606:4700::6811:ce1f
3.5.12.148
54.231.225.10
54.235.205.181
157ee077054536e5c834eb9ba83d293f79ed1e408fa09292e52ed368bc4c351e
6b34a377b7e1c6c9f3b2105bd1be9d4e7c49060fdf25b36e23e8772343abdbc9
800745f490acbaf9697415192b7a2b1bbaed679f64252d484e889d3a17fb0938
cc60baf082d286b1cda063336fa354393e56aa49b159dcdee4e89bf5c35eecb4
ee135c9fd78c3d4f1d3a94db480f6d26afcf88ad916d0f2eda65661986d251e3
ff0407d4ec832e14fba9171bc288d0c481c956af888cba44382d147c0dbae6f9

www-view-synchronized-document-onedrive1-file8.s3.us-east-1.amazonaws.com Open in urlscan Pro 3.5.12.148 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

6 Requests

100 %HTTPS

17 %IPv6

5 Domains

6 Subdomains

4 IPs

2 Countries

16 kBTransfer

20 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

3 Cookies

1 Console Messages

Indicators

www-view-synchronized-document-onedrive1-file8.s3.us-east-1.amazonaws.com Open in urlscan Pro
3.5.12.148 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

17 %
IPv6

5
Domains

6
Subdomains

4
IPs

2
Countries

16 kB
Transfer

20 kB
Size

3
Cookies

6 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!