urlscan.io logo urlscan.io
SecurityTrails logo

adobe-secured-document.s3.us-central-1.ionoscloud.com Open in urlscan Pro
74.208.241.158  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://semi-zcmp.maillist-manage.com/click/1135bbcb61f831320/1135bbcb61f830b86#l.lembo%40inail.it
Effective URL: https://adobe-secured-document.s3.us-central-1.ionoscloud.com/adobe-pdf.html
Submission Tags: falconsandbox
Submission: On January 09 via api from US — Scanned from PL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 5 HTTP transactions. The main IP is 74.208.241.158, located in United States and belongs to IONOS-AS IONOS SE, DE. The main domain is adobe-secured-document.s3.us-central-1.ionoscloud.com.
TLS certificate: Issued by GeoTrust TLS RSA CA G1 on November 28th 2024. Valid for: a year.
This is the only time adobe-secured-document.s3.us-central-1.ionoscloud.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Adobe (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 136.143.190.68 2639 (ZOHO-AS)
1 74.208.241.158 8560 (IONOS-AS ...)
1 142.250.185.234 15169 (GOOGLE)
2 142.250.184.234 15169 (GOOGLE)
1 88.221.123.98 20940 (AKAMAI-AS...)
5 5
1    136.143.190.68 (United States)

ASN2639 (ZOHO-AS, US)
semi-zcmp.maillist-manage.com
1    74.208.241.158 (United States)

ASN8560 (IONOS-AS IONOS SE, DE)
PTR: s3.us-central-1.ionos.cloud
adobe-secured-document.s3.us-central-1.ionoscloud.com
1    142.250.185.234 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f10.1e100.net
ajax.googleapis.com
2    142.250.184.234 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f10.1e100.net
firebasestorage.googleapis.com
1    88.221.123.98 (Hamburg, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a88-221-123-98.deploy.static.akamaitechnologies.com
get.adobe.com
Apex Domain
Subdomains		 Transfer
3 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 415
firebasestorage.googleapis.com — Cisco Umbrella Rank: 7004
879 KB
1 adobe.com
get.adobe.com — Cisco Umbrella Rank: 33166
630 B
1 ionoscloud.com
adobe-secured-document.s3.us-central-1.ionoscloud.com
16 KB
1 maillist-manage.com
semi-zcmp.maillist-manage.com
736 B
5 4
Domain Requested by
2 firebasestorage.googleapis.com adobe-secured-document.s3.us-central-1.ionoscloud.com
1 get.adobe.com
1 ajax.googleapis.com adobe-secured-document.s3.us-central-1.ionoscloud.com
1 adobe-secured-document.s3.us-central-1.ionoscloud.com
1 semi-zcmp.maillist-manage.com 1 redirects
5 5

This site contains no links.

Subject Issuer Validity Valid
s3.us-central-1.ionoscloud.com
GeoTrust TLS RSA CA G1		 2024-11-28 -
2025-12-02		 a year crt.sh
upload.video.google.com
WR2		 2024-12-09 -
2025-03-03		 3 months crt.sh
static.adobesigncdn.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-09-24 -
2025-10-25		 a year crt.sh

This page contains 1 frames:

Primary Page: https://adobe-secured-document.s3.us-central-1.ionoscloud.com/adobe-pdf.html
Frame ID: 4FE455468458C0E95E86266A06D6D22A
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Adobe Acrobat - Protected PDF

Page URL History Show full URLs

  1. https://semi-zcmp.maillist-manage.com/click/1135bbcb61f831320/1135bbcb61f830b86 HTTP 302
    https://adobe-secured-document.s3.us-central-1.ionoscloud.com/adobe-pdf.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

896 kB
Transfer

960 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://semi-zcmp.maillist-manage.com/click/1135bbcb61f831320/1135bbcb61f830b86 HTTP 302
    https://adobe-secured-document.s3.us-central-1.ionoscloud.com/adobe-pdf.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request adobe-pdf.html
adobe-secured-document.s3.us-central-1.ionoscloud.com/
Redirect Chain
  • https://semi-zcmp.maillist-manage.com/click/1135bbcb61f831320/1135bbcb61f830b86
  • https://adobe-secured-document.s3.us-central-1.ionoscloud.com/adobe-pdf.html
16 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://adobe-secured-document.s3.us-central-1.ionoscloud.com/adobe-pdf.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
74.208.241.158 , United States, ASN8560 (IONOS-AS IONOS SE, DE),
Reverse DNS
s3.us-central-1.ionos.cloud
Software
/
Resource Hash
7692ac5c23ca888b7c34b296789e31d1265119b135819a9146957f6f57b096ad

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-length
16617
content-type
text/html
date
Thu, 09 Jan 2025 13:15:45 GMT
etag
"396f268df091782718ad0d84c5c7c2fb"
last-modified
Thu, 09 Jan 2025 10:44:47 GMT
x-amz-request-id
tx00000b440af42b464b873-00677fcc01-6468-us-central-1
x-rgw-object-type
Normal

Redirect headers

Cache-Control
private,no-cache,no-store,max-age=0,must-revalidate
Connection
keep-alive
Content-Length
0
Date
Thu, 09 Jan 2025 13:15:44 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://adobe-secured-document.s3.us-central-1.ionoscloud.com/adobe-pdf.html
Pragma
no-cache
Server
ZGS
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
Requested by
Host: adobe-secured-document.s3.us-central-1.ionoscloud.com
URL: https://adobe-secured-document.s3.us-central-1.ionoscloud.com/adobe-pdf.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.234 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f10.1e100.net
Software
sffe /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://adobe-secured-document.s3.us-central-1.ionoscloud.com/

Response headers

content-encoding
gzip
age
166295
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options
nosniff
expires
Wed, 07 Jan 2026 15:04:10 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 07 Jan 2025 15:04:10 GMT
last-modified
Wed, 10 Mar 2021 14:28:09 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges
bytes
access-control-allow-origin
*
content-length
31017
x-xss-protection
0
server
sffe
adobe-pdf-icon-logo-png-transparent.png
firebasestorage.googleapis.com/v0/b/dankymaky564.appspot.com/o/ 		329 KB
329 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://firebasestorage.googleapis.com/v0/b/dankymaky564.appspot.com/o/adobe-pdf-icon-logo-png-transparent.png?alt=media&token=3305230d-3feb-48ae-87e5-8444d2908305
Requested by
Host: adobe-secured-document.s3.us-central-1.ionoscloud.com
URL: https://adobe-secured-document.s3.us-central-1.ionoscloud.com/adobe-pdf.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.234 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f10.1e100.net
Software
UploadServer /
Resource Hash
35d6b5ff288bb35acdf34369164428e02a6898c7f662da4fc86d9208f6edd0e8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://adobe-secured-document.s3.us-central-1.ionoscloud.com/

Response headers

x-goog-metageneration
1
x-goog-hash
crc32c=8vt9HA==, md5=/Rf8D3pchC5Yyo0+PChjQw==
etag
"fd17fc0f7a5c842e58ca8d3e3c286343"
x-goog-stored-content-encoding
identity
expires
Thu, 09 Jan 2025 13:15:45 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
336595
date
Thu, 09 Jan 2025 13:15:45 GMT
last-modified
Mon, 03 Jul 2023 00:09:49 GMT
content-type
image/png
content-disposition
inline; filename*=utf-8''adobe-pdf-icon-logo-png-transparent.png
x-guploader-uploadid
AFiumC4IGr9XJC8B2rUZ4EjRjbQXtslouXmiau9m_-DAPB5UydEYMosivsjddKEdY2wNiT16
cache-control
private, max-age=0
x-goog-storage-class
STANDARD
x-goog-meta-firebasestoragedownloadtokens
3305230d-3feb-48ae-87e5-8444d2908305
accept-ranges
bytes
x-goog-generation
1688342989369696
content-length
336595
server
UploadServer
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
37fea8aee232ca033a84f5f7cda0eb8acee05583965cf2a461f3b7269f53e387

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/gif
pdf-bck.png
firebasestorage.googleapis.com/v0/b/gippsy7363hd.appspot.com/o/ 		518 KB
518 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://firebasestorage.googleapis.com/v0/b/gippsy7363hd.appspot.com/o/pdf-bck.png?alt=media&token=5d9c87d0-c19d-4da8-a107-3f58cd942255
Requested by
Host: adobe-secured-document.s3.us-central-1.ionoscloud.com
URL: https://adobe-secured-document.s3.us-central-1.ionoscloud.com/adobe-pdf.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.234 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f10.1e100.net
Software
UploadServer /
Resource Hash
865ac420993508f0aa2dcf8520acfc9781ec6db7e17626b431939ccbdbb26eb9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://adobe-secured-document.s3.us-central-1.ionoscloud.com/

Response headers

x-goog-metageneration
1
x-goog-hash
crc32c=gVrRHw==, md5=cOhDrQ657FiDyhszBz5f7A==
etag
"70e843ad0eb9ec5883ca1b33073e5fec"
x-goog-stored-content-encoding
identity
expires
Thu, 09 Jan 2025 13:15:46 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
530153
date
Thu, 09 Jan 2025 13:15:46 GMT
last-modified
Sun, 02 Jul 2023 18:51:03 GMT
content-type
image/png
content-disposition
inline; filename*=utf-8''pdf-bck.png
x-guploader-uploadid
AFiumC5bxZPQzLUF4j5QAfh_IGUzYqjy0zAvGZwcygZOUntMoScD6zwOGaFM-GCtdnKCiQgZp5S1Vd4
cache-control
private, max-age=0
x-goog-storage-class
STANDARD
x-goog-meta-firebasestoragedownloadtokens
5d9c87d0-c19d-4da8-a107-3f58cd942255
accept-ranges
bytes
x-goog-generation
1688323863256501
content-length
530153
server
UploadServer
favicon.ico
get.adobe.com/reader/ 		1 KB
630 B 		Other
General
Check archive.org
Download Go to
Full URL
https://get.adobe.com/reader/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
88.221.123.98 Hamburg, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a88-221-123-98.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
90ec5c8671f547923a0226440dbc6369241c50eec5502667cb5e33147da4989d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://adobe-secured-document.s3.us-central-1.ionoscloud.com/

Response headers

access-control-allow-headers
*
access-control-max-age
86400
cache-control
max-age=60, must-revalidate
content-encoding
gzip
etag
"e0cb5ace796001f171591c1400666aa3"
access-control-allow-credentials
false
access-control-allow-methods
GET,HEAD,OPTIONS
accept-ranges
bytes
access-control-allow-origin
*
content-length
309
date
Thu, 09 Jan 2025 13:15:47 GMT
last-modified
Wed, 20 Nov 2024 09:32:19 GMT
content-type
image/vnd.microsoft.icon
vary
Accept-Encoding
x-amz-server-side-encryption
AES256

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Adobe (Consumer)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

3 Cookies

Domain/Path Name / Value
semi-zcmp.maillist-manage.com/ Name: zalb_c72887300d
Value: bc8a164127ae0588ecb5d0b57b5fb0ca
semi-zcmp.maillist-manage.com/ Name: ZCAMPAIGN_CSRF_TOKEN
Value: 29e5fa6b-7184-4b9d-8d80-e7a26c4d75ba
semi-zcmp.maillist-manage.com/ Name: _zcsr_tmp
Value: 29e5fa6b-7184-4b9d-8d80-e7a26c4d75ba

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://adobe-secured-document.s3.us-central-1.ionoscloud.com/adobe-pdf.html#l.lembo%40inail.it
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o