urlscan.io logo urlscan.io
SecurityTrails logo

homefile.archive.us-east-1.oortech.com Open in urlscan Pro
170.106.201.213  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://shoutout.wix.com/so/81P6fxSL4/c?w=ghIcpH_fg1bfdHPZs_v8C56CrbYCVEwaGndTisXeTP4.eyJ1IjoiaHR0cHM6Ly96aWd6YWctY2F0a2l...
Effective URL: https://homefile.archive.us-east-1.oortech.com/dobe?signature=8cbbf8b48fa92625966bc6210ca77e00e95e8dc13289375ff061bd73a353d6b61afccae2c0c2e17fb...
Submission: On September 02 via manual from TW — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 6 domains to perform 6 HTTP transactions. The main IP is 170.106.201.213, located in Ashburn, United States and belongs to TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN. The main domain is homefile.archive.us-east-1.oortech.com.
TLS certificate: Issued by TrustAsia RSA DV TLS CA G2 on March 28th 2024. Valid for: a year.
This is the only time homefile.archive.us-east-1.oortech.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Excel / PDF download (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 34.149.206.255 396982 (GOOGLE-CL...)
1 3.213.155.102 14618 (AMAZON-AES)
1 170.106.201.213 132203 (TENCENT-N...)
2 151.101.194.132 54113 (FASTLY)
1 2a04:4e42:200... 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
6 5
1    34.149.206.255 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 255.206.149.34.bc.googleusercontent.com
shoutout.wix.com
1    3.213.155.102 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-213-155-102.compute-1.amazonaws.com
zigzag-catkin-fossa.glitch.me
1    170.106.201.213 (Ashburn, United States)

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)
homefile.archive.us-east-1.oortech.com
2    151.101.194.132 (San Francisco, United States)

ASN54113 (FASTLY, US)
cdn.glitch.global
1    2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
1    2a00:1450:4001:81d::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
firebasestorage.googleapis.com
Apex Domain
Subdomains		 Transfer
2 glitch.global
cdn.glitch.global — Cisco Umbrella Rank: 432012
175 KB
1 googleapis.com
firebasestorage.googleapis.com — Cisco Umbrella Rank: 6369
118 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 1211
31 KB
1 oortech.com
homefile.archive.us-east-1.oortech.com
3 KB
1 glitch.me
zigzag-catkin-fossa.glitch.me
1 KB
1 wix.com
shoutout.wix.com — Cisco Umbrella Rank: 187530
539 B
6 6
Domain Requested by
2 cdn.glitch.global homefile.archive.us-east-1.oortech.com
1 firebasestorage.googleapis.com homefile.archive.us-east-1.oortech.com
1 code.jquery.com homefile.archive.us-east-1.oortech.com
1 homefile.archive.us-east-1.oortech.com zigzag-catkin-fossa.glitch.me
1 zigzag-catkin-fossa.glitch.me
1 shoutout.wix.com 1 redirects
6 6

This site contains no links.

Subject Issuer Validity Valid
glitch.com
Amazon RSA 2048 M03		 2023-12-04 -
2025-01-01		 a year crt.sh
*.archive.us-east-1.oortech.com
TrustAsia RSA DV TLS CA G2		 2024-03-28 -
2025-03-28		 a year crt.sh
cdn.glitch.global
R11		 2024-07-29 -
2024-10-27		 3 months crt.sh
*.jquery.com
Sectigo ECC Domain Validation Secure Server CA		 2024-06-25 -
2025-06-25		 a year crt.sh
upload.video.google.com
WR2		 2024-08-05 -
2024-10-28		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://homefile.archive.us-east-1.oortech.com/dobe?signature=8cbbf8b48fa92625966bc6210ca77e00e95e8dc13289375ff061bd73a353d6b61afccae2c0c2e17fbdfe10bfb1b886df6bb422e4524cb20ae21f922f5d43740597109cbae50c61ee42f7be3468c699796f3953801031d75d3605a193a2eb2996&provider=2
Frame ID: BE22F09519B00358015FF00B8771453F
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

PDF ONLINE DOCUMENT

Page URL History Show full URLs

  1. https://shoutout.wix.com/so/81P6fxSL4/c?w=ghIcpH_fg1bfdHPZs_v8C56CrbYCVEwaGndTisXeTP4.eyJ1IjoiaHR0cHM... HTTP 302
    https://zigzag-catkin-fossa.glitch.me/ Page URL
  2. https://homefile.archive.us-east-1.oortech.com/dobe?signature=8cbbf8b48fa92625966bc6210ca77e00e95e8dc13289375ff061bd73a353d... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

6
Requests

100 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

5
IPs

2
Countries

327 kB
Transfer

563 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://shoutout.wix.com/so/81P6fxSL4/c?w=ghIcpH_fg1bfdHPZs_v8C56CrbYCVEwaGndTisXeTP4.eyJ1IjoiaHR0cHM6Ly96aWd6YWctY2F0a2luLWZvc3NhLmdsaXRjaC5tZS8iLCJyIjoiMmMzZTU3MWUtN2I0Yi00NGMyLWE3YjAtNDU1MzA0M2M2M2IwIiwibSI6Im1haWwiLCJjIjoiMzUxNmRmM2EtZWE1OS00YTYwLWFkYzYtZjgxZGVmMjA0OTcyIn0 HTTP 302
    https://zigzag-catkin-fossa.glitch.me/ Page URL
  2. https://homefile.archive.us-east-1.oortech.com/dobe?signature=8cbbf8b48fa92625966bc6210ca77e00e95e8dc13289375ff061bd73a353d6b61afccae2c0c2e17fbdfe10bfb1b886df6bb422e4524cb20ae21f922f5d43740597109cbae50c61ee42f7be3468c699796f3953801031d75d3605a193a2eb2996&provider=2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://shoutout.wix.com/so/81P6fxSL4/c?w=ghIcpH_fg1bfdHPZs_v8C56CrbYCVEwaGndTisXeTP4.eyJ1IjoiaHR0cHM6Ly96aWd6YWctY2F0a2luLWZvc3NhLmdsaXRjaC5tZS8iLCJyIjoiMmMzZTU3MWUtN2I0Yi00NGMyLWE3YjAtNDU1MzA0M2M2M2IwIiwibSI6Im1haWwiLCJjIjoiMzUxNmRmM2EtZWE1OS00YTYwLWFkYzYtZjgxZGVmMjA0OTcyIn0 HTTP 302
  • https://zigzag-catkin-fossa.glitch.me/

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
zigzag-catkin-fossa.glitch.me/
Redirect Chain
  • https://shoutout.wix.com/so/81P6fxSL4/c?w=ghIcpH_fg1bfdHPZs_v8C56CrbYCVEwaGndTisXeTP4.eyJ1IjoiaHR0cHM6Ly96aWd6YWctY2F0a2luLWZvc3NhLmdsaXRjaC5tZS8iLCJyIjoiMmMzZTU3MWUtN2I0Yi00NGMyLWE3YjAtNDU1MzA0M2M...
  • https://zigzag-catkin-fossa.glitch.me/
637 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://zigzag-catkin-fossa.glitch.me/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.213.155.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-213-155-102.compute-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
f5e1f966fab28c822e4e55f9e4e07e35e31ed8ec5cf71b8e93ef9ed86d270bb8

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
no-cache
content-length
637
content-type
text/html; charset=utf-8
date
Mon, 02 Sep 2024 06:15:56 GMT
etag
"5e72528843b92a9e7c573c47b431f7ce"
last-modified
Sat, 31 Aug 2024 19:38:46 GMT
server
AmazonS3
x-amz-id-2
kAaKXHJxcWBIP6Mh38MK7Uaqa33FdlfVjCuFseUJBYte3BZUTRGkKEPmDLS+tvYtgyjUFJ64g/H+G+eblpofYU6103qCeuF9Hryg3SiZV5E=
x-amz-request-id
3AR9QYPSX3S892BM
x-amz-server-side-encryption
AES256
x-amz-version-id
MN3pOoVyzwgYd7hChxM1iYqbWf985aQs

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Mon, 02 Sep 2024 06:15:56 GMT
glb-x-seen-by
wMMTADooq5AJ3cFomJ/MuXOQWGce7NCZXKms1ErOpBs=
location
https://zigzag-catkin-fossa.glitch.me/
server
Pepyaka
strict-transport-security
max-age=120 ; includeSubDomains
via
1.1 google
x-content-type-options
nosniff
x-seen-by
GilIRCy+Ky2nI9KZaDKzWLxkNjrXdwdgtu6E0yACibU=,m0j2EEknGIVUW/liY8BLLri/BwsiR+LDCdOaKs09HDaWWveFEnegpnkLxzZh8fhS,qYxvFa0bBL43z6b6TutC4V1gynT9UB3X4jaQ83HbeuZEQfi00LSS7LJu7sdkoLsD3vVVcuXFyiDbcjHfqUW3cA==,r6yY0ta7bIKrqK70x072lbtN3PAZCJewpfN2Sf2LkPQ=
x-wix-request-id
1725257756.14269751349446130620
Primary Request dobe
homefile.archive.us-east-1.oortech.com/ 		10 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://homefile.archive.us-east-1.oortech.com/dobe?signature=8cbbf8b48fa92625966bc6210ca77e00e95e8dc13289375ff061bd73a353d6b61afccae2c0c2e17fbdfe10bfb1b886df6bb422e4524cb20ae21f922f5d43740597109cbae50c61ee42f7be3468c699796f3953801031d75d3605a193a2eb2996&provider=2
Requested by
Host: zigzag-catkin-fossa.glitch.me
URL: https://zigzag-catkin-fossa.glitch.me/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.106.201.213 Ashburn, United States, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
dfe39e44bbc72df109405c1336a7226623fe4582f4c222553c70c74faab54571
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://zigzag-catkin-fossa.glitch.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Authorization, Content-Length, X-CSRF-Token, token, session, Accept, Origin, Host, Connection, Accept-Encoding, Accept-Language, DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH,HEAD,CONNECT,OPTIONS,TRACE
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Methods, Access-Control-Allow-Headers, Content-Type, token, refresh_token
access-control-max-age
3628800
content-disposition
inline; filename="dobe"
content-encoding
gzip
content-type
text/html
date
Mon, 02 Sep 2024 06:15:57 GMT
last-modified
Wed, 28 Aug 2024 14:11:48 GMT
server
nginx/1.18.0 (Ubuntu)
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
pdf-logo.png
cdn.glitch.global/30e3fd15-1595-4f62-8949-4a92dad3c744/ 		174 KB
175 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.glitch.global/30e3fd15-1595-4f62-8949-4a92dad3c744/pdf-logo.png?v=1703176079035
Requested by
Host: homefile.archive.us-east-1.oortech.com
URL: https://homefile.archive.us-east-1.oortech.com/dobe?signature=8cbbf8b48fa92625966bc6210ca77e00e95e8dc13289375ff061bd73a353d6b61afccae2c0c2e17fbdfe10bfb1b886df6bb422e4524cb20ae21f922f5d43740597109cbae50c61ee42f7be3468c699796f3953801031d75d3605a193a2eb2996&provider=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
288025fbee50a4305bbf24a0b43e82af28300f5087b7adc93e21d111354a7327
Security Headers
Name Value
Content-Security-Policy script-src 'none'

Request headers

Referer
https://homefile.archive.us-east-1.oortech.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
script-src 'none'
via
1.1 varnish, 1.1 varnish
date
Mon, 02 Sep 2024 06:15:57 GMT
x-amz-request-id
8V9GHD81KGCYVWYB
age
2336394
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
178166
x-amz-id-2
UvIEayyNbV8hXfHtj2olZxoPkgj9ompUWKk+nCqcJAHIFrcns9MYHk79E5lQNCQBJHcm4PqH454=
x-served-by
cache-iad-kiad7000134-IAD, cache-fra-etou8220110-FRA
last-modified
Thu, 21 Dec 2023 16:27:58 GMT
server
AmazonS3
x-timer
S1725257757.272599,VS0,VE1
etag
"2be243eaa597e9442b712456427c25d2"
access-control-allow-methods
GET, HEAD, POST
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-cache-hits
2, 1
jquery-3.6.0.min.js
code.jquery.com/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.6.0.min.js
Requested by
Host: homefile.archive.us-east-1.oortech.com
URL: https://homefile.archive.us-east-1.oortech.com/dobe?signature=8cbbf8b48fa92625966bc6210ca77e00e95e8dc13289375ff061bd73a353d6b61afccae2c0c2e17fbdfe10bfb1b886df6bb422e4524cb20ae21f922f5d43740597109cbae50c61ee42f7be3468c699796f3953801031d75d3605a193a2eb2996&provider=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer
https://homefile.archive.us-east-1.oortech.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 02 Sep 2024 06:15:57 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
3275503
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
content-length
30875
x-served-by
cache-lga21931-LGA, cache-fra-etou8220130-FRA
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1725257757.244649,VS0,VE0
etag
W/"28feccc0-15d9d"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
8, 1326904
Adobe.png
firebasestorage.googleapis.com/v0/b/png-images-481bb.appspot.com/o/ 		117 KB
118 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://firebasestorage.googleapis.com/v0/b/png-images-481bb.appspot.com/o/Adobe.png?alt=media&token=a3813f1f-169a-48a6-8172-22d091f87e7c
Requested by
Host: homefile.archive.us-east-1.oortech.com
URL: https://homefile.archive.us-east-1.oortech.com/dobe?signature=8cbbf8b48fa92625966bc6210ca77e00e95e8dc13289375ff061bd73a353d6b61afccae2c0c2e17fbdfe10bfb1b886df6bb422e4524cb20ae21f922f5d43740597109cbae50c61ee42f7be3468c699796f3953801031d75d3605a193a2eb2996&provider=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
c6a474bcc89bf85d1ccaa821fb3d9c8fca16b18a6a5ba8d217c4e3166dec80e1

Request headers

Referer
https://homefile.archive.us-east-1.oortech.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 02 Sep 2024 06:15:57 GMT
x-guploader-uploadid
AD-8ljuI33DzvFOeVvumzGMPfZps84-gTsGVg-fAY7n-B2R8brly7OpBr_UhkerTt4j-Da75FfJV1tdaqA
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''Adobe.png
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
119844
last-modified
Wed, 10 Apr 2024 11:51:57 GMT
server
UploadServer
etag
"c657d7e769a257c2ed86980292fe4ddc"
x-goog-generation
1712749917474086
content-type
image/png
x-goog-hash
crc32c=sw/mPA==, md5=xlfX52miV8LthpgCkv5N3A==
cache-control
private, max-age=0
x-goog-stored-content-length
119844
x-goog-meta-firebasestoragedownloadtokens
a3813f1f-169a-48a6-8172-22d091f87e7c
accept-ranges
bytes
expires
Mon, 02 Sep 2024 06:15:57 GMT
pdf-logo.png
cdn.glitch.global/30e3fd15-1595-4f62-8949-4a92dad3c744/ 		174 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.glitch.global/30e3fd15-1595-4f62-8949-4a92dad3c744/pdf-logo.png?v=1703176079035
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
288025fbee50a4305bbf24a0b43e82af28300f5087b7adc93e21d111354a7327
Security Headers
Name Value
Content-Security-Policy script-src 'none'

Request headers

Referer
https://homefile.archive.us-east-1.oortech.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
script-src 'none'
via
1.1 varnish, 1.1 varnish
date
Mon, 02 Sep 2024 06:15:57 GMT
x-amz-request-id
8V9GHD81KGCYVWYB
age
2336394
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
178166
x-amz-id-2
UvIEayyNbV8hXfHtj2olZxoPkgj9ompUWKk+nCqcJAHIFrcns9MYHk79E5lQNCQBJHcm4PqH454=
x-served-by
cache-iad-kiad7000134-IAD, cache-fra-etou8220110-FRA
last-modified
Thu, 21 Dec 2023 16:27:58 GMT
server
AmazonS3
x-timer
S1725257757.272599,VS0,VE1
etag
"2be243eaa597e9442b712456427c25d2"
access-control-allow-methods
GET, HEAD, POST
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-cache-hits
2, 1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Excel / PDF download (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

1 Cookies

Domain/Path Name / Value
.wix.com/ Name: XSRF-TOKEN
Value: 1725257756|ZGf6jeC6RZmT

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://homefile.archive.us-east-1.oortech.com/dobe?signature=8cbbf8b48fa92625966bc6210ca77e00e95e8dc13289375ff061bd73a353d6b61afccae2c0c2e17fbdfe10bfb1b886df6bb422e4524cb20ae21f922f5d43740597109cbae50c61ee42f7be3468c699796f3953801031d75d3605a193a2eb2996&provider=2#x
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o