urlscan.io logo urlscan.io
SecurityTrails logo

p20.zdusercontent.com Open in urlscan Pro
54.213.203.82  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://p20.zdusercontent.com/attachment/387804/jsBvNcgFVs4ELgPF4okoU1R3T?token=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In...
Effective URL: https://p20.zdusercontent.com/attachment/387804/jsBvNcgFVs4ELgPF4okoU1R3T?token=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In...
Submission: On November 05 via automatic, source urlhaus
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 1 HTTP transactions. The main IP is 54.213.203.82, located in Boardman, United States and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is p20.zdusercontent.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on April 28th 2018. Valid for: 2 years.
This is the only time p20.zdusercontent.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

Inv_No_374112.doc 84 KB application/msword
MIME: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Xavier-PC, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Mon Nov 5 17:18:00 2018, Last Saved Time/Date: Mon Nov 5 17:18:00 2018, Number of Pages: 1, Number of Words: 2, Number of Characters: 13, Security: 0

Domain & IP information

IP Address AS Autonomous System
1 2 54.213.203.82 16509 (AMAZON-02)
1 1 104.16.52.111 13335 (CLOUDFLAR...)
1 1
Apex Domain
Subdomains		 Transfer
2 zdusercontent.com
p20.zdusercontent.com
1 KB
1 zendesk.com
celgene.zendesk.com
1 KB
1 2
Domain Requested by
2 p20.zdusercontent.com 1 redirects
1 celgene.zendesk.com 1 redirects
1 2

This site contains no links.

Subject Issuer Validity Valid
*.zdusercontent.com
COMODO RSA Domain Validation Secure Server CA		 2018-04-28 -
2020-04-27		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://p20.zdusercontent.com/attachment/387804/jsBvNcgFVs4ELgPF4okoU1R3T?token=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..-nVplzjgdeMPPpvtLUiGLg.VOKwHUKcwbeEM7zCvnCDuZ1a1UMkXxwNu5AUhXMU2-zZKV-BjC4XuBEbjqvG4r-d-9HJ0l1szalVYuU5E5PmfAN00x-Vx-WHXWXeYLb6_69xpRuxDPlWsVqK9aBRx-ZjCSAndQmbmM4v1pcmECoKEM8MyQZMugHY8N0hJySEv1s-Y19KyiMnDZ4mg0BI35Yrer-ykNlEAg_Oh1vP4gbipd175lSoOKgNunwnNxWBl9YRraNBlupYl3Px-963DOZ9MQPSvVlsBEFc-z7p0TZEgQ.11q6eq4GlgeqCdiMtWvxuA
Frame ID: 54742B03D8675C2FC834C17B636D2B07
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

1
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set jsBvNcgFVs4ELgPF4okoU1R3T
p20.zdusercontent.com/attachment/387804/
Redirect Chain
  • https://p20.zdusercontent.com/attachment/387804/jsBvNcgFVs4ELgPF4okoU1R3T?token=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..rhkSMKwbDZir8qRUoeDNzw.Hegu7Id0SguSiv7q8d8Vd-XC7wLW6Y7DsVmpyj_diToLy...
  • https://celgene.zendesk.com/attachments/token/jsBvNcgFVs4ELgPF4okoU1R3T/?name=Inv_No_374112.doc
  • https://p20.zdusercontent.com/attachment/387804/jsBvNcgFVs4ELgPF4okoU1R3T?token=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..-nVplzjgdeMPPpvtLUiGLg.VOKwHUKcwbeEM7zCvnCDuZ1a1UMkXxwNu5AUhXMU2-zZK...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://p20.zdusercontent.com/attachment/387804/jsBvNcgFVs4ELgPF4okoU1R3T?token=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..-nVplzjgdeMPPpvtLUiGLg.VOKwHUKcwbeEM7zCvnCDuZ1a1UMkXxwNu5AUhXMU2-zZKV-BjC4XuBEbjqvG4r-d-9HJ0l1szalVYuU5E5PmfAN00x-Vx-WHXWXeYLb6_69xpRuxDPlWsVqK9aBRx-ZjCSAndQmbmM4v1pcmECoKEM8MyQZMugHY8N0hJySEv1s-Y19KyiMnDZ4mg0BI35Yrer-ykNlEAg_Oh1vP4gbipd175lSoOKgNunwnNxWBl9YRraNBlupYl3Px-963DOZ9MQPSvVlsBEFc-z7p0TZEgQ.11q6eq4GlgeqCdiMtWvxuA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.213.203.82 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-213-203-82.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Host
p20.zdusercontent.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Cookie
_zendesk_shared_session=-ZzNEUmZXUmg0VmVHUk5XUklST0FER2xVTTErZ2ZPcDdGTElqcmZYSVBlakQ0NnJyVVI2c2NwVTVkaWVDaDV6Z1BZK1h0c3pVdW4yV3V3RzVLOXRkS2RHNVBjSDdNSCtQVDNEZHFJNUlJd0E9LS00RnFaMlRpeWFISDVvRm1SeVQwQkl3PT0%3D--e1e3c83900926a238ef246c063bac64aaf0e15f3; _zendesk_session=BAh7CEkiD3Nlc3Npb25faWQGOgZFVEkiJTgzZDg0NmQxZmJiMDBiYWI5MzVhNzBiZTU4NmM3MmRmBjsAVEkiDmlzX21vYmlsZQY7AFRGSSITd2FyZGVuLm1lc3NhZ2UGOwBUewA%3D--7efe389de8cabec14cf58fa6bcf9b4560a9a638d
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Server
nginx
Date
Mon, 05 Nov 2018 20:48:45 GMT
Content-Type
application/msword
Content-Length
85888
Connection
keep-alive
Expires
Mon, 12 Nov 2018 20:48:45 GMT
Content-Disposition
attachment; filename="Inv_No_374112.doc"
Cache-Control
max-age=604800
Set-Cookie
_zendesk_shared_session=-bXV1WUN4ZXJrQVJINjRES1c2dHhFTzI4Z0VkYjNGTklCR0VDQ1dtYS9jYmxvQ2tXT2luaFVXejdHVlNiV0FROXJZSVVJbERLbEZYK2RDMjkxNUo4c2VWUDEyV2N3ZGkxZU1WbzR4RVZMTzg9LS1vcFUrWVpkYmg1SkNkOXJWOTRMakhBPT0%3D--41fd07b2a95ede7160198c2a6ad939306409f33c; path=/; HttpOnly _zendesk_authenticated=; path=/; expires=Thu, 01 Jan 1970 00:00:00 -0000; HttpOnly
Last-Modified
Mon, 05 Nov 2018 18:06:39 GMT
ETag
"325c6240be61e858d1b8989b3beb3fe4"
x-amz-server-side-encryption
AES256
Accept-Ranges
bytes
Access-Control-Allow-Origin
*

Redirect headers

status
302
date
Mon, 05 Nov 2018 20:48:45 GMT
content-type
text/html; charset=UTF-8
content-length
519
set-cookie
__cfduid=d0045c09e06acadf53255a78afde36d851541450925; expires=Tue, 05-Nov-19 20:48:45 GMT; path=/; domain=.celgene.zendesk.com; HttpOnly _zendesk_shared_session=-MWV5NnhVa0xBcDBqYXl2N011NzcwNTNmck9hRnROMTRtQjN5WDNwejEvb3VHMkJNMFJaUDFManZJSS9ZeE1tTEI4UUNHUjZ5TDZJUS9jMXdwSTBjYXNZWE84VGF5UjFKV3l1VEVxNXNLTmRyc2FrMVBOMXJjbUl4M04xTnBKOE9xcGxUVGNEb3V0Sy9SdUtSQU0ydXV3PT0tLXNwY0RNRkhublZMUjMvWEN5djFyZ0E9PQ%3D%3D--7a069077bc68d9f82bd3376f2a4e003c0b4ecb93; path=/; secure; HttpOnly _zendesk_authenticated=; path=/; expires=Thu, 01 Jan 1970 00:00:00 -0000; secure; HttpOnly _zendesk_session=BAh7CUkiD3Nlc3Npb25faWQGOgZFVEkiJWFlNmJlODg3YzZkZjdmODgzNDJjNjU1MTI5YmVjODU1BjsAVEkiDGFjY291bnQGOwBGaQPc6gVJIgpyb3V0ZQY7AEZpA4wKA0kiDmlzX21vYmlsZQY7AFRG--861e1f50f5957fe547abccab636ed27d763bc34b; path=/; secure; HttpOnly
p3p
CP="NOI DSP COR NID ADMa OPTa OUR NOR"
vary
Accept, Accept-Encoding
x-xss-protection
1; mode=block
x-frame-options
SAMEORIGIN
location
https://p20.zdusercontent.com/attachment/387804/jsBvNcgFVs4ELgPF4okoU1R3T?token=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..-nVplzjgdeMPPpvtLUiGLg.VOKwHUKcwbeEM7zCvnCDuZ1a1UMkXxwNu5AUhXMU2-zZKV-BjC4XuBEbjqvG4r-d-9HJ0l1szalVYuU5E5PmfAN00x-Vx-WHXWXeYLb6_69xpRuxDPlWsVqK9aBRx-ZjCSAndQmbmM4v1pcmECoKEM8MyQZMugHY8N0hJySEv1s-Y19KyiMnDZ4mg0BI35Yrer-ykNlEAg_Oh1vP4gbipd175lSoOKgNunwnNxWBl9YRraNBlupYl3Px-963DOZ9MQPSvVlsBEFc-z7p0TZEgQ.11q6eq4GlgeqCdiMtWvxuA
access-control-allow-origin
*
access-control-expose-headers
X-Zendesk-API-Warn
strict-transport-security
max-age=31536000;
cache-control
no-cache
x-zendesk-origin-server
app2.pod20.usw2.zdsys.com
x-request-id
47522edc58bfc2d3-SEA
x-runtime
0.047682
x-zendesk-request-id
6e1f86053ee6d10f62de
x-content-type-options
nosniff
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
47522edc58bfc2d3-FRA

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

celgene.zendesk.com
p20.zdusercontent.com
104.16.52.111
54.213.203.82