s3.amazonaws.com Open in urlscan Pro
52.217.44.166 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://s3.amazonaws.com/appforest_uf/f1680190263303x527483678808010800/index7.html?e=6696768757365696e40726872696e746572...
Submission: On April 05 via automatic, source phishtank (April 5th 2023, 11:22:07 am UTC) — Scanned from DE

Summary HTTP 7 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 4 domains to perform 7 HTTP transactions. The main IP is 52.217.44.166, located in Ashburn, United States and belongs to AMAZON-02, US. The main domain is s3.amazonaws.com.
TLS certificate: Issued by Amazon RSA 2048 M01 on December 6th 2022. Valid for: a year.

This is the only time s3.amazonaws.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	52.217.44.166 52.217.44.166	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:5514	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	3

4 52.217.44.166 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	amazonaws.com s3.amazonaws.com	36 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 374	2 KB
0	voicemceter.org Failed myvoicemessage.googin.voicemceter.org Failed
0	killbot.org Failed killbot.org Failed
7	4

	Domain	Requested by
4	s3.amazonaws.com	s3.amazonaws.com
1	cdn.jsdelivr.net	s3.amazonaws.com
0	myvoicemessage.googin.voicemceter.org Failed	s3.amazonaws.com
0	killbot.org Failed	cdn.jsdelivr.net
7	4

This site contains no links.

Subject Issuer	Validity	Valid
s3.amazonaws.com Amazon RSA 2048 M01	`2022-12-06` - `2023-12-05`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-02` - `2023-06-01`	a year	crt.sh

This page contains 1 frames:

Frame: https://myvoicemessage.googin.voicemceter.org/CLzQhTib?email=
Frame ID: 830D234B96BF24EFF60304CD39170862
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

7
Requests

71 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

1
Countries

38 kB
Transfer

38 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request index7.html Show response
s3.amazonaws.com/appforest_uf/f1680190263303x527483678808010800/ 34 KB
35 KB 367ms
145ms Document
text/html 52.217.44.166
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/appforest_uf/f1680190263303x527483678808010800/index7.html?e=6696768757365696e40726872696e7465726e6174696f6e616c2e636f6d
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.44.166 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: cba8d62c19e83831e1378e26f7dd94103b77531b9f010926dce92a48d3f3a316

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: public,max-age=86400
Content-Length: 34933
Content-Type: text/html
Date: Wed, 05 Apr 2023 11:22:03 GMT
ETag: "5613a849879400aa3e2d58946c045010"
Last-Modified: Thu, 30 Mar 2023 15:31:04 GMT
Server: AmazonS3
x-amz-id-2: IRNVhLmI8pk6Xw1+KlrnuRfxe1NqwCIgIZyzNVjqf7dUhRFbwJhV0MOjGz/ThlB8VVLOXWnJyGs=
x-amz-meta-app-version: test
x-amz-meta-appname: redirecttest
x-amz-request-id: X27WTEGZ92K7G6R8
x-amz-server-side-encryption: AES256
x-amz-version-id: vkshcc4ttiDrgBYJnygUjijXAlnhMyG2

GET
DATA 200
OK truncated
/ 586 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 404
Not Found transparent.gif
s3.amazonaws.com/cdn-cgi/images/trace/jsch/js/ 307 B
307 B 123ms
123ms Image
application/xml 52.217.44.166
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/cdn-cgi/images/trace/jsch/js/transparent.gif?ray=745bca546d38b4e8
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/appforest_uf/f1680190263303x527483678808010800/index7.html?e=6696768757365696e40726872696e7465726e6174696f6e616c2e636f6d
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.44.166 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 142a17528a9ede418976cf51716719496b3f777564d25b2835ec1bdb4cfdf475

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s3.amazonaws.com/appforest_uf/f1680190263303x527483678808010800/index7.html?e=6696768757365696e40726872696e7465726e6174696f6e616c2e636f6d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Wed, 05 Apr 2023 11:22:01 GMT
Server: AmazonS3
x-amz-request-id: X27TN84ZD0VVEZCJ
x-amz-id-2: SyfB9lAG2CjxVZTb9Xck6Ywriqb7vZpBEehTFOqx6AwnQfqIzBNuKFdf97x+k3YUJWxMVcCXdTU=
Transfer-Encoding: chunked
Content-Type: application/xml

GET
H2 200 main.min.js Show response
cdn.jsdelivr.net/gh/killbot-org/Killbot-JS@latest/dist/ 3 KB
2 KB 102ms
49ms Script
application/javascript 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/killbot-org/Killbot-JS@latest/dist/main.min.js

Requested by

Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/appforest_uf/f1680190263303x527483678808010800/index7.html?e=6696768757365696e40726872696e7465726e6174696f6e616c2e636f6d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8831773f69697c641e349c519d162ad5afe58cc583703d96f98a79d29087ef1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 11:22:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 5417
x-jsd-version: master
content-encoding: br
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230097-FRA, cache-yyz4542-YYZ
x-jsd-version-type: branch
server: cloudflare
etag: W/"a7c-kmbumraAtj1yBda8Zbl2dRPRYqU"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HFnP6y4gYbScWHxmICUrXpOF4ddw1YPeu%2FBjQvPQuTqlKJfA%2Fbhu2Q3EWDQrqYnBkCy46m3GY9VvhVOzQ1k4m608UR0o%2FizR4ooHnYoJntxiQS1w7lDdQTvg3hrS258Q3HqmSERCG7tYJvwxnX8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 7b3169370ab59296-FRA

GET
H/1.1 403
Forbidden transparent.gif
s3.amazonaws.com/appforest_uf/f1680190263303x527483678808010800/Just%20a%20moment_fichiers/ 243 B
243 B 236ms
112ms Image
application/xml 52.217.44.166
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/appforest_uf/f1680190263303x527483678808010800/Just%20a%20moment_fichiers/transparent.gif
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/appforest_uf/f1680190263303x527483678808010800/index7.html?e=6696768757365696e40726872696e7465726e6174696f6e616c2e636f6d
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.44.166 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 5a0a4c09519eb9ee029a071bcbba20b8ef34f534f5f093d8d03dcbff108211f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s3.amazonaws.com/appforest_uf/f1680190263303x527483678808010800/index7.html?e=6696768757365696e40726872696e7465726e6174696f6e616c2e636f6d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Wed, 05 Apr 2023 11:22:02 GMT
Server: AmazonS3
x-amz-request-id: X27QGD6YY0T3PS6Z
x-amz-id-2: GXzIf3OPbDNyL6c4/n+cG5bjDHT2L/VlCTWQLqtqAky/KLYeTSYmV+dPEY2lE9Kp7SS6NTjpB2s=
Transfer-Encoding: chunked
Content-Type: application/xml

GET whois
killbot.org/api/v2/ 0
0

GET
H/1.1 200
OK data-7.json Show response
s3.amazonaws.com/appforest_uf/f1680190201155x144282242826119460/ 78 B
631 B 116ms
116ms Fetch
application/json 52.217.44.166
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/appforest_uf/f1680190201155x144282242826119460/data-7.json
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/appforest_uf/f1680190263303x527483678808010800/index7.html?e=6696768757365696e40726872696e7465726e6174696f6e616c2e636f6d
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.44.166 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 23540d605f4420b3a8c7f3d59aa8fdba97a4acbe7ae3259cea75bdc46c359515

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s3.amazonaws.com/appforest_uf/f1680190263303x527483678808010800/index7.html?e=6696768757365696e40726872696e7465726e6174696f6e616c2e636f6d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Wed, 05 Apr 2023 11:22:05 GMT
x-amz-meta-appname: redirecttest
x-amz-version-id: ztfOwIEHtIu6BZkXLMstux8uB88fMq_V
Last-Modified: Thu, 30 Mar 2023 15:30:02 GMT
Server: AmazonS3
x-amz-request-id: 49MRJ7RVCN1S4F84
ETag: "250d5b00bf5a7e8040f7342594318bce"
x-amz-server-side-encryption: AES256
x-amz-meta-app-version: test
Content-Type: application/json
Cache-Control: public,max-age=86400
Accept-Ranges: bytes
Content-Length: 78
x-amz-id-2: cFMoZZAohUGJm4Le0LldigdQj+32WvprSpsAiFDOpWcc0AvwJH0Bvd5tBC0xCpq0+bwZGJ4/XWw=

GET CLzQhTib
myvoicemessage.googin.voicemceter.org/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: killbot.org
URL: https://killbot.org/api/v2/whois?apikey=_J14k_5sHZiFR3C3uZ6NGBPph1iZq3g-aYSeTKmHUNJf_

Domain: myvoicemessage.googin.voicemceter.org
URL: https://myvoicemessage.googin.voicemceter.org/CLzQhTib?email=

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://s3.amazonaws.com/cdn-cgi/images/trace/jsch/js/transparent.gif?ray=745bca546d38b4e8 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://s3.amazonaws.com/appforest_uf/f1680190263303x527483678808010800/Just%20a%20moment_fichiers/transparent.gif Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
killbot.org
myvoicemessage.googin.voicemceter.org
s3.amazonaws.com
killbot.org
myvoicemessage.googin.voicemceter.org
2606:4700::6810:5514
52.217.44.166
142a17528a9ede418976cf51716719496b3f777564d25b2835ec1bdb4cfdf475
23540d605f4420b3a8c7f3d59aa8fdba97a4acbe7ae3259cea75bdc46c359515
5a0a4c09519eb9ee029a071bcbba20b8ef34f534f5f093d8d03dcbff108211f7
a8831773f69697c641e349c519d162ad5afe58cc583703d96f98a79d29087ef1
cba8d62c19e83831e1378e26f7dd94103b77531b9f010926dce92a48d3f3a316
fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa

s3.amazonaws.com Open in urlscan Pro 52.217.44.166 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

7 Requests

71 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

3 IPs

1 Countries

38 kBTransfer

38 kBSize

0 Cookies

0 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

s3.amazonaws.com Open in urlscan Pro
52.217.44.166 Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

71 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

1
Countries

38 kB
Transfer

38 kB
Size

0
Cookies

7 HTTP transactions
1 data transactions