amzverificationpage.ddns.net
Open in
urlscan Pro
142.93.72.112
Malicious Activity!
Public Scan
Effective URL: https://amzverificationpage.ddns.net/borsm/
Submission: On December 23 via automatic, source phishtank
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on December 20th 2020. Valid for: 3 months.
This is the only time amzverificationpage.ddns.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Boursorama (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 162.241.218.181 162.241.218.181 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
14 | 142.93.72.112 142.93.72.112 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
2 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:2a | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
17 | 4 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box5581.bluehost.com
marcstone.com |
ASN14061 (DIGITALOCEAN-ASN, US)
PTR: cpanel.amzverificationpage.ddns.net
amzverificationpage.ddns.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
ddns.net
amzverificationpage.ddns.net |
2 MB |
2 |
jquery.com
code.jquery.com |
107 KB |
1 |
marcstone.com
marcstone.com |
288 B |
17 | 3 |
Domain | Requested by | |
---|---|---|
14 | amzverificationpage.ddns.net |
amzverificationpage.ddns.net
|
2 | code.jquery.com |
amzverificationpage.ddns.net
|
1 | marcstone.com | |
17 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.google.fr |
www.mozilla.com |
www.opera.com |
windows.microsoft.com |
www.apple.com |
clients.boursorama.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.marcstone.com R3 |
2020-12-09 - 2021-03-09 |
3 months | crt.sh |
amzverificationpage.ddns.net cPanel, Inc. Certification Authority |
2020-12-20 - 2021-03-20 |
3 months | crt.sh |
jquery.org Sectigo RSA Domain Validation Secure Server CA |
2020-10-06 - 2021-10-16 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://amzverificationpage.ddns.net/borsm/
Frame ID: 7B77AA43D76FD147CF685E631D52B784
Requests: 28 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://marcstone.com/wp-includes/js/1231/redir.php Page URL
- https://amzverificationpage.ddns.net/borsm/ Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: Google Chrome
Search URL Search Domain Scan URL
Title: Mozilla Firefox
Search URL Search Domain Scan URL
Title: Opera
Search URL Search Domain Scan URL
Title: Internet Explorer
Search URL Search Domain Scan URL
Title: Safari
Search URL Search Domain Scan URL
Title: Mot de passe oubliƩ ?
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://marcstone.com/wp-includes/js/1231/redir.php Page URL
- https://amzverificationpage.ddns.net/borsm/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
redir.php
marcstone.com/wp-includes/js/1231/ |
203 B 288 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
amzverificationpage.ddns.net/borsm/ |
203 KB 204 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.slim.min.js
code.jquery.com/ |
71 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
25.9bd69470e1f697752717.css
amzverificationpage.ddns.net/borsm/ |
52 KB 52 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
24.9bd69470e1f697752717-1.css
amzverificationpage.ddns.net/borsm/ |
232 KB 232 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
24.9bd69470e1f697752717-2.css
amzverificationpage.ddns.net/borsm/ |
292 KB 293 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
24.9bd69470e1f697752717-3.css
amzverificationpage.ddns.net/borsm/ |
263 KB 263 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
24.9bd69470e1f697752717-4.css
amzverificationpage.ddns.net/borsm/ |
267 KB 267 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
24.9bd69470e1f697752717-5.css
amzverificationpage.ddns.net/borsm/ |
174 KB 174 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
17.9bd69470e1f697752717.css
amzverificationpage.ddns.net/borsm/ |
36 KB 36 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.js
code.jquery.com/ |
281 KB 83 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.js
amzverificationpage.ddns.net/borsm/ |
12 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
22.9bd69470e1f697752717.css
amzverificationpage.ddns.net/borsm/ |
46 KB 46 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
32.9bd69470e1f697752717.css
amzverificationpage.ddns.net/borsm/ |
26 KB 26 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
poster.jpg
amzverificationpage.ddns.net/borsm/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
proximanova-regular-webfont-cache-1458301567.woff2
amzverificationpage.ddns.net/borsm/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
proximanova-medium-webfont-cache-1521040380.woff2
amzverificationpage.ddns.net/borsm/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
550 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
784 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
174 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
828 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
293 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
997 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
764 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
608 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
712 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
746 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Boursorama (Banking)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| _0x4b09 function| _0xa10d function| _0x2d757a function| _0x216b8d function| _0x4f4f8d function| _0x1bac4d function| submitted boolean| active0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
amzverificationpage.ddns.net
code.jquery.com
marcstone.com
142.93.72.112
162.241.218.181
2001:4de0:ac19::1:b:2a
2a23e816f74c3f69097c9dea032b2b6330f8a734f84b7e3cdc268d281144d8f3
33684cb630445c887540adf7d5cf6551677482c2ba78df714c1a174a197c0a9e
39eb3b470956b879f910348ea66f5fdd93e280a3c7d2f33bccff4279064d1ad3
3c1ffb849f6710de2343210a501eff8bd11f6564bc9a5e37b3051984e813c7a3
3c92402ce4d3bc9c9815938e3eb149cb3d876ce3630c002ebd8808604458b70d
3ed4b920c145278b899fe5a88de27c1e93b2fa632cfde1a9fa9d2c130da28a87
416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37
86ec8ab2e1723aa606b365856d3e56764d75108931a4860b3116ee5a94e4db09
8c7a908592931547ab0a8f6ddefa92749177084aaf3fb38ecfd425a12d003768
94ea070f806efdfddbcfb1db142e988869e0c4f7bc17e5eb70ef7e4037172dcd
9794681d64f4a98e89aafb0514513416ea2ce55a392b8a7be21da9f78aa95be2
a9a92122d7a386874a556687c5f95f8c62b8fdb0bf19428655796d2b57455654
b228efd7d50727fbe623ace9488f227f02132cdd82a8384e98737ad9aaf24d2a
b7a2ea14ff4acd34fa76d2e0d7273cb435224787ef8482087f4d4029fe4409aa
bbefc7995fca52f623695be2dbcb16fba64a5dd86e5b1cf8fde511c196a88396
bcdf84bb617cf022ac894fc732ae305c47d8857b0fe697c894fb1f2e50ae6910
bf23e123fbae09d2bc587e36af7951038f100351c5ba0a026aa45b2db9567b3c
c70db0e5b9c24aabf3f2e4d57ce05a94b6107210a683c8b873dcbffacd34cf69
c99f8da1a3510d268684df44d8dff4f40167a7307f2de004e9b652e2fe9807f2
d0e77bf570bd68c81af927aa36431ad59951611eb8d04534abed4fe3ebc6973f
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e169c7008e5344e4473cb304b10a775e47bc02f59c7786f57729ef46f791d366
e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db
e53ee2f002f94b2f0538c486bb2228daf092cd58d487a528d5c80e67e18a6f75
f3a4aed3376ca709285b59999cf2a023b341b78b0b0344517f6e3366015ce825
f96573c65659cd526171823c242993af1510df2c16c08b14f0e0cd071672d54b
fc6d016af92c77df78ac5a8a607ffc1c528f105be3e5276825e90f64faa15e27
ff2a2e269b6f0e180ec9c4b90623ac3546b818754eb68a6d0277eff5cf4baa45