amzverificationpage.ddns.net Open in urlscan Pro
142.93.72.112 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://marcstone.com/wp-includes/js/1231/redir.php
Effective URL:
https://amzverificationpage.ddns.net/borsm/
Submission: On December 23 via automatic, source phishtank (December 23rd 2020, 7:20:28 pm UTC)

Summary HTTP 17 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 17 HTTP transactions. The main IP is 142.93.72.112, located in Clifton, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is amzverificationpage.ddns.net.
TLS certificate: Issued by cPanel, Inc. Certification Authority on December 20th 2020. Valid for: 3 months.

This is the only time amzverificationpage.ddns.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Boursorama (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	162.241.218.181 162.241.218.181	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
14	142.93.72.112 142.93.72.112	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	2001:4de0:ac1... 2001:4de0:ac19::1:b:2a	20446 (HIGHWINDS3) (HIGHWINDS3)
17	4

1 162.241.218.181 (Provo, United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box5581.bluehost.com

marcstone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 142.93.72.112 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: cpanel.amzverificationpage.ddns.net

amzverificationpage.ddns.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4de0:ac19::1:b:2a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	ddns.net amzverificationpage.ddns.net	2 MB
2	jquery.com code.jquery.com	107 KB
1	marcstone.com marcstone.com	288 B
17	3

	Domain	Requested by
14	amzverificationpage.ddns.net	amzverificationpage.ddns.net
2	code.jquery.com	amzverificationpage.ddns.net
1	marcstone.com
17	3

This site contains links to these domains. Also see Links.

Domain
www.google.fr
www.mozilla.com
www.opera.com
windows.microsoft.com
www.apple.com
clients.boursorama.com

Subject Issuer	Validity	Valid
www.marcstone.com R3	`2020-12-09` - `2021-03-09`	3 months	crt.sh
amzverificationpage.ddns.net cPanel, Inc. Certification Authority	`2020-12-20` - `2021-03-20`	3 months	crt.sh
jquery.org Sectigo RSA Domain Validation Secure Server CA	`2020-10-06` - `2021-10-16`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://amzverificationpage.ddns.net/borsm/
Frame ID: 7B77AA43D76FD147CF685E631D52B784
Requests: 28 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://marcstone.com/wp-includes/js/1231/redir.php Page URL
https://amzverificationpage.ddns.net/borsm/ Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

17
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

1738 kB
Transfer

1988 kB
Size

0
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.google.fr/intl/fr/chrome/browser/
Title: Google Chrome

Search URL Search Domain Scan URL

URL: https://www.mozilla.com/
Title: Mozilla Firefox

Search URL Search Domain Scan URL

URL: https://www.opera.com/
Title: Opera

Search URL Search Domain Scan URL

URL: http://windows.microsoft.com/fr-fr/internet-explorer/download-ie
Title: Internet Explorer

Search URL Search Domain Scan URL

URL: https://www.apple.com/fr/safari/
Title: Safari

Search URL Search Domain Scan URL

URL: https://clients.boursorama.com/connexion/mot-de-passe/retrouver
Title: Mot de passe oublié ?

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://marcstone.com/wp-includes/js/1231/redir.php Page URL
https://amzverificationpage.ddns.net/borsm/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
11 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	redir.php Show response marcstone.com/wp-includes/js/1231/	203 B 288 B	643ms 364ms	Document text/html	162.241.218.181 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://marcstone.com/wp-includes/js/1231/redir.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.218.181 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS box5581.bluehost.com Software Apache / Resource Hash `3c92402ce4d3bc9c9815938e3eb149cb3d876ce3630c002ebd8808604458b70d` Request headers :method GET :authority marcstone.com :scheme https :path /wp-includes/js/1231/redir.php pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 23 Dec 2020 19:20:12 GMT server Apache vary Accept-Encoding content-encoding gzip host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== content-length 158 content-type text/html; charset=UTF-8
GET H/1.1	200 OK	Primary Request / Show response amzverificationpage.ddns.net/borsm/	203 KB 204 KB	368ms 122ms	Document text/html	142.93.72.112 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://amzverificationpage.ddns.net/borsm/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 142.93.72.112 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS cpanel.amzverificationpage.ddns.net Software Apache / Resource Hash `b7a2ea14ff4acd34fa76d2e0d7273cb435224787ef8482087f4d4029fe4409aa` Request headers Host amzverificationpage.ddns.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest document Referer https://marcstone.com/wp-includes/js/1231/redir.php Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://marcstone.com/wp-includes/js/1231/redir.php Response headers Date Wed, 23 Dec 2020 19:20:15 GMT Server Apache Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H2	200	jquery-3.5.1.slim.min.js Show response code.jquery.com/	71 KB 24 KB	342ms 19ms	Script application/javascript	2001:4de0:ac19::1:b:2a HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.5.1.slim.min.js Requested by Host: amzverificationpage.ddns.net URL: https://amzverificationpage.ddns.net/borsm/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3, US), Reverse DNS Software nginx / Resource Hash `e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db` Request headers Origin https://amzverificationpage.ddns.net Referer https://amzverificationpage.ddns.net/borsm/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 23 Dec 2020 19:20:15 GMT content-encoding gzip last-modified Mon, 04 May 2020 23:02:39 GMT server nginx etag W/"5eb09f0f-11abc" vary Accept-Encoding x-hw 1608751215.dop241.fr8.t,1608751215.cds248.fr8.hn,1608751215.cds240.fr8.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 24606
GET H/1.1	200 OK	25.9bd69470e1f697752717.css amzverificationpage.ddns.net/borsm/	52 KB 52 KB	134ms 120ms	Stylesheet text/css	142.93.72.112 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://amzverificationpage.ddns.net/borsm/25.9bd69470e1f697752717.css Requested by Host: amzverificationpage.ddns.net URL: https://amzverificationpage.ddns.net/borsm/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 142.93.72.112 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS cpanel.amzverificationpage.ddns.net Software Apache / Resource Hash `f3a4aed3376ca709285b59999cf2a023b341b78b0b0344517f6e3366015ce825` Request headers Referer https://amzverificationpage.ddns.net/borsm/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 23 Dec 2020 19:20:15 GMT Last-Modified Sun, 23 Aug 2020 23:53:22 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 53396
GET H/1.1	200 OK	24.9bd69470e1f697752717-1.css amzverificationpage.ddns.net/borsm/	232 KB 232 KB	254ms 118ms	Stylesheet text/css	142.93.72.112 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://amzverificationpage.ddns.net/borsm/24.9bd69470e1f697752717-1.css Requested by Host: amzverificationpage.ddns.net URL: https://amzverificationpage.ddns.net/borsm/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 142.93.72.112 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS cpanel.amzverificationpage.ddns.net Software Apache / Resource Hash `33684cb630445c887540adf7d5cf6551677482c2ba78df714c1a174a197c0a9e` Request headers Referer https://amzverificationpage.ddns.net/borsm/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 23 Dec 2020 19:20:15 GMT Last-Modified Sun, 23 Aug 2020 23:53:22 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 237618
GET H/1.1	200 OK	24.9bd69470e1f697752717-2.css amzverificationpage.ddns.net/borsm/	292 KB 293 KB	357ms 119ms	Stylesheet text/css	142.93.72.112 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://amzverificationpage.ddns.net/borsm/24.9bd69470e1f697752717-2.css Requested by Host: amzverificationpage.ddns.net URL: https://amzverificationpage.ddns.net/borsm/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 142.93.72.112 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS cpanel.amzverificationpage.ddns.net Software Apache / Resource Hash `3c1ffb849f6710de2343210a501eff8bd11f6564bc9a5e37b3051984e813c7a3` Request headers Referer https://amzverificationpage.ddns.net/borsm/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 23 Dec 2020 19:20:16 GMT Last-Modified Sun, 23 Aug 2020 23:53:22 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 299342
GET H/1.1	200 OK	24.9bd69470e1f697752717-3.css amzverificationpage.ddns.net/borsm/	263 KB 263 KB	358ms 119ms	Stylesheet text/css	142.93.72.112 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://amzverificationpage.ddns.net/borsm/24.9bd69470e1f697752717-3.css Requested by Host: amzverificationpage.ddns.net URL: https://amzverificationpage.ddns.net/borsm/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 142.93.72.112 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS cpanel.amzverificationpage.ddns.net Software Apache / Resource Hash `e169c7008e5344e4473cb304b10a775e47bc02f59c7786f57729ef46f791d366` Request headers Referer https://amzverificationpage.ddns.net/borsm/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 23 Dec 2020 19:20:16 GMT Last-Modified Sun, 23 Aug 2020 23:53:22 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 268800
GET H/1.1	200 OK	24.9bd69470e1f697752717-4.css amzverificationpage.ddns.net/borsm/	267 KB 267 KB	366ms 119ms	Stylesheet text/css	142.93.72.112 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://amzverificationpage.ddns.net/borsm/24.9bd69470e1f697752717-4.css Requested by Host: amzverificationpage.ddns.net URL: https://amzverificationpage.ddns.net/borsm/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 142.93.72.112 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS cpanel.amzverificationpage.ddns.net Software Apache / Resource Hash `39eb3b470956b879f910348ea66f5fdd93e280a3c7d2f33bccff4279064d1ad3` Request headers Referer https://amzverificationpage.ddns.net/borsm/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 23 Dec 2020 19:20:16 GMT Last-Modified Sun, 23 Aug 2020 23:53:22 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 273345
GET H/1.1	200 OK	24.9bd69470e1f697752717-5.css amzverificationpage.ddns.net/borsm/	174 KB 174 KB	365ms 118ms	Stylesheet text/css	142.93.72.112 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://amzverificationpage.ddns.net/borsm/24.9bd69470e1f697752717-5.css Requested by Host: amzverificationpage.ddns.net URL: https://amzverificationpage.ddns.net/borsm/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 142.93.72.112 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS cpanel.amzverificationpage.ddns.net Software Apache / Resource Hash `b228efd7d50727fbe623ace9488f227f02132cdd82a8384e98737ad9aaf24d2a` Request headers Referer https://amzverificationpage.ddns.net/borsm/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 23 Dec 2020 19:20:16 GMT Last-Modified Sun, 23 Aug 2020 23:53:22 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 177872
GET H/1.1	200 OK	17.9bd69470e1f697752717.css amzverificationpage.ddns.net/borsm/	36 KB 36 KB	367ms 119ms	Stylesheet text/css	142.93.72.112 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://amzverificationpage.ddns.net/borsm/17.9bd69470e1f697752717.css Requested by Host: amzverificationpage.ddns.net URL: https://amzverificationpage.ddns.net/borsm/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 142.93.72.112 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS cpanel.amzverificationpage.ddns.net Software Apache / Resource Hash `94ea070f806efdfddbcfb1db142e988869e0c4f7bc17e5eb70ef7e4037172dcd` Request headers Referer https://amzverificationpage.ddns.net/borsm/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 23 Dec 2020 19:20:16 GMT Last-Modified Sun, 23 Aug 2020 23:53:22 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 36617
GET H2	200	jquery-3.5.1.js Show response code.jquery.com/	281 KB 83 KB	50ms 25ms	Script application/javascript	2001:4de0:ac19::1:b:2a HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.5.1.js Requested by Host: amzverificationpage.ddns.net URL: https://amzverificationpage.ddns.net/borsm/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3, US), Reverse DNS Software nginx / Resource Hash `416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37` Request headers Origin https://amzverificationpage.ddns.net Referer https://amzverificationpage.ddns.net/borsm/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 23 Dec 2020 19:20:15 GMT content-encoding gzip last-modified Mon, 04 May 2020 23:02:39 GMT server nginx etag W/"5eb09f0f-4638e" vary Accept-Encoding x-hw 1608751215.dop241.fr8.t,1608751215.cds248.fr8.hn,1608751215.cds234.fr8.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 84374
GET H/1.1	200 OK	index.js Show response amzverificationpage.ddns.net/borsm/	12 KB 12 KB	595ms 118ms	Script application/javascript	142.93.72.112 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://amzverificationpage.ddns.net/borsm/index.js Requested by Host: amzverificationpage.ddns.net URL: https://amzverificationpage.ddns.net/borsm/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 142.93.72.112 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS cpanel.amzverificationpage.ddns.net Software Apache / Resource Hash `a9a92122d7a386874a556687c5f95f8c62b8fdb0bf19428655796d2b57455654` Request headers Referer https://amzverificationpage.ddns.net/borsm/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 23 Dec 2020 19:20:16 GMT Last-Modified Wed, 09 Sep 2020 22:36:36 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 12351
GET H/1.1	200 OK	22.9bd69470e1f697752717.css amzverificationpage.ddns.net/borsm/	46 KB 46 KB	460ms 119ms	Stylesheet text/css	142.93.72.112 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://amzverificationpage.ddns.net/borsm/22.9bd69470e1f697752717.css Requested by Host: amzverificationpage.ddns.net URL: https://amzverificationpage.ddns.net/borsm/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 142.93.72.112 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS cpanel.amzverificationpage.ddns.net Software Apache / Resource Hash `bf23e123fbae09d2bc587e36af7951038f100351c5ba0a026aa45b2db9567b3c` Request headers Referer https://amzverificationpage.ddns.net/borsm/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 23 Dec 2020 19:20:16 GMT Last-Modified Sun, 23 Aug 2020 23:53:22 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 46915
GET H/1.1	200 OK	32.9bd69470e1f697752717.css amzverificationpage.ddns.net/borsm/	26 KB 26 KB	580ms 118ms	Stylesheet text/css	142.93.72.112 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://amzverificationpage.ddns.net/borsm/32.9bd69470e1f697752717.css Requested by Host: amzverificationpage.ddns.net URL: https://amzverificationpage.ddns.net/borsm/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 142.93.72.112 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS cpanel.amzverificationpage.ddns.net Software Apache / Resource Hash `2a23e816f74c3f69097c9dea032b2b6330f8a734f84b7e3cdc268d281144d8f3` Request headers Referer https://amzverificationpage.ddns.net/borsm/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 23 Dec 2020 19:20:16 GMT Last-Modified Sun, 23 Aug 2020 23:53:22 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 26589
GET H/1.1	404 Not Found	poster.jpg amzverificationpage.ddns.net/borsm/	315 B 315 B	120ms 119ms	Image text/html	142.93.72.112 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://amzverificationpage.ddns.net/borsm/poster.jpg Requested by Host: amzverificationpage.ddns.net URL: https://amzverificationpage.ddns.net/borsm/24.9bd69470e1f697752717-1.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 142.93.72.112 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS cpanel.amzverificationpage.ddns.net Software Apache / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers Referer https://amzverificationpage.ddns.net/borsm/24.9bd69470e1f697752717-1.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 23 Dec 2020 19:20:16 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 315 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	proximanova-regular-webfont-cache-1458301567.woff2 amzverificationpage.ddns.net/borsm/	16 KB 16 KB	119ms 119ms	Font font/woff2	142.93.72.112 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://amzverificationpage.ddns.net/borsm/proximanova-regular-webfont-cache-1458301567.woff2 Requested by Host: amzverificationpage.ddns.net URL: https://amzverificationpage.ddns.net/borsm/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 142.93.72.112 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS cpanel.amzverificationpage.ddns.net Software Apache / Resource Hash `e53ee2f002f94b2f0538c486bb2228daf092cd58d487a528d5c80e67e18a6f75` Request headers Origin https://amzverificationpage.ddns.net Referer https://amzverificationpage.ddns.net/borsm/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 23 Dec 2020 19:20:16 GMT Last-Modified Sun, 23 Aug 2020 23:53:22 GMT Server Apache Content-Type font/woff2 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 16128
GET H/1.1	200 OK	proximanova-medium-webfont-cache-1521040380.woff2 amzverificationpage.ddns.net/borsm/	9 KB 9 KB	120ms 119ms	Font font/woff2	142.93.72.112 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://amzverificationpage.ddns.net/borsm/proximanova-medium-webfont-cache-1521040380.woff2 Requested by Host: amzverificationpage.ddns.net URL: https://amzverificationpage.ddns.net/borsm/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 142.93.72.112 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS cpanel.amzverificationpage.ddns.net Software Apache / Resource Hash `fc6d016af92c77df78ac5a8a607ffc1c528f105be3e5276825e90f64faa15e27` Request headers Origin https://amzverificationpage.ddns.net Referer https://amzverificationpage.ddns.net/borsm/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 23 Dec 2020 19:20:16 GMT Last-Modified Sun, 23 Aug 2020 23:53:22 GMT Server Apache Content-Type font/woff2 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 9384
GET DATA	200 OK	truncated /	550 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8c7a908592931547ab0a8f6ddefa92749177084aaf3fb38ecfd425a12d003768` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	784 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ff2a2e269b6f0e180ec9c4b90623ac3546b818754eb68a6d0277eff5cf4baa45` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	174 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `9794681d64f4a98e89aafb0514513416ea2ce55a392b8a7be21da9f78aa95be2` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	828 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f96573c65659cd526171823c242993af1510df2c16c08b14f0e0cd071672d54b` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	293 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `bbefc7995fca52f623695be2dbcb16fba64a5dd86e5b1cf8fde511c196a88396` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	997 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d0e77bf570bd68c81af927aa36431ad59951611eb8d04534abed4fe3ebc6973f` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	764 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c70db0e5b9c24aabf3f2e4d57ce05a94b6107210a683c8b873dcbffacd34cf69` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	608 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `3ed4b920c145278b899fe5a88de27c1e93b2fa632cfde1a9fa9d2c130da28a87` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	712 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `bcdf84bb617cf022ac894fc732ae305c47d8857b0fe697c894fb1f2e50ae6910` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	746 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c99f8da1a3510d268684df44d8dff4f40167a7307f2de004e9b652e2fe9807f2` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `86ec8ab2e1723aa606b365856d3e56764d75108931a4860b3116ee5a94e4db09` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Boursorama (Banking)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

amzverificationpage.ddns.net
code.jquery.com
marcstone.com
142.93.72.112
162.241.218.181
2001:4de0:ac19::1:b:2a
2a23e816f74c3f69097c9dea032b2b6330f8a734f84b7e3cdc268d281144d8f3
33684cb630445c887540adf7d5cf6551677482c2ba78df714c1a174a197c0a9e
39eb3b470956b879f910348ea66f5fdd93e280a3c7d2f33bccff4279064d1ad3
3c1ffb849f6710de2343210a501eff8bd11f6564bc9a5e37b3051984e813c7a3
3c92402ce4d3bc9c9815938e3eb149cb3d876ce3630c002ebd8808604458b70d
3ed4b920c145278b899fe5a88de27c1e93b2fa632cfde1a9fa9d2c130da28a87
416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37
86ec8ab2e1723aa606b365856d3e56764d75108931a4860b3116ee5a94e4db09
8c7a908592931547ab0a8f6ddefa92749177084aaf3fb38ecfd425a12d003768
94ea070f806efdfddbcfb1db142e988869e0c4f7bc17e5eb70ef7e4037172dcd
9794681d64f4a98e89aafb0514513416ea2ce55a392b8a7be21da9f78aa95be2
a9a92122d7a386874a556687c5f95f8c62b8fdb0bf19428655796d2b57455654
b228efd7d50727fbe623ace9488f227f02132cdd82a8384e98737ad9aaf24d2a
b7a2ea14ff4acd34fa76d2e0d7273cb435224787ef8482087f4d4029fe4409aa
bbefc7995fca52f623695be2dbcb16fba64a5dd86e5b1cf8fde511c196a88396
bcdf84bb617cf022ac894fc732ae305c47d8857b0fe697c894fb1f2e50ae6910
bf23e123fbae09d2bc587e36af7951038f100351c5ba0a026aa45b2db9567b3c
c70db0e5b9c24aabf3f2e4d57ce05a94b6107210a683c8b873dcbffacd34cf69
c99f8da1a3510d268684df44d8dff4f40167a7307f2de004e9b652e2fe9807f2
d0e77bf570bd68c81af927aa36431ad59951611eb8d04534abed4fe3ebc6973f
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e169c7008e5344e4473cb304b10a775e47bc02f59c7786f57729ef46f791d366
e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db
e53ee2f002f94b2f0538c486bb2228daf092cd58d487a528d5c80e67e18a6f75
f3a4aed3376ca709285b59999cf2a023b341b78b0b0344517f6e3366015ce825
f96573c65659cd526171823c242993af1510df2c16c08b14f0e0cd071672d54b
fc6d016af92c77df78ac5a8a607ffc1c528f105be3e5276825e90f64faa15e27
ff2a2e269b6f0e180ec9c4b90623ac3546b818754eb68a6d0277eff5cf4baa45

amzverificationpage.ddns.net Open in urlscan Pro 142.93.72.112 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

4 IPs

2 Countries

1738 kBTransfer

1988 kBSize

0 Cookies

6 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

amzverificationpage.ddns.net Open in urlscan Pro
142.93.72.112 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

1738 kB
Transfer

1988 kB
Size

0
Cookies

17 HTTP transactions
11 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!