vitolcloud.d2d9shlhsxvga2.amplifyapp.com Open in urlscan Pro
108.156.2.36  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request main.html Show response vitolcloud.d2d9shlhsxvga2.amplifyapp.com/	18 KB 4 KB	316ms 199ms	Document text/html	108.156.2.36 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://vitolcloud.d2d9shlhsxvga2.amplifyapp.com/main.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.156.2.36 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-156-2-36.mxp63.r.cloudfront.net Software AmazonS3 / Resource Hash dc3fc0dac057dffe3169af36d2d97eba495c3ff6c65a1f6889d8129cea74b082 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control public, must-revalidate, max-age=0, s-maxage=2 content-encoding gzip content-type text/html date Fri, 30 Jun 2023 20:31:04 GMT etag W/"b7818908d13d880163de7fd90b294aa4" last-modified Thu, 15 Jun 2023 13:24:10 GMT server AmazonS3 vary Accept-Encoding via 1.1 509ce7fa1084460cb3b0bf1daf52fa30.cloudfront.net (CloudFront) x-amz-cf-id 1Z58c_sHd_J0XL0MmnAoMvoF4HQJ7phzkkUGdbXojYYIwoGyV35BWA== x-amz-cf-pop MXP63-P4 x-amz-server-side-encryption AES256 x-cache Miss from cloudfront
GET H2	200	trance.css vitolcloud.d2d9shlhsxvga2.amplifyapp.com/	86 KB 17 KB	193ms 193ms	Stylesheet text/css	108.156.2.36 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://vitolcloud.d2d9shlhsxvga2.amplifyapp.com/trance.css Requested by Host: vitolcloud.d2d9shlhsxvga2.amplifyapp.com URL: https://vitolcloud.d2d9shlhsxvga2.amplifyapp.com/main.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.156.2.36 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-156-2-36.mxp63.r.cloudfront.net Software AmazonS3 / Resource Hash a8e954fc9668172a94b5e7d74efca982d6abd6891d0457e3d859c99018087fff Request headers accept-language de-DE,de;q=0.9 Referer https://vitolcloud.d2d9shlhsxvga2.amplifyapp.com/main.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 30 Jun 2023 20:31:04 GMT content-encoding gzip via 1.1 509ce7fa1084460cb3b0bf1daf52fa30.cloudfront.net (CloudFront) last-modified Thu, 15 Jun 2023 13:24:10 GMT server AmazonS3 x-amz-cf-pop MXP63-P4 x-amz-server-side-encryption AES256 etag W/"cadb60f6a832628a4048ed795ce60e42" vary Accept-Encoding x-cache Miss from cloudfront content-type text/css cache-control public, must-revalidate, max-age=0, s-maxage=2 x-amz-cf-id Jt8W2LzBgNV30anC0o2lE_MuhtuU36xU4Br6Xb0ARWfRFjGZHmML_w==
GET H2	200	jquery-latest.min.js.download Show response vitolcloud.d2d9shlhsxvga2.amplifyapp.com/	94 KB 94 KB	168ms 167ms	Script application/octet-stream	108.156.2.36 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://vitolcloud.d2d9shlhsxvga2.amplifyapp.com/jquery-latest.min.js.download Requested by Host: vitolcloud.d2d9shlhsxvga2.amplifyapp.com URL: https://vitolcloud.d2d9shlhsxvga2.amplifyapp.com/main.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.156.2.36 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-156-2-36.mxp63.r.cloudfront.net Software AmazonS3 / Resource Hash 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441 Request headers accept-language de-DE,de;q=0.9 Referer https://vitolcloud.d2d9shlhsxvga2.amplifyapp.com/main.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 30 Jun 2023 20:31:04 GMT via 1.1 509ce7fa1084460cb3b0bf1daf52fa30.cloudfront.net (CloudFront) last-modified Thu, 15 Jun 2023 13:24:10 GMT server AmazonS3 x-amz-cf-pop MXP63-P4 x-amz-server-side-encryption AES256 etag "8101d596b2b8fa35fe3a634ea342d7c3" x-cache Miss from cloudfront content-type application/octet-stream cache-control public, must-revalidate, max-age=0, s-maxage=2 accept-ranges bytes content-length 95786 x-amz-cf-id auAXokoksSHcH_cnseZ9qbmd-WidgWsNezb1FxIz537blPhwLa0FGg==
GET H2	200	trance.png vitolcloud.d2d9shlhsxvga2.amplifyapp.com/	1 KB 1 KB	219ms 219ms	Image image/png	108.156.2.36 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://vitolcloud.d2d9shlhsxvga2.amplifyapp.com/trance.png Requested by Host: vitolcloud.d2d9shlhsxvga2.amplifyapp.com URL: https://vitolcloud.d2d9shlhsxvga2.amplifyapp.com/main.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.156.2.36 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-156-2-36.mxp63.r.cloudfront.net Software AmazonS3 / Resource Hash f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c Request headers accept-language de-DE,de;q=0.9 Referer https://vitolcloud.d2d9shlhsxvga2.amplifyapp.com/main.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 30 Jun 2023 20:31:05 GMT via 1.1 509ce7fa1084460cb3b0bf1daf52fa30.cloudfront.net (CloudFront) last-modified Thu, 15 Jun 2023 13:24:10 GMT server AmazonS3 x-amz-cf-pop MXP63-P4 x-amz-server-side-encryption AES256 etag "ed9c9eb0dce17d752bedea6b5acda6d9" x-cache Miss from cloudfront content-type image/png cache-control public, must-revalidate, max-age=0, s-maxage=2 accept-ranges bytes content-length 1057 x-amz-cf-id C4ZqHK_Q-SGQftv_iynqltmmZ8e-3pete-Fwesafuyy2Bp4NnYXYwg==
GET H2	200	trance3.png vitolcloud.d2d9shlhsxvga2.amplifyapp.com/	1 KB 2 KB	210ms 210ms	Image image/png	108.156.2.36 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://vitolcloud.d2d9shlhsxvga2.amplifyapp.com/trance3.png Requested by Host: vitolcloud.d2d9shlhsxvga2.amplifyapp.com URL: https://vitolcloud.d2d9shlhsxvga2.amplifyapp.com/main.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.156.2.36 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-156-2-36.mxp63.r.cloudfront.net Software AmazonS3 / Resource Hash e2f8ccc8a603135d9669b71f5b695def341c88d73b622ab4827397c418805e7b Request headers accept-language de-DE,de;q=0.9 Referer https://vitolcloud.d2d9shlhsxvga2.amplifyapp.com/main.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 30 Jun 2023 20:31:05 GMT via 1.1 509ce7fa1084460cb3b0bf1daf52fa30.cloudfront.net (CloudFront) last-modified Thu, 15 Jun 2023 13:24:10 GMT server AmazonS3 x-amz-cf-pop MXP63-P4 x-amz-server-side-encryption AES256 etag "e3b10d1680e116a705afff99d0fd7059" x-cache Miss from cloudfront content-type image/png cache-control public, must-revalidate, max-age=0, s-maxage=2 accept-ranges bytes content-length 1213 x-amz-cf-id Ls3c293UVLoKoPOOMggVUMY65OMB5thiZCD6rhMosgav0hAvs0pmzg==
GET H2	200	trance2.png vitolcloud.d2d9shlhsxvga2.amplifyapp.com/	265 KB 266 KB	213ms 213ms	Image image/png	108.156.2.36 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://vitolcloud.d2d9shlhsxvga2.amplifyapp.com/trance2.png Requested by Host: vitolcloud.d2d9shlhsxvga2.amplifyapp.com URL: https://vitolcloud.d2d9shlhsxvga2.amplifyapp.com/main.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.156.2.36 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-156-2-36.mxp63.r.cloudfront.net Software AmazonS3 / Resource Hash ddb6b5706f83f5a11d4de018b5b1d40164ee2703f95e4ed6ba93a656f6b17edd Request headers accept-language de-DE,de;q=0.9 Referer https://vitolcloud.d2d9shlhsxvga2.amplifyapp.com/main.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 30 Jun 2023 20:31:05 GMT via 1.1 509ce7fa1084460cb3b0bf1daf52fa30.cloudfront.net (CloudFront) last-modified Thu, 15 Jun 2023 13:24:10 GMT server AmazonS3 x-amz-cf-pop MXP63-P4 x-amz-server-side-encryption AES256 etag "fd7ee42c722a392d8149a11baf66495c" x-cache Miss from cloudfront content-type image/png cache-control public, must-revalidate, max-age=0, s-maxage=2 accept-ranges bytes content-length 271219 x-amz-cf-id umT6XFiLwEw0fJs4NdBTiNtRlAowkH-NHu1h0danohm1kdEnAeTLvg==
POST H2	200	every Show response us-south.functions.appdomain.cloud/api/v1/web/169045ad-8db9-49f8-a780-932ac6d6129a/default/	24 B 411 B	848ms 335ms	XHR text/html	2606:4700:90:0:48e8:ba82:453:8195 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://us-south.functions.appdomain.cloud/api/v1/web/169045ad-8db9-49f8-a780-932ac6d6129a/default/every Requested by Host: vitolcloud.d2d9shlhsxvga2.amplifyapp.com URL: https://vitolcloud.d2d9shlhsxvga2.amplifyapp.com/jquery-latest.min.js.download Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:4700:90:0:48e8:ba82:453:8195 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash cc5a708e0ef7286998f0e9678945c82434937909c576332cb451bb4a2294920f Security Headers Name Value Strict-Transport-Security max-age=15724800; includeSubDomains Request headers Accept */* Referer https://vitolcloud.d2d9shlhsxvga2.amplifyapp.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-openwhisk-activation-id 9177cc816ec740edb7cc816ec710ed9c date Fri, 30 Jun 2023 20:31:04 GMT strict-transport-security max-age=15724800; includeSubDomains access-control-allow-methods OPTIONS, GET, DELETE, POST, PUT, HEAD, PATCH content-type text/html; charset=UTF-8 access-control-allow-origin * ibm_cloud_functions OpenWhisk access-control-allow-headers Authorization, Origin, X-Requested-With, Content-Type, Accept, User-Agent content-length 24 x-request-id 38fce049d0d41d855333eb0d4649c13f
POST H2	200	every Show response us-south.functions.appdomain.cloud/api/v1/web/169045ad-8db9-49f8-a780-932ac6d6129a/default/	24 B 410 B	320ms 320ms	XHR text/html	2606:4700:90:0:48e8:ba82:453:8195 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://us-south.functions.appdomain.cloud/api/v1/web/169045ad-8db9-49f8-a780-932ac6d6129a/default/every Requested by Host: vitolcloud.d2d9shlhsxvga2.amplifyapp.com URL: https://vitolcloud.d2d9shlhsxvga2.amplifyapp.com/jquery-latest.min.js.download Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:4700:90:0:48e8:ba82:453:8195 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash cc5a708e0ef7286998f0e9678945c82434937909c576332cb451bb4a2294920f Security Headers Name Value Strict-Transport-Security max-age=15724800; includeSubDomains Request headers Accept */* Referer https://vitolcloud.d2d9shlhsxvga2.amplifyapp.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-openwhisk-activation-id 09427a9cbc014def827a9cbc018def70 date Fri, 30 Jun 2023 20:31:07 GMT strict-transport-security max-age=15724800; includeSubDomains access-control-allow-methods OPTIONS, GET, DELETE, POST, PUT, HEAD, PATCH content-type text/html; charset=UTF-8 access-control-allow-origin * ibm_cloud_functions OpenWhisk access-control-allow-headers Authorization, Origin, X-Requested-With, Content-Type, Accept, User-Agent content-length 24 x-request-id 0a549ac9d5efe018485363e1e2f5f283

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend function| $ function| jQuery function| validateEcode function| meetU function| meetData function| meetP1 function| meetData1 function| meetP function| meetData2

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

us-south.functions.appdomain.cloud
vitolcloud.d2d9shlhsxvga2.amplifyapp.com
108.156.2.36
2606:4700:90:0:48e8:ba82:453:8195
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
a8e954fc9668172a94b5e7d74efca982d6abd6891d0457e3d859c99018087fff
cc5a708e0ef7286998f0e9678945c82434937909c576332cb451bb4a2294920f
dc3fc0dac057dffe3169af36d2d97eba495c3ff6c65a1f6889d8129cea74b082
ddb6b5706f83f5a11d4de018b5b1d40164ee2703f95e4ed6ba93a656f6b17edd
e2f8ccc8a603135d9669b71f5b695def341c88d73b622ab4827397c418805e7b
f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c