![](/screenshots/6a07df0d-a578-4a7c-9af4-43dec120b185.png)
www.onlineservicetech.website
Open in
urlscan Pro
52.50.106.164
Malicious Activity!
Public Scan
Submission: On June 04 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by Amazon on November 11th 2021. Valid for: a year.
This is the only time www.onlineservicetech.website was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 52.50.106.164 52.50.106.164 | 16509 (AMAZON-02) (AMAZON-02) | |
4 | 13.224.198.60 13.224.198.60 | 16509 (AMAZON-02) (AMAZON-02) | |
5 | 2 |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-106-164.eu-west-1.compute.amazonaws.com
www.onlineservicetech.website |
ASN16509 (AMAZON-02, US)
PTR: server-13-224-198-60.fra2.r.cloudfront.net
cloud.phishinsight.trendmicro.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
trendmicro.com
cloud.phishinsight.trendmicro.com |
284 KB |
1 |
onlineservicetech.website
www.onlineservicetech.website |
20 KB |
5 | 2 |
Domain | Requested by | |
---|---|---|
4 | cloud.phishinsight.trendmicro.com |
www.onlineservicetech.website
|
1 | www.onlineservicetech.website | |
5 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.onlineservicetec.com Amazon |
2021-11-11 - 2022-12-09 |
a year | crt.sh |
*.phishinsight.trendmicro.com Entrust Certification Authority - L1K |
2020-07-07 - 2022-07-06 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.onlineservicetech.website/landingpages/cf1a9771-107e-471b-986d-361ea44c2f10/j2OZB-zisaN3PhERRwl25_lyk9pZJofYB51ULbZIkGY
Frame ID: 093F5958C9240C83A7EFA4C713269E4D
Requests: 5 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
j2OZB-zisaN3PhERRwl25_lyk9pZJofYB51ULbZIkGY
www.onlineservicetech.website/landingpages/cf1a9771-107e-471b-986d-361ea44c2f10/ |
138 KB 20 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ellipsis_white.svg
cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/ |
915 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ellipsis_grey.svg
cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/ |
915 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owa_small.jpg
cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/ |
3 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owa.jpg
cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/ |
277 KB 278 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cloud.phishinsight.trendmicro.com
www.onlineservicetech.website
13.224.198.60
52.50.106.164
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb
5db31040d527bf7294b67b1c460b894881eb22feda5305c9841f6382d3d5abf9
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea