www.onlineservicetech.website

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 5 HTTP transactions. The main IP is 52.50.106.164, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is www.onlineservicetech.website.
TLS certificate: Issued by Amazon on November 11th 2021. Valid for: a year.

This is the only time www.onlineservicetech.website was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1	52.50.106.164 52.50.106.164	16509 (AMAZON-02) (AMAZON-02)
4	13.224.198.60 13.224.198.60	16509 (AMAZON-02) (AMAZON-02)
5	2

1 52.50.106.164 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-106-164.eu-west-1.compute.amazonaws.com

www.onlineservicetech.website	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.224.198.60 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-198-60.fra2.r.cloudfront.net

cloud.phishinsight.trendmicro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	trendmicro.com cloud.phishinsight.trendmicro.com	284 KB
1	onlineservicetech.website www.onlineservicetech.website	20 KB
5	2

	Domain	Requested by
4	cloud.phishinsight.trendmicro.com	www.onlineservicetech.website
1	www.onlineservicetech.website
5	2

This site contains no links.

Subject Issuer	Validity	Valid
*.onlineservicetec.com Amazon	`2021-11-11` - `2022-12-09`	a year	crt.sh
*.phishinsight.trendmicro.com Entrust Certification Authority - L1K	`2020-07-07` - `2022-07-06`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://www.onlineservicetech.website/landingpages/cf1a9771-107e-471b-986d-361ea44c2f10/j2OZB-zisaN3PhERRwl25_lyk9pZJofYB51ULbZIkGY
Frame ID: 093F5958C9240C83A7EFA4C713269E4D
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to your Microsoft accountSign in to your Microsoft accountSign in to your Microsoft accountSign in to your Microsoft accountSign in to your Microsoft account

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

304 kB
Transfer

419 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request j2OZB-zisaN3PhERRwl25_lyk9pZJofYB51ULbZIkGY Show response www.onlineservicetech.website/landingpages/cf1a9771-107e-471b-986d-361ea44c2f10/	138 KB 20 KB	805ms 317ms	Document text/html	52.50.106.164 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.onlineservicetech.website/landingpages/cf1a9771-107e-471b-986d-361ea44c2f10/j2OZB-zisaN3PhERRwl25_lyk9pZJofYB51ULbZIkGY Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.50.106.164 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-50-106-164.eu-west-1.compute.amazonaws.com Software / Resource Hash `5db31040d527bf7294b67b1c460b894881eb22feda5305c9841f6382d3d5abf9` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding br content-length 20434 content-type text/html; charset=utf-8 date Sat, 04 Jun 2022 13:04:56 GMT vary Accept-Encoding x-amz-apigw-id TMrC2GQ-DoEFfzA= x-amzn-remapped-content-length 20434 x-amzn-requestid 74832481-70f2-47e3-a22f-0044c86880ea x-amzn-trace-id Root=1-629b5878-458c385e64d69e386d30b03d
GET H2	200	ellipsis_white.svg cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/	915 B 1 KB	149ms 42ms	Image image/svg+xml	13.224.198.60 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/ellipsis_white.svg Requested by Host: www.onlineservicetech.website URL: https://www.onlineservicetech.website/landingpages/cf1a9771-107e-471b-986d-361ea44c2f10/j2OZB-zisaN3PhERRwl25_lyk9pZJofYB51ULbZIkGY Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.198.60 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-198-60.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash `6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea` Request headers accept-language de-DE,de;q=0.9 Referer https://www.onlineservicetech.website/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers x-amz-server-side-encryption AES256 x-amz-version-id ezTJbrbEyxxFsnY8LNBgrZ.1Rc.kNqcr via 1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront) last-modified Mon, 18 Apr 2022 01:37:26 GMT server AmazonS3 age 15811 etag "5ac590ee72bfe06a7cecfd75b588ad73" x-cache Hit from cloudfront content-type image/svg+xml date Sat, 04 Jun 2022 08:41:26 GMT x-amz-replication-status COMPLETED x-amz-cf-pop FRA2-C1 accept-ranges bytes content-length 915 x-amz-cf-id sNWxGLr8yFkzfj9r7ptjj4Nqz0Dg9n313N25Msn6wGhzQTjaEVKRig==
GET H2	200	ellipsis_grey.svg cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/	915 B 1 KB	271ms 164ms	Image image/svg+xml	13.224.198.60 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/ellipsis_grey.svg Requested by Host: www.onlineservicetech.website URL: https://www.onlineservicetech.website/landingpages/cf1a9771-107e-471b-986d-361ea44c2f10/j2OZB-zisaN3PhERRwl25_lyk9pZJofYB51ULbZIkGY Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.198.60 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-198-60.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash `16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6` Request headers accept-language de-DE,de;q=0.9 Referer https://www.onlineservicetech.website/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers x-amz-server-side-encryption AES256 date Sat, 04 Jun 2022 12:01:14 GMT via 1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront) last-modified Mon, 18 Apr 2022 01:37:25 GMT server AmazonS3 age 3823 etag "2b5d393db04a5e6e1f739cb266e65b4c" x-cache Hit from cloudfront x-amz-version-id TbnB3CERCKdahpyg1vptmb38C6NoKzYg x-amz-replication-status COMPLETED x-amz-cf-pop FRA2-C1 accept-ranges bytes content-type image/svg+xml content-length 915 x-amz-cf-id Dl60gzNDau_6Q5eczDv9LrybHQ9DdiRPgB2C5hGFil8u_K0neGVjkw==
GET H2	200	owa_small.jpg cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/	3 KB 3 KB	245ms 165ms	Image image/jpeg	13.224.198.60 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/owa_small.jpg Requested by Host: www.onlineservicetech.website URL: https://www.onlineservicetech.website/landingpages/cf1a9771-107e-471b-986d-361ea44c2f10/j2OZB-zisaN3PhERRwl25_lyk9pZJofYB51ULbZIkGY Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.198.60 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-198-60.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash `f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea` Request headers accept-language de-DE,de;q=0.9 Referer https://www.onlineservicetech.website/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers x-amz-server-side-encryption AES256 date Sat, 04 Jun 2022 08:41:26 GMT via 1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront) last-modified Mon, 18 Apr 2022 01:38:01 GMT server AmazonS3 age 15811 etag "138bcee624fa04ef9b75e86211a9fe0d" x-cache Hit from cloudfront x-amz-version-id Nak_JLT1n4hTdU337n5t9CgFAdf1wWOe x-amz-replication-status COMPLETED x-amz-cf-pop FRA2-C1 accept-ranges bytes content-type image/jpeg content-length 3006 x-amz-cf-id Av9zDk39SKQeOierTWN9JWnZcRm6Ws21PMQ627Hfsd_W4XsbWaRNEw==
GET H2	200	owa.jpg cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/	277 KB 278 KB	124ms 44ms	Image image/jpeg	13.224.198.60 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/owa.jpg Requested by Host: www.onlineservicetech.website URL: https://www.onlineservicetech.website/landingpages/cf1a9771-107e-471b-986d-361ea44c2f10/j2OZB-zisaN3PhERRwl25_lyk9pZJofYB51ULbZIkGY Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.198.60 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-198-60.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash `211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb` Request headers accept-language de-DE,de;q=0.9 Referer https://www.onlineservicetech.website/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers x-amz-server-side-encryption AES256 date Sat, 04 Jun 2022 12:01:14 GMT via 1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront) last-modified Mon, 18 Apr 2022 01:38:00 GMT server AmazonS3 age 3823 etag "a5dbd4393ff6a725c7e62b61df7e72f0" x-cache Hit from cloudfront x-amz-version-id w.pZsPYj30glwzmhxNfjVmHDDCR1Gnuc x-amz-replication-status COMPLETED x-amz-cf-pop FRA2-C1 accept-ranges bytes content-type image/jpeg content-length 283351 x-amz-cf-id b2CXB0QJIYBEnpnXw4Nln8km49QQGBPboNjI0uTcUDFtPD5k4QnctA==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cloud.phishinsight.trendmicro.com
www.onlineservicetech.website
13.224.198.60
52.50.106.164
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb
5db31040d527bf7294b67b1c460b894881eb22feda5305c9841f6382d3d5abf9
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea

www.onlineservicetech.website Open in urlscan Pro 52.50.106.164 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

5 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

304 kBTransfer

419 kBSize

0 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

Indicators

www.onlineservicetech.website Open in urlscan Pro
52.50.106.164 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

304 kB
Transfer

419 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!