www.eservicebits.com

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 6 HTTP transactions. The main IP is 18.165.183.99, located in United States and belongs to AMAZON-02, US. The main domain is www.eservicebits.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on November 7th 2023. Valid for: a year.

This is the only time www.eservicebits.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1	18.165.183.99 18.165.183.99	16509 (AMAZON-02) (AMAZON-02)
5	108.138.233.70 108.138.233.70	16509 (AMAZON-02) (AMAZON-02)
6	2

1 18.165.183.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-165-183-99.zrh55.r.cloudfront.net

www.eservicebits.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 108.138.233.70 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-233-70.lhr61.r.cloudfront.net

cloud.phishinsight.trendmicro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	trendmicro.com cloud.phishinsight.trendmicro.com	286 KB
1	eservicebits.com www.eservicebits.com	21 KB
6	2

	Domain	Requested by
5	cloud.phishinsight.trendmicro.com	www.eservicebits.com
1	www.eservicebits.com
6	2

This site contains no links.

Subject Issuer	Validity	Valid
eservicebits.com Amazon RSA 2048 M02	`2023-11-07` - `2024-12-05`	a year	crt.sh
*.phishinsight.trendmicro.com Entrust Certification Authority - L1K	`2023-07-18` - `2024-08-17`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.eservicebits.com/landingpages/a8a856c0-30ca-4290-b1f4-7daef51e6b0b/ycvr2c1rhakzfxhmcd5asrybmeqv6vnrofr7yzbnz1c
Frame ID: 06C90A059C1EA0E690BE7D2FCF1B94BE
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to your Microsoft accountSign in to your Microsoft accountSign in to your Microsoft accountSign in to your Microsoft account

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

307 kB
Transfer

422 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request ycvr2c1rhakzfxhmcd5asrybmeqv6vnrofr7yzbnz1c Show response www.eservicebits.com/landingpages/a8a856c0-30ca-4290-b1f4-7daef51e6b0b/	138 KB 21 KB	399ms 319ms	Document text/html	18.165.183.99 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.eservicebits.com/landingpages/a8a856c0-30ca-4290-b1f4-7daef51e6b0b/ycvr2c1rhakzfxhmcd5asrybmeqv6vnrofr7yzbnz1c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.165.183.99 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-165-183-99.zrh55.r.cloudfront.net Software / Resource Hash `860ce178952977b96537ba4dc1884312f19976a6377c9991dd0b700394ea8a55` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding br content-length 20595 content-type text/html; charset=utf-8 date Mon, 04 Dec 2023 15:48:32 GMT vary Accept-Encoding via 1.1 9defe0d67603d45217a1199d0f877384.cloudfront.net (CloudFront) x-amz-apigw-id PbMwmETMDoEEvqQ= x-amz-cf-id b1k69XB2dwVeYdgtEqBfCS_l0VhXVE8Ij2KFfPZZ6M3n5uCx2tDbfA== x-amz-cf-pop ZRH55-P1 x-amzn-remapped-content-length 20595 x-amzn-requestid 6c46b426-b1d0-402b-aec8-49fd6f502727 x-amzn-trace-id Root=1-656df4d0-1406f8d1019b5df92aa415eb x-cache Miss from cloudfront
GET H2	200	0e9e947e-cba3-4821-bb4c-32313a3f9491.png cloud.phishinsight.trendmicro.com/content/lps/assets/user/0fe34707-f081-4a58-9f0c-a496ee352a5d/	2 KB 3 KB	160ms 90ms	Image binary/octet-stream	108.138.233.70 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://cloud.phishinsight.trendmicro.com/content/lps/assets/user/0fe34707-f081-4a58-9f0c-a496ee352a5d/0e9e947e-cba3-4821-bb4c-32313a3f9491.png Requested by Host: www.eservicebits.com URL: https://www.eservicebits.com/landingpages/a8a856c0-30ca-4290-b1f4-7daef51e6b0b/ycvr2c1rhakzfxhmcd5asrybmeqv6vnrofr7yzbnz1c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.138.233.70 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-233-70.lhr61.r.cloudfront.net Software AmazonS3 / Resource Hash `73bb135357e2f4183a5b6fffb95326e84217cb1010cf38e2e448a1b83f6e77c2` Request headers accept-language de-DE,de;q=0.9 Referer https://www.eservicebits.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers date Sun, 03 Dec 2023 19:58:52 GMT x-amz-version-id 3W6vUmJhqjYw7h0ECpG0.yTcrzs7N.wn via 1.1 d9e5cc95074e395faa3bc6e87a0bff64.cloudfront.net (CloudFront) last-modified Wed, 29 Dec 2021 13:27:58 GMT server AmazonS3 x-amz-cf-pop LHR61-P4 age 71381 etag "acc392cba07164d925d33d8e53c7b438" x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-type binary/octet-stream x-amz-replication-status COMPLETED accept-ranges bytes content-length 2516 x-amz-cf-id RWO0XBb7AfFBwAprLv0_lVCRLjmaJtNh5cUAVKiljCBfbWAMO0dw7Q==
GET H2	200	ellipsis_white.svg cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/	915 B 1 KB	161ms 91ms	Image image/svg+xml	108.138.233.70 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/ellipsis_white.svg Requested by Host: www.eservicebits.com URL: https://www.eservicebits.com/landingpages/a8a856c0-30ca-4290-b1f4-7daef51e6b0b/ycvr2c1rhakzfxhmcd5asrybmeqv6vnrofr7yzbnz1c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.138.233.70 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-233-70.lhr61.r.cloudfront.net Software AmazonS3 / Resource Hash `6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea` Request headers accept-language de-DE,de;q=0.9 Referer https://www.eservicebits.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers x-amz-version-id dUt9P30axFdtNrq4Cu4WPOEvNnI6wHHQ date Mon, 04 Dec 2023 12:03:02 GMT via 1.1 d9e5cc95074e395faa3bc6e87a0bff64.cloudfront.net (CloudFront) last-modified Wed, 29 Mar 2023 03:33:07 GMT server AmazonS3 x-amz-cf-pop LHR61-P4 age 13531 x-amz-server-side-encryption AES256 etag "5ac590ee72bfe06a7cecfd75b588ad73" x-cache Hit from cloudfront content-type image/svg+xml x-amz-replication-status COMPLETED accept-ranges bytes content-length 915 x-amz-cf-id V9NK0HjT56yirmdXO9xTjnSQeqmWjVAAf6L9lCeL6Y4ouq9KNBgtBg==
GET H2	200	ellipsis_grey.svg cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/	915 B 1 KB	159ms 89ms	Image image/svg+xml	108.138.233.70 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/ellipsis_grey.svg Requested by Host: www.eservicebits.com URL: https://www.eservicebits.com/landingpages/a8a856c0-30ca-4290-b1f4-7daef51e6b0b/ycvr2c1rhakzfxhmcd5asrybmeqv6vnrofr7yzbnz1c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.138.233.70 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-233-70.lhr61.r.cloudfront.net Software AmazonS3 / Resource Hash `16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6` Request headers accept-language de-DE,de;q=0.9 Referer https://www.eservicebits.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers x-amz-version-id o.HbAr0JQpOCthSbWvL.zKTok_bkIs6W date Sun, 03 Dec 2023 21:17:11 GMT via 1.1 d9e5cc95074e395faa3bc6e87a0bff64.cloudfront.net (CloudFront) last-modified Wed, 29 Mar 2023 03:33:06 GMT server AmazonS3 x-amz-cf-pop LHR61-P4 age 66693 x-amz-server-side-encryption AES256 etag "2b5d393db04a5e6e1f739cb266e65b4c" x-cache Hit from cloudfront content-type image/svg+xml x-amz-replication-status COMPLETED accept-ranges bytes content-length 915 x-amz-cf-id qNaq5AuTQUi0eFjOMqrAlwmTAtsvyEjL0Qp0RHC42ffVVoxXP8dN_A==
GET H2	200	owa_small.jpg cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/	3 KB 3 KB	92ms 24ms	Image image/jpeg	108.138.233.70 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/owa_small.jpg Requested by Host: www.eservicebits.com URL: https://www.eservicebits.com/landingpages/a8a856c0-30ca-4290-b1f4-7daef51e6b0b/ycvr2c1rhakzfxhmcd5asrybmeqv6vnrofr7yzbnz1c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.138.233.70 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-233-70.lhr61.r.cloudfront.net Software AmazonS3 / Resource Hash `f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea` Request headers accept-language de-DE,de;q=0.9 Referer https://www.eservicebits.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers x-amz-version-id Zq5xzk2hV5K5yzYc9yC545xXUpebH8e8 date Mon, 04 Dec 2023 12:03:02 GMT via 1.1 d9e5cc95074e395faa3bc6e87a0bff64.cloudfront.net (CloudFront) last-modified Wed, 29 Mar 2023 03:33:26 GMT server AmazonS3 x-amz-cf-pop LHR61-P4 age 13531 x-amz-server-side-encryption AES256 etag "138bcee624fa04ef9b75e86211a9fe0d" x-cache Hit from cloudfront content-type image/jpeg x-amz-replication-status COMPLETED accept-ranges bytes content-length 3006 x-amz-cf-id TeQ2t1A-om4pI4W_2u9uayZ4EqNT1jv68MPBwwo1jck9nWO7PiQXQQ==
GET H2	200	owa.jpg cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/	277 KB 277 KB	91ms 23ms	Image image/jpeg	108.138.233.70 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/owa.jpg Requested by Host: www.eservicebits.com URL: https://www.eservicebits.com/landingpages/a8a856c0-30ca-4290-b1f4-7daef51e6b0b/ycvr2c1rhakzfxhmcd5asrybmeqv6vnrofr7yzbnz1c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.138.233.70 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-233-70.lhr61.r.cloudfront.net Software AmazonS3 / Resource Hash `211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb` Request headers accept-language de-DE,de;q=0.9 Referer https://www.eservicebits.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers x-amz-version-id VpgbkiTgqex6.caIcfRjZ0874k7J4CJ5 date Mon, 04 Dec 2023 13:23:28 GMT via 1.1 d9e5cc95074e395faa3bc6e87a0bff64.cloudfront.net (CloudFront) last-modified Wed, 29 Mar 2023 03:33:26 GMT server AmazonS3 x-amz-cf-pop LHR61-P4 age 8704 x-amz-server-side-encryption AES256 etag "a5dbd4393ff6a725c7e62b61df7e72f0" x-cache Hit from cloudfront content-type image/jpeg x-amz-replication-status COMPLETED accept-ranges bytes content-length 283351 x-amz-cf-id GZNH99GU--S4oTcp2pm_6Hr-WiKKdLfijSOp9jr8n-NjmW5UncytHQ==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.eservicebits.com/landingpages/a8a856c0-30ca-4290-b1f4-7daef51e6b0b/ycvr2c1rhakzfxhmcd5asrybmeqv6vnrofr7yzbnz1c(Line 5) Message: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-BgPeq7vel58bLtyzXCck+TfouV1cx+BTgY8vFx3f+SQ='), or a nonce ('nonce-...') is required to enable inline execution.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cloud.phishinsight.trendmicro.com
www.eservicebits.com
108.138.233.70
18.165.183.99
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
73bb135357e2f4183a5b6fffb95326e84217cb1010cf38e2e448a1b83f6e77c2
860ce178952977b96537ba4dc1884312f19976a6377c9991dd0b700394ea8a55
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea

www.eservicebits.com Open in urlscan Pro 18.165.183.99 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

6 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

307 kBTransfer

422 kBSize

0 Cookies

0 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

www.eservicebits.com Open in urlscan Pro
18.165.183.99 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

307 kB
Transfer

422 kB
Size

0
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!