ams3.digitaloceanspaces.com
Open in
urlscan Pro
5.101.110.225
Malicious Activity!
Public Scan
Effective URL: https://ams3.digitaloceanspaces.com/61b0-4bb1-aa2e-4f4c7cfd61b0-4bb1-aa2e-4f4c7cfd61b0-4bb1-aa2e-4f/index-02.html
Submission: On September 01 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on November 23rd 2021. Valid for: a year.
This is the only time ams3.digitaloceanspaces.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 185.67.1.242 185.67.1.242 | 196645 (HOSTPRO-AS) (HOSTPRO-AS) | |
1 | 5.101.110.225 5.101.110.225 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
1 | 20.190.141.36 20.190.141.36 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 192.229.221.185 192.229.221.185 | 15133 (EDGECAST) (EDGECAST) | |
1 | 196.41.122.224 196.41.122.224 | 36874 (Cybersmart) (Cybersmart) | |
2 | 2a00:1450:400... 2a00:1450:4001:82b::200a | 15169 (GOOGLE) (GOOGLE) | |
3 | 2606:4700::68... 2606:4700::6812:acf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
8 | 152.199.23.37 152.199.23.37 | 15133 (EDGECAST) (EDGECAST) | |
19 | 10 |
ASN14061 (DIGITALOCEAN-ASN, US)
PTR: ams3.digitaloceanspaces.com
ams3.digitaloceanspaces.com |
ASN36874 (Cybersmart, ZA)
PTR: cpanel28.mywebserver.co.za
leepsolutions.co.za |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
msftauth.net
aadcdn.msftauth.net — Cisco Umbrella Rank: 1043 |
126 KB |
3 |
bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2264 |
53 KB |
2 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 279 |
118 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 212 |
28 KB |
1 |
leepsolutions.co.za
leepsolutions.co.za |
2 KB |
1 |
msauth.net
logincdn.msauth.net — Cisco Umbrella Rank: 1986 |
20 KB |
1 |
microsoftonline.com
login.microsoftonline.com — Cisco Umbrella Rank: 22 |
131 KB |
1 |
digitaloceanspaces.com
ams3.digitaloceanspaces.com — Cisco Umbrella Rank: 53689 |
764 KB |
1 |
zuzodeno.com
bisly.zuzodeno.com |
393 B |
19 | 9 |
Domain | Requested by | |
---|---|---|
8 | aadcdn.msftauth.net |
login.microsoftonline.com
|
3 | stackpath.bootstrapcdn.com |
ams3.digitaloceanspaces.com
|
2 | ajax.googleapis.com |
ams3.digitaloceanspaces.com
|
1 | cdnjs.cloudflare.com |
ams3.digitaloceanspaces.com
|
1 | leepsolutions.co.za |
ams3.digitaloceanspaces.com
|
1 | logincdn.msauth.net |
ams3.digitaloceanspaces.com
|
1 | login.microsoftonline.com |
ams3.digitaloceanspaces.com
|
1 | ams3.digitaloceanspaces.com |
bisly.zuzodeno.com
|
1 | bisly.zuzodeno.com | |
19 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.ams3.digitaloceanspaces.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-11-23 - 2022-12-08 |
a year | crt.sh |
stamp2.login.microsoftonline.com DigiCert SHA2 Secure Server CA |
2022-07-10 - 2023-07-10 |
a year | crt.sh |
identitycdn.msauth.net Microsoft Azure TLS Issuing CA 06 |
2022-08-23 - 2023-08-18 |
a year | crt.sh |
leepsolutions.co.za cPanel, Inc. Certification Authority |
2022-07-07 - 2022-10-05 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-08-08 - 2022-10-31 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-01-29 - 2023-01-29 |
a year | crt.sh |
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA |
2022-04-01 - 2023-04-01 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://ams3.digitaloceanspaces.com/61b0-4bb1-aa2e-4f4c7cfd61b0-4bb1-aa2e-4f4c7cfd61b0-4bb1-aa2e-4f/index-02.html
Frame ID: 846CA6B27975E738B9D64F7D9CB04792
Requests: 13 HTTP requests in this frame
Frame:
https://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392
Frame ID: C797AD01348699132CE3E988E137337A
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
Sign in to your accountPage URL History Show full URLs
- http://bisly.zuzodeno.com/ Page URL
- https://ams3.digitaloceanspaces.com/61b0-4bb1-aa2e-4f4c7cfd61b0-4bb1-aa2e-4f4c7cfd61b0-4bb1-aa2e-4f/index-02.html Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
Bootstrap (Web Frameworks) Expand
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://bisly.zuzodeno.com/ Page URL
- https://ams3.digitaloceanspaces.com/61b0-4bb1-aa2e-4f4c7cfd61b0-4bb1-aa2e-4f4c7cfd61b0-4bb1-aa2e-4f/index-02.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
bisly.zuzodeno.com/ |
249 B 393 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
index-02.html
ams3.digitaloceanspaces.com/61b0-4bb1-aa2e-4f4c7cfd61b0-4bb1-aa2e-4f4c7cfd61b0-4bb1-aa2e-4f/ |
763 KB 764 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logout.srf
login.microsoftonline.com/ Frame C797 |
465 KB 131 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Converged_v22057_egJPTAx_byK-yF_CMCKFeg2.css
logincdn.msauth.net/16.000/ |
106 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wp-muter.css
leepsolutions.co.za/wp-includes/css/ |
1 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ |
95 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/ |
57 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.bundle.min.js
stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/ |
77 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/ |
85 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 84 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ |
50 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
746 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
179 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame C797 |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg
aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/ Frame C797 |
0 1 KB |
Other
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2_7916a894ebde7d29c2cc29b267f1299f.jpg
aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/ Frame C797 |
0 17 KB |
Other
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo.png
aadcdn.msftauth.net/ests/2.1/content/images/ Frame C797 |
0 1 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
work_account_1963c6b1926b773986f53f844ce4c32e.png
aadcdn.msftauth.net/shared/1.0/content/images/ Frame C797 |
0 2 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
personal_account_0f72b5950600f24e7f9a604b186f3945.png
aadcdn.msftauth.net/shared/1.0/content/images/ Frame C797 |
0 1 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_il46_7m1dp2y07llib10fw2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ Frame C797 |
0 20 KB |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ Frame C797 |
0 40 KB |
Other
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aad.login.min_kx1da7l2dz6nhe9kugk19a2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ Frame C797 |
0 44 KB |
Other
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)24 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery object| bootstrap object| jQuery112402952483297085535 string| LinkPHP number| count undefined| email undefined| base64regex undefined| bagi undefined| domain undefined| dua undefined| Kirim function| redirectCU function| redirectKK13 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.login.microsoftonline.com/ | Name: SignInStateCookie Value: CAgABAAIAAAD--DLA3VO7QrddgJg7WevrAgDs_wQA9P-wtkrRoozAjVTCi5k-nlm1r-xqihX5VMWBUtCFqBXVJkSP1sRpDBuzxZuM__OcykZUVwsKa8ua3Q |
|
login.microsoftonline.com/ | Name: ESTSSSOTILES Value: 1 |
|
login.microsoftonline.com/ | Name: AADSSOTILES Value: 1 |
|
.login.microsoftonline.com/ | Name: ESTSAUTHPERSISTENT Value: AgABAAQAAAD--DLA3VO7QrddgJg7WevrAgDs_wQA9P80NJInzFcJvvhBP3bYb6MX3b32KvxGhC2FEZh9fsM4X65qG7R86I28QYbVRuU9XVJgUJTp0qTf_w |
|
.login.microsoftonline.com/ | Name: ESTSAUTH Value: AgABAAQAAAD--DLA3VO7QrddgJg7WevrAgDs_wQA9P8shqrgdkdtqR_Rk81oNKtxlV9ulCP9QracFBhdJJYrFQlWEteo61AiWIZCtC_wHcMsqID-6nzjBg |
|
login.microsoftonline.com/ | Name: ESTSAUTHLIGHT Value: + |
|
.login.microsoftonline.com/ | Name: ch Value: FbIfxAKff4l8vbfKnxVkCBx81krhwR14odj2DY1S0qk |
|
login.microsoftonline.com/ | Name: ESTSSC Value: 00 |
|
login.microsoftonline.com/ | Name: buid Value: AQABAAEAAAD--DLA3VO7QrddgJg7WevrgGNIwLZpUYfS1sZYcsWjhQ9rkYxLJOIcmRir_ciyLCE0wLbtwqOoxNbsiNDc-d_DSchwZQXlgwMBn-feX7Qd1nzeOuOs0hC0YP_HVRp-MJsgAA |
|
login.microsoftonline.com/ | Name: fpc Value: AtD84j2oVuxAjCtJq_ZdEQE |
|
.login.microsoftonline.com/ | Name: esctx Value: AQABAAAAAAD--DLA3VO7QrddgJg7WevrAAiheyFrZrugRangBqRStlaJkD2Ewn_bv-FsIg5na2OzdSyvJL6i85H76nXAwHKwjgJbRwYj2tRtMRXAS4u0b0FYVO8-6El0RjbM8Y51s-At_PeI2zptuVyS92n2GiWOcQp_X9IeMgC6BtrRBw2Hj8ss_a5JsA9_v3SgFkqM3RAgAA |
|
login.microsoftonline.com/ | Name: x-ms-gateway-slice Value: estsfd |
|
login.microsoftonline.com/ | Name: stsservicecookie Value: estsfd |
6 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msftauth.net
ajax.googleapis.com
ams3.digitaloceanspaces.com
bisly.zuzodeno.com
cdnjs.cloudflare.com
leepsolutions.co.za
login.microsoftonline.com
logincdn.msauth.net
stackpath.bootstrapcdn.com
152.199.23.37
185.67.1.242
192.229.221.185
196.41.122.224
20.190.141.36
2606:4700::6811:190e
2606:4700::6812:acf
2a00:1450:4001:82b::200a
5.101.110.225
01c5170f0704fabc9588118ccbee06864e2446e515e2ddc03d5bfc8f93102d80
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0603673e88c54ce422463cedaf6ac9fea8bb09b8f1e40a690eacb7f92e0849e8
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
51ff4b59468b1c6fcf0f2c69389bdaa7e590e51d1bef77de40cc8a851667a688
53ee51b8848db6fd797f13e7004102ff7e85dccd44ba152e72e5d1907d16b261
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
5a0585cf97751506584bac5a945b8ea2730517e9d97f2018a0e0fcd21c044ac5
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
7662584b0714d2ca2f850163dadf562874fdd4c3c31aa7b49c59bde7e395d672
7f3145c87d3570154f633975e8a4f8d30aa38603edaba145501e9c90ddbe186c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f404ac28c640fb0c83a92275ac19b843ae2be052b0fe5f7ea809c71c2e520646
f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c