![](/screenshots/ea685697-e84f-4a33-bdf3-d2491c66f38c.png)
octopus-app-2-xq5wx.ondigitalocean.app
Open in
urlscan Pro
2606:4700:7::60
Malicious Activity!
Public Scan
Submission: On July 23 via manual from CA — Scanned from CA
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on September 17th 2023. Valid for: a year.
This is the only time octopus-app-2-xq5wx.ondigitalocean.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 2606:4700:7::60 2606:4700:7::60 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2606:4700:303... 2606:4700:3030::ac43:a125 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 3.162.103.48 3.162.103.48 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
11 | 5 |
ASN13335 (CLOUDFLARENET, US)
octopus-app-2-xq5wx.ondigitalocean.app |
ASN16509 (AMAZON-02, US)
PTR: server-3-162-103-48.iad61.r.cloudfront.net
openfpcdn.io |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
frehs-hells.ru
d8de524e5.frehs-hells.ru |
121 KB |
2 |
ondigitalocean.app
octopus-app-2-xq5wx.ondigitalocean.app |
1 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 336 |
6 KB |
1 |
openfpcdn.io
openfpcdn.io — Cisco Umbrella Rank: 22211 |
5 KB |
0 |
msauth.net
Failed
aadcdn.msauth.net Failed |
|
0 |
jquery.com
Failed
code.jquery.com Failed |
|
11 | 6 |
Domain | Requested by | |
---|---|---|
3 | d8de524e5.frehs-hells.ru |
octopus-app-2-xq5wx.ondigitalocean.app
d8de524e5.frehs-hells.ru |
2 | octopus-app-2-xq5wx.ondigitalocean.app | |
1 | cdnjs.cloudflare.com |
d8de524e5.frehs-hells.ru
|
1 | openfpcdn.io |
d8de524e5.frehs-hells.ru
|
0 | aadcdn.msauth.net Failed |
d8de524e5.frehs-hells.ru
|
0 | code.jquery.com Failed |
d8de524e5.frehs-hells.ru
|
11 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
go.microsoft.com |
www.microsoft.com |
privacy.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ondigitalocean.app Cloudflare Inc ECC CA-3 |
2023-09-17 - 2024-09-16 |
a year | crt.sh |
frehs-hells.ru WE1 |
2024-07-16 - 2024-10-14 |
3 months | crt.sh |
openfpcdn.io Amazon RSA 2048 M02 |
2023-12-27 - 2025-01-25 |
a year | crt.sh |
cdnjs.cloudflare.com E1 |
2024-06-02 - 2024-08-31 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://octopus-app-2-xq5wx.ondigitalocean.app/
Frame ID: DE04C058604E5898831AF9A9BDD2D41C
Requests: 15 HTTP requests in this frame
Screenshot
![](/screenshots/ea685697-e84f-4a33-bdf3-d2491c66f38c.png)
Page Title
Sign in to Best Productivity ProviderDetected technologies
![](/vendor/wappa/icons/Font Awesome.png)
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: References
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: This article related to members of the insect order is a . You can help Wikipedia by .
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
octopus-app-2-xq5wx.ondigitalocean.app/ |
197 B 657 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b4538440
d8de524e5.frehs-hells.ru/s/ |
21 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
octopus-app-2-xq5wx.ondigitalocean.app/ |
1019 B 770 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v1
openfpcdn.io/botd/ |
15 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
78
d8de524e5.frehs-hells.ru/s/ |
39 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
78
d8de524e5.frehs-hells.ru/r/ |
369 KB 97 KB |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
font-awesome.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ |
37 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jquery-3.1.1.min.js
code.jquery.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
picker_verify_call_fe87496cc7a44412f7893a72099c120a.svg
aadcdn.msauth.net/shared/1.0/content/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg
aadcdn.msauth.net/shared/1.0/content/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
picker_verify_fluent_authenticator_b59c16ca9bf156438a8a96d45e33db64.svg
aadcdn.msauth.net/shared/1.0/content/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
513 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
250 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- code.jquery.com
- URL
- https://code.jquery.com/jquery-3.1.1.min.js
- Domain
- aadcdn.msauth.net
- URL
- https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_call_fe87496cc7a44412f7893a72099c120a.svg
- Domain
- aadcdn.msauth.net
- URL
- https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg
- Domain
- aadcdn.msauth.net
- URL
- https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_b59c16ca9bf156438a8a96d45e33db64.svg
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msauth.net
cdnjs.cloudflare.com
code.jquery.com
d8de524e5.frehs-hells.ru
octopus-app-2-xq5wx.ondigitalocean.app
openfpcdn.io
aadcdn.msauth.net
code.jquery.com
2606:4700:3030::ac43:a125
2606:4700:7::60
2606:4700::6811:180e
3.162.103.48
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
293ffeb72cdc29c4a5fcd397f211612818fa46c0b49b4877daaf4f8f7023594c
29cb26e06f2a4a877f1134a46480d9b78f8b6e0e6f9b0fe67e34307c312b5a89
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
3cd764c5df8cf8742cd83cc54eae3e3c7ca2edc1ce8f7b1f8b0e2fd59e955e71
8ed8f3acb9b87f99e42c74463d4e2be96ee85b8a87cd6eb874295ace420a5904
a431bfe718a97b253cfd24ad5966c1a4413bae756affc0a80db8c4cf7f3935db
b1b543ffc1fcd7197fa77f360363f441032da7620ed36c79e8a50482e22d97d6
cbb3706e65b35a43bdcfebd23b5479dc0542ca7e23197869b683d12b524472fe
ebb791d699b77ee1137f7e66d436db917084785237adcf4d02408f329615092e