urlscan.io logo urlscan.io
SecurityTrails logo

octopus-app-2-xq5wx.ondigitalocean.app Open in urlscan Pro
2606:4700:7::60  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://octopus-app-2-xq5wx.ondigitalocean.app/
Submission: On July 23 via manual from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 1 countries across 6 domains to perform 11 HTTP transactions. The main IP is 2606:4700:7::60, located in United States and belongs to CLOUDFLARENET, US. The main domain is octopus-app-2-xq5wx.ondigitalocean.app.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on September 17th 2023. Valid for: a year.
This is the only time octopus-app-2-xq5wx.ondigitalocean.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
2 2606:4700:7::60 13335 (CLOUDFLAR...)
3 2606:4700:303... 13335 (CLOUDFLAR...)
1 3.162.103.48 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
11 5
Apex Domain
Subdomains		 Transfer
3 frehs-hells.ru
d8de524e5.frehs-hells.ru
121 KB
2 ondigitalocean.app
octopus-app-2-xq5wx.ondigitalocean.app
1 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 336
6 KB
1 openfpcdn.io
openfpcdn.io — Cisco Umbrella Rank: 22211
5 KB
0 msauth.net Failed
aadcdn.msauth.net Failed
0 jquery.com Failed
code.jquery.com Failed
11 6
Domain Requested by
3 d8de524e5.frehs-hells.ru octopus-app-2-xq5wx.ondigitalocean.app
d8de524e5.frehs-hells.ru
2 octopus-app-2-xq5wx.ondigitalocean.app
1 cdnjs.cloudflare.com d8de524e5.frehs-hells.ru
1 openfpcdn.io d8de524e5.frehs-hells.ru
0 aadcdn.msauth.net Failed d8de524e5.frehs-hells.ru
0 code.jquery.com Failed d8de524e5.frehs-hells.ru
11 6

This site contains links to these domains. Also see Links.

Domain
go.microsoft.com
www.microsoft.com
privacy.microsoft.com
Subject Issuer Validity Valid
ondigitalocean.app
Cloudflare Inc ECC CA-3		 2023-09-17 -
2024-09-16		 a year crt.sh
frehs-hells.ru
WE1		 2024-07-16 -
2024-10-14		 3 months crt.sh
openfpcdn.io
Amazon RSA 2048 M02		 2023-12-27 -
2025-01-25		 a year crt.sh
cdnjs.cloudflare.com
E1		 2024-06-02 -
2024-08-31		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://octopus-app-2-xq5wx.ondigitalocean.app/
Frame ID: DE04C058604E5898831AF9A9BDD2D41C
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in to Best Productivity Provider

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

11
Requests

64 %
HTTPS

75 %
IPv6

6
Domains

6
Subdomains

5
IPs

1
Countries

134 kB
Transfer

487 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
octopus-app-2-xq5wx.ondigitalocean.app/ 		197 B
657 B 		Document
General
Check archive.org
Download Go to
Full URL
https://octopus-app-2-xq5wx.ondigitalocean.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a431bfe718a97b253cfd24ad5966c1a4413bae756affc0a80db8c4cf7f3935db

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

age
25484
cache-control
public,max-age=10,s-maxage=86400
cf-cache-status
HIT
cf-ray
8a7e4a36a915ac18-YYZ
content-encoding
br
content-type
text/html; charset=utf-8
date
Tue, 23 Jul 2024 20:06:14 GMT
last-modified
Tue, 23 Jul 2024 09:14:54 GMT
server
cloudflare
vary
Accept-Encoding
x-amz-request-id
tx00000324a62e91a1e893b-00669fa9aa-1275e3cf-nyc3d
x-do-app-origin
f7c37409-8c37-4aa8-9ce4-3f657db3303b
x-do-orig-status
200
x-envoy-upstream-healthchecked-cluster
x-rgw-object-type
Normal
b4538440
d8de524e5.frehs-hells.ru/s/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d8de524e5.frehs-hells.ru/s/b4538440
Requested by
Host: octopus-app-2-xq5wx.ondigitalocean.app
URL: https://octopus-app-2-xq5wx.ondigitalocean.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:a125 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
293ffeb72cdc29c4a5fcd397f211612818fa46c0b49b4877daaf4f8f7023594c

Request headers

Referer
https://octopus-app-2-xq5wx.ondigitalocean.app/
Origin
https://octopus-app-2-xq5wx.ondigitalocean.app
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 20:06:16 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uTrQRtI5VYxydUS0hYM3NAeDe3BPBWwQCpD%2BiHp9KK1eiGwItV98OIHmOrP5eFWAErf%2BehmsbaKvb8%2ByUUiyR%2B6vxP%2BKLkWMxK0kZhC6sK%2FEuVexL9H9wBk2JbDqzInRx%2BXgN%2Fg1aIM4EWKcN3dH%2BH3To0mp0%2F8%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET, PUT, POST, DELETE, OPTIONS
access-control-allow-origin
*
content-type
application/javascript
access-control-allow-credentials
true
cf-ray
8a7e4a3dba337118-YYZ
alt-svc
h3=":443"; ma=86400
favicon.ico
octopus-app-2-xq5wx.ondigitalocean.app/ 		1019 B
770 B 		Other
General
Check archive.org
Download Go to
Full URL
https://octopus-app-2-xq5wx.ondigitalocean.app/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ebb791d699b77ee1137f7e66d436db917084785237adcf4d02408f329615092e

Request headers

Referer
https://octopus-app-2-xq5wx.ondigitalocean.app/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 20:06:15 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 23 Jul 2024 09:14:54 GMT
server
cloudflare
x-do-app-origin
f7c37409-8c37-4aa8-9ce4-3f657db3303b
x-amz-request-id
tx00000e5cb18f6da7f1898-00669fbd8e-1279b84a-nyc3d
x-do-orig-status
404
x-envoy-upstream-healthchecked-cluster
age
20393
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
content-type
text/html; charset=utf-8
x-rgw-object-type
Normal
cache-control
public,max-age=10,s-maxage=86400
cf-ray
8a7e4a381b05ac18-YYZ
v1
openfpcdn.io/botd/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://openfpcdn.io/botd/v1
Requested by
Host: d8de524e5.frehs-hells.ru
URL: https://d8de524e5.frehs-hells.ru/s/b4538440
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.103.48 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-103-48.iad61.r.cloudfront.net
Software
CloudFront /
Resource Hash
29cb26e06f2a4a877f1134a46480d9b78f8b6e0e6f9b0fe67e34307c312b5a89
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://d8de524e5.frehs-hells.ru/
Origin
https://octopus-app-2-xq5wx.ondigitalocean.app
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 23 Jul 2024 18:55:20 GMT
via
1.1 e4938fc434947f57a79af6b9b403df6e.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD61-P1
age
4257
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
server
CloudFront
etag
W/"5co2cnhGrt59+8B+iLKwJesMrpA"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=587296, s-maxage=10378
x-amz-cf-id
XZA1SggD-bDPjBNwSltox6iLzql_dCsi4N9N95meccw8AQmclPNDWA==
78
d8de524e5.frehs-hells.ru/s/ 		39 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d8de524e5.frehs-hells.ru/s/78?0
Requested by
Host: d8de524e5.frehs-hells.ru
URL: https://d8de524e5.frehs-hells.ru/s/b4538440
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:a125 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3cd764c5df8cf8742cd83cc54eae3e3c7ca2edc1ce8f7b1f8b0e2fd59e955e71

Request headers

Referer
https://d8de524e5.frehs-hells.ru/s/b4538440
Origin
https://octopus-app-2-xq5wx.ondigitalocean.app
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 20:06:16 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xiq8DgsSSh%2FLx%2BDDobA1%2BKi63YxDkrDigWKs7SNb1vvVJqBcwlRU3kMzcRARNf%2BTRBokn4Tt2kSmK%2BrEg1HxtU5mrRmpAG7W4UedrvLEL9GnbigvJcqwX2MKSDs4rlroAwTQSiHFc5oq%2FnM31eVqRA6uA61OMh8%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET, PUT, POST, DELETE, OPTIONS
access-control-allow-origin
*
content-type
application/javascript
access-control-allow-credentials
true
cf-ray
8a7e4a421e1b7118-YYZ
alt-svc
h3=":443"; ma=86400
78
d8de524e5.frehs-hells.ru/r/ 		369 KB
97 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://d8de524e5.frehs-hells.ru/r/78?session=d99a2a22c0d445a9911bb3ca0d49e765b6d0f9630ceba6bff6fed5043766436e
Requested by
Host: d8de524e5.frehs-hells.ru
URL: https://d8de524e5.frehs-hells.ru/s/b4538440
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:a125 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1b543ffc1fcd7197fa77f360363f441032da7620ed36c79e8a50482e22d97d6

Request headers

Referer
https://octopus-app-2-xq5wx.ondigitalocean.app/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryVrRWi7UzaqN54R5J

Response headers

date
Tue, 23 Jul 2024 20:06:17 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T2OjsrWp8Je0hOrUmtnmD0hTb2nddv95O1TikGT%2F45pehvdd9%2FoEULxJJz0pwtGOnts0mTCxMsY%2Bo1fl%2FX6lS%2B%2FsEP9Hvc9k%2Fck7Pt8XcJqKHXHRUauiYf%2FJWwElFum2chrlIiO%2FlEGbzsBR3Zt7%2BAerlIy3aN0%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET, PUT, POST, DELETE, OPTIONS
access-control-allow-origin
*
content-type
text/html; charset=utf-8
access-control-allow-credentials
true
cf-ray
8a7e4a46df88ab2d-YYZ
alt-svc
h3=":443"; ma=86400
font-awesome.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 		37 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Requested by
Host: d8de524e5.frehs-hells.ru
URL: https://d8de524e5.frehs-hells.ru/s/b4538440
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://octopus-app-2-xq5wx.ondigitalocean.app/
Origin
https://octopus-app-2-xq5wx.ondigitalocean.app
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 20:06:18 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
456979
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
5884
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-9226"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EPGxZ5I2qLXy%2F75DQB%2BPIYhr%2BjYWjgrQ4ba9GLbtkiLK%2B8bDSQmv%2FFWdMqf24tevEzFK3rWk0oTeWkmLTNuCK6TAwYoaDDsr%2FQYFRT8n1KhXip1TLlQ09oek%2FjS%2BTGJvxni1OmRPkwZ3SiruIveLVT4I"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8a7e4a4e8e41ab09-YYZ
expires
Sun, 13 Jul 2025 20:06:18 GMT
jquery-3.1.1.min.js
code.jquery.com/ 		0
0
picker_verify_call_fe87496cc7a44412f7893a72099c120a.svg
aadcdn.msauth.net/shared/1.0/content/images/ 		0
0
picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg
aadcdn.msauth.net/shared/1.0/content/images/ 		0
0
picker_verify_fluent_authenticator_b59c16ca9bf156438a8a96d45e33db64.svg
aadcdn.msauth.net/shared/1.0/content/images/ 		0
0
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		513 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		250 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8ed8f3acb9b87f99e42c74463d4e2be96ee85b8a87cd6eb874295ace420a5904

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cbb3706e65b35a43bdcfebd23b5479dc0542ca7e23197869b683d12b524472fe

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
code.jquery.com
URL
https://code.jquery.com/jquery-3.1.1.min.js
Domain
aadcdn.msauth.net
URL
https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_call_fe87496cc7a44412f7893a72099c120a.svg
Domain
aadcdn.msauth.net
URL
https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg
Domain
aadcdn.msauth.net
URL
https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_b59c16ca9bf156438a8a96d45e33db64.svg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

3 Console Messages

Source Level URL
Text
network error URL: https://octopus-app-2-xq5wx.ondigitalocean.app/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()
javascript warning URL: https://d8de524e5.frehs-hells.ru/s/b4538440(Line 316)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.1.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://d8de524e5.frehs-hells.ru/s/b4538440(Line 316)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.1.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.