www.eservicebits.com

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 5 HTTP transactions. The main IP is 54.194.79.117, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is www.eservicebits.com.
TLS certificate: Issued by Amazon on March 30th 2022. Valid for: a year.

This is the only time www.eservicebits.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1	54.194.79.117 54.194.79.117	16509 (AMAZON-02) (AMAZON-02)
4	13.32.121.7 13.32.121.7	16509 (AMAZON-02) (AMAZON-02)
5	2

1 54.194.79.117 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-79-117.eu-west-1.compute.amazonaws.com

www.eservicebits.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.32.121.7 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-7.fra60.r.cloudfront.net

cloud.phishinsight.trendmicro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	trendmicro.com cloud.phishinsight.trendmicro.com	283 KB
1	eservicebits.com www.eservicebits.com	20 KB
5	2

	Domain	Requested by
4	cloud.phishinsight.trendmicro.com	www.eservicebits.com
1	www.eservicebits.com
5	2

This site contains no links.

Subject Issuer	Validity	Valid
*.onlineservicegroup.net Amazon	`2022-03-30` - `2023-04-28`	a year	crt.sh
*.phishinsight.trendmicro.com Entrust Certification Authority - L1K	`2020-07-07` - `2022-07-06`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://www.eservicebits.com/landingpages/cf1a9771-107e-471b-986d-361ea44c2f10/dMf3inGY2ykqX3lr1IiR7xbU8qWBSkih93Ci9NcgQ-w
Frame ID: BC485D380D7C0ED84EDA77330689BD6A
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to your Microsoft accountSign in to your Microsoft accountSign in to your Microsoft accountSign in to your Microsoft accountSign in to your Microsoft account

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

304 kB
Transfer

419 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request dMf3inGY2ykqX3lr1IiR7xbU8qWBSkih93Ci9NcgQ-w Show response www.eservicebits.com/landingpages/cf1a9771-107e-471b-986d-361ea44c2f10/	138 KB 20 KB	498ms 432ms	Document text/html	54.194.79.117 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.eservicebits.com/landingpages/cf1a9771-107e-471b-986d-361ea44c2f10/dMf3inGY2ykqX3lr1IiR7xbU8qWBSkih93Ci9NcgQ-w Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.194.79.117 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-194-79-117.eu-west-1.compute.amazonaws.com Software / Resource Hash `1906a2304e9b5f3c0f22215149ec51ad64fdb3576bb4097d4dfba73563ac3124` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding br content-length 20434 content-type text/html; charset=utf-8 date Thu, 05 May 2022 01:00:57 GMT vary Accept-Encoding x-amz-apigw-id RoI3ZEdTjoEFuow= x-amzn-remapped-content-length 20434 x-amzn-requestid d4e59a90-750f-4c1a-98b9-39437645ef2a x-amzn-trace-id Root=1-627321c8-710403517c6e9112212e09e2
GET H2	200	ellipsis_white.svg cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/	915 B 1 KB	45ms 8ms	Image image/svg+xml	13.32.121.7 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/ellipsis_white.svg Requested by Host: www.eservicebits.com URL: https://www.eservicebits.com/landingpages/cf1a9771-107e-471b-986d-361ea44c2f10/dMf3inGY2ykqX3lr1IiR7xbU8qWBSkih93Ci9NcgQ-w Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.121.7 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-121-7.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash `6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea` Request headers accept-language de-DE,de;q=0.9 Referer https://www.eservicebits.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers x-amz-server-side-encryption AES256 x-amz-version-id ezTJbrbEyxxFsnY8LNBgrZ.1Rc.kNqcr via 1.1 d7433132a7c6595c9aab2dc2272e7060.cloudfront.net (CloudFront) last-modified Mon, 18 Apr 2022 01:37:26 GMT server AmazonS3 age 72481 etag "5ac590ee72bfe06a7cecfd75b588ad73" x-cache Hit from cloudfront content-type image/svg+xml date Wed, 04 May 2022 04:52:57 GMT x-amz-replication-status COMPLETED x-amz-cf-pop FRA60-P1 accept-ranges bytes content-length 915 x-amz-cf-id s93PXOWohxHhMdNtJTXxRS6L1nMwElQHTFaraI0GxHDImqiMWp_t3A==
GET H2	200	ellipsis_grey.svg cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/	915 B 1 KB	45ms 9ms	Image image/svg+xml	13.32.121.7 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/ellipsis_grey.svg Requested by Host: www.eservicebits.com URL: https://www.eservicebits.com/landingpages/cf1a9771-107e-471b-986d-361ea44c2f10/dMf3inGY2ykqX3lr1IiR7xbU8qWBSkih93Ci9NcgQ-w Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.121.7 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-121-7.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash `16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6` Request headers accept-language de-DE,de;q=0.9 Referer https://www.eservicebits.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers x-amz-server-side-encryption AES256 x-amz-version-id TbnB3CERCKdahpyg1vptmb38C6NoKzYg via 1.1 d7433132a7c6595c9aab2dc2272e7060.cloudfront.net (CloudFront) last-modified Mon, 18 Apr 2022 01:37:25 GMT server AmazonS3 age 83503 etag "2b5d393db04a5e6e1f739cb266e65b4c" x-cache Hit from cloudfront content-type image/svg+xml date Wed, 04 May 2022 01:49:15 GMT x-amz-replication-status COMPLETED x-amz-cf-pop FRA60-P1 accept-ranges bytes content-length 915 x-amz-cf-id ITjpCSPeul8i4MfIfNrqnGxe9XeT-u44vrRpylCyZi-QB__EuyE2tA==
GET H2	200	owa_small.jpg cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/	3 KB 3 KB	41ms 9ms	Image image/jpeg	13.32.121.7 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/owa_small.jpg Requested by Host: www.eservicebits.com URL: https://www.eservicebits.com/landingpages/cf1a9771-107e-471b-986d-361ea44c2f10/dMf3inGY2ykqX3lr1IiR7xbU8qWBSkih93Ci9NcgQ-w Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.121.7 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-121-7.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash `f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea` Request headers accept-language de-DE,de;q=0.9 Referer https://www.eservicebits.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers x-amz-server-side-encryption AES256 x-amz-version-id Nak_JLT1n4hTdU337n5t9CgFAdf1wWOe via 1.1 d7433132a7c6595c9aab2dc2272e7060.cloudfront.net (CloudFront) last-modified Mon, 18 Apr 2022 01:38:01 GMT server AmazonS3 age 29330 etag "138bcee624fa04ef9b75e86211a9fe0d" x-cache Hit from cloudfront content-type image/jpeg date Wed, 04 May 2022 16:52:08 GMT x-amz-replication-status COMPLETED x-amz-cf-pop FRA60-P1 accept-ranges bytes content-length 3006 x-amz-cf-id tFn70qTubPZiBqvPFGWZZ89VNFxdZ2LSeLKLQaMQHb0bo_B8bSnBJQ==
GET H2	200	owa.jpg cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/	277 KB 277 KB	41ms 10ms	Image image/jpeg	13.32.121.7 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/owa.jpg Requested by Host: www.eservicebits.com URL: https://www.eservicebits.com/landingpages/cf1a9771-107e-471b-986d-361ea44c2f10/dMf3inGY2ykqX3lr1IiR7xbU8qWBSkih93Ci9NcgQ-w Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.121.7 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-121-7.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash `211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb` Request headers accept-language de-DE,de;q=0.9 Referer https://www.eservicebits.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers x-amz-server-side-encryption AES256 x-amz-version-id w.pZsPYj30glwzmhxNfjVmHDDCR1Gnuc via 1.1 d7433132a7c6595c9aab2dc2272e7060.cloudfront.net (CloudFront) last-modified Mon, 18 Apr 2022 01:38:00 GMT server AmazonS3 age 29330 etag "a5dbd4393ff6a725c7e62b61df7e72f0" x-cache Hit from cloudfront content-type image/jpeg date Wed, 04 May 2022 16:52:08 GMT x-amz-replication-status COMPLETED x-amz-cf-pop FRA60-P1 accept-ranges bytes content-length 283351 x-amz-cf-id nrNLL1nalLWfb3esPf3JUE0NAhUJKpzNe0soDmLl6Sxu2WJBnd9sIQ==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cloud.phishinsight.trendmicro.com
www.eservicebits.com
13.32.121.7
54.194.79.117
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
1906a2304e9b5f3c0f22215149ec51ad64fdb3576bb4097d4dfba73563ac3124
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea

www.eservicebits.com Open in urlscan Pro 54.194.79.117 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

5 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

304 kBTransfer

419 kBSize

0 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Indicators

www.eservicebits.com Open in urlscan Pro
54.194.79.117 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

304 kB
Transfer

419 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!