urlscan.io logo urlscan.io
SecurityTrails logo

bagwellagencycom.od2.vtiger.com Open in urlscan Pro
52.65.126.231  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://bagwellagencycom.od2.vtiger.com/pages/share_file
Submission: On August 31 via api from US — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 52.65.126.231, located in Sydney, Australia and belongs to AMAZON-02, US. The main domain is bagwellagencycom.od2.vtiger.com.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on October 14th 2021. Valid for: a year.
This is the only time bagwellagencycom.od2.vtiger.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sharepoint (Online)

Domain & IP information

IP Address AS Autonomous System
5 52.65.126.231 16509 (AMAZON-02)
5 2
Apex Domain
Subdomains		 Transfer
5 vtiger.com
bagwellagencycom.od2.vtiger.com
56 KB
5 1
Domain Requested by
5 bagwellagencycom.od2.vtiger.com bagwellagencycom.od2.vtiger.com
5 1

This site contains links to these domains. Also see Links.

Domain
ams3.digitaloceanspaces.com
Subject Issuer Validity Valid
*.od2.vtiger.com
GlobalSign RSA OV SSL CA 2018		 2021-10-14 -
2022-11-15		 a year crt.sh

This page contains 1 frames:

Primary Page: https://bagwellagencycom.od2.vtiger.com/pages/share_file
Frame ID: 0EC4CEB40AD7C9F393A71F3894CF60E0
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Share file

Detected technologies

Overall confidence: 100%
Detected patterns
  • <a[^>]*href=[^>]*/Bag
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

56 kB
Transfer

312 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request share_file
bagwellagencycom.od2.vtiger.com/pages/ 		16 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bagwellagencycom.od2.vtiger.com/pages/share_file
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.65.126.231 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-65-126-231.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
e438665cedb3e7684f8d61640a25a65510186fd1f3c8e606d9959e9a90696947
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
no-cache, must-revalidate, max-age=0 public,max-age=31536000, immutable
content-encoding
gzip
content-length
6265
content-type
text/html; charset=UTF-8
date
Wed, 31 Aug 2022 13:23:19 GMT
expires
Fri, 30 Sep 2022 13:23:19 GMT
server
Apache
strict-transport-security
max-age=15768000
vary
Accept-Encoding
bootstrap.min.css
bagwellagencycom.od2.vtiger.com/_resources9.22.7.2_/layouts/v9/assets/include/library/bootstrap/dist/css/ 		152 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bagwellagencycom.od2.vtiger.com/_resources9.22.7.2_/layouts/v9/assets/include/library/bootstrap/dist/css/bootstrap.min.css
Requested by
Host: bagwellagencycom.od2.vtiger.com
URL: https://bagwellagencycom.od2.vtiger.com/pages/share_file
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.65.126.231 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-65-126-231.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
f231cfc68aa898cb3eec9757e296a481bf2593b78d698f61e37dedda376efb9f
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://bagwellagencycom.od2.vtiger.com/pages/share_file
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security
max-age=15768000
content-encoding
gzip
last-modified
Thu, 03 Mar 2022 06:27:46 GMT
server
Apache
date
Wed, 31 Aug 2022 13:23:20 GMT
vary
Accept-Encoding
content-type
text/css
cache-control
public,max-age=31536000, immutable
accept-ranges
bytes
content-length
23318
expires
Fri, 30 Sep 2022 13:23:20 GMT
fontawesome.min.css
bagwellagencycom.od2.vtiger.com/_resources9.22.7.2_/layouts/v9/assets/include/library/fontawesome-5.5.0/css/ 		49 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bagwellagencycom.od2.vtiger.com/_resources9.22.7.2_/layouts/v9/assets/include/library/fontawesome-5.5.0/css/fontawesome.min.css
Requested by
Host: bagwellagencycom.od2.vtiger.com
URL: https://bagwellagencycom.od2.vtiger.com/pages/share_file
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.65.126.231 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-65-126-231.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
e57ff99e64b08bd8a230d567b5b4b4cb97835f98b2db6473569981ddda0ec85a
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://bagwellagencycom.od2.vtiger.com/pages/share_file
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security
max-age=15768000
content-encoding
gzip
last-modified
Thu, 03 Mar 2022 06:27:46 GMT
server
Apache
date
Wed, 31 Aug 2022 13:23:20 GMT
vary
Accept-Encoding
content-type
text/css
cache-control
public,max-age=31536000, immutable
accept-ranges
bytes
content-length
10931
expires
Fri, 30 Sep 2022 13:23:20 GMT
style.css
bagwellagencycom.od2.vtiger.com/_resources9.22.7.2_/layouts/v9/assets/vds-icons/ 		92 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bagwellagencycom.od2.vtiger.com/_resources9.22.7.2_/layouts/v9/assets/vds-icons/style.css
Requested by
Host: bagwellagencycom.od2.vtiger.com
URL: https://bagwellagencycom.od2.vtiger.com/pages/share_file
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.65.126.231 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-65-126-231.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
43eea58c97585332c58c0f26189b51a5509c828b86807b0b86f67dcee0c6e81c
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://bagwellagencycom.od2.vtiger.com/pages/share_file
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security
max-age=15768000
content-encoding
gzip
last-modified
Thu, 25 Aug 2022 00:00:24 GMT
server
Apache
date
Wed, 31 Aug 2022 13:23:20 GMT
vary
Accept-Encoding
content-type
text/css
cache-control
public,max-age=31536000, immutable
accept-ranges
bytes
content-length
15877
expires
Fri, 30 Sep 2022 13:23:20 GMT
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ed518261972445f0ec39ea427d6d083ed69fffbc5e601d2b8f12cc659ef1d87e

Request headers

accept-language
en-AU,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type
image/png
t
bagwellagencycom.od2.vtiger.com/pages/ 		16 B
69 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bagwellagencycom.od2.vtiger.com/pages/t
Requested by
Host: bagwellagencycom.od2.vtiger.com
URL: https://bagwellagencycom.od2.vtiger.com/pages/share_file
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.65.126.231 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-65-126-231.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Accept
application/json
Referer
https://bagwellagencycom.od2.vtiger.com/pages/share_file
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type
application/json

Response headers

strict-transport-security
max-age=15768000
content-encoding
gzip
server
Apache
date
Wed, 31 Aug 2022 13:23:20 GMT
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
cache-control
no-cache, must-revalidate, max-age=0, public,max-age=31536000, immutable
content-length
36
expires
Fri, 30 Sep 2022 13:23:20 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sharepoint (Online)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation

1 Cookies

Domain/Path Name / Value
bagwellagencycom.od2.vtiger.com/pages Name: _vt_wp_uid
Value: 630f60c806b3b

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15768000