loop-185845341-file-8120997576989da.s3.ams03.cloud-object-storage.appdomain.cloud

Summary

This website contacted 3 IPs in 3 countries across 4 domains to perform 3 HTTP transactions. The main IP is 159.8.199.241, located in Amsterdam, Netherlands and belongs to SOFTLAYER, US. The main domain is loop-185845341-file-8120997576989da.s3.ams03.cloud-object-storage.appdomain.cloud.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on November 18th 2020. Valid for: a year.

This is the only time loop-185845341-file-8120997576989da.s3.ams03.cloud-object-storage.appdomain.cloud was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Dotloop (Real Estate)

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.89.118.28 167.89.118.28	11377 (SENDGRID) (SENDGRID)
1	81.16.28.50 81.16.28.50	47583 (AS-HOSTINGER) (AS-HOSTINGER)
1	159.8.199.241 159.8.199.241	36351 (SOFTLAYER) (SOFTLAYER)
1	13.224.96.61 13.224.96.61	16509 (AMAZON-02) (AMAZON-02)
3	3

1 167.89.118.28 (Las Vegas, United States) 1 redirects

ASN11377 (SENDGRID, US)
PTR: o16789118x28.outbound-mail.sendgrid.net

u22078019.ct.sendgrid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 81.16.28.50 (Germany)

ASN47583 (AS-HOSTINGER, CY)

minhha.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.8.199.241 (Amsterdam, Netherlands)

ASN36351 (SOFTLAYER, US)
PTR: s3.ams03.objectstorage.softlayer.net

loop-185845341-file-8120997576989da.s3.ams03.cloud-object-storage.appdomain.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.61 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-61.zrh50.r.cloudfront.net

www.dotloop.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	dotloop.com www.dotloop.com	31 KB
1	appdomain.cloud loop-185845341-file-8120997576989da.s3.ams03.cloud-object-storage.appdomain.cloud	9 KB
1	minhha.vn minhha.vn	649 B
1	sendgrid.net 1 redirects u22078019.ct.sendgrid.net	231 B
3	4

	Domain	Requested by
1	www.dotloop.com	loop-185845341-file-8120997576989da.s3.ams03.cloud-object-storage.appdomain.cloud
1	loop-185845341-file-8120997576989da.s3.ams03.cloud-object-storage.appdomain.cloud	minhha.vn
1	minhha.vn
1	u22078019.ct.sendgrid.net	1 redirects
3	4

This site contains links to these domains. Also see Links.

Domain
www.dotloop.com

Subject Issuer	Validity	Valid
minhha.vn R3	`2021-08-17` - `2021-11-15`	3 months	crt.sh
*.s3.ams03.cloud-object-storage.appdomain.cloud DigiCert TLS RSA SHA256 2020 CA1	`2020-11-18` - `2021-12-19`	a year	crt.sh
www.dotloop.com Entrust Certification Authority - L1M	`2021-01-05` - `2022-01-15`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://loop-185845341-file-8120997576989da.s3.ams03.cloud-object-storage.appdomain.cloud/index.html
Frame ID: EC954614CDCCE4B626E61C1367070303
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Dotloop | Real Estate Transaction Management Solution

Page URL History Show full URLs

https://u22078019.ct.sendgrid.net/ls/click?upn=k2iyo0ScaT-2BMvHbO6o0nCRzzETlsuH06j80s5icrWaUvI0-2FMXfVbbfQLXLJ... HTTP 302
https://minhha.vn/green.html Page URL
https://loop-185845341-file-8120997576989da.s3.ams03.cloud-object-storage.appdomain.cloud/index.html Page URL

Detected technologies

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

Page Statistics

3
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

41 kB
Transfer

40 kB
Size

0
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.dotloop.com/
Title:

Search URL Search Domain Scan URL

URL: https://www.dotloop.com/#/forgotpassword
Title: FORGOT YOUR PASSWORD?

Search URL Search Domain Scan URL

URL: https://www.dotloop.com/#/signup
Title: SIGN UP

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://u22078019.ct.sendgrid.net/ls/click?upn=k2iyo0ScaT-2BMvHbO6o0nCRzzETlsuH06j80s5icrWaUvI0-2FMXfVbbfQLXLJilkPrOqla_D5MCgRHhw21ljjC8F0zgIj80ZsGJlpCDW2nmgs46O-2FjagoJyn7wz0gExHcDUD3VJgJycowx3Iog0aTJ3zR2tCN-2Bwuyy7AtOGPOUanMQDHJhKMxdVtCDk82ALh2I-2BEu-2BO9yF3ST-2FQ-2Baxgiy7GiubMwIXjTZ844KJ0NOEK2uO40xqe5AtCDu1jJ6xzV0jntRpM6mn0ZoqLB5Mrgr3fd-2BGYr8DBhr7p6G6OOSAL0mKWqy8-3D HTTP 302
https://minhha.vn/green.html Page URL
https://loop-185845341-file-8120997576989da.s3.ams03.cloud-object-storage.appdomain.cloud/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://u22078019.ct.sendgrid.net/ls/click?upn=k2iyo0ScaT-2BMvHbO6o0nCRzzETlsuH06j80s5icrWaUvI0-2FMXfVbbfQLXLJilkPrOqla_D5MCgRHhw21ljjC8F0zgIj80ZsGJlpCDW2nmgs46O-2FjagoJyn7wz0gExHcDUD3VJgJycowx3Iog0aTJ3zR2tCN-2Bwuyy7AtOGPOUanMQDHJhKMxdVtCDk82ALh2I-2BEu-2BO9yF3ST-2FQ-2Baxgiy7GiubMwIXjTZ844KJ0NOEK2uO40xqe5AtCDu1jJ6xzV0jntRpM6mn0ZoqLB5Mrgr3fd-2BGYr8DBhr7p6G6OOSAL0mKWqy8-3D HTTP 302
https://minhha.vn/green.html

3 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

green.html Show response
minhha.vn/
Redirect Chain

https://u22078019.ct.sendgrid.net/ls/click?upn=k2iyo0ScaT-2BMvHbO6o0nCRzzETlsuH06j80s5icrWaUvI0-2FMXfVbbfQLXLJilkPrOqla_D5MCgRHhw21ljjC8F0zgIj80ZsGJlpCDW2nmgs46O-2FjagoJyn7wz0gExHcDUD3VJgJycowx3Iog...
https://minhha.vn/green.html

758 B
649 B

131ms
31ms

Document
text/html

81.16.28.50
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://minhha.vn/green.html

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

81.16.28.50 , Germany, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

b10c8c935720d6ce5dcc988675880ea7d079605202021c9aa3531cd6d04f47b5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

:method: GET
:authority: minhha.vn
:scheme: https
:path: /green.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-type: text/html
last-modified: Fri, 27 Aug 2021 15:51:37 GMT
etag: "2f6-61290a09-91bb4c279d2f0d58;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 330
date: Fri, 27 Aug 2021 19:43:36 GMT
server: LiteSpeed
content-security-policy: upgrade-insecure-requests
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Redirect headers

Server: nginx
Date: Fri, 27 Aug 2021 19:43:35 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 51
Connection: keep-alive
Location: https://minhha.vn/green.html
X-Robots-Tag: noindex, nofollow

GET
H/1.1 200
OK Primary Request index.html Show response
loop-185845341-file-8120997576989da.s3.ams03.cloud-object-storage.appdomain.cloud/ 9 KB
9 KB 526ms
413ms Document
text/html 159.8.199.241
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://loop-185845341-file-8120997576989da.s3.ams03.cloud-object-storage.appdomain.cloud/index.html
Requested by: Host: minhha.vn
URL: https://minhha.vn/green.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 159.8.199.241 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: s3.ams03.objectstorage.softlayer.net
Software: Cleversafe /
Resource Hash: 41bfdcedab5c7503f916a97ed3375db14b4b6dc706a16a8f50ef30cc2cefd78b

Request headers

Host: loop-185845341-file-8120997576989da.s3.ams03.cloud-object-storage.appdomain.cloud
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://minhha.vn/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://minhha.vn/

Response headers

Date: Fri, 27 Aug 2021 19:43:36 GMT
X-Clv-Request-Id: eafc8575-94b5-4385-94a2-8fc35288907e
Server: Cleversafe
X-Clv-S3-Version: 2.5
Accept-Ranges: bytes
x-amz-request-id: eafc8575-94b5-4385-94a2-8fc35288907e
ETag: "285eac45e182dac46155c15a98fabb07"
Content-Type: text/html
Last-Modified: Thu, 26 Aug 2021 11:05:51 GMT
Content-Length: 9333

GET
H2 200 dotloop_logo.jpg
www.dotloop.com/my/static/images/external/ 30 KB
31 KB 184ms
45ms Image
image/jpeg 13.224.96.61
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dotloop.com/my/static/images/external/dotloop_logo.jpg
Requested by: Host: loop-185845341-file-8120997576989da.s3.ams03.cloud-object-storage.appdomain.cloud
URL: https://loop-185845341-file-8120997576989da.s3.ams03.cloud-object-storage.appdomain.cloud/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-61.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6439ded0d728f70caa03a4337cf025b3b53b0f2f59942b34478efca88c7b3438

Request headers

Referer: https://loop-185845341-file-8120997576989da.s3.ams03.cloud-object-storage.appdomain.cloud/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 07:23:36 GMT
via: 1.1 aa001e3127bb5bd7bbc48bc4fef44b79.cloudfront.net (CloudFront)
last-modified: Thu, 19 Aug 2021 01:09:38 GMT
server: AmazonS3
age: 44400
etag: "fe6adda60aac94fedfb3b1743166d15d"
x-cache: Hit from cloudfront
x-amz-version-id: agKhtOSkjGVM9qwjBa32ddWvMYyGLVvF
x-amz-replication-status: COMPLETED
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: image/jpeg
content-length: 30955
x-amz-cf-id: eRwe4JTUcvo0fedfnKxX99qakwcaztCeSc02XXBcYlsGzpMYJUa8Og==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Dotloop (Real Estate)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

loop-185845341-file-8120997576989da.s3.ams03.cloud-object-storage.appdomain.cloud
minhha.vn
u22078019.ct.sendgrid.net
www.dotloop.com
13.224.96.61
159.8.199.241
167.89.118.28
81.16.28.50
41bfdcedab5c7503f916a97ed3375db14b4b6dc706a16a8f50ef30cc2cefd78b
6439ded0d728f70caa03a4337cf025b3b53b0f2f59942b34478efca88c7b3438
b10c8c935720d6ce5dcc988675880ea7d079605202021c9aa3531cd6d04f47b5

loop-185845341-file-8120997576989da.s3.ams03.cloud-object-storage.appdomain.cloud Open in urlscan Pro 159.8.199.241 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

3 Requests

100 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

3 IPs

3 Countries

41 kBTransfer

40 kBSize

0 Cookies

3 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

loop-185845341-file-8120997576989da.s3.ams03.cloud-object-storage.appdomain.cloud Open in urlscan Pro
159.8.199.241 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

41 kB
Transfer

40 kB
Size

0
Cookies

3 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!