onedrivedocumentsoc.onthewifi.com
Open in
urlscan Pro
66.23.235.102
Malicious Activity!
Public Scan
Effective URL: https://onedrivedocumentsoc.onthewifi.com/login.php?email=giancarlo.oviedo@invensys.com
Submission: On July 21 via manual from IN
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 21st 2020. Valid for: 3 months.
This is the only time onedrivedocumentsoc.onthewifi.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OneDrive (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 167.89.123.16 167.89.123.16 | 11377 (SENDGRID) (SENDGRID) | |
9 | 66.23.235.102 66.23.235.102 | 19318 (IS-AS-1) (IS-AS-1) | |
9 | 1 |
ASN11377 (SENDGRID, US)
PTR: o16789123x16.outbound-mail.sendgrid.net
u7248037.ct.sendgrid.net |
ASN19318 (IS-AS-1, US)
PTR: server.festivefoodslc.com
onedrvdocument.stufftoread.com | |
onedrivedocumentsoc.onthewifi.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
onthewifi.com
onedrivedocumentsoc.onthewifi.com |
284 KB |
2 |
stufftoread.com
onedrvdocument.stufftoread.com |
91 KB |
1 |
sendgrid.net
1 redirects
u7248037.ct.sendgrid.net |
359 B |
9 | 3 |
Domain | Requested by | |
---|---|---|
7 | onedrivedocumentsoc.onthewifi.com |
onedrvdocument.stufftoread.com
onedrivedocumentsoc.onthewifi.com |
2 | onedrvdocument.stufftoread.com |
onedrvdocument.stufftoread.com
|
1 | u7248037.ct.sendgrid.net | 1 redirects |
9 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
onedrvdocument.stufftoread.com cPanel, Inc. Certification Authority |
2020-07-21 - 2020-10-19 |
3 months | crt.sh |
onedrivedocumentsoc.onthewifi.com cPanel, Inc. Certification Authority |
2020-07-21 - 2020-10-19 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://onedrivedocumentsoc.onthewifi.com/login.php?email=giancarlo.oviedo@invensys.com
Frame ID: 31E74831C178B00E8D32807C80BBB99A
Requests: 9 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://u7248037.ct.sendgrid.net/ls/click?upn=imsogg4OuTs022kPF2Y6N8ril8RR3x59SZSGi2gQOkqnwiamUhp1yt8ZoMxtDi7...
HTTP 302
https://onedrvdocument.stufftoread.com/?frontend=Z2lhbmNhcmxvLm92aWVkb0BpbnZlbnN5cy5jb20=&utm_source=Email&utm_medi... Page URL
- https://onedrivedocumentsoc.onthewifi.com/?email=giancarlo.oviedo@invensys.com Page URL
- https://onedrivedocumentsoc.onthewifi.com/login.php?email=giancarlo.oviedo@invensys.com Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://u7248037.ct.sendgrid.net/ls/click?upn=imsogg4OuTs022kPF2Y6N8ril8RR3x59SZSGi2gQOkqnwiamUhp1yt8ZoMxtDi7cCBUaVKGeTw-2Bfztt45KYkpX4dBYg7Wjg9M8wfenBtD-2BnFZeaT-2Bl97TqAxsuFhYUPk5mmN0bROjuLe2F8HAx4wrOZaK5o4USGfsDp-2BMJb4xbLBakflFlUiK8dHyUOkkgCpUqG1Ci11Pz5mxCIgbOr7LDDyGxo-2BjKhVcDAwzDUa2cA-3Dnp3s_Yby7Q-2F9Pb2YddveyrrGk7EXHxTR9OttVn8SeRPlGbAadPfc7WWdmRN-2BXJhwN8eqZGXIKENhLVRUejHt-2FF2wDEkj5BwYk-2FvQc0qomgHRGc2aK6vd4Gm-2FT9Ssu-2Fh-2BqSLueNkEk9B-2FZKPUxM3aC-2FiGXCtAt-2F9ZOuQMCDStrpGJgb42OFLlfLOapntKtB-2BDaPTqX7lnMBl6gB2qTha-2Fcwxotuwe3-2Fd6UhZJrlcIM5dInitE-3D
HTTP 302
https://onedrvdocument.stufftoread.com/?frontend=Z2lhbmNhcmxvLm92aWVkb0BpbnZlbnN5cy5jb20=&utm_source=Email&utm_medium=Email&utm_campaign=Marketing+Campaign Page URL
- https://onedrivedocumentsoc.onthewifi.com/?email=giancarlo.oviedo@invensys.com Page URL
- https://onedrivedocumentsoc.onthewifi.com/login.php?email=giancarlo.oviedo@invensys.com Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://u7248037.ct.sendgrid.net/ls/click?upn=imsogg4OuTs022kPF2Y6N8ril8RR3x59SZSGi2gQOkqnwiamUhp1yt8ZoMxtDi7cCBUaVKGeTw-2Bfztt45KYkpX4dBYg7Wjg9M8wfenBtD-2BnFZeaT-2Bl97TqAxsuFhYUPk5mmN0bROjuLe2F8HAx4wrOZaK5o4USGfsDp-2BMJb4xbLBakflFlUiK8dHyUOkkgCpUqG1Ci11Pz5mxCIgbOr7LDDyGxo-2BjKhVcDAwzDUa2cA-3Dnp3s_Yby7Q-2F9Pb2YddveyrrGk7EXHxTR9OttVn8SeRPlGbAadPfc7WWdmRN-2BXJhwN8eqZGXIKENhLVRUejHt-2FF2wDEkj5BwYk-2FvQc0qomgHRGc2aK6vd4Gm-2FT9Ssu-2Fh-2BqSLueNkEk9B-2FZKPUxM3aC-2FiGXCtAt-2F9ZOuQMCDStrpGJgb42OFLlfLOapntKtB-2BDaPTqX7lnMBl6gB2qTha-2Fcwxotuwe3-2Fd6UhZJrlcIM5dInitE-3D HTTP 302
- https://onedrvdocument.stufftoread.com/?frontend=Z2lhbmNhcmxvLm92aWVkb0BpbnZlbnN5cy5jb20=&utm_source=Email&utm_medium=Email&utm_campaign=Marketing+Campaign
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
onedrvdocument.stufftoread.com/ Redirect Chain
|
5 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
onedrvdocument.stufftoread.com/js/ |
85 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
onedrivedocumentsoc.onthewifi.com/ |
6 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
point.gif
onedrivedocumentsoc.onthewifi.com/:abstract.simplenet.com/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
point2.html
onedrivedocumentsoc.onthewifi.com/abstract.simplenet.com/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.jpg
onedrivedocumentsoc.onthewifi.com/files/ |
82 KB 83 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loader.gif
onedrivedocumentsoc.onthewifi.com/files/ |
101 KB 101 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login.php
onedrivedocumentsoc.onthewifi.com/ |
10 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.jpg
onedrivedocumentsoc.onthewifi.com/files/ |
82 KB 83 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OneDrive (Online)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
onedrivedocumentsoc.onthewifi.com
onedrvdocument.stufftoread.com
u7248037.ct.sendgrid.net
167.89.123.16
66.23.235.102
1305b7500c4a9118aecc2b35f1a58ae4cc1e6a5647ecac64b50df4ecde8bc7cd
151ac40c7967764028647a7d4837d330f912b162828327feb06c948026b145ac
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
21307da7adc5e8938405ce5202b788a129e90a226bc75e51afa8e9d1e55ef04e
2366e068739dc554b59f5f4664567b5cfa9d8351b88be420ec0d0d74990842b9
3bfed2833f76afe747cd3ea2f0dd04dd00420e418706de65d9449b9dbf036e78
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3