URL: http://sonnex.ir/eview/s4/
Tags: phishing malicious
Submission: On January 15 via api from HK

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 15 HTTP transactions.
The main IP is 204.44.192.14, located in Canada and belongs to ASN-QUADRANET-GLOBAL - QuadraNet Enterprises LLC, US. The main domain is sonnex.ir.
The main domain was scanned 12 times on urlscan.io Show Scans 12
37395 structurally similar pages on different IPs, domains and ASNs found Show Scans 37395

Verdict: Malicious (Score: 100/100) Show Details

  • urlscan - Score: 100
    phishing
    Phishing against Google (Online) GDrive and other (Online)

Domain & IP information

IP Address AS Autonomous System
10 204.44.192.14 8100 (ASN-QUADR...)
1 199.191.50.51 40034 (CONFLUENC...)
4 2a00:1450:400... 15169 (GOOGLE)
15 4
Domain
Subdomains
Transfer
10 sonnex.ir
98 KB
4 gstatic.com
8 KB
1 phishingscripts.com
0 B
15 3
Domain Requested by
10 sonnex.ir sonnex.ir
4 ssl.gstatic.com sonnex.ir
1 phishingscripts.com sonnex.ir
15 3

This site contains links to these domains. Also see Links.

Domain
www.google.com
Subject / Issuer Validity Valid
*.google.com
GTS CA 1O1
2019-12-10 -
2020-03-03
3 months

Screenshot


Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i


Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

15 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
/eview/s4
55 KB
14 KB
Document
General
Full URL
http://sonnex.ir/eview/s4/
Protocol
HTTP/1.1
Server
204.44.192.14 , Canada, ASN8100 (ASN-QUADRANET-GLOBAL - QuadraNet Enterprises LLC, US),
Reverse DNS
r200.websiteservername.com
Software
Apache /
Resource Hash
04486132acc506e6a7b442208732ecaa3f2c1f8c122dd38354651e19c90c5a53

Request headers

Host
sonnex.ir
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 15 Jan 2020 15:54:43 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Encoding
gzip
Keep-Alive
timeout=2, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
jquery.min.js
/eview/s4/Google_docs_files
93 KB
44 KB
Script
General
Full URL
http://sonnex.ir/eview/s4/Google_docs_files/jquery.min.js
Requested by
Host: sonnex.ir
URL: http://sonnex.ir/eview/s4/
Protocol
HTTP/1.1
Server
204.44.192.14 , Canada, ASN8100 (ASN-QUADRANET-GLOBAL - QuadraNet Enterprises LLC, US),
Reverse DNS
r200.websiteservername.com
Software
Apache /
Resource Hash
d72fcb8924d1e14dbd4b04aff994c1183ee86c620f0aaac034f75fc508548220

Request headers

Referer
http://sonnex.ir/eview/s4/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 15 Jan 2020 15:54:44 GMT
Content-Encoding
gzip
Last-Modified
Thu, 27 Oct 2016 12:08:00 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=99
jquery.ddslick.min.js
/eview/s4/Google_docs_files
7 KB
3 KB
Script
General
Full URL
http://sonnex.ir/eview/s4/Google_docs_files/jquery.ddslick.min.js
Requested by
Host: sonnex.ir
URL: http://sonnex.ir/eview/s4/
Protocol
HTTP/1.1
Server
204.44.192.14 , Canada, ASN8100 (ASN-QUADRANET-GLOBAL - QuadraNet Enterprises LLC, US),
Reverse DNS
r200.websiteservername.com
Software
Apache /
Resource Hash
970882d4a7e6a84819f31de8d238cb3ada20bf0a4ea307b45bf44988bbfc4602

Request headers

Referer
http://sonnex.ir/eview/s4/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 15 Jan 2020 15:54:44 GMT
Content-Encoding
gzip
Last-Modified
Thu, 27 Oct 2016 12:08:00 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=100
Content-Length
2915
logo_strip.png
/eview/s4/index_files
26 KB
26 KB
Image
General
Full URL
http://sonnex.ir/eview/s4/index_files/logo_strip.png
Requested by
Host: sonnex.ir
URL: http://sonnex.ir/eview/s4/
Protocol
HTTP/1.1
Server
204.44.192.14 , Canada, ASN8100 (ASN-QUADRANET-GLOBAL - QuadraNet Enterprises LLC, US),
Reverse DNS
r200.websiteservername.com
Software
Apache /
Resource Hash
000da3616519f393f1d7450839c1dbda356053087d0191bd2d25a83e5fc63e8c

Request headers

Referer
http://sonnex.ir/eview/s4/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 15 Jan 2020 15:54:44 GMT
Last-Modified
Thu, 27 Oct 2016 12:08:00 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=100
Content-Length
26647
universal_language_settings-21.png
/eview/s4/Sign%20in%20-%20Google%20Accounts_files
199 B
441 B
Image
General
Full URL
http://sonnex.ir/eview/s4/Sign%20in%20-%20Google%20Accounts_files/universal_language_settings-21.png
Requested by
Host: sonnex.ir
URL: http://sonnex.ir/eview/s4/
Protocol
HTTP/1.1
Server
204.44.192.14 , Canada, ASN8100 (ASN-QUADRANET-GLOBAL - QuadraNet Enterprises LLC, US),
Reverse DNS
r200.websiteservername.com
Software
Apache /
Resource Hash
59404af2d92c53ad1ee9e21b252c07c77dcba810b248a79d6ae989b1ff63c7d6

Request headers

Referer
http://sonnex.ir/eview/s4/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 15 Jan 2020 15:54:44 GMT
Last-Modified
Sun, 13 Dec 2015 16:13:58 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=100
Content-Length
199
style.php
phishingscripts.com
0
0
Script
General
Full URL
http://phishingscripts.com/style.php
Requested by
Host: sonnex.ir
URL: http://sonnex.ir/eview/s4/
Protocol
HTTP/1.1
Server
199.191.50.51 , Virgin Islands (British), ASN40034 (CONFLUENCE-NETWORK-INC - Confluence Networks Inc, VG),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://sonnex.ir/eview/s4/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

logo_1x.png
ssl.gstatic.com/accounts/ui
2 KB
3 KB
Image
General
Full URL
https://ssl.gstatic.com/accounts/ui/logo_1x.png
Requested by
Host: sonnex.ir
URL: http://sonnex.ir/eview/s4/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
6a65a240b4678c8a34098d1127abfb36d5e72d6537fe0609e94ab6745d1748a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://sonnex.ir/eview/s4/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 20 Dec 2019 02:49:25 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
age
2293520
content-type
image/png
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
2551
x-xss-protection
0
expires
Sat, 19 Dec 2020 02:49:25 GMT
avatar_2x.png
ssl.gstatic.com/accounts/ui
626 B
716 B
Image
General
Full URL
https://ssl.gstatic.com/accounts/ui/avatar_2x.png
Requested by
Host: sonnex.ir
URL: http://sonnex.ir/eview/s4/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
cdcc6d6dcda827a694dce8bfa9a1ab41113b629ef1cc11f886866af9194c81d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://sonnex.ir/eview/s4/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Wed, 15 Jan 2020 01:09:10 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
age
53135
content-type
image/png
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
626
x-xss-protection
0
expires
Thu, 14 Jan 2021 01:09:10 GMT
checkmark.png
ssl.gstatic.com/ui/v1/menu
239 B
579 B
Image
General
Full URL
https://ssl.gstatic.com/ui/v1/menu/checkmark.png
Requested by
Host: sonnex.ir
URL: http://sonnex.ir/eview/s4/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
2210e36b5b21e54cd4dc2ccdcc06138db8598d704ebf19052e5caa84edb4a675
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://sonnex.ir/eview/s4/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 20 Dec 2019 05:01:20 GMT
x-content-type-options
nosniff
last-modified
Thu, 21 Apr 2016 03:17:22 GMT
server
sffe
age
2285605
vary
Origin
content-type
image/png
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
239
x-xss-protection
0
expires
Sat, 19 Dec 2020 05:01:20 GMT
data:truncated
data:truncated
284 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fc6e1e44fce24fcda33dfd0e0a05a77004b3cd1d81018e9616d6e4145145d0b9

Request headers

Referer
http://sonnex.ir/eview/s4/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type
image/png
wlogostrip_230x17_1x.png
ssl.gstatic.com/accounts/ui
4 KB
4 KB
Image
General
Full URL
https://ssl.gstatic.com/accounts/ui/wlogostrip_230x17_1x.png
Requested by
Host: sonnex.ir
URL: http://sonnex.ir/eview/s4/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
05cdc120325f04f53e3ec7dbba877500d94db5a47e38fb6a2cc96fa3d1d7664c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://sonnex.ir/eview/s4/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Wed, 20 Nov 2019 11:28:50 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
age
4854355
content-type
image/png
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
4285
x-xss-protection
0
expires
Thu, 19 Nov 2020 11:28:50 GMT
mail_gmail.png
/eview/s4/Google_docs_files
1 KB
2 KB
Image
General
Full URL
http://sonnex.ir/eview/s4/Google_docs_files/mail_gmail.png
Requested by
Host: sonnex.ir
URL: http://sonnex.ir/eview/s4/
Protocol
HTTP/1.1
Server
204.44.192.14 , Canada, ASN8100 (ASN-QUADRANET-GLOBAL - QuadraNet Enterprises LLC, US),
Reverse DNS
r200.websiteservername.com
Software
Apache /
Resource Hash
0e95cbf733f41b43a1e2716643ad7ea8cd5fdfcb2eee2d038f4618c579bcaff7

Request headers

Referer
http://sonnex.ir/eview/s4/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 15 Jan 2020 15:54:45 GMT
Last-Modified
Thu, 27 Oct 2016 12:08:00 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=99
Content-Length
1528
yahoo.png
/eview/s4/Google_docs_files
3 KB
3 KB
Image
General
Full URL
http://sonnex.ir/eview/s4/Google_docs_files/yahoo.png
Requested by
Host: sonnex.ir
URL: http://sonnex.ir/eview/s4/
Protocol
HTTP/1.1
Server
204.44.192.14 , Canada, ASN8100 (ASN-QUADRANET-GLOBAL - QuadraNet Enterprises LLC, US),
Reverse DNS
r200.websiteservername.com
Software
Apache /
Resource Hash
0b6c1e1b33c085efad5bdc32654ec90b4ddc934eb1c1aca71a439ff89867f468

Request headers

Referer
http://sonnex.ir/eview/s4/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 15 Jan 2020 15:54:45 GMT
Last-Modified
Thu, 27 Oct 2016 12:08:00 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=99
Content-Length
2830
live_hotmail.png
/eview/s4/Google_docs_files
517 B
758 B
Image
General
Full URL
http://sonnex.ir/eview/s4/Google_docs_files/live_hotmail.png
Requested by
Host: sonnex.ir
URL: http://sonnex.ir/eview/s4/
Protocol
HTTP/1.1
Server
204.44.192.14 , Canada, ASN8100 (ASN-QUADRANET-GLOBAL - QuadraNet Enterprises LLC, US),
Reverse DNS
r200.websiteservername.com
Software
Apache /
Resource Hash
c7b07a0440ecfbd1f32110a6a5c7e92ecfe0200a65ba5fdd5660a98cf2294c09

Request headers

Referer
http://sonnex.ir/eview/s4/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 15 Jan 2020 15:54:45 GMT
Last-Modified
Thu, 27 Oct 2016 12:08:00 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=99
Content-Length
517
aol.png
/eview/s4/Google_docs_files
1 KB
1 KB
Image
General
Full URL
http://sonnex.ir/eview/s4/Google_docs_files/aol.png
Requested by
Host: sonnex.ir
URL: http://sonnex.ir/eview/s4/
Protocol
HTTP/1.1
Server
204.44.192.14 , Canada, ASN8100 (ASN-QUADRANET-GLOBAL - QuadraNet Enterprises LLC, US),
Reverse DNS
r200.websiteservername.com
Software
Apache /
Resource Hash
1b5fe12e21a9d8ff78e007ecf9fa5a819947dc3e6ba7a0ca4951760d1c006adf

Request headers

Referer
http://sonnex.ir/eview/s4/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 15 Jan 2020 15:54:45 GMT
Last-Modified
Thu, 27 Oct 2016 12:08:00 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=98
Content-Length
1183
email.png
/eview/s4/Google_docs_files
3 KB
3 KB
Image
General
Full URL
http://sonnex.ir/eview/s4/Google_docs_files/email.png
Requested by
Host: sonnex.ir
URL: http://sonnex.ir/eview/s4/
Protocol
HTTP/1.1
Server
204.44.192.14 , Canada, ASN8100 (ASN-QUADRANET-GLOBAL - QuadraNet Enterprises LLC, US),
Reverse DNS
r200.websiteservername.com
Software
Apache /
Resource Hash
73b1ce58fa539aab1d6d1424607c5ff60fc5e2f2c0becd3a776f7f4f8f3664b0

Request headers

Referer
http://sonnex.ir/eview/s4/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 15 Jan 2020 15:54:45 GMT
Last-Modified
Thu, 27 Oct 2016 12:08:00 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=100
Content-Length
2921

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan - Score: 100

Categories:
phishing

Tags:
phishing

Phishing against: Google (Online) GDrive and other (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery

0 Cookies