sharepointonline-com.netlify.app
Open in
urlscan Pro
2a03:b0c0:3:d0::d23:d001
Malicious Activity!
Public Scan
Submission: On October 27 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by DigiCert TLS Hybrid ECC SHA384 2020 CA1 on March 9th 2021. Valid for: a year.
This is the only time sharepointonline-com.netlify.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OneDrive (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2a03:b0c0:3:d... 2a03:b0c0:3:d0::d23:d001 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
6 | 54.213.234.222 54.213.234.222 | 16509 (AMAZON-02) (AMAZON-02) | |
7 | 3 |
ASN14061 (DIGITALOCEAN-ASN, US)
sharepointonline-com.netlify.app |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-213-234-222.us-west-2.compute.amazonaws.com
wzywskfc7hsdqthwni0bkq-on.drv.tw |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
drv.tw
wzywskfc7hsdqthwni0bkq-on.drv.tw |
639 KB |
1 |
netlify.app
sharepointonline-com.netlify.app |
201 KB |
7 | 2 |
Domain | Requested by | |
---|---|---|
6 | wzywskfc7hsdqthwni0bkq-on.drv.tw |
sharepointonline-com.netlify.app
|
1 | sharepointonline-com.netlify.app | |
7 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.netlify.app DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2021-03-09 - 2022-03-01 |
a year | crt.sh |
*.drv.tw R3 |
2021-10-14 - 2022-01-12 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://sharepointonline-com.netlify.app/encrypted.html
Frame ID: 0443A7ED253114AD82C1D321540BAADC
Requests: 8 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
encrypted.html
sharepointonline-com.netlify.app/ |
441 KB 201 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.jpg
wzywskfc7hsdqthwni0bkq-on.drv.tw/web/ |
4 KB 4 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
top.jpg
wzywskfc7hsdqthwni0bkq-on.drv.tw/web/ |
5 KB 5 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tp.jpg
wzywskfc7hsdqthwni0bkq-on.drv.tw/web/ |
7 KB 8 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tp2.jpg
wzywskfc7hsdqthwni0bkq-on.drv.tw/web/ |
10 KB 11 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tp3.jpg
wzywskfc7hsdqthwni0bkq-on.drv.tw/web/ |
6 KB 6 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ou.gif
wzywskfc7hsdqthwni0bkq-on.drv.tw/web/ |
603 KB 604 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
73 KB 73 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OneDrive (Online)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| savepage_ShadowLoader0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
sharepointonline-com.netlify.app
wzywskfc7hsdqthwni0bkq-on.drv.tw
2a03:b0c0:3:d0::d23:d001
54.213.234.222
00bc8f039ec613827a2196f03d1467da890c513911f6c871cc3b80c3f71df3e9
42a4af9fd520adeaa5adc5b816e3d06c561430313d2be48da527ee203bb8283a
520c1881d8c16eb90a527b6555faf55f834b2a45c74f1d6f860759190b265c9c
5fbc55c7aca8515003db933fbfc27147afea85b30c666bee69d1a535c6e5d7fe
658cf43db24e9d4c57890e958aa74656a13139754de24f19e706f0a355279e4d
c58258ce9790d38cace920c3bd3d47f17f9c326d90d2415cb0ea7dd9f706531e
deda91fa0a980d59817f7eccf174e1e4b898adc7d8b5304dc3550b58666b1d53
e845fbeff8d887915686f428e8776f64c8598967b8557b58ab2508bf024222e8