urlscan.io logo urlscan.io
SecurityTrails logo

sharepointonline-com.netlify.app Open in urlscan Pro
2a03:b0c0:3:d0::d23:d001  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://sharepointonline-com.netlify.app/encrypted.html
Submission: On October 27 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 2a03:b0c0:3:d0::d23:d001, located in Frankfurt am Main, Germany and belongs to DIGITALOCEAN-ASN, US. The main domain is sharepointonline-com.netlify.app.
TLS certificate: Issued by DigiCert TLS Hybrid ECC SHA384 2020 CA1 on March 9th 2021. Valid for: a year.
This is the only time sharepointonline-com.netlify.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: OneDrive (Online)

Domain & IP information

IP Address AS Autonomous System
1 2a03:b0c0:3:d... 14061 (DIGITALOC...)
6 54.213.234.222 16509 (AMAZON-02)
7 3
Apex Domain
Subdomains		 Transfer
6 drv.tw
wzywskfc7hsdqthwni0bkq-on.drv.tw
639 KB
1 netlify.app
sharepointonline-com.netlify.app
201 KB
7 2
Domain Requested by
6 wzywskfc7hsdqthwni0bkq-on.drv.tw sharepointonline-com.netlify.app
1 sharepointonline-com.netlify.app
7 2

This site contains no links.

Subject Issuer Validity Valid
*.netlify.app
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-03-09 -
2022-03-01		 a year crt.sh
*.drv.tw
R3		 2021-10-14 -
2022-01-12		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://sharepointonline-com.netlify.app/encrypted.html
Frame ID: 0443A7ED253114AD82C1D321540BAADC
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

21l968741843230509&mARzAuvP

Page Statistics

7
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

912 kB
Transfer

1150 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request encrypted.html
sharepointonline-com.netlify.app/ 		441 KB
201 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sharepointonline-com.netlify.app/encrypted.html?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:b0c0:3:d0::d23:d001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Netlify /
Resource Hash
00bc8f039ec613827a2196f03d1467da890c513911f6c871cc3b80c3f71df3e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

cache-control
public, max-age=0, must-revalidate
content-type
text/html; charset=UTF-8
date
Wed, 27 Oct 2021 16:25:41 GMT
etag
"c09087399aba8ac7d0d85987916d1700-ssl-df"
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-nf-request-id
01FK194M15NSK3W5VS2QN47PX0
vary
Accept-Encoding
age
0
server
Netlify
content-encoding
br
logo.jpg
wzywskfc7hsdqthwni0bkq-on.drv.tw/web/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wzywskfc7hsdqthwni0bkq-on.drv.tw/web/logo.jpg
Requested by
Host: sharepointonline-com.netlify.app
URL: https://sharepointonline-com.netlify.app/encrypted.html?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.213.234.222 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-213-234-222.us-west-2.compute.amazonaws.com
Software
nginx/1.14.2 /
Resource Hash
e845fbeff8d887915686f428e8776f64c8598967b8557b58ab2508bf024222e8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sharepointonline-com.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 27 Oct 2021 16:25:46 GMT
last-modified
Fri, 22 Oct 2021 21:11:35 GMT
server
nginx/1.14.2
etag
0BxROxK1MuoRoVGl6TTMzNmVncytuUmZzNlRQRUwwanp5L3VjPQ
vary
Accept-Encoding
x-cache
BYPASS
content-type
image/jpeg
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
4215
top.jpg
wzywskfc7hsdqthwni0bkq-on.drv.tw/web/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wzywskfc7hsdqthwni0bkq-on.drv.tw/web/top.jpg
Requested by
Host: sharepointonline-com.netlify.app
URL: https://sharepointonline-com.netlify.app/encrypted.html?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.213.234.222 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-213-234-222.us-west-2.compute.amazonaws.com
Software
nginx/1.14.2 /
Resource Hash
42a4af9fd520adeaa5adc5b816e3d06c561430313d2be48da527ee203bb8283a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sharepointonline-com.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 27 Oct 2021 16:25:46 GMT
last-modified
Fri, 22 Oct 2021 21:07:11 GMT
server
nginx/1.14.2
etag
0BxROxK1MuoRoZ01GMU1pWGtVTm41MHdQTXhLM3J4bnlVYm9jPQ
vary
Accept-Encoding
x-cache
BYPASS
content-type
image/jpeg
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
5183
tp.jpg
wzywskfc7hsdqthwni0bkq-on.drv.tw/web/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wzywskfc7hsdqthwni0bkq-on.drv.tw/web/tp.jpg
Requested by
Host: sharepointonline-com.netlify.app
URL: https://sharepointonline-com.netlify.app/encrypted.html?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.213.234.222 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-213-234-222.us-west-2.compute.amazonaws.com
Software
nginx/1.14.2 /
Resource Hash
c58258ce9790d38cace920c3bd3d47f17f9c326d90d2415cb0ea7dd9f706531e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sharepointonline-com.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 27 Oct 2021 16:25:46 GMT
last-modified
Fri, 22 Oct 2021 20:55:45 GMT
server
nginx/1.14.2
etag
0BxROxK1MuoRocVpOaW41eXUwd3dWTGFKWEM0aEljSTBISklFPQ
vary
Accept-Encoding
x-cache
BYPASS
content-type
image/jpeg
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
7636
tp2.jpg
wzywskfc7hsdqthwni0bkq-on.drv.tw/web/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wzywskfc7hsdqthwni0bkq-on.drv.tw/web/tp2.jpg
Requested by
Host: sharepointonline-com.netlify.app
URL: https://sharepointonline-com.netlify.app/encrypted.html?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.213.234.222 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-213-234-222.us-west-2.compute.amazonaws.com
Software
nginx/1.14.2 /
Resource Hash
deda91fa0a980d59817f7eccf174e1e4b898adc7d8b5304dc3550b58666b1d53

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sharepointonline-com.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 27 Oct 2021 16:25:46 GMT
last-modified
Fri, 22 Oct 2021 20:55:33 GMT
server
nginx/1.14.2
etag
0BxROxK1MuoRoVFRVaFFMbmtuVTdsMUduQTdEdFpZZU96SS8wPQ
vary
Accept-Encoding
x-cache
BYPASS
content-type
image/jpeg
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
10529
tp3.jpg
wzywskfc7hsdqthwni0bkq-on.drv.tw/web/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wzywskfc7hsdqthwni0bkq-on.drv.tw/web/tp3.jpg
Requested by
Host: sharepointonline-com.netlify.app
URL: https://sharepointonline-com.netlify.app/encrypted.html?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.213.234.222 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-213-234-222.us-west-2.compute.amazonaws.com
Software
nginx/1.14.2 /
Resource Hash
520c1881d8c16eb90a527b6555faf55f834b2a45c74f1d6f860759190b265c9c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sharepointonline-com.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 27 Oct 2021 16:25:46 GMT
last-modified
Fri, 22 Oct 2021 20:55:54 GMT
server
nginx/1.14.2
etag
0BxROxK1MuoRoTlNwa2dNeUE3dS9SMHhkNFVEZXNxODdIWVJnPQ
vary
Accept-Encoding
x-cache
BYPASS
content-type
image/jpeg
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
6147
ou.gif
wzywskfc7hsdqthwni0bkq-on.drv.tw/web/ 		603 KB
604 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wzywskfc7hsdqthwni0bkq-on.drv.tw/web/ou.gif
Requested by
Host: sharepointonline-com.netlify.app
URL: https://sharepointonline-com.netlify.app/encrypted.html?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.213.234.222 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-213-234-222.us-west-2.compute.amazonaws.com
Software
nginx/1.14.2 /
Resource Hash
5fbc55c7aca8515003db933fbfc27147afea85b30c666bee69d1a535c6e5d7fe

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sharepointonline-com.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 27 Oct 2021 16:25:46 GMT
last-modified
Fri, 22 Oct 2021 21:09:14 GMT
server
nginx/1.14.2
etag
0BxROxK1MuoRodnNGL0tFNVkwU3IvYmV2cVBaSkxvZGhDQ29RPQ
vary
Accept-Encoding
x-cache
BYPASS
content-type
image/gif
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
617715
truncated
/ 		73 KB
73 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
658cf43db24e9d4c57890e958aa74656a13139754de24f19e706f0a355279e4d

Request headers

Referer
Origin
https://sharepointonline-com.netlify.app
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
font/woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: OneDrive (Online)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| savepage_ShadowLoader

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload