onedrshapointooo.ufcfan.org
Open in
urlscan Pro
66.23.235.102
Malicious Activity!
Public Scan
Effective URL: https://onedrshapointooo.ufcfan.org/?email=pacharya@DELOITTE.COM
Submission: On July 21 via manual from IN
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 21st 2020. Valid for: 3 months.
This is the only time onedrshapointooo.ufcfan.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OneDrive (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 167.89.123.16 167.89.123.16 | 11377 (SENDGRID) (SENDGRID) | |
7 | 66.23.235.102 66.23.235.102 | 19318 (IS-AS-1) (IS-AS-1) | |
7 | 1 |
ASN11377 (SENDGRID, US)
PTR: o16789123x16.outbound-mail.sendgrid.net
u7248037.ct.sendgrid.net |
ASN19318 (IS-AS-1, US)
PTR: server.festivefoodslc.com
onedrvdocument.stufftoread.com | |
onedrshapointooo.ufcfan.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
ufcfan.org
onedrshapointooo.ufcfan.org |
191 KB |
2 |
stufftoread.com
onedrvdocument.stufftoread.com |
91 KB |
1 |
sendgrid.net
1 redirects
u7248037.ct.sendgrid.net |
347 B |
7 | 3 |
Domain | Requested by | |
---|---|---|
5 | onedrshapointooo.ufcfan.org |
onedrvdocument.stufftoread.com
onedrshapointooo.ufcfan.org |
2 | onedrvdocument.stufftoread.com |
onedrvdocument.stufftoread.com
|
1 | u7248037.ct.sendgrid.net | 1 redirects |
7 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
onedrvdocument.stufftoread.com cPanel, Inc. Certification Authority |
2020-07-21 - 2020-10-19 |
3 months | crt.sh |
onedrshapointooo.ufcfan.org cPanel, Inc. Certification Authority |
2020-07-21 - 2020-10-19 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://onedrshapointooo.ufcfan.org/?email=pacharya@DELOITTE.COM
Frame ID: C941CBCB770D352D7C52CC7FB94447A5
Requests: 7 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://u7248037.ct.sendgrid.net/ls/click?upn=imsogg4OuTs022kPF2Y6N8ril8RR3x59SZSGi2gQOkqnwiamUhp1yt8ZoMxtDi7...
HTTP 302
https://onedrvdocument.stufftoread.com/?frontend=cGFjaGFyeWFAREVMT0lUVEUuQ09N&utm_campaign=Marketing+Campaign&utm_s... Page URL
- https://onedrshapointooo.ufcfan.org/?email=pacharya@DELOITTE.COM Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://u7248037.ct.sendgrid.net/ls/click?upn=imsogg4OuTs022kPF2Y6N8ril8RR3x59SZSGi2gQOkqnwiamUhp1yt8ZoMxtDi7c09sDwUWfoQ1KKeXZV4n0hdH-2FTmYAkrSYgQ2VECXX5DIBdbxllzD1U8LIeTuamwqt1Aw2HVw17rtm4Z-2BLShY-2BdykX4MZxH4fURvCfujzTA2ZbXzXJmvYUCQew4Yyjmx9Z9MCo5H-2FcIxCGtpBriN-2BikQ-3D-3DQCDK_DQ-2B1LT0LB9pULTnqScW7RRXStjAKft359XnAEkiL9XmJ9umiL7VcrPGW4gA7oXwWcfMF2zqUgM9-2B2ZHGECqanrwH8LgtRqbLMRKQhIvXQjqXnBAg-2Fbnlubbn0D-2Bd45BEcl-2FgS781lvM9U9SwfEnEIHfCn0CkHPX3qrA6l4M-2FvJ6KQSYfRLeLLz5zS5frRp8me2mFqhH2kpWOKc2yaE4kYEBi-2BXvJHUqEj-2FdqzefTwwc-3D
HTTP 302
https://onedrvdocument.stufftoread.com/?frontend=cGFjaGFyeWFAREVMT0lUVEUuQ09N&utm_campaign=Marketing+Campaign&utm_source=Email&utm_medium=Email Page URL
- https://onedrshapointooo.ufcfan.org/?email=pacharya@DELOITTE.COM Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://u7248037.ct.sendgrid.net/ls/click?upn=imsogg4OuTs022kPF2Y6N8ril8RR3x59SZSGi2gQOkqnwiamUhp1yt8ZoMxtDi7c09sDwUWfoQ1KKeXZV4n0hdH-2FTmYAkrSYgQ2VECXX5DIBdbxllzD1U8LIeTuamwqt1Aw2HVw17rtm4Z-2BLShY-2BdykX4MZxH4fURvCfujzTA2ZbXzXJmvYUCQew4Yyjmx9Z9MCo5H-2FcIxCGtpBriN-2BikQ-3D-3DQCDK_DQ-2B1LT0LB9pULTnqScW7RRXStjAKft359XnAEkiL9XmJ9umiL7VcrPGW4gA7oXwWcfMF2zqUgM9-2B2ZHGECqanrwH8LgtRqbLMRKQhIvXQjqXnBAg-2Fbnlubbn0D-2Bd45BEcl-2FgS781lvM9U9SwfEnEIHfCn0CkHPX3qrA6l4M-2FvJ6KQSYfRLeLLz5zS5frRp8me2mFqhH2kpWOKc2yaE4kYEBi-2BXvJHUqEj-2FdqzefTwwc-3D HTTP 302
- https://onedrvdocument.stufftoread.com/?frontend=cGFjaGFyeWFAREVMT0lUVEUuQ09N&utm_campaign=Marketing+Campaign&utm_source=Email&utm_medium=Email
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
onedrvdocument.stufftoread.com/ Redirect Chain
|
5 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
onedrvdocument.stufftoread.com/js/ |
85 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
onedrshapointooo.ufcfan.org/ |
6 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
point.gif
onedrshapointooo.ufcfan.org/:abstract.simplenet.com/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
point2.html
onedrshapointooo.ufcfan.org/abstract.simplenet.com/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.jpg
onedrshapointooo.ufcfan.org/files/ |
82 KB 83 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loader.gif
onedrshapointooo.ufcfan.org/files/ |
101 KB 101 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OneDrive (Online)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| preloadimages number| intervals string| targetdestination object| splashmessage string| openingtags string| closingtags number| ns4 number| ie4 number| ns6 object| theimages function| displaysplash function| displaysplash_ns function| positionsplashcontainer number| p number| jv object| sc_cross0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
onedrshapointooo.ufcfan.org
onedrvdocument.stufftoread.com
u7248037.ct.sendgrid.net
167.89.123.16
66.23.235.102
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
21307da7adc5e8938405ce5202b788a129e90a226bc75e51afa8e9d1e55ef04e
2d2830fe03a668d64eb79ae97be9b09251d0c44eb8e1cdadd988ae206738847f
3bfed2833f76afe747cd3ea2f0dd04dd00420e418706de65d9449b9dbf036e78
968f88bf6c1190f8cc1ccaab4a70492a662b05c93416553ae3d8428788f03da2
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3