onedrshapointooo.ufcfan.org

Summary

This website contacted 1 IPs in 1 countries across 3 domains to perform 7 HTTP transactions. The main IP is 66.23.235.102, located in Secaucus, United States and belongs to IS-AS-1, US. The main domain is onedrshapointooo.ufcfan.org.
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 21st 2020. Valid for: 3 months.

This is the only time onedrshapointooo.ufcfan.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: OneDrive (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.89.123.16 167.89.123.16	11377 (SENDGRID) (SENDGRID)
7	66.23.235.102 66.23.235.102	19318 (IS-AS-1) (IS-AS-1)
7	1

1 167.89.123.16 (United States) 1 redirects

ASN11377 (SENDGRID, US)
PTR: o16789123x16.outbound-mail.sendgrid.net

u7248037.ct.sendgrid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 66.23.235.102 (Secaucus, United States)

ASN19318 (IS-AS-1, US)
PTR: server.festivefoodslc.com

onedrvdocument.stufftoread.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
onedrshapointooo.ufcfan.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	ufcfan.org onedrshapointooo.ufcfan.org	191 KB
2	stufftoread.com onedrvdocument.stufftoread.com	91 KB
1	sendgrid.net 1 redirects u7248037.ct.sendgrid.net	347 B
7	3

	Domain	Requested by
5	onedrshapointooo.ufcfan.org	onedrvdocument.stufftoread.com onedrshapointooo.ufcfan.org
2	onedrvdocument.stufftoread.com	onedrvdocument.stufftoread.com
1	u7248037.ct.sendgrid.net	1 redirects
7	3

This site contains no links.

Subject Issuer	Validity	Valid
onedrvdocument.stufftoread.com cPanel, Inc. Certification Authority	`2020-07-21` - `2020-10-19`	3 months	crt.sh
onedrshapointooo.ufcfan.org cPanel, Inc. Certification Authority	`2020-07-21` - `2020-10-19`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://onedrshapointooo.ufcfan.org/?email=pacharya@DELOITTE.COM
Frame ID: C941CBCB770D352D7C52CC7FB94447A5
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://u7248037.ct.sendgrid.net/ls/click?upn=imsogg4OuTs022kPF2Y6N8ril8RR3x59SZSGi2gQOkqnwiamUhp1yt8ZoMxtDi7... HTTP 302
https://onedrvdocument.stufftoread.com/?frontend=cGFjaGFyeWFAREVMT0lUVEUuQ09N&utm_campaign=Marketing+Campaign&utm_s... Page URL
https://onedrshapointooo.ufcfan.org/?email=pacharya@DELOITTE.COM Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

1
IPs

1
Countries

282 kB
Transfer

280 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://u7248037.ct.sendgrid.net/ls/click?upn=imsogg4OuTs022kPF2Y6N8ril8RR3x59SZSGi2gQOkqnwiamUhp1yt8ZoMxtDi7c09sDwUWfoQ1KKeXZV4n0hdH-2FTmYAkrSYgQ2VECXX5DIBdbxllzD1U8LIeTuamwqt1Aw2HVw17rtm4Z-2BLShY-2BdykX4MZxH4fURvCfujzTA2ZbXzXJmvYUCQew4Yyjmx9Z9MCo5H-2FcIxCGtpBriN-2BikQ-3D-3DQCDK_DQ-2B1LT0LB9pULTnqScW7RRXStjAKft359XnAEkiL9XmJ9umiL7VcrPGW4gA7oXwWcfMF2zqUgM9-2B2ZHGECqanrwH8LgtRqbLMRKQhIvXQjqXnBAg-2Fbnlubbn0D-2Bd45BEcl-2FgS781lvM9U9SwfEnEIHfCn0CkHPX3qrA6l4M-2FvJ6KQSYfRLeLLz5zS5frRp8me2mFqhH2kpWOKc2yaE4kYEBi-2BXvJHUqEj-2FdqzefTwwc-3D HTTP 302
https://onedrvdocument.stufftoread.com/?frontend=cGFjaGFyeWFAREVMT0lUVEUuQ09N&utm_campaign=Marketing+Campaign&utm_source=Email&utm_medium=Email Page URL
https://onedrshapointooo.ufcfan.org/?email=pacharya@DELOITTE.COM Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://u7248037.ct.sendgrid.net/ls/click?upn=imsogg4OuTs022kPF2Y6N8ril8RR3x59SZSGi2gQOkqnwiamUhp1yt8ZoMxtDi7c09sDwUWfoQ1KKeXZV4n0hdH-2FTmYAkrSYgQ2VECXX5DIBdbxllzD1U8LIeTuamwqt1Aw2HVw17rtm4Z-2BLShY-2BdykX4MZxH4fURvCfujzTA2ZbXzXJmvYUCQew4Yyjmx9Z9MCo5H-2FcIxCGtpBriN-2BikQ-3D-3DQCDK_DQ-2B1LT0LB9pULTnqScW7RRXStjAKft359XnAEkiL9XmJ9umiL7VcrPGW4gA7oXwWcfMF2zqUgM9-2B2ZHGECqanrwH8LgtRqbLMRKQhIvXQjqXnBAg-2Fbnlubbn0D-2Bd45BEcl-2FgS781lvM9U9SwfEnEIHfCn0CkHPX3qrA6l4M-2FvJ6KQSYfRLeLLz5zS5frRp8me2mFqhH2kpWOKc2yaE4kYEBi-2BXvJHUqEj-2FdqzefTwwc-3D HTTP 302
https://onedrvdocument.stufftoread.com/?frontend=cGFjaGFyeWFAREVMT0lUVEUuQ09N&utm_campaign=Marketing+Campaign&utm_source=Email&utm_medium=Email

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response onedrvdocument.stufftoread.com/ Redirect Chain https://u7248037.ct.sendgrid.net/ls/click?upn=imsogg4OuTs022kPF2Y6N8ril8RR3x59SZSGi2gQOkqnwiamUhp1yt8ZoMxtDi7c09sDwUWfoQ1KKeXZV4n0hdH-2FTmYAkrSYgQ2VECXX5DIBdbxllzD1U8LIeTuamwqt1Aw2HVw17rtm4Z-2BLShY... https://onedrvdocument.stufftoread.com/?frontend=cGFjaGFyeWFAREVMT0lUVEUuQ09N&utm_campaign=Marketing+Campaign&utm_source=Email&utm_medium=Email	5 KB 6 KB	651ms 190ms	Document text/html	66.23.235.102 IS-AS-1
General Check archive.org Show headers Download Go to Full URL https://onedrvdocument.stufftoread.com/?frontend=cGFjaGFyeWFAREVMT0lUVEUuQ09N&utm_campaign=Marketing+Campaign&utm_source=Email&utm_medium=Email Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 66.23.235.102 Secaucus, United States, ASN19318 (IS-AS-1, US), Reverse DNS server.festivefoodslc.com Software Apache / Resource Hash `968f88bf6c1190f8cc1ccaab4a70492a662b05c93416553ae3d8428788f03da2` Request headers Host onedrvdocument.stufftoread.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 21 Jul 2020 06:29:36 GMT Server Apache Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Redirect headers Server nginx Date Tue, 21 Jul 2020 06:29:36 GMT Content-Type text/html; charset=utf-8 Content-Length 178 Connection keep-alive Location https://onedrvdocument.stufftoread.com/?frontend=cGFjaGFyeWFAREVMT0lUVEUuQ09N&utm_campaign=Marketing+Campaign&utm_source=Email&utm_medium=Email X-Robots-Tag noindex, nofollow
GET H/1.1	200 OK	jquery.min.js Show response onedrvdocument.stufftoread.com/js/	85 KB 85 KB	93ms 92ms	Script application/javascript	66.23.235.102 IS-AS-1
General Check archive.org Show headers Download Go to Full URL https://onedrvdocument.stufftoread.com/js/jquery.min.js Requested by Host: onedrvdocument.stufftoread.com URL: https://onedrvdocument.stufftoread.com/?frontend=cGFjaGFyeWFAREVMT0lUVEUuQ09N&utm_campaign=Marketing+Campaign&utm_source=Email&utm_medium=Email Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 66.23.235.102 Secaucus, United States, ASN19318 (IS-AS-1, US), Reverse DNS server.festivefoodslc.com Software Apache / Resource Hash `160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef` Request headers Referer https://onedrvdocument.stufftoread.com/?frontend=cGFjaGFyeWFAREVMT0lUVEUuQ09N&utm_campaign=Marketing+Campaign&utm_source=Email&utm_medium=Email User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 21 Jul 2020 06:29:37 GMT Last-Modified Tue, 30 Jan 2018 03:18:02 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 86927
GET H/1.1	200 OK	Primary Request / Show response onedrshapointooo.ufcfan.org/	6 KB 6 KB	506ms 94ms	Document text/html	66.23.235.102 IS-AS-1
General Check archive.org Show headers Download Go to Full URL https://onedrshapointooo.ufcfan.org/?email=pacharya@DELOITTE.COM Requested by Host: onedrvdocument.stufftoread.com URL: https://onedrvdocument.stufftoread.com/?frontend=cGFjaGFyeWFAREVMT0lUVEUuQ09N&utm_campaign=Marketing+Campaign&utm_source=Email&utm_medium=Email Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 66.23.235.102 Secaucus, United States, ASN19318 (IS-AS-1, US), Reverse DNS server.festivefoodslc.com Software Apache / Resource Hash `2d2830fe03a668d64eb79ae97be9b09251d0c44eb8e1cdadd988ae206738847f` Request headers Host onedrshapointooo.ufcfan.org Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest document Referer https://onedrvdocument.stufftoread.com/?frontend=cGFjaGFyeWFAREVMT0lUVEUuQ09N&utm_campaign=Marketing+Campaign&utm_source=Email&utm_medium=Email Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://onedrvdocument.stufftoread.com/?frontend=cGFjaGFyeWFAREVMT0lUVEUuQ09N&utm_campaign=Marketing+Campaign&utm_source=Email&utm_medium=Email Response headers Date Tue, 21 Jul 2020 06:29:42 GMT Server Apache Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	404 Not Found	point.gif onedrshapointooo.ufcfan.org/:abstract.simplenet.com/	315 B 315 B	92ms 91ms	Image text/html	66.23.235.102 IS-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://onedrshapointooo.ufcfan.org/:abstract.simplenet.com/point.gif Requested by Host: onedrshapointooo.ufcfan.org URL: https://onedrshapointooo.ufcfan.org/?email=pacharya@DELOITTE.COM Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 66.23.235.102 Secaucus, United States, ASN19318 (IS-AS-1, US), Reverse DNS server.festivefoodslc.com Software Apache / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers Referer https://onedrshapointooo.ufcfan.org/?email=pacharya@DELOITTE.COM User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 21 Jul 2020 06:29:42 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 315 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	point2.html onedrshapointooo.ufcfan.org/abstract.simplenet.com/	315 B 315 B	183ms 91ms	Image text/html	66.23.235.102 IS-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://onedrshapointooo.ufcfan.org/abstract.simplenet.com/point2.html Requested by Host: onedrshapointooo.ufcfan.org URL: https://onedrshapointooo.ufcfan.org/?email=pacharya@DELOITTE.COM Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 66.23.235.102 Secaucus, United States, ASN19318 (IS-AS-1, US), Reverse DNS server.festivefoodslc.com Software Apache / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers Referer https://onedrshapointooo.ufcfan.org/?email=pacharya@DELOITTE.COM User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 21 Jul 2020 06:29:42 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=98 Content-Length 315 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	logo.jpg onedrshapointooo.ufcfan.org/files/	82 KB 83 KB	274ms 92ms	Image image/jpeg	66.23.235.102 IS-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://onedrshapointooo.ufcfan.org/files/logo.jpg Requested by Host: onedrshapointooo.ufcfan.org URL: https://onedrshapointooo.ufcfan.org/?email=pacharya@DELOITTE.COM Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 66.23.235.102 Secaucus, United States, ASN19318 (IS-AS-1, US), Reverse DNS server.festivefoodslc.com Software Apache / Resource Hash `21307da7adc5e8938405ce5202b788a129e90a226bc75e51afa8e9d1e55ef04e` Request headers Referer https://onedrshapointooo.ufcfan.org/?email=pacharya@DELOITTE.COM User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 21 Jul 2020 06:29:43 GMT Last-Modified Sun, 14 May 2017 12:41:20 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 84348
GET H/1.1	200 OK	loader.gif onedrshapointooo.ufcfan.org/files/	101 KB 101 KB	273ms 91ms	Image image/gif	66.23.235.102 IS-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://onedrshapointooo.ufcfan.org/files/loader.gif Requested by Host: onedrshapointooo.ufcfan.org URL: https://onedrshapointooo.ufcfan.org/?email=pacharya@DELOITTE.COM Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 66.23.235.102 Secaucus, United States, ASN19318 (IS-AS-1, US), Reverse DNS server.festivefoodslc.com Software Apache / Resource Hash `3bfed2833f76afe747cd3ea2f0dd04dd00420e418706de65d9449b9dbf036e78` Request headers Referer https://onedrshapointooo.ufcfan.org/?email=pacharya@DELOITTE.COM User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 21 Jul 2020 06:29:43 GMT Last-Modified Sun, 20 Sep 2015 18:24:20 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 103415

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: OneDrive (Online)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

onedrshapointooo.ufcfan.org
onedrvdocument.stufftoread.com
u7248037.ct.sendgrid.net
167.89.123.16
66.23.235.102
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
21307da7adc5e8938405ce5202b788a129e90a226bc75e51afa8e9d1e55ef04e
2d2830fe03a668d64eb79ae97be9b09251d0c44eb8e1cdadd988ae206738847f
3bfed2833f76afe747cd3ea2f0dd04dd00420e418706de65d9449b9dbf036e78
968f88bf6c1190f8cc1ccaab4a70492a662b05c93416553ae3d8428788f03da2
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

onedrshapointooo.ufcfan.org Open in urlscan Pro 66.23.235.102 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

1 IPs

1 Countries

282 kBTransfer

280 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

16 JavaScript Global Variables

0 Cookies

Indicators

onedrshapointooo.ufcfan.org Open in urlscan Pro
66.23.235.102 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

1
IPs

1
Countries

282 kB
Transfer

280 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!