onedrivedocumentsoc.onthewifi.com
Open in
urlscan Pro
66.23.235.102
Malicious Activity!
Public Scan
Effective URL: https://onedrivedocumentsoc.onthewifi.com/?email=ey@cz.ey.com
Submission: On July 21 via manual from IN
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 21st 2020. Valid for: 3 months.
This is the only time onedrivedocumentsoc.onthewifi.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OneDrive (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 167.89.123.16 167.89.123.16 | 11377 (SENDGRID) (SENDGRID) | |
7 | 66.23.235.102 66.23.235.102 | 19318 (IS-AS-1) (IS-AS-1) | |
7 | 1 |
ASN11377 (SENDGRID, US)
PTR: o16789123x16.outbound-mail.sendgrid.net
u7248037.ct.sendgrid.net |
ASN19318 (IS-AS-1, US)
PTR: server.festivefoodslc.com
onedrvdocument.stufftoread.com | |
onedrivedocumentsoc.onthewifi.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
onthewifi.com
onedrivedocumentsoc.onthewifi.com |
191 KB |
2 |
stufftoread.com
onedrvdocument.stufftoread.com |
91 KB |
1 |
sendgrid.net
1 redirects
u7248037.ct.sendgrid.net |
335 B |
7 | 3 |
Domain | Requested by | |
---|---|---|
5 | onedrivedocumentsoc.onthewifi.com |
onedrvdocument.stufftoread.com
onedrivedocumentsoc.onthewifi.com |
2 | onedrvdocument.stufftoread.com |
onedrvdocument.stufftoread.com
|
1 | u7248037.ct.sendgrid.net | 1 redirects |
7 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
onedrvdocument.stufftoread.com cPanel, Inc. Certification Authority |
2020-07-21 - 2020-10-19 |
3 months | crt.sh |
onedrivedocumentsoc.onthewifi.com cPanel, Inc. Certification Authority |
2020-07-21 - 2020-10-19 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://onedrivedocumentsoc.onthewifi.com/?email=ey@cz.ey.com
Frame ID: 7A7CBDFABAD1EB551A774E8E1D1BEBFC
Requests: 7 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://u7248037.ct.sendgrid.net/ls/click?upn=imsogg4OuTs022kPF2Y6N8ril8RR3x59SZSGi2gQOkqnwiamUhp1yt8ZoMxtDi7...
HTTP 302
https://onedrvdocument.stufftoread.com/?frontend=ZXlAY3ouZXkuY29t&utm_source=Email&utm_medium=Email&utm_campaign=Ma... Page URL
- https://onedrivedocumentsoc.onthewifi.com/?email=ey@cz.ey.com Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://u7248037.ct.sendgrid.net/ls/click?upn=imsogg4OuTs022kPF2Y6N8ril8RR3x59SZSGi2gQOkqnwiamUhp1yt8ZoMxtDi7cQsI6RJZy-2BZIcyHoRQYBOr8AO2S4TKZcBCehIkO5spei-2FBhwvAytVzHiDcRJ8O-2BuZZkdmPAUFxhK5WIRngE-2FgqX2hEfD99Dw7gja7SBtopgErNtv7ccswttGvyvte1Paf8h7z_hgMKfvF58xPH3wqBM7R4oTUgKU-2FLfdBsquc1cwr1n2jFeyotvFVAKE39y-2BxGnO0RSPuvFEAoiQgoAoM6FZ5V3bVzU0Es33bRT88gpMFff796moV8CDJaSvi-2BcupSfZvCHw-2FS-2FMw0QVk1GNCdBVVS3k8xfDqU47hOaFDZzNZ5VOB-2BNNCyNxRnkezhEZicuPxnXhj04Y68EUwNfEeI2f26EQ-3D-3D
HTTP 302
https://onedrvdocument.stufftoread.com/?frontend=ZXlAY3ouZXkuY29t&utm_source=Email&utm_medium=Email&utm_campaign=Marketing+Campaign Page URL
- https://onedrivedocumentsoc.onthewifi.com/?email=ey@cz.ey.com Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://u7248037.ct.sendgrid.net/ls/click?upn=imsogg4OuTs022kPF2Y6N8ril8RR3x59SZSGi2gQOkqnwiamUhp1yt8ZoMxtDi7cQsI6RJZy-2BZIcyHoRQYBOr8AO2S4TKZcBCehIkO5spei-2FBhwvAytVzHiDcRJ8O-2BuZZkdmPAUFxhK5WIRngE-2FgqX2hEfD99Dw7gja7SBtopgErNtv7ccswttGvyvte1Paf8h7z_hgMKfvF58xPH3wqBM7R4oTUgKU-2FLfdBsquc1cwr1n2jFeyotvFVAKE39y-2BxGnO0RSPuvFEAoiQgoAoM6FZ5V3bVzU0Es33bRT88gpMFff796moV8CDJaSvi-2BcupSfZvCHw-2FS-2FMw0QVk1GNCdBVVS3k8xfDqU47hOaFDZzNZ5VOB-2BNNCyNxRnkezhEZicuPxnXhj04Y68EUwNfEeI2f26EQ-3D-3D HTTP 302
- https://onedrvdocument.stufftoread.com/?frontend=ZXlAY3ouZXkuY29t&utm_source=Email&utm_medium=Email&utm_campaign=Marketing+Campaign
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
onedrvdocument.stufftoread.com/ Redirect Chain
|
5 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
onedrvdocument.stufftoread.com/js/ |
85 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
onedrivedocumentsoc.onthewifi.com/ |
6 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
point.gif
onedrivedocumentsoc.onthewifi.com/:abstract.simplenet.com/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
point2.html
onedrivedocumentsoc.onthewifi.com/abstract.simplenet.com/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.jpg
onedrivedocumentsoc.onthewifi.com/files/ |
82 KB 83 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loader.gif
onedrivedocumentsoc.onthewifi.com/files/ |
101 KB 101 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OneDrive (Online)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| preloadimages number| intervals string| targetdestination object| splashmessage string| openingtags string| closingtags number| ns4 number| ie4 number| ns6 object| theimages function| displaysplash function| displaysplash_ns function| positionsplashcontainer number| p number| jv object| sc_cross0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
onedrivedocumentsoc.onthewifi.com
onedrvdocument.stufftoread.com
u7248037.ct.sendgrid.net
167.89.123.16
66.23.235.102
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
212c51ebe42e514d95cd4840b4444403e86542f5fbd26d0a894040db38746f10
21307da7adc5e8938405ce5202b788a129e90a226bc75e51afa8e9d1e55ef04e
3bfed2833f76afe747cd3ea2f0dd04dd00420e418706de65d9449b9dbf036e78
d04302f186f1146173a74b8efd1aa298a771a26235baf6dbc723bd14e274f1d3
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3