frenkel.cl
Open in
urlscan Pro
200.114.94.146
Malicious Activity!
Public Scan
Effective URL: https://frenkel.cl/dev/sharedLinkStm/wamp.php?cramp=020202
Submission: On February 11 via api from AU — Scanned from DE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 11th 2022. Valid for: 3 months.
This is the only time frenkel.cl was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OneDrive (Online) Sharepoint (Online) Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 136.243.67.73 136.243.67.73 | 24940 (HETZNER-AS) (HETZNER-AS) | |
9 | 200.114.94.146 200.114.94.146 | 28120 (Arquicomp...) (Arquicomp Ltda.) | |
1 | 2a02:26f0:ef:... 2a02:26f0:ef::5c7b:c2ac | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 13.107.136.9 13.107.136.9 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2a03:5f80:a::... 2a03:5f80:a::b212:e7d1 | 50952 (DATAIX-AS...) (DATAIX-AS Peering Ltd.) | |
1 | 95.101.88.177 95.101.88.177 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
13 | 6 |
ASN20940 (AKAMAI-ASN1, NL)
statica.akamai.odsp.cdn.office.net |
ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
etclocal.sharepoint.com |
ASN50952 (DATAIX-AS Peering Ltd., RU)
modernb.akamai.odsp.cdn.office.net |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-88-177.deploy.static.akamaitechnologies.com
spoprod-a.akamaihd.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
frenkel.cl
frenkel.cl |
14 KB |
2 |
office.net
statica.akamai.odsp.cdn.office.net — Cisco Umbrella Rank: 2074 modernb.akamai.odsp.cdn.office.net — Cisco Umbrella Rank: 988 |
44 KB |
1 |
akamaihd.net
spoprod-a.akamaihd.net — Cisco Umbrella Rank: 2174 |
956 B |
1 |
sharepoint.com
etclocal.sharepoint.com |
4 KB |
1 |
zeromiles.net.in
1 redirects
zeromiles.net.in |
239 B |
13 | 5 |
Domain | Requested by | |
---|---|---|
9 | frenkel.cl |
frenkel.cl
|
1 | spoprod-a.akamaihd.net | |
1 | modernb.akamai.odsp.cdn.office.net |
statica.akamai.odsp.cdn.office.net
|
1 | etclocal.sharepoint.com |
frenkel.cl
|
1 | statica.akamai.odsp.cdn.office.net |
frenkel.cl
|
1 | zeromiles.net.in | 1 redirects |
13 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
go.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
frenkel.cl cPanel, Inc. Certification Authority |
2022-02-11 - 2022-05-12 |
3 months | crt.sh |
wildcard.akamai.odsp.cdn.office.net Microsoft RSA TLS CA 01 |
2021-07-01 - 2022-07-01 |
a year | crt.sh |
*.sharepoint.com DigiCert Cloud Services CA-1 |
2021-06-22 - 2022-06-21 |
a year | crt.sh |
a248.e.akamai.net DigiCert SHA2 Secure Server CA |
2021-07-15 - 2022-07-20 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://frenkel.cl/dev/sharedLinkStm/wamp.php?cramp=020202
Frame ID: 1DAFF4A1BA3F74F0EDBB0CEC2DC08374
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
Sharing Link ValidationPage URL History Show full URLs
-
https://zeromiles.net.in/adobe.html
HTTP 301
https://frenkel.cl/dev/sharedLinkStm/wamp.php?cramp=020202 Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
RequireJS (JavaScript Frameworks) Expand
Detected patterns
- require.*\.js
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Privacy & Cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://zeromiles.net.in/adobe.html
HTTP 301
https://frenkel.cl/dev/sharedLinkStm/wamp.php?cramp=020202 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
wamp.php
frenkel.cl/dev/sharedLinkStm/ Redirect Chain
|
43 KB 14 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
WebResource.axd
frenkel.cl/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
require.js
statica.akamai.odsp.cdn.office.net/bld/_layouts/15/16.0.21701.12006/ |
17 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ScriptResource.axd
frenkel.cl/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ScriptResource.axd
frenkel.cl/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ScriptResource.axd
frenkel.cl/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft-logo.png
etclocal.sharepoint.com/_layouts/15/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft-logo.png
frenkel.cl/_layouts/15/images/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ScriptResource.axd
frenkel.cl/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ScriptResource.axd
frenkel.cl/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ScriptResource.axd
frenkel.cl/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 2 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spoguestaccess-74b74b08.js
modernb.akamai.odsp.cdn.office.net/files/odsp-web-prod_2021-09-03.002/brotli/ |
158 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pdf.png
spoprod-a.akamaihd.net/files/fabric-cdn-prod_20210115.001/assets/item-types/32/ |
433 B 956 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OneDrive (Online) Sharepoint (Online) Microsoft (Consumer)60 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| __tti number| g_responseEnd object| FabricConfig string| __odsp_culture object| __odspSriHashes object| __odsp_libraryScripts object| _spModuleLink function| setImageUrl function| _spBodyOnLoad undefined| theForm function| __doPostBack string| MSOWebPartPageFormName function| requirejs function| require function| define function| WebForm_OnSubmit function| _spFormOnSubmitWrapper function| onFormSubmit object| checkboxes function| onInputChange function| showToastNotification object| dismiss function| dismissNotification undefined| validateFunction function| ValidateCode object| Page_Validators object| RequireTOAACode object| ValidateTOAACodeText object| InvalidTOAACode boolean| _fV4UI boolean| Page_ValidationActive function| ValidatorOnSubmit string| __backupBaseUrl object| __cdnFailOverState function| __assign function| __extends function| __rest function| __decorate function| __param function| __metadata function| __awaiter function| __generator function| __exportStar function| __values function| __read function| __spread function| __spreadArrays function| __await function| __asyncGenerator function| __asyncDelegator function| __asyncValues function| __makeTemplateObject function| __importStar function| __importDefault object| __packages__ object| __themeState__ object| __stylesheet__ number| __currentId__ object| __globalSettings__0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
etclocal.sharepoint.com
frenkel.cl
modernb.akamai.odsp.cdn.office.net
spoprod-a.akamaihd.net
statica.akamai.odsp.cdn.office.net
zeromiles.net.in
13.107.136.9
136.243.67.73
200.114.94.146
2a02:26f0:ef::5c7b:c2ac
2a03:5f80:a::b212:e7d1
95.101.88.177
29b7a9358abdc68c51db5a5af4a4f4e2e041a67527adee2366b1f84f116fe9a5
2d92f0ce8491d2f9a27ea16d261a15089c4a9be879d1eedcb6f4a3859e7f1999
5c9817ef0859ab7e478e89e9c9a598fb1e5ae2e8247a0df946615d1a3c9f26a6
6cbf091cca3e7a547130fbcd66f193a63a6fdb164906ab7050a013df7754da77
825de044d5ac6442a094ff95099f9f67e9249a8110a2fbd57128285776632adb
c496f9c13d0bab6c5055b9c536125a5a06fc8aac29f1e35a0119f1181bde6b67
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3