unitedglass.net Open in urlscan Pro
198.12.209.194 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://u9874724.ct.sendgrid.net/ls/click?upn=nwut4Q1J6SwNfSZpiwdXiGCyaL1hYVjGzPVG-2BcIsQFcsGKDvr8zRuVlGRs0hznXXhWNOB0dytu6pLn07c...
Effective URL:
https://unitedglass.net/filetype/cmd-login=ef8acdd149a6d630d80645ff9a46eb95/c9c4cp4de51zlks52vbijskv.php?rand=13InboxLig...
Submission: On September 21 via manual (September 21st 2020, 4:26:32 pm UTC) from US

Summary HTTP 22 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 22 HTTP transactions. The main IP is 198.12.209.194, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is unitedglass.net.
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 21st 2020. Valid for: 3 months.

This is the only time unitedglass.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.89.115.54 167.89.115.54	11377 (SENDGRID) (SENDGRID)
2 16	198.12.209.194 198.12.209.194	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
1	192.229.221.185 192.229.221.185	15133 (EDGECAST) (EDGECAST)
7	2a02:26f0:10c... 2a02:26f0:10c:5af::753	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
22	3

1 167.89.115.54 (United States) 1 redirects

ASN11377 (SENDGRID, US)
PTR: o16789115x54.outbound-mail.sendgrid.net

u9874724.ct.sendgrid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 198.12.209.194 (Scottsdale, United States) 2 redirects

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-198-12-209-194.ip.secureserver.net

unitedglass.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.229.221.185 (United States)

ASN15133 (EDGECAST, US)

logincdn.msauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:26f0:10c:5af::753 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

r4.res.office365.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	unitedglass.net 2 redirects unitedglass.net	739 KB
7	office365.com r4.res.office365.com	707 KB
1	msauth.net logincdn.msauth.net	1 KB
1	sendgrid.net 1 redirects u9874724.ct.sendgrid.net	274 B
22	4

	Domain	Requested by
16	unitedglass.net	2 redirects unitedglass.net
7	r4.res.office365.com	unitedglass.net
1	logincdn.msauth.net	unitedglass.net
1	u9874724.ct.sendgrid.net	1 redirects
22	4

This site contains links to these domains. Also see Links.

Domain
account.live.com
login.live.com

Subject Issuer	Validity	Valid
unitedglass.net cPanel, Inc. Certification Authority	`2020-09-21` - `2020-12-20`	3 months	crt.sh
identitycdn.msauth.net DigiCert SHA2 Secure Server CA	`2020-07-20` - `2021-07-20`	a year	crt.sh
*.res.outlook.com Microsoft IT TLS CA 2	`2019-10-21` - `2021-10-21`	2 years	crt.sh

This page contains 2 frames:

Primary Page: https://unitedglass.net/filetype/cmd-login=ef8acdd149a6d630d80645ff9a46eb95/c9c4cp4de51zlks52vbijskv.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=christopher.connors@us.army.mil&loginpage=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Frame ID: E57DE0FE8A9B64EBA299EFE1A7E638EF
Requests: 7 HTTP requests in this frame

Frame: https://unitedglass.net/filetype/cmd-login=ef8acdd149a6d630d80645ff9a46eb95/owa_files/prefetch.html
Frame ID: 2498A2BC49D3C5EE49627C3050923835
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://u9874724.ct.sendgrid.net/ls/click?upn=nwut4Q1J6SwNfSZpiwdXiGCyaL1hYVjGzPVG-2BcIsQFcsGKDvr8zRuVlGRs0hz... HTTP 302
https://unitedglass.net/filetype/?email=christopher.connors@us.army.mil HTTP 302
https://unitedglass.net/filetype/cmd-login=ef8acdd149a6d630d80645ff9a46eb95/?email=christopher.conno... HTTP 302
https://unitedglass.net/filetype/cmd-login=ef8acdd149a6d630d80645ff9a46eb95/c9c4cp4de51zlks52vbijskv... Page URL

Detected technologies

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

22
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

1447 kB
Transfer

5806 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3fwa%3dwsignin1.0%26rpsnv%3d13%26ct%3d1589464082%26rver%3d7.0.6737.0%26wp%3dMBI_SSL%26wreply%3dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbff6786c-bfc5-310c-dbbe-424927da5873%26id%3d292841%26aadredir%3d1%26CBCXT%3dout%26lw%3d1%26fl%3ddob%252cflname%252cwld%26cobrandid%3d90015%26contextid%3d5DF3C84FA669EBB8%26bk%3d1589464264&id=292841&uiflavor=web&cobrandid=90015&uaid=36c5fc403268425b93d101ac433bf755&mkt=EN-US&lc=1033&bk=1589464264
Title: Forgot password?

Search URL Search Domain Scan URL

URL: https://login.live.com/pp1600/
Title: Sign in with a security key

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=WinLiveTermsOfUse&mkt=EN-US&vv=1600&uaid=36c5fc403268425b93d101ac433bf755
Title: Terms of use

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=MSNPrivacyStatement&mkt=EN-US&vv=1600&uaid=36c5fc403268425b93d101ac433bf755
Title: Privacy & cookies

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://u9874724.ct.sendgrid.net/ls/click?upn=nwut4Q1J6SwNfSZpiwdXiGCyaL1hYVjGzPVG-2BcIsQFcsGKDvr8zRuVlGRs0hznXXhWNOB0dytu6pLn07cSFS-2B0hbMouWtL-2BrMOpEsKy2jMI-3Dggi7_Zf9noBSXp6zmd8gcAmse0FrukMv1gmKV8h7pszl0enz5GkdgeixmsFBbMa2Wg919ZhwvZKaJvwyG8skfOIH2CoM2DkC4gGhdk6CbuPqjH0deX-2B2nDeXBBw3YctZzcewVE-2BTjtk11dU5eCcRG4Hdhe5qRD64u32aJx00DZVwKZ5h3hVPzgreEug4fqjTuSWIjZVNFoPcEWevZrIeP2m0-2FPrtZZ4W7rQYvUxSbB1xJjoU6-2FKttyMugvZfHdgwj3F0Q HTTP 302
https://unitedglass.net/filetype/?email=christopher.connors@us.army.mil HTTP 302
https://unitedglass.net/filetype/cmd-login=ef8acdd149a6d630d80645ff9a46eb95/?email=christopher.connors@us.army.mil&loginpage=&reff=MzI3ZTBmNmMwNzY1ZjlmNTkyNmM2ZTY1ZDgzNDZhMTY= HTTP 302
https://unitedglass.net/filetype/cmd-login=ef8acdd149a6d630d80645ff9a46eb95/c9c4cp4de51zlks52vbijskv.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=christopher.connors@us.army.mil&loginpage=&.rand=13InboxLight.aspx?n=1774256418&fid=4 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request c9c4cp4de51zlks52vbijskv.php Show response
unitedglass.net/filetype/cmd-login=ef8acdd149a6d630d80645ff9a46eb95/
Redirect Chain

https://u9874724.ct.sendgrid.net/ls/click?upn=nwut4Q1J6SwNfSZpiwdXiGCyaL1hYVjGzPVG-2BcIsQFcsGKDvr8zRuVlGRs0hznXXhWNOB0dytu6pLn07cSFS-2B0hbMouWtL-2BrMOpEsKy2jMI-3Dggi7_Zf9noBSXp6zmd8gcAmse0FrukMv1gm...
https://unitedglass.net/filetype/?email=christopher.connors@us.army.mil
https://unitedglass.net/filetype/cmd-login=ef8acdd149a6d630d80645ff9a46eb95/?email=christopher.connors@us.army.mil&loginpage=&reff=MzI3ZTBmNmMwNzY1ZjlmNTkyNmM2ZTY1ZDgzNDZhMTY=
https://unitedglass.net/filetype/cmd-login=ef8acdd149a6d630d80645ff9a46eb95/c9c4cp4de51zlks52vbijskv.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.17742...

26 KB
6 KB

160ms
160ms

Document
text/html

198.12.209.194
AS-26496-GO-DADDY...

General

unitedglass.net Open in urlscan Pro 198.12.209.194 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

22 Requests

100 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

3 IPs

2 Countries

1447 kBTransfer

5806 kBSize

0 Cookies

4 Outgoing links

Page URL History

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

unitedglass.net Open in urlscan Pro
198.12.209.194 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

1447 kB
Transfer

5806 kB
Size

0
Cookies

22 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!