sortapick.com Open in urlscan Pro
2606:4700:30::681f:53c2 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://sortapick.com/muno/onedrive/index.html
Submission: On October 10 via automatic, source openphish (October 10th 2019, 12:15:04 am UTC)

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 9 HTTP transactions. The main IP is 2606:4700:30::681f:53c2, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is sortapick.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on October 8th 2019. Valid for: a year.

This is the only time sortapick.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: OneDrive (Online)

Domain & IP information

	IP Address	AS Autonomous System
7	2606:4700:30:... 2606:4700:30::681f:53c2	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	172.227.98.73 172.227.98.73	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	95.100.73.41 95.100.73.41	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
9	3

7 2606:4700:30::681f:53c2 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

sortapick.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.227.98.73 (United States)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a172-227-98-73.deploy.static.akamaitechnologies.com

img1.wsimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.100.73.41 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-100-73-41.deploy.static.akamaitechnologies.com

img.secureserver.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	sortapick.com sortapick.com	83 KB
1	secureserver.net img.secureserver.net	634 B
1	wsimg.com img1.wsimg.com	5 KB
9	3

	Domain	Requested by
7	sortapick.com	sortapick.com
1	img.secureserver.net
1	img1.wsimg.com	sortapick.com
9	3

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-10-08` - `2020-10-07`	a year	crt.sh
*.wsimg.com Starfield Secure Certificate Authority - G2	`2018-09-25` - `2020-09-25`	2 years	crt.sh
*.secureserver.net Starfield Secure Certificate Authority - G2	`2016-11-01` - `2019-11-01`	3 years	crt.sh

This page contains 1 frames:

Primary Page: https://sortapick.com/muno/onedrive/index.html
Frame ID: 409937A2A5CB5CB14B54D372FD4DFB3C
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

9
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

88 kB
Transfer

100 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request index.html Show response
sortapick.com/muno/onedrive/ 3 KB
1 KB 307ms
255ms Document
text/html 2606:4700:30::681f:53c2
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://sortapick.com/muno/onedrive/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681f:53c2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 84c657ecd62cac74ac5097a790bd4aa7aef2ef99e0b6fdc228c0d4a8d105b8db

Request headers

:method: GET
:authority: sortapick.com
:scheme: https
:path: /muno/onedrive/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1

Response headers

status: 200
date: Thu, 10 Oct 2019 00:14:47 GMT
content-type: text/html
set-cookie: __cfduid=dcd00c6ae7a0fcc32e4b1ef4622a1809d1570666487; expires=Fri, 09-Oct-20 00:14:47 GMT; path=/; domain=.sortapick.com; HttpOnly
last-modified: Thu, 26 Sep 2019 23:55:08 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 52346567ec41cbac-VIE
content-encoding: br

GET
H2 200 style.css
sortapick.com/muno/onedrive/css/ 7 KB
2 KB 120ms
120ms Stylesheet
text/css 2606:4700:30::681f:53c2
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://sortapick.com/muno/onedrive/css/style.css
Requested by: Host: sortapick.com
URL: https://sortapick.com/muno/onedrive/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681f:53c2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8b6f4695dc21b84e13ac8c36a2d4b08bf06a31a739ecb04e4a93d0d7b3863c10

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://sortapick.com/muno/onedrive/index.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 10 Oct 2019 00:14:47 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 26 Sep 2019 18:51:34 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=14400
cf-ray: 5234656c9a1ccbac-VIE
expires: Thu, 10 Oct 2019 04:14:47 GMT

GET
H2 200 tcc_l.combined.1.0.6.min.js Show response
img1.wsimg.com/tcc/ 12 KB
5 KB 28ms
12ms Script
application/javascript 172.227.98.73
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js
Requested by: Host: sortapick.com
URL: https://sortapick.com/muno/onedrive/index.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 172.227.98.73 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a172-227-98-73.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: aa5c1ec4d2ea00eb517eadeb3b65e55b577b7a5ed42d7c2611d15d9050c18350

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://sortapick.com/muno/onedrive/index.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 10 Oct 2019 00:14:47 GMT
content-encoding: gzip
last-modified: Fri, 31 Mar 2017 16:26:41 GMT
status: 200
etag: "52ef5c943baad21:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 4564
expires: Fri, 09 Oct 2020 00:14:47 GMT

GET
H2 200 cap.jpg
sortapick.com/muno/onedrive/css/ 60 KB
60 KB 250ms
250ms Image
image/jpeg 2606:4700:30::681f:53c2
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sortapick.com/muno/onedrive/css/cap.jpg
Requested by: Host: sortapick.com
URL: https://sortapick.com/muno/onedrive/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681f:53c2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2f803343eba5332eb16b3d3838d128c3ec6792c0a4a4824c699a193e97bdb33

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://sortapick.com/muno/onedrive/css/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 10 Oct 2019 00:14:48 GMT
cf-cache-status: REVALIDATED
last-modified: Thu, 26 Apr 2018 01:34:20 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 5234656d5aefcbac-VIE
content-length: 60977
expires: Thu, 10 Oct 2019 04:14:48 GMT

GET
H2 200 oneDrive.png
sortapick.com/muno/onedrive/img/ 15 KB
15 KB 105ms
104ms Image
image/png 2606:4700:30::681f:53c2
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sortapick.com/muno/onedrive/img/oneDrive.png
Requested by: Host: sortapick.com
URL: https://sortapick.com/muno/onedrive/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681f:53c2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c010eda9ab4ad066a43d0b7fd4fe7f2be2e849af38db2e0b4af109ea7bcd5593

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://sortapick.com/muno/onedrive/css/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 10 Oct 2019 00:14:47 GMT
cf-cache-status: REVALIDATED
last-modified: Sat, 07 Jul 2018 08:24:18 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 5234656d5af2cbac-VIE
content-length: 14981
expires: Thu, 10 Oct 2019 04:14:47 GMT

GET
H2 200 office.png
sortapick.com/muno/onedrive/img/ 1 KB
1 KB 130ms
130ms Image
image/png 2606:4700:30::681f:53c2
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sortapick.com/muno/onedrive/img/office.png
Requested by: Host: sortapick.com
URL: https://sortapick.com/muno/onedrive/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681f:53c2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 685f77342ca77f562bb319cf666966ebd283ba9ad568148bf4d6f66d5fa08eb5

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://sortapick.com/muno/onedrive/css/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 10 Oct 2019 00:14:48 GMT
cf-cache-status: REVALIDATED
last-modified: Sat, 07 Jul 2018 08:24:18 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 5234656d5af3cbac-VIE
content-length: 1421
expires: Thu, 10 Oct 2019 04:14:48 GMT

GET
H2 200 outlook.png
sortapick.com/muno/onedrive/img/ 2 KB
2 KB 124ms
124ms Image
image/png 2606:4700:30::681f:53c2
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sortapick.com/muno/onedrive/img/outlook.png
Requested by: Host: sortapick.com
URL: https://sortapick.com/muno/onedrive/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681f:53c2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f5abe79538714148a390de1c7d7d568746510a32e14b37feacc4812155825558

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://sortapick.com/muno/onedrive/css/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 10 Oct 2019 00:14:48 GMT
cf-cache-status: REVALIDATED
last-modified: Sat, 07 Jul 2018 08:24:18 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 5234656d5af4cbac-VIE
content-length: 2103
expires: Thu, 10 Oct 2019 04:14:48 GMT

GET
H2 200 mail.png
sortapick.com/muno/onedrive/img/ 2 KB
2 KB 127ms
126ms Image
image/png 2606:4700:30::681f:53c2
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sortapick.com/muno/onedrive/img/mail.png
Requested by: Host: sortapick.com
URL: https://sortapick.com/muno/onedrive/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681f:53c2 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a2b00dc7e4ff8539cf742bf8d295c111dea08acf46328483d68640135887e70a

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://sortapick.com/muno/onedrive/css/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 10 Oct 2019 00:14:48 GMT
cf-cache-status: REVALIDATED
last-modified: Sat, 07 Jul 2018 08:24:18 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 5234656d5af5cbac-VIE
content-length: 1694
expires: Thu, 10 Oct 2019 04:14:48 GMT

GET
H/1.1 200
OK event
img.secureserver.net/t/1/tl/ 43 B
634 B 128ms
99ms Image
image/gif 95.100.73.41
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.secureserver.net/t/1/tl/event?cts=1570666488346&tce=1570666487014&tcs=1570666486983&tdc=1570666488146&tdclee=1570666487894&tdcles=1570666487894&tdi=1570666487894&tdl=1570666487765&tdle=1570666486983&tdls=1570666486963&tfs=1570666486963&tns=1570666486962&trqs=1570666487014&tre=1570666487270&trps=1570666487270&tles=1570666488146&tlee=1570666488146&ht=perf&dh=sortapick.com&ua=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36&vci=2122371057&cv=1.0.6&z=2072057272&vg=2203adf8-8360-4698-baf9-0a4cc0ee8062&vtg=2203adf8-8360-4698-baf9-0a4cc0ee8062&ap=cpsh&trfd=%7B%22cts%22%3A1570666487894%2C%22tccl.baseHost%22%3A%22secureserver.net%22%2C%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22p3plcpnl0778%22%7D&dp=%2Fmuno%2Fonedrive%2Findex.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.41 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a95-100-73-41.deploy.static.akamaitechnologies.com

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://sortapick.com/muno/onedrive/index.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Content-Type-Options: nosniff
Date: Thu, 10 Oct 2019 00:14:48 GMT
X-Frame-Options: DENY
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://sortapick.com, *
Access-Control-Max-Age: 1000
Cache-Control: private
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 43
X-XSS-Protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: OneDrive (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.sortapick.com/	1970-01-19 13:03:22	Name: __cfduid Value: dcd00c6ae7a0fcc32e4b1ef4622a1809d1570666487

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

img.secureserver.net
img1.wsimg.com
sortapick.com
172.227.98.73
2606:4700:30::681f:53c2
95.100.73.41
685f77342ca77f562bb319cf666966ebd283ba9ad568148bf4d6f66d5fa08eb5
84c657ecd62cac74ac5097a790bd4aa7aef2ef99e0b6fdc228c0d4a8d105b8db
8b6f4695dc21b84e13ac8c36a2d4b08bf06a31a739ecb04e4a93d0d7b3863c10
a2b00dc7e4ff8539cf742bf8d295c111dea08acf46328483d68640135887e70a
aa5c1ec4d2ea00eb517eadeb3b65e55b577b7a5ed42d7c2611d15d9050c18350
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
c010eda9ab4ad066a43d0b7fd4fe7f2be2e849af38db2e0b4af109ea7bcd5593
e2f803343eba5332eb16b3d3838d128c3ec6792c0a4a4824c699a193e97bdb33
f5abe79538714148a390de1c7d7d568746510a32e14b37feacc4812155825558

sortapick.com Open in urlscan Pro 2606:4700:30::681f:53c2 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

88 kBTransfer

100 kBSize

1 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

1 Cookies

Indicators

sortapick.com Open in urlscan Pro
2606:4700:30::681f:53c2 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

88 kB
Transfer

100 kB
Size

1
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!