sortapick.com
Open in
urlscan Pro
2606:4700:30::681f:53c2
Malicious Activity!
Public Scan
Submission: On October 10 via automatic, source openphish
Summary
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on October 8th 2019. Valid for: a year.
This is the only time sortapick.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OneDrive (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 2606:4700:30:... 2606:4700:30::681f:53c2 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 172.227.98.73 172.227.98.73 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
1 | 95.100.73.41 95.100.73.41 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
9 | 3 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
sortapick.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a172-227-98-73.deploy.static.akamaitechnologies.com
img1.wsimg.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-100-73-41.deploy.static.akamaitechnologies.com
img.secureserver.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
sortapick.com
sortapick.com |
83 KB |
1 |
secureserver.net
img.secureserver.net |
634 B |
1 |
wsimg.com
img1.wsimg.com |
5 KB |
9 | 3 |
Domain | Requested by | |
---|---|---|
7 | sortapick.com |
sortapick.com
|
1 | img.secureserver.net | |
1 | img1.wsimg.com |
sortapick.com
|
9 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-10-08 - 2020-10-07 |
a year | crt.sh |
*.wsimg.com Starfield Secure Certificate Authority - G2 |
2018-09-25 - 2020-09-25 |
2 years | crt.sh |
*.secureserver.net Starfield Secure Certificate Authority - G2 |
2016-11-01 - 2019-11-01 |
3 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://sortapick.com/muno/onedrive/index.html
Frame ID: 409937A2A5CB5CB14B54D372FD4DFB3C
Requests: 9 HTTP requests in this frame
Screenshot
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.html
sortapick.com/muno/onedrive/ |
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
sortapick.com/muno/onedrive/css/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tcc_l.combined.1.0.6.min.js
img1.wsimg.com/tcc/ |
12 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cap.jpg
sortapick.com/muno/onedrive/css/ |
60 KB 60 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
oneDrive.png
sortapick.com/muno/onedrive/img/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
office.png
sortapick.com/muno/onedrive/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
outlook.png
sortapick.com/muno/onedrive/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mail.png
sortapick.com/muno/onedrive/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
event
img.secureserver.net/t/1/tl/ |
43 B 634 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OneDrive (Online)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| popupwnd object| _trfd function| tcg function| tcp object| perfhandler object| TCCTracker object| _trfq object| true1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.sortapick.com/ | Name: __cfduid Value: dcd00c6ae7a0fcc32e4b1ef4622a1809d1570666487 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
img.secureserver.net
img1.wsimg.com
sortapick.com
172.227.98.73
2606:4700:30::681f:53c2
95.100.73.41
685f77342ca77f562bb319cf666966ebd283ba9ad568148bf4d6f66d5fa08eb5
84c657ecd62cac74ac5097a790bd4aa7aef2ef99e0b6fdc228c0d4a8d105b8db
8b6f4695dc21b84e13ac8c36a2d4b08bf06a31a739ecb04e4a93d0d7b3863c10
a2b00dc7e4ff8539cf742bf8d295c111dea08acf46328483d68640135887e70a
aa5c1ec4d2ea00eb517eadeb3b65e55b577b7a5ed42d7c2611d15d9050c18350
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
c010eda9ab4ad066a43d0b7fd4fe7f2be2e849af38db2e0b4af109ea7bcd5593
e2f803343eba5332eb16b3d3838d128c3ec6792c0a4a4824c699a193e97bdb33
f5abe79538714148a390de1c7d7d568746510a32e14b37feacc4812155825558