sharefilesonline.live
Open in
urlscan Pro
68.65.122.241
Malicious Activity!
Public Scan
Submitted URL: https://cutly.biz/a7acd
Effective URL: https://sharefilesonline.live/aHmEd82893Cfa/BI-File-2022.html
Submission: On October 18 via manual from US — Scanned from DE
Effective URL: https://sharefilesonline.live/aHmEd82893Cfa/BI-File-2022.html
Submission: On October 18 via manual from US — Scanned from DE
Summary
This website contacted 5 IPs
in 3 countries
across 5 domains to perform 15 HTTP transactions.
The main IP is 68.65.122.241, located in
Petersburg, United States and
belongs to NAMECHEAP-NET, US.
The main domain is sharefilesonline.live.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on November 7th 2021. Valid for: a year.
This is the only time sharefilesonline.live was scanned on urlscan.io!
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on November 7th 2021. Valid for: a year.
This is the only time sharefilesonline.live was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 173.254.29.122 173.254.29.122 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
| 4 | 68.65.122.241 68.65.122.241 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:827::200a | 15169 (GOOGLE) (GOOGLE) | |
| 5 | 2.21.20.155 2.21.20.155 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 5 | 13.95.147.73 13.95.147.73 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
| 15 | 5 |
1
173.254.29.122
(United States)
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: just2009.justhost.com
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: just2009.justhost.com
| cutly.biz |
4
68.65.122.241
(Petersburg, United States)
ASN22612 (NAMECHEAP-NET, US)
PTR: sharefilesonline.live
ASN22612 (NAMECHEAP-NET, US)
PTR: sharefilesonline.live
| sharefilesonline.live |
5
2.21.20.155
(Frankfurt am Main, Germany)
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-21-20-155.deploy.static.akamaitechnologies.com
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-21-20-155.deploy.static.akamaitechnologies.com
| spoprod-a.akamaihd.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 5 |
sfx.ms
p.sfx.ms — Cisco Umbrella Rank: 17406 |
10 KB |
| 5 |
akamaihd.net
spoprod-a.akamaihd.net — Cisco Umbrella Rank: 7064 |
166 KB |
| 4 |
sharefilesonline.live
sharefilesonline.live |
297 KB |
| 1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 306 |
30 KB |
| 1 |
cutly.biz
1 redirects
cutly.biz |
133 B |
| 15 | 5 |
| Domain | Requested by | |
|---|---|---|
| 5 | p.sfx.ms |
sharefilesonline.live
|
| 5 | spoprod-a.akamaihd.net |
sharefilesonline.live
|
| 4 | sharefilesonline.live |
sharefilesonline.live
|
| 1 | ajax.googleapis.com |
sharefilesonline.live
|
| 1 | cutly.biz | 1 redirects |
| 15 | 5 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| profile.live.com |
| account.live.com |
| login.live.com |
| g.live.com |
| go.microsoft.com |
| www.microsoft.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| sharefilesonline.live Sectigo RSA Domain Validation Secure Server CA |
2021-11-07 - 2022-11-07 |
a year | crt.sh |
| upload.video.google.com GTS CA 1C3 |
2022-09-12 - 2022-12-05 |
3 months | crt.sh |
| a248.e.akamai.net DigiCert TLS RSA SHA256 2020 CA1 |
2022-06-28 - 2023-06-30 |
a year | crt.sh |
| onedrive.com Microsoft RSA TLS CA 01 |
2022-03-29 - 2023-03-29 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://sharefilesonline.live/aHmEd82893Cfa/BI-File-2022.html
Frame ID: 03C58CE62DDAE5799AA8962D97EAF1A4
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
OneDrivePage URL History Show full URLs
-
https://cutly.biz/a7acd
HTTP 302
https://sharefilesonline.live/aHmEd82893Cfa/index.php Page URL
- https://sharefilesonline.live/aHmEd82893Cfa/index987123.php Page URL
- https://sharefilesonline.live/aHmEd82893Cfa/BI-File-2022.html Page URL
Detected technologies
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
10 Outgoing links
These are links going to different origins than the main page.
URL: https://profile.live.com/cid-8efd486c367e7c55/details/Edit/Pic
Search URL Search Domain Scan URL
URL: https://profile.live.com/
Title: Edit profile
Title: Edit profile
Search URL Search Domain Scan URL
URL: https://account.live.com/
Title: Account settings
Title: Account settings
Search URL Search Domain Scan URL
URL: https://login.live.com/logout.srf?ct=1526289524&rver=6.7.6643.0&lc=1033&id=250206&ru=https:%2F%2Fonedrive.live.com%3Fmkt%3Den-US&mkt=en-US
Title: Sign out
Title: Sign out
Search URL Search Domain Scan URL
URL: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3fwa%3dwsignin1.0%26rpsnv%3d13%26ct%3d1526366266%26rver%3d6.7.6643.0%26wp%3dMBI_SSL%26wreply%3dhttps:%252f%252faccount.microsoft.com%252fauth%252fcomplete-signin%253fru%253dhttps%25253a%25252f%25252faccount.microsoft.com%25252f%25253frefd%25253daccount.microsoft.com%252526ru%25253dhttps%2525253a%2525252f%2525252faccount.microsoft.com%2525252f%2525253frefd%2525253dlogin.live.com%252526destrt%25253dhome-index%252526refp%25253dsignedout-index%26lc%3d1033%26id%3d292666%26lw%3d1%26fl%3deasi2%26uaid%3dd533aaa96d254feabe5fbe55f190c733%26pid%3d0%26contextid%3dE9E93781B5AD88A0%26bk%3d1526366283&id=292666&uiflavor=web&cobrandid=140713607675816&uaid=d533aaa96d254feabe5fbe55f190c733&mkt=EN-US&lc=1033&bk=1526366283
Title: Forgot my password
Title: Forgot my password
Search URL Search Domain Scan URL
URL: http://g.live.com/8seskydrive/tou
Title: Terms
Title: Terms
Search URL Search Domain Scan URL
URL: http://go.microsoft.com/fwlink/p/?LinkId=253457
Title: Privacy & cookies
Title: Privacy & cookies
Search URL Search Domain Scan URL
URL: http://www.microsoft.com/germany/siteservices/impressum/default.mspx
Title: Impressum
Title: Impressum
Search URL Search Domain Scan URL
URL: http://g.live.com/8seskydrive/dev
Title: Developers
Title: Developers
Search URL Search Domain Scan URL
URL: https://go.microsoft.com/fwlink/?LinkID=85433
Title: Report abuse
Title: Report abuse
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://cutly.biz/a7acd
HTTP 302
https://sharefilesonline.live/aHmEd82893Cfa/index.php Page URL
- https://sharefilesonline.live/aHmEd82893Cfa/index987123.php Page URL
- https://sharefilesonline.live/aHmEd82893Cfa/BI-File-2022.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://cutly.biz/a7acd HTTP 302
- https://sharefilesonline.live/aHmEd82893Cfa/index.php
15 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
index.php
sharefilesonline.live/aHmEd82893Cfa/ Redirect Chain
|
59 B 226 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
index987123.php
sharefilesonline.live/aHmEd82893Cfa/ |
61 B 231 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Primary Request
BI-File-2022.html
sharefilesonline.live/aHmEd82893Cfa/ |
431 KB 297 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
maincss-aec76c77.css
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180123.001// |
136 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-1.7.2-39eeb07e.js
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180123.001/ |
92 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
legacy_s_legacy-0f159289.js
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180123.001/ |
49 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
legacy1-1a09fb82.js
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180123.001/ |
240 KB 84 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
legacy0-e2cc9701.js
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180123.001/ |
15 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
clientstring.mvc
sharefilesonline.live/handlers/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
invis.gif
p.sfx.ms/is/ |
43 B 237 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bluemanm.png
p.sfx.ms/ic/ |
554 B 596 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bluemanmxxl.png
p.sfx.ms/ic/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
277 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
command5.png
p.sfx.ms/h/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
OneDriveLogoLight4.png
p.sfx.ms/images/ |
881 B 970 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)43 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| funalert function| formsubmit function| Css_Start function| Css_Load function| Css_Error object| cssQos1 object| $Do object| $B object| $BSI object| $CSIPerf object| _d object| _dh function| _ge object| $U object| $CJ object| Flight function| requirejs function| require function| define function| JSUnhandledError function| JSCaughtError object| Log function| LogReporterEvent function| RequireJSError function| JSPerformanceData function| RequireJSOnFirstRequireEvent function| RequireDeps object| $Static function| $MB function| $ToggleSidebar object| $HIC object| $HeaderCookie0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cutly.biz
p.sfx.ms
sharefilesonline.live
spoprod-a.akamaihd.net
13.95.147.73
173.254.29.122
2.21.20.155
2a00:1450:4001:827::200a
68.65.122.241
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb
215bcfb85395aea8ca0c7b9592bb60cacce89b3cd350633557d4241d7fc355dd
39db86fe6a7793f60aec27cfd27f88a57150c64b58111ff74788504942a80e94
3e62a83111370532c278d9eef252015ee09cce842c2362aa1f76dc393b501609
446332e8c993ca5c57c1ec267b71675c4c9e4f72ba3ae4b4aa0468f4e683a0fa
771d5c4a06a1573da9c0fb15fedc1b8bf2219dca348887c344843077a76dd803
7fb28d1f6c9f57439eb0e83e6b99857ce792a3874ff3a35e6dbe912692d0e9df
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
992b4e0822b65956eefc6fa298ba05f567bc511eae5e79261c144a2ed66d3a0f
cb725f174a86bcf23b5b9f53e5b60d53eaa1524f88f4dcec165670a3b0eb6c2c
d6c15974b6181a68e9b74e4f38fbac81d640569ef0fbbaa3381cc59683a9763f
f38ec23bbb84d973c6a036ac609a85ecf0f4c4b7cd0172f402c0862f595ca97b
f393d34deb9194264b81ee3d939301c39f9b8a892811c0d5d20aa2030474bbbe
fa2812dcf55c99cefe93319f1992b381e6f4203d7cebb61308d35f335934d953