floodsd.com
Open in
urlscan Pro
192.185.27.176
Malicious Activity!
Public Scan
Submitted URL: http://www.uk-dissertations.org/?a
Effective URL: https://floodsd.com/wp-includes/pin/login.html?cmd=login_submit&id=7c9fac863dff9faeb952f0e62c4674fb7c9fac863dff9faeb...
Submission: On April 29 via manual from SG
Effective URL: https://floodsd.com/wp-includes/pin/login.html?cmd=login_submit&id=7c9fac863dff9faeb952f0e62c4674fb7c9fac863dff9faeb...
Submission: On April 29 via manual from SG
Summary
This website contacted 3 IPs
in 3 countries
across 4 domains to perform 32 HTTP transactions.
The main IP is 192.185.27.176, located in
Houston, United States and
belongs to UNIFIEDLAYER-AS-1 - Unified Layer, US.
The main domain is floodsd.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on April 11th 2019. Valid for: 3 months.
This is the only time floodsd.com was scanned on urlscan.io!
TLS certificate: Issued by Let's Encrypt Authority X3 on April 11th 2019. Valid for: 3 months.
This is the only time floodsd.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OneDrive (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 77.92.82.1 77.92.82.1 | 13213 (UK2NET-AS) (UK2NET-AS) | |
| 2 30 | 192.185.27.176 192.185.27.176 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:808::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 3 | 2a00:1450:400... 2a00:1450:4001:818::2003 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 32 | 3 |
1
77.92.82.1
(United Kingdom)
ASN13213 (UK2NET-AS, GB)
PTR: cpanel8.uk2.net
ASN13213 (UK2NET-AS, GB)
PTR: cpanel8.uk2.net
| www.uk-dissertations.org |
30
192.185.27.176
(Houston, United States)
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: 192-185-27-176.unifiedlayer.com
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: 192-185-27-176.unifiedlayer.com
| floodsd.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 30 |
floodsd.com
2 redirects
floodsd.com |
921 KB |
| 3 |
gstatic.com
fonts.gstatic.com |
47 KB |
| 1 |
googleapis.com
fonts.googleapis.com |
656 B |
| 1 |
uk-dissertations.org
1 redirects
www.uk-dissertations.org |
239 B |
| 32 | 4 |
| Domain | Requested by | |
|---|---|---|
| 30 | floodsd.com |
2 redirects
floodsd.com
|
| 3 | fonts.gstatic.com |
floodsd.com
|
| 1 | fonts.googleapis.com |
floodsd.com
|
| 1 | www.uk-dissertations.org | 1 redirects |
| 32 | 4 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| floodsd.com Let's Encrypt Authority X3 |
2019-04-11 - 2019-07-10 |
3 months | crt.sh |
| *.googleapis.com Google Internet Authority G3 |
2019-03-26 - 2019-06-18 |
3 months | crt.sh |
| *.google.com Google Internet Authority G3 |
2019-03-26 - 2019-06-18 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://floodsd.com/wp-includes/pin/login.html?cmd=login_submit&id=7c9fac863dff9faeb952f0e62c4674fb7c9fac863dff9faeb952f0e62c4674fb&session=7c9fac863dff9faeb952f0e62c4674fb7c9fac863dff9faeb952f0e62c4674fb
Frame ID: E81305059704C0FE34C88E7AE4CB1505
Requests: 32 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://www.uk-dissertations.org/?a
HTTP 302
https://floodsd.com/wp-includes/pin HTTP 301
https://floodsd.com/wp-includes/pin/ HTTP 302
https://floodsd.com/wp-includes/pin/login.html?cmd=login_submit&id=7c9fac863dff9faeb952f0e62c467... Page URL
Detected technologies
Nginx
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- env /^jQuery$/i
Twitter Bootstrap () Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.uk-dissertations.org/?a
HTTP 302
https://floodsd.com/wp-includes/pin HTTP 301
https://floodsd.com/wp-includes/pin/ HTTP 302
https://floodsd.com/wp-includes/pin/login.html?cmd=login_submit&id=7c9fac863dff9faeb952f0e62c4674fb7c9fac863dff9faeb952f0e62c4674fb&session=7c9fac863dff9faeb952f0e62c4674fb7c9fac863dff9faeb952f0e62c4674fb Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
32 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
login.html
floodsd.com/wp-includes/pin/ Redirect Chain
|
15 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.css
floodsd.com/wp-includes/pin/assets/plugins/bootstrap/css/ |
147 KB 27 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
style.css
floodsd.com/wp-includes/pin/css/ |
116 KB 26 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
blue.css
floodsd.com/wp-includes/pin/css/colors/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
microsoft_logo.png
floodsd.com/wp-includes/pin/assets/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
vmail.png
floodsd.com/wp-includes/pin/assets/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
microsoft-ad.gif
floodsd.com/wp-includes/pin/assets/images/users/ |
603 KB 604 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
floodsd.com/wp-includes/pin/assets/plugins/jquery/ |
85 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
tether.min.js
floodsd.com/wp-includes/pin/assets/plugins/bootstrap/js/ |
24 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.js
floodsd.com/wp-includes/pin/assets/plugins/bootstrap/js/ |
46 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.slimscroll.js
floodsd.com/wp-includes/pin/js/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
waves.js
floodsd.com/wp-includes/pin/js/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sidebarmenu.js
floodsd.com/wp-includes/pin/js/ |
10 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sticky-kit.min.js
floodsd.com/wp-includes/pin/assets/plugins/sticky-kit-master/dist/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
custom.min.js
floodsd.com/wp-includes/pin/js/ |
1 KB 789 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jQuery.style.switcher.js
floodsd.com/wp-includes/pin/assets/plugins/styleswitcher/ |
1 KB 584 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
grabUserInputforfg.js
floodsd.com/wp-includes/pin/js/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
7 KB 656 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
font-awesome.min.css
floodsd.com/wp-includes/pin/scss/icons/font-awesome/css/ |
30 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
simple-line-icons.html
floodsd.com/wp-includes/pin/scss/icons/simple-line-icons/css/ |
380 B 384 B |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
weather-icons.min.css
floodsd.com/wp-includes/pin/scss/icons/weather-icons/css/ |
23 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
linea.css
floodsd.com/wp-includes/pin/scss/icons/linea-icons/ |
48 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
themify-icons.css
floodsd.com/wp-includes/pin/scss/icons/themify-icons/ |
16 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
flag-icon.min.css
floodsd.com/wp-includes/pin/scss/icons/flag-icon-css/ |
12 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
materialdesignicons.min.css
floodsd.com/wp-includes/pin/scss/icons/material-design-iconic-font/css/ |
76 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
spinners.css
floodsd.com/wp-includes/pin/css/ |
19 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
animate.css
floodsd.com/wp-includes/pin/css/ |
55 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
iJWHBXyIfDnIV7F6iGmd8WD07oB-.woff2
fonts.gstatic.com/s/rubik/v8/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fontawesome-webfont3e6e.woff2
floodsd.com/wp-includes/pin/scss/icons/font-awesome/fonts/ |
75 KB 76 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
iJWHBXyIfDnIV7Fqj2md8WD07oB-.woff2
fonts.gstatic.com/s/rubik/v8/ |
14 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
iJWKBXyIfDnIV7nBrXyw023e.woff2
fonts.gstatic.com/s/rubik/v8/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
themify.woff
floodsd.com/wp-includes/pin/scss/icons/themify-icons/fonts/ |
55 KB 55 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OneDrive (Online)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery function| Tether object| Waves object| metisMenu function| get0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
floodsd.com
fonts.googleapis.com
fonts.gstatic.com
www.uk-dissertations.org
192.185.27.176
2a00:1450:4001:808::200a
2a00:1450:4001:818::2003
77.92.82.1
0af6dfea3e720d3b210c5c4797ec650c9974941ab9844410cae95a9aebdf086e
0db5c5a1475eb7a3e5028983ea1e642d1b2c00faff6a250a37502b0f3832a4a7
15b53f975519be824a27e9779b76be4d83eab562f9a0f3ce4c279392311189e6
1fd4c882b277b1733f27be78e59f2318df771113cfc3981f4c4ad1b287238880
2405bdf4c255a4904671bcc4b97938033d39b3f5f20dd068985a8d94cde273e2
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3c1b6d5523d57e649f2931e0f5ea8e7d4af98c3c855c84bd83ccdfb161c0fbe0
3e7694476cefec5d25e6e94636aa321c79e0f1a71d2fbe514849c6bbc23ba249
41508237fe6bd4b682566ceed6764d2162d076160bda73cafbef34508883c273
41c7cd2701dfb7eaaee4dcfe1e7847557a1e970b299f6a353828b0a0fb3a9bae
5fbc55c7aca8515003db933fbfc27147afea85b30c666bee69d1a535c6e5d7fe
7144cec0cfe6c9956da6eb50678d60e859e9430afa827019cd49939ee72b1164
7a39f30800c1ef8779686fd48037bb5d95fc6471cefe29e60c61f00ae2a846db
7a94dcfcd1102a445603ef1af09d2677e0d2d8e964dedd88214c449c160416f2
817f9ddf55f874b27bb1934c13b2f2b200a2854de5daf285c96f33ffdb35b3f3
94795fa1daec0d0fff7157f6b9e851f8d6ef7a584a0e96a5170b114193abd37a
95a3629c74d5f4c8c955d645cb9931f223af8cdf4cb849c043a0bc3a06f757c5
96d049753e00ae4a57a1960d8ec7423ddb29c7e974328ee6463e970f3f5b6f66
99da6975c8481b12ee1351484d43754ed05cc8b9cb98290360071ecc4a7472a4
a043368f2372c1bc7c2dd8232dfd60781e3df1df30fc3412b99a18f6a3b3fcc0
aa3b1d907297f7cf8c52d105a1e5a80bae4006ea326ef21ad67da2f3fa1f2ad1
ac5d479800ea29c23f1cc27c46102f373f865263f546da4a0ff3030e61f95a20
aebf611c1438dc7ec748e9a6364c734066b34bf2a1c7e2fc6511ed784635b50e
af3b16ef6209e0357e9abbb8a89b03b1fa6dcdf10d7b83ce0bc08429aa66ca8b
c7e371914faa7216d4e3fe5fc564e7b37824d2b1d3e9ffbc533437301590536b
c8aa337fc37713d6c02cdbb773733509a0d5186d4185d6cefe101467797dd815
d27fcdd0144172341d3a256289fcfbed7548969a182bb7dd032968eea5f6f56f
d7666e6da5b70dbef96f389245d558ad091f813984b7700c597012b17663f735
d7e4f3b2fa3852a673216f8d48d3ccc77aa4477aa5e1d0ab0cc3d675ae6daa3b
f23a9bfeea9231a7d7e1465b3aa184137bdf6f4a5eda34dd841463e86da5a164
fa421b6ebbd2fb474d3a3866409ce6c1efd120b47ff256fffb8f8f50d556d3d9
ff9a470d98767efd5e6489b27e24e1b41e408382ea0e3ca2b6d4fb7cb8dd4fff