login-mso.wonjiinco.com Open in urlscan Pro
45.153.240.153 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://apacmed.glueup.com/track/redirect?type=campaign&lid=8&tracking_id=[trackingId]&redirect_url=//iviewsigns.com%2Fscss...
Effective URL:
https://login-mso.wonjiinco.com/?username=jens.prautzsch@ugg.tech&sso_reload=true
Submission: On July 19 via manual (July 19th 2022, 10:26:12 am UTC) from ES — Scanned from ES

Summary HTTP 87 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 87 HTTP transactions. The main IP is 45.153.240.153, located in Germany and belongs to COMBAHTON combahton GmbH, DE. The main domain is login-mso.wonjiinco.com.
TLS certificate: Issued by R3 on June 27th 2022. Valid for: 3 months.

This is the only time login-mso.wonjiinco.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	184.72.19.212 184.72.19.212	16509 (AMAZON-02) (AMAZON-02)
1 1	162.241.71.81 162.241.71.81	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
7	2606:4700:440... 2606:4700:4400::6812:2b11	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700:440... 2606:4700:4400::ac40:90ef	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:440e::ac40:9c1a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
66	45.153.240.153 45.153.240.153	30823 (COMBAHTON...) (COMBAHTON combahton GmbH)
1	2603:1026:300... 2603:1026:3000:148::7	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
87	6

1 184.72.19.212 (San Jose, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-184-72-19-212.us-west-1.compute.amazonaws.com

apacmed.glueup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.241.71.81 (United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-241-71-81.unifiedlayer.com

iviewsigns.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:4400::6812:2b11 (United States)

ASN13335 (CLOUDFLARENET, US)

vfggry.codesandbox.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
codesandbox.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:4400::ac40:90ef (United States)

ASN13335 (CLOUDFLARENET, US)

codesandbox.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:440e::ac40:9c1a (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

66 45.153.240.153 (Germany)

ASN30823 (COMBAHTON combahton GmbH, DE)

login-mso.wonjiinco.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
login.wonjiinco.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
aadcdn-msauth-f78d2361.wonjiinco.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
portal-microsoftonline-f78d2361.wonjiinco.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
prod-msocdn-f78d2361.wonjiinco.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2603:1026:3000:148::7 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

autologon.microsoftazuread-sso.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
66	wonjiinco.com login-mso.wonjiinco.com login.wonjiinco.com aadcdn-msauth-f78d2361.wonjiinco.com portal-microsoftonline-f78d2361.wonjiinco.com prod-msocdn-f78d2361.wonjiinco.com	1 MB
11	codesandbox.io vfggry.codesandbox.io codesandbox.io — Cisco Umbrella Rank: 85341	2 MB
1	microsoftazuread-sso.com autologon.microsoftazuread-sso.com — Cisco Umbrella Rank: 1407	1 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1393	5 KB
1	iviewsigns.com 1 redirects iviewsigns.com	268 B
1	glueup.com 1 redirects apacmed.glueup.com	1 KB
87	6

	Domain	Requested by
47	prod-msocdn-f78d2361.wonjiinco.com	portal-microsoftonline-f78d2361.wonjiinco.com
12	aadcdn-msauth-f78d2361.wonjiinco.com	login-mso.wonjiinco.com aadcdn-msauth-f78d2361.wonjiinco.com
6	codesandbox.io	vfggry.codesandbox.io codesandbox.io
5	vfggry.codesandbox.io	vfggry.codesandbox.io
4	login-mso.wonjiinco.com	vfggry.codesandbox.io login-mso.wonjiinco.com aadcdn-msauth-f78d2361.wonjiinco.com
2	portal-microsoftonline-f78d2361.wonjiinco.com	aadcdn-msauth-f78d2361.wonjiinco.com portal-microsoftonline-f78d2361.wonjiinco.com
1	autologon.microsoftazuread-sso.com
1	login.wonjiinco.com	login-mso.wonjiinco.com
1	static.cloudflareinsights.com	vfggry.codesandbox.io
1	iviewsigns.com	1 redirects
1	apacmed.glueup.com	1 redirects
87	11

This site contains links to these domains. Also see Links.

Domain
login.wonjiinco.com
www-microsoft.wonjiinco.com
privacy-microsoft-f78d2361.wonjiinco.com

Subject Issuer	Validity	Valid
codesandbox.io Cloudflare Inc ECC CA-3	`2022-04-18` - `2023-04-18`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-11` - `2023-05-10`	a year	crt.sh
wonjiinco.com R3	`2022-06-27` - `2022-09-25`	3 months	crt.sh
graph.windows.net DigiCert SHA2 Secure Server CA	`2022-06-01` - `2023-06-01`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://login-mso.wonjiinco.com/?username=jens.prautzsch@ugg.tech&sso_reload=true
Frame ID: 46A5EB92163FC549E21F2A788E292A60
Requests: 30 HTTP requests in this frame

Frame: https://portal-microsoftonline-f78d2361.wonjiinco.com/Prefetch/Prefetch.aspx
Frame ID: 75F5CD97377B3FDD360525E5BF8F9C77
Requests: 57 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Iniciar sesión en la cuenta

Page URL History Show full URLs

https://apacmed.glueup.com/track/redirect?type=campaign&lid=8&tracking_id=[trackingId]&redirect_url=//i... HTTP 302
https://iviewsigns.com/scss/amVucy5wcmF1dHpzY2hAdWdnLnRlY2g= HTTP 302
https://vfggry.codesandbox.io/?nl=jens.prautzsch@ugg.tech Page URL
https://login-mso.wonjiinco.com/?username=jens.prautzsch@ugg.tech Page URL
https://login-mso.wonjiinco.com/?username=jens.prautzsch@ugg.tech Page URL
https://login-mso.wonjiinco.com/?username=jens.prautzsch@ugg.tech&sso_reload=true Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AngularJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

\bangular.{0,32}\.js

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

87
Requests

91 %
HTTPS

57 %
IPv6

6
Domains

11
Subdomains

6
IPs

3
Countries

2705 kB
Transfer

10751 kB
Size

12
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://login.wonjiinco.com/oauth20_authorize.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=https%3a%2f%2flogin-mso.wonjiinco.com%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuATmFFyUN1H56NTP-f-ZfevBklmMnPE5mWVglasYlQkbp3-BkfEFI-MkJvGs1LxivYKixNKSquLkDIfS9HS9ktTkjFtMgv5F6Z4p4cVuqSmpRYklmfl5j5hxqb7AIvCKhceA2YqDg0uAQYJBgeEHC-MiVqBLFSy-_TqgVO7bLHIn10KYn-EUq75xYpZXYoFpZV5iSJBpiW-md15ghIlZWrlvUpKRW1WwT7lBeUqAc0p-kGm2ramV4QQ2oQlsTKfYGD6wMXawM8xiZzjAybiBh_EAL8MPvv19L_ZNXDfrrQcA0&login_hint=jens.prautzsch%40ugg.tech&estsfed=1&uaid=1fd1709c243442f18f09ffe63f85c174&signup=1&lw=1&fl=easi2&fci=https%3a%2f%2fportal-microsoftonline-f78d2361.wonjiinco.com.orgid.com
Title: Cree una

Search URL Search Domain Scan URL

URL: https://www-microsoft.wonjiinco.com/es-ES/servicesagreement/
Title: Términos de uso

Search URL Search Domain Scan URL

URL: https://privacy-microsoft-f78d2361.wonjiinco.com/es-ES/privacystatement
Title: Privacidad y cookies

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://apacmed.glueup.com/track/redirect?type=campaign&lid=8&tracking_id=[trackingId]&redirect_url=//iviewsigns.com%2Fscss%2FamVucy5wcmF1dHpzY2hAdWdnLnRlY2g=&ts=1592553938&ps=ajVWR1hTZGVNN2EyM01TQ0dQdUxJTU8rZFZPd1RpNjlmU3NqS3NWcDZQVE8yUktjbG0zdlMraHRBMlFSWUxCVVZJdy9XemUzM2wzQ3ZWNmFXaEpRTXkrektZVTR1QXpDYmJkMGxnNGxLblNZR3RiMWtUYWlXd0pkYzNhWnpCWGlXZXhGVytIVFllM29UQVBTUERnbWhWWWEvOHd0TUFackYyT0d3Mnk4K1NqMnJSemZ1OU5yeDd5SEJrcitvOUQxYVdlU0NVRkRkRjNzV09rTmE3M0hBb1dUcUl6dWltTUJCUEtOcWZQRlVBdHk5SFBKSXpGZmhFWkJUU2NDYnJxeTcxYlpPR24zOHVOUTlHN2lyeTJ1WVR4bVlkdDdJdno4U3dBNGpsam1wTzJhbXFhL3FPVTdvUk80ZlNSUldDRVFqMTVCOE9uZjhjc0x2N2VuZ2dCRUVnVjY4YUI3MU5NeWNTZDhSMzNFRjBWLzc1TGVlLzdiMWtZK3NNVSthdEJaS0ZLcW5sWFFwYjFHdkxjWU9YL0h4MlF1OXFjN0dqNmM2UkkyMlF2YUtnU1FwWHlsalZ1cDdhYVFLdWlYbFhTNUVMTVM3ZjgzZHdXaUJ6T2cyYzVwK1VoLzNHWUtackVnWDlRTi9UeGhIL3ljalFvSXVCakZxT0luOTFPYllBREdmdVdtRC9naW5UNzhjZElJbW5iOHBnPT0= HTTP 302
https://iviewsigns.com/scss/amVucy5wcmF1dHpzY2hAdWdnLnRlY2g= HTTP 302
https://vfggry.codesandbox.io/?nl=jens.prautzsch@ugg.tech Page URL
https://login-mso.wonjiinco.com/?username=jens.prautzsch@ugg.tech Page URL
https://login-mso.wonjiinco.com/?username=jens.prautzsch@ugg.tech Page URL
https://login-mso.wonjiinco.com/?username=jens.prautzsch@ugg.tech&sso_reload=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://apacmed.glueup.com/track/redirect?type=campaign&lid=8&tracking_id=[trackingId]&redirect_url=//iviewsigns.com%2Fscss%2FamVucy5wcmF1dHpzY2hAdWdnLnRlY2g=&ts=1592553938&ps=ajVWR1hTZGVNN2EyM01TQ0dQdUxJTU8rZFZPd1RpNjlmU3NqS3NWcDZQVE8yUktjbG0zdlMraHRBMlFSWUxCVVZJdy9XemUzM2wzQ3ZWNmFXaEpRTXkrektZVTR1QXpDYmJkMGxnNGxLblNZR3RiMWtUYWlXd0pkYzNhWnpCWGlXZXhGVytIVFllM29UQVBTUERnbWhWWWEvOHd0TUFackYyT0d3Mnk4K1NqMnJSemZ1OU5yeDd5SEJrcitvOUQxYVdlU0NVRkRkRjNzV09rTmE3M0hBb1dUcUl6dWltTUJCUEtOcWZQRlVBdHk5SFBKSXpGZmhFWkJUU2NDYnJxeTcxYlpPR24zOHVOUTlHN2lyeTJ1WVR4bVlkdDdJdno4U3dBNGpsam1wTzJhbXFhL3FPVTdvUk80ZlNSUldDRVFqMTVCOE9uZjhjc0x2N2VuZ2dCRUVnVjY4YUI3MU5NeWNTZDhSMzNFRjBWLzc1TGVlLzdiMWtZK3NNVSthdEJaS0ZLcW5sWFFwYjFHdkxjWU9YL0h4MlF1OXFjN0dqNmM2UkkyMlF2YUtnU1FwWHlsalZ1cDdhYVFLdWlYbFhTNUVMTVM3ZjgzZHdXaUJ6T2cyYzVwK1VoLzNHWUtackVnWDlRTi9UeGhIL3ljalFvSXVCakZxT0luOTFPYllBREdmdVdtRC9naW5UNzhjZElJbW5iOHBnPT0= HTTP 302
https://iviewsigns.com/scss/amVucy5wcmF1dHpzY2hAdWdnLnRlY2g= HTTP 302
https://vfggry.codesandbox.io/?nl=jens.prautzsch@ugg.tech

87 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
vfggry.codesandbox.io/
Redirect Chain

https://apacmed.glueup.com/track/redirect?type=campaign&lid=8&tracking_id=[trackingId]&redirect_url=//iviewsigns.com%2Fscss%2FamVucy5wcmF1dHpzY2hAdWdnLnRlY2g=&ts=1592553938&ps=ajVWR1hTZGVNN2EyM01TQ...
https://iviewsigns.com/scss/amVucy5wcmF1dHpzY2hAdWdnLnRlY2g=
https://vfggry.codesandbox.io/?nl=jens.prautzsch@ugg.tech

2 KB
1 KB

1714ms
1576ms

Document
text/html

2606:4700:4400::6812:2b11
CLOUDFLARENET

General

Domain/Path	Expires	Name / Value
apacmed.glueup.com/	1970-01-20 04:47:11	Name: AWSALBTG Value: uL2i4lrD8MZ3FNFq8/hieD4KCBh77afi/dyzPHOb0Qksd1zKctreGYCpVYA75L0W8KNPCNxp+mtDETiKzJRMWwO3t+ERowoBbu9KlqS24gil1FyxxDUMER5zqSf01+3zyC9g/uYlMW8yFaeHRt70edKJTxGCYoZE/bK4ztIjDjTiqKfDXoo=
apacmed.glueup.com/	1970-01-20 04:47:11	Name: AWSALBTGCORS Value: uL2i4lrD8MZ3FNFq8/hieD4KCBh77afi/dyzPHOb0Qksd1zKctreGYCpVYA75L0W8KNPCNxp+mtDETiKzJRMWwO3t+ERowoBbu9KlqS24gil1FyxxDUMER5zqSf01+3zyC9g/uYlMW8yFaeHRt70edKJTxGCYoZE/bK4ztIjDjTiqKfDXoo=
apacmed.glueup.com/	1970-01-20 04:47:11	Name: AWSALB Value: TWCh5fLxyua6AsuYFlZyZaJPrxeoRUDw/YHH+SEkEZVVfphV5j+g8pjpBNg0X9Z6cfo8M5Fhe5W95ygTUmdW4j5axG3Jx6pMiwaZqLuV//DVJhyAi/qCRtQJaOi9
apacmed.glueup.com/	1970-01-20 04:47:11	Name: AWSALBCORS Value: TWCh5fLxyua6AsuYFlZyZaJPrxeoRUDw/YHH+SEkEZVVfphV5j+g8pjpBNg0X9Z6cfo8M5Fhe5W95ygTUmdW4j5axG3Jx6pMiwaZqLuV//DVJhyAi/qCRtQJaOi9
apacmed.glueup.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 87s3o3fk50ufqbsh1nrt34l42b
.wonjiinco.com/	1970-01-20 13:22:42	Name: __2cQG Value: Zjc4ZDIzNjEtMjljMy00ZTNmLTg4ZjMtNzlhYzBhZjkyN2RmOjQ1ZDBjM2NiLTgyODQtNDRhZS04ODNlLTU1MzY4MzNjODg1Yg==
.login-mso.wonjiinco.com/	1969-12-31 23:59:59	Name: AADSSO Value: NA\|NoExtension
login-mso.wonjiinco.com/	1970-01-20 04:37:06	Name: SSOCOOKIEPULLED Value: 1
.login-mso.wonjiinco.com/	1970-01-20 13:58:42	Name: brcap Value: 0
autologon.microsoftazuread-sso.com/	1970-01-20 05:20:18	Name: fpc Value: AvqTO6pl_LtHhDhIEd_tPBI
autologon.microsoftazuread-sso.com/	1969-12-31 23:59:59	Name: x-ms-gateway-slice Value: estsfd
autologon.microsoftazuread-sso.com/	1969-12-31 23:59:59	Name: stsservicecookie Value: estsfd

login-mso.wonjiinco.com Open in urlscan Pro 45.153.240.153 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

87 Requests

91 %HTTPS

57 %IPv6

6 Domains

11 Subdomains

6 IPs

3 Countries

2705 kBTransfer

10751 kBSize

12 Cookies

3 Outgoing links

Page URL History

Redirected requests

87 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

login-mso.wonjiinco.com Open in urlscan Pro
45.153.240.153 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

87
Requests

91 %
HTTPS

57 %
IPv6

6
Domains

11
Subdomains

6
IPs

3
Countries

2705 kB
Transfer

10751 kB
Size

12
Cookies

87 HTTP transactions
0 data transactions