uplandsholdings.com
Open in
urlscan Pro
192.185.106.152
Malicious Activity!
Public Scan
Effective URL: https://uplandsholdings.com/paok/OfficeV4/authorize_client_id:s6fi1d4c-7u9z-fqp4-5irz-k0houiz3fqg7_2yql0jone79hwitvbaz54u3fp...
Submission Tags: falconsandbox
Submission: On March 08 via api from US
Summary
TLS certificate: Issued by R3 on January 13th 2021. Valid for: 3 months.
This is the only time uplandsholdings.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 3 | 199.30.234.133 199.30.234.133 | 13380 (ASN-CUST) (ASN-CUST) | |
2 | 2606:4700::68... 2606:4700::6812:acf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:3a | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
1 | 50.87.48.179 50.87.48.179 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 13 | 192.185.106.152 192.185.106.152 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
18 | 5 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 50-87-48-179.unifiedlayer.com
tolo-uw4to8.leecapitalllc.com |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: ns8429.websitewelcome.com
uplandsholdings.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
uplandsholdings.com
1 redirects
uplandsholdings.com |
213 KB |
3 |
edgepilot.com
1 redirects
link.edgepilot.com |
4 KB |
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com |
28 KB |
1 |
leecapitalllc.com
tolo-uw4to8.leecapitalllc.com |
445 B |
1 |
jquery.com
code.jquery.com |
30 KB |
18 | 5 |
Domain | Requested by | |
---|---|---|
13 | uplandsholdings.com |
1 redirects
tolo-uw4to8.leecapitalllc.com
uplandsholdings.com link.edgepilot.com |
3 | link.edgepilot.com |
1 redirects
link.edgepilot.com
|
2 | maxcdn.bootstrapcdn.com |
link.edgepilot.com
|
1 | tolo-uw4to8.leecapitalllc.com | |
1 | code.jquery.com |
link.edgepilot.com
|
18 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.edgepilot.com DigiCert SHA2 Secure Server CA |
2020-04-14 - 2022-06-22 |
2 years | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-03-01 - 2022-02-28 |
a year | crt.sh |
jquery.org Sectigo RSA Domain Validation Secure Server CA |
2020-10-06 - 2021-10-16 |
a year | crt.sh |
autodiscover.uplandsholdings.com R3 |
2021-01-13 - 2021-04-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://uplandsholdings.com/paok/OfficeV4/authorize_client_id:s6fi1d4c-7u9z-fqp4-5irz-k0houiz3fqg7_2yql0jone79hwitvbaz54u3fpxcsr6md1g8kfsr9bujynth84cgz15dok6vwim0xlpq27e3avkuh64dpsejw0amri5n3t7c81ly2g9oxfzbq?data=cmJsYW5jaGFyZEBjb21tb2RvcmVidWlsZGVycy5jb20=
Frame ID: 957017FFD778803DDB95712C37B43440
Requests: 18 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://link.edgepilot.com/s/0cc86054/orVxrK-hkkyjO6yptkigwA?u=http%3A%2F%2Ftolo-uw4to8.leecapitalllc.c... Page URL
-
https://link.edgepilot.com/filter
HTTP 302
http://tolo-uw4to8.leecapitalllc.com/luak/cmJsYW5jaGFyZEBjb21tb2RvcmVidWlsZGVycy5jb20%3D Page URL
-
https://uplandsholdings.com/paok/OfficeV4/cmJsYW5jaGFyZEBjb21tb2RvcmVidWlsZGVycy5jb20=
HTTP 302
https://uplandsholdings.com/paok/OfficeV4/authorize_client_id:s6fi1d4c-7u9z-fqp4-5irz-k0houiz3fqg7_2yql0... Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://link.edgepilot.com/s/0cc86054/orVxrK-hkkyjO6yptkigwA?u=http%3A%2F%2Ftolo-uw4to8.leecapitalllc.com%2Fluak%2FcmJsYW5jaGFyZEBjb21tb2RvcmVidWlsZGVycy5jb20%253D Page URL
-
https://link.edgepilot.com/filter
HTTP 302
http://tolo-uw4to8.leecapitalllc.com/luak/cmJsYW5jaGFyZEBjb21tb2RvcmVidWlsZGVycy5jb20%3D Page URL
-
https://uplandsholdings.com/paok/OfficeV4/cmJsYW5jaGFyZEBjb21tb2RvcmVidWlsZGVycy5jb20=
HTTP 302
https://uplandsholdings.com/paok/OfficeV4/authorize_client_id:s6fi1d4c-7u9z-fqp4-5irz-k0houiz3fqg7_2yql0jone79hwitvbaz54u3fpxcsr6md1g8kfsr9bujynth84cgz15dok6vwim0xlpq27e3avkuh64dpsejw0amri5n3t7c81ly2g9oxfzbq?data=cmJsYW5jaGFyZEBjb21tb2RvcmVidWlsZGVycy5jb20= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 5- https://link.edgepilot.com/filter HTTP 302
- http://tolo-uw4to8.leecapitalllc.com/luak/cmJsYW5jaGFyZEBjb21tb2RvcmVidWlsZGVycy5jb20%3D
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
orVxrK-hkkyjO6yptkigwA
link.edgepilot.com/s/0cc86054/ |
3 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.css
link.edgepilot.com/css/ |
819 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ |
118 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.min.js
code.jquery.com/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/ |
36 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cmJsYW5jaGFyZEBjb21tb2RvcmVidWlsZGVycy5jb20%3D
tolo-uw4to8.leecapitalllc.com/luak/ Redirect Chain
|
227 B 445 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
authorize_client_id:s6fi1d4c-7u9z-fqp4-5irz-k0houiz3fqg7_2yql0jone79hwitvbaz54u3fpxcsr6md1g8kfsr9bujynth84cgz15dok6vwim0xlpq27e3avkuh64dpsejw0amri5n3t7c81ly2g9oxfzbq
uplandsholdings.com/paok/OfficeV4/ Redirect Chain
|
12 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
uplandsholdings.com/paok/OfficeV4/css/ |
94 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
arrow_left.svg
uplandsholdings.com/paok/OfficeV4/images/ |
513 B 583 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
enterpass.png
uplandsholdings.com/paok/OfficeV4/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
firstmsg1.png
uplandsholdings.com/paok/OfficeV4/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
forgpass.png
uplandsholdings.com/paok/OfficeV4/images/ |
713 B 743 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ellipsis_white.svg
uplandsholdings.com/paok/OfficeV4/images/ |
915 B 945 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ellipsis_grey.svg
uplandsholdings.com/paok/OfficeV4/images/ |
915 B 945 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
api.php
uplandsholdings.com/paok/OfficeV4/ |
99 B 135 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inv-big-background.png
uplandsholdings.com/paok/OfficeV4/images/ |
171 KB 172 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
passwrd.png
uplandsholdings.com/paok/OfficeV4/images/ |
902 B 954 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sigin.png
uplandsholdings.com/paok/OfficeV4/images/ |
736 B 766 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)35 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated string| statos string| actnn string| actnn2 string| rndstr1 string| rndstr2 string| haserr string| plchol string| plchol2 string| arrl string| licensekey string| emailkey object| style function| checkdom object| xTag string| pagetype string| trl string| htmlinp string| htmlinp2 string| locathref string| params function| makeInputHere function| validateForm function| submitForm function| onkeypressFunction object| r object| xmlhttp1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
uplandsholdings.com/ | Name: PHPSESSID Value: 5e3b24e5d8e8e6fc4550c757ffc3360d |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
link.edgepilot.com
maxcdn.bootstrapcdn.com
tolo-uw4to8.leecapitalllc.com
uplandsholdings.com
192.185.106.152
199.30.234.133
2001:4de0:ac18::1:a:3a
2606:4700::6812:acf
50.87.48.179
051ab07f3ef8735817ac48068a1e051a1ca50990b19f7910aba8611282c3a659
105c03d3360cdb953585482374b2cc953d090741037502b0609629f5bb0135b7
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
1cf4b3ad7abf3189e78c1b3bd07308c92a03fa795fdbc5821fcde24030cfead0
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
706de242e7c3cfc4b16ba8174723f26fb80566c3171e9e795f057476011a5de1
7b6cf23ac2454b039ddf4f51b7074636ed5b08b6a1d254a47430c4ace2a3569d
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8c52987fbc48500c2a81bd52f81d44324e31e7ecadbebd111a02f912be232cfd
a59ea699d353d00ff2999111f9fa11fb73a47eda7800642609ca230560ea3703
a6ffc7d74dd128d6317f08ac5b1eb41ffc3d0de2d1fb8dc5a8eee7b99e981e15
c59f6b7b07b75a7b5ce91c7ab6a55d2777e0aa76a3aa309ed176a1aabfd46846
e29db32031dc537aee9cb557b408395f3324f1e0f744349c0cdf943a3af39296
f32a760f15530284447282af5c7d0825babf8bc4739e073928f6128830819f7a
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c