unitedcloud.ea93.work
Open in
urlscan Pro
2606:4700:20::681a:8eb
Malicious Activity!
Public Scan
Effective URL: https://unitedcloud.ea93.work/wp-content/bn/ramp.php?burp=010101
Submission: On February 11 via api from US
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 7th 2020. Valid for: a year.
This is the only time unitedcloud.ea93.work was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 52.169.10.20 52.169.10.20 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
10 | 2606:4700:20:... 2606:4700:20::681a:8eb | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
10 | 1 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
ad44588dd1304018be9e934222aea33d.svc.dynamics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
ea93.work
unitedcloud.ea93.work |
62 KB |
1 |
dynamics.com
1 redirects
ad44588dd1304018be9e934222aea33d.svc.dynamics.com |
490 B |
10 | 2 |
Domain | Requested by | |
---|---|---|
10 | unitedcloud.ea93.work |
unitedcloud.ea93.work
|
1 | ad44588dd1304018be9e934222aea33d.svc.dynamics.com | 1 redirects |
10 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-12-07 - 2021-12-06 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://unitedcloud.ea93.work/wp-content/bn/ramp.php?burp=010101
Frame ID: 1A49A76DEB8E12A429FB4480D50519B9
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://ad44588dd1304018be9e934222aea33d.svc.dynamics.com/t/r/4xXuKgAEPn5KsfC-bbtrNYVQlZVFc66XWAoNOASSlBQ
HTTP 302
https://unitedcloud.ea93.work/wp-content/bn/ramp.php?burp=010101 Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://ad44588dd1304018be9e934222aea33d.svc.dynamics.com/t/r/4xXuKgAEPn5KsfC-bbtrNYVQlZVFc66XWAoNOASSlBQ
HTTP 302
https://unitedcloud.ea93.work/wp-content/bn/ramp.php?burp=010101 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
ramp.php
unitedcloud.ea93.work/wp-content/bn/ Redirect Chain
|
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1g0f0h.css
unitedcloud.ea93.work/wp-content/bn/awm_files/ |
486 KB 44 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Ofc365_MSNews.webp
unitedcloud.ea93.work/wp-content/bn/awm_files/ |
3 KB 3 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
images.jpg
unitedcloud.ea93.work/wp-content/bn/img/ |
13 KB 13 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
20dpjc.woff2
unitedcloud.ea93.work/wp-content/20/20d/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3ncu8u.woff2
unitedcloud.ea93.work/wp-content/3n/3nc/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3gdycc.woff
unitedcloud.ea93.work/wp-content/3g/3gd/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0xine3.woff
unitedcloud.ea93.work/wp-content/0x/0xi/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4dn9uh.ttf
unitedcloud.ea93.work/wp-content/4d/4dn/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
12rsji.ttf
unitedcloud.ea93.work/wp-content/12/12r/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| el1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.ea93.work/ | Name: __cfduid Value: d81929956915acbf561196efdc08f7b7f1613033632 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ad44588dd1304018be9e934222aea33d.svc.dynamics.com
unitedcloud.ea93.work
2606:4700:20::681a:8eb
52.169.10.20
2aab7eceb12d61aac26a9dde36be343896e4f44ba8001d308136ce1506247df6
405d34d02a1cbb0605b544e1a0ebfe9249fb849bcf15a9bce978f1783e4b9bd8
805e8c07d919aaa1185bff231aa6dff28bc9cab20fbf21f69b141f0c7d364186
8c5b556603fd96b02a965dabdc84e6ffd5a450ca2c39321b15767624f3f58b2b