unitedcloud.ea93.work Open in urlscan Pro
2606:4700:20::681a:8eb  Malicious Activity! Public Scan

Submitted URL: https://ad44588dd1304018be9e934222aea33d.svc.dynamics.com/t/r/4xXuKgAEPn5KsfC-bbtrNYVQlZVFc66XWAoNOASSlBQ
Effective URL: https://unitedcloud.ea93.work/wp-content/bn/ramp.php?burp=010101
Submission: On February 11 via api from US

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 10 HTTP transactions. The main IP is 2606:4700:20::681a:8eb, located in United States and belongs to CLOUDFLARENET, US. The main domain is unitedcloud.ea93.work.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 7th 2020. Valid for: a year.
This is the only time unitedcloud.ea93.work was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 52.169.10.20 8075 (MICROSOFT...)
10 2606:4700:20:... 13335 (CLOUDFLAR...)
10 1
Apex Domain
Subdomains
Transfer
10 ea93.work
unitedcloud.ea93.work
62 KB
1 dynamics.com
ad44588dd1304018be9e934222aea33d.svc.dynamics.com
490 B
10 2
Domain Requested by
10 unitedcloud.ea93.work unitedcloud.ea93.work
1 ad44588dd1304018be9e934222aea33d.svc.dynamics.com 1 redirects
10 2

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-12-07 -
2021-12-06
a year crt.sh

This page contains 1 frames:

Primary Page: https://unitedcloud.ea93.work/wp-content/bn/ramp.php?burp=010101
Frame ID: 1A49A76DEB8E12A429FB4480D50519B9
Requests: 10 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://ad44588dd1304018be9e934222aea33d.svc.dynamics.com/t/r/4xXuKgAEPn5KsfC-bbtrNYVQlZVFc66XWAoNOASSlBQ HTTP 302
    https://unitedcloud.ea93.work/wp-content/bn/ramp.php?burp=010101 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

10
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

62 kB
Transfer

505 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ad44588dd1304018be9e934222aea33d.svc.dynamics.com/t/r/4xXuKgAEPn5KsfC-bbtrNYVQlZVFc66XWAoNOASSlBQ HTTP 302
    https://unitedcloud.ea93.work/wp-content/bn/ramp.php?burp=010101 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request ramp.php
unitedcloud.ea93.work/wp-content/bn/
Redirect Chain
  • https://ad44588dd1304018be9e934222aea33d.svc.dynamics.com/t/r/4xXuKgAEPn5KsfC-bbtrNYVQlZVFc66XWAoNOASSlBQ
  • https://unitedcloud.ea93.work/wp-content/bn/ramp.php?burp=010101
3 KB
2 KB
Document
General
Full URL
https://unitedcloud.ea93.work/wp-content/bn/ramp.php?burp=010101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:8eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
805e8c07d919aaa1185bff231aa6dff28bc9cab20fbf21f69b141f0c7d364186

Request headers

:method
GET
:authority
unitedcloud.ea93.work
:scheme
https
:path
/wp-content/bn/ramp.php?burp=010101
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Feb 2021 08:53:52 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d81929956915acbf561196efdc08f7b7f1613033632; expires=Sat, 13-Mar-21 08:53:52 GMT; path=/; domain=.ea93.work; HttpOnly; SameSite=Lax; Secure
cache-control
max-age=2592000
expires
Sat, 13 Mar 2021 08:53:52 GMT
vary
Accept-Encoding,User-Agent
cf-cache-status
DYNAMIC
cf-request-id
0831e50be200001752ddbfe000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=TaSrOOwgDJzG9%2B5SqqsZ%2Bj0czlHOiwv7%2FGDADwksRXdH8g%2F%2BUFWXQjBz7EWqIIjglFkED9Te7csQ9Vde01ia4KHMuqD3Qu4wZR7DaVJq9FLg1Y%2BmB6PPTkRYhu1%2BgJsK%2BcQ%3D"}]}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
61fcd78c9b401752-FRA
content-encoding
br

Redirect headers

content-length
0
location
https://unitedcloud.ea93.work/wp-content/bn/ramp.php?burp=010101
server
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
set-cookie
79f08280-5c63-4331-b04d-fb6f39afda51=Mo__GdZ9cLDKsfWH2_Un_e0Lkl-FF8UzimjOo_NTDAU; expires=Sat, 11 Feb 2023 08:53:52 GMT; path=/; secure; httponly; SameSite=None 319af4c0-e197-4de9-8a9b-fe98c8a2ca04=Mo__GdZ9cLDKsfWH2_Un_e0Lkl-FF8UzimjOo_NTDAU; path=/; secure; httponly; SameSite=None
x-activity-id
05dd3ffe-f4d6-4529-8dcc-656a0d97900e
x-ms-activity-id
05dd3ffe-f4d6-4529-8dcc-656a0d97900e
api-deprecated
False
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 11 Feb 2021 08:53:52 GMT
1g0f0h.css
unitedcloud.ea93.work/wp-content/bn/awm_files/
486 KB
44 KB
Stylesheet
General
Full URL
https://unitedcloud.ea93.work/wp-content/bn/awm_files/1g0f0h.css
Requested by
Host: unitedcloud.ea93.work
URL: https://unitedcloud.ea93.work/wp-content/bn/ramp.php?burp=010101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:8eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2aab7eceb12d61aac26a9dde36be343896e4f44ba8001d308136ce1506247df6

Request headers

Referer
https://unitedcloud.ea93.work/wp-content/bn/ramp.php?burp=010101
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Feb 2021 08:53:52 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 23 Nov 2020 22:31:56 GMT
server
cloudflare
age
594
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=kDsREIdL8%2BmEoA1ndZBhXbeblD8n4Mo7zfNp5SNCMqApUbvUDHRxW1sLwKQ3cAmYbSBFTespR32M2TQrmWIJoVsFokl3OaxjtV8PSI5xeOBwU4yaqC%2B8QX76G7Xif%2FoymQo%3D"}]}
content-type
text/css
cache-control
max-age=31536000
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
61fcd78d2bec1752-FRA
cf-request-id
0831e50c3800001752e33d1000000001
expires
Fri, 11 Feb 2022 08:43:58 GMT
Ofc365_MSNews.webp
unitedcloud.ea93.work/wp-content/bn/awm_files/
3 KB
3 KB
Image
General
Full URL
https://unitedcloud.ea93.work/wp-content/bn/awm_files/Ofc365_MSNews.webp
Requested by
Host: unitedcloud.ea93.work
URL: https://unitedcloud.ea93.work/wp-content/bn/ramp.php?burp=010101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:8eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
405d34d02a1cbb0605b544e1a0ebfe9249fb849bcf15a9bce978f1783e4b9bd8

Request headers

Referer
https://unitedcloud.ea93.work/wp-content/bn/ramp.php?burp=010101
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Feb 2021 08:53:52 GMT
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
594
content-length
2718
cf-request-id
0831e50c3800001752efb68000000001
last-modified
Mon, 23 Nov 2020 22:31:58 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
User-Agent, Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=5P5SCbFLR91GzPfj%2F2DOdNf8D09Gf0TpBCZTQ6MHlAFazsIC94UIa0sroh%2FgKSdkLtZ7%2Fy%2F6V0HHr0JOCoyuDbrA1yrrAaGXLAUB83PQorxxtEljFHiVIbdtszMjr6J5GKk%3D"}]}
content-type
image/webp
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
61fcd78d2bee1752-FRA
expires
Fri, 11 Feb 2022 08:43:58 GMT
images.jpg
unitedcloud.ea93.work/wp-content/bn/img/
13 KB
13 KB
Image
General
Full URL
https://unitedcloud.ea93.work/wp-content/bn/img/images.jpg
Requested by
Host: unitedcloud.ea93.work
URL: https://unitedcloud.ea93.work/wp-content/bn/ramp.php?burp=010101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:8eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c5b556603fd96b02a965dabdc84e6ffd5a450ca2c39321b15767624f3f58b2b

Request headers

Referer
https://unitedcloud.ea93.work/wp-content/bn/ramp.php?burp=010101
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Feb 2021 08:53:52 GMT
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
593
cf-bgj
h2pri
content-length
13230
cf-request-id
0831e50c75000017520c3ae000000001
last-modified
Tue, 24 Nov 2020 01:52:26 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
User-Agent, Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=UOcor5LGf1pGYUNqmd162%2F7S73VNUP%2BiOD7zyO1TBy4HQR%2BoTtm3xK7Kc9TCkLVhrLIj%2BEq%2BW%2Bjg2URzqGyBmAPtxYbJsZjVK5UykoI9mAIdthw1ky1zJkEosxKaKuSNPTI%3D"}]}
content-type
image/jpeg
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
61fcd78d8c5c1752-FRA
expires
Sat, 13 Mar 2021 08:43:59 GMT
20dpjc.woff2
unitedcloud.ea93.work/wp-content/20/20d/
0
0
Font
General
Full URL
https://unitedcloud.ea93.work/wp-content/20/20d/20dpjc.woff2
Requested by
Host: unitedcloud.ea93.work
URL: https://unitedcloud.ea93.work/wp-content/bn/awm_files/1g0f0h.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:8eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Origin
https://unitedcloud.ea93.work
Referer
https://unitedcloud.ea93.work/wp-content/bn/awm_files/1g0f0h.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Feb 2021 08:53:53 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
User-Agent, Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=kyEtExpTnHNMtmtlEGgOHIalD4MNAk7R%2FdmQ4ZxoBzclwSdHph1kk5Wex6RX9KAzAeEAIwDlUuIV3BE3nQwncgJsuLtmhUAGNH2suQMOMQt124yeeL8Bm7McA2uuGp8njcE%3D"}]}
content-type
text/html; charset=UTF-8
cache-control
max-age=1800, must-revalidate
cf-ray
61fcd78d8c5f1752-FRA
link
<https://unitedcloud.ea93.work/wp-json/>; rel="https://api.w.org/"
cf-request-id
0831e50c77000017520f313000000001
expires
Wed, 11 Jan 1984 05:00:00 GMT
3ncu8u.woff2
unitedcloud.ea93.work/wp-content/3n/3nc/
0
0
Font
General
Full URL
https://unitedcloud.ea93.work/wp-content/3n/3nc/3ncu8u.woff2
Requested by
Host: unitedcloud.ea93.work
URL: https://unitedcloud.ea93.work/wp-content/bn/awm_files/1g0f0h.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:8eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Origin
https://unitedcloud.ea93.work
Referer
https://unitedcloud.ea93.work/wp-content/bn/awm_files/1g0f0h.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Feb 2021 08:53:53 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
User-Agent, Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=pfVRiP%2BgT8QZcXptjNGWjtCfWjYhsQN0V0Hvuiy2S1YHZER%2FBD4Ly9IX%2BbwFJjKQX2Sp5G8z6A754m15NPDOwxLjpyVvcaKcTO1luVEy1%2Fsc7aJuUBmzPtFi5JV%2BKg9uDkQ%3D"}]}
content-type
text/html; charset=UTF-8
cache-control
max-age=1800, must-revalidate
cf-ray
61fcd78dac831752-FRA
link
<https://unitedcloud.ea93.work/wp-json/>; rel="https://api.w.org/"
cf-request-id
0831e50c8b0000175213284000000001
expires
Wed, 11 Jan 1984 05:00:00 GMT
3gdycc.woff
unitedcloud.ea93.work/wp-content/3g/3gd/
0
0
Font
General
Full URL
https://unitedcloud.ea93.work/wp-content/3g/3gd/3gdycc.woff
Requested by
Host: unitedcloud.ea93.work
URL: https://unitedcloud.ea93.work/wp-content/bn/awm_files/1g0f0h.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:8eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Origin
https://unitedcloud.ea93.work
Referer
https://unitedcloud.ea93.work/wp-content/bn/awm_files/1g0f0h.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Feb 2021 08:53:53 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
User-Agent, Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=j8oyeownKpYzm2HT2dhPE1U4iPe97YFCMK%2BSn6wi9F90KsRtUQopZBt%2BLAkWY3KltKXInF1mhBOtukByj7unk3k3WS2tlpWMjuFK8p1lpf9WiNbD%2FSLXGYblBNUGBYOxZ2g%3D"}]}
content-type
text/html; charset=UTF-8
cache-control
max-age=1800, must-revalidate
cf-ray
61fcd78f4f301752-FRA
link
<https://unitedcloud.ea93.work/wp-json/>; rel="https://api.w.org/"
cf-request-id
0831e50d8c00001752efb7a000000001
expires
Wed, 11 Jan 1984 05:00:00 GMT
0xine3.woff
unitedcloud.ea93.work/wp-content/0x/0xi/
0
0
Font
General
Full URL
https://unitedcloud.ea93.work/wp-content/0x/0xi/0xine3.woff
Requested by
Host: unitedcloud.ea93.work
URL: https://unitedcloud.ea93.work/wp-content/bn/awm_files/1g0f0h.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:8eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Origin
https://unitedcloud.ea93.work
Referer
https://unitedcloud.ea93.work/wp-content/bn/awm_files/1g0f0h.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Feb 2021 08:53:53 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
User-Agent, Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=pBV2tfuOXZGWk7%2BvRSB6A%2BrjtyiUyPufiIdJSvcx%2BWfkhP9tUt8hks2F50INFuctEHKqMJs0c2D88s7mOX4VAp6g6j%2BBW%2F2vp%2FJ04qZIZ8z7DFNkWXvqN0zItWvtmHUchCs%3D"}]}
content-type
text/html; charset=UTF-8
cache-control
max-age=1800, must-revalidate
cf-ray
61fcd78fdfc81752-FRA
link
<https://unitedcloud.ea93.work/wp-json/>; rel="https://api.w.org/"
cf-request-id
0831e50de4000017524e86e000000001
expires
Wed, 11 Jan 1984 05:00:00 GMT
4dn9uh.ttf
unitedcloud.ea93.work/wp-content/4d/4dn/
0
0
Font
General
Full URL
https://unitedcloud.ea93.work/wp-content/4d/4dn/4dn9uh.ttf
Requested by
Host: unitedcloud.ea93.work
URL: https://unitedcloud.ea93.work/wp-content/bn/awm_files/1g0f0h.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:8eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Origin
https://unitedcloud.ea93.work
Referer
https://unitedcloud.ea93.work/wp-content/bn/awm_files/1g0f0h.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Feb 2021 08:53:53 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
User-Agent, Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=OoLwhv4kM4ZyaRgEFpa8%2F%2Bau9m8RPgkcOaHR4ktSoWwjHyBV3m7lF1t3Zt6HfJrDC2PHp0dhVKuxa5ggIZPekyAGNdoG%2FlcyD0cARg8y14kevQhNF36OcjugRE4DhVS80tk%3D"}]}
content-type
text/html; charset=UTF-8
cache-control
max-age=1800, must-revalidate
cf-ray
61fcd79159c51752-FRA
link
<https://unitedcloud.ea93.work/wp-json/>; rel="https://api.w.org/"
cf-request-id
0831e50edc000017523d27c000000001
expires
Wed, 11 Jan 1984 05:00:00 GMT
12rsji.ttf
unitedcloud.ea93.work/wp-content/12/12r/
0
0
Font
General
Full URL
https://unitedcloud.ea93.work/wp-content/12/12r/12rsji.ttf
Requested by
Host: unitedcloud.ea93.work
URL: https://unitedcloud.ea93.work/wp-content/bn/awm_files/1g0f0h.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:8eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Origin
https://unitedcloud.ea93.work
Referer
https://unitedcloud.ea93.work/wp-content/bn/awm_files/1g0f0h.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Feb 2021 08:53:53 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
User-Agent, Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=PdZATYrHKSPiMPLsdJI7RIlyK70t8VenUMB%2BWuii9IZHEozLY9s7Z%2BGUdVPKKtNl3E6ytdw44jgFIelSOBdAYMCTbSwtGE5V7rA7GuCWIxXlVFfXFEZEzgFHxHaaA6X1uIE%3D"}]}
content-type
text/html; charset=UTF-8
cache-control
max-age=1800, must-revalidate
cf-ray
61fcd7918a0d1752-FRA
link
<https://unitedcloud.ea93.work/wp-json/>; rel="https://api.w.org/"
cf-request-id
0831e50ef90000175249957000000001
expires
Wed, 11 Jan 1984 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| el

1 Cookies

Domain/Path Name / Value
.ea93.work/ Name: __cfduid
Value: d81929956915acbf561196efdc08f7b7f1613033632