ugto.ml
Open in
urlscan Pro
2606:4700:3033::ac43:a8f1
Malicious Activity!
Public Scan
Submission: On June 11 via manual from US
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 13th 2021. Valid for: a year.
This is the only time ugto.ml was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Outlook Web Access (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 2606:4700:303... 2606:4700:3033::ac43:a8f1 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 2 |
Domain | Requested by | |
---|---|---|
7 | ugto.ml |
ugto.ml
|
7 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-05-13 - 2022-05-12 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://ugto.ml/autodiscover/owa_app/?target=
Frame ID: 93786228E209E94EA70D335E9BD21FFF
Requests: 10 HTTP requests in this frame
Screenshot
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
ugto.ml/autodiscover/owa_app/ |
32 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
sign_in.jpg
ugto.ml/autodiscover/owa_app/ |
9 KB 10 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
8 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
latest.woff2
ugto.ml/autodiscover/owa_app/c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
segoeui-regular.ttf
ugto.ml/owa/inc/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
segoeui-semilight.ttf
ugto.ml/owa/inc/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
latest.woff
ugto.ml/autodiscover/owa_app/c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
latest.ttf
ugto.ml/autodiscover/owa_app/c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Outlook Web Access (Online)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ugto.ml
2606:4700:3033::ac43:a8f1
6710ee6e22d5e3e82f70554804806c37aac5789b110d944383ea393d93eb627a
8a176c0c89d32bdc76d745495de025ba1182af6de0224488bec1c12f02b77d3b
a7c14ee84d81a536a4cd54e3a144f388f2174a4a5c409ae118ea49f0da6b4aa6
d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b
ea6fd8ac5847270631dc4d4815205ddaa1e082fb7776cbe7ea8c6f26cb825c9c