owa.sarbacame.com
Open in
urlscan Pro
51.68.112.244
Malicious Activity!
Public Scan
Submission: On May 15 via manual from GB — Scanned from FR
Summary
TLS certificate: Issued by R3 on March 24th 2024. Valid for: 3 months.
This is the only time owa.sarbacame.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Outlook Web Access (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 51.68.112.244 51.68.112.244 | 16276 (OVH) (OVH) | |
1 | 2a04:4e42:200... 2a04:4e42:200::649 | 54113 (FASTLY) (FASTLY) | |
11 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
sarbacame.com
owa.sarbacame.com |
25 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 776 |
30 KB |
0 |
sarbacane.com
Failed
owa.sarbacane.com Failed |
|
11 | 3 |
Domain | Requested by | |
---|---|---|
9 | owa.sarbacame.com |
owa.sarbacame.com
|
1 | code.jquery.com |
owa.sarbacame.com
|
0 | owa.sarbacane.com Failed | |
11 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
owa.sarbacame.com R3 |
2024-03-24 - 2024-06-22 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://owa.sarbacame.com/owa/auth/
Frame ID: BA361C9BE217FAC29484A7F0EF09E187
Requests: 11 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
owa.sarbacame.com/owa/auth/ |
6 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logon.css
owa.sarbacame.com/owa/auth/owa_fichiers/ |
9 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
flogon.js
owa.sarbacame.com/owa/auth/owa_fichiers/ |
15 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
olk_logo_white.png
owa.sarbacame.com/owa/auth/owa_fichiers/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
olk_logo_white_small.png
owa.sarbacame.com/owa/auth/owa_fichiers/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
owa_text_blue.png
owa.sarbacame.com/owa/auth/owa_fichiers/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Sign_in_arrow.png
owa.sarbacame.com/owa/auth/owa_fichiers/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.1.min.js
code.jquery.com/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg_gradient_login.png
owa.sarbacame.com/owa/auth/15.0.847/themes/resources/ |
280 B 280 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
segoeui-regular.ttf
owa.sarbacame.com/owa/auth/owa_fichiers/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
favicon.ico
owa.sarbacane.com/owa/auth/15.0.847/themes/resources/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- owa.sarbacane.com
- URL
- https://owa.sarbacane.com/owa/auth/15.0.847/themes/resources/favicon.ico
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Outlook Web Access (Online)29 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| script function| initLogon function| redir function| shw function| hd function| clkExp function| clkSecExp function| kdSecExp function| clkSec function| clkBsc function| checkSubmit function| clkLgn function| clkRtry function| clkReLgn function| gbid function| IsOwaPremiumBrowser function| hres function| LogoffMime function| addPerfMarker number| a_fRC number| g_fFcs number| a_fLOff number| a_fCAC number| a_fEnbSMm function| setPlaceholderText function| showPasswordClick object| mainLogonDiv function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
owa.sarbacame.com/owa/auth | Name: cookieTest Value: 1 |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=15552000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
owa.sarbacame.com
owa.sarbacane.com
owa.sarbacane.com
2a04:4e42:200::649
51.68.112.244
07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
09f87da17291cb69487227a868a0310a9bc5d6f1187a63ddeb4f5ecb3873ef18
11308a24ed867a8d43b4cf57ead840d350fab01c2fd797e3e818e2cc61d2e9d2
39875e0ebd36fc9a8369de687d7c81d378dd62157d196cfdffe5fe9afed13bfe
4de8fc175826d9f78fce9f9f2b71a63fe832fc7507e0394125c823b0909fa54a
6bd745cac7dd2e979f9e89dcd3c1ed3058812be0c88a06fc066360f74120b717
7f2ac7f8f7dc0bde9ea7301ad6be18b11511b7864019ba64e1fb035b34ab56b7
d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b