www.underofficemeet.online
Open in
urlscan Pro
185.42.117.108
Malicious Activity!
Public Scan
Effective URL: http://www.underofficemeet.online/?email=arun.gupta@aricent.com
Submission Tags: falconsandbox
Submission: On May 07 via api from US
Summary
This is the only time www.underofficemeet.online was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 185.107.232.244 185.107.232.244 | 200484 (SENDINBLU...) (SENDINBLUE-ASN) | |
1 | 2606:4700:303... 2606:4700:3033::ac43:9092 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 185.107.232.249 185.107.232.249 | 200484 (SENDINBLU...) (SENDINBLUE-ASN) | |
1 | 151.101.1.195 151.101.1.195 | 54113 (FASTLY) (FASTLY) | |
8 | 185.42.117.108 185.42.117.108 | 43424 (MAGICRETAIL) (MAGICRETAIL) | |
12 | 5 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
underofficemeet.online
www.underofficemeet.online |
774 KB |
1 |
web.app
plle-2a0dc.web.app |
515 B |
1 |
sendinblue.com
in-automate.sendinblue.com |
225 B |
1 |
sibautomation.com
sibautomation.com |
2 KB |
1 |
sendibt2.com
dfbaicd.r.af.d.sendibt2.com |
960 B |
12 | 5 |
Domain | Requested by | |
---|---|---|
8 | www.underofficemeet.online |
plle-2a0dc.web.app
www.underofficemeet.online |
1 | plle-2a0dc.web.app |
dfbaicd.r.af.d.sendibt2.com
|
1 | in-automate.sendinblue.com |
sibautomation.com
|
1 | sibautomation.com |
dfbaicd.r.af.d.sendibt2.com
|
1 | dfbaicd.r.af.d.sendibt2.com | |
12 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.r.af.d.sendibt2.com R3 |
2021-04-16 - 2021-07-15 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-08-10 - 2021-08-10 |
a year | crt.sh |
*.sendinblue.com Sectigo RSA Domain Validation Secure Server CA |
2020-12-07 - 2021-12-12 |
a year | crt.sh |
web.app GTS CA 1D4 |
2021-03-17 - 2021-06-15 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
http://www.underofficemeet.online/?email=arun.gupta@aricent.com
Frame ID: 16BDBE825811A95086CABC3713A8A581
Requests: 10 HTTP requests in this frame
Frame:
https://sibautomation.com/cm.html?id=3510823
Frame ID: B3434059F80DDBDC58A16F64C389CF9B
Requests: 2 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://dfbaicd.r.af.d.sendibt2.com/tr/cl/KkB_ABcKdFUifSnAHfu5DoX9yxsVkTBEjm-yhTdJiarNXacJfEhC-Q73w0HPKkUwo8T3tN... Page URL
- https://plle-2a0dc.web.app/ap/ple.html?email=arun.gupta@aricent.com Page URL
- http://www.underofficemeet.online/?email=arun.gupta@aricent.com Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://dfbaicd.r.af.d.sendibt2.com/tr/cl/KkB_ABcKdFUifSnAHfu5DoX9yxsVkTBEjm-yhTdJiarNXacJfEhC-Q73w0HPKkUwo8T3tNoGRVnCdmHgAeceA0OlA-Z5vEQeJJzTez9G1YDnjmxQcpeN_DdNzOW7PEFB6bhCabTxT8c788mBXyhQrzSAuDrhrkrmUc_duoa79gJPIuyT3ct-K9llCtis-KhmJeJ1qGln6HgoL9xgeTLlscVOL1KIUN0vneEBU6bDnIanqpkZLbopFH2RXCXvBxgF8NfESUg Page URL
- https://plle-2a0dc.web.app/ap/ple.html?email=arun.gupta@aricent.com Page URL
- http://www.underofficemeet.online/?email=arun.gupta@aricent.com Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
KkB_ABcKdFUifSnAHfu5DoX9yxsVkTBEjm-yhTdJiarNXacJfEhC-Q73w0HPKkUwo8T3tNoGRVnCdmHgAeceA0OlA-Z5vEQeJJzTez9G1YDnjmxQcpeN_DdNzOW7PEFB6bhCabTxT8c788mBXyhQrzSAuDrhrkrmUc_duoa79gJPIuyT3ct-K9llCtis-KhmJeJ1q...
dfbaicd.r.af.d.sendibt2.com/tr/cl/ |
756 B 960 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cm.html
sibautomation.com/ Frame B343 |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cm
in-automate.sendinblue.com/ Frame B343 |
0 225 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ple.html
plle-2a0dc.web.app/ap/ |
440 B 515 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
www.underofficemeet.online/ |
28 KB 28 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
converged.v2.login.min_99ypt2ae9l1eaa2j9r7rkw2.css
www.underofficemeet.online/static/ |
99 KB 100 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ux.old.converged.login.pcore.min_eparipgljkn2zdpq_ambvg2.js
www.underofficemeet.online/static/ |
601 KB 601 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ux.converged.login.strings-en.min_r5frqpfgjpspvfp5itpupa2.js
www.underofficemeet.online/static/ |
37 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
www.underofficemeet.online/static/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg
www.underofficemeet.online/static/ |
900 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
www.underofficemeet.online/static/ |
915 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2_bc3d32a696895f78c19df6c717586a5d.svg
www.underofficemeet.online/static/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| webpackJsonp object| StringRepository object| PROOF boolean| __0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
dfbaicd.r.af.d.sendibt2.com
in-automate.sendinblue.com
plle-2a0dc.web.app
sibautomation.com
www.underofficemeet.online
151.101.1.195
185.107.232.244
185.107.232.249
185.42.117.108
2606:4700:3033::ac43:9092
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
254ace03403134dad2a92a72d0fb3722c16848612a58397b70164a6f2a63d613
41b8ff9c07937f27ff70b5a1c1999a5c15873a5f0d8a741e6d8568f68b1c3f04
61d7ccc5d2c41bf86be6cefb0063405067849ba64e9f219f60596ef09a54a942
76aaf0360e8b07ff16276cc7b497059f32a9f030efa8289560acddeec7abe34f
79877962c141ad83dacebd97df502c0dfd42b33b9264982d80fb2e05b2b5b81b
968d3f29171b0c97399611fbcd07bc81db0253fd91ec36dc456d08bb94b9bac7
fd0445665f3945ab347e11fdf2920b0d03583565f17cb005451ed125a878f732