urlscan.io logo urlscan.io
SecurityTrails logo

upfng.org Open in urlscan Pro
179.61.192.103  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://upfng.org/=/PO/PO.S067394000.html
Submission: On January 07 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 15 HTTP transactions. The main IP is 179.61.192.103, located in Ar Rayyan, Qatar and belongs to AS-COLOCROSSING - ColoCrossing, US. The main domain is upfng.org.
TLS certificate: Issued by cPanel, Inc. Certification Authority on December 4th 2018. Valid for: 3 months.
This is the only time upfng.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online)

Domain & IP information

IP Address AS Autonomous System
6 179.61.192.103 36352 (AS-COLOCR...)
2 6 2606:4700:30:... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2 173.236.139.84 26347 (DREAMHOST-AS)
1 1 2606:4700:30:... 13335 (CLOUDFLAR...)
15 6
6    179.61.192.103 (Ar Rayyan, Qatar)

ASN36352 (AS-COLOCROSSING - ColoCrossing, US)
PTR: server105.verygoodserver.com
upfng.org
6    2606:4700:30::681b:a50c (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
qiagenbioinformatics.com
www.qiagenbioinformatics.com
1    2606:4700::6810:6050 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
app-sjqe.marketo.com
1    2606:4700:10::6814:128e (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.layer2solutions.com
2    173.236.139.84 (Brea, United States)

ASN26347 (DREAMHOST-AS - New Dream Network, LLC, US)
PTR: ps528127.dreamhost.com
networksthatwork.net
1    2606:4700:30::681b:a40c (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
qiagenbioinformatics.com
Domain Requested by
6 upfng.org upfng.org
www.qiagenbioinformatics.com
4 www.qiagenbioinformatics.com upfng.org
app-sjqe.marketo.com
www.qiagenbioinformatics.com
3 qiagenbioinformatics.com 3 redirects
2 networksthatwork.net 1 redirects upfng.org
1 www.layer2solutions.com upfng.org
1 app-sjqe.marketo.com upfng.org
15 6

This site contains links to these domains. Also see Links.

Domain
portal.biobase-international.com
qiagenbioinformatics.com
www.qiagen.com
Subject Issuer Validity Valid
upfng.org
cPanel, Inc. Certification Authority		 2018-12-04 -
2019-03-04		 3 months crt.sh
sni307785.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2018-12-27 -
2019-07-05		 6 months crt.sh
app-sjqe.marketo.com
CloudFlare Inc ECC CA-2		 2018-10-05 -
2019-10-05		 a year crt.sh
layer2solutions.com
GlobalSign Extended Validation CA - SHA256 - G3		 2017-06-13 -
2019-06-14		 2 years crt.sh
networksthatwork.net
Let's Encrypt Authority X3		 2019-01-03 -
2019-04-03		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://upfng.org/=/PO/PO.S067394000.html
Frame ID: AB7EBD5B5510738DE637AC354BD2780F
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+wp-(?:content|includes)/i
Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+wp-(?:content|includes)/i
Overall confidence: 100%
Detected patterns
  • headers server /^LiteSpeed$/i
Overall confidence: 100%
Detected patterns
  • script /(?:prototype|protoaculous)(?:-([\d.]*[\d]))?.*\.js/i
Overall confidence: 100%
Detected patterns
  • script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
  • script /jquery.*\.js/i
  • env /^jQuery$/i

Page Statistics

15
Requests

87 %
HTTPS

67 %
IPv6

5
Domains

6
Subdomains

6
IPs

2
Countries

295 kB
Transfer

757 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://qiagenbioinformatics.com/wp-content/assets/css/main.raw.css HTTP 302
  • https://www.qiagenbioinformatics.com/wp-content/assets/css/main.raw.css
Request Chain 1
  • https://qiagenbioinformatics.com/wp-content/assets/js/jquery-1.11.1.min.js HTTP 302
  • https://www.qiagenbioinformatics.com/wp-content/assets/js/jquery-1.11.1.min.js
Request Chain 6
  • http://networksthatwork.net/wp-content/uploads/2016/11/office365-1.png HTTP 301
  • https://networksthatwork.net/wp-content/uploads/2016/11/office365-1.png
Request Chain 7
  • http://qiagenbioinformatics.com/wp-content/assets/imgs/Sample-to-insight.png HTTP 302
  • https://www.qiagenbioinformatics.com/wp-content/assets/imgs/Sample-to-insight.png

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request PO.S067394000.html
upfng.org/=/PO/ 		11 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://upfng.org/=/PO/PO.S067394000.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
179.61.192.103 Ar Rayyan, Qatar, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
server105.verygoodserver.com
Software
LiteSpeed /
Resource Hash
5d7076969ff4d882839987bb18f86586159c72aba0a3cd3c0341294193d4c830

Request headers

:method
GET
:authority
upfng.org
:scheme
https
:path
/=/PO/PO.S067394000.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
last-modified
Tue, 01 May 2018 22:34:26 GMT
content-type
text/html
content-length
2763
content-encoding
br
vary
Accept-Encoding
date
Mon, 07 Jan 2019 16:31:32 GMT
server
LiteSpeed
alt-svc
quic=":443"; ma=2592000; v="35,39,43"
main.raw.css
www.qiagenbioinformatics.com/wp-content/assets/css/
Redirect Chain
  • https://qiagenbioinformatics.com/wp-content/assets/css/main.raw.css
  • https://www.qiagenbioinformatics.com/wp-content/assets/css/main.raw.css
54 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.qiagenbioinformatics.com/wp-content/assets/css/main.raw.css
Requested by
Host: upfng.org
URL: https://upfng.org/=/PO/PO.S067394000.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::681b:a50c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
aac64a4002c195be00b9605d7f8ef38a7f9f3c85d75b75a5eef80a3dc2bc22d8

Request headers

Referer
https://upfng.org/=/PO/PO.S067394000.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 07 Jan 2019 16:31:33 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 21 Jun 2017 13:02:14 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
text/css
status
200
cache-control
public, max-age=14400
cf-ray
4957d0b75aa26355-FRA
expires
Mon, 07 Jan 2019 20:31:33 GMT

Redirect headers

date
Mon, 07 Jan 2019 16:31:32 GMT
cf-cache-status
HIT
server
cloudflare
location
https://www.qiagenbioinformatics.com/wp-content/assets/css/main.raw.css
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/html; charset=iso-8859-1
status
302
cache-control
public, max-age=14400
cf-ray
4957d0b6fa656355-FRA
expires
Mon, 07 Jan 2019 20:31:32 GMT
jquery-1.11.1.min.js
www.qiagenbioinformatics.com/wp-content/assets/js/
Redirect Chain
  • https://qiagenbioinformatics.com/wp-content/assets/js/jquery-1.11.1.min.js
  • https://www.qiagenbioinformatics.com/wp-content/assets/js/jquery-1.11.1.min.js
94 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.qiagenbioinformatics.com/wp-content/assets/js/jquery-1.11.1.min.js
Requested by
Host: upfng.org
URL: https://upfng.org/=/PO/PO.S067394000.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::681b:a50c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Referer
https://upfng.org/=/PO/PO.S067394000.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 07 Jan 2019 16:31:33 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 12 Jun 2017 07:41:17 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
status
200
cache-control
public, max-age=14400
cf-ray
4957d0b75aa36355-FRA
expires
Mon, 07 Jan 2019 20:31:33 GMT

Redirect headers

date
Mon, 07 Jan 2019 16:31:32 GMT
cf-cache-status
HIT
server
cloudflare
location
https://www.qiagenbioinformatics.com/wp-content/assets/js/jquery-1.11.1.min.js
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/html; charset=iso-8859-1
status
302
cache-control
public, max-age=14400
cf-ray
4957d0b6fa666355-FRA
expires
Mon, 07 Jan 2019 20:31:32 GMT
forms2.js
app-sjqe.marketo.com/js/forms2/js/ 		489 KB
140 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app-sjqe.marketo.com/js/forms2/js/forms2.js
Requested by
Host: upfng.org
URL: https://upfng.org/=/PO/PO.S067394000.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:6050 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9603cf626c2d7a06b7e003683790420f0d873d46fa31e5aee14746913d180a5c
Security Headers
Name Value
Strict-Transport-Security max-age=63113904
X-Content-Type-Options nosniff

Request headers

Referer
https://upfng.org/=/PO/PO.S067394000.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 07 Jan 2019 16:31:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Thu, 25 Oct 2018 09:18:40 GMT
server
cloudflare
etag
"387885-7a3b4-5790a16a37c00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
public, max-age=14400
strict-transport-security
max-age=63113904
cf-ray
4957d0b7792dbf02-FRA
expires
Mon, 07 Jan 2019 20:31:33 GMT
fastclick.js
upfng.org/=/PO/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://upfng.org/=/PO/fastclick.js
Requested by
Host: upfng.org
URL: https://upfng.org/=/PO/PO.S067394000.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
179.61.192.103 Ar Rayyan, Qatar, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
server105.verygoodserver.com
Software
LiteSpeed /
Resource Hash

Request headers

:path
/=/PO/fastclick.js
pragma
no-cache
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
upfng.org
referer
https://upfng.org/=/PO/PO.S067394000.html
:scheme
https
:method
GET
Referer
https://upfng.org/=/PO/PO.S067394000.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 07 Jan 2019 16:31:32 GMT
server
LiteSpeed
content-type
text/html
status
404
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
alt-svc
quic=":443"; ma=2592000; v="35,39,43"
content-length
1148
prototype.js
upfng.org/portal/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://upfng.org/portal/prototype.js
Requested by
Host: upfng.org
URL: https://upfng.org/=/PO/PO.S067394000.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
179.61.192.103 Ar Rayyan, Qatar, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
server105.verygoodserver.com
Software
LiteSpeed /
Resource Hash

Request headers

:path
/portal/prototype.js
pragma
no-cache
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
upfng.org
referer
https://upfng.org/=/PO/PO.S067394000.html
:scheme
https
:method
GET
Referer
https://upfng.org/=/PO/PO.S067394000.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 07 Jan 2019 16:31:32 GMT
server
LiteSpeed
content-type
text/html
status
404
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
alt-svc
quic=":443"; ma=2592000; v="35,39,43"
content-length
1148
office-365-sharepoint-groups-backup-layer2.jpg
www.layer2solutions.com/images/default-source/infografiken/cloud-connector/ 		53 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.layer2solutions.com/images/default-source/infografiken/cloud-connector/office-365-sharepoint-groups-backup-layer2.jpg?sfvrsn=3c81ad81_0
Requested by
Host: upfng.org
URL: https://upfng.org/=/PO/PO.S067394000.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700:10::6814:128e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
643c09fe57c8f3bd2f29630a860fd81983590db2310e05388f518d57de9c5bb4

Request headers

Referer
https://upfng.org/=/PO/PO.S067394000.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 07 Jan 2019 16:31:33 GMT
cf-cache-status
MISS
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
status
200
content-disposition
inline; filename=office-365-sharepoint-groups-backup-layer2.jpg
content-length
54469
last-modified
Thu, 08 Jun 2017 10:11:27 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
4957d0b729ecc288-FRA
expires
Mon, 07 Jan 2019 20:31:33 GMT
office365-1.png
networksthatwork.net/wp-content/uploads/2016/11/
Redirect Chain
  • http://networksthatwork.net/wp-content/uploads/2016/11/office365-1.png
  • https://networksthatwork.net/wp-content/uploads/2016/11/office365-1.png
44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://networksthatwork.net/wp-content/uploads/2016/11/office365-1.png
Requested by
Host: upfng.org
URL: https://upfng.org/=/PO/PO.S067394000.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
173.236.139.84 Brea, United States, ASN26347 (DREAMHOST-AS - New Dream Network, LLC, US),
Reverse DNS
ps528127.dreamhost.com
Software
Apache /
Resource Hash
e4100b1ab7754f4a564cff416367ce97d0bfb7bba437d38f8e2564c48d3d3638

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 07 Jan 2019 16:31:33 GMT
Referrer-Policy
Last-Modified
Fri, 18 Nov 2016 17:51:08 GMT
Server
Apache
ETag
"af6b-54196f3702746"
Content-Type
image/png
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=100
Content-Length
44907
Expires
Tue, 07 Jan 2020 16:31:33 GMT

Redirect headers

Date
Mon, 07 Jan 2019 16:31:33 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Content-Type
text/html; charset=iso-8859-1
Location
https://networksthatwork.net/wp-content/uploads/2016/11/office365-1.png
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
228
Sample-to-insight.png
www.qiagenbioinformatics.com/wp-content/assets/imgs/
Redirect Chain
  • http://qiagenbioinformatics.com/wp-content/assets/imgs/Sample-to-insight.png
  • https://www.qiagenbioinformatics.com/wp-content/assets/imgs/Sample-to-insight.png
426 B
510 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.qiagenbioinformatics.com/wp-content/assets/imgs/Sample-to-insight.png
Requested by
Host: upfng.org
URL: https://upfng.org/=/PO/PO.S067394000.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::681b:a50c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea3704b424a53807ab2830c3f9b2cc366e09cf9e0ef41a4688f2c4676f8d4453

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 07 Jan 2019 16:31:33 GMT
cf-cache-status
HIT
last-modified
Mon, 03 Apr 2017 08:19:30 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
User-Agent, Accept-Encoding
content-type
image/png
status
200
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
4957d0b97c546355-FRA
content-length
426
expires
Mon, 07 Jan 2019 20:31:33 GMT

Redirect headers

Date
Mon, 07 Jan 2019 16:31:33 GMT
CF-Cache-Status
EXPIRED
Server
cloudflare
Vary
Accept-Encoding
Content-Type
text/html; charset=iso-8859-1
Location
https://www.qiagenbioinformatics.com/wp-content/assets/imgs/Sample-to-insight.png
Cache-Control
public, max-age=14400
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
4957d0b7b7dec283-FRA
Expires
Mon, 07 Jan 2019 20:31:33 GMT
4d0e252c-d811-4a5d-a7f3-6ad72c6b76f2.woff
www.qiagenbioinformatics.com/wp-content/assets/fonts/ 		0
0
fastclick.js
upfng.org/=/PO/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://upfng.org/=/PO/fastclick.js
Requested by
Host: upfng.org
URL: https://upfng.org/=/PO/PO.S067394000.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
179.61.192.103 Ar Rayyan, Qatar, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
server105.verygoodserver.com
Software
LiteSpeed /
Resource Hash

Request headers

:path
/=/PO/fastclick.js
pragma
no-cache
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
upfng.org
referer
https://upfng.org/=/PO/PO.S067394000.html
:scheme
https
:method
GET
Referer
https://upfng.org/=/PO/PO.S067394000.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 07 Jan 2019 16:31:33 GMT
server
LiteSpeed
content-type
text/html
status
404
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
alt-svc
quic=":443"; ma=2592000; v="35,39,43"
content-length
1148
54250d43-02be-4ff9-b802-a4ea104a0611.ttf
www.qiagenbioinformatics.com/wp-content/assets/fonts/ 		0
0
prototype.js
upfng.org/portal/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://upfng.org/portal/prototype.js
Requested by
Host: upfng.org
URL: https://upfng.org/=/PO/PO.S067394000.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
179.61.192.103 Ar Rayyan, Qatar, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
server105.verygoodserver.com
Software
LiteSpeed /
Resource Hash

Request headers

:path
/portal/prototype.js
pragma
no-cache
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
upfng.org
referer
https://upfng.org/=/PO/PO.S067394000.html
:scheme
https
:method
GET
Referer
https://upfng.org/=/PO/PO.S067394000.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 07 Jan 2019 16:31:33 GMT
server
LiteSpeed
content-type
text/html
status
404
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
alt-svc
quic=":443"; ma=2592000; v="35,39,43"
content-length
1148
PO.S067394000.html
upfng.org/=/PO/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upfng.org/=/PO/PO.S067394000.html
Requested by
Host: www.qiagenbioinformatics.com
URL: https://www.qiagenbioinformatics.com/wp-content/assets/js/jquery-1.11.1.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
179.61.192.103 Ar Rayyan, Qatar, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
server105.verygoodserver.com
Software
LiteSpeed /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/=/PO/PO.S067394000.html
pragma
no-cache
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
upfng.org
referer
https://upfng.org/=/PO/PO.S067394000.html
:scheme
https
:method
GET
Referer
https://upfng.org/=/PO/PO.S067394000.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 07 Jan 2019 16:31:33 GMT
content-encoding
br
last-modified
Tue, 01 May 2018 22:34:26 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/html
status
200
alt-svc
quic=":443"; ma=2592000; v="35,39,43"
content-length
2763
blueline-bg.png
www.qiagenbioinformatics.com/wp-content/assets/imgs/ 		80 B
197 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.qiagenbioinformatics.com/wp-content/assets/imgs/blueline-bg.png
Requested by
Host: www.qiagenbioinformatics.com
URL: https://www.qiagenbioinformatics.com/wp-content/assets/js/jquery-1.11.1.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::681b:a50c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7fe7f2385a07d3b2ce34f7d9daff2208fdaf6a8ed86845b55ca6ce0c417f278

Request headers

Referer
https://www.qiagenbioinformatics.com/wp-content/assets/css/main.raw.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 07 Jan 2019 16:31:33 GMT
cf-cache-status
HIT
last-modified
Mon, 03 Apr 2017 08:19:23 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
User-Agent, Accept-Encoding
content-type
image/png
status
200
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
4957d0b91c096355-FRA
content-length
80
expires
Mon, 07 Jan 2019 20:31:33 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.qiagenbioinformatics.com
URL
https://www.qiagenbioinformatics.com/wp-content/assets/fonts/4d0e252c-d811-4a5d-a7f3-6ad72c6b76f2.woff
Domain
www.qiagenbioinformatics.com
URL
https://www.qiagenbioinformatics.com/wp-content/assets/fonts/54250d43-02be-4ff9-b802-a4ea104a0611.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery object| MktoForms2

0 Cookies