see.elucidatetech.com Open in urlscan Pro
2606:4700:3032::ac43:86b0 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://track-pro.zaitoonmarket.com/ga/click/2-49829506-2093-440-775-788-169f25e89a-7d20be9acf
Effective URL:
https://see.elucidatetech.com/htn?fg=ZIJwlWprcWKEmLqxy5qmnnx0Yq-1jqxiaWQ/spam%40fightspam.gc.ca
Submission: On July 21 via api (July 21st 2020, 8:13:55 pm UTC) from CA

Summary HTTP 69 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 69 HTTP transactions. The main IP is 2606:4700:3032::ac43:86b0, located in United States and belongs to CLOUDFLARENET, US. The main domain is see.elucidatetech.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 30th 2020. Valid for: a year.

This is the only time see.elucidatetech.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Investment Scam (Online) Lion's Den Scam (Online) Generic Crypto (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
1 1	51.89.169.227 51.89.169.227	16276 (OVH) (OVH)
54	2606:4700:303... 2606:4700:3032::ac43:86b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2606:4700::68... 2606:4700::6812:13b7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:819::200a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:36::15	15169 (GOOGLE) (GOOGLE)
1	2606:4700:20:... 2606:4700:20::681a:64	13335 (CLOUDFLAR...) (CLOUDFLARENET)
69	6

1 51.89.169.227 (United Kingdom) 1 redirects

ASN16276 (OVH, FR)

track-pro.zaitoonmarket.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

54 2606:4700:3032::ac43:86b0 (United States)

ASN13335 (CLOUDFLARENET, US)

see.elucidatetech.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6812:13b7 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.by.wonderpush.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:36::15 (United States)

ASN15169 (GOOGLE, US)

measurements-api.wonderpush.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:64 (United States)

ASN13335 (CLOUDFLARENET, US)

get.geojs.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
54	elucidatetech.com see.elucidatetech.com	2 MB
8	wonderpush.com cdn.by.wonderpush.com measurements-api.wonderpush.com	192 KB
5	gstatic.com fonts.gstatic.com	46 KB
1	geojs.io get.geojs.io	793 B
1	googleapis.com fonts.googleapis.com	1 KB
1	zaitoonmarket.com 1 redirects track-pro.zaitoonmarket.com	751 B
69	6

	Domain	Requested by
54	see.elucidatetech.com	see.elucidatetech.com cdn.by.wonderpush.com
7	cdn.by.wonderpush.com	see.elucidatetech.com cdn.by.wonderpush.com
5	fonts.gstatic.com	see.elucidatetech.com
1	get.geojs.io	cdn.by.wonderpush.com
1	measurements-api.wonderpush.com	cdn.by.wonderpush.com
1	fonts.googleapis.com	see.elucidatetech.com
1	track-pro.zaitoonmarket.com	1 redirects
69	7

This site contains links to these domains. Also see Links.

Domain
mtp.capitalrtv.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-06-30` - `2021-06-30`	a year	crt.sh
by.wonderpush.com Let's Encrypt Authority X3	`2020-05-30` - `2020-08-28`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-06-30` - `2020-09-22`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-06-30` - `2020-09-22`	3 months	crt.sh
measurements-api.wonderpush.com GTS CA 1D2	`2020-07-03` - `2020-10-01`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://see.elucidatetech.com/htn?fg=ZIJwlWprcWKEmLqxy5qmnnx0Yq-1jqxiaWQ/spam%40fightspam.gc.ca
Frame ID: DB6F6F4A2E286D467281BF0C7ECDE72C
Requests: 64 HTTP requests in this frame

Frame: https://see.elucidatetech.com/wonderpush.min.html
Frame ID: 474A3097282C65AF4A4DB996584E765B
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://track-pro.zaitoonmarket.com/ga/click/2-49829506-2093-440-775-788-169f25e89a-7d20be9acf HTTP 302
https://see.elucidatetech.com/htn?fg=ZIJwlWprcWKEmLqxy5qmnnx0Yq-1jqxiaWQ/spam%40fightspam.gc.ca Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

69
Requests

100 %
HTTPS

86 %
IPv6

6
Domains

7
Subdomains

6
IPs

3
Countries

1848 kB
Transfer

2639 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://mtp.capitalrtv.com/o1d?qr=ZIJwlWprcWKEmLqxy5qmnnx0Yq-1jqxiaWQ/aX5xkA/spam@fightspam.gc.ca

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://track-pro.zaitoonmarket.com/ga/click/2-49829506-2093-440-775-788-169f25e89a-7d20be9acf HTTP 302
https://see.elucidatetech.com/htn?fg=ZIJwlWprcWKEmLqxy5qmnnx0Yq-1jqxiaWQ/spam%40fightspam.gc.ca Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

69 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request htn Show response
see.elucidatetech.com/
Redirect Chain

http://track-pro.zaitoonmarket.com/ga/click/2-49829506-2093-440-775-788-169f25e89a-7d20be9acf
https://see.elucidatetech.com/htn?fg=ZIJwlWprcWKEmLqxy5qmnnx0Yq-1jqxiaWQ/spam%40fightspam.gc.ca

57 KB
12 KB

959ms
905ms

Document
text/html

2606:4700:3032::ac43:86b0
CLOUDFLARENET

General

see.elucidatetech.com Open in urlscan Pro 2606:4700:3032::ac43:86b0 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

69 Requests

100 %HTTPS

86 %IPv6

6 Domains

7 Subdomains

6 IPs

3 Countries

1848 kBTransfer

2639 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

69 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

see.elucidatetech.com Open in urlscan Pro
2606:4700:3032::ac43:86b0 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

69
Requests

100 %
HTTPS

86 %
IPv6

6
Domains

7
Subdomains

6
IPs

3
Countries

1848 kB
Transfer

2639 kB
Size

1
Cookies

69 HTTP transactions
0 data transactions