ullensleap.org Open in urlscan Pro
107.6.182.126 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ullensleap.org/df/
Effective URL:
https://ullensleap.org/df/641b9a4c3023d
Submission: On March 23 via manual (March 23rd 2023, 12:16:17 am UTC) from PK — Scanned from NL

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 107.6.182.126, located in Amsterdam, Netherlands and belongs to SINGLEHOP-LLC, US. The main domain is ullensleap.org.
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 18th 2023. Valid for: 3 months.

This is the only time ullensleap.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address		AS Autonomous System
1 11	107.6.182.126 107.6.182.126		32475 (SINGLEHOP...) (SINGLEHOP-LLC)
10	1

11 107.6.182.126 (Amsterdam, Netherlands) 1 redirects

ASN32475 (SINGLEHOP-LLC, US)
PTR: vm719.tmdcloud.eu

ullensleap.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	ullensleap.org 1 redirects ullensleap.org	277 KB
10	1

	Domain	Requested by
11	ullensleap.org	1 redirects ullensleap.org
10	1

This site contains no links.

Subject Issuer	Validity	Valid
ullensleap.org cPanel, Inc. Certification Authority	`2023-02-18` - `2023-05-19`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ullensleap.org/df/641b9a4c3023d
Frame ID: 7AEB7AE458B49789EE5E84503079A1B4
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

fGpmAZKu8pi5CCvYyd9gE7Nlpl54483PNQPqRp8GBfDXW

Page URL History Show full URLs

https://ullensleap.org/df/ HTTP 302
https://ullensleap.org/df/641b9a4c3023d Page URL

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

277 kB
Transfer

276 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ullensleap.org/df/ HTTP 302
https://ullensleap.org/df/641b9a4c3023d Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request 641b9a4c3023d Show response ullensleap.org/df/ Redirect Chain https://ullensleap.org/df/ https://ullensleap.org/df/641b9a4c3023d	35 KB 36 KB	104ms 104ms	Document text/html	107.6.182.126 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Full URL https://ullensleap.org/df/641b9a4c3023d Protocol H2 Security TLS 1.3, , AES_128_GCM Server 107.6.182.126 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS vm719.tmdcloud.eu Software Apache / Resource Hash `1fd400fcb0fc7fc743aee597a92f2e74e8c09a0446bde940897404681437b20c` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate content-type text/html; charset=UTF-8 date Thu, 23 Mar 2023 00:16:12 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server Apache Redirect headers cache-control no-store, no-cache, must-revalidate content-type text/html; charset=UTF-8 date Thu, 23 Mar 2023 00:16:12 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location 641b9a4c3023d pragma no-cache server Apache
GET H2	200	3pnG7J7KxFKKHlMZoxeXQdXMT ullensleap.org/df/APP-4KHCOP/	91 KB 91 KB	173ms 172ms	Stylesheet text/css	107.6.182.126 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Full URL https://ullensleap.org/df/APP-4KHCOP/3pnG7J7KxFKKHlMZoxeXQdXMT Requested by Host: ullensleap.org URL: https://ullensleap.org/df/641b9a4c3023d Protocol H2 Security TLS 1.3, , AES_128_GCM Server 107.6.182.126 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS vm719.tmdcloud.eu Software Apache / Resource Hash `6bdc8c185127736e5944fdee2d4e291585742eecdc9305c9149491f4dc9782c3` Request headers accept-language nl-NL,nl;q=0.9 Referer https://ullensleap.org/df/641b9a4c3023d User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers content-type text/css;charset=UTF-8 date Thu, 23 Mar 2023 00:16:12 GMT server Apache
GET H2	200	ztykeSxYPhCoflgLzSO8JIGay ullensleap.org/df/o/	4 KB 4 KB	210ms 209ms	Image image/svg+xml	107.6.182.126 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL https://ullensleap.org/df/o/ztykeSxYPhCoflgLzSO8JIGay Requested by Host: ullensleap.org URL: https://ullensleap.org/df/641b9a4c3023d Protocol H2 Security TLS 1.3, , AES_128_GCM Server 107.6.182.126 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS vm719.tmdcloud.eu Software Apache / Resource Hash `e11cdd3726c97e9fc440c1f104c44ff05ac94fdbccefd5448d64c140a765ef31` Request headers accept-language nl-NL,nl;q=0.9 Referer https://ullensleap.org/df/641b9a4c3023d User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers content-type image/svg+xml date Thu, 23 Mar 2023 00:16:12 GMT server Apache
GET H2	200	jzpc7fhpvgnbjdxps78dsu02b ullensleap.org/df/e/	515 B 546 B	203ms 202ms	Image image/svg+xml	107.6.182.126 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL https://ullensleap.org/df/e/jzpc7fhpvgnbjdxps78dsu02b Requested by Host: ullensleap.org URL: https://ullensleap.org/df/641b9a4c3023d Protocol H2 Security TLS 1.3, , AES_128_GCM Server 107.6.182.126 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS vm719.tmdcloud.eu Software Apache / Resource Hash `85fd7d6d191b89b6227ede1a8c8a612ecd0449149c5cf2aecfe1084dd6e95681` Request headers accept-language nl-NL,nl;q=0.9 Referer https://ullensleap.org/df/641b9a4c3023d User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers content-type image/svg+xml date Thu, 23 Mar 2023 00:16:12 GMT server Apache
GET H2	200	SYCbtgGL0VORyTgyRW5j76u0n2InMi6KwQgWTMta ullensleap.org/df/o/	4 KB 4 KB	193ms 192ms	Image image/svg+xml	107.6.182.126 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL https://ullensleap.org/df/o/SYCbtgGL0VORyTgyRW5j76u0n2InMi6KwQgWTMta Requested by Host: ullensleap.org URL: https://ullensleap.org/df/641b9a4c3023d Protocol H2 Security TLS 1.3, , AES_128_GCM Server 107.6.182.126 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS vm719.tmdcloud.eu Software Apache / Resource Hash `e11cdd3726c97e9fc440c1f104c44ff05ac94fdbccefd5448d64c140a765ef31` Request headers accept-language nl-NL,nl;q=0.9 Referer https://ullensleap.org/df/641b9a4c3023d User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers content-type image/svg+xml date Thu, 23 Mar 2023 00:16:12 GMT server Apache
GET H2	200	sig-op.svg ullensleap.org/df/img/	2 KB 2 KB	33ms 32ms	Image image/svg+xml	107.6.182.126 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL https://ullensleap.org/df/img/sig-op.svg Requested by Host: ullensleap.org URL: https://ullensleap.org/df/641b9a4c3023d Protocol H2 Security TLS 1.3, , AES_128_GCM Server 107.6.182.126 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS vm719.tmdcloud.eu Software Apache / Resource Hash `8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93` Request headers accept-language nl-NL,nl;q=0.9 Referer https://ullensleap.org/df/641b9a4c3023d User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Thu, 23 Mar 2023 00:16:12 GMT last-modified Thu, 23 Mar 2023 00:14:17 GMT server Apache accept-ranges bytes content-length 1592 content-type image/svg+xml
GET H2	200	ukF4gImehzKZQ1uDXxAJu70Ru Show response ullensleap.org/df/jq/	84 KB 84 KB	212ms 210ms	Script text/javascript	107.6.182.126 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Full URL https://ullensleap.org/df/jq/ukF4gImehzKZQ1uDXxAJu70Ru Requested by Host: ullensleap.org URL: https://ullensleap.org/df/641b9a4c3023d Protocol H2 Security TLS 1.3, , AES_128_GCM Server 107.6.182.126 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS vm719.tmdcloud.eu Software Apache / Resource Hash `8e09aa31f396ea41d698f437dc5fc7125e931d400eb2873f5b68ef78c1e6f3a6` Request headers accept-language nl-NL,nl;q=0.9 Referer https://ullensleap.org/df/641b9a4c3023d User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers content-type text/javascript;charset=UTF-8 date Thu, 23 Mar 2023 00:16:12 GMT server Apache
GET H2	200	cb1RHpFiX4f6gpyrj6OEIuPsN Show response ullensleap.org/df/boot/	50 KB 50 KB	143ms 141ms	Script text/css	107.6.182.126 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Full URL https://ullensleap.org/df/boot/cb1RHpFiX4f6gpyrj6OEIuPsN Requested by Host: ullensleap.org URL: https://ullensleap.org/df/641b9a4c3023d Protocol H2 Security TLS 1.3, , AES_128_GCM Server 107.6.182.126 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS vm719.tmdcloud.eu Software Apache / Resource Hash `4f3faeec469294b610f6ca82aa1cc2b3368fd56611b31c551c2ee224feadb411` Request headers accept-language nl-NL,nl;q=0.9 Referer https://ullensleap.org/df/641b9a4c3023d User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers content-type text/css;charset=UTF-8 date Thu, 23 Mar 2023 00:16:12 GMT server Apache
GET H2	200	ymSKDQxXmcZX8HbKE2iQqbWkx Show response ullensleap.org/df/js/	5 KB 5 KB	178ms 177ms	Script text/javascript	107.6.182.126 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Full URL https://ullensleap.org/df/js/ymSKDQxXmcZX8HbKE2iQqbWkx Requested by Host: ullensleap.org URL: https://ullensleap.org/df/641b9a4c3023d Protocol H2 Security TLS 1.3, , AES_128_GCM Server 107.6.182.126 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS vm719.tmdcloud.eu Software Apache / Resource Hash `c7fb17ccabff7654268768534205421404a37d1092add5c0139223221b8c4d7b` Request headers accept-language nl-NL,nl;q=0.9 Referer https://ullensleap.org/df/641b9a4c3023d User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers content-type text/javascript;charset=UTF-8 date Thu, 23 Mar 2023 00:16:12 GMT server Apache
GET H2	200	L6aLN3um0eVBwY0UiPBt1K9TL ullensleap.org/df/x/	2 KB 2 KB	110ms 110ms	Image image/svg+xml	107.6.182.126 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL https://ullensleap.org/df/x/L6aLN3um0eVBwY0UiPBt1K9TL Requested by Host: ullensleap.org URL: https://ullensleap.org/df/641b9a4c3023d Protocol H2 Security TLS 1.3, , AES_128_GCM Server 107.6.182.126 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS vm719.tmdcloud.eu Software Apache / Resource Hash `de61ae21a091af44b3f96d0695b7af9810d321859cb4425d330075c0ca6dae81` Request headers accept-language nl-NL,nl;q=0.9 Referer https://ullensleap.org/df/641b9a4c3023d User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers content-type image/svg+xml date Thu, 23 Mar 2023 00:16:12 GMT server Apache

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| $ function| jQuery object| bootstrap

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			ullensleap.org/	1969-12-31 23:59:59	Name: PHPSESSID Value: a341fd58416b2ec3654636fddf5ed385

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ullensleap.org
107.6.182.126
1fd400fcb0fc7fc743aee597a92f2e74e8c09a0446bde940897404681437b20c
4f3faeec469294b610f6ca82aa1cc2b3368fd56611b31c551c2ee224feadb411
6bdc8c185127736e5944fdee2d4e291585742eecdc9305c9149491f4dc9782c3
85fd7d6d191b89b6227ede1a8c8a612ecd0449149c5cf2aecfe1084dd6e95681
8e09aa31f396ea41d698f437dc5fc7125e931d400eb2873f5b68ef78c1e6f3a6
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
c7fb17ccabff7654268768534205421404a37d1092add5c0139223221b8c4d7b
de61ae21a091af44b3f96d0695b7af9810d321859cb4425d330075c0ca6dae81
e11cdd3726c97e9fc440c1f104c44ff05ac94fdbccefd5448d64c140a765ef31

ullensleap.org Open in urlscan Pro 107.6.182.126 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

277 kBTransfer

276 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

Indicators

ullensleap.org Open in urlscan Pro
107.6.182.126 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

277 kB
Transfer

276 kB
Size

1
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!