ullensleap.org
Open in
urlscan Pro
107.6.182.126
Malicious Activity!
Public Scan
Effective URL: https://ullensleap.org/df/641b9a4c3023d
Submission: On March 23 via manual from PK — Scanned from NL
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 18th 2023. Valid for: 3 months.
This is the only time ullensleap.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 11 | 107.6.182.126 107.6.182.126 | 32475 (SINGLEHOP...) (SINGLEHOP-LLC) | |
10 | 1 |
ASN32475 (SINGLEHOP-LLC, US)
PTR: vm719.tmdcloud.eu
ullensleap.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
ullensleap.org
1 redirects
ullensleap.org |
277 KB |
10 | 1 |
Domain | Requested by | |
---|---|---|
11 | ullensleap.org |
1 redirects
ullensleap.org
|
10 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ullensleap.org cPanel, Inc. Certification Authority |
2023-02-18 - 2023-05-19 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ullensleap.org/df/641b9a4c3023d
Frame ID: 7AEB7AE458B49789EE5E84503079A1B4
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
fGpmAZKu8pi5CCvYyd9gE7Nlpl54483PNQPqRp8GBfDXWPage URL History Show full URLs
-
https://ullensleap.org/df/
HTTP 302
https://ullensleap.org/df/641b9a4c3023d Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://ullensleap.org/df/
HTTP 302
https://ullensleap.org/df/641b9a4c3023d Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
641b9a4c3023d
ullensleap.org/df/ Redirect Chain
|
35 KB 36 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3pnG7J7KxFKKHlMZoxeXQdXMT
ullensleap.org/df/APP-4KHCOP/ |
91 KB 91 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ztykeSxYPhCoflgLzSO8JIGay
ullensleap.org/df/o/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jzpc7fhpvgnbjdxps78dsu02b
ullensleap.org/df/e/ |
515 B 546 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SYCbtgGL0VORyTgyRW5j76u0n2InMi6KwQgWTMta
ullensleap.org/df/o/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sig-op.svg
ullensleap.org/df/img/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ukF4gImehzKZQ1uDXxAJu70Ru
ullensleap.org/df/jq/ |
84 KB 84 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cb1RHpFiX4f6gpyrj6OEIuPsN
ullensleap.org/df/boot/ |
50 KB 50 KB |
Script
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ymSKDQxXmcZX8HbKE2iQqbWkx
ullensleap.org/df/js/ |
5 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
L6aLN3um0eVBwY0UiPBt1K9TL
ullensleap.org/df/x/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery object| bootstrap1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ullensleap.org/ | Name: PHPSESSID Value: a341fd58416b2ec3654636fddf5ed385 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ullensleap.org
107.6.182.126
1fd400fcb0fc7fc743aee597a92f2e74e8c09a0446bde940897404681437b20c
4f3faeec469294b610f6ca82aa1cc2b3368fd56611b31c551c2ee224feadb411
6bdc8c185127736e5944fdee2d4e291585742eecdc9305c9149491f4dc9782c3
85fd7d6d191b89b6227ede1a8c8a612ecd0449149c5cf2aecfe1084dd6e95681
8e09aa31f396ea41d698f437dc5fc7125e931d400eb2873f5b68ef78c1e6f3a6
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
c7fb17ccabff7654268768534205421404a37d1092add5c0139223221b8c4d7b
de61ae21a091af44b3f96d0695b7af9810d321859cb4425d330075c0ca6dae81
e11cdd3726c97e9fc440c1f104c44ff05ac94fdbccefd5448d64c140a765ef31