sendmemyitem.ultra-brain.com
Open in
urlscan Pro
2606:4700:3031::ac43:c3eb
Malicious Activity!
Public Scan
Submission: On December 29 via manual from IN — Scanned from DE
Summary
TLS certificate: Issued by E1 on December 18th 2022. Valid for: 3 months.
This is the only time sendmemyitem.ultra-brain.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Tracking (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 2606:4700:303... 2606:4700:3031::ac43:c3eb | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2600:9000:206... 2600:9000:206f:b200:d:1314:c600:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:82b::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700:10:... 2606:4700:10::6816:2156 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 2a00:1450:400... 2a00:1450:400d:80c::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700::68... 2606:4700::6812:1106 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
18 | 6 |
ASN13335 (CLOUDFLARENET, US)
sendmemyitem.ultra-brain.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
ultra-brain.com
sendmemyitem.ultra-brain.com |
209 KB |
4 |
gstatic.com
fonts.gstatic.com |
32 KB |
2 |
landerlab.io
assets.landerlab.io — Cisco Umbrella Rank: 779194 track.landerlab.io |
10 KB |
1 |
gotrackier.com
verde.gotrackier.com |
1 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 127 |
1018 B |
18 | 5 |
Domain | Requested by | |
---|---|---|
10 | sendmemyitem.ultra-brain.com |
sendmemyitem.ultra-brain.com
|
4 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | track.landerlab.io |
sendmemyitem.ultra-brain.com
|
1 | verde.gotrackier.com |
sendmemyitem.ultra-brain.com
|
1 | fonts.googleapis.com |
sendmemyitem.ultra-brain.com
|
1 | assets.landerlab.io |
sendmemyitem.ultra-brain.com
|
18 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.ultra-brain.com E1 |
2022-12-18 - 2023-03-18 |
3 months | crt.sh |
*.landerlab.io Amazon |
2022-07-28 - 2023-08-26 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-11-28 - 2023-02-20 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-05-11 - 2023-05-11 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-11-28 - 2023-02-20 |
3 months | crt.sh |
landerlab.io Cloudflare Inc ECC CA-3 |
2022-05-07 - 2023-05-07 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://sendmemyitem.ultra-brain.com/it/index.html
Frame ID: DC9C2A8318C7AE00A7B6C9D390558732
Requests: 18 HTTP requests in this frame
Screenshot
Detected technologies
Google Font API (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.html
sendmemyitem.ultra-brain.com/it/ |
12 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
base.css
assets.landerlab.io/ |
9 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
4 KB 1018 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
us%2Fcss%2Fstyles.css
sendmemyitem.ultra-brain.com/ |
20 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
us%2Fjs%2Flib%2Fmodernizr.js
sendmemyitem.ultra-brain.com/ |
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
us%2Fjs%2Flib%2Fjquery-3.3.1.min.js
sendmemyitem.ultra-brain.com/ |
85 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
us%2Fjs%2Fsvg4everybody.min.js
sendmemyitem.ultra-brain.com/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
us%2Fjs%2Finit.js
sendmemyitem.ultra-brain.com/ |
2 KB 935 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
us%2Fjs%2Fscript.js
sendmemyitem.ultra-brain.com/ |
466 B 747 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
us%2Fimages%2Flogo-IPS.png
sendmemyitem.ultra-brain.com/ |
156 KB 156 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
us%2Fimages%2Ficon-box.svg
sendmemyitem.ultra-brain.com/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
prelander.js
verde.gotrackier.com/js/ |
949 B 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icons.svg
sendmemyitem.ultra-brain.com/it/icons/ |
7 KB 3 KB |
Other
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
606dc316bd12e800113ca177
track.landerlab.io/p/ |
0 650 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Tracking (Transportation)21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange object| html5 object| Modernizr function| $ function| jQuery function| svg4everybody string| link function| _toConsumableArray function| _nonIterableSpread function| _unsupportedIterableToArray function| _iterableToArray function| _arrayWithoutHoles function| _arrayLikeToArray function| replaceNoScript string| trackignUrl string| lpClickValue string| lpClickParamName string| hrefParamName function| sendBeacon function| reportClick function| updateLinks3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.gotrackier.com/ | Name: __cf_bm Value: bPwYisz3nx3jYAQvlBGAF_8Nbt09tD_FV81Jbw.zi08-1672297400-0-AQUgjFlDeosTjGpmepK6dQtmt6rEqJyxnR1LV5v/PVKLBvWjUPWEheLPp2uyjPwt+8f7urKQ7P56lKh+qGZZrQU= |
|
.track.landerlab.io/ | Name: worker_cookie Value: N4Igdgpg7g+gFgSwC4wQExALhAVgJwBmALAEYEDMAjALRoCGATAdUQGyV3UkPk7V4QADGjY5KAdjqtyIADQgAbggDOyVBmx5WOBgA5ddPNQDGOXURYM6fEsfLNKlQa3HiIrInSJE5ilWqQEAFsIZSQ6IIAHLBAGQQYGakpEhjwAFUFxTEFyTDiAOhwicQAtXyVVJAB7ACd1GOMGCAIcY1ZjalZ6CBY0YxJ+SiJdanE0QV1yXQJTYhl5YwjIugQAczB67FZnPqpWEjRkiF1BQUdyRYlxXzAqtAgYYzgVsCwAbQBdeRUYSCgsAh0AA2yggAF8gA=== |
|
.track.landerlab.io/ | Name: __cf_bm Value: idC0MBBRStxugr_s.ZEW_EHV5h7ndxk5IvcDkd2iMgU-1672297400-0-AbA1NhVZr6b49K1jMQng3ZhV7UNX+CDsrZ11MNKHlkvSjO0jkzuN2SIijv/DypsLOpUv6zEGMiliOB1Cz9Pc0m4= |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.landerlab.io
fonts.googleapis.com
fonts.gstatic.com
sendmemyitem.ultra-brain.com
track.landerlab.io
verde.gotrackier.com
2600:9000:206f:b200:d:1314:c600:93a1
2606:4700:10::6816:2156
2606:4700:3031::ac43:c3eb
2606:4700::6812:1106
2a00:1450:4001:82b::200a
2a00:1450:400d:80c::2003
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
27614fb2f20dc2e3730b48d6880681e750a48ab9bbcb1cfb4d2cf986358427f6
2b3f42346f3e78b95f2df7b412c9f68f75dba129bdd1c7efb5b24064a1d0fde5
35f28836551254787999e7178331c2d58acd50813392aa918d3ac6d8d71b00a5
40e21dfc0a0712e3f12c1673be5cc3883bff3178e4174edf8cb98438b4d90bec
46780f0155e4243738f92b13ab922781184dcb5dc0f71c857df6263e3decbde9
587083c146120fe3e30fc57494020f41bd7c17722a45d7f0f68b42415db9808e
590e2796f2345351966ce7398f8bf3bcbae960f7e0e85a8f25ee77393cbdb69a
62f7ef6281d5e0db3f14298ca3707ee3a9f61d1ee85ac5fa5dade011eafb32e9
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
82f24da560f5bf620073cbda3aa1f1f07270f11ff94a171baf70bdd78768eaa0
8d8c59c2712df25a26ecd01739496e49c3514a9341fa3cd21cfa98627ba6efa2
9137b33ceb0e8b966c5942abeff0ff11670e36afe176b73480fc24e7f214632d
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
aaa4a98000f280d8d1b54f8fb20e8888a59acdffe43bbcca7686b66712453590
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149