ummamiexpress.com Open in urlscan Pro
162.241.42.211 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://u17009204.ct.sendgrid.net/ls/click?upn=831j5wIyi4cArqmQwx0V8p-2FIcsByYx3fRP-2FFaaWvpSJVnr50ffsT2xzHE-2BDcVc8ZPmOgE3ZtAcbhr...
Effective URL:
https://ummamiexpress.com/api/vendor/phpunit/phpunit/src/Util/PHP/updat-bg/login.html?link=https://bulbankonline.bg/en-US/...
Submission: On June 25 via api (June 25th 2020, 2:02:59 pm UTC) from US

Summary HTTP 10 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 10 HTTP transactions. The main IP is 162.241.42.211, located in Provo, United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is ummamiexpress.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 31st 2020. Valid for: 3 months.

This is the only time ummamiexpress.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Unicredit (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.89.118.35 167.89.118.35	11377 (SENDGRID) (SENDGRID)
1 2	162.241.42.211 162.241.42.211	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
3	195.68.201.32 195.68.201.32	29080 (BULBANK-AS) (BULBANK-AS)
2	2.16.46.88 2.16.46.88	16625 (AKAMAI-AS) (AKAMAI-AS)
10	4

1 167.89.118.35 (United States) 1 redirects

ASN11377 (SENDGRID, US)
PTR: o16789118x35.outbound-mail.sendgrid.net

u17009204.ct.sendgrid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.241.42.211 (Provo, United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: vpsco.winketing.com

ummamiexpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 195.68.201.32 (Bulgaria)

ASN29080 (BULBANK-AS, BG)

bulbankonline.bg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.16.46.88 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-16-46-88.deploy.static.akamaitechnologies.com

seal.websecurity.norton.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	bulbankonline.bg bulbankonline.bg	585 KB
2	norton.com seal.websecurity.norton.com	458 B
2	ummamiexpress.com 1 redirects ummamiexpress.com	5 KB
1	sendgrid.net 1 redirects u17009204.ct.sendgrid.net	278 B
10	4

	Domain	Requested by
3	bulbankonline.bg	ummamiexpress.com
2	seal.websecurity.norton.com	ummamiexpress.com
2	ummamiexpress.com	1 redirects
1	u17009204.ct.sendgrid.net	1 redirects
10	4

This site contains links to these domains. Also see Links.

Domain
online.bulbank.bg
www.unicreditbulbank.bg

Subject Issuer	Validity	Valid
ummamiexpress.com cPanel, Inc. Certification Authority	`2020-05-31` - `2020-08-29`	3 months	crt.sh
bulbankonline.bg DigiCert SHA2 Extended Validation Server CA	`2019-08-26` - `2021-08-25`	2 years	crt.sh
seal.websecurity.norton.com DigiCert SHA2 Extended Validation Server CA	`2020-03-23` - `2022-04-03`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://ummamiexpress.com/api/vendor/phpunit/phpunit/src/Util/PHP/updat-bg/login.html?link=https://bulbankonline.bg/en-US/none/Login/Index?s=598
Frame ID: 7BAD8E54B48636DC820C6BC3FA583258
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://u17009204.ct.sendgrid.net/ls/click?upn=831j5wIyi4cArqmQwx0V8p-2FIcsByYx3fRP-2FFaaWvpSJVnr50ffsT2xzHE-2... HTTP 302
https://ummamiexpress.com/api/vendor/phpunit/phpunit/src/Util/PHP/updat-bg/ HTTP 302
https://ummamiexpress.com/api/vendor/phpunit/phpunit/src/Util/PHP/updat-bg/login.html?link=https://bul... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

10
Requests

60 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

591 kB
Transfer

952 kB
Size

0
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://online.bulbank.bg/docs/BBO_security_recommendation_EN.pdf
Title: Recommendations for safe use of alternative channels of banking

Search URL Search Domain Scan URL

URL: https://www.unicreditbulbank.bg/en/legal-information/cookies-policy/
Title: Cookies policy

Search URL Search Domain Scan URL

URL: https://www.unicreditbulbank.bg/en/tariffs-and-general-terms/tariffs-terms-individuals/#electronic-services
Title: Bulbank Online General Conditions

Search URL Search Domain Scan URL

URL: https://online.bulbank.bg/docs/Account_types_and_possibilities_for_subscription_and_operations_EN.pdf
Title: Account types and possibilities for subscription and operations in Bulbank Online

Search URL Search Domain Scan URL

URL: https://online.bulbank.bg/docs/Online_Corporate_Request_EN.pdf
Title: Bulbank Online Application Form - corporate customers

Search URL Search Domain Scan URL

URL: https://online.bulbank.bg/docs/request-new%20username%20and%20password_EN.pdf
Title: Request for new username and password

Search URL Search Domain Scan URL

URL: https://online.bulbank.bg/docs/request-deregistration%20QES%20or%20cancelation%20certificate_EN.pdf
Title: Request for QES deregistration or certificate cancelation

Search URL Search Domain Scan URL

URL: https://www.unicreditbulbank.bg/en/legal-information/confidentiality/
Title: Confidentiality

Search URL Search Domain Scan URL

URL: https://www.unicreditbulbank.bg/en/legal-information/rights-use/
Title: Rights of use

Search URL Search Domain Scan URL

URL: https://online.bulbank.bg/docs/FAQ_EN.pdf
Title: FAQ

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://u17009204.ct.sendgrid.net/ls/click?upn=831j5wIyi4cArqmQwx0V8p-2FIcsByYx3fRP-2FFaaWvpSJVnr50ffsT2xzHE-2BDcVc8ZPmOgE3ZtAcbhrBCVhZ-2Biw3Pu8AlJ8G0rBpmf4oiEPrOwv3EQaEyTfAd0e7oCUOGJIcI__4zVTG4uK7iUdmysmRdRbrvWqVBPK5mgok2ZdngeXXKOAHd-2FgzOrSZfQ553lkag7ht0LkUhG5-2FVsVGHuX4bRNV4pyz5olIK2Nl4oWrWI5M-2FTL44yQ70Nvm4-2BzV-2BzfEHLMcZq8IEffQoxIMTHYhIHBMjZ80sA3-2Bw1bTMm7P5o0bq3J98nejf-2BkMsDb87SYbLJEfeObx57HAyqu0BWN-2BRgFUn9qB6PXBePHBiTX2X7Xf0E-3D HTTP 302
https://ummamiexpress.com/api/vendor/phpunit/phpunit/src/Util/PHP/updat-bg/ HTTP 302
https://ummamiexpress.com/api/vendor/phpunit/phpunit/src/Util/PHP/updat-bg/login.html?link=https://bulbankonline.bg/en-US/none/Login/Index?s=598 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request login.html Show response
ummamiexpress.com/api/vendor/phpunit/phpunit/src/Util/PHP/updat-bg/
Redirect Chain

https://u17009204.ct.sendgrid.net/ls/click?upn=831j5wIyi4cArqmQwx0V8p-2FIcsByYx3fRP-2FFaaWvpSJVnr50ffsT2xzHE-2BDcVc8ZPmOgE3ZtAcbhrBCVhZ-2Biw3Pu8AlJ8G0rBpmf4oiEPrOwv3EQaEyTfAd0e7oCUOGJIcI__4zVTG4uK7...
https://ummamiexpress.com/api/vendor/phpunit/phpunit/src/Util/PHP/updat-bg/
https://ummamiexpress.com/api/vendor/phpunit/phpunit/src/Util/PHP/updat-bg/login.html?link=https://bulbankonline.bg/en-US/none/Login/Index?s=598

24 KB
5 KB

181ms
173ms

Document
text/html

162.241.42.211
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://ummamiexpress.com/api/vendor/phpunit/phpunit/src/Util/PHP/updat-bg/login.html?link=https://bulbankonline.bg/en-US/none/Login/Index?s=598

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

162.241.42.211 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),

Reverse DNS

vpsco.winketing.com

Software

Apache /

Resource Hash

4eb09a51a556a15dcdd4423c223c4a8d0d6430cf9336fca4984a3654328c974f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Host: ummamiexpress.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 25 Jun 2020 14:06:21 GMT
Server: Apache
Last-Modified: Mon, 22 Jun 2020 14:32:11 GMT
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Thu, 25 Jun 2020 14:06:21 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-UA-Compatible: IE=edge
X-Content-Type-Options: nosniff
Content-Length: 4695
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

Redirect headers

Date: Thu, 25 Jun 2020 14:06:13 GMT
Server: Apache
Location: login.html?link=https://bulbankonline.bg/en-US/none/Login/Index?s=598
Cache-Control: max-age=0
Expires: Thu, 25 Jun 2020 14:06:13 GMT
X-UA-Compatible: IE=edge
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK style.min.css
bulbankonline.bg//Content/css/ 421 KB
77 KB 602ms
108ms Stylesheet
text/css 195.68.201.32
BULBANK-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://bulbankonline.bg//Content/css/style.min.css

Requested by

Host: ummamiexpress.com
URL: https://ummamiexpress.com/api/vendor/phpunit/phpunit/src/Util/PHP/updat-bg/login.html?link=https://bulbankonline.bg/en-US/none/Login/Index?s=598

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

195.68.201.32 , Bulgaria, ASN29080 (BULBANK-AS, BG),

Reverse DNS

Software

Resource Hash

5ea0d9dbd04e1e9d895c49545da879f5520a1c9b41ceaa9cd991482ffe2f1c76

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://seal.websecurity.norton.com; img-src 'self' https://seal.websecurity.norton.com https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com
X-Frame-Options	sameorigin

Request headers

Referer: https://ummamiexpress.com/api/vendor/phpunit/phpunit/src/Util/PHP/updat-bg/login.html?link=https://bulbankonline.bg/en-US/none/Login/Index?s=598
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://seal.websecurity.norton.com; img-src 'self' https://seal.websecurity.norton.com https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com
Content-Encoding: gzip
Last-Modified: Mon, 15 Jun 2020 11:23:25 GMT
ETag: "38caa462743d61:0"
ntCoent-Length: 431008
X-Frame-Options: sameorigin
Content-Type: text/css
Cache-Control: max-age=28800, must-revalidate
Date: Thu, 25 Jun 2020 14:02:40 GMT
Accept-Ranges: bytes
Transfer-Encoding: chunked

GET
H/1.1 200
OK getseal Show response
seal.websecurity.norton.com/ 13 B
217 B 236ms
92ms Script
text/javascript 2.16.46.88
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://seal.websecurity.norton.com/getseal?host_name=bulbankonline.bg&size=M&use_flash=YES&use_%0Atransparent=YES&lang=en
Requested by: Host: ummamiexpress.com
URL: https://ummamiexpress.com/api/vendor/phpunit/phpunit/src/Util/PHP/updat-bg/login.html?link=https://bulbankonline.bg/en-US/none/Login/Index?s=598
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.16.46.88 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-16-46-88.deploy.static.akamaitechnologies.com
Software: nginx/1.14.2 /
Resource Hash: bb807cd3b9903a753407ec9d82c403490bad87e9b707458b7d0e7f165277cd2c

Request headers

Referer: https://ummamiexpress.com/api/vendor/phpunit/phpunit/src/Util/PHP/updat-bg/login.html?link=https://bulbankonline.bg/en-US/none/Login/Index?s=598
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 25 Jun 2020 14:02:41 GMT
Cache-Control: must-revalidate, max-age=0
Server: nginx/1.14.2
Connection: keep-alive
ETag
Content-Length: 13
Content-Type: text/javascript

GET
H/1.1 200
OK getseal
seal.websecurity.norton.com/ 43 B
241 B 224ms
80ms Image
image/gif 2.16.46.88
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://seal.websecurity.norton.com/getseal?at=0&sealid=1&dn=bulbankonline.bg&lang=en&tpt=transparent
Requested by: Host: ummamiexpress.com
URL: https://ummamiexpress.com/api/vendor/phpunit/phpunit/src/Util/PHP/updat-bg/login.html?link=https://bulbankonline.bg/en-US/none/Login/Index?s=598
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.16.46.88 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-16-46-88.deploy.static.akamaitechnologies.com
Software: nginx/1.14.2 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://ummamiexpress.com/api/vendor/phpunit/phpunit/src/Util/PHP/updat-bg/login.html?link=https://bulbankonline.bg/en-US/none/Login/Index?s=598
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 25 Jun 2020 14:02:41 GMT
Cache-Control: must-revalidate, max-age=0
Server: nginx/1.14.2
Connection: keep-alive
ETag
Content-Length: 43
Content-Type: image/gif

GET
H/1.1 200
OK unicredit-bulbank-logo.svg
bulbankonline.bg/Content/img/ 6 KB
7 KB 91ms
90ms Image
image/svg+xml 195.68.201.32
BULBANK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bulbankonline.bg/Content/img/unicredit-bulbank-logo.svg

Requested by

Host: ummamiexpress.com
URL: https://ummamiexpress.com/api/vendor/phpunit/phpunit/src/Util/PHP/updat-bg/login.html?link=https://bulbankonline.bg/en-US/none/Login/Index?s=598

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

195.68.201.32 , Bulgaria, ASN29080 (BULBANK-AS, BG),

Reverse DNS

Software

Resource Hash

51441f51f8fb9a7a820cbd086c4b8ec1fedfca249e1f04c1661bc499d4ad2296

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://seal.websecurity.norton.com; img-src 'self' https://seal.websecurity.norton.com https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com
X-Frame-Options	sameorigin

Request headers

Referer: https://bulbankonline.bg//Content/css/style.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://seal.websecurity.norton.com; img-src 'self' https://seal.websecurity.norton.com https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com
Last-Modified: Mon, 15 Jun 2020 11:04:05 GMT
ETag: "977e3daf443d61:0"
X-Frame-Options: sameorigin
Content-Type: image/svg+xml
Cache-Control: max-age=86400, must-revalidate
Date: Thu, 25 Jun 2020 14:02:41 GMT
Accept-Ranges: bytes
Content-Length: 6337

GET
H/1.1 200
OK bg-login.jpg
bulbankonline.bg/Content/img/ 501 KB
502 KB 185ms
94ms Image
image/jpeg 195.68.201.32
BULBANK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bulbankonline.bg/Content/img/bg-login.jpg

Requested by

Host: ummamiexpress.com
URL: https://ummamiexpress.com/api/vendor/phpunit/phpunit/src/Util/PHP/updat-bg/login.html?link=https://bulbankonline.bg/en-US/none/Login/Index?s=598

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

195.68.201.32 , Bulgaria, ASN29080 (BULBANK-AS, BG),

Reverse DNS

Software

Resource Hash

2341d64aadfd89d9d21788c4e5c309e83209bd6406b167f7181050d77add46cd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://seal.websecurity.norton.com; img-src 'self' https://seal.websecurity.norton.com https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com
X-Frame-Options	sameorigin

Request headers

Referer: https://bulbankonline.bg//Content/css/style.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://seal.websecurity.norton.com; img-src 'self' https://seal.websecurity.norton.com https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com
Last-Modified: Fri, 03 Apr 2020 09:31:21 GMT
ETag: "7c53bca29a9d61:0"
X-Frame-Options: sameorigin
Content-Type: image/jpeg
Cache-Control: max-age=86400, must-revalidate
Date: Thu, 25 Jun 2020 14:02:41 GMT
Accept-Ranges: bytes
Content-Length: 513298

GET Material-Design-Iconic-Font.woff2
bulbankonline.bg//Content/icons/ 0
0

GET UniCredit%20CY-Regular.ttf
bulbankonline.bg/Content/fonts/UniCreditCY/ 0
0

GET Material-Design-Iconic-Font.woff
bulbankonline.bg//Content/icons/ 0
0

GET Material-Design-Iconic-Font.ttf
bulbankonline.bg//Content/icons/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: bulbankonline.bg
URL: https://bulbankonline.bg//Content/icons/Material-Design-Iconic-Font.woff2?v=2.2.0

Domain: bulbankonline.bg
URL: https://bulbankonline.bg/Content/fonts/UniCreditCY/UniCredit%20CY-Regular.ttf

Domain: bulbankonline.bg
URL: https://bulbankonline.bg//Content/icons/Material-Design-Iconic-Font.woff?v=2.2.0

Domain: bulbankonline.bg
URL: https://bulbankonline.bg//Content/icons/Material-Design-Iconic-Font.ttf?v=2.2.0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Unicredit (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bulbankonline.bg
seal.websecurity.norton.com
u17009204.ct.sendgrid.net
ummamiexpress.com
bulbankonline.bg
162.241.42.211
167.89.118.35
195.68.201.32
2.16.46.88
2341d64aadfd89d9d21788c4e5c309e83209bd6406b167f7181050d77add46cd
4eb09a51a556a15dcdd4423c223c4a8d0d6430cf9336fca4984a3654328c974f
51441f51f8fb9a7a820cbd086c4b8ec1fedfca249e1f04c1661bc499d4ad2296
5ea0d9dbd04e1e9d895c49545da879f5520a1c9b41ceaa9cd991482ffe2f1c76
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
bb807cd3b9903a753407ec9d82c403490bad87e9b707458b7d0e7f165277cd2c

ummamiexpress.com Open in urlscan Pro 162.241.42.211 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

60 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

591 kBTransfer

952 kBSize

0 Cookies

10 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

ummamiexpress.com Open in urlscan Pro
162.241.42.211 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

60 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

591 kB
Transfer

952 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!