![](/screenshots/c0546cf6-97c8-49b4-8190-5e57354d0230.png)
madbrush.ae
Open in
urlscan Pro
216.194.164.209
Malicious Activity!
Public Scan
Submission: On July 07 via manual from AE — Scanned from DE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on April 26th 2023. Valid for: 3 months.
This is the only time madbrush.ae was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Web.de (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 216.194.164.209 216.194.164.209 | 22611 (INMOTION) (INMOTION) | |
2 | 23.35.236.165 23.35.236.165 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
12 | 2 |
ASN22611 (INMOTION, US)
PTR: ded4012.inmotionhosting.com
madbrush.ae |
ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-165.deploy.static.akamaitechnologies.com
img.ui-portal.de |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
madbrush.ae
madbrush.ae |
292 KB |
2 |
ui-portal.de
img.ui-portal.de — Cisco Umbrella Rank: 20728 |
36 KB |
12 | 2 |
Domain | Requested by | |
---|---|---|
10 | madbrush.ae |
madbrush.ae
|
2 | img.ui-portal.de |
madbrush.ae
|
12 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
madbrush.ae cPanel, Inc. Certification Authority |
2023-04-26 - 2023-07-25 |
3 months | crt.sh |
img.ui-portal.de GeoTrust RSA CA 2018 |
2023-05-27 - 2024-05-29 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://madbrush.ae/?email=undefined
Frame ID: A61A1123A8FA6C480E8064702DEC800C
Requests: 12 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
madbrush.ae/ |
6 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.4.1-ver-220AFD743D9E9643852E31A135A9F3AE.js.download
madbrush.ae/ |
86 KB 86 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tcf-api.js.download
madbrush.ae/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tracklib.poly.min.js.download
madbrush.ae/ |
51 KB 52 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
90496.js.download
madbrush.ae/ |
28 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wicket-ajax-jquery-ver-3A8C326A8436172FC95523D517EBC88B.js.download
madbrush.ae/ |
43 KB 43 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
4006.js.download
madbrush.ae/ |
28 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
uni_main-ver-2F06E2EA6A77BCF71A9F481935549BAC.js.download
madbrush.ae/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
uni-ver-F48D7E3FA01D857E0F31A9DDBEEB4BF4.css
madbrush.ae/ |
47 KB 47 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
weblogo.png
madbrush.ae/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web.de-sans-light.woff
img.ui-portal.de/ci/webde/global/fonts/web.de-sans/ |
18 KB 18 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web.de-sans-medium.woff
img.ui-portal.de/ci/webde/global/fonts/web.de-sans/ |
18 KB 18 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Web.de (Online)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend function| $ function| jQuery object| __core-js_shared__ object| core function| TrackLib object| NSfTIF string| szmvars object| iom string| gtmId object| Wicket0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
img.ui-portal.de
madbrush.ae
216.194.164.209
23.35.236.165
01e773facc13e915276219573795dcf3f2a0fe00fca0841af95b21769872ff48
02f13374c089384098c4c0359e09967e2a136d78f4abf61fc32b81a659f0c43f
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
42bc50e6d6a0a054f02487d5e284f5de3a8299cf8e3b182e9dca83072244bb58
54477e08b67d141ecf9efb74d9a9a2fd9be9946aa09a01146c7150f666edfefa
7676e0d97793004054c4ec3e7cbd2d98c52fabc90479b7e3d5cfbb62f4e7a5af
7da6944b5991ca199dfa7c46b1a9fe778132d2cbe993a395976e9abbefe0ef6a
814d708ae7117c643892517043641d0802ae58402b8eacab4b52084321fc9ec4
be2cabde6c68a36dfff252bb391dee1648210318908119d3933353d5b06abfb9
c289bc1dad2d9f0ea8203e78cb8340c44ce7f00127a2892d745cb159467ecbb4