accounts-mail.space Open in urlscan Pro
115.126.39.107 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://accounts-mail.space/drive.postmailsecret.com/
Submission: On April 03 via automatic, source openphish (April 3rd 2017, 5:38:28 pm UTC)

Summary HTTP 10 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 10 HTTP transactions. The main IP is 115.126.39.107, located in Hong Kong and belongs to FTG-AS-AP Forewin Telecom Group Limited, ISP at, HK. The main domain is accounts-mail.space.

This is the only time accounts-mail.space was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

	IP Address	AS Autonomous System
5	115.126.39.107 115.126.39.107	38186 (FTG-AS-AP...) (FTG-AS-AP Forewin Telecom Group Limited)
3	2a00:1450:400... 2a00:1450:400c:c06::5e	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	2a00:1450:400... 2a00:1450:400c:c06::11	15169 (GOOGLE) (GOOGLE - Google Inc.)
10	4

5 115.126.39.107 (Hong Kong)

ASN38186 (FTG-AS-AP Forewin Telecom Group Limited, ISP at, HK)

accounts-mail.space	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c06::5e (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

ssl.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::11 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

mail.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	accounts-mail.space accounts-mail.space	60 KB
3	gstatic.com ssl.gstatic.com	7 KB
1	google.com mail.google.com	52 B
0	youtube.com Failed accounts.youtube.com Failed
10	4

	Domain	Requested by
5	accounts-mail.space	accounts-mail.space
3	ssl.gstatic.com	accounts-mail.space
1	mail.google.com	accounts-mail.space
0	accounts.youtube.com Failed	accounts-mail.space
10	4

This site contains links to these domains. Also see Links.

Domain
accounts.google.com
support.google.com
www.google.com

Subject Issuer	Validity	Valid
*.google.com Google Internet Authority G2	`2017-03-22` - `2017-06-14`	3 months	crt.sh
mail.google.com Google Internet Authority G2	`2017-03-22` - `2017-06-14`	3 months	crt.sh

This page contains 2 frames:

Primary Page: http://accounts-mail.space/drive.postmailsecret.com/
Frame ID: 17992.1
Requests: 9 HTTP requests in this frame

Frame: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-432011133&timestamp=1491241098078
Frame ID: 17992.2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

10
Requests

40 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

67 kB
Transfer

67 kB
Size

0
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://accounts.google.com/ServiceLogin?continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&service=mail&checkedDomains=youtube&pstMsg=0
Title:

Search URL Search Domain Scan URL

URL: https://support.google.com/accounts/?p=securesignin&hl=zh-HK
Title: 瞭解更多資訊

Search URL Search Domain Scan URL

URL: https://accounts.google.com/RecoverAccount?Email=&ignoreShadow=0&fpOnly=1
Title: Need help？

Search URL Search Domain Scan URL

URL: https://accounts.google.com/SignUpWithoutGmail?EmailAddress=
Title: 建立帳戶

Search URL Search Domain Scan URL

URL: https://accounts.google.com/AccountChooser?continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&hl=zh-HK&service=mail
Title: Sign in with a different account

Search URL Search Domain Scan URL

URL: https://accounts.google.com/SignUp?service=mail&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F#RecoveryEmailAddress=majian0007%40gmail.com
Title: Create account

Search URL Search Domain Scan URL

URL: https://www.google.com/intl/zh-HK/about
Title: About Google

Search URL Search Domain Scan URL

URL: https://accounts.google.com/TOS?loc=KR&hl=zh-HK&privacy=true
Title: Privacy

Search URL Search Domain Scan URL

URL: https://accounts.google.com/TOS?loc=KR&hl=zh-HK
Title: Terms

Search URL Search Domain Scan URL

URL: http://www.google.com/support/accounts?hl=zh-HK
Title: Help

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
accounts-mail.space/drive.postmailsecret.com/
Redirect Chain

http://accounts-mail.space/drive.postmailsecret.com
http://accounts-mail.space/drive.postmailsecret.com/

57 KB
57 KB

210ms
210ms

Document
text/html

115.126.39.107
FTG-AS-AP Forewin...

General

Check archive.org

Show headers Download Go to

Full URL: http://accounts-mail.space/drive.postmailsecret.com/
Protocol: HTTP/1.1
Server: 115.126.39.107 , Hong Kong, ASN38186 (FTG-AS-AP Forewin Telecom Group Limited, ISP at, HK),
Reverse DNS
Software: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 /
Resource Hash: b1304c800c82155c2deba577feed3b812830f7a8a592ce1898d1ade2c29e9511

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: accounts-mail.space
Accept-Language: en-US,en;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Cache-Control: no-cache
Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date: Mon, 03 Apr 2017 17:38:02 GMT
Last-Modified: Mon, 29 Feb 2016 13:37:56 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
ETag: "e55a-52ce8c19ed500"
Content-Type: text/html
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 58714

Redirect headers

Location: http://accounts-mail.space/drive.postmailsecret.com/
Date: Mon, 03 Apr 2017 17:38:02 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 370
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK photo.png
accounts-mail.space/drive.postmailsecret.com/index_files/ 1 KB
1 KB 219ms
219ms Image
image/png 115.126.39.107
FTG-AS-AP Forewin...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://accounts-mail.space/drive.postmailsecret.com/index_files/photo.png
Requested by: Host: accounts-mail.space
URL: http://accounts-mail.space/drive.postmailsecret.com/
Protocol: HTTP/1.1
Server: 115.126.39.107 , Hong Kong, ASN38186 (FTG-AS-AP Forewin Telecom Group Limited, ISP at, HK),
Reverse DNS
Software: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 /
Resource Hash: f200aa60f60b6f435e4380744af7b81f6e21f01527e1b3ec5b8074c0ea9757a4

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: accounts-mail.space
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://accounts-mail.space/drive.postmailsecret.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://accounts-mail.space/drive.postmailsecret.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date: Mon, 03 Apr 2017 17:38:03 GMT
Last-Modified: Thu, 07 Jan 2016 08:41:19 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
ETag: "5b3-528ba6f3f49c0"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1459

GET
H/1.1 200
OK arrow_back_grey600_24dp.png
accounts-mail.space/drive.postmailsecret.com/index_files/ 117 B
117 B 394ms
207ms Image
image/png 115.126.39.107
FTG-AS-AP Forewin...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://accounts-mail.space/drive.postmailsecret.com/index_files/arrow_back_grey600_24dp.png
Requested by: Host: accounts-mail.space
URL: http://accounts-mail.space/drive.postmailsecret.com/
Protocol: HTTP/1.1
Server: 115.126.39.107 , Hong Kong, ASN38186 (FTG-AS-AP Forewin Telecom Group Limited, ISP at, HK),
Reverse DNS
Software: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 /
Resource Hash: 8d7d4305d9042a6f0a276c0cd646b0f4a18da60a800e844a70f51ad46cc1bd09

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: accounts-mail.space
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://accounts-mail.space/drive.postmailsecret.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://accounts-mail.space/drive.postmailsecret.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date: Mon, 03 Apr 2017 17:38:03 GMT
Last-Modified: Thu, 07 Jan 2016 08:41:19 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
ETag: "75-528ba6f3f49c0"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 117

GET
H2 200 googlelogo_color_112x36dp.png
ssl.gstatic.com/images/branding/googlelogo/1x/ 2 KB
2 KB 45ms
14ms Image
image/png 2a00:1450:400c:c06::5e
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_112x36dp.png

Requested by

Host: accounts-mail.space
URL: http://accounts-mail.space/drive.postmailsecret.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:400c:c06::5e , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

9ecd5e18216a965021f794cc1fd255767f8437ce1dd6c6c2ff4ceea7ccc0073d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/branding/googlelogo/1x/googlelogo_color_112x36dp.png
pragma: no-cache
accept-encoding: gzip, deflate, sdch, br
accept-language: en-US,en;q=0.8
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
accept: image/webp,image/*,*/*;q=0.8
cache-control: no-cache
:authority: ssl.gstatic.com
referer: http://accounts-mail.space/drive.postmailsecret.com/
:scheme: https
x-client-data: CIi2yQEIpLbJAQ==
:method: GET
Referer: http://accounts-mail.space/drive.postmailsecret.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

date: Mon, 03 Apr 2017 03:25:08 GMT
x-content-type-options: nosniff
last-modified: Thu, 21 Apr 2016 03:17:22 GMT
server: sffe
age: 51189
content-type: image/png
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="37,36,35"
content-length: 2449
x-xss-protection: 1; mode=block
expires: Tue, 03 Apr 2018 03:25:08 GMT

GET
H/1.1 200
OK universal_language_settings-21.png
accounts-mail.space/drive.postmailsecret.com/index_files/ 199 B
199 B 425ms
218ms Image
image/png 115.126.39.107
FTG-AS-AP Forewin...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://accounts-mail.space/drive.postmailsecret.com/index_files/universal_language_settings-21.png
Requested by: Host: accounts-mail.space
URL: http://accounts-mail.space/drive.postmailsecret.com/
Protocol: HTTP/1.1
Server: 115.126.39.107 , Hong Kong, ASN38186 (FTG-AS-AP Forewin Telecom Group Limited, ISP at, HK),
Reverse DNS
Software: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 /
Resource Hash: 59404af2d92c53ad1ee9e21b252c07c77dcba810b248a79d6ae989b1ff63c7d6

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: accounts-mail.space
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://accounts-mail.space/drive.postmailsecret.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://accounts-mail.space/drive.postmailsecret.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date: Mon, 03 Apr 2017 17:38:03 GMT
Last-Modified: Thu, 07 Jan 2016 08:41:19 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
ETag: "c7-528ba6f3f49c0"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 199

GET
H2 200 wlogostrip_230x17_1x.png
ssl.gstatic.com/accounts/ui/ 4 KB
4 KB 14ms
14ms Image
image/png 2a00:1450:400c:c06::5e
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.gstatic.com/accounts/ui/wlogostrip_230x17_1x.png

Requested by

Host: accounts-mail.space
URL: http://accounts-mail.space/drive.postmailsecret.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:400c:c06::5e , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

05cdc120325f04f53e3ec7dbba877500d94db5a47e38fb6a2cc96fa3d1d7664c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /accounts/ui/wlogostrip_230x17_1x.png
pragma: no-cache
accept-encoding: gzip, deflate, sdch, br
accept-language: en-US,en;q=0.8
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
accept: image/webp,image/*,*/*;q=0.8
cache-control: no-cache
:authority: ssl.gstatic.com
referer: http://accounts-mail.space/drive.postmailsecret.com/
:scheme: https
x-client-data: CIi2yQEIpLbJAQ==
:method: GET
Referer: http://accounts-mail.space/drive.postmailsecret.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

date: Mon, 03 Apr 2017 03:25:08 GMT
x-content-type-options: nosniff
last-modified: Thu, 21 Apr 2016 03:17:22 GMT
server: sffe
age: 51189
content-type: image/png
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="37,36,35"
content-length: 4285
x-xss-protection: 1; mode=block
expires: Tue, 03 Apr 2018 03:25:08 GMT

GET
H2 200 checkmark.png
ssl.gstatic.com/ui/v1/menu/ 239 B
248 B 24ms
24ms Image
image/png 2a00:1450:400c:c06::5e
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.gstatic.com/ui/v1/menu/checkmark.png

Requested by

Host: accounts-mail.space
URL: http://accounts-mail.space/drive.postmailsecret.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:400c:c06::5e , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

2210e36b5b21e54cd4dc2ccdcc06138db8598d704ebf19052e5caa84edb4a675

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /ui/v1/menu/checkmark.png
pragma: no-cache
accept-encoding: gzip, deflate, sdch, br
accept-language: en-US,en;q=0.8
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
accept: image/webp,image/*,*/*;q=0.8
cache-control: no-cache
:authority: ssl.gstatic.com
referer: http://accounts-mail.space/drive.postmailsecret.com/
:scheme: https
x-client-data: CIi2yQEIpLbJAQ==
:method: GET
Referer: http://accounts-mail.space/drive.postmailsecret.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

date: Mon, 03 Apr 2017 01:51:11 GMT
x-content-type-options: nosniff
last-modified: Thu, 21 Apr 2016 03:17:22 GMT
server: sffe
age: 56826
vary: Origin
content-type: image/png
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="37,36,35"
content-length: 239
x-xss-protection: 1; mode=block
expires: Tue, 03 Apr 2018 01:51:11 GMT

GET CheckConnection
accounts.youtube.com/accounts/ Frame 1799 0
0

GET
H2 200 cleardot.gif
mail.google.com/mail/images/ 43 B
52 B 56ms
25ms Image
image/gif 2a00:1450:400c:c06::11
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mail.google.com/mail/images/cleardot.gif?t=1491241098124

Requested by

Host: accounts-mail.space
URL: http://accounts-mail.space/drive.postmailsecret.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:400c:c06::11 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

GSE /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /mail/images/cleardot.gif?t=1491241098124
pragma: no-cache
accept-encoding: gzip, deflate, sdch, br
accept-language: en-US,en;q=0.8
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
accept: image/webp,image/*,*/*;q=0.8
cache-control: no-cache
:authority: mail.google.com
referer: http://accounts-mail.space/drive.postmailsecret.com/
:scheme: https
x-client-data: CIi2yQEIpLbJAQ==
:method: GET
Referer: http://accounts-mail.space/drive.postmailsecret.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

date: Mon, 03 Apr 2017 17:38:18 GMT
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: image/gif; charset=UTF-8
status: 200
cache-control: public, max-age=31536000
alt-svc: quic=":443"; ma=2592000; v="37,36,35"
x-xss-protection: 1; mode=block
expires: Tue, 03 Apr 2018 17:38:18 GMT

GET
H/1.1 404
Not Found favicon.ico
accounts-mail.space/ 1 KB
1 KB 223ms
223ms Other
text/html 115.126.39.107
FTG-AS-AP Forewin...

General

Check archive.org

Show headers Download Go to

Full URL: http://accounts-mail.space/favicon.ico
Protocol: HTTP/1.1
Server: 115.126.39.107 , Hong Kong, ASN38186 (FTG-AS-AP Forewin Telecom Group Limited, ISP at, HK),
Reverse DNS
Software: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 /
Resource Hash: a5d2a2bc6816e785e4832cc923980e0fad26b730c02e70c6d0dfdf3cfe3bf60b

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: accounts-mail.space
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://accounts-mail.space/drive.postmailsecret.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://accounts-mail.space/drive.postmailsecret.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date: Mon, 03 Apr 2017 17:38:03 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
Vary: accept-language,accept-charset
Content-Language: en
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: accounts.youtube.com
URL: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-432011133&timestamp=1491241098078

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts-mail.space
accounts.youtube.com
mail.google.com
ssl.gstatic.com
accounts.youtube.com
115.126.39.107
2a00:1450:400c:c06::11
2a00:1450:400c:c06::5e
05cdc120325f04f53e3ec7dbba877500d94db5a47e38fb6a2cc96fa3d1d7664c
2210e36b5b21e54cd4dc2ccdcc06138db8598d704ebf19052e5caa84edb4a675
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
59404af2d92c53ad1ee9e21b252c07c77dcba810b248a79d6ae989b1ff63c7d6
8d7d4305d9042a6f0a276c0cd646b0f4a18da60a800e844a70f51ad46cc1bd09
9ecd5e18216a965021f794cc1fd255767f8437ce1dd6c6c2ff4ceea7ccc0073d
a5d2a2bc6816e785e4832cc923980e0fad26b730c02e70c6d0dfdf3cfe3bf60b
b1304c800c82155c2deba577feed3b812830f7a8a592ce1898d1ade2c29e9511
f200aa60f60b6f435e4380744af7b81f6e21f01527e1b3ec5b8074c0ea9757a4

accounts-mail.space Open in urlscan Pro 115.126.39.107 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

10 Requests

40 %HTTPS

67 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

67 kBTransfer

67 kBSize

0 Cookies

10 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

accounts-mail.space Open in urlscan Pro
115.126.39.107 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

40 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

67 kB
Transfer

67 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!