www.findania.com Open in urlscan Pro
184.168.41.185 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://new.peaceofmindinc.com/shtmlbg.html
Effective URL:
https://www.findania.com/.shtml505brtgz/request/login.php
Submission: On October 26 via manual (October 26th 2020, 8:42:16 pm UTC) from GB

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 4 domains to perform 16 HTTP transactions. The main IP is 184.168.41.185, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is www.findania.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on September 21st 2019. Valid for: 2 years.

This is the only time www.findania.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: British Gas (Utility)

Domain & IP information

	IP Address	AS Autonomous System
1	107.180.57.15 107.180.57.15	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
1	2606:4700:20:... 2606:4700:20::681a:507	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	67.202.94.93 67.202.94.93	32748 (STEADFAST) (STEADFAST)
2 15	184.168.41.185 184.168.41.185	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
16	5

1 107.180.57.15 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-107-180-57-15.ip.secureserver.net

new.peaceofmindinc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:507 (United States)

ASN13335 (CLOUDFLARENET, US)

waust.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.94.93 (Chicago, United States)

ASN32748 (STEADFAST, US)
PTR: amung.us

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 184.168.41.185 (Scottsdale, United States) 2 redirects

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)

www.findania.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	findania.com 2 redirects www.findania.com	87 KB
1	amung.us whos.amung.us	212 B
1	waust.at waust.at	4 KB
1	peaceofmindinc.com new.peaceofmindinc.com	560 B
16	4

	Domain	Requested by
15	www.findania.com	2 redirects www.findania.com
1	whos.amung.us	waust.at
1	waust.at	new.peaceofmindinc.com
1	new.peaceofmindinc.com
16	4

This site contains no links.

Subject Issuer	Validity	Valid
www.findania.com Go Daddy Secure Certificate Authority - G2	`2019-09-21` - `2021-09-21`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://www.findania.com/.shtml505brtgz/request/login.php
Frame ID: B7B123E07DC121B0B6AA5DAE6AC121A7
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://new.peaceofmindinc.com/shtmlbg.html Page URL
https://www.findania.com/.shtml505brtgz/request HTTP 301
https://www.findania.com/.shtml505brtgz/request/ HTTP 302
https://www.findania.com/.shtml505brtgz/request/login.php Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

16
Requests

81 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

5
IPs

1
Countries

91 kB
Transfer

285 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://new.peaceofmindinc.com/shtmlbg.html Page URL
https://www.findania.com/.shtml505brtgz/request HTTP 301
https://www.findania.com/.shtml505brtgz/request/ HTTP 302
https://www.findania.com/.shtml505brtgz/request/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	shtmlbg.html Show response new.peaceofmindinc.com/	237 B 560 B	387ms 352ms	Document text/html	107.180.57.15 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL http://new.peaceofmindinc.com/shtmlbg.html Protocol HTTP/1.1 Server 107.180.57.15 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-107-180-57-15.ip.secureserver.net Software Apache / Resource Hash `fbf4feca74c75812263aaec1050475e7b7be2a5aa728e6a12b894c196281bd22` Request headers Host new.peaceofmindinc.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 26 Oct 2020 20:42:00 GMT Server Apache Upgrade h2,h2c Connection Upgrade, Keep-Alive Last-Modified Wed, 21 Oct 2020 06:33:03 GMT ETag "c62169d-ed-5b22884fa85c0-gzip" Accept-Ranges bytes Vary Accept-Encoding,User-Agent Content-Encoding gzip Content-Length 204 Keep-Alive timeout=5 Content-Type text/html
GET H/1.1	200 OK	s.js Show response waust.at/	8 KB 4 KB	24ms 12ms	Script application/x-javascript	2606:4700:20::681a:507 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://waust.at/s.js Requested by Host: new.peaceofmindinc.com URL: http://new.peaceofmindinc.com/shtmlbg.html Protocol HTTP/1.1 Server 2606:4700:20::681a:507 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0298a25db873588e37945ece2b90e9f573dda86bfc84ae9f3efb8c3fbdcbce84` Request headers Referer http://new.peaceofmindinc.com/shtmlbg.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 26 Oct 2020 20:42:00 GMT content-encoding gzip CF-Cache-Status HIT NEL {"report_to":"cf-nel","max_age":604800} Age 832 Transfer-Encoding chunked Connection keep-alive cf-request-id 06083e8c780000649d179f9000000001 last-modified Mon, 05 Oct 2020 15:46:56 GMT Server cloudflare etag W/"5f7b3ff0-1ed7" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0z6XGESBdJigFYr5PXOhgCI%2Fh0pxhO3TdCS2US4dMkXrAuQyzfydcT6pGgIs3S%2BviYfgNemldWxAsV6UT4ITo%2BGGdVsNm6M5NHsmRF3KTc1Wm%2FjLPQ%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type application/x-javascript access-control-allow-origin * cache-control max-age=86400 CF-RAY 5e87005a5e9a649d-FRA expires Tue, 27 Oct 2020 20:28:08 GMT
GET H/1.1	200 OK	/ whos.amung.us/pingjs/	28 B 212 B	300ms 273ms	Script text/javascript	67.202.94.93 STEADFAST
General Check archive.org Show headers Download Go to Full URL http://whos.amung.us/pingjs/?k=0v67z0n9qi&t=&c=s&x=http%3A%2F%2Fnew.peaceofmindinc.com%2Fshtmlbg.html&y=&a=0&d=0.394&v=27&r=1629 Requested by Host: waust.at URL: http://waust.at/s.js Protocol HTTP/1.1 Server 67.202.94.93 Chicago, United States, ASN32748 (STEADFAST, US), Reverse DNS amung.us Software / Resource Hash Request headers Referer http://new.peaceofmindinc.com/shtmlbg.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 26 Oct 2020 20:42:00 GMT content-encoding gzip transfer-encoding chunked content-type text/javascript;charset=UTF-8
GET H/1.1	200 OK	Primary Request login.php Show response www.findania.com/.shtml505brtgz/request/ Redirect Chain https://www.findania.com/.shtml505brtgz/request https://www.findania.com/.shtml505brtgz/request/ https://www.findania.com/.shtml505brtgz/request/login.php	6 KB 1 KB	214ms 214ms	Document text/html	184.168.41.185 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://www.findania.com/.shtml505brtgz/request/login.php Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_GCM Server 184.168.41.185 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS Software Apache / Resource Hash `866f7b24bbe97226552c0278c1af738d5ce4a95e882a7500983cd0a82a1b4bf3` Request headers Host www.findania.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest document Referer http://new.peaceofmindinc.com/shtmlbg.html Accept-Encoding gzip, deflate, br Accept-Language en-US Cookie PHPSESSID=ab8sno5p0m4r7ppji628v2qad4 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://new.peaceofmindinc.com/shtmlbg.html Response headers Date Mon, 26 Oct 2020 20:42:01 GMT Server Apache Vary Accept-Encoding Content-Encoding gzip Content-Length 1285 Keep-Alive timeout=5, max=98 Connection Keep-Alive Content-Type text/html Redirect headers Date Mon, 26 Oct 2020 20:42:01 GMT Server Apache Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache Set-Cookie PHPSESSID=oh88bta5od4cr82gmic70j0ji2; path=/ PHPSESSID=ab8sno5p0m4r7ppji628v2qad4; path=/ Location login.php Content-Length 0 Keep-Alive timeout=5, max=99 Connection Keep-Alive Content-Type text/html
GET DATA	200 OK	truncated /	439 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash Request headers Referer http://new.peaceofmindinc.com/shtmlbg.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/gif
GET H/1.1	200 OK	bootstrap.min.css www.findania.com/.shtml505brtgz/request/css/	118 KB 20 KB	210ms 210ms	Stylesheet text/css	184.168.41.185 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://www.findania.com/.shtml505brtgz/request/css/bootstrap.min.css Requested by Host: www.findania.com URL: https://www.findania.com/.shtml505brtgz/request/login.php Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_GCM Server 184.168.41.185 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS Software Apache / Resource Hash `f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c` Request headers Referer https://www.findania.com/.shtml505brtgz/request/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 26 Oct 2020 20:42:02 GMT Content-Encoding gzip Last-Modified Mon, 25 Jul 2016 23:53:28 GMT Server Apache ETag "1d970-5387e7d9c8e00-gzip" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=86400 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 19744 Expires Tue, 27 Oct 2020 20:42:02 GMT
GET H/1.1	200 OK	style.css www.findania.com/.shtml505brtgz/request/css/	3 KB 1 KB	419ms 201ms	Stylesheet text/css	184.168.41.185 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://www.findania.com/.shtml505brtgz/request/css/style.css Requested by Host: www.findania.com URL: https://www.findania.com/.shtml505brtgz/request/login.php Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_GCM Server 184.168.41.185 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS Software Apache / Resource Hash `7665aa516177b0c0f2faabebea2760cbc4a69436ab01217be888f1eb073db55c` Request headers Referer https://www.findania.com/.shtml505brtgz/request/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 26 Oct 2020 20:42:02 GMT Content-Encoding gzip Last-Modified Mon, 06 Apr 2020 06:49:58 GMT Server Apache ETag "a9a-5a299ace5f180-gzip" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=86400 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 843 Expires Tue, 27 Oct 2020 20:42:02 GMT
GET H/1.1	200 OK	top-logo.svg www.findania.com/.shtml505brtgz/request/img/	5 KB 5 KB	610ms 204ms	Image image/svg+xml	184.168.41.185 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Show image Full URL https://www.findania.com/.shtml505brtgz/request/img/top-logo.svg Requested by Host: www.findania.com URL: https://www.findania.com/.shtml505brtgz/request/login.php Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_GCM Server 184.168.41.185 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS Software Apache / Resource Hash `0b09bd432167b281c5a25bcc8b257e2f1c1ae28a7930d0cad0cbfbfb10759d21` Request headers Referer https://www.findania.com/.shtml505brtgz/request/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 26 Oct 2020 20:42:02 GMT Last-Modified Thu, 20 Jun 2019 04:42:02 GMT Server Apache ETag "14a8-58bb9f78d5a80" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 5288
GET H/1.1	200 OK	twit.svg www.findania.com/.shtml505brtgz/request/img/	1 KB 1 KB	401ms 206ms	Image image/svg+xml	184.168.41.185 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Show image Full URL https://www.findania.com/.shtml505brtgz/request/img/twit.svg Requested by Host: www.findania.com URL: https://www.findania.com/.shtml505brtgz/request/login.php Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_GCM Server 184.168.41.185 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS Software Apache / Resource Hash `d62644999f39f595e1b30aac2a761b2d8b737099929c5697b789d41c4c6301bb` Request headers Referer https://www.findania.com/.shtml505brtgz/request/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 26 Oct 2020 20:42:02 GMT Last-Modified Fri, 21 Jun 2019 06:13:36 GMT Server Apache ETag "466-58bcf5cdc8400" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1126
GET H/1.1	200 OK	YT.svg www.findania.com/.shtml505brtgz/request/img/	3 KB 3 KB	204ms 203ms	Image image/svg+xml	184.168.41.185 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Show image Full URL https://www.findania.com/.shtml505brtgz/request/img/YT.svg Requested by Host: www.findania.com URL: https://www.findania.com/.shtml505brtgz/request/login.php Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_GCM Server 184.168.41.185 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS Software Apache / Resource Hash `bc5c5b55010b215fda08a316c43cd46457222282277f075770b121bd17f42b89` Request headers Referer https://www.findania.com/.shtml505brtgz/request/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 26 Oct 2020 20:42:02 GMT Last-Modified Fri, 21 Jun 2019 06:14:12 GMT Server Apache ETag "c89-58bcf5f01d500" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 3209
GET H/1.1	200 OK	FB.svg www.findania.com/.shtml505brtgz/request/img/	673 B 945 B	372ms 206ms	Image image/svg+xml	184.168.41.185 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Show image Full URL https://www.findania.com/.shtml505brtgz/request/img/FB.svg Requested by Host: www.findania.com URL: https://www.findania.com/.shtml505brtgz/request/login.php Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_GCM Server 184.168.41.185 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS Software Apache / Resource Hash `dc40a98e7b83ebb528bee5f96d4d0af97b320ca2ab201f44ce57c903051010f6` Request headers Referer https://www.findania.com/.shtml505brtgz/request/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 26 Oct 2020 20:42:02 GMT Last-Modified Fri, 21 Jun 2019 06:14:24 GMT Server Apache ETag "2a1-58bcf5fb8f000" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 673
GET H/1.1	200 OK	RSS.svg www.findania.com/.shtml505brtgz/request/img/	852 B 1 KB	360ms 203ms	Image image/svg+xml	184.168.41.185 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Show image Full URL https://www.findania.com/.shtml505brtgz/request/img/RSS.svg Requested by Host: www.findania.com URL: https://www.findania.com/.shtml505brtgz/request/login.php Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_GCM Server 184.168.41.185 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS Software Apache / Resource Hash `3db5ee91578360c1c725bac3f7d9de9421e5f627a752961356bb444ed2e7fd60` Request headers Referer https://www.findania.com/.shtml505brtgz/request/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 26 Oct 2020 20:42:02 GMT Last-Modified Fri, 21 Jun 2019 06:14:32 GMT Server Apache ETag "354-58bcf60330200" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 852
GET H/1.1	200 OK	bottom-logo.svg www.findania.com/.shtml505brtgz/request/img/	4 KB 4 KB	363ms 203ms	Image image/svg+xml	184.168.41.185 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Show image Full URL https://www.findania.com/.shtml505brtgz/request/img/bottom-logo.svg Requested by Host: www.findania.com URL: https://www.findania.com/.shtml505brtgz/request/login.php Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_GCM Server 184.168.41.185 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS Software Apache / Resource Hash `a391c60287bb2b30133526ff803b607fb5a791a0779080222a3a2be3d776ac7e` Request headers Referer https://www.findania.com/.shtml505brtgz/request/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 26 Oct 2020 20:42:02 GMT Last-Modified Fri, 21 Jun 2019 06:15:24 GMT Server Apache ETag "fee-58bcf634c7700" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 4078
GET H/1.1	200 OK	jquery.min.js Show response www.findania.com/.shtml505brtgz/request/js/	95 KB 33 KB	600ms 205ms	Script application/javascript	184.168.41.185 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://www.findania.com/.shtml505brtgz/request/js/jquery.min.js Requested by Host: www.findania.com URL: https://www.findania.com/.shtml505brtgz/request/login.php Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_GCM Server 184.168.41.185 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS Software Apache / Resource Hash `668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404` Request headers Referer https://www.findania.com/.shtml505brtgz/request/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 26 Oct 2020 20:42:02 GMT Content-Encoding gzip Last-Modified Tue, 06 Jun 2017 17:09:24 GMT Server Apache ETag "17b8b-5514dae68f900-gzip" Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=604800 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 33760 Expires Mon, 02 Nov 2020 20:42:02 GMT
GET H/1.1	200 OK	bootstrap.min.js Show response www.findania.com/.shtml505brtgz/request/js/	36 KB 10 KB	610ms 204ms	Script application/javascript	184.168.41.185 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://www.findania.com/.shtml505brtgz/request/js/bootstrap.min.js Requested by Host: www.findania.com URL: https://www.findania.com/.shtml505brtgz/request/login.php Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_GCM Server 184.168.41.185 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS Software Apache / Resource Hash `53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef` Request headers Referer https://www.findania.com/.shtml505brtgz/request/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 26 Oct 2020 20:42:02 GMT Content-Encoding gzip Last-Modified Mon, 25 Jul 2016 23:53:30 GMT Server Apache ETag "90b5-5387e7dbb1280-gzip" Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=604800 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 9833 Expires Mon, 02 Nov 2020 20:42:02 GMT
GET H/1.1	200 OK	valMail.js Show response www.findania.com/.shtml505brtgz/request/js/	505 B 698 B	608ms 202ms	Script application/javascript	184.168.41.185 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://www.findania.com/.shtml505brtgz/request/js/valMail.js Requested by Host: www.findania.com URL: https://www.findania.com/.shtml505brtgz/request/login.php Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_GCM Server 184.168.41.185 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS Software Apache / Resource Hash `da5bf7ca479e0c2459db899af01e77f2b787ab9e07338b31cfa48ccc8133baa8` Request headers Referer https://www.findania.com/.shtml505brtgz/request/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 26 Oct 2020 20:42:02 GMT Content-Encoding gzip Last-Modified Sun, 23 Jun 2019 04:14:18 GMT Server Apache ETag "1f9-58bf5ede4da80-gzip" Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=604800 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 293 Expires Mon, 02 Nov 2020 20:42:02 GMT
GET H/1.1	200 OK	nextBtn.png www.findania.com/.shtml505brtgz/request/img/	3 KB 4 KB	363ms 203ms	Image image/png	184.168.41.185 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Show image Full URL https://www.findania.com/.shtml505brtgz/request/img/nextBtn.png Requested by Host: www.findania.com URL: https://www.findania.com/.shtml505brtgz/request/css/style.css Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_GCM Server 184.168.41.185 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS Software Apache / Resource Hash `34b530c7e2eb0d4954df8216c6cd39a97a6d1cb812156cac10f7e5d2b6f323a8` Request headers Referer https://www.findania.com/.shtml505brtgz/request/css/style.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 26 Oct 2020 20:42:02 GMT Last-Modified Fri, 21 Jun 2019 00:03:50 GMT Server Apache ETag "ce9-58bca32790580" Content-Type image/png Cache-Control max-age=5184000 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 3305 Expires Fri, 25 Dec 2020 20:42:02 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: British Gas (Utility)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.findania.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: ab8sno5p0m4r7ppji628v2qad4

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

new.peaceofmindinc.com
waust.at
whos.amung.us
www.findania.com
107.180.57.15
184.168.41.185
2606:4700:20::681a:507
67.202.94.93
0298a25db873588e37945ece2b90e9f573dda86bfc84ae9f3efb8c3fbdcbce84
0b09bd432167b281c5a25bcc8b257e2f1c1ae28a7930d0cad0cbfbfb10759d21
34b530c7e2eb0d4954df8216c6cd39a97a6d1cb812156cac10f7e5d2b6f323a8
3db5ee91578360c1c725bac3f7d9de9421e5f627a752961356bb444ed2e7fd60
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
7665aa516177b0c0f2faabebea2760cbc4a69436ab01217be888f1eb073db55c
866f7b24bbe97226552c0278c1af738d5ce4a95e882a7500983cd0a82a1b4bf3
a391c60287bb2b30133526ff803b607fb5a791a0779080222a3a2be3d776ac7e
bc5c5b55010b215fda08a316c43cd46457222282277f075770b121bd17f42b89
d62644999f39f595e1b30aac2a761b2d8b737099929c5697b789d41c4c6301bb
da5bf7ca479e0c2459db899af01e77f2b787ab9e07338b31cfa48ccc8133baa8
dc40a98e7b83ebb528bee5f96d4d0af97b320ca2ab201f44ce57c903051010f6
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
fbf4feca74c75812263aaec1050475e7b7be2a5aa728e6a12b894c196281bd22

www.findania.com Open in urlscan Pro 184.168.41.185 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

81 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

5 IPs

1 Countries

91 kBTransfer

285 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

1 Cookies

Indicators

www.findania.com Open in urlscan Pro
184.168.41.185 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

81 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

5
IPs

1
Countries

91 kB
Transfer

285 kB
Size

1
Cookies

16 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!