www.findania.com
Open in
urlscan Pro
184.168.41.185
Malicious Activity!
Public Scan
Effective URL: https://www.findania.com/.shtml505brtgz/request/login.php
Submission: On October 26 via manual from GB
Summary
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on September 21st 2019. Valid for: 2 years.
This is the only time www.findania.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: British Gas (Utility)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 107.180.57.15 107.180.57.15 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
1 | 2606:4700:20:... 2606:4700:20::681a:507 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 67.202.94.93 67.202.94.93 | 32748 (STEADFAST) (STEADFAST) | |
2 15 | 184.168.41.185 184.168.41.185 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
16 | 5 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-107-180-57-15.ip.secureserver.net
new.peaceofmindinc.com |
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
www.findania.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
findania.com
2 redirects
www.findania.com |
87 KB |
1 |
amung.us
whos.amung.us |
212 B |
1 |
waust.at
waust.at |
4 KB |
1 |
peaceofmindinc.com
new.peaceofmindinc.com |
560 B |
16 | 4 |
Domain | Requested by | |
---|---|---|
15 | www.findania.com |
2 redirects
www.findania.com
|
1 | whos.amung.us |
waust.at
|
1 | waust.at |
new.peaceofmindinc.com
|
1 | new.peaceofmindinc.com | |
16 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.findania.com Go Daddy Secure Certificate Authority - G2 |
2019-09-21 - 2021-09-21 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.findania.com/.shtml505brtgz/request/login.php
Frame ID: B7B123E07DC121B0B6AA5DAE6AC121A7
Requests: 17 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://new.peaceofmindinc.com/shtmlbg.html Page URL
-
https://www.findania.com/.shtml505brtgz/request
HTTP 301
https://www.findania.com/.shtml505brtgz/request/ HTTP 302
https://www.findania.com/.shtml505brtgz/request/login.php Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://new.peaceofmindinc.com/shtmlbg.html Page URL
-
https://www.findania.com/.shtml505brtgz/request
HTTP 301
https://www.findania.com/.shtml505brtgz/request/ HTTP 302
https://www.findania.com/.shtml505brtgz/request/login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
shtmlbg.html
new.peaceofmindinc.com/ |
237 B 560 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s.js
waust.at/ |
8 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
whos.amung.us/pingjs/ |
28 B 212 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login.php
www.findania.com/.shtml505brtgz/request/ Redirect Chain
|
6 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
439 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
www.findania.com/.shtml505brtgz/request/css/ |
118 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
www.findania.com/.shtml505brtgz/request/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
top-logo.svg
www.findania.com/.shtml505brtgz/request/img/ |
5 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
twit.svg
www.findania.com/.shtml505brtgz/request/img/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
YT.svg
www.findania.com/.shtml505brtgz/request/img/ |
3 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FB.svg
www.findania.com/.shtml505brtgz/request/img/ |
673 B 945 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
RSS.svg
www.findania.com/.shtml505brtgz/request/img/ |
852 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bottom-logo.svg
www.findania.com/.shtml505brtgz/request/img/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
www.findania.com/.shtml505brtgz/request/js/ |
95 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
www.findania.com/.shtml505brtgz/request/js/ |
36 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
valMail.js
www.findania.com/.shtml505brtgz/request/js/ |
505 B 698 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nextBtn.png
www.findania.com/.shtml505brtgz/request/img/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: British Gas (Utility)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes function| $ function| jQuery object| jQuery112406689297133107759 function| validateForm function| validateEmail1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.findania.com/ | Name: PHPSESSID Value: ab8sno5p0m4r7ppji628v2qad4 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
new.peaceofmindinc.com
waust.at
whos.amung.us
www.findania.com
107.180.57.15
184.168.41.185
2606:4700:20::681a:507
67.202.94.93
0298a25db873588e37945ece2b90e9f573dda86bfc84ae9f3efb8c3fbdcbce84
0b09bd432167b281c5a25bcc8b257e2f1c1ae28a7930d0cad0cbfbfb10759d21
34b530c7e2eb0d4954df8216c6cd39a97a6d1cb812156cac10f7e5d2b6f323a8
3db5ee91578360c1c725bac3f7d9de9421e5f627a752961356bb444ed2e7fd60
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
7665aa516177b0c0f2faabebea2760cbc4a69436ab01217be888f1eb073db55c
866f7b24bbe97226552c0278c1af738d5ce4a95e882a7500983cd0a82a1b4bf3
a391c60287bb2b30133526ff803b607fb5a791a0779080222a3a2be3d776ac7e
bc5c5b55010b215fda08a316c43cd46457222282277f075770b121bd17f42b89
d62644999f39f595e1b30aac2a761b2d8b737099929c5697b789d41c4c6301bb
da5bf7ca479e0c2459db899af01e77f2b787ab9e07338b31cfa48ccc8133baa8
dc40a98e7b83ebb528bee5f96d4d0af97b320ca2ab201f44ce57c903051010f6
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
fbf4feca74c75812263aaec1050475e7b7be2a5aa728e6a12b894c196281bd22