daniaviation.com
Open in
urlscan Pro
66.96.161.197
Malicious Activity!
Public Scan
Submission: On March 18 via api from CA
Summary
This is the only time daniaviation.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Google (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 66.96.161.197 66.96.161.197 | 29873 (BIZLAND-SD) (BIZLAND-SD - The Endurance International Group) | |
6 | 94.130.141.246 94.130.141.246 | 24940 (HETZNER-AS) (HETZNER-AS) | |
5 | 216.58.206.3 216.58.206.3 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
12 | 3 |
ASN29873 (BIZLAND-SD - The Endurance International Group, Inc., US)
PTR: 197.161.96.66.static.eigbox.net
daniaviation.com |
ASN24940 (HETZNER-AS, DE)
PTR: ns372.altervista.org
trillanmanilla.altervista.org |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s20-in-f3.1e100.net
ssl.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
altervista.org
trillanmanilla.altervista.org |
|
5 |
gstatic.com
ssl.gstatic.com |
17 KB |
1 |
daniaviation.com
daniaviation.com |
30 KB |
12 | 3 |
Domain | Requested by | |
---|---|---|
6 | trillanmanilla.altervista.org |
daniaviation.com
|
5 | ssl.gstatic.com |
daniaviation.com
|
1 | daniaviation.com | |
12 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
support.google.com |
accounts.google.com |
www.google.com |
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://daniaviation.com/Gmail.html
Frame ID: 8A8F26A2CE966D61E066C72EFB33783D
Requests: 12 HTTP requests in this frame
Screenshot
Detected technologies
Windows Server (Operating Systems) ExpandDetected patterns
- headers server /IIS(?:\/([\d.]+))?/i
IIS (Web Servers) Expand
Detected patterns
- headers server /IIS(?:\/([\d.]+))?/i
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: Learn more
Search URL Search Domain Scan URL
Title: Need help?
Search URL Search Domain Scan URL
Title: Create an account
Search URL Search Domain Scan URL
Title: Privacy & Terms
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Gmail.html
daniaviation.com/ |
82 KB 30 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css.css
trillanmanilla.altervista.org/http://trillanmanilla.altervista.org/Sign%20in%20-%20Google%20Accounts_files/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
javascript.js
trillanmanilla.altervista.org/Sign%20in%20-%20Google%20Accounts_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
client
trillanmanilla.altervista.org/Sign%20in%20-%20Google%20Accounts_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
affiliate_client.js
trillanmanilla.altervista.org/Sign%20in%20-%20Google%20Accounts_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
logo_2x.png
ssl.gstatic.com/accounts/ui/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
avatar_2x.png
ssl.gstatic.com/accounts/ui/ |
626 B 690 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
logo_strip_2x.png
ssl.gstatic.com/accounts/ui/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
universal_language_settings-21.png
ssl.gstatic.com/images/icons/ui/common/ |
199 B 291 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
affiliate_client.js
trillanmanilla.altervista.org/Sign%20in%20-%20Google%20Accounts_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
checkmark.png
ssl.gstatic.com/ui/v1/menu/ |
239 B 598 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
opt_content.js
trillanmanilla.altervista.org/Sign%20in%20-%20Google%20Accounts_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Google (Online)33 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| gaia_attachEvent object| G function| Gb function| Ga object| Gc function| Gd function| Ge function| Gf function| Gg function| Gh function| Gj function| Gi object| Gk object| Gl function| Gm function| Gn object| Go string| Gp object| Gq object| Gr object| Gs function| Gt function| Gu function| Gv function| Gw function| G_checkConnectionMain function| G_setPostMessageSupportFlag object| __CHECK_CONNECTION_CONFIG function| gaia_parseFragment function| gaia_prefillEmail function| gaia_setFocus function| gaia_scrollToElement function| gaia_onLoginSubmit1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
accounts.youtube.com/accounts | Name: CheckConnectionTempCookie259 Value: 120814 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
daniaviation.com
ssl.gstatic.com
trillanmanilla.altervista.org
216.58.206.3
66.96.161.197
94.130.141.246
2210e36b5b21e54cd4dc2ccdcc06138db8598d704ebf19052e5caa84edb4a675
39d4a69030e8decd594d7e9c12387bd8b19ca0f492a55c3b0b1890272eeef97e
59404af2d92c53ad1ee9e21b252c07c77dcba810b248a79d6ae989b1ff63c7d6
749ecb257b4dabd6c2d346578fcbe63a96bf94c1f2366496409296167f03b7a7
b2d3305551055e5d28aea38f218ee6ff6006afb8c80cc4f206a206bcb758df7c
cdcc6d6dcda827a694dce8bfa9a1ab41113b629ef1cc11f886866af9194c81d0