qooqle-accounts.com
Open in
urlscan Pro
185.224.137.234
Malicious Activity!
Public Scan
Submission: On October 26 via api from IL
Summary
This is the only time qooqle-accounts.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Google (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 185.224.137.234 185.224.137.234 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
1 | 2a00:1450:400... 2a00:1450:4001:801::200a | 15169 (GOOGLE) (GOOGLE) | |
1 3 | 2606:4700::68... 2606:4700::6810:7caf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a00:1450:400... 2a00:1450:4001:81f::2003 | 15169 (GOOGLE) (GOOGLE) | |
15 | 5 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
qooqle-accounts.com
qooqle-accounts.com |
16 KB |
3 |
unpkg.com
1 redirects
unpkg.com |
57 KB |
2 |
gstatic.com
fonts.gstatic.com |
30 KB |
1 |
googleapis.com
fonts.googleapis.com |
784 B |
0 |
crypterz.xyz
Failed
crypterz.xyz Failed |
|
15 | 5 |
Domain | Requested by | |
---|---|---|
6 | qooqle-accounts.com |
qooqle-accounts.com
|
3 | unpkg.com |
1 redirects
qooqle-accounts.com
unpkg.com |
2 | fonts.gstatic.com |
qooqle-accounts.com
|
1 | fonts.googleapis.com |
qooqle-accounts.com
|
0 | crypterz.xyz Failed |
qooqle-accounts.com
|
15 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
accounts.google.com |
support.google.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
upload.video.google.com GTS CA 1O1 |
2020-10-06 - 2020-12-29 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-08-02 - 2021-08-02 |
a year | crt.sh |
qooqle-accounts.com Let's Encrypt Authority X3 |
2020-10-13 - 2021-01-11 |
3 months | crt.sh |
*.gstatic.com GTS CA 1O1 |
2020-10-06 - 2020-12-29 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://qooqle-accounts.com/accounts/signin/identifier/ServiceLogin/signin.php
Frame ID: 0D8486D239AAA65C346715CC7CCCA5C5
Requests: 15 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
LiteSpeed (Web Servers) Expand
Detected patterns
- headers server /^LiteSpeed$/i
Google Font API (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Ionicons (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+ionicons(?:\.min)?\.css/i
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: Forgot email?
Search URL Search Domain Scan URL
Title: Learn more
Search URL Search Domain Scan URL
Title: Create account
Search URL Search Domain Scan URL
Title: Terms
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 13- https://unpkg.com/ionicons@4.4.8/dist/fonts/ionicons.woff2?v=4.4.7 HTTP 302
- https://unpkg.com/ionicons@4.4.8/dist/fonts/ionicons.woff2
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
signin.php
qooqle-accounts.com/accounts/signin/identifier/ServiceLogin/ |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
5 KB 784 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ionicons.min.css
unpkg.com/ionicons@4.4.8/dist/css/ |
45 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style0.css
qooqle-accounts.com/accounts/signin/identifier/ServiceLogin/css/ |
9 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
qooqle-accounts.com/accounts/signin/identifier/ServiceLogin/css/ |
17 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.css
qooqle-accounts.com/accounts/signin/identifier/ServiceLogin/css/ |
4 KB 586 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ionicons.min.css
qooqle-accounts.com/accounts/signin/identifier/ServiceLogin/css/ |
46 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Google.svg
qooqle-accounts.com/accounts/signin/identifier/ServiceLogin/imgs/ |
2 KB 995 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v20/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v17/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ionicons.woff2
qooqle-accounts.com/accounts/signin/identifier/ServiceLogin/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ajax.php
crypterz.xyz/server/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ionicons.woff
qooqle-accounts.com/accounts/signin/identifier/ServiceLogin/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ionicons.ttf
qooqle-accounts.com/accounts/signin/identifier/ServiceLogin/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ionicons.woff2
unpkg.com/ionicons@4.4.8/dist/fonts/ Redirect Chain
|
49 KB 50 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- qooqle-accounts.com
- URL
- https://qooqle-accounts.com/accounts/signin/identifier/ServiceLogin/fonts/ionicons.woff2?v=4.4.7
- Domain
- crypterz.xyz
- URL
- https://crypterz.xyz/server/ajax.php?url=http://qooqle-accounts.com/accounts/signin/identifier/ServiceLogin/signin.php&ip=index&admin=siginin
- Domain
- qooqle-accounts.com
- URL
- https://qooqle-accounts.com/accounts/signin/identifier/ServiceLogin/fonts/ionicons.woff?v=4.4.7
- Domain
- qooqle-accounts.com
- URL
- https://qooqle-accounts.com/accounts/signin/identifier/ServiceLogin/fonts/ionicons.ttf?v=4.4.7
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Google (Online)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes object| email object| mymail object| pass object| placeholder object| failed object| loading object| shadow object| showHidepass function| step1 function| step2 function| showpass boolean| showhide string| ipx object| _0x1b4c string| url object| objXMLHttpRequest0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
crypterz.xyz
fonts.googleapis.com
fonts.gstatic.com
qooqle-accounts.com
unpkg.com
crypterz.xyz
qooqle-accounts.com
185.224.137.234
2606:4700::6810:7caf
2a00:1450:4001:801::200a
2a00:1450:4001:81f::2003
12795004d96bc721fe932474fdb8aba3ff3576b41976957d4f22a020f47bb67c
17980c3340eba5a32c2819c747fa429d38b772b1250ff9ad35e5c0544a416bc7
2d02d165cb720aec2fde78a93113a459729e0503951353f719076bc5b4a7a845
40c77a56f80b345bc7a3f9078615d402f9166ac57244535b006cef430d5332ba
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
745c9c157cf9a316aeebaee5e2b7af0fa2bb5658150e173234e6274c6ff2ad75
82cdb477ca3716b5fd4eb278a5950fb2a351f337d2bc9b739299745558428728
885b0ae564719c35141f661cb944ec388d86a88eb452a81c72652c9230d0064d
9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52
b362fb2a718a1387f6b12672a29e4692bc6ab413e53d93dd5686271ef4ea35d0
e7ed7d4399478be15d82522ba273c1e78c03770ef5b4d4179e097629f4dfd799