gorukana.org Open in urlscan Pro
43.255.154.58 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://gorukana.org/wp-content/uploads/2019/02/wkeirg/index.php?id=re
Submission: On July 12 via automatic, source openphish (July 12th 2023, 8:07:57 pm UTC) — Scanned from SG

Summary HTTP 16 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 16 HTTP transactions. The main IP is 43.255.154.58, located in Singapore and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is gorukana.org.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on June 17th 2023. Valid for: 3 months.

This is the only time gorukana.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: 1&1 Ionos (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
1 9	43.255.154.58 43.255.154.58	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
5	213.165.66.58 213.165.66.58	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
3	13.236.8.150 13.236.8.150	16509 (AMAZON-02) (AMAZON-02)
16	4

9 43.255.154.58 (Singapore) 1 redirects

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: 58.154.255.43.host.secureserver.net

gorukana.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.gorukana.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 213.165.66.58 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: ce1.uicdn.net

ce1.uicdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.236.8.150 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-236-8-150.ap-southeast-2.compute.amazonaws.com

4tdc8ll7wtnf.statuspage.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	gorukana.org 1 redirects gorukana.org www.gorukana.org	117 KB
5	uicdn.net ce1.uicdn.net — Cisco Umbrella Rank: 180807	258 KB
3	statuspage.io 4tdc8ll7wtnf.statuspage.io — Cisco Umbrella Rank: 350451	1 KB
16	3

	Domain	Requested by
8	gorukana.org	1 redirects gorukana.org
5	ce1.uicdn.net	gorukana.org
3	4tdc8ll7wtnf.statuspage.io	gorukana.org
1	www.gorukana.org
16	4

This site contains links to these domains. Also see Links.

Domain
www.ionos-status.de

Subject Issuer	Validity	Valid
gorukana.org ZeroSSL RSA Domain Secure Site CA	`2023-06-17` - `2023-09-15`	3 months	crt.sh
ce1.uicdn.net GeoTrust RSA CA 2018	`2023-03-03` - `2024-04-02`	a year	crt.sh
*.statuspage.io DigiCert TLS RSA SHA256 2020 CA1	`2022-08-08` - `2023-08-22`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/index.php?id=re
Frame ID: A06FED52B56B68BFD45697F390070EFE
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Webmail Login | IONOS by 1&1

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

16
Requests

94 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

4
IPs

3
Countries

376 kB
Transfer

781 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.ionos-status.de/?utm_medium=footer&utm_content=none&utm_source=unknown&utm_campaign=unknown&utm_term=no_search
Title: Alle Systeme funktional

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://gorukana.org/wp-content/uploads/2019/02/wkeirg/false HTTP 301
https://www.gorukana.org/wp-content/uploads/2019/02/wkeirg/false

16 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request index.php Show response
gorukana.org/wp-content/uploads/2019/02/wkeirg/ 18 KB
5 KB 137ms
81ms Document
text/html 43.255.154.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/index.php?id=re
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 43.255.154.58 , Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 58.154.255.43.host.secureserver.net
Software: Apache / PHP/8.0.28
Resource Hash: dafc5a93b286021e4744e5eba24a0cdb5271fe76d975805d12fb114662656569

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

cache-control: private, must-revalidate
content-encoding: br
content-length: 4858
content-type: text/html; charset=UTF-8
date: Wed, 12 Jul 2023 20:07:51 GMT
expires: Thu, 11 Jul 2024 20:07:51 GMT
server: Apache
vary: Accept-Encoding
x-powered-by: PHP/8.0.28

GET
H2 200 ionos.css
gorukana.org/wp-content/uploads/2019/02/wkeirg/img/ 182 KB
24 KB 35ms
33ms Stylesheet
text/css 43.255.154.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/img/ionos.css
Requested by: Host: gorukana.org
URL: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/index.php?id=re
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 43.255.154.58 , Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 58.154.255.43.host.secureserver.net
Software: Apache /
Resource Hash: ad27b53b0b4d238ea74413855661d956cf0496adaf914e94c1c1de9f3c42faad

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/index.php?id=re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 20:07:51 GMT
content-encoding: br
last-modified: Mon, 14 Dec 2020 21:39:34 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
cache-control: public
accept-ranges: bytes
content-length: 24310
expires: Thu, 11 Jul 2024 20:07:51 GMT

GET
H2 200 login.css
gorukana.org/wp-content/uploads/2019/02/wkeirg/img/ 15 KB
6 KB 11ms
10ms Stylesheet
text/css 43.255.154.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/img/login.css
Requested by: Host: gorukana.org
URL: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/index.php?id=re
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 43.255.154.58 , Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 58.154.255.43.host.secureserver.net
Software: Apache /
Resource Hash: 9d27c279b8aef5083f4720d71b79ba18519d3f924955d7338932a5252555b669

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/index.php?id=re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 20:07:51 GMT
content-encoding: br
last-modified: Mon, 14 Dec 2020 21:39:36 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
cache-control: public
accept-ranges: bytes
content-length: 6324
expires: Thu, 11 Jul 2024 20:07:51 GMT

GET
H2 200 navigation.css
gorukana.org/wp-content/uploads/2019/02/wkeirg/img/ 132 KB
31 KB 36ms
35ms Stylesheet
text/css 43.255.154.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/img/navigation.css
Requested by: Host: gorukana.org
URL: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/index.php?id=re
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 43.255.154.58 , Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 58.154.255.43.host.secureserver.net
Software: Apache /
Resource Hash: 8039fa7e658abaa1a484042391d70143fa581e2535340fd6901585666ef945b0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/index.php?id=re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 20:07:51 GMT
content-encoding: br
last-modified: Mon, 14 Dec 2020 21:39:34 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
cache-control: public
accept-ranges: bytes
content-length: 31398
expires: Thu, 11 Jul 2024 20:07:51 GMT

GET
H2 200 statuspage.css
gorukana.org/wp-content/uploads/2019/02/wkeirg/img/ 5 KB
1 KB 8ms
8ms Stylesheet
text/css 43.255.154.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/img/statuspage.css
Requested by: Host: gorukana.org
URL: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/index.php?id=re
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 43.255.154.58 , Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 58.154.255.43.host.secureserver.net
Software: Apache /
Resource Hash: a2324d78fa23878b6ad03de16af33e37576a1b76e1d722c3822f8099ea17f9c0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/index.php?id=re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 20:07:51 GMT
content-encoding: br
last-modified: Mon, 14 Dec 2020 21:39:34 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
cache-control: public
accept-ranges: bytes
content-length: 1084
expires: Thu, 11 Jul 2024 20:07:51 GMT

GET
H2 200 email-marketing.svg
gorukana.org/wp-content/uploads/2019/02/wkeirg/img/ 9 KB
3 KB 10ms
9ms Image
image/svg+xml 43.255.154.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/img/email-marketing.svg
Requested by: Host: gorukana.org
URL: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/index.php?id=re
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 43.255.154.58 , Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 58.154.255.43.host.secureserver.net
Software: Apache /
Resource Hash: 95e0e12385d279dc8adc22b273f15941c262599488aad11f53f8a1e4d792f86e

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/index.php?id=re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 20:07:51 GMT
content-encoding: br
last-modified: Sun, 22 May 2022 23:05:28 GMT
server: Apache
etag: "7180016-22b2-5dfa1c269de00-br"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public
accept-ranges: bytes
content-length: 2905
expires: Thu, 11 Jul 2024 20:07:51 GMT

GET
H2 200 statuspage.js Show response
gorukana.org/wp-content/uploads/2019/02/wkeirg/img/ 162 KB
47 KB 52ms
51ms Script
application/javascript 43.255.154.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/img/statuspage.js
Requested by: Host: gorukana.org
URL: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/index.php?id=re
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 43.255.154.58 , Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 58.154.255.43.host.secureserver.net
Software: Apache /
Resource Hash: b1443e9afa15923dcc1ead15a6091cddc3f8ba6dd35a9450f98b3e8376ed5bf2

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/index.php?id=re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 20:07:51 GMT
content-encoding: br
last-modified: Mon, 14 Dec 2020 21:39:34 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
cache-control: private
accept-ranges: bytes
content-length: 48108
expires: Thu, 11 Jul 2024 20:07:51 GMT

GET
H2 200 opensans-regular.woff
ce1.uicdn.net/exos/fonts/open-sans/ 62 KB
63 KB 803ms
313ms Font
application/font-woff 213.165.66.58
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ce1.uicdn.net/exos/fonts/open-sans/opensans-regular.woff
Requested by: Host: gorukana.org
URL: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/img/ionos.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 213.165.66.58 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: ce1.uicdn.net
Software: Apache /
Resource Hash: 2e1587380141daff4e10a8e3db8f7ae5887102ab7576bff43049590f637ac20b

Request headers

Referer: https://gorukana.org/
Origin: https://gorukana.org
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 20:07:51 GMT
last-modified: Tue, 12 Jun 2018 09:26:07 GMT
server: Apache
x-cache-status: HIT
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 63712
expires: Wed, 03 Jul 2024 11:30:10 GMT

GET
DATA 200
OK truncated
/ 320 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c8e1724edab4d29c68d698c71f04db98774a5ba4fb432e4d37bfb0beecdac987

Request headers

accept-language: zh-SG,zh;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 exos-icon-font.woff
ce1.uicdn.net/exos/icons/ 50 KB
50 KB 1231ms
744ms Font
application/font-woff 213.165.66.58
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ce1.uicdn.net/exos/icons/exos-icon-font.woff?v=5
Requested by: Host: gorukana.org
URL: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/img/navigation.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 213.165.66.58 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: ce1.uicdn.net
Software: Apache /
Resource Hash: 35538b399f40d6db114f64b970fb8a612d88d833906f95f4cb8675c0277ecfb3

Request headers

Referer: https://gorukana.org/
Origin: https://gorukana.org
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 20:07:51 GMT
last-modified: Fri, 05 Aug 2022 04:39:12 GMT
server: Apache
x-cache-status: HIT
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 50688
expires: Wed, 03 Jul 2024 11:30:54 GMT

GET
H2 200 overpass-regular.woff
ce1.uicdn.net/exos/fonts/overpass/ 42 KB
42 KB 1044ms
557ms Font
application/font-woff 213.165.66.58
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ce1.uicdn.net/exos/fonts/overpass/overpass-regular.woff
Requested by: Host: gorukana.org
URL: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/img/ionos.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 213.165.66.58 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: ce1.uicdn.net
Software: Apache /
Resource Hash: d78e7ad4838a9fb4db11451b1db78ccd0b0c7b28f5787684ce2870918ce27bb5

Request headers

Referer: https://gorukana.org/
Origin: https://gorukana.org
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 20:07:51 GMT
last-modified: Tue, 12 Jun 2018 09:26:06 GMT
server: Apache
x-cache-status: HIT
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 42580
expires: Wed, 03 Jul 2024 11:30:11 GMT

GET
H2 200 opensans-bold.woff
ce1.uicdn.net/exos/fonts/open-sans/ 62 KB
62 KB 1146ms
659ms Font
application/font-woff 213.165.66.58
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ce1.uicdn.net/exos/fonts/open-sans/opensans-bold.woff
Requested by: Host: gorukana.org
URL: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/img/ionos.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 213.165.66.58 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: ce1.uicdn.net
Software: Apache /
Resource Hash: 7d7a1a8ec55f31a6674fd2e2c41bcc6421a9aeb5cf161c6e93363f31347160f9

Request headers

Referer: https://gorukana.org/
Origin: https://gorukana.org
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 20:07:51 GMT
last-modified: Tue, 12 Jun 2018 09:26:07 GMT
server: Apache
x-cache-status: HIT
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 63564
expires: Wed, 03 Jul 2024 11:30:08 GMT

GET
H2 200 overpass-bold.woff
ce1.uicdn.net/exos/fonts/overpass/ 41 KB
41 KB 1291ms
804ms Font
application/font-woff 213.165.66.58
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ce1.uicdn.net/exos/fonts/overpass/overpass-bold.woff
Requested by: Host: gorukana.org
URL: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/img/ionos.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 213.165.66.58 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: ce1.uicdn.net
Software: Apache /
Resource Hash: 7afccd9150b0fcbf1a1056e6cc6051c9b6d85a55da7bf1a7fb0f475c0b22facc

Request headers

Referer: https://gorukana.org/
Origin: https://gorukana.org
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 20:07:51 GMT
last-modified: Tue, 12 Jun 2018 09:26:06 GMT
server: Apache
x-cache-status: HIT
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 42092
expires: Wed, 03 Jul 2024 11:30:12 GMT

GET
H2

404

false
www.gorukana.org/wp-content/uploads/2019/02/wkeirg/
Redirect Chain

https://gorukana.org/wp-content/uploads/2019/02/wkeirg/false
https://www.gorukana.org/wp-content/uploads/2019/02/wkeirg/false

0
0

289ms
288ms

Stylesheet
text/html

43.255.154.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gorukana.org/wp-content/uploads/2019/02/wkeirg/false
Protocol: H2
Server: 43.255.154.58 , Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 58.154.255.43.host.secureserver.net
Software: /
Resource Hash

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://gorukana.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Redirect headers

date: Wed, 12 Jul 2023 20:07:52 GMT
content-encoding: br
server: Apache
x-powered-by: PHP/8.0.28
x-redirect-by: WordPress
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://www.gorukana.org/wp-content/uploads/2019/02/wkeirg/false
cache-control: no-cache, must-revalidate, max-age=0, private, must-revalidate
content-length: 1
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 status.json Show response
4tdc8ll7wtnf.statuspage.io/api/v2/ 227 B
717 B 584ms
235ms XHR
application/json 13.236.8.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://4tdc8ll7wtnf.statuspage.io/api/v2/status.json

Requested by

Host: gorukana.org
URL: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/img/statuspage.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

13.236.8.150 Sydney, Australia, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-236-8-150.ap-southeast-2.compute.amazonaws.com

Software

Resource Hash

cf1c48cafe868209b21afdc17e1e3a9536961d7a9150a00573193f699bffa4c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=259200
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://gorukana.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=259200
date: Wed, 12 Jul 2023 20:07:52 GMT
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
age: 305
x-statuspage-skip-logging: true
x-cache: HIT
x-statuspage-version: 706ab220cfcfff75380c04577e36c123bb17141f
content-length: 227
x-xss-protection: 1; mode=block
x-request-id: 62655d5c-1879-43d1-b5c9-1907e43ef070
x-runtime: 0.033787
referrer-policy: strict-origin-when-cross-origin
etag: W/"cf1c48cafe868209b21afdc17e1e3a95"
x-download-options: noopen
vary: Accept,Accept-Encoding,Fastly-SSL
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
x-pollinator-metadata-service: status-page-web-pages

GET
H2 200 active.json Show response
4tdc8ll7wtnf.statuspage.io/api/v2/scheduled-maintenances/ 185 B
305 B 585ms
237ms XHR
application/json 13.236.8.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://4tdc8ll7wtnf.statuspage.io/api/v2/scheduled-maintenances/active.json

Requested by

Host: gorukana.org
URL: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/img/statuspage.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

13.236.8.150 Sydney, Australia, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-236-8-150.ap-southeast-2.compute.amazonaws.com

Software

Resource Hash

7259c09012cab1b43316024ba336cd0a098942f34ad3855587aaaf7f4f1bad9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=259200
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://gorukana.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=259200
date: Wed, 12 Jul 2023 20:07:52 GMT
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
age: 580
x-statuspage-skip-logging: true
x-cache: HIT
x-statuspage-version: 706ab220cfcfff75380c04577e36c123bb17141f
content-length: 185
x-xss-protection: 1; mode=block
x-request-id: f8bcb609-2150-460f-9370-8780c6269fc8
x-runtime: 0.051352
referrer-policy: strict-origin-when-cross-origin
etag: W/"7259c09012cab1b43316024ba336cd0a"
x-download-options: noopen
vary: Accept,Accept-Encoding,Fastly-SSL
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
x-pollinator-metadata-service: status-page-web-pages

GET
H2 200 unresolved.json Show response
4tdc8ll7wtnf.statuspage.io/api/v2/incidents/ 172 B
291 B 584ms
236ms XHR
application/json 13.236.8.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://4tdc8ll7wtnf.statuspage.io/api/v2/incidents/unresolved.json

Requested by

Host: gorukana.org
URL: https://gorukana.org/wp-content/uploads/2019/02/wkeirg/img/statuspage.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

13.236.8.150 Sydney, Australia, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-236-8-150.ap-southeast-2.compute.amazonaws.com

Software

Resource Hash

ceecb01f457f4b48a1530f906623c90bf7a9a6e4342364336d77eadc1a278bc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=259200
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://gorukana.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=259200
date: Wed, 12 Jul 2023 20:07:52 GMT
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
age: 797
x-statuspage-skip-logging: true
x-cache: HIT
x-statuspage-version: 706ab220cfcfff75380c04577e36c123bb17141f
content-length: 172
x-xss-protection: 1; mode=block
x-request-id: d51646d4-2a7a-47bd-9f5f-f01d03aa8195
x-runtime: 0.040004
referrer-policy: strict-origin-when-cross-origin
etag: W/"ceecb01f457f4b48a1530f906623c90b"
x-download-options: noopen
vary: Accept,Accept-Encoding,Fastly-SSL
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
x-pollinator-metadata-service: status-page-web-pages

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: 1&1 Ionos (Telecommunication)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.gorukana.org/wp-content/uploads/2019/02/wkeirg/false Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4tdc8ll7wtnf.statuspage.io
ce1.uicdn.net
gorukana.org
www.gorukana.org
13.236.8.150
213.165.66.58
43.255.154.58
2e1587380141daff4e10a8e3db8f7ae5887102ab7576bff43049590f637ac20b
35538b399f40d6db114f64b970fb8a612d88d833906f95f4cb8675c0277ecfb3
7259c09012cab1b43316024ba336cd0a098942f34ad3855587aaaf7f4f1bad9f
7afccd9150b0fcbf1a1056e6cc6051c9b6d85a55da7bf1a7fb0f475c0b22facc
7d7a1a8ec55f31a6674fd2e2c41bcc6421a9aeb5cf161c6e93363f31347160f9
8039fa7e658abaa1a484042391d70143fa581e2535340fd6901585666ef945b0
95e0e12385d279dc8adc22b273f15941c262599488aad11f53f8a1e4d792f86e
9d27c279b8aef5083f4720d71b79ba18519d3f924955d7338932a5252555b669
a2324d78fa23878b6ad03de16af33e37576a1b76e1d722c3822f8099ea17f9c0
ad27b53b0b4d238ea74413855661d956cf0496adaf914e94c1c1de9f3c42faad
b1443e9afa15923dcc1ead15a6091cddc3f8ba6dd35a9450f98b3e8376ed5bf2
c8e1724edab4d29c68d698c71f04db98774a5ba4fb432e4d37bfb0beecdac987
ceecb01f457f4b48a1530f906623c90bf7a9a6e4342364336d77eadc1a278bc3
cf1c48cafe868209b21afdc17e1e3a9536961d7a9150a00573193f699bffa4c7
d78e7ad4838a9fb4db11451b1db78ccd0b0c7b28f5787684ce2870918ce27bb5
dafc5a93b286021e4744e5eba24a0cdb5271fe76d975805d12fb114662656569

gorukana.org Open in urlscan Pro 43.255.154.58 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

16 Requests

94 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

4 IPs

3 Countries

376 kBTransfer

781 kBSize

0 Cookies

1 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

15 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

gorukana.org Open in urlscan Pro
43.255.154.58 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

94 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

4
IPs

3
Countries

376 kB
Transfer

781 kB
Size

0
Cookies

16 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!