gorukana.org
Open in
urlscan Pro
43.255.154.58
Malicious Activity!
Public Scan
Submission: On July 12 via automatic, source openphish — Scanned from SG
Summary
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on June 17th 2023. Valid for: 3 months.
This is the only time gorukana.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: 1&1 Ionos (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 9 | 43.255.154.58 43.255.154.58 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
5 | 213.165.66.58 213.165.66.58 | 8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS) | |
3 | 13.236.8.150 13.236.8.150 | 16509 (AMAZON-02) (AMAZON-02) | |
16 | 4 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: 58.154.255.43.host.secureserver.net
gorukana.org | |
www.gorukana.org |
ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: ce1.uicdn.net
ce1.uicdn.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-13-236-8-150.ap-southeast-2.compute.amazonaws.com
4tdc8ll7wtnf.statuspage.io |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
gorukana.org
1 redirects
gorukana.org www.gorukana.org |
117 KB |
5 |
uicdn.net
ce1.uicdn.net — Cisco Umbrella Rank: 180807 |
258 KB |
3 |
statuspage.io
4tdc8ll7wtnf.statuspage.io — Cisco Umbrella Rank: 350451 |
1 KB |
16 | 3 |
Domain | Requested by | |
---|---|---|
8 | gorukana.org |
1 redirects
gorukana.org
|
5 | ce1.uicdn.net |
gorukana.org
|
3 | 4tdc8ll7wtnf.statuspage.io |
gorukana.org
|
1 | www.gorukana.org | |
16 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.ionos-status.de |
Subject Issuer | Validity | Valid | |
---|---|---|---|
gorukana.org ZeroSSL RSA Domain Secure Site CA |
2023-06-17 - 2023-09-15 |
3 months | crt.sh |
ce1.uicdn.net GeoTrust RSA CA 2018 |
2023-03-03 - 2024-04-02 |
a year | crt.sh |
*.statuspage.io DigiCert TLS RSA SHA256 2020 CA1 |
2022-08-08 - 2023-08-22 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://gorukana.org/wp-content/uploads/2019/02/wkeirg/index.php?id=re
Frame ID: A06FED52B56B68BFD45697F390070EFE
Requests: 17 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
Title: Alle Systeme funktional
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 12- https://gorukana.org/wp-content/uploads/2019/02/wkeirg/false HTTP 301
- https://www.gorukana.org/wp-content/uploads/2019/02/wkeirg/false
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.php
gorukana.org/wp-content/uploads/2019/02/wkeirg/ |
18 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ionos.css
gorukana.org/wp-content/uploads/2019/02/wkeirg/img/ |
182 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.css
gorukana.org/wp-content/uploads/2019/02/wkeirg/img/ |
15 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
navigation.css
gorukana.org/wp-content/uploads/2019/02/wkeirg/img/ |
132 KB 31 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
statuspage.css
gorukana.org/wp-content/uploads/2019/02/wkeirg/img/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email-marketing.svg
gorukana.org/wp-content/uploads/2019/02/wkeirg/img/ |
9 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
statuspage.js
gorukana.org/wp-content/uploads/2019/02/wkeirg/img/ |
162 KB 47 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-regular.woff
ce1.uicdn.net/exos/fonts/open-sans/ |
62 KB 63 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
320 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
exos-icon-font.woff
ce1.uicdn.net/exos/icons/ |
50 KB 50 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
overpass-regular.woff
ce1.uicdn.net/exos/fonts/overpass/ |
42 KB 42 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-bold.woff
ce1.uicdn.net/exos/fonts/open-sans/ |
62 KB 62 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
overpass-bold.woff
ce1.uicdn.net/exos/fonts/overpass/ |
41 KB 41 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
false
www.gorukana.org/wp-content/uploads/2019/02/wkeirg/ Redirect Chain
|
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
status.json
4tdc8ll7wtnf.statuspage.io/api/v2/ |
227 B 717 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
active.json
4tdc8ll7wtnf.statuspage.io/api/v2/scheduled-maintenances/ |
185 B 305 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
unresolved.json
4tdc8ll7wtnf.statuspage.io/api/v2/incidents/ |
172 B 291 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: 1&1 Ionos (Telecommunication)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend object| OAO object| core object| __core-js_shared__ object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate function| Dict function| delay object| _0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
4tdc8ll7wtnf.statuspage.io
ce1.uicdn.net
gorukana.org
www.gorukana.org
13.236.8.150
213.165.66.58
43.255.154.58
2e1587380141daff4e10a8e3db8f7ae5887102ab7576bff43049590f637ac20b
35538b399f40d6db114f64b970fb8a612d88d833906f95f4cb8675c0277ecfb3
7259c09012cab1b43316024ba336cd0a098942f34ad3855587aaaf7f4f1bad9f
7afccd9150b0fcbf1a1056e6cc6051c9b6d85a55da7bf1a7fb0f475c0b22facc
7d7a1a8ec55f31a6674fd2e2c41bcc6421a9aeb5cf161c6e93363f31347160f9
8039fa7e658abaa1a484042391d70143fa581e2535340fd6901585666ef945b0
95e0e12385d279dc8adc22b273f15941c262599488aad11f53f8a1e4d792f86e
9d27c279b8aef5083f4720d71b79ba18519d3f924955d7338932a5252555b669
a2324d78fa23878b6ad03de16af33e37576a1b76e1d722c3822f8099ea17f9c0
ad27b53b0b4d238ea74413855661d956cf0496adaf914e94c1c1de9f3c42faad
b1443e9afa15923dcc1ead15a6091cddc3f8ba6dd35a9450f98b3e8376ed5bf2
c8e1724edab4d29c68d698c71f04db98774a5ba4fb432e4d37bfb0beecdac987
ceecb01f457f4b48a1530f906623c90bf7a9a6e4342364336d77eadc1a278bc3
cf1c48cafe868209b21afdc17e1e3a9536961d7a9150a00573193f699bffa4c7
d78e7ad4838a9fb4db11451b1db78ccd0b0c7b28f5787684ce2870918ce27bb5
dafc5a93b286021e4744e5eba24a0cdb5271fe76d975805d12fb114662656569