www.vacations4lovers.com Open in urlscan Pro
192.185.28.103 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.vacations4lovers.com/cg/rich/gdoc.html
Submission: On April 11 via automatic, source phishtank (April 11th 2017, 3:53:29 am UTC)

Summary HTTP 86 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 11 domains to perform 86 HTTP transactions. The main IP is 192.185.28.103, located in Houston, United States and belongs to CYRUSONE - CyrusOne LLC, US. The main domain is www.vacations4lovers.com.

This is the only time www.vacations4lovers.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

	IP Address	AS Autonomous System
56	192.185.28.103 192.185.28.103	20013 (CYRUSONE) (CYRUSONE - CyrusOne LLC)
1	2a00:1450:400... 2a00:1450:400e:802::200a	15169 (GOOGLE) (GOOGLE - Google Inc.)
9	192.185.27.96 192.185.27.96	20013 (CYRUSONE) (CYRUSONE - CyrusOne LLC)
6	2a00:1450:400... 2a00:1450:400e:809::2002	15169 (GOOGLE) (GOOGLE - Google Inc.)
2	198.232.125.123 198.232.125.123	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
4	2a00:1450:400... 2a00:1450:400e:802::200e	15169 (GOOGLE) (GOOGLE - Google Inc.)
2	2a00:1450:400... 2a00:1450:400e:802::2003	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	78.111.97.28 78.111.97.28	42910 (EQUINIX-T...) (EQUINIX-TURKEY-INTERNET-HIZMETLERI-ANONIM-SIRKETI Equinix Turkey)
86	9

56 192.185.28.103 (Houston, United States)

ASN20013 (CYRUSONE - CyrusOne LLC, US)
PTR: adecconsultants.com

www.vacations4lovers.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vacations4lovers.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400e:802::200a (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 192.185.27.96 (Houston, United States)

ASN20013 (CYRUSONE - CyrusOne LLC, US)
PTR: 192-185-27-96.unifiedlayer.com

exploradc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:400e:809::2002 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.232.125.123 (Los Angeles, United States)

ASN3257 (GTT-BACKBONE GTT, DE)
PTR: 123-125-232-198.static.unitasglobal.net

netdna.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400e:802::200e (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400e:802::2003 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 78.111.97.28 (Turkey)

ASN42910 (EQUINIX-TURKEY-INTERNET-HIZMETLERI-ANONIM-SIRKETI Equinix Turkey, TR)
PTR: mail.ftcyazilim.com.tr

bogazicitemizlik.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
56	vacations4lovers.com www.vacations4lovers.com vacations4lovers.com	457 KB
9	exploradc.com exploradc.com	50 KB
6	googlesyndication.com pagead2.googlesyndication.com	169 KB
2	gstatic.com fonts.gstatic.com	31 KB
2	google-analytics.com www.google-analytics.com	16 KB
2	bootstrapcdn.com netdna.bootstrapcdn.com	10 KB
1	bogazicitemizlik.com bogazicitemizlik.com	1 KB
1	ytimg.com s.ytimg.com	9 KB
1	youtube.com www.youtube.com	739 B
1	googleapis.com fonts.googleapis.com	2 KB
0	doubleclick.net Failed googleads.g.doubleclick.net Failed
86	11

	Domain	Requested by
41	vacations4lovers.com	www.vacations4lovers.com vacations4lovers.com
15	www.vacations4lovers.com	www.vacations4lovers.com
9	exploradc.com	vacations4lovers.com www.vacations4lovers.com
6	pagead2.googlesyndication.com	vacations4lovers.com pagead2.googlesyndication.com
2	fonts.gstatic.com	vacations4lovers.com
2	www.google-analytics.com	vacations4lovers.com
2	netdna.bootstrapcdn.com	vacations4lovers.com
1	bogazicitemizlik.com
1	s.ytimg.com	www.youtube.com
1	www.youtube.com	vacations4lovers.com
1	fonts.googleapis.com	vacations4lovers.com
0	googleads.g.doubleclick.net Failed	pagead2.googlesyndication.com
86	12

This site contains links to these domains. Also see Links.

Domain
www.google.com
support.google.com

Subject Issuer	Validity	Valid
*.google-analytics.com Google Internet Authority G2	`2017-03-29` - `2017-06-21`	3 months	crt.sh
*.googleusercontent.com Google Internet Authority G2	`2017-03-29` - `2017-06-21`	3 months	crt.sh

This page contains 7 frames:

Primary Page: http://www.vacations4lovers.com/cg/rich/gdoc.html
Frame ID: 1779.1
Requests: 18 HTTP requests in this frame

Frame: http://vacations4lovers.com/cg/rich/Docs_File/index_1.htm
Frame ID: 1779.2
Requests: 62 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20170403/r20170110/zrt_lookup.html
Frame ID: 1779.4
Requests: 1 HTTP requests in this frame

Frame: http://pagead2.googlesyndication.com/pagead/js/r20170403/r20170110/show_ads_impl.js
Frame ID: 1779.3
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4667276136900916&format=300x250&output=html&h=250&slotname=2645407986&adk=3800601988&adf=2451092165&w=300&lmt=1491882796&avail_w=280&flash=25.0.0&url=http%3A%2F%2Fvacations4lovers.com%2Fcg%2Frich%2FDocs_File%2Findex_1.htm&wgl=1&dt=1491882795958&bpp=16&bdt=5623&fdt=18&idt=73&shv=r20170403&cbv=r20170110&saldr=aa&correlator=667650759156&frm=22&ga_vid=421964164.1491882796&ga_sid=1491882796&ga_hid=1835879692&ga_fc=0&pv=2&iag=12&icsg=2&nhd=2&dssz=2&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=5&u_nmime=7&adx=15&ady=1364&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=1200350222&eid=575144605&oid=3&top=http%3A%2F%2Fwww.vacations4lovers.com%2Fcg%2Frich%2Fgdoc.html&rx=0&eae=0&brdim=1%2C67%2C1%2C67%2C1600%2C0%2C1598%2C1132%2C0%2C0&vis=2&rsz=%7C%7CcoeE%7C&abl=NS&ppjl=u&pfx=0&fu=16&bc=1&ifi=1&xpc=IVUmRwhTVt&p=http%3A//vacations4lovers.com&dtd=93
Frame ID: 1779.6
Requests: 1 HTTP requests in this frame

Frame: http://pagead2.googlesyndication.com/pagead/js/r20170403/r20170110/show_ads_impl.js
Frame ID: 1779.5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4667276136900916&format=300x250&output=html&h=250&slotname=2645407986&adk=1776733430&adf=4161877520&w=300&lmt=1491882797&avail_w=280&flash=25.0.0&url=http%3A%2F%2Fvacations4lovers.com%2Fcg%2Frich%2FDocs_File%2Findex_1.htm&wgl=1&dt=1491882795976&bpp=7&bdt=5641&fdt=1326&idt=1343&shv=r20170403&cbv=r20170110&saldr=aa&prev_fmts=300x250&correlator=667650759156&frm=22&ga_vid=421964164.1491882796&ga_sid=1491882796&ga_hid=1835879692&ga_fc=0&pv=1&iag=12&icsg=2&nhd=2&dssz=2&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=5&u_nmime=7&adx=15&ady=1678&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=1200350222&eid=575144605&oid=3&top=http%3A%2F%2Fwww.vacations4lovers.com%2Fcg%2Frich%2Fgdoc.html&rx=0&eae=0&brdim=1%2C67%2C1%2C67%2C1600%2C0%2C1598%2C1132%2C0%2C0&vis=2&rsz=%7C%7CcoeE%7C&abl=NS&ppjl=u&pfx=0&fu=16&bc=1&ifi=2&xpc=3ZnvbPZvAE&p=http%3A//vacations4lovers.com&dtd=1358
Frame ID: 1779.7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

86
Requests

5 %
HTTPS

50 %
IPv6

11
Domains

12
Subdomains

9
IPs

3
Countries

745 kB
Transfer

1906 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.google.com/intl/en/policies/privacy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: http://support.google.com/drive/?hl=en&p=download_drive
Title: Help

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request 14

http://www.vacations4lovers.com/cg/rich/Docs_File/index_1.htm
http://vacations4lovers.com/cg/rich/Docs_File/index_1.htm

Request 15

http://www.vacations4lovers.com/cg/rich/Docs_File/cjzkeoubrn4kerxqtauh3t8e0i7kzn-epnyo3hzu7kw.woff
http://vacations4lovers.com/cg/rich/Docs_File/cjzkeoubrn4kerxqtauh3t8e0i7kzn-epnyo3hzu7kw.woff

Request 16

http://www.vacations4lovers.com/cg/rich/Docs_File/mtp_ysujh_bn48vbg8snsnhcuogz7vygh680lgh-uxm.woff
http://vacations4lovers.com/cg/rich/Docs_File/mtp_ysujh_bn48vbg8snsnhcuogz7vygh680lgh-uxm.woff

Request 51

http://www.google-analytics.com/ga.js
https://www.google-analytics.com/ga.js

Request 56

http://www.google-analytics.com/r/__utm.gif?utmwv=5.6.7&utms=1&utmn=253989948&utmhn=vacations4lovers.com&utmcs=UTF-8&utmsr=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=25.0%20r0&utmdt=Page%20no...
https://www.google-analytics.com/r/__utm.gif?utmwv=5.6.7&utms=1&utmn=253989948&utmhn=vacations4lovers.com&utmcs=UTF-8&utmsr=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=25.0%20r0&utmdt=Page%20n...

86 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request gdoc.html Show response
www.vacations4lovers.com/cg/rich/ 20 KB
5 KB 356ms
126ms Document
text/html 192.185.28.103
CyrusOne LLC

General

www.vacations4lovers.com Open in urlscan Pro 192.185.28.103 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

86 Requests

5 %HTTPS

50 %IPv6

11 Domains

12 Subdomains

9 IPs

3 Countries

745 kBTransfer

1906 kBSize

1 Cookies

2 Outgoing links

Redirected requests

86 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.vacations4lovers.com Open in urlscan Pro
192.185.28.103 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

86
Requests

5 %
HTTPS

50 %
IPv6

11
Domains

12
Subdomains

9
IPs

3
Countries

745 kB
Transfer

1906 kB
Size

1
Cookies

86 HTTP transactions
0 data transactions