67.157.159.212
Open in
urlscan Pro
67.157.159.212
Malicious Activity!
Public Scan
Submission: On December 06 via manual from US
Summary
This is the only time 67.157.159.212 was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: US Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
16 | 67.157.159.212 67.157.159.212 | 1226 (CTA-42-AS...) (CTA-42-AS1226 - California Technology Agency) | |
1 | 2a00:1450:400... 2a00:1450:4001:821::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
2 | 2a00:1450:400... 2a00:1450:4001:81f::200e | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
19 | 3 |
ASN1226 (CTA-42-AS1226 - California Technology Agency, US)
PTR: dawg.energy.ca.gov
67.157.159.212 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
google-analytics.com
www.google-analytics.com |
17 KB |
1 |
googleapis.com
ajax.googleapis.com |
83 KB |
19 | 2 |
Domain | Requested by | |
---|---|---|
2 | www.google-analytics.com |
67.157.159.212
|
1 | ajax.googleapis.com |
67.157.159.212
|
19 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
energy.ca.gov |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.google-analytics.com Google Internet Authority G3 |
2018-11-07 - 2019-01-30 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://67.157.159.212/user/password
Frame ID: 1408F698F3FC410438B858EE6E0B8C18
Requests: 19 HTTP requests in this frame
Screenshot
Detected technologies
Drupal (CMS) ExpandDetected patterns
- meta generator /Drupal(?:\s([\d.]+))?/i
- headers expires /19 Nov 1978/i
- env /^Drupal$/i
PHP (Programming Languages) Expand
Detected patterns
- headers server /php\/?([\d.]+)?/i
- meta generator /Drupal(?:\s([\d.]+))?/i
- headers expires /19 Nov 1978/i
- env /^Drupal$/i
Red Hat (Operating Systems) Expand
Detected patterns
- headers server /Red Hat/i
OpenSSL (Web Server Extensions) Expand
Detected patterns
- headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
- env /^gaGlobal$/i
Modernizr (JavaScript Libraries) Expand
Detected patterns
- env /^Modernizr$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Accessibility
Search URL Search Domain Scan URL
Title: Conditions of Use
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
password
67.157.159.212/user/ |
18 KB 18 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css_lQaZfjVpwP_oGNqdtWCSpJT1EMqXdMiU84ekLLxQnc4.css
67.157.159.212/sites/default/files/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css_DEdq-tfqexgWPHdPppvF2qYyZ1ALLjO4JCd7W6LtUbE.css
67.157.159.212/sites/default/files/css/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css_PGbJgHCUCBf4dg7K9Kt8aAwsApndP4GZ9RuToPy3-Fk.css
67.157.159.212/sites/default/files/css/ |
494 B 732 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css_UoYFm0eqrlVZ3bu95ouO4ZblyTjutQ6fw52LcC7gvg4.css
67.157.159.212/sites/default/files/css/ |
313 KB 46 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
ajax.googleapis.com/ajax/libs/jquery/1.11.2/ |
278 KB 83 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js_vSmhpx_T-AShyt_WMW5_TcwwxJP1imoVOa8jvwL_mxE.js
67.157.159.212/sites/default/files/js/ |
23 KB 8 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js_gPqjYq7fqdMzw8-29XWQIVoDSWTmZCGy9OqaHppNxuQ.js
67.157.159.212/sites/default/files/js/ |
6 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js_pnRW_DCIaB4sCGMzsZUVr401PD0RvSHw9HOiimp4B3o.js
67.157.159.212/sites/default/files/js/ |
16 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header-ca.gov_.png
67.157.159.212/sites/default/files/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header-organization.png
67.157.159.212/sites/all/themes/cagov4/images/ |
30 KB 31 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js_L89trsWBAChxjnvhVzUc12iU3f-HntCqU7xJ1LE7T3A.js
67.157.159.212/sites/default/files/js/ |
211 KB 48 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
analytics.js
www.google-analytics.com/ |
43 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2column-bg.png
67.157.159.212/sites/all/themes/cagov4/images/template2014/santabarbara/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
announcement-calendar.png
67.157.159.212/sites/all/themes/cagov4/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nav-down-arrow.png
67.157.159.212/sites/all/themes/cagov4/images/template2014/ |
798 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DAWG%20Banner_150dpi.jpg
67.157.159.212/sites/default/files/images/template2014/ |
91 KB 91 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
CaGov.woff
67.157.159.212/sites/all/themes/cagov4/fonts/ |
62 KB 63 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
collect
www.google-analytics.com/r/ |
35 B 111 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: US Government (Government)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| $ function| jQuery object| Drupal object| jQuery111205999000987678946 string| GoogleAnalyticsObject function| ga object| Modernizr object| respond function| yepnope object| google_tag_data object| gaplugins object| gaGlobal object| gaData4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
67.157.159.212/ | Name: _gid Value: GA1.1.440029966.1544127548 |
|
67.157.159.212/ | Name: _ga Value: GA1.1.61622234.1544127548 |
|
67.157.159.212/ | Name: _gat Value: 1 |
|
67.157.159.212/ | Name: has_js Value: 1 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff nosniff |
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
www.google-analytics.com
2a00:1450:4001:81f::200e
2a00:1450:4001:821::200a
67.157.159.212
0c476afad7ea7b18163c774fa69bc5daa63267500b2e33b824277b5ba2ed51b1
14fb8ac09f9f5865578ac8d268d7a4802e9dd631a83be2888e1b6d1caa94b7fe
2fcf6daec5810028718e7be157351cd76894ddff879ed0aa53bc49d4b13b4f70
3c66c98070940817f8760ecaf4ab7c680c2c0299dd3f8199f51b93a0fcb7f859
5286059b47aaae5559ddbbbde68b8ee196e5c938eeb50e9fc39d8b702ee0be0e
58c27035b7a2e589df397e5d7e05424b90b8c1aaaf73eff47d5ed6daecb70f25
80faa362aedfa9d333c3cfb6f57590215a034964e66421b2f4ea9a1e9a4dc6e4
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
914814af082c8a4d08fb4505fa222b898bbfa0b7b058d54847dfa695d4891478
9506997e3569c0ffe818da9db56092a494f510ca9774c894f387a42cbc509dce
a67456fc3088681e2c086333b19515af8d353c3d11bd21f0f473a28a6a78077a
a8c12e55886e9d355e00e1c6489dcb9356dca141bdf0e3af9326b82fd772538a
abe4edc8768700c804651cd8a8e2ecd03f1e63de07ea14cdc93f7bfe0d694233
b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255
bd29a1a71fd3f804a1cadfd6316e7f4dcc30c493f58a6a1539af23bf02ff9b11
c02d287ea197fe6b410f2a1b1ce7b49851524637d730036397f387f54fe6a55d
f2af66415bb61e8f4f27140240d8f350728296bd4047b4aa712551beceb6253c
f52fa3b04cc7bf896feba9a469afeee09cfb1568caca9aab0b7599c30a370b5c
fcde700f9e7dd55ddae140848779db15faecf7f06486d5f9baa9a0102d1f6683