accountsgoogledrive.com.madrigueraagency.com Open in urlscan Pro
192.185.39.247 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php
Effective URL:
https://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php
Submission: On November 20 via automatic, source openphish (November 20th 2024, 1:27:57 pm UTC) — Scanned from DE

Summary HTTP 9 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 192.185.39.247, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is accountsgoogledrive.com.madrigueraagency.com.
TLS certificate: Issued by R11 on November 19th 2024. Valid for: 3 months.

This is the only time accountsgoogledrive.com.madrigueraagency.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

	IP Address		AS Autonomous System
9	192.185.39.247 192.185.39.247		19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
9	2

9 192.185.39.247 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: mail.berkeleybuddhistpriory.org

accountsgoogledrive.com.madrigueraagency.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	madrigueraagency.com accountsgoogledrive.com.madrigueraagency.com	72 KB
9	1

	Domain	Requested by
9	accountsgoogledrive.com.madrigueraagency.com	accountsgoogledrive.com.madrigueraagency.com
9	1

This site contains links to these domains. Also see Links.

Domain
support.
www.

Subject Issuer	Validity	Valid
cpcalendars.accountsgoogledrive.com R11	`2024-11-19` - `2025-02-17`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php
Frame ID: 853E068F0BE29398BEE0A2B7C43092A7
Requests: 9 HTTP requests in this frame

Frame: https://accountsgoogledrive.com.madrigueraagency.com/Gmail2_files/CheckConnection.html
Frame ID: 587AB2FC745B3DB5F6BE20A9387D6F5F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Gmail

Page URL History Show full URLs

http://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php HTTP 307
https://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php Page URL

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

72 kB
Transfer

165 kB
Size

1
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://support./###/accounts/?p=securesignin&hl=en
Title: Learn more

Search URL Search Domain Scan URL

URL: https://www./###/intl/en/about
Title: About Google

Search URL Search Domain Scan URL

URL: http://www./###/support/accounts?hl=en
Title: Help

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php HTTP 307
https://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request accounts.gmail.php Show response accountsgoogledrive.com.madrigueraagency.com/ Redirect Chain http://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php https://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php	152 KB 59 KB	1218ms 228ms	Document text/html	192.185.39.247 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Full URL https://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.39.247 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS mail.berkeleybuddhistpriory.org Software Apache / Resource Hash `d484b4a8b0cf5acf0ddbf4eefd9d7f43cc6ac8773e069f67aba3df35c14e29ec` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers cache-control no-store, no-cache, must-revalidate content-encoding gzip content-type text/html; charset=UTF-8 date Wed, 20 Nov 2024 13:27:53 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server Apache vary Accept-Encoding Redirect headers Location https://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php Non-Authoritative-Reason HttpsUpgrades
GET H2	200	arrow_back_grey600_24dp.png accountsgoogledrive.com.madrigueraagency.com/Gmail2_files/	115 B 180 B	112ms 112ms	Image image/png	192.185.39.247 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Show image Full URL https://accountsgoogledrive.com.madrigueraagency.com/Gmail2_files/arrow_back_grey600_24dp.png Requested by Host: accountsgoogledrive.com.madrigueraagency.com URL: https://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.39.247 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS mail.berkeleybuddhistpriory.org Software Apache / Resource Hash `21c7180c568bf115a0784629a8e5575103007f66ab2b964ab1d7f3290f5ab370` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php Response headers accept-ranges bytes content-length 115 date Wed, 20 Nov 2024 13:27:53 GMT last-modified Tue, 21 Mar 2017 15:26:07 GMT content-type image/png server Apache
GET H2	200	universal_language_settings-21.png accountsgoogledrive.com.madrigueraagency.com/Gmail2_files/	199 B 229 B	113ms 112ms	Image image/png	192.185.39.247 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Show image Full URL https://accountsgoogledrive.com.madrigueraagency.com/Gmail2_files/universal_language_settings-21.png Requested by Host: accountsgoogledrive.com.madrigueraagency.com URL: https://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.39.247 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS mail.berkeleybuddhistpriory.org Software Apache / Resource Hash `59404af2d92c53ad1ee9e21b252c07c77dcba810b248a79d6ae989b1ff63c7d6` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php Response headers accept-ranges bytes content-length 199 date Wed, 20 Nov 2024 13:27:53 GMT last-modified Tue, 21 Mar 2017 15:26:07 GMT content-type image/png server Apache
GET H2	404	CheckConnection.html Show response accountsgoogledrive.com.madrigueraagency.com/Gmail2_files/ Frame 587A	746 B 525 B	117ms 117ms	Document text/html	192.185.39.247 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Full URL https://accountsgoogledrive.com.madrigueraagency.com/Gmail2_files/CheckConnection.html Requested by Host: accountsgoogledrive.com.madrigueraagency.com URL: https://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.39.247 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS mail.berkeleybuddhistpriory.org Software Apache / Resource Hash `63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666` Request headers Referer https://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers accept-ranges bytes content-encoding gzip content-length 462 content-type text/html date Wed, 20 Nov 2024 13:27:53 GMT last-modified Sun, 19 Jun 2022 19:38:17 GMT server Apache vary Accept-Encoding
GET H2	200	glogo.png accountsgoogledrive.com.madrigueraagency.com/Gmail1_files/	2 KB 2 KB	115ms 115ms	Image image/png	192.185.39.247 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Show image Full URL https://accountsgoogledrive.com.madrigueraagency.com/Gmail1_files/glogo.png Requested by Host: accountsgoogledrive.com.madrigueraagency.com URL: https://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.39.247 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS mail.berkeleybuddhistpriory.org Software Apache / Resource Hash `9ecd5e18216a965021f794cc1fd255767f8437ce1dd6c6c2ff4ceea7ccc0073d` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php Response headers accept-ranges bytes content-length 2449 date Wed, 20 Nov 2024 13:27:53 GMT last-modified Tue, 21 Mar 2017 15:26:07 GMT content-type image/png server Apache
GET H2	200	img1.png accountsgoogledrive.com.madrigueraagency.com/Gmail2_files/	3 KB 3 KB	114ms 114ms	Image image/png	192.185.39.247 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Show image Full URL https://accountsgoogledrive.com.madrigueraagency.com/Gmail2_files/img1.png Requested by Host: accountsgoogledrive.com.madrigueraagency.com URL: https://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.39.247 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS mail.berkeleybuddhistpriory.org Software Apache / Resource Hash `c90965fce806c5b9ac57f0c4e6d9beef58aaa36c531921e290a7b28966c14942` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php Response headers accept-ranges bytes content-length 3069 date Wed, 20 Nov 2024 13:27:53 GMT last-modified Tue, 21 Mar 2017 15:26:07 GMT content-type image/png server Apache
GET DATA	200 OK	truncated /	284 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `fc6e1e44fce24fcda33dfd0e0a05a77004b3cd1d81018e9616d6e4145145d0b9` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png
GET H2	404	JsRemoteLog Show response accountsgoogledrive.com.madrigueraagency.com/accounts/	746 B 494 B	121ms 121ms	XHR text/html	192.185.39.247 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Full URL https://accountsgoogledrive.com.madrigueraagency.com/accounts/JsRemoteLog?module=check_connection&type=ERROR&msg=Uncatched%20exception%3A%20Unsupported%20URL%20Exception%3A%20https%3A%2F%2Faccounts.youtube.com%2Faccounts%2FCheckConnection%3Fpmpo%3Dhttps%253A%252F%252Faccounts.%23%23%23%26v%3D-340325501&r=5982 Requested by Host: accountsgoogledrive.com.madrigueraagency.com URL: https://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.39.247 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS mail.berkeleybuddhistpriory.org Software Apache / Resource Hash `63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php Response headers content-encoding gzip accept-ranges bytes content-length 462 date Wed, 20 Nov 2024 13:27:53 GMT last-modified Sun, 19 Jun 2022 19:38:17 GMT vary Accept-Encoding server Apache content-type text/html
GET H2	200	accounts.gmail.php accountsgoogledrive.com.madrigueraagency.com/	5 KB 5 KB	134ms 134ms	Image text/html	192.185.39.247 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Show image Full URL https://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.39.247 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS mail.berkeleybuddhistpriory.org Software Apache / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php Response headers cache-control no-store, no-cache, must-revalidate content-encoding gzip pragma no-cache expires Thu, 19 Nov 1981 08:52:00 GMT date Wed, 20 Nov 2024 13:27:53 GMT content-type text/html; charset=UTF-8 vary Accept-Encoding server Apache
GET H2	404	favicon.ico accountsgoogledrive.com.madrigueraagency.com/	746 B 494 B	120ms 120ms	Other text/html	192.185.39.247 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Full URL https://accountsgoogledrive.com.madrigueraagency.com/favicon.ico Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.39.247 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS mail.berkeleybuddhistpriory.org Software Apache / Resource Hash `63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php Response headers content-encoding gzip accept-ranges bytes content-length 462 date Wed, 20 Nov 2024 13:27:53 GMT last-modified Sun, 19 Jun 2022 19:38:17 GMT vary Accept-Encoding server Apache content-type text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

385 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			accountsgoogledrive.com.madrigueraagency.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 56d1409184b2c9ac24081770722fabd9

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	warning	URL: https://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php#identifier Message: [DOM] Found 2 elements with non-unique id #history_state0: (More info: https://goo.gl/9p2vKq) %o %o
recommendation	verbose	URL: https://accountsgoogledrive.com.madrigueraagency.com/accounts.gmail.php#identifier Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://accountsgoogledrive.com.madrigueraagency.com/Gmail2_files/CheckConnection.html Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://accountsgoogledrive.com.madrigueraagency.com/accounts/JsRemoteLog?module=check_connection&type=ERROR&msg=Uncatched%20exception%3A%20Unsupported%20URL%20Exception%3A%20https%3A%2F%2Faccounts.youtube.com%2Faccounts%2FCheckConnection%3Fpmpo%3Dhttps%253A%252F%252Faccounts.%23%23%23%26v%3D-340325501&r=5982 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://accountsgoogledrive.com.madrigueraagency.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accountsgoogledrive.com.madrigueraagency.com
192.185.39.247
21c7180c568bf115a0784629a8e5575103007f66ab2b964ab1d7f3290f5ab370
59404af2d92c53ad1ee9e21b252c07c77dcba810b248a79d6ae989b1ff63c7d6
63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666
9ecd5e18216a965021f794cc1fd255767f8437ce1dd6c6c2ff4ceea7ccc0073d
c90965fce806c5b9ac57f0c4e6d9beef58aaa36c531921e290a7b28966c14942
d484b4a8b0cf5acf0ddbf4eefd9d7f43cc6ac8773e069f67aba3df35c14e29ec
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fc6e1e44fce24fcda33dfd0e0a05a77004b3cd1d81018e9616d6e4145145d0b9

accountsgoogledrive.com.madrigueraagency.com Open in urlscan Pro 192.185.39.247 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

9 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

72 kBTransfer

165 kBSize

1 Cookies

3 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

385 JavaScript Global Variables

1 Cookies

5 Console Messages

Indicators

accountsgoogledrive.com.madrigueraagency.com Open in urlscan Pro
192.185.39.247 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

72 kB
Transfer

165 kB
Size

1
Cookies

9 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!