newvillaselamanya.com
Open in
urlscan Pro
45.13.133.105
Malicious Activity!
Public Scan
Submission Tags: falconsandbox
Submission: On November 03 via api from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on November 3rd 2022. Valid for: 3 months.
This is the only time newvillaselamanya.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Filetransfer.io (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
17 | 45.13.133.105 45.13.133.105 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
1 | 192.229.133.221 192.229.133.221 | 15133 (EDGECAST) (EDGECAST) | |
2 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 18.194.159.8 18.194.159.8 | 16509 (AMAZON-02) (AMAZON-02) | |
21 | 4 |
ASN47583 (AS-HOSTINGER, CY)
PTR: srv70.niagahoster.com
newvillaselamanya.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-159-8.eu-central-1.compute.amazonaws.com
gate.gopay.cz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
newvillaselamanya.com
newvillaselamanya.com |
286 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 361 |
83 KB |
1 |
gopay.cz
gate.gopay.cz |
4 KB |
1 |
w3schools.com
www.w3schools.com — Cisco Umbrella Rank: 21815 |
5 KB |
21 | 4 |
Domain | Requested by | |
---|---|---|
17 | newvillaselamanya.com |
newvillaselamanya.com
|
2 | cdnjs.cloudflare.com |
newvillaselamanya.com
|
1 | gate.gopay.cz |
newvillaselamanya.com
|
1 | www.w3schools.com |
newvillaselamanya.com
|
21 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
filetransfer.io |
zip.filetransfer.io |
palo-alto.cz |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.rbelectronics.rbshop.id R3 |
2022-11-03 - 2023-02-01 |
3 months | crt.sh |
*.w3schools.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-04-08 - 2023-05-04 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
gopay.cz Amazon |
2022-05-30 - 2023-06-28 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://newvillaselamanya.com/wp-admin/network/b739aa101m9207es937f937bl06971q927bx9ecd9400836a19740m8458dq196802g64/?e=123%40gmail.com
Frame ID: DDAEB4B6C792FBF11E6E9862709196BC
Requests: 21 HTTP requests in this frame
Screenshot
Page Title
Data package from September 14th. - FileTransfer.ioDetected technologies
Nette Framework (Web Frameworks) ExpandDetected patterns
- <div[^>]+id="snippet-
- <input[^>]+id="frm-
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery UI (JavaScript Libraries) Expand
Detected patterns
- ([\d.]+)/jquery-ui(?:\.min)?\.js
- jquery-ui.*\.js
Page Statistics
10 Outgoing links
These are links going to different origins than the main page.
Title: FileTransfer.io
Search URL Search Domain Scan URL
Title: Log in
Search URL Search Domain Scan URL
Title: Premium
Search URL Search Domain Scan URL
Title: here
Search URL Search Domain Scan URL
Title: Download data package (5.53 MB)
Search URL Search Domain Scan URL
Title: Palo Alto HiTec Solutions Czech, s.r.o.
Search URL Search Domain Scan URL
Title: Contact
Search URL Search Domain Scan URL
Title: FAQ
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Title: Enterprise
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
newvillaselamanya.com/wp-admin/network/b739aa101m9207es937f937bl06971q927bx9ecd9400836a19740m8458dq196802g64/ |
20 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
maincab4.css
newvillaselamanya.com/wp-admin/network/b739aa101m9207es937f937bl06971q927bx9ecd9400836a19740m8458dq196802g64/css/ |
232 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w3.css
www.w3schools.com/w3css/4/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/1.11.2/ |
94 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-ui.min.js
cdnjs.cloudflare.com/ajax/libs/jqueryui/1.11.4/ |
235 KB 54 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
embed.js
gate.gopay.cz/gp-gw/js/ |
7 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
preloader-primary-large.gif
newvillaselamanya.com/wp-admin/network/b739aa101m9207es937f937bl06971q927bx9ecd9400836a19740m8458dq196802g64/img/ |
19 KB 19 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
appcab4.js
newvillaselamanya.com/wp-admin/network/b739aa101m9207es937f937bl06971q927bx9ecd9400836a19740m8458dq196802g64/js/ |
384 KB 92 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
serverconn.js
newvillaselamanya.com/wp-admin/network/b739aa101m9207es937f937bl06971q927bx9ecd9400836a19740m8458dq196802g64/js/ |
7 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
background.jpg
newvillaselamanya.com/wp-admin/network/b739aa101m9207es937f937bl06971q927bx9ecd9400836a19740m8458dq196802g64/img/ |
13 KB 13 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sprite.png
newvillaselamanya.com/wp-admin/network/b739aa101m9207es937f937bl06971q927bx9ecd9400836a19740m8458dq196802g64/img/ |
41 KB 41 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sourcesanspro-regular.woff
newvillaselamanya.com/wp-admin/network/b739aa101m9207es937f937bl06971q927bx9ecd9400836a19740m8458dq196802g64/css/fonts/ |
20 KB 21 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sourcesanspro-semibold.woff
newvillaselamanya.com/wp-admin/network/b739aa101m9207es937f937bl06971q927bx9ecd9400836a19740m8458dq196802g64/css/fonts/ |
21 KB 21 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icons.woff
newvillaselamanya.com/wp-admin/network/b739aa101m9207es937f937bl06971q927bx9ecd9400836a19740m8458dq196802g64/css/fonts/ |
7 KB 7 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
background-intro.jpg
newvillaselamanya.com/wp-admin/network/b739aa101m9207es937f937bl06971q927bx9ecd9400836a19740m8458dq196802g64/img/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
preloader-inverse.gif
newvillaselamanya.com/wp-admin/network/b739aa101m9207es937f937bl06971q927bx9ecd9400836a19740m8458dq196802g64/img/ |
24 KB 24 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
preloader-primary-large.gif
newvillaselamanya.com/img/ |
2 KB 2 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
preloader-primary.gif
newvillaselamanya.com/img/ |
3 KB 3 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
preloader-alert.gif
newvillaselamanya.com/img/ |
3 KB 3 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
preloader-gray.gif
newvillaselamanya.com/img/ |
3 KB 3 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
preloader-inverse.gif
newvillaselamanya.com/img/ |
3 KB 3 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Filetransfer.io (Online)59 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery object| _gopay object| MESSAGES function| Accordion function| AjaxWatch function| Alerts function| AsyncHref function| DisableButton function| Drop function| Form function| FormOnchange function| MatchHeight function| Popup function| ProtectEmail function| Tabs function| TogglePassword function| Tooltips function| Callbacks function| PriceList function| EnterClicker function| BrowserManager function| Application function| UrlSwitcher function| selectText function| _typeof2 object| p object| t undefined| ajaxContentAddedCallback undefined| closeCallback object| bm object| app object| cb function| showUtcDatetimes object| jQuery111208131244015217511 object| Nette object| isEmail function| Main function| BeforeUnload object| Offline object| Raven function| datetime string| email undefined| ehost undefined| provider function| progressDisp function| getParm function| checkemail object| EmailField function| fastspringPopupClosed0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
gate.gopay.cz
newvillaselamanya.com
www.w3schools.com
18.194.159.8
192.229.133.221
2606:4700::6811:180e
45.13.133.105
0636eca34901c8be1c0d27d532f914b5b2716419792a488a59348ac344df0b31
0f40d5597ab8660ed014f2a4b0547d58c09be7a64d126a1b056a94a327b3a882
1067fa752e0fcdf32f0f1fdde1b82ccf0f8d724e6e10d9dac7bdb7d9e0660c2a
2ca1b629d4de68e81f8849e02cd083146c28c79470bafe91b6ca36e4455c185a
37eda3560701a1d1f2c09cb5b04fde4c71f9199bdffea4cc85a36878bc6e2ca5
3a266dee3e3a514b11a092c82a767766dcd79b0bf866d326be7c5ccae0d6d02d
4821795ef5ce22444636ff88bca38da664f14c75c8118d88526f71fe25210f69
4f3f88693b98fc27c78341fda3bdd174903d4fa1ec011b22dad2ec72781dcd89
5399fed3276bf207518083419b032b1127d88c8f55301861b70c18a736825821
7cc2a299fb636730f4b39b49ba5f323f66bbc8cb0b89b54c82352736f4023f43
86cf5a1004dcca13b15db1dddf9d69e632b7e69463a14358c7b5473afeb5f7e5
9a73e80c8cf44dbe8a3e6523eae6ee8efa86ebaf685a8abe5bcc4eef6c2bfe91
c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c
c4f2aba13970ecf8303fb9329f97c8824861569273b0aa27acce48abc61d04f5
cdd13bbacf68946b68bb10152d4529903526ced41ccc089886c49b16e83c7f38
d4ec583c7604001f87233d1fe0076cbd909f15a5f8c6b4c3f5dd81b462d79d32
dd39ab88940262d22d915298011d180bfefa9e0cd2f4503f6c4f4e5d0a342ce0
ed453010a634087addc2f08ee46c8e8be64b12fd7c5b091d871a5229a2660e45
f26065eba79db39dc4676696e1ae0378ce1677c000d54e6bc4831cc75ac47d5b