granvilk.ga
Open in
urlscan Pro
2606:4700:30::681f:4eb6
Malicious Activity!
Public Scan
Submitted URL: https://treatedaircompany.us20.list-manage.com/track/click?u=653d14a2de51609e26ae72a3e&id=563a6aed45&e=1c8ac818da
Effective URL: https://granvilk.ga/login.php?ID=login&Key=ee0d7e9a5aab89b487d002d255e74b20?referrer
Submission: On May 28 via manual from IN
Effective URL: https://granvilk.ga/login.php?ID=login&Key=ee0d7e9a5aab89b487d002d255e74b20?referrer
Submission: On May 28 via manual from IN
Summary
This website contacted 2 IPs
in 2 countries
across 3 domains to perform 18 HTTP transactions.
The main IP is 2606:4700:30::681f:4eb6, located in
United States and
belongs to CLOUDFLARENET - Cloudflare, Inc., US.
The main domain is granvilk.ga.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on May 28th 2019. Valid for: a year.
This is the only time granvilk.ga was scanned on urlscan.io!
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on May 28th 2019. Valid for: a year.
This is the only time granvilk.ga was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Adobe (Consumer)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 104.111.241.197 104.111.241.197 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
| 10 | 2606:4700:30:... 2606:4700:30::681f:4eb6 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
| 8 | 104.109.64.186 104.109.64.186 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 18 | 2 |
1
104.111.241.197
(Netherlands)
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-241-197.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-241-197.deploy.static.akamaitechnologies.com
| treatedaircompany.us20.list-manage.com |
10
2606:4700:30::681f:4eb6
(United States)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
| granvilk.ga |
8
104.109.64.186
(Netherlands)
ASN20940 (AKAMAI-ASN1, US)
PTR: a104-109-64-186.deploy.static.akamaitechnologies.com
ASN20940 (AKAMAI-ASN1, US)
PTR: a104-109-64-186.deploy.static.akamaitechnologies.com
| use.typekit.net | |
| p.typekit.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 10 |
granvilk.ga
granvilk.ga |
279 KB |
| 8 |
typekit.net
use.typekit.net p.typekit.net |
184 KB |
| 1 |
list-manage.com
1 redirects
treatedaircompany.us20.list-manage.com |
329 B |
| 18 | 3 |
| Domain | Requested by | |
|---|---|---|
| 10 | granvilk.ga |
granvilk.ga
|
| 7 | use.typekit.net |
granvilk.ga
use.typekit.net |
| 1 | p.typekit.net | |
| 1 | treatedaircompany.us20.list-manage.com | 1 redirects |
| 18 | 4 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.adobe.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-05-28 - 2020-05-28 |
a year | crt.sh |
| *.typekit.net DigiCert SHA2 Secure Server CA |
2018-07-20 - 2020-01-03 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://granvilk.ga/login.php?ID=login&Key=ee0d7e9a5aab89b487d002d255e74b20?referrer
Frame ID: 7640295B6D85F9769EB7A6819BC2C710
Requests: 18 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://treatedaircompany.us20.list-manage.com/track/click?u=653d14a2de51609e26ae72a3e&id=563a6aed45&e=1c8ac818da
HTTP 302
https://granvilk.ga/login.php?ID=login&Key=ee0d7e9a5aab89b487d002d255e74b20?referrer Page URL
Detected technologies
CloudFlare
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /cloudflare/i
Modernizr
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- env /^Modernizr$/i
SiteCatalyst
(Analytics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- env /^s_(?:account|objectID|code|INST)$/i
Typekit
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- env /^Typekit$/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- env /^jQuery$/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
URL: http://www.adobe.com/go/learn-more-enterprise-id
Title: Learn more.
Title: Learn more.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://treatedaircompany.us20.list-manage.com/track/click?u=653d14a2de51609e26ae72a3e&id=563a6aed45&e=1c8ac818da
HTTP 302
https://granvilk.ga/login.php?ID=login&Key=ee0d7e9a5aab89b487d002d255e74b20?referrer Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
login.php
granvilk.ga/ Redirect Chain
|
28 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
head.css
granvilk.ga/css/ |
46 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
spectrum_head.js
granvilk.ga/js/ |
53 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
045110ca15262c13aa37af60dbb4b51a.png
granvilk.ga/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
niceic-logo.png
granvilk.ga/img/ |
34 KB 34 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
220px-Gas_Safe_Register.svg.png
granvilk.ga/img/ |
13 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
check.png
granvilk.ga/img/ |
145 KB 145 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sprite.svg
granvilk.ga/img/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
spectrum_body.js
granvilk.ga/js/ |
151 KB 47 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
spectrum_capsindicator.js
granvilk.ga/js/ |
2 KB 1012 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ecr2zvs.js
use.typekit.net/ |
18 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
l
use.typekit.net/af/cb695f/000000000000000000017701/27/ |
29 KB 29 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
l
use.typekit.net/af/eaf09c/000000000000000000017703/27/ |
29 KB 30 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
l
use.typekit.net/af/40207f/0000000000000000000176ff/27/ |
29 KB 29 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
p.gif
p.typekit.net/ |
35 B 201 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
l
use.typekit.net/af/cb695f/000000000000000000017701/27/ |
29 KB 29 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
l
use.typekit.net/af/40207f/0000000000000000000176ff/27/ |
29 KB 29 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
l
use.typekit.net/af/eaf09c/000000000000000000017703/27/ |
29 KB 30 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Adobe (Consumer)31 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask string| special_day_char function| css_browser_selector function| Visitor function| AppMeasurement function| s_gi function| s_pgicq number| CSSBS number| CSSBS_webkit number| CSSBS_chrome number| CSSBS_mac number| CSSBS_js number| CSSBS_portrait object| Modernizr number| s_objectID number| s_giq function| initAnalytics string| toasterContainerId function| closeToaster function| getEnhancedDropdownParent function| $ function| jQuery object| _ object| IMS function| getValidatorGroups object| components object| views object| jQuery1910008800633392483492 object| Typekit0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
granvilk.ga
p.typekit.net
treatedaircompany.us20.list-manage.com
use.typekit.net
104.109.64.186
104.111.241.197
2606:4700:30::681f:4eb6
1b3a166275e0944e477e4b62d778918bf027e4fd02f48665765c9eb8054226ac
1ed84144dee819db994bc42cee7435ff4249ffd2fba4bb26f0f649c50f79b40b
38576ca6dd9cb727b19d59dc728dd4cc18b646cc6732ed07ea6fcc51d9a30aca
45a88465b9d120c0aee583d4628a0be9d203ae443d9677dca2b8c394157d2a75
683d777e2f11e4a19371359c4bf66b2d0c861aa9a561e6c257a4c49804694e35
89a1b3191136cf21fa2e62055c622b96c619c59ceb2a67a3044bac44cd1b4fcc
8b7eb699aedbbf4d04907b45f4348e6b54119a6567b4b9f1be4943ba80c5af19
8d21d3e842557ae561c62bc19a0145c9b480028fedbc9e4fe941cebafb916131
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
b97b6df8ca413ee1df0b9cc4dcccbf40bd8539ec54ede0bf9efd06cd94175e04
c93484034685e10a3f09fb2a003168f61cc0f47ae4aea65cf1df573dbef51a6e
ea64ae4966a9009c41adf50b562633e59ae7aaddabdd1b2370a04844c94555ce
f680908cd55974c4db9f4c632a7795325ecef0fa4bbbbe1374e42a88ff4cabe8
fa03c48fa6c8534ef6ebebf79551c240abb5aaaf5772955922dcd7b9720529d6
faf54779f2ed68b7c9958df85c1f0c2514ac301d5a4e17f93cdc03f1b2eb937a