theplanetnews.org Open in urlscan Pro
67.227.166.88 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://theplanetnews.org/half?loge=neeraj.menon@trilegal.com
Effective URL:
https://theplanetnews.org/half/users/userID-87569/?Key=66587448202&rand=13InboxLightaspxn.665874482021774256418&fid.4.1252...
Submission: On April 19 via manual (April 19th 2018, 9:13:01 am UTC) from GB

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 8 HTTP transactions. The main IP is 67.227.166.88, located in Lansing, United States and belongs to LIQUIDWEB - Liquid Web, L.L.C, US. The main domain is theplanetnews.org.
TLS certificate: Issued by cPanel, Inc. Certification Authority on April 3rd 2018. Valid for: 3 months.

This is the only time theplanetnews.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

	IP Address	AS Autonomous System
3 4	67.227.166.88 67.227.166.88	32244 (LIQUIDWEB) (LIQUIDWEB - Liquid Web)
1	216.58.206.10 216.58.206.10	15169 (GOOGLE) (GOOGLE - Google LLC)
6	216.58.214.99 216.58.214.99	15169 (GOOGLE) (GOOGLE - Google LLC)
8	4

4 67.227.166.88 (Lansing, United States) 3 redirects

ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US)
PTR: in3.fastwebhost.com

theplanetnews.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.206.10 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s20-in-f10.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 216.58.214.99 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s05-in-f99.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	gstatic.com fonts.gstatic.com	44 KB
4	theplanetnews.org 3 redirects theplanetnews.org	62 KB
1	googleapis.com ajax.googleapis.com	30 KB
8	3

	Domain	Requested by
6	fonts.gstatic.com	theplanetnews.org
4	theplanetnews.org	3 redirects
1	ajax.googleapis.com	theplanetnews.org
8	3

This site contains no links.

Subject Issuer	Validity	Valid
theplanetnews.org cPanel, Inc. Certification Authority	`2018-04-03` - `2018-07-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://theplanetnews.org/half/users/userID-87569/?Key=66587448202&rand=13InboxLightaspxn.665874482021774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn..1774256418&fid.1252899642&fid.1&fav.1&email=bmVlcmFqLm1lbm9uQHRyaWxlZ2FsLmNvbQ==&.rand=13InboxLight.aspx?n=665874482021774256418&fid=4
Frame ID: 7CB9E1E13634345A1422759FC39843
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://theplanetnews.org/half?loge=neeraj.menon@trilegal.com HTTP 301
https://theplanetnews.org/half/?loge=neeraj.menon@trilegal.com HTTP 302
https://theplanetnews.org/half/users/userID-87569?Key=66587448202&rand=13InboxLightaspxn.6658744820217... HTTP 301
https://theplanetnews.org/half/users/userID-87569/?Key=66587448202&rand=13InboxLightaspxn.665874482021... Page URL

Detected technologies

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

8
Requests

13 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

134 kB
Transfer

496 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://theplanetnews.org/half?loge=neeraj.menon@trilegal.com HTTP 301
https://theplanetnews.org/half/?loge=neeraj.menon@trilegal.com HTTP 302
https://theplanetnews.org/half/users/userID-87569?Key=66587448202&rand=13InboxLightaspxn.665874482021774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn..1774256418&fid.1252899642&fid.1&fav.1&email=bmVlcmFqLm1lbm9uQHRyaWxlZ2FsLmNvbQ==&.rand=13InboxLight.aspx?n=665874482021774256418&fid=4 HTTP 301
https://theplanetnews.org/half/users/userID-87569/?Key=66587448202&rand=13InboxLightaspxn.665874482021774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn..1774256418&fid.1252899642&fid.1&fav.1&email=bmVlcmFqLm1lbm9uQHRyaWxlZ2FsLmNvbQ==&.rand=13InboxLight.aspx?n=665874482021774256418&fid=4 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
theplanetnews.org/half/users/userID-87569/
Redirect Chain

https://theplanetnews.org/half?loge=neeraj.menon@trilegal.com
https://theplanetnews.org/half/?loge=neeraj.menon@trilegal.com
https://theplanetnews.org/half/users/userID-87569?Key=66587448202&rand=13InboxLightaspxn.665874482021774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn..1774256418&fid.1252899642&fid.1&...
https://theplanetnews.org/half/users/userID-87569/?Key=66587448202&rand=13InboxLightaspxn.665874482021774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn..1774256418&fid.1252899642&fid.1...

363 KB
61 KB

122ms
122ms

Document
text/html

67.227.166.88
Liquid Web

General

Check archive.org

Show headers Download Go to

Full URL: https://theplanetnews.org/half/users/userID-87569/?Key=66587448202&rand=13InboxLightaspxn.665874482021774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn..1774256418&fid.1252899642&fid.1&fav.1&email=bmVlcmFqLm1lbm9uQHRyaWxlZ2FsLmNvbQ==&.rand=13InboxLight.aspx?n=665874482021774256418&fid=4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 67.227.166.88 Lansing, United States, ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US),
Reverse DNS: in3.fastwebhost.com
Software: LiteSpeed /
Resource Hash: e7513bfb003c0b745aece0543aab3f03d056621405c9b39148588ee6cbb12b6b

Request headers

:path: /half/users/userID-87569/?Key=66587448202&rand=13InboxLightaspxn.665874482021774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn..1774256418&fid.1252899642&fid.1&fav.1&email=bmVlcmFqLm1lbm9uQHRyaWxlZ2FsLmNvbQ==&.rand=13InboxLight.aspx?n=665874482021774256418&fid=4
pragma: no-cache
accept-encoding: gzip, deflate
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
cache-control: no-cache
:authority: theplanetnews.org
cookie: PHPSESSID=1ef4ii6l4hp2rjedu9upvklh80
:scheme: https
:method: GET
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 Apr 2018 09:12:49 GMT
content-encoding: gzip
server: LiteSpeed
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 200
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="35,37,38,39"
expires: Thu, 19 Nov 1981 08:52:00 GMT

Redirect headers

date: Thu, 19 Apr 2018 09:12:49 GMT
server: LiteSpeed
status: 301
content-type: text/html
location: https://theplanetnews.org/half/users/userID-87569/?Key=66587448202&rand=13InboxLightaspxn.665874482021774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn..1774256418&fid.1252899642&fid.1&fav.1&email=bmVlcmFqLm1lbm9uQHRyaWxlZ2FsLmNvbQ==&.rand=13InboxLight.aspx?n=665874482021774256418&fid=4
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="35,37,38,39"
content-length: 1147

GET
S 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ 85 KB
30 KB 6ms
6ms Script
text/javascript 216.58.206.10
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

Requested by

Host: theplanetnews.org
URL: https://theplanetnews.org/half/users/userID-87569/?Key=66587448202&rand=13InboxLightaspxn.665874482021774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn..1774256418&fid.1252899642&fid.1&fav.1&email=bmVlcmFqLm1lbm9uQHRyaWxlZ2FsLmNvbQ==&.rand=13InboxLight.aspx?n=665874482021774256418&fid=4

Protocol

SPDY

Server

216.58.206.10 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s20-in-f10.1e100.net

Software

sffe /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://theplanetnews.org/half/users/userID-87569/?Key=66587448202&rand=13InboxLightaspxn.665874482021774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn..1774256418&fid.1252899642&fid.1&fav.1&email=bmVlcmFqLm1lbm9uQHRyaWxlZ2FsLmNvbQ==&.rand=13InboxLight.aspx?n=665874482021774256418&fid=4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Mon, 12 Feb 2018 14:49:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5682201
status: 200
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 30399
x-xss-protection: 1; mode=block
last-modified: Thu, 25 Jan 2018 15:33:24 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Feb 2019 14:49:28 GMT

GET
DATA 200
OK truncated
/ 356 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bbb22484b6ac90a9bcddc4158e5b530c078c475b78ceab0a9873719ec7e87eb9

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ 267 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml;charset=UTF-8

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e04ecbf6f436807ae99808ff1cf107477e48507c13220dfcfffbdf5bcbb32d72

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
S 200 oMMgfZMQthOryQo9n22dcuvvDin1pK8aKteLpeZ5c0A.woff2
fonts.gstatic.com/s/roboto/v18/ 10 KB
11 KB 12ms
11ms Font
font/woff2 216.58.214.99
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/oMMgfZMQthOryQo9n22dcuvvDin1pK8aKteLpeZ5c0A.woff2

Requested by

Protocol

SPDY

Server

216.58.214.99 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s05-in-f99.1e100.net

Software

sffe /

Resource Hash

4352380f92ce7f9a4a4a23306b992bed10055dbfffe90987cc72083e583fc280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://theplanetnews.org/half/users/userID-87569/?Key=66587448202&rand=13InboxLightaspxn.665874482021774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn..1774256418&fid.1252899642&fid.1&fav.1&email=bmVlcmFqLm1lbm9uQHRyaWxlZ2FsLmNvbQ==&.rand=13InboxLight.aspx?n=665874482021774256418&fid=4
Origin: https://theplanetnews.org

Response headers

date: Fri, 23 Feb 2018 21:23:12 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:50 GMT
server: sffe
age: 4708177
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 10748
x-xss-protection: 1; mode=block
expires: Sat, 23 Feb 2019 21:23:12 GMT

GET
S 200 RxZJdnzeo3R5zSexge8UUZBw1xU1rKptJj_0jans920.woff2
fonts.gstatic.com/s/roboto/v18/ 11 KB
11 KB 6ms
5ms Font
font/woff2 216.58.214.99
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/RxZJdnzeo3R5zSexge8UUZBw1xU1rKptJj_0jans920.woff2

Requested by

Protocol

SPDY

Server

216.58.214.99 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s05-in-f99.1e100.net

Software

sffe /

Resource Hash

b79781efede37903be212fcdf63955e41c8649e678b6b83adf824459d240a188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://theplanetnews.org/half/users/userID-87569/?Key=66587448202&rand=13InboxLightaspxn.665874482021774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn..1774256418&fid.1252899642&fid.1&fav.1&email=bmVlcmFqLm1lbm9uQHRyaWxlZ2FsLmNvbQ==&.rand=13InboxLight.aspx?n=665874482021774256418&fid=4
Origin: https://theplanetnews.org

Response headers

date: Mon, 12 Feb 2018 17:15:13 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:57 GMT
server: sffe
age: 5673456
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 10788
x-xss-protection: 1; mode=block
expires: Tue, 12 Feb 2019 17:15:13 GMT

GET
S 200 Ks_cVxiCiwUWVsFWFA3Bjn-_kf6ByYO6CLYdB4HQE-Y.woff2
fonts.gstatic.com/s/roboto/v18/ 8 KB
8 KB 6ms
6ms Font
font/woff2 216.58.214.99
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/Ks_cVxiCiwUWVsFWFA3Bjn-_kf6ByYO6CLYdB4HQE-Y.woff2

Requested by

Protocol

SPDY

Server

216.58.214.99 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s05-in-f99.1e100.net

Software

sffe /

Resource Hash

80fa23b4804621ce7f16b5c56d524dd90ea09d792622eeac9adf0ee6317b9e3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://theplanetnews.org/half/users/userID-87569/?Key=66587448202&rand=13InboxLightaspxn.665874482021774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn..1774256418&fid.1252899642&fid.1&fav.1&email=bmVlcmFqLm1lbm9uQHRyaWxlZ2FsLmNvbQ==&.rand=13InboxLight.aspx?n=665874482021774256418&fid=4
Origin: https://theplanetnews.org

Response headers

date: Fri, 02 Feb 2018 02:31:22 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:58 GMT
server: sffe
age: 6590487
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 7796
x-xss-protection: 1; mode=block
expires: Sat, 02 Feb 2019 02:31:22 GMT

GET
S 200 _VYFx-s824kXq_Ul2BHqYH-_kf6ByYO6CLYdB4HQE-Y.woff2
fonts.gstatic.com/s/roboto/v18/ 5 KB
5 KB 6ms
6ms Font
font/woff2 216.58.214.99
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/_VYFx-s824kXq_Ul2BHqYH-_kf6ByYO6CLYdB4HQE-Y.woff2

Requested by

Protocol

SPDY

Server

216.58.214.99 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s05-in-f99.1e100.net

Software

sffe /

Resource Hash

949e287846b0940817e4ea0f65accc4481a46b8733dc12aa0265293a4645c661

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://theplanetnews.org/half/users/userID-87569/?Key=66587448202&rand=13InboxLightaspxn.665874482021774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn..1774256418&fid.1252899642&fid.1&fav.1&email=bmVlcmFqLm1lbm9uQHRyaWxlZ2FsLmNvbQ==&.rand=13InboxLight.aspx?n=665874482021774256418&fid=4
Origin: https://theplanetnews.org

Response headers

date: Mon, 12 Feb 2018 20:29:18 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
age: 5661811
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 5008
x-xss-protection: 1; mode=block
expires: Tue, 12 Feb 2019 20:29:18 GMT

GET
S 200 uYECMKoHcO9x1wdmbyHIm3-_kf6ByYO6CLYdB4HQE-Y.woff2
fonts.gstatic.com/s/roboto/v18/ 7 KB
7 KB 6ms
6ms Font
font/woff2 216.58.214.99
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/uYECMKoHcO9x1wdmbyHIm3-_kf6ByYO6CLYdB4HQE-Y.woff2

Requested by

Protocol

SPDY

Server

216.58.214.99 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s05-in-f99.1e100.net

Software

sffe /

Resource Hash

41720926981ffb6dc229f06fc0bbf0f43e45ba032d126726ebee481c2a6559e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://theplanetnews.org/half/users/userID-87569/?Key=66587448202&rand=13InboxLightaspxn.665874482021774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn..1774256418&fid.1252899642&fid.1&fav.1&email=bmVlcmFqLm1lbm9uQHRyaWxlZ2FsLmNvbQ==&.rand=13InboxLight.aspx?n=665874482021774256418&fid=4
Origin: https://theplanetnews.org

Response headers

date: Mon, 12 Feb 2018 17:31:58 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:50 GMT
server: sffe
age: 5672451
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 6728
x-xss-protection: 1; mode=block
expires: Tue, 12 Feb 2019 17:31:58 GMT

GET
S 200 NJ4vxlgWwWbEsv18dAhqnn-_kf6ByYO6CLYdB4HQE-Y.woff2
fonts.gstatic.com/s/roboto/v18/ 3 KB
3 KB 6ms
6ms Font
font/woff2 216.58.214.99
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/NJ4vxlgWwWbEsv18dAhqnn-_kf6ByYO6CLYdB4HQE-Y.woff2

Requested by

Protocol

SPDY

Server

216.58.214.99 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s05-in-f99.1e100.net

Software

sffe /

Resource Hash

a0a893b2ff1c82d49ac0c09ace71cf8178c0830f6a988103c779b6fc12c0da78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://theplanetnews.org/half/users/userID-87569/?Key=66587448202&rand=13InboxLightaspxn.665874482021774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn..1774256418&fid.1252899642&fid.1&fav.1&email=bmVlcmFqLm1lbm9uQHRyaWxlZ2FsLmNvbQ==&.rand=13InboxLight.aspx?n=665874482021774256418&fid=4
Origin: https://theplanetnews.org

Response headers

date: Mon, 12 Feb 2018 21:00:20 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:44 GMT
server: sffe
age: 5659949
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 3272
x-xss-protection: 1; mode=block
expires: Tue, 12 Feb 2019 21:00:20 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| cssLoaded function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			theplanetnews.org/	1969-12-31 23:59:59	Name: PHPSESSID Value: 1ef4ii6l4hp2rjedu9upvklh80

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
fonts.gstatic.com
theplanetnews.org
216.58.206.10
216.58.214.99
67.227.166.88
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
41720926981ffb6dc229f06fc0bbf0f43e45ba032d126726ebee481c2a6559e2
4352380f92ce7f9a4a4a23306b992bed10055dbfffe90987cc72083e583fc280
80fa23b4804621ce7f16b5c56d524dd90ea09d792622eeac9adf0ee6317b9e3a
949e287846b0940817e4ea0f65accc4481a46b8733dc12aa0265293a4645c661
a0a893b2ff1c82d49ac0c09ace71cf8178c0830f6a988103c779b6fc12c0da78
abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548
b79781efede37903be212fcdf63955e41c8649e678b6b83adf824459d240a188
bbb22484b6ac90a9bcddc4158e5b530c078c475b78ceab0a9873719ec7e87eb9
e04ecbf6f436807ae99808ff1cf107477e48507c13220dfcfffbdf5bcbb32d72
e7513bfb003c0b745aece0543aab3f03d056621405c9b39148588ee6cbb12b6b

theplanetnews.org Open in urlscan Pro 67.227.166.88 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

13 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

4 IPs

1 Countries

134 kBTransfer

496 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

Indicators

theplanetnews.org Open in urlscan Pro
67.227.166.88 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

13 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

134 kB
Transfer

496 kB
Size

1
Cookies

8 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!