https://www.youtube.com/@ilijaax
142.251.163.190 · Google LLC
Mountain View, United States
7790 days
200 · 90.9s
Valid· WR2, Google Trust Services, US
COMPLETED
Domain Intelligence: youtube.com
Scanned 2 times since Apr 29, 2026, 02:10 PM UTC
Registered-domain escalation
Submit youtube.com as the primary IOC, enriched with evidence from hostile subdomains like www.youtube.com.
No KB/IOK detections were recorded for this scan.
technology | entertainment | other · 7/19/2026
The page presents as a YouTube channel (Ilija) on the official YouTube domain www.youtube.com, with a visible YouTube UI and branding. The page appears to be a standard channel page rather than a credential-collection login, and the domain resolves to the official brand. There is no clear evidence of credential harvesting or impersonation targeting users of another brand. The screenshot shows YouTube chrome and elements consistent with legitimate content consumption, though there are numerous external resources and API calls typical of YouTube's SPA. Based on the evidence, this scan does not conclusively indicate phishing; it reads as routine site content on an official domain, though the presence of iframes to accounts.google.com and an on-page login iframe warrants monitoring for potential abuse vectors.
Capture
Stages: 3
Canonical: Late Render (+3s)
Changed: No
Credential Signals
Forms: 2
Password fields: 0
Late-stage login UI: No
Resource Signals
Resources: 165
Hosts: 11
Domains: 7
Suspicious Endpoints
hxxps://www[.]youtube[.]com/api/jnn/v1/GenerateIT
hxxps://www[.]youtube[.]com/results
hxxps://www[.]youtube[.]com/@ilijaax/search
No suspicious indicators identified
The domain appears to be the official YouTube domain hosting a user channel page. There is no definitive evidence of credential harvesting or impersonation of another brand in the captured signals. The presence of an iframe to accounts.google.com and calls to YouTube’s own API could be part of legitimate authentication flows or embedded components, but could also be leveraged in an abuse scenario if misused for phishing. Given the lack of clear impersonation or abuse signals, this should be monitored rather than actioned as a takedown at this time.
Monitor