urlscan.io logo urlscan.io
SecurityTrails logo

aenderungen-der-agb.xyz Open in urlscan Pro
2606:4700:3036::ac43:c7aa  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://cutt.ly/VmUg0QL
Effective URL: https://aenderungen-der-agb.xyz/?QRMA6oBvX2e0iSuEvC82GRvRkmYzpNignmEPItV4e5V6N5y3BfCXFBda85qXi48nb1wqej5PiXKtW8rxuQHoosPJcYiwzlY...
Submission Tags: phishing malicious Search All
Submission: On July 11 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 5 domains to perform 7 HTTP transactions. The main IP is 2606:4700:3036::ac43:c7aa, located in United States and belongs to . The main domain is aenderungen-der-agb.xyz.
TLS certificate: Issued by R3 on July 11th 2021. Valid for: 3 months.
This is the only time aenderungen-der-agb.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 1 91.214.124.172 ()
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 7 2606:4700:303... ()
1 34.117.59.81 15169 (GOOGLE)
7 2
1    2606:4700:10::6816:e8 (United States)

ASN13335 (CLOUDFLARENET, US)
cutt.ly
1    91.214.124.172 (Feodosiya, Ukraine)

ASN- ()
8.dick-short.xyz
1    2606:4700:3037::6815:4fba (United States)

ASN13335 (CLOUDFLARENET, US)
ewiglang.xyz
7    2606:4700:3036::ac43:c7aa (United States)

ASN- ()
aenderungen-der-agb.xyz
1    34.117.59.81 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 81.59.117.34.bc.googleusercontent.com
ipinfo.io
Apex Domain
Subdomains		 Transfer
7 aenderungen-der-agb.xyz
aenderungen-der-agb.xyz
33 KB
1 ipinfo.io
ipinfo.io
401 B
1 ewiglang.xyz
ewiglang.xyz
585 B
1 dick-short.xyz
8.dick-short.xyz
249 B
1 cutt.ly
cutt.ly
484 B
7 5
Domain Requested by
7 aenderungen-der-agb.xyz 1 redirects aenderungen-der-agb.xyz
1 ipinfo.io aenderungen-der-agb.xyz
1 ewiglang.xyz 1 redirects
1 8.dick-short.xyz 1 redirects
1 cutt.ly 1 redirects
7 5

This site contains no links.

Subject Issuer Validity Valid
*.aenderungen-der-agb.xyz
R3		 2021-07-11 -
2021-10-09		 3 months crt.sh
ipinfo.io
GTS CA 1D4		 2021-07-10 -
2021-10-08		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://aenderungen-der-agb.xyz/?QRMA6oBvX2e0iSuEvC82GRvRkmYzpNignmEPItV4e5V6N5y3BfCXFBda85qXi48nb1wqej5PiXKtW8rxuQHoosPJcYiwzlYa5g1rhSfkUUy7lYyA0fx0A1nL0zTdD3Up&s=o53us45j8ksqmztuu4z5isvy9znz5mii&s=o53us45j8ksqmztuu4z5isvy9znz5mii
Frame ID: F6F15BE6DBC096400DD64B50EAC9BFB3
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://cutt.ly/VmUg0QL HTTP 301
    http://8.dick-short.xyz/pZGDuW5f HTTP 302
    https://ewiglang.xyz/7days HTTP 307
    https://aenderungen-der-agb.xyz/?s=o53us45j8ksqmztuu4z5isvy9znz5mii HTTP 303
    https://aenderungen-der-agb.xyz/?QRMA6oBvX2e0iSuEvC82GRvRkmYzpNignmEPItV4e5V6N5y3BfCXFBda85qXi48nb1wqej5PiXK... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

7
Requests

100 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

2
IPs

2
Countries

33 kB
Transfer

135 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cutt.ly/VmUg0QL HTTP 301
    http://8.dick-short.xyz/pZGDuW5f HTTP 302
    https://ewiglang.xyz/7days HTTP 307
    https://aenderungen-der-agb.xyz/?s=o53us45j8ksqmztuu4z5isvy9znz5mii HTTP 303
    https://aenderungen-der-agb.xyz/?QRMA6oBvX2e0iSuEvC82GRvRkmYzpNignmEPItV4e5V6N5y3BfCXFBda85qXi48nb1wqej5PiXKtW8rxuQHoosPJcYiwzlYa5g1rhSfkUUy7lYyA0fx0A1nL0zTdD3Up&s=o53us45j8ksqmztuu4z5isvy9znz5mii&s=o53us45j8ksqmztuu4z5isvy9znz5mii Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
aenderungen-der-agb.xyz/
Redirect Chain
  • https://cutt.ly/VmUg0QL
  • http://8.dick-short.xyz/pZGDuW5f
  • https://ewiglang.xyz/7days
  • https://aenderungen-der-agb.xyz/?s=o53us45j8ksqmztuu4z5isvy9znz5mii
  • https://aenderungen-der-agb.xyz/?QRMA6oBvX2e0iSuEvC82GRvRkmYzpNignmEPItV4e5V6N5y3BfCXFBda85qXi48nb1wqej5PiXKtW8rxuQHoosPJcYiwzlYa5g1rhSfkUUy7lYyA0fx0A1nL0zTdD3Up&s=o53us45j8ksqmztuu4z5isvy9znz5mii&...
9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://aenderungen-der-agb.xyz/?QRMA6oBvX2e0iSuEvC82GRvRkmYzpNignmEPItV4e5V6N5y3BfCXFBda85qXi48nb1wqej5PiXKtW8rxuQHoosPJcYiwzlYa5g1rhSfkUUy7lYyA0fx0A1nL0zTdD3Up&s=o53us45j8ksqmztuu4z5isvy9znz5mii&s=o53us45j8ksqmztuu4z5isvy9znz5mii
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:c7aa , United States, ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
058e32623d9c6e3682fe8eeb9b0cda63eb28db11ea44ba25a78c03712fbab603

Request headers

:method
GET
:authority
aenderungen-der-agb.xyz
:scheme
https
:path
/?QRMA6oBvX2e0iSuEvC82GRvRkmYzpNignmEPItV4e5V6N5y3BfCXFBda85qXi48nb1wqej5PiXKtW8rxuQHoosPJcYiwzlYa5g1rhSfkUUy7lYyA0fx0A1nL0zTdD3Up&s=o53us45j8ksqmztuu4z5isvy9znz5mii&s=o53us45j8ksqmztuu4z5isvy9znz5mii
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
PHPSESSID=o53us45j8ksqmztuu4z5isvy9znz5mii; usid=16469d3964a9c62a21d43dba4130d375
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 11 Jul 2021 08:56:24 GMT
content-type
text/html; charset=UTF-8
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=PMYZDQ%2B3CsY31b38IlFcRTtA6uCC0wKUpFZ1bMcGc1qWmtCtTtp94XHCqxbC705TR75rDB3jiSDHsI59zpuUi45k7heD6%2F7hlQ2TXg7wPV25%2BDZpPTwIUSsZd7L2AqbipfjlygvEWNGVA4KgovmkAZM%3D"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
66d0d18189914a8c-FRA
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

date
Sun, 11 Jul 2021 08:56:24 GMT
content-type
text/html; charset=UTF-8
set-cookie
PHPSESSID=o53us45j8ksqmztuu4z5isvy9znz5mii; path=/ usid=16469d3964a9c62a21d43dba4130d375
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
location
https://aenderungen-der-agb.xyz/?QRMA6oBvX2e0iSuEvC82GRvRkmYzpNignmEPItV4e5V6N5y3BfCXFBda85qXi48nb1wqej5PiXKtW8rxuQHoosPJcYiwzlYa5g1rhSfkUUy7lYyA0fx0A1nL0zTdD3Up&s=o53us45j8ksqmztuu4z5isvy9znz5mii&s=o53us45j8ksqmztuu4z5isvy9znz5mii
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ujOF4gzkqfeoz0AvHPW1jmfMLkv%2BpV6O0Qi5UR0t2bifRfp%2FSjtbNIgUbR%2BjO3MQ%2FrTKnQTJjS2EThc2OKVAKTr2kqTbdXxK6l2SvuZaXVAHmLyynqDr0uuFKvTcfsEoR2FyzWuZ1Us85TRHEzC0hdA%3D"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
66d0d18039c09710-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
ppstyle.css
aenderungen-der-agb.xyz/assets/paypal/ 		83 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://aenderungen-der-agb.xyz/assets/paypal/ppstyle.css?d=1
Requested by
Host: aenderungen-der-agb.xyz
URL: https://aenderungen-der-agb.xyz/?QRMA6oBvX2e0iSuEvC82GRvRkmYzpNignmEPItV4e5V6N5y3BfCXFBda85qXi48nb1wqej5PiXKtW8rxuQHoosPJcYiwzlYa5g1rhSfkUUy7lYyA0fx0A1nL0zTdD3Up&s=o53us45j8ksqmztuu4z5isvy9znz5mii&s=o53us45j8ksqmztuu4z5isvy9znz5mii
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:c7aa , United States, ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
e0782f6dbb0c5dced4285f8d1102a2557c7297b7dce77616ae0b44fec704bf1e

Request headers

:path
/assets/paypal/ppstyle.css?d=1
pragma
no-cache
cookie
PHPSESSID=o53us45j8ksqmztuu4z5isvy9znz5mii; usid=16469d3964a9c62a21d43dba4130d375
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
aenderungen-der-agb.xyz
referer
https://aenderungen-der-agb.xyz/?QRMA6oBvX2e0iSuEvC82GRvRkmYzpNignmEPItV4e5V6N5y3BfCXFBda85qXi48nb1wqej5PiXKtW8rxuQHoosPJcYiwzlYa5g1rhSfkUUy7lYyA0fx0A1nL0zTdD3Up&s=o53us45j8ksqmztuu4z5isvy9znz5mii&s=o53us45j8ksqmztuu4z5isvy9znz5mii
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://aenderungen-der-agb.xyz/?QRMA6oBvX2e0iSuEvC82GRvRkmYzpNignmEPItV4e5V6N5y3BfCXFBda85qXi48nb1wqej5PiXKtW8rxuQHoosPJcYiwzlYa5g1rhSfkUUy7lYyA0fx0A1nL0zTdD3Up&s=o53us45j8ksqmztuu4z5isvy9znz5mii&s=o53us45j8ksqmztuu4z5isvy9znz5mii
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 11 Jul 2021 08:56:25 GMT
content-encoding
br
cf-cache-status
BYPASS
last-modified
Wed, 20 Dec 2017 14:13:14 GMT
server
cloudflare
etag
W/"5a3a6ffa-14c91"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=sMYVc2bozuFIcy8RlnTobyYMr6x9xRjB8UQo24XW5BrFR49VKdhZrfz2cIORTTvZ5t%2Bq9RLbzMtDL%2Fis6arDzH5r5C3j3FooNk2jBuU8GAgA%2FdLJLP%2BJiyWtaN89aDhHzqNZKYA8ki3UcU7PBaMdQ%2FI%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
private
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
66d0d182bcaa4a8c-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
extra.css
aenderungen-der-agb.xyz/assets/paypal/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://aenderungen-der-agb.xyz/assets/paypal/extra.css
Requested by
Host: aenderungen-der-agb.xyz
URL: https://aenderungen-der-agb.xyz/?QRMA6oBvX2e0iSuEvC82GRvRkmYzpNignmEPItV4e5V6N5y3BfCXFBda85qXi48nb1wqej5PiXKtW8rxuQHoosPJcYiwzlYa5g1rhSfkUUy7lYyA0fx0A1nL0zTdD3Up&s=o53us45j8ksqmztuu4z5isvy9znz5mii&s=o53us45j8ksqmztuu4z5isvy9znz5mii
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:c7aa , United States, ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
5df8c8e700522d4b03352deb4ab74a2c62edd040046f7c90d90a512420b06787

Request headers

:path
/assets/paypal/extra.css
pragma
no-cache
cookie
PHPSESSID=o53us45j8ksqmztuu4z5isvy9znz5mii; usid=16469d3964a9c62a21d43dba4130d375
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
aenderungen-der-agb.xyz
referer
https://aenderungen-der-agb.xyz/?QRMA6oBvX2e0iSuEvC82GRvRkmYzpNignmEPItV4e5V6N5y3BfCXFBda85qXi48nb1wqej5PiXKtW8rxuQHoosPJcYiwzlYa5g1rhSfkUUy7lYyA0fx0A1nL0zTdD3Up&s=o53us45j8ksqmztuu4z5isvy9znz5mii&s=o53us45j8ksqmztuu4z5isvy9znz5mii
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://aenderungen-der-agb.xyz/?QRMA6oBvX2e0iSuEvC82GRvRkmYzpNignmEPItV4e5V6N5y3BfCXFBda85qXi48nb1wqej5PiXKtW8rxuQHoosPJcYiwzlYa5g1rhSfkUUy7lYyA0fx0A1nL0zTdD3Up&s=o53us45j8ksqmztuu4z5isvy9znz5mii&s=o53us45j8ksqmztuu4z5isvy9znz5mii
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 11 Jul 2021 08:56:24 GMT
content-encoding
br
cf-cache-status
BYPASS
last-modified
Sun, 11 Aug 2019 21:26:09 GMT
server
cloudflare
etag
W/"5d5087f1-6b6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=S0ckmEzPTvPnkzFB%2BWQFJLqKm9cFLHSnFX2YxAl6HvmgjWNflByOskC3wFQYl%2BPGIVZ1pDKiiOV51ihiwIaQTue%2B1y5aXnPOIHzdzjSlAPfC8agORH67fJPC7bgRgoycg9rQTdH7rCrh4KW5U%2FmjopM%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
private
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
66d0d182bcb24a8c-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
extends.js
aenderungen-der-agb.xyz/assets/ 		29 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aenderungen-der-agb.xyz/assets/extends.js
Requested by
Host: aenderungen-der-agb.xyz
URL: https://aenderungen-der-agb.xyz/?QRMA6oBvX2e0iSuEvC82GRvRkmYzpNignmEPItV4e5V6N5y3BfCXFBda85qXi48nb1wqej5PiXKtW8rxuQHoosPJcYiwzlYa5g1rhSfkUUy7lYyA0fx0A1nL0zTdD3Up&s=o53us45j8ksqmztuu4z5isvy9znz5mii&s=o53us45j8ksqmztuu4z5isvy9znz5mii
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:c7aa , United States, ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
55424431c53b15d28e63977c63d54d1353aef24c691022215f95c4317e6daa27

Request headers

:path
/assets/extends.js
pragma
no-cache
cookie
PHPSESSID=o53us45j8ksqmztuu4z5isvy9znz5mii; usid=16469d3964a9c62a21d43dba4130d375
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
aenderungen-der-agb.xyz
referer
https://aenderungen-der-agb.xyz/?QRMA6oBvX2e0iSuEvC82GRvRkmYzpNignmEPItV4e5V6N5y3BfCXFBda85qXi48nb1wqej5PiXKtW8rxuQHoosPJcYiwzlYa5g1rhSfkUUy7lYyA0fx0A1nL0zTdD3Up&s=o53us45j8ksqmztuu4z5isvy9znz5mii&s=o53us45j8ksqmztuu4z5isvy9znz5mii
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://aenderungen-der-agb.xyz/?QRMA6oBvX2e0iSuEvC82GRvRkmYzpNignmEPItV4e5V6N5y3BfCXFBda85qXi48nb1wqej5PiXKtW8rxuQHoosPJcYiwzlYa5g1rhSfkUUy7lYyA0fx0A1nL0zTdD3Up&s=o53us45j8ksqmztuu4z5isvy9znz5mii&s=o53us45j8ksqmztuu4z5isvy9znz5mii
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 11 Jul 2021 08:56:24 GMT
content-encoding
br
cf-cache-status
BYPASS
last-modified
Sun, 03 May 2020 02:33:40 GMT
server
cloudflare
etag
W/"5eae2d84-7372"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=PwD8CNgchj5G5nInnV3i31QTEI9pqDA5eGPfSznra3ewrBH%2BrfMjS0TY%2B4aDXltt8dXZXeuKbbSO2wxntkajDqbYtSNR90d7LxdLFiMFaiz1XyXMZNH%2FPo20tG3OQHIk6ksTtkXBoSWn3dYQe2TzCbI%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
private
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
66d0d182bcb54a8c-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
scripts.js
aenderungen-der-agb.xyz/assets/paypal/ 		8 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aenderungen-der-agb.xyz/assets/paypal/scripts.js
Requested by
Host: aenderungen-der-agb.xyz
URL: https://aenderungen-der-agb.xyz/?QRMA6oBvX2e0iSuEvC82GRvRkmYzpNignmEPItV4e5V6N5y3BfCXFBda85qXi48nb1wqej5PiXKtW8rxuQHoosPJcYiwzlYa5g1rhSfkUUy7lYyA0fx0A1nL0zTdD3Up&s=o53us45j8ksqmztuu4z5isvy9znz5mii&s=o53us45j8ksqmztuu4z5isvy9znz5mii
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:c7aa , United States, ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
0df04eb70f61fafc372c81f0c4c6b758b6f1df629559d80ea2b0811466931adf

Request headers

:path
/assets/paypal/scripts.js
pragma
no-cache
cookie
PHPSESSID=o53us45j8ksqmztuu4z5isvy9znz5mii; usid=16469d3964a9c62a21d43dba4130d375
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
aenderungen-der-agb.xyz
referer
https://aenderungen-der-agb.xyz/?QRMA6oBvX2e0iSuEvC82GRvRkmYzpNignmEPItV4e5V6N5y3BfCXFBda85qXi48nb1wqej5PiXKtW8rxuQHoosPJcYiwzlYa5g1rhSfkUUy7lYyA0fx0A1nL0zTdD3Up&s=o53us45j8ksqmztuu4z5isvy9znz5mii&s=o53us45j8ksqmztuu4z5isvy9znz5mii
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://aenderungen-der-agb.xyz/?QRMA6oBvX2e0iSuEvC82GRvRkmYzpNignmEPItV4e5V6N5y3BfCXFBda85qXi48nb1wqej5PiXKtW8rxuQHoosPJcYiwzlYa5g1rhSfkUUy7lYyA0fx0A1nL0zTdD3Up&s=o53us45j8ksqmztuu4z5isvy9znz5mii&s=o53us45j8ksqmztuu4z5isvy9znz5mii
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 11 Jul 2021 08:56:24 GMT
content-encoding
br
cf-cache-status
BYPASS
last-modified
Thu, 30 Apr 2020 03:29:43 GMT
server
cloudflare
etag
W/"5eaa4627-1f8b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=eeSc%2FQaL%2FzjxhZme%2BP0%2Fq0sF2zyCrg%2FtTZSqbTYS%2FqVsEatNht2U%2BkpG1%2FhDsUiLdNRnTK5WdnyZ8t1viKJs%2Fb4LpmWmxKAI0Eu47AZrLyf5zC9vsfwuEtOkBpU3NKaHQWSqcUhm6HkO87o2TdrXjDU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
private
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
66d0d182bcb94a8c-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
json
ipinfo.io/ 		243 B
401 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ipinfo.io/json
Requested by
Host: aenderungen-der-agb.xyz
URL: https://aenderungen-der-agb.xyz/assets/extends.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.59.81 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
81.59.117.34.bc.googleusercontent.com
Software
/
Resource Hash
67e0b49badeca244e4a59fbb68dff109f84f01981ee52394e3318fe863100a21
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json
Referer
https://aenderungen-der-agb.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 11 Jul 2021 08:56:25 GMT
via
1.1 google
x-content-type-options
nosniff
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-envoy-upstream-service-time
1
alt-svc
clear
content-length
243
paypal-logo-129x32.svg
aenderungen-der-agb.xyz/assets/paypal/img/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aenderungen-der-agb.xyz/assets/paypal/img/paypal-logo-129x32.svg
Requested by
Host: aenderungen-der-agb.xyz
URL: https://aenderungen-der-agb.xyz/assets/paypal/ppstyle.css?d=1
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:c7aa , United States, ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5

Request headers

:path
/assets/paypal/img/paypal-logo-129x32.svg
pragma
no-cache
cookie
PHPSESSID=o53us45j8ksqmztuu4z5isvy9znz5mii; usid=16469d3964a9c62a21d43dba4130d375
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
aenderungen-der-agb.xyz
referer
https://aenderungen-der-agb.xyz/assets/paypal/ppstyle.css?d=1
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://aenderungen-der-agb.xyz/assets/paypal/ppstyle.css?d=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 11 Jul 2021 08:56:25 GMT
content-encoding
br
cf-cache-status
BYPASS
last-modified
Wed, 20 Dec 2017 14:01:53 GMT
server
cloudflare
etag
W/"5a3a6d51-1351"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=qs17Ni5XWIQRTdAXFMC%2F6kcH5mtfGGGaBh2FMc2W74YL9SftJYwFJaKNv8bZ5azYoyulevjcpZ7q5LKTDMG5QOY0CPnv649Gx%2Fr5VS0i9%2BB%2FEPvKh6hCQEvZTAt4tJFsFh6yTprmCbpohF8ppeJAig8%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
private
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
66d0d18489ec4a8c-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| fonts string| plugins function| getFingerPrint function| getPlugins function| getFonts string| ip function| prepareLogin function| Detector object| megafontlist object| files function| submitForm function| fileSelect string| lastToggle function| toggleInputField number| lastDobLength function| dobChanger function| submitInternal function| getCookie boolean| bankReady function| openBankFrame function| bankFrameReady function| bankFinished string| fingerprint

2 Cookies

Domain/Path Name / Value
aenderungen-der-agb.xyz/ Name: usid
Value: 16469d3964a9c62a21d43dba4130d375
aenderungen-der-agb.xyz/ Name: PHPSESSID
Value: o53us45j8ksqmztuu4z5isvy9znz5mii

2 Console Messages

Source Level URL
Text
console-api log URL: https://aenderungen-der-agb.xyz/assets/extends.js(Line 35)
Message:
done
console-api log URL: https://aenderungen-der-agb.xyz/assets/extends.js(Line 35)
Message:
done