wu-traking.com
Open in
urlscan Pro
185.98.131.157
Malicious Activity!
Public Scan
Submission Tags: phishing malicious Search All
Submission: On September 19 via api from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on July 30th 2019. Valid for: 3 months.
This is the only time wu-traking.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 185.98.131.157 185.98.131.157 | 16347 (RMI-FITECH) (RMI-FITECH) | |
14 | 23.210.248.226 23.210.248.226 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
1 2 | 64.4.245.84 64.4.245.84 | 17012 (PAYPAL) (PAYPAL - PayPal) | |
23 | 4 |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-210-248-226.deploy.static.akamaitechnologies.com
www.paypalobjects.com | |
www.paypal.com | |
c.paypal.com | |
t.paypal.com |
ASN17012 (PAYPAL - PayPal, Inc., US)
b.stats.paypal.com | |
dub.stats.paypal.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
paypal.com
1 redirects
www.paypal.com c.paypal.com b.stats.paypal.com dub.stats.paypal.com t.paypal.com |
240 KB |
8 |
paypalobjects.com
www.paypalobjects.com |
109 KB |
7 |
wu-traking.com
wu-traking.com |
148 KB |
0 |
Failed
function sub() { [native code] }. Failed |
|
23 | 4 |
Domain | Requested by | |
---|---|---|
8 | www.paypalobjects.com |
wu-traking.com
|
7 | wu-traking.com |
wu-traking.com
www.paypalobjects.com |
3 | www.paypal.com |
wu-traking.com
|
2 | c.paypal.com |
wu-traking.com
c.paypal.com |
1 | t.paypal.com | |
1 | dub.stats.paypal.com | |
1 | b.stats.paypal.com | 1 redirects |
0 | 192.55.233.1 Failed |
www.paypalobjects.com
|
23 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.paypal.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
wu-traking.com Let's Encrypt Authority X3 |
2019-07-30 - 2019-10-28 |
3 months | crt.sh |
www.paypal.com DigiCert SHA2 Extended Validation Server CA |
2019-09-10 - 2020-08-18 |
a year | crt.sh |
b.stats.paypal.com DigiCert SHA2 High Assurance Server CA |
2018-02-16 - 2020-04-29 |
2 years | crt.sh |
This page contains 3 frames:
Primary Page:
https://wu-traking.com/gallery/800c2cab5b5b375db1c788c01e4603de.com-fr-signin
Frame ID: F7968644AEDC1C170D6B58F94962DEEB
Requests: 21 HTTP requests in this frame
Frame:
https://dub.stats.paypal.com/counter2.cgi
Frame ID: D89C96FA7A7947A7EA455097F7225257
Requests: 1 HTTP requests in this frame
Frame:
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
Frame ID: 5DC50A9479A0EC681352264AB7DDB195
Requests: 1 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
Title: Bouton audio
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 18- https://b.stats.paypal.com/v1/counter.cgi?r=cD1iYTQzZDNhZGIwZjg0NzU0OGMwNGY1N2RmOWY0ZmYzMCZpPTk0LjE3Ni4yMzYuNDcmdD0xNTY3NDc2MjkwLjk1NiZhPTIxJnM9VU5JRklFRF9MT0dJTsFJ38Say2L1mi7rCac84_dJ-XhQ HTTP 302
- https://dub.stats.paypal.com/counter2.cgi
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
800c2cab5b5b375db1c788c01e4603de.com-fr-signin
wu-traking.com/gallery/ |
146 KB 148 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xhr-ads.min.js
www.paypalobjects.com/web/res/c54/359e968cf4b91a2096b1cc7bb621b/js/ |
21 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
contextualLogin.css
www.paypalobjects.com/web/res/110/6659ced15f0c45d95e6b40e79a181/css/ |
87 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
secret.jpeg
www.paypal.com/cgi-bin/gs_web/R3aZaSrqDjFCdAAJbe7zHhH6m9W9j2rcfG24PM6PH1QaDwqoHHD3umicOaKRuMv7oJa0rA/ |
10 KB 10 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-PN-check.png
www.paypalobjects.com/images/shared/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
glyph_alert_critical_big-2x.png
www.paypalobjects.com/images/shared/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
paypal-logo-129x32.svg
www.paypalobjects.com/images/shared/ |
5 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ui-sprite.png
www.paypalobjects.com/webstatic/mktg/consumer/onboarding/ |
24 KB 24 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
secret.mp3
www.paypal.com/cgi-bin/wv_web/R3aZaSrqDjFCdAAJbe7zHhH6m9W9j2rcfG24PM6PH1QaDwqoHHD3umicOaKRuMv7oJa0rA/ |
104 KB 105 KB |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
secret.mp3
www.paypal.com/cgi-bin/wv_web/R3aZaSrqDjFCdAAJbe7zHhH6m9W9j2rcfG24PM6PH1QaDwqoHHD3umicOaKRuMv7oJa0rA/ |
104 KB 105 KB |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pa.js
www.paypalobjects.com/pa/js/min/ |
41 KB 15 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptchav3.js
wu-traking.com/auth/createchallenge/2cdb42a794de8ded/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
challenge.js
wu-traking.com/auth/createchallenge/a16d73d91e60c7df/ |
107 B 135 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fb-all-prod.pp2.min.js
c.paypal.com/webstatic/r/fb/ |
58 KB 18 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
client-log
wu-traking.com/signin/ |
107 B 135 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
resourceaccesstoken
192.55.233.1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cookie-banner
wu-traking.com/signin/ |
107 B 135 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
load-resource
wu-traking.com/signin/ |
107 B 135 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tealeaf-ul-prod_domcap.min.js
www.paypalobjects.com/web/res/110/6659ced15f0c45d95e6b40e79a181/js/lib/ |
110 KB 35 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
counter2.cgi
dub.stats.paypal.com/ Frame D89C Redirect Chain
|
42 B 494 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
i
c.paypal.com/v1/r/d/ Frame 5DC5 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
load-resource
wu-traking.com/signin/ |
107 B 135 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ts
t.paypal.com/ |
42 B 537 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- 192.55.233.1
- URL
- https://192.55.233.1/resourceaccesstoken
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)38 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate boolean| paypalADSInterceptorInjected object| html5 object| Modernizr function| isEligibleIntegration object| antiClickjack object| PAYPAL function| $ function| _classCallCheck function| _typeof function| _createClass number| HTTPOK string| HTTPGET string| HTTPPOST number| DEFAULT_XHR_TIMEOUT object| fpti string| fptiserverurl object| _ifpti object| pako object| TLT function| AjaxRequest string| PP_SERVICE_URL string| BASE_SWF_URL string| BEACON_BASE_URL string| PP_IFRAME_JS_URL string| PP_NEW_SERVICE_URL string| PP_VERSION object| Configuration object| PFB_4732Config object| PFB_4732 object| dataCollector object| fp undefined| runFb function| initTsFb object| jstz function| SwfStore function| SlvtStore1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
wu-traking.com/ | Name: PHPSESSID Value: 19b8e8c107b526e2788b6c8851859fc6 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=15552000; includeSubdomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
192.55.233.1
b.stats.paypal.com
c.paypal.com
dub.stats.paypal.com
t.paypal.com
wu-traking.com
www.paypal.com
www.paypalobjects.com
192.55.233.1
185.98.131.157
23.210.248.226
64.4.245.84
051139e3768ed3f9945e6fb8e5eab3ac3aeef767ebff4b334363dcdcadf9e3b9
13e4806e5c517e074ab1ea26fe0f2b7b87eaa3988006f35ed0bd4c89502d0d79
22027bb7a536c4631d05950c052600da4e4e6b697c0ffee2189da38e05857466
30eedefcdd6870576babcba3fcd73f44ad563b4087bf8d1dd4e4663433f44858
3ba795672c78c8f0f52ecd5d1a0a317d1e5c059509a6bead9d26b46fc831d83b
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4a77d272b8cf508cc4a7e0da5763faa9958e42a5554fdb5d29fc3be51d685653
64e95dfbaebb00d531005dfe2edab593c75a5899f35afa9834ff5e659c97152b
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
8bf480afffb8c41d083d3a0d46ec513f6607f5fe16fd43795b1417cd43914e9f
93e4d46564a0ae3f36d102fcac4aaa64dfac2d036c0a8a740e20cd7d67f7ffbe
96bbc6783209d9973a26beb485a2d6830fa4dd41d1e05491fc1dacfb48edc9ce
99159c617b4623b05cfc036beb1f5c3c44be7b5b654905392d92dd79ffd05386
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
eda0a3b80b9a6c146817151721cb4e4c38bb88bae41419df26f5f67156fa14b3