fr.paypal.c1401344.ferozo.com
Open in
urlscan Pro
162.241.203.100
Malicious Activity!
Public Scan
Effective URL: http://fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf/Connectez-vous-votre-compte-PayPal.html
Submission: On July 22 via manual from US
Summary
This is the only time fr.paypal.c1401344.ferozo.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 103.250.212.193 103.250.212.193 | 38719 (DREAMSCAP...) (DREAMSCAPE-AS-AP Dreamscape Networks Limited) | |
3 18 | 162.241.203.100 162.241.203.100 | 26337 (OIS1) (OIS1 - Oso Grande IP Services) | |
17 | 3 |
ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU)
PTR: server-5d-r1.ipv4.per01.ds.network
1b3.com.au |
ASN26337 (OIS1 - Oso Grande IP Services, LLC, US)
PTR: 162-241-203-100.unifiedlayer.com
fr.paypal.c1401344.ferozo.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
ferozo.com
3 redirects
fr.paypal.c1401344.ferozo.com |
89 KB |
1 |
1b3.com.au
1b3.com.au |
450 B |
0 |
paypalobjects.com
Failed
www.paypalobjects.com Failed |
|
17 | 3 |
Domain | Requested by | |
---|---|---|
18 | fr.paypal.c1401344.ferozo.com |
3 redirects
fr.paypal.c1401344.ferozo.com
|
1 | 1b3.com.au | |
0 | www.paypalobjects.com Failed |
fr.paypal.c1401344.ferozo.com
|
17 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
1970-01-01 - 1970-01-01 |
a few seconds | crt.sh |
This page contains 4 frames:
Primary Page:
http://fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf/Connectez-vous-votre-compte-PayPal.html
Frame ID: C735274876F7213453B5E6989B84E6D2
Requests: 12 HTTP requests in this frame
Frame:
http://fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf/Connectez-vous-votre-compte-PayPal_files/saved_resource.html
Frame ID: D63D6AB51758032E9144AD824F170F55
Requests: 1 HTTP requests in this frame
Frame:
http://fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf/Connectez-vous-votre-compte-PayPal_files/saved_resource(1).html
Frame ID: 6B13D0151E98B85ABC0B107C7FCBC43D
Requests: 2 HTTP requests in this frame
Frame:
http://fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf/Connectez-vous-votre-compte-PayPal_files/i.html
Frame ID: 18F353550D0C2705EDD4474D72E45174
Requests: 2 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://1b3.com.au/wp-content/plugins/revslider/css/edit_layers.html Page URL
-
http://fr.paypal.c1401344.ferozo.com/home/fr/signin/
HTTP 302
http://fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf HTTP 301
http://fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf/ HTTP 301
http://fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf/Connectez-vous-votre-compte-PayPal.html Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://1b3.com.au/wp-content/plugins/revslider/css/edit_layers.html Page URL
-
http://fr.paypal.c1401344.ferozo.com/home/fr/signin/
HTTP 302
http://fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf HTTP 301
http://fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf/ HTTP 301
http://fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf/Connectez-vous-votre-compte-PayPal.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
edit_layers.html
1b3.com.au/wp-content/plugins/revslider/css/ |
195 B 450 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Connectez-vous-votre-compte-PayPal.html
fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf/ Redirect Chain
|
143 KB 56 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
contextualLogin.css
fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf/Connectez-vous-votre-compte-PayPal_files/ |
76 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-PN-check.png
fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf/Connectez-vous-votre-compte-PayPal_files/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
glyph_alert_critical_big-2x.png
fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf/Connectez-vous-votre-compte-PayPal_files/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pa.js.t%C3%A9l%C3%A9chargement
fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf/Connectez-vous-votre-compte-PayPal_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
analytics.js.t%C3%A9l%C3%A9chargement
fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf/Connectez-vous-votre-compte-PayPal_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
miconfig.js.t%C3%A9l%C3%A9chargement
fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf/Connectez-vous-votre-compte-PayPal_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fb-all-prod.pp2.min.js.t%C3%A9l%C3%A9chargement
fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf/Connectez-vous-votre-compte-PayPal_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tealeaf-ul-prod_domcap.min.js.t%C3%A9l%C3%A9chargement
fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf/Connectez-vous-votre-compte-PayPal_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
w
fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf/Connectez-vous-votre-compte-PayPal_files/ |
0 214 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
saved_resource.html
fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf/Connectez-vous-votre-compte-PayPal_files/ Frame D63D |
149 B 433 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
paypal-logo-129x32.svg
www.paypalobjects.com/images/shared/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
saved_resource(1).html
fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf/Connectez-vous-votre-compte-PayPal_files/ Frame 6B13 |
218 B 480 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
i.html
fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf/Connectez-vous-votre-compte-PayPal_files/ Frame 18F3 |
362 B 552 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
counter.cgi
fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf/Connectez-vous-votre-compte-PayPal_files/ Frame 6B13 |
42 B 288 B |
Image
application/cgi |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fb-all-prod.pp2.min.js.t%C3%A9l%C3%A9chargement
fr.paypal.c1401344.ferozo.com/home/fr/signin/b7fbf/Connectez-vous-votre-compte-PayPal_files/ Frame 18F3 |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.paypalobjects.com
- URL
- https://www.paypalobjects.com/images/shared/paypal-logo-129x32.svg
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| html5 object| Modernizr function| isEligibleIntegration object| antiClickjack object| PAYPAL function| $ function| _classCallCheck function| _typeof function| _createClass number| HTTPOK string| HTTPGET string| HTTPPOST number| DEFAULT_XHR_TIMEOUT object| _0x1a0b function| _0x52c3 object| d function| fefedffe object| err0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
1b3.com.au
fr.paypal.c1401344.ferozo.com
www.paypalobjects.com
www.paypalobjects.com
103.250.212.193
162.241.203.100
034b67a69cff7692d4e63ea6fac3feeead118c58250658549feb34c7d06f8872
13e4806e5c517e074ab1ea26fe0f2b7b87eaa3988006f35ed0bd4c89502d0d79
19033f54396df0a23f60c5e947a055044ee7c81c0526f2d33417c169b6f97616
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4a77d272b8cf508cc4a7e0da5763faa9958e42a5554fdb5d29fc3be51d685653
87dddc3cf6349281da6d3a298bab9f9cbc4e9b41ae892a9adc345077834852df
97f9b10039b05e1af4a3c9b778fc72ba44cf68a376e4ec1d55f2558f16cf3e50
a086b105767c6d9e865e698476dbad144cdec7e5719da98746ddd1eafeedc514
cc72ad2cc8fed3cedb6a8a453bdb67f1b81fd2257621db5e02021f67a962a85c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855