us1-paypal.com
Open in
urlscan Pro
188.165.242.45
Malicious Activity!
Public Scan
Submission: On April 25 via api from US
Summary
This is the only time us1-paypal.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Porn Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 188.165.242.45 188.165.242.45 | 16276 (OVH) (OVH) | |
2 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 64.225.92.243 64.225.92.243 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
2 3 | 88.212.201.198 88.212.201.198 | 39134 (UNITEDNET) (UNITEDNET) | |
1 2 | 2a05:d018:244... 2a05:d018:244:5200::ab | 16509 (AMAZON-02) (AMAZON-02) | |
9 | 2.16.186.96 2.16.186.96 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2a00:1450:400... 2a00:1450:4001:802::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:812::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:828::2003 | 15169 (GOOGLE) (GOOGLE) | |
20 | 9 |
ASN16509 (AMAZON-02, US)
rvzqo.whore4you.net | |
www.fuckteeangers.net |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-96.deploy.static.akamaitechnologies.com
cdn-bimi.akamaized.net |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
akamaized.net
cdn-bimi.akamaized.net |
234 KB |
3 |
yadro.ru
2 redirects
counter.yadro.ru |
2 KB |
3 |
us1-paypal.com
us1-paypal.com |
11 KB |
2 |
bootstrapcdn.com
stackpath.bootstrapcdn.com |
43 KB |
1 |
gstatic.com
fonts.gstatic.com |
23 KB |
1 |
googletagmanager.com
www.googletagmanager.com |
30 KB |
1 |
googleapis.com
fonts.googleapis.com |
451 B |
1 |
fuckteeangers.net
www.fuckteeangers.net |
2 KB |
1 |
whore4you.net
1 redirects
rvzqo.whore4you.net |
495 B |
1 |
antibot.cloud
cloud.antibot.cloud |
333 B |
20 | 10 |
Domain | Requested by | |
---|---|---|
9 | cdn-bimi.akamaized.net |
www.fuckteeangers.net
cdn-bimi.akamaized.net |
3 | counter.yadro.ru |
2 redirects
us1-paypal.com
|
3 | us1-paypal.com |
us1-paypal.com
|
2 | stackpath.bootstrapcdn.com |
us1-paypal.com
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | www.googletagmanager.com |
www.fuckteeangers.net
|
1 | fonts.googleapis.com |
cdn-bimi.akamaized.net
|
1 | www.fuckteeangers.net |
us1-paypal.com
|
1 | rvzqo.whore4you.net | 1 redirects |
1 | cloud.antibot.cloud |
us1-paypal.com
|
20 | 10 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.liveinternet.ru |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-03-01 - 2022-02-28 |
a year | crt.sh |
cloud.antibot.cloud Sectigo RSA Domain Validation Secure Server CA |
2021-01-25 - 2022-01-25 |
a year | crt.sh |
counter.yadro.ru R3 |
2021-03-22 - 2021-06-20 |
3 months | crt.sh |
*.fuckteeangers.net R3 |
2021-04-21 - 2021-07-20 |
3 months | crt.sh |
a248.e.akamai.net DigiCert Secure Site ECC CA-1 |
2020-07-15 - 2021-09-13 |
a year | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-03-23 - 2021-06-15 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2021-03-23 - 2021-06-15 |
3 months | crt.sh |
*.gstatic.com GTS CA 1O1 |
2021-03-23 - 2021-06-15 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
http://us1-paypal.com/
Frame ID: 7DFFE2ABDAC33C779E725C27442F4FD3
Requests: 7 HTTP requests in this frame
Frame:
https://www.fuckteeangers.net/c/4c8a669b83e6c2d3?&click_id=hawsd608501ca00052357&s1=31972&s2=1237048&s3=backuser&s5=&lp=MJ&j4=&j5=&j6=%3Cj6%3E&j8=
Frame ID: 1FB065818181F8F7206D40EC456BC498
Requests: 13 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://us1-paypal.com/ Page URL
- http://us1-paypal.com/ Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://us1-paypal.com/ Page URL
- http://us1-paypal.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- http://counter.yadro.ru/hit;ipkref?t44.6;rhttp%3A//us1-paypal.com/;s1600*1200*24;uhttp%3A//us1-paypal.com/;hWord%20essay;0.02887008762471477 HTTP 302
- https://counter.yadro.ru/hit;ipkref?t44.6;rhttp%3A//us1-paypal.com/;s1600*1200*24;uhttp%3A//us1-paypal.com/;hWord%20essay;0.02887008762471477 HTTP 302
- https://counter.yadro.ru/hit;ipkref?q;t44.6;rhttp%3A//us1-paypal.com/;s1600*1200*24;uhttp%3A//us1-paypal.com/;hWord%20essay;0.02887008762471477
- https://rvzqo.whore4you.net/c/1e3a4e532f1c7040?s1=31972&s2=1237048&j1=1&j3=1 HTTP 302
- https://www.fuckteeangers.net/c/4c8a669b83e6c2d3?&click_id=hawsd608501ca00052357&s1=31972&s2=1237048&s3=backuser&s5=&lp=MJ&j4=&j5=&j6=%3Cj6%3E&j8=
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
/
us1-paypal.com/ |
5 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/ |
156 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
antibot7.php
cloud.antibot.cloud/ |
72 B 333 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Cookie set
/
us1-paypal.com/ |
4 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/ |
156 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hit;ipkref
counter.yadro.ru/ Redirect Chain
|
132 B 586 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4c8a669b83e6c2d3
www.fuckteeangers.net/c/ Frame 1FB0 Redirect Chain
|
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
cntr.php
us1-paypal.com/ |
2 B 205 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
cdn-bimi.akamaized.net/landings/207645/1613486508/css/ Frame 1FB0 |
17 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script.min.js
cdn-bimi.akamaized.net/landings/207645/1613486508/js/ Frame 1FB0 |
252 KB 75 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
function.js
cdn-bimi.akamaized.net/landings/207645/1613486508/js/ Frame 1FB0 |
768 B 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
translate.js
cdn-bimi.akamaized.net/landings/207645/1613486508/js/ Frame 1FB0 |
20 KB 9 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
01.png
cdn-bimi.akamaized.net/landings/207645/1613486508/images/ Frame 1FB0 |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ Frame 1FB0 |
664 B 451 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ Frame 1FB0 |
77 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
no.png
cdn-bimi.akamaized.net/landings/207645/1613486508/images/ Frame 1FB0 |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
yes.png
cdn-bimi.akamaized.net/landings/207645/1613486508/images/ Frame 1FB0 |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1.jpg
cdn-bimi.akamaized.net/landings/207645/1613486508/images/ Frame 1FB0 |
131 KB 131 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pattern.png
cdn-bimi.akamaized.net/landings/207645/1613486508/images/ Frame 1FB0 |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v17/ Frame 1FB0 |
23 KB 23 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Porn Scam (Online)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| splashpage object| d string| expires object| xhr string| params10 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.fuckteeangers.net/ | Name: unique_id Value: 6042361a0007aad6 |
|
.us1-paypal.com/ | Name: antibot_unique_20210425 Value: 1 |
|
us1-paypal.com/ | Name: hit Value: 1 |
|
us1-paypal.com/ | Name: antibot_referer Value: http%3A%2F%2Fus1-paypal.com%2F |
|
.us1-paypal.com/ | Name: antibot_ptr Value: 89.249.64.252 |
|
.us1-paypal.com/ | Name: antibot_country Value: DE |
|
www.fuckteeangers.net/ | Name: unique_411736 Value: unique_411736 |
|
us1-paypal.com/ | Name: antibot_1c6d3b1b0370c2c41946b58abba512f9 Value: d467e38392d1bdaf4d423cb0959ccaf7 |
|
.us1-paypal.com/ | Name: antibot_lang Value: en |
|
us1-paypal.com/ | Name: antibot_uid Value: 0949f22120e848e153c13f1e4e3d9916 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn-bimi.akamaized.net
cloud.antibot.cloud
counter.yadro.ru
fonts.googleapis.com
fonts.gstatic.com
rvzqo.whore4you.net
stackpath.bootstrapcdn.com
us1-paypal.com
www.fuckteeangers.net
www.googletagmanager.com
188.165.242.45
2.16.186.96
2606:4700::6812:bcf
2a00:1450:4001:802::200a
2a00:1450:4001:812::2008
2a00:1450:4001:828::2003
2a05:d018:244:5200::ab
64.225.92.243
88.212.201.198
0aa575ab7a50d63721a0bdc438eb3b4e627e372256c9e7007ae2523f02d191e3
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6
322d600431f53fb186989dad7e4ed1365b0d3012a808cd114390855a0dce16a6
40a9fd87400c324af68c8e913d585a1af1a2b8b8d7896a616a0ef5b6114bf4ad
4f492217356942753e3ae962475ec7ca6f0715adc04b49021d39401d83b72e5d
573db3df43e8b4f3d2e442caccee1c2303b36c22607d66a3204335d126ce1307
5b4d4cae29cf6872039e885d2f0b81f504f8f704eba580c3178e58d12d870e09
5cbc28ef1cf07ab8956014b581aa2b96baac861237975813702e63c886b0c004
6bfdecff876226c1e233f71e7b0b1a6e0eb238281a52156c39f051691dd88a43
9c28c3d5e8e448f47572b228ba59607864127bbeda745c57a25a7a145b2f91c5
b845f4e97a3bf0bed04e87cc7f1ae7a96160e85115f2f5052f1581b440888234
bb957fb88aa5244148fa06575079bbaea991f8cb043b809d600766c652d81082
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c4e62e899d387cd5be4770f35d30a90a4a0b7690e5a70fe510d61192a55df2fb
eb5dda939023785c134d2529e3a57d23691b3f6315ecc85d54135680af85c8d4
fa523f248a332cb89ae3ad8cf51d840153e0f96bcc2a4c8db736e02a340dab48
fedd7527d1cceee3052bf4bb62e76d56e8200a115d8a2affae23a125578b7ad1