us1-paypal.com Open in urlscan Pro
188.165.242.45 Malicious Activity! Public Scan

URL:
http://us1-paypal.com/
Submission: On April 25 via api (April 25th 2021, 5:44:59 am UTC) from US

Summary HTTP 20 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 9 IPs in 5 countries across 10 domains to perform 20 HTTP transactions. The main IP is 188.165.242.45, located in France and belongs to OVH, FR. The main domain is us1-paypal.com.

This is the only time us1-paypal.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Porn Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
3	188.165.242.45 188.165.242.45	16276 (OVH) (OVH)
2	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	64.225.92.243 64.225.92.243	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2 3	88.212.201.198 88.212.201.198	39134 (UNITEDNET) (UNITEDNET)
1 2	2a05:d018:244... 2a05:d018:244:5200::ab	16509 (AMAZON-02) (AMAZON-02)
9	2.16.186.96 2.16.186.96	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
20	9

3 188.165.242.45 (France)

ASN16276 (OVH, FR)
PTR: 181.rbx.abcvg.ovh

us1-paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.225.92.243 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)

cloud.antibot.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 88.212.201.198 (Russian Federation) 2 redirects

ASN39134 (UNITEDNET, RU)
PTR: host198.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:244:5200::ab (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

rvzqo.whore4you.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.fuckteeangers.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2.16.186.96 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-96.deploy.static.akamaitechnologies.com

cdn-bimi.akamaized.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	akamaized.net cdn-bimi.akamaized.net	234 KB
3	yadro.ru 2 redirects counter.yadro.ru	2 KB
3	us1-paypal.com us1-paypal.com	11 KB
2	bootstrapcdn.com stackpath.bootstrapcdn.com	43 KB
1	gstatic.com fonts.gstatic.com	23 KB
1	googletagmanager.com www.googletagmanager.com	30 KB
1	googleapis.com fonts.googleapis.com	451 B
1	fuckteeangers.net www.fuckteeangers.net	2 KB
1	whore4you.net 1 redirects rvzqo.whore4you.net	495 B
1	antibot.cloud cloud.antibot.cloud	333 B
20	10

	Domain	Requested by
9	cdn-bimi.akamaized.net	www.fuckteeangers.net cdn-bimi.akamaized.net
3	counter.yadro.ru	2 redirects us1-paypal.com
3	us1-paypal.com	us1-paypal.com
2	stackpath.bootstrapcdn.com	us1-paypal.com
1	fonts.gstatic.com	fonts.googleapis.com
1	www.googletagmanager.com	www.fuckteeangers.net
1	fonts.googleapis.com	cdn-bimi.akamaized.net
1	www.fuckteeangers.net	us1-paypal.com
1	rvzqo.whore4you.net	1 redirects
1	cloud.antibot.cloud	us1-paypal.com
20	10

This site contains links to these domains. Also see Links.

Domain
www.liveinternet.ru

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-01` - `2022-02-28`	a year	crt.sh
cloud.antibot.cloud Sectigo RSA Domain Validation Secure Server CA	`2021-01-25` - `2022-01-25`	a year	crt.sh
counter.yadro.ru R3	`2021-03-22` - `2021-06-20`	3 months	crt.sh
*.fuckteeangers.net R3	`2021-04-21` - `2021-07-20`	3 months	crt.sh
a248.e.akamai.net DigiCert Secure Site ECC CA-1	`2020-07-15` - `2021-09-13`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh

This page contains 2 frames:

Primary Page: http://us1-paypal.com/
Frame ID: 7DFFE2ABDAC33C779E725C27442F4FD3
Requests: 7 HTTP requests in this frame

Frame: https://www.fuckteeangers.net/c/4c8a669b83e6c2d3?&click_id=hawsd608501ca00052357&s1=31972&s2=1237048&s3=backuser&s5=&lp=MJ&j4=&j5=&j6=%3Cj6%3E&j8=
Frame ID: 1FB065818181F8F7206D40EC456BC498
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://us1-paypal.com/ Page URL
http://us1-paypal.com/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

20
Requests

85 %
HTTPS

56 %
IPv6

10
Domains

10
Subdomains

9
IPs

5
Countries

344 kB
Transfer

858 kB
Size

10
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://www.liveinternet.ru/click;ipkref

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://us1-paypal.com/ Page URL
http://us1-paypal.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

http://counter.yadro.ru/hit;ipkref?t44.6;rhttp%3A//us1-paypal.com/;s1600*1200*24;uhttp%3A//us1-paypal.com/;hWord%20essay;0.02887008762471477 HTTP 302
https://counter.yadro.ru/hit;ipkref?t44.6;rhttp%3A//us1-paypal.com/;s1600*1200*24;uhttp%3A//us1-paypal.com/;hWord%20essay;0.02887008762471477 HTTP 302
https://counter.yadro.ru/hit;ipkref?q;t44.6;rhttp%3A//us1-paypal.com/;s1600*1200*24;uhttp%3A//us1-paypal.com/;hWord%20essay;0.02887008762471477

Request Chain 5

https://rvzqo.whore4you.net/c/1e3a4e532f1c7040?s1=31972&s2=1237048&j1=1&j3=1 HTTP 302
https://www.fuckteeangers.net/c/4c8a669b83e6c2d3?&click_id=hawsd608501ca00052357&s1=31972&s2=1237048&s3=backuser&s5=&lp=MJ&j4=&j5=&j6=%3Cj6%3E&j8=

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Cookie set / Show response
us1-paypal.com/ 5 KB
6 KB 112ms
61ms Document
text/html 188.165.242.45
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://us1-paypal.com/
Protocol: HTTP/1.1
Server: 188.165.242.45 , France, ASN16276 (OVH, FR),
Reverse DNS: 181.rbx.abcvg.ovh
Software: nginx/1.16.1 /
Resource Hash: 40a9fd87400c324af68c8e913d585a1af1a2b8b8d7896a616a0ef5b6114bf4ad

Request headers

Host: us1-paypal.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: nginx/1.16.1
Date: Sun, 25 Apr 2021 05:44:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: antibot_uid=0949f22120e848e153c13f1e4e3d9916; expires=Mon, 25-Apr-2022 05:44:41 GMT; Max-Age=31536000; path=/ antibot_referer=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ antibot_country=DE; expires=Mon, 26-Apr-2021 05:44:41 GMT; Max-Age=86400; path=/; domain=us1-paypal.com antibot_lang=en; expires=Mon, 26-Apr-2021 05:44:41 GMT; Max-Age=86400; path=/; domain=us1-paypal.com antibot_ptr=89.249.64.252; expires=Mon, 26-Apr-2021 05:44:41 GMT; Max-Age=86400; path=/; domain=us1-paypal.com
X-Powered-CMS: AntiBot.Cloud (See: https://antibot.cloud/)
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate

GET
H2 200 bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/ 156 KB
21 KB 41ms
18ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css

Requested by

Host: us1-paypal.com
URL: http://us1-paypal.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: http://us1-paypal.com
Referer: http://us1-paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 25 Apr 2021 05:44:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 617
age: 172767
cdn-cachedat: 2021-04-23 06:41:52
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09a92812530000323c45baa000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:09 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 406612b6bc9b65dec7dc041eb5c39d5e
cf-ray: 645542ca1ad0323c-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

POST
H2 200 antibot7.php
cloud.antibot.cloud/ 72 B
333 B 56ms
30ms XHR
text/html 64.225.92.243
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://cloud.antibot.cloud/antibot7.php
Requested by: Host: us1-paypal.com
URL: http://us1-paypal.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.225.92.243 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: http://us1-paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/x-www-form-urlencoded;

Response headers

date: Sun, 25 Apr 2021 05:44:42 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: POST
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
access-control-allow-headers: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK Primary Request Cookie set / Show response
us1-paypal.com/ 4 KB
5 KB 20ms
19ms Document
text/html 188.165.242.45
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://us1-paypal.com/
Requested by: Host: us1-paypal.com
URL: http://us1-paypal.com/
Protocol: HTTP/1.1
Server: 188.165.242.45 , France, ASN16276 (OVH, FR),
Reverse DNS: 181.rbx.abcvg.ovh
Software: nginx/1.16.1 /
Resource Hash: 5b4d4cae29cf6872039e885d2f0b81f504f8f704eba580c3178e58d12d870e09

Request headers

Host: us1-paypal.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://us1-paypal.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Cookie: antibot_uid=0949f22120e848e153c13f1e4e3d9916; antibot_country=DE; antibot_lang=en; antibot_ptr=89.249.64.252; antibot_1c6d3b1b0370c2c41946b58abba512f9=d467e38392d1bdaf4d423cb0959ccaf7; lastcid=1619329481.2136
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://us1-paypal.com/

Response headers

Server: nginx/1.16.1
Date: Sun, 25 Apr 2021 05:44:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: antibot_referer=http%3A%2F%2Fus1-paypal.com%2F; expires=Thu, 24-Jun-2021 05:44:42 GMT; Max-Age=5184000; path=/ antibot_unique_20210425=1; expires=Mon, 26-Apr-2021 05:44:42 GMT; Max-Age=86400; path=/; domain=us1-paypal.com lastcid=0; expires=Sun, 25-Apr-2021 05:43:02 GMT; Max-Age=0; path=/

GET
H3-29 200 bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/ 156 KB
21 KB 29ms
20ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css

Requested by

Host: us1-paypal.com
URL: http://us1-paypal.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://us1-paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 25 Apr 2021 05:44:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617
age: 2882236
cdn-cachedat: 2021-03-11 11:57:54
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09a92816f800004ab5ffbcb000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:09 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: dcdee09e0424662ab2f23fa5a2fdac32
cf-ray: 645542d1898c4ab5-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H/1.1

200
OK

hit;ipkref
counter.yadro.ru/
Redirect Chain

http://counter.yadro.ru/hit;ipkref?t44.6;rhttp%3A//us1-paypal.com/;s1600*1200*24;uhttp%3A//us1-paypal.com/;hWord%20essay;0.02887008762471477
https://counter.yadro.ru/hit;ipkref?t44.6;rhttp%3A//us1-paypal.com/;s1600*1200*24;uhttp%3A//us1-paypal.com/;hWord%20essay;0.02887008762471477
https://counter.yadro.ru/hit;ipkref?q;t44.6;rhttp%3A//us1-paypal.com/;s1600*1200*24;uhttp%3A//us1-paypal.com/;hWord%20essay;0.02887008762471477

132 B
586 B

47ms
47ms

Image
image/gif

88.212.201.198
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://counter.yadro.ru/hit;ipkref?q;t44.6;rhttp%3A//us1-paypal.com/;s1600*1200*24;uhttp%3A//us1-paypal.com/;hWord%20essay;0.02887008762471477

Requested by

Host: us1-paypal.com
URL: http://us1-paypal.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

88.212.201.198 , Russian Federation, ASN39134 (UNITEDNET, RU),

Reverse DNS

host198.rax.ru

Software

nginx/1.17.9 /

Resource Hash

fa523f248a332cb89ae3ad8cf51d840153e0f96bcc2a4c8db736e02a340dab48

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: http://us1-paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 25 Apr 2021 05:44:42 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Cache-control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 132
Expires: Fri, 24 Apr 2020 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 25 Apr 2021 05:44:42 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Location: https://counter.yadro.ru/hit;ipkref?q;t44.6;rhttp%3A//us1-paypal.com/;s1600*1200*24;uhttp%3A//us1-paypal.com/;hWord%20essay;0.02887008762471477
Cache-control: no-cache
Connection: keep-alive
Content-Type: text/html
Content-Length: 32
Expires: Fri, 24 Apr 2020 21:00:00 GMT

GET
H2

200

4c8a669b83e6c2d3 Show response
www.fuckteeangers.net/c/ Frame 1FB0
Redirect Chain

https://rvzqo.whore4you.net/c/1e3a4e532f1c7040?s1=31972&s2=1237048&j1=1&j3=1
https://www.fuckteeangers.net/c/4c8a669b83e6c2d3?&click_id=hawsd608501ca00052357&s1=31972&s2=1237048&s3=backuser&s5=&lp=MJ&j4=&j5=&j6=%3Cj6%3E&j8=

6 KB
2 KB

99ms
41ms

Document
text/html

2a05:d018:244:5200::ab
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.fuckteeangers.net/c/4c8a669b83e6c2d3?&click_id=hawsd608501ca00052357&s1=31972&s2=1237048&s3=backuser&s5=&lp=MJ&j4=&j5=&j6=%3Cj6%3E&j8=
Requested by: Host: us1-paypal.com
URL: http://us1-paypal.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:244:5200::ab Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: bb957fb88aa5244148fa06575079bbaea991f8cb043b809d600766c652d81082

Request headers

:method: GET
:authority: www.fuckteeangers.net
:scheme: https
:path: /c/4c8a669b83e6c2d3?&click_id=hawsd608501ca00052357&s1=31972&s2=1237048&s3=backuser&s5=&lp=MJ&j4=&j5=&j6=%3Cj6%3E&j8=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://us1-paypal.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: about:blank

Response headers

server: nginx
date: Sun, 25 Apr 2021 05:44:42 GMT
content-type: text/html; charset=utf-8
set-cookie: unique_411736=unique_411736; Path=/; Expires=Thu, 24 Jun 2021 05:44:42 GMT; Secure; SameSite=None unique_id=6042361a0007aad6; Path=/; Expires=Thu, 24 Jun 2021 05:44:42 GMT; Secure; SameSite=None impression=; Path=/; Expires=Sun, 25 Apr 2021 05:44:42 GMT; Secure; SameSite=None
content-encoding: gzip

Redirect headers

server: nginx
date: Sun, 25 Apr 2021 05:44:42 GMT
content-type: text/html; charset=utf-8
content-length: 211
location: https://www.fuckteeangers.net/c/4c8a669b83e6c2d3?&click_id=hawsd608501ca00052357&s1=31972&s2=1237048&s3=backuser&s5=&lp=MJ&j4=&j5=&j6=<j6>&j8=
set-cookie: unique_543988=unique_543988; Path=/; Expires=Thu, 24 Jun 2021 05:44:42 GMT; Secure; SameSite=None unique_id=6042361a0007aad6; Path=/; Expires=Thu, 24 Jun 2021 05:44:42 GMT; Secure; SameSite=None impression=; Path=/; Expires=Sun, 25 Apr 2021 05:44:42 GMT; Secure; SameSite=None tid=hawsd608501ca00052357; Path=/; Expires=Mon, 30 Mar 2026 05:44:42 GMT; Secure; SameSite=None

POST
H/1.1 200
OK cntr.php Show response
us1-paypal.com/ 2 B
205 B 16ms
16ms XHR
text/html 188.165.242.45
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://us1-paypal.com/cntr.php
Requested by: Host: us1-paypal.com
URL: http://us1-paypal.com/
Protocol: HTTP/1.1
Server: 188.165.242.45 , France, ASN16276 (OVH, FR),
Reverse DNS: 181.rbx.abcvg.ovh
Software: nginx/1.16.1 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Pragma: no-cache
Origin: http://us1-paypal.com
Accept-Encoding: gzip, deflate
Host: us1-paypal.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept: */*
Cache-Control: no-cache
Referer: http://us1-paypal.com/
Cookie: antibot_uid=0949f22120e848e153c13f1e4e3d9916; antibot_country=DE; antibot_lang=en; antibot_ptr=89.249.64.252; antibot_1c6d3b1b0370c2c41946b58abba512f9=d467e38392d1bdaf4d423cb0959ccaf7; antibot_referer=http%3A%2F%2Fus1-paypal.com%2F; antibot_unique_20210425=1; hit=1
Connection: keep-alive
Content-Length: 42
Referer: http://us1-paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Sun, 25 Apr 2021 05:44:42 GMT
Server: nginx/1.16.1
Connection: keep-alive
X-Robots-Tag: noindex
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK main.css
cdn-bimi.akamaized.net/landings/207645/1613486508/css/ Frame 1FB0 17 KB
3 KB 77ms
18ms Stylesheet
text/css 2.16.186.96
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-bimi.akamaized.net/landings/207645/1613486508/css/main.css?1613486508
Requested by: Host: www.fuckteeangers.net
URL: https://www.fuckteeangers.net/c/4c8a669b83e6c2d3?&click_id=hawsd608501ca00052357&s1=31972&s2=1237048&s3=backuser&s5=&lp=MJ&j4=&j5=&j6=%3Cj6%3E&j8=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.186.96 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-96.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: b845f4e97a3bf0bed04e87cc7f1ae7a96160e85115f2f5052f1581b440888234

Request headers

Referer: https://www.fuckteeangers.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 25 Apr 2021 05:44:42 GMT
Content-Encoding: gzip
Last-Modified: Tue, 16 Feb 2021 14:41:51 GMT
Server: AmazonS3
x-amz-request-id: 19FF63B378B38D33
ETag: "03281021ebf5d304d0fd2b71f58e8538"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Alt-Svc: h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Content-Length: 3003
x-amz-id-2: JE215sSIg7/cJdDOD8fuw1ivMhpWo0M47h1/vGMCKoQTEnp0DG6hTj8gsFsvixVHFJ1d1uOQMHk=

GET
H/1.1 200
OK script.min.js Show response
cdn-bimi.akamaized.net/landings/207645/1613486508/js/ Frame 1FB0 252 KB
75 KB 94ms
36ms Script
text/javascript 2.16.186.96
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-bimi.akamaized.net/landings/207645/1613486508/js/script.min.js?1613486508
Requested by: Host: www.fuckteeangers.net
URL: https://www.fuckteeangers.net/c/4c8a669b83e6c2d3?&click_id=hawsd608501ca00052357&s1=31972&s2=1237048&s3=backuser&s5=&lp=MJ&j4=&j5=&j6=%3Cj6%3E&j8=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.186.96 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-96.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 322d600431f53fb186989dad7e4ed1365b0d3012a808cd114390855a0dce16a6

Request headers

Referer: https://www.fuckteeangers.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 25 Apr 2021 05:44:42 GMT
Content-Encoding: gzip
Last-Modified: Tue, 16 Feb 2021 14:41:51 GMT
Server: AmazonS3
x-amz-request-id: AFA8F371D63CF4D1
ETag: "28c2e529f18ba1afa7f17dc8776448d0"
Vary: Accept-Encoding
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Accept-Ranges: bytes
Alt-Svc: h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
x-amz-id-2: mtd/ttsQXHDqY+o4rEGVOT0zKs2Bl4RrzVi3EPbMgZgsML/Z6bXr1DBE0YRCAIZIr2Zsd/5e67k=

GET
H/1.1 200
OK function.js Show response
cdn-bimi.akamaized.net/landings/207645/1613486508/js/ Frame 1FB0 768 B
1 KB 79ms
18ms Script
text/javascript 2.16.186.96
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-bimi.akamaized.net/landings/207645/1613486508/js/function.js?1613486508
Requested by: Host: www.fuckteeangers.net
URL: https://www.fuckteeangers.net/c/4c8a669b83e6c2d3?&click_id=hawsd608501ca00052357&s1=31972&s2=1237048&s3=backuser&s5=&lp=MJ&j4=&j5=&j6=%3Cj6%3E&j8=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.186.96 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-96.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: c4e62e899d387cd5be4770f35d30a90a4a0b7690e5a70fe510d61192a55df2fb

Request headers

Referer: https://www.fuckteeangers.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 25 Apr 2021 05:44:42 GMT
Last-Modified: Tue, 16 Feb 2021 14:41:51 GMT
Server: AmazonS3
x-amz-request-id: 0203DDBA0BBFD5A3
ETag: "26b0713adea8f1ba936e44ca1dde0b9c"
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Alt-Svc: h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Content-Length: 768
x-amz-id-2: b2jkUuACawDfLWxEsJzZrLLrH0d/mfeRN2RdrLQuh+HCdo6OEO6ln6OxpP+HQ0Re73A/n/ZuX34=

GET
H/1.1 200
OK translate.js Show response
cdn-bimi.akamaized.net/landings/207645/1613486508/js/ Frame 1FB0 20 KB
9 KB 99ms
26ms Script
text/javascript 2.16.186.96
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-bimi.akamaized.net/landings/207645/1613486508/js/translate.js?1613486508
Requested by: Host: www.fuckteeangers.net
URL: https://www.fuckteeangers.net/c/4c8a669b83e6c2d3?&click_id=hawsd608501ca00052357&s1=31972&s2=1237048&s3=backuser&s5=&lp=MJ&j4=&j5=&j6=%3Cj6%3E&j8=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.186.96 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-96.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 0aa575ab7a50d63721a0bdc438eb3b4e627e372256c9e7007ae2523f02d191e3

Request headers

Referer: https://www.fuckteeangers.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 25 Apr 2021 05:44:42 GMT
Content-Encoding: gzip
Last-Modified: Tue, 16 Feb 2021 14:41:51 GMT
Server: AmazonS3
x-amz-request-id: 1853AEDADCD384D6
ETag: "cf2d0554e35d77b3b6c00a8d6e2ec90f"
Vary: Accept-Encoding
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Alt-Svc: h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Content-Length: 9148
x-amz-id-2: 6x6vvWlgbNIcm3DZIk9jhoQoY0sPo7o9qIArnfL6OdTto8yRccKmfr1pjv/PbmKlYbJpllwm01E=

GET
H/1.1 200
OK 01.png
cdn-bimi.akamaized.net/landings/207645/1613486508/images/ Frame 1FB0 2 KB
3 KB 44ms
18ms Image
image/png 2.16.186.96
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-bimi.akamaized.net/landings/207645/1613486508/images/01.png
Requested by: Host: www.fuckteeangers.net
URL: https://www.fuckteeangers.net/c/4c8a669b83e6c2d3?&click_id=hawsd608501ca00052357&s1=31972&s2=1237048&s3=backuser&s5=&lp=MJ&j4=&j5=&j6=%3Cj6%3E&j8=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.186.96 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-96.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: eb5dda939023785c134d2529e3a57d23691b3f6315ecc85d54135680af85c8d4

Request headers

Referer: https://www.fuckteeangers.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 25 Apr 2021 05:44:42 GMT
Last-Modified: Tue, 16 Feb 2021 14:41:51 GMT
Server: AmazonS3
x-amz-request-id: 14B34AFE20A6F06A
ETag: "2e2055babda4e03334743d31bb3fcc3d"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2499
x-amz-id-2: 0xnABe8+9lcG80S8pHf/oPrY0B2w4jrd13+UQfPViVUqQFhSIqb9aMfV3a6tdG8bKxCtomts094=

GET
H2 200 css
fonts.googleapis.com/ Frame 1FB0 664 B
451 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato&subset=latin-ext

Requested by

Host: cdn-bimi.akamaized.net
URL: https://cdn-bimi.akamaized.net/landings/207645/1613486508/css/main.css?1613486508

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4f492217356942753e3ae962475ec7ca6f0715adc04b49021d39401d83b72e5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://cdn-bimi.akamaized.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 25 Apr 2021 05:08:50 GMT
server: ESF
date: Sun, 25 Apr 2021 05:44:42 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 25 Apr 2021 05:44:42 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 1FB0 77 KB
30 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PPJGZHL

Requested by

Host: www.fuckteeangers.net
URL: https://www.fuckteeangers.net/c/4c8a669b83e6c2d3?&click_id=hawsd608501ca00052357&s1=31972&s2=1237048&s3=backuser&s5=&lp=MJ&j4=&j5=&j6=%3Cj6%3E&j8=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

573db3df43e8b4f3d2e442caccee1c2303b36c22607d66a3204335d126ce1307

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fuckteeangers.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 25 Apr 2021 05:44:42 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30933
x-xss-protection: 0
last-modified: Sun, 25 Apr 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 25 Apr 2021 05:44:42 GMT

GET
H/1.1 200
OK no.png
cdn-bimi.akamaized.net/landings/207645/1613486508/images/ Frame 1FB0 3 KB
3 KB 35ms
24ms Image
image/png 2.16.186.96
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-bimi.akamaized.net/landings/207645/1613486508/images/no.png
Requested by: Host: cdn-bimi.akamaized.net
URL: https://cdn-bimi.akamaized.net/landings/207645/1613486508/css/main.css?1613486508
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.186.96 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-96.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: fedd7527d1cceee3052bf4bb62e76d56e8200a115d8a2affae23a125578b7ad1

Request headers

Referer: https://cdn-bimi.akamaized.net/landings/207645/1613486508/css/main.css?1613486508
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 25 Apr 2021 05:44:42 GMT
Last-Modified: Tue, 16 Feb 2021 14:41:50 GMT
Server: AmazonS3
x-amz-request-id: EBD89AF44D22E952
ETag: "e51438397f6333f22081857d4236efca"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3134
x-amz-id-2: evgClxqTTcZcsWBrKIrszvB7wRL02h3jblLcW5v1Y/zpFkZQnKMQYo50X0gQFvld6eeSY3Gdpog=

GET
H/1.1 200
OK yes.png
cdn-bimi.akamaized.net/landings/207645/1613486508/images/ Frame 1FB0 3 KB
4 KB 30ms
18ms Image
image/png 2.16.186.96
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-bimi.akamaized.net/landings/207645/1613486508/images/yes.png
Requested by: Host: cdn-bimi.akamaized.net
URL: https://cdn-bimi.akamaized.net/landings/207645/1613486508/css/main.css?1613486508
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.186.96 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-96.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 6bfdecff876226c1e233f71e7b0b1a6e0eb238281a52156c39f051691dd88a43

Request headers

Referer: https://cdn-bimi.akamaized.net/landings/207645/1613486508/css/main.css?1613486508
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 25 Apr 2021 05:44:42 GMT
Last-Modified: Tue, 16 Feb 2021 14:41:50 GMT
Server: AmazonS3
x-amz-request-id: E1EC4EF235C5DEA2
ETag: "3d0dab8337c085af1541ee5b7d63b53b"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3480
x-amz-id-2: Uef6CSBdgCQd4MNfTQoSZZC2OI3QP6QdrFCo3Z0/K04EJBnVCcPtqvL1eeiaHBGvQqVVHzMCX4M=

GET
H/1.1 200
OK 1.jpg
cdn-bimi.akamaized.net/landings/207645/1613486508/images/ Frame 1FB0 131 KB
131 KB 30ms
19ms Image
image/jpeg 2.16.186.96
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-bimi.akamaized.net/landings/207645/1613486508/images/1.jpg
Requested by: Host: cdn-bimi.akamaized.net
URL: https://cdn-bimi.akamaized.net/landings/207645/1613486508/css/main.css?1613486508
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.186.96 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-96.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 9c28c3d5e8e448f47572b228ba59607864127bbeda745c57a25a7a145b2f91c5

Request headers

Referer: https://cdn-bimi.akamaized.net/landings/207645/1613486508/css/main.css?1613486508
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 25 Apr 2021 05:44:42 GMT
Last-Modified: Tue, 16 Feb 2021 14:41:50 GMT
Server: AmazonS3
x-amz-request-id: 2DE4097C4CAEFF88
ETag: "f78bd7a03d496910454e31b840f0538d"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 133915
x-amz-id-2: rDIPjCrCeStL27ccDuCcp56pKAutphuMICfvZLCQlv+epOsbJDAiWp9hzVxjw9mb2nAR9/qdGEA=

GET
H/1.1 200
OK pattern.png
cdn-bimi.akamaized.net/landings/207645/1613486508/images/ Frame 1FB0 3 KB
3 KB 49ms
18ms Image
image/png 2.16.186.96
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-bimi.akamaized.net/landings/207645/1613486508/images/pattern.png
Requested by: Host: cdn-bimi.akamaized.net
URL: https://cdn-bimi.akamaized.net/landings/207645/1613486508/css/main.css?1613486508
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.186.96 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-96.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 5cbc28ef1cf07ab8956014b581aa2b96baac861237975813702e63c886b0c004

Request headers

Referer: https://cdn-bimi.akamaized.net/landings/207645/1613486508/css/main.css?1613486508
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 25 Apr 2021 05:44:42 GMT
Last-Modified: Tue, 16 Feb 2021 14:41:50 GMT
Server: AmazonS3
x-amz-request-id: EB55A584334F2F08
ETag: "f06b5903c3ed5ef39db9b98b60deba70"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2801
x-amz-id-2: WNyQlxsHESQFNbfoc/jQD9qTL4sGl0A1iYCDH+3Le80fn3Evc5JJ/Q91VsBpRIJiPe64qowoDAg=

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v17/ Frame 1FB0 23 KB
23 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato&subset=latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.fuckteeangers.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 15:44:07 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:46 GMT
server: sffe
age: 223235
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
expires: Fri, 22 Apr 2022 15:44:07 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Porn Scam (Online)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.fuckteeangers.net/	1970-01-19 19:15:13	Name: unique_id Value: 6042361a0007aad6
.us1-paypal.com/	1970-01-19 17:50:15	Name: antibot_unique_20210425 Value: 1
us1-paypal.com/	1970-01-19 17:50:15	Name: hit Value: 1
us1-paypal.com/	1970-01-19 19:15:13	Name: antibot_referer Value: http%3A%2F%2Fus1-paypal.com%2F
.us1-paypal.com/	1970-01-19 17:50:15	Name: antibot_ptr Value: 89.249.64.252
.us1-paypal.com/	1970-01-19 17:50:15	Name: antibot_country Value: DE
www.fuckteeangers.net/	1970-01-19 19:15:13	Name: unique_411736 Value: unique_411736
us1-paypal.com/	1970-01-19 17:58:54	Name: antibot_1c6d3b1b0370c2c41946b58abba512f9 Value: d467e38392d1bdaf4d423cb0959ccaf7
.us1-paypal.com/	1970-01-19 17:50:15	Name: antibot_lang Value: en
us1-paypal.com/	1970-01-20 02:34:25	Name: antibot_uid Value: 0949f22120e848e153c13f1e4e3d9916

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: http://us1-paypal.com/(Line 91) Message: good: 200

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn-bimi.akamaized.net
cloud.antibot.cloud
counter.yadro.ru
fonts.googleapis.com
fonts.gstatic.com
rvzqo.whore4you.net
stackpath.bootstrapcdn.com
us1-paypal.com
www.fuckteeangers.net
www.googletagmanager.com
188.165.242.45
2.16.186.96
2606:4700::6812:bcf
2a00:1450:4001:802::200a
2a00:1450:4001:812::2008
2a00:1450:4001:828::2003
2a05:d018:244:5200::ab
64.225.92.243
88.212.201.198
0aa575ab7a50d63721a0bdc438eb3b4e627e372256c9e7007ae2523f02d191e3
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6
322d600431f53fb186989dad7e4ed1365b0d3012a808cd114390855a0dce16a6
40a9fd87400c324af68c8e913d585a1af1a2b8b8d7896a616a0ef5b6114bf4ad
4f492217356942753e3ae962475ec7ca6f0715adc04b49021d39401d83b72e5d
573db3df43e8b4f3d2e442caccee1c2303b36c22607d66a3204335d126ce1307
5b4d4cae29cf6872039e885d2f0b81f504f8f704eba580c3178e58d12d870e09
5cbc28ef1cf07ab8956014b581aa2b96baac861237975813702e63c886b0c004
6bfdecff876226c1e233f71e7b0b1a6e0eb238281a52156c39f051691dd88a43
9c28c3d5e8e448f47572b228ba59607864127bbeda745c57a25a7a145b2f91c5
b845f4e97a3bf0bed04e87cc7f1ae7a96160e85115f2f5052f1581b440888234
bb957fb88aa5244148fa06575079bbaea991f8cb043b809d600766c652d81082
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c4e62e899d387cd5be4770f35d30a90a4a0b7690e5a70fe510d61192a55df2fb
eb5dda939023785c134d2529e3a57d23691b3f6315ecc85d54135680af85c8d4
fa523f248a332cb89ae3ad8cf51d840153e0f96bcc2a4c8db736e02a340dab48
fedd7527d1cceee3052bf4bb62e76d56e8200a115d8a2affae23a125578b7ad1

us1-paypal.com Open in urlscan Pro 188.165.242.45 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

85 %HTTPS

56 %IPv6

10 Domains

10 Subdomains

9 IPs

5 Countries

344 kBTransfer

858 kBSize

10 Cookies

1 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

10 Cookies

1 Console Messages

Indicators

us1-paypal.com Open in urlscan Pro
188.165.242.45 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

85 %
HTTPS

56 %
IPv6

10
Domains

10
Subdomains

9
IPs

5
Countries

344 kB
Transfer

858 kB
Size

10
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!