paypall.wellmargo.com Open in urlscan Pro
2606:4700:3033::ac43:b8a4 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://paypall.wellmargo.com/
Submission: On March 17 via automatic, source certstream-suspicious (March 17th 2024, 1:55:47 pm UTC) — Scanned from DE

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 18 HTTP transactions. The main IP is 2606:4700:3033::ac43:b8a4, located in United States and belongs to CLOUDFLARENET, US. The main domain is paypall.wellmargo.com.
TLS certificate: Issued by GTS CA 1P5 on February 29th 2024. Valid for: 3 months.

This is the only time paypall.wellmargo.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
4	2606:4700:303... 2606:4700:3033::ac43:b8a4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:e6:... 2606:4700:e6::ac40:ce26	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
4	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700:20:... 2606:4700:20::ac43:4890	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
18	6

4 2606:4700:3033::ac43:b8a4 (United States)

ASN13335 (CLOUDFLARENET, US)

paypall.wellmargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:e6::ac40:ce26 (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:20::ac43:4890 (United States)

ASN13335 (CLOUDFLARENET, US)

app.ardalio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	ardalio.com app.ardalio.com — Cisco Umbrella Rank: 78809	7 KB
4	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 346	81 KB
4	wellmargo.com paypall.wellmargo.com	114 KB
3	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1184	21 KB
2	gstatic.com fonts.gstatic.com	42 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 38	208 KB
18	6

	Domain	Requested by
4	app.ardalio.com	paypall.wellmargo.com app.ardalio.com
4	cdn.jsdelivr.net	paypall.wellmargo.com
4	paypall.wellmargo.com	paypall.wellmargo.com
3	use.fontawesome.com	paypall.wellmargo.com use.fontawesome.com
2	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	paypall.wellmargo.com
18	6

This site contains no links.

Subject Issuer	Validity	Valid
wellmargo.com GTS CA 1P5	`2024-02-29` - `2024-05-29`	3 months	crt.sh
use.fontawesome.com Cloudflare Inc ECC CA-3	`2023-10-12` - `2024-10-10`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
ardalio.com GTS CA 1P5	`2024-01-24` - `2024-04-23`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://paypall.wellmargo.com/
Frame ID: 3C8F381A6798F981FDAB4550D6016A22
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign In

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

18
Requests

100 %
HTTPS

100 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

473 kB
Transfer

1443 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
paypall.wellmargo.com/ 5 KB
2 KB 217ms
129ms Document
text/html 2606:4700:3033::ac43:b8a4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paypall.wellmargo.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:b8a4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4cec5cc3d371f94f08a60359a9b091741063dee000b4dfe0ac5522bad4019dc3

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 865d7b73de6a18c3-FRA
content-encoding: br
content-type: text/html
date: Sun, 17 Mar 2024 13:55:43 GMT
last-modified: Sun, 17 Mar 2024 13:54:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z%2B9vkgo5UNcb1mCdqr%2FrR6jxf4TtU0lft%2BdHv4UiGogTBTa5C8Y1tGoNkjvuum%2BjVOU3OxtM61TKXs4uz7FWqAHldHjD9bwdET%2BU7Ymc3gtjl%2BguKsuBl093vDsXogmCmtlurqK5J%2Fr1%2FCf%2FuVr7iYvdvaQ%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 all.css
use.fontawesome.com/releases/v5.14.0/css/ 58 KB
13 KB 82ms
36ms Stylesheet
text/css 2606:4700:e6::ac40:ce26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.14.0/css/all.css
Requested by: Host: paypall.wellmargo.com
URL: https://paypall.wellmargo.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ce26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paypall.wellmargo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 17 Mar 2024 13:55:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 22 Sep 2023 01:45:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 330942
etag: W/"84d8ad2b4fcdc0f0c58247e778133b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4%2F%2Bq3OG0x8%2BvxNMxQ5MbUzcnKPNNRcEBx9ko1%2BvyPYO4NEgG1VPcggoSp888l1ORP5epkfWEMdIXVyO2AJfFTxEoP2ZCDjRJfXSdXa5Hzes7mQZo8JxFyWHiiq%2Bfw0Ugme28OS86tvs7Q%2BxQlIDsZjcE"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 865d7b74e899693d-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 5252af7682.css
use.fontawesome.com/ 1 KB
725 B 225ms
180ms Stylesheet
text/css 2606:4700:e6::ac40:ce26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/5252af7682.css
Requested by: Host: paypall.wellmargo.com
URL: https://paypall.wellmargo.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ce26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 64d44a52f542592416d6dca74edebd9d478ba55c3a43a6faa588d2b3fbff0fef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paypall.wellmargo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 17 Mar 2024 13:55:43 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Fri, 22 Sep 2023 00:41:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"eb5efb99a543b634359f5f9b99a3fe75"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BAOfMEXA2tSg00CNjSZ5i1w8eLlxtFLGkGwyJ6n%2Ftbm5Iv%2F5RUtJ9xyUZ2CARqdoSoEzkqj6MgbxqC%2FyKSeUaWAyHKhPU88%2BmS1sTUTn0p%2BtoEeMqSf99ZVcYf6oO%2FdwTeuq2sUwTXjPuuRH6sSkulSO"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=1800
cf-ray: 865d7b74e89b693d-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 css2
fonts.googleapis.com/ 841 KB
208 KB 79ms
32ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Noto+Sans+KR:wght@100;200;300;400;500;600;700;800;900&display=swap

Requested by

Host: paypall.wellmargo.com
URL: https://paypall.wellmargo.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

11cb7a25144bee0b86c8c1c9b9f96fd894d787bbd14acd87e40298b372110002

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paypall.wellmargo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 17 Mar 2024 13:55:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 17 Mar 2024 13:50:43 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 17 Mar 2024 13:55:43 GMT

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/css/ 158 KB
25 KB 101ms
57ms Stylesheet
text/css 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/css/bootstrap.min.css

Requested by

Host: paypall.wellmargo.com
URL: https://paypall.wellmargo.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f886516f3d41e9e7bd994c7f7a39a89cafae9483f90396cb0ddeafe8d1ea5e72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paypall.wellmargo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 17 Mar 2024 13:55:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 339763
x-jsd-version: 4.6.2
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230063-FRA, cache-lga21931-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"279d8-G+N7YjBsjAxndbtMk8XkxOE9l3U"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qnR04nP%2BZgDHFK78taRecTJPiovxV%2B43L2nsG5hNh7cq%2FRmcuJZC2pDIuHFwIsrOhwjMPqTqTr0CCqdP5UdKQ7EfIcdV9k71A7JV1h1QOP06p0Qi66xcLodXCCB6bJroUYKU0UPHlxqKMs3XrU4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 865d7b74eaa35d93-FRA

GET
H2 200 style.css
paypall.wellmargo.com/css/ 8 KB
2 KB 131ms
129ms Stylesheet
text/css 2606:4700:3033::ac43:b8a4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paypall.wellmargo.com/css/style.css
Requested by: Host: paypall.wellmargo.com
URL: https://paypall.wellmargo.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:b8a4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52851782c4450b0c68b0fd2ed7ffb3a726feb00c8a8e957c3207a901dc71938b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paypall.wellmargo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 17 Mar 2024 13:55:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 17 Mar 2024 13:54:22 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"1f1c-613db9402f851"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=92YJS7D3TYO8pe50pUYcQtK1%2FLjeL9wUphD7kXoOQ17alRFZ26rUVKe4PG2a3fDWzXML3tozaZnoY%2B0Ssd8mupDXnDKmcsILS8qr7XT7dI2DgFTNrRw06IklWRry1xgfe6bKrDp6wNB5PQzKnlJt8CyrfnI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 865d7b74af8a18c3-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 paypallogo.svg
paypall.wellmargo.com/img/ 1 KB
864 B 441ms
441ms Image
image/svg+xml 2606:4700:3033::ac43:b8a4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paypall.wellmargo.com/img/paypallogo.svg
Requested by: Host: paypall.wellmargo.com
URL: https://paypall.wellmargo.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:b8a4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f9035e34f5734e89ddb03b601b1c0fd58323a93f176c5c7e220d7aa7a2062ed5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paypall.wellmargo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 17 Mar 2024 13:55:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 17 Mar 2024 13:54:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"436-613db9417f762"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2u8MNwQ1JdohXwJX4yrNT8d%2FwnjTM6rm9qucNH9NMXCjBfVLn3xndPXb9YKWpMvTlBu7m9LdMjZWoklIl5sXBgDWfiB%2B9q9tIu7%2BhWCqxoyLfW92NMdzeJnJF%2BlH0Icc32Bh8q9ByKod4EyfH%2Bs3jLmGobA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 865d7b74af8d18c3-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 jquery.slim.min.js Show response
cdn.jsdelivr.net/npm/jquery@3.6.4/dist/ 71 KB
25 KB 83ms
40ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/jquery@3.6.4/dist/jquery.slim.min.js

Requested by

Host: paypall.wellmargo.com
URL: https://paypall.wellmargo.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b6ca31cce239c5f5fe78c5441a9236466aa62cfd5d4262f5a9a2a6730b6fc1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paypall.wellmargo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 17 Mar 2024 13:55:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 339726
x-jsd-version: 3.6.4
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-etou8220059-FRA, cache-lga21953-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"11bda-lQfvmjBcM87YaWS/1U/izMmkXGw"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KP%2BDMolAKbconWq%2B7aXR99jI3tFxkyyevZI%2B2gDl7KdH5ADlx8W8jqOe87aLEWEBpOAPNmxOrD4XfRQLvHxj3AUIkPykFfPO9ur5U4cL6%2F%2F45wfQ2Rt0qL3caxqAu8rmB31I8m23IBcKOouX258%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 865d7b74eaa75d93-FRA

GET
H2 200 popper.min.js Show response
cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/ 21 KB
8 KB 81ms
38ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js

Requested by

Host: paypall.wellmargo.com
URL: https://paypall.wellmargo.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe28dc38bc057f6eb11180235bbe458b3295a39b674d889075d3d9a0b5071d9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paypall.wellmargo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 17 Mar 2024 13:55:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 330941
x-jsd-version: 1.16.1
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-etou8220021-FRA, cache-lga21953-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"52f1-MTeJyg4xtlR4TbuosPg/Nk+Gg7Q"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vGDY%2FiNCNY04Co4joV0jQQxQCm18TsYAuK6VZR2KKPdVu2wFgQ9Ig6%2BsDdelfmwuP%2FPZeO4aHgsta8a%2BPx5cZbS3wp1IAzkp9tY%2FCubcnvYTuUM%2BQakIEI%2BXRwreSMyzLEKw%2BJ%2B3iE%2FKWvmqems%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 865d7b74eaab5d93-FRA

GET
H2 200 bootstrap.bundle.min.js Show response
cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/js/ 81 KB
23 KB 105ms
62ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/js/bootstrap.bundle.min.js

Requested by

Host: paypall.wellmargo.com
URL: https://paypall.wellmargo.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19126b874a32753d42c12dfa6c17892bfd93820a5a5100ba1b34da4d07599b49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paypall.wellmargo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 17 Mar 2024 13:55:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 335577
x-jsd-version: 4.6.2
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-etou8220105-FRA, cache-lga21968-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"145b0-MjP9Adh/ukV+qtjcvCifdbFw+BQ"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=on901XOTO6QVFqk%2FG8BnsBZw028DIIVZp89jJ41I0Zrd6hakVrsqLiuAted%2BGJM6z9MLnaQFvKVzijT1ByTZSkNGk97q5qxoBpK6qW3n%2FRDfF3%2BDLwIRsy1lG5sarw6cQ1yQKIPOxZzqvo1d4fM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 865d7b74eaa95d93-FRA

GET
H2 200 log7.js Show response
app.ardalio.com/ 18 KB
5 KB 103ms
35ms Script
text/javascript 2606:4700:20::ac43:4890
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.ardalio.com/log7.js

Requested by

Host: paypall.wellmargo.com
URL: https://paypall.wellmargo.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4890 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e40f8628ff91d0ce48797958656cc78f1f17917746921ca9d6359bfbf2ea066

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paypall.wellmargo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 17 Mar 2024 13:55:43 GMT
strict-transport-security: max-age=63072000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 89
cf-polished: origSize=18060
alt-svc: h3=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 15:20:42 GMT
server: cloudflare
etag: W/"468c-613a06f482d32-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5nl%2B4N%2BVapw%2BA%2FfDe%2BDKRMPCHRlRbr7xO48%2Fn1m%2FMX8JA6UArTO4FVo%2BaE6YfIlX5JJEuQEi3xM68T1Pb403wiZQ5mN2n5OSFxBVsAauTD5iHFGLXGZ%2F512LNxRGeQsudwfmENyfomyasKs5Rg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: public, max-age=691200, must-revalidate
cf-ray: 865d7b752a5c372f-FRA

GET
H2 200 font-awesome-css.min.css
use.fontawesome.com/releases/v4.7.0/css/ 30 KB
7 KB 29ms
29ms Stylesheet
text/css 2606:4700:e6::ac40:ce26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/5252af7682.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ce26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5b9573e1023da775390e9284ec0eb1c606df9b468a28980055b4a6aa804f4350

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://use.fontawesome.com/5252af7682.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 17 Mar 2024 13:55:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 22 Sep 2023 01:44:05 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 335584
etag: W/"36082410df2ef7f83932219089dc1443"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B7AdpB7GyBrjun%2Fr0ISN8dWjfrALBtNpKNbR2I9RQBwU0Xfz2I0Edky147X6Cy8%2FQ7A%2Flx8wt%2BhnP8RWOFdMuKIuWdASyGd7lU0FSz7w%2FJARzQ4pdcYIHCyOdxTXcaMRLNA7u3lCJKCezDe5ps2X%2FWHs"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 865d7b7619c7693d-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 PbykFmXiEBPT4ITbgNA5CgmG0X7t.woff2
fonts.gstatic.com/s/notosanskr/v36/ 25 KB
25 KB 72ms
25ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosanskr/v36/PbykFmXiEBPT4ITbgNA5CgmG0X7t.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Noto+Sans+KR:wght@100;200;300;400;500;600;700;800;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b46737ec17d04244eb04c2c164cf604b1d41e5176e524a536eefdda3de056a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://paypall.wellmargo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 11 Mar 2024 19:23:08 GMT
x-content-type-options: nosniff
age: 498755
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25948
x-xss-protection: 0
last-modified: Tue, 15 Aug 2023 18:36:14 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 Mar 2025 19:23:08 GMT

GET
H3 200 sprite_countries_flag4.png
paypall.wellmargo.com/img/ 108 KB
108 KB 532ms
531ms Image
image/png 2606:4700:3033::ac43:b8a4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paypall.wellmargo.com/img/sprite_countries_flag4.png
Requested by: Host: paypall.wellmargo.com
URL: https://paypall.wellmargo.com/css/style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:b8a4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21f89c7c27f0eab13388645aea1eedb4a342c06333a14d74c1a10dfca04d6455

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paypall.wellmargo.com/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 17 Mar 2024 13:55:44 GMT
cf-cache-status: HIT
last-modified: Sun, 17 Mar 2024 13:54:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "1ae61-613db944a234a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=00ubJj6h9Ii3jqkmF2S9YyO2wDEEfYJSlzlA6rpU9fMo18X2NzEVg0%2BZ%2B2%2Bp7IbC0RQhOMkokhA28HD%2Fl9BtIxhoF%2BdZ2QAm4wG0%2BXKInNd4SZhUw2KagrAeUbN330mebyPn42gxc%2Fm58ENYLpgRe%2BXI2wI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 865d7b767e389162-FRA
alt-svc: h3=":443"; ma=86400
content-length: 110177

GET
H2 200 PbykFmXiEBPT4ITbgNA5Cgm20xz64px_1hVWr0wuPNGmlQNMEfD4.112.woff2
fonts.gstatic.com/s/notosanskr/v36/ 16 KB
16 KB 52ms
21ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosanskr/v36/PbykFmXiEBPT4ITbgNA5Cgm20xz64px_1hVWr0wuPNGmlQNMEfD4.112.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Noto+Sans+KR:wght@100;200;300;400;500;600;700;800;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f456cdb0762281ddf6d92890b29fb72d953cf75ada51c5edc9e2003a2295172d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://paypall.wellmargo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Wed, 13 Mar 2024 03:54:06 GMT
x-content-type-options: nosniff
age: 381697
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16336
x-xss-protection: 0
last-modified: Tue, 15 Aug 2023 18:42:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 13 Mar 2025 03:54:06 GMT

POST
H3 200 LogServer Show response
app.ardalio.com/ 1 KB
1 KB 572ms
527ms Fetch
application/json 2606:4700:20::ac43:4890
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.ardalio.com/LogServer

Requested by

Host: app.ardalio.com
URL: https://app.ardalio.com/log7.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4890 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47d1daf5310181bcb80736fea288a88b86a74ae4ddbfba957e4c309a7e528bc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://paypall.wellmargo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 17 Mar 2024 13:55:44 GMT
strict-transport-security: max-age=63072000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
vary: Accept-Encoding
access-control-allow-methods: POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d2jF4H%2BiS4yuNrVFtnjGIKOgIdqSOdeV3AVH2zUYvBcrtgcADX7SehCLk2Wih5Kl7lMzMZ8wFdWJSsziPxF690h2HTbc8L9ZWIv9%2FmjyM%2FiWwHCI6WU%2F7K8ZCRImvzj03kA%2FsE4z%2FNYlG9F%2BcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 865d7b76cb0c30d6-FRA
access-control-allow-headers: Content-Type
alt-svc: h3=":443"; ma=86400

POST
H3 200 PingServer Show response
app.ardalio.com/ 13 B
515 B 154ms
154ms Fetch
application/json 2606:4700:20::ac43:4890
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.ardalio.com/PingServer

Requested by

Host: app.ardalio.com
URL: https://app.ardalio.com/log7.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4890 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae95d608ee76e064ca676f3114fc5f48b0d5adac9ea3c9dbd137112f53c9b055

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://paypall.wellmargo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 17 Mar 2024 13:55:45 GMT
strict-transport-security: max-age=63072000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
vary: Accept-Encoding
access-control-allow-methods: POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AV%2FuVaux0OuuY8kQa0iTC4fb0CX8o22jeP5nbCw6GLzv9w9mHeVSN0Lj3tw3MxmfxD5eycRw1%2F6tZF22%2BOnTtmTEnCWJYF9Ko9F0xvFeokB4R6APbJnCaxLvcUd0KmByvbcUmNc9%2FrU2wsv3gQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 865d7b805f4530d6-FRA
access-control-allow-headers: Content-Type
alt-svc: h3=":443"; ma=86400

POST
H3 200 PingServer Show response
app.ardalio.com/ 13 B
513 B 149ms
149ms Fetch
application/json 2606:4700:20::ac43:4890
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.ardalio.com/PingServer

Requested by

Host: app.ardalio.com
URL: https://app.ardalio.com/log7.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4890 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae95d608ee76e064ca676f3114fc5f48b0d5adac9ea3c9dbd137112f53c9b055

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://paypall.wellmargo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 17 Mar 2024 13:55:47 GMT
strict-transport-security: max-age=63072000; includeSubDomains
referrer-policy: no-referrer-when-downgrade
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
vary: Accept-Encoding
access-control-allow-methods: POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vYCxewig0HBoQPk8pvSLldDuWyH5fqlDwLE2X%2BEF6w0tnY2avKvDhahrhFX6tCe05xgpDd3VlhYFQOivn79HWjDmgObuopQIae462lVSYHKoizp7ISJm82QSAzwRs8SCXRVryfv74vy5YPXeJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 865d7b8cddf430d6-FRA
access-control-allow-headers: Content-Type
alt-svc: h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.ardalio.com
cdn.jsdelivr.net
fonts.googleapis.com
fonts.gstatic.com
paypall.wellmargo.com
use.fontawesome.com
2606:4700:20::ac43:4890
2606:4700:3033::ac43:b8a4
2606:4700::6810:5714
2606:4700:e6::ac40:ce26
2a00:1450:4001:80f::2003
2a00:1450:4001:827::200a
11cb7a25144bee0b86c8c1c9b9f96fd894d787bbd14acd87e40298b372110002
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7
19126b874a32753d42c12dfa6c17892bfd93820a5a5100ba1b34da4d07599b49
21f89c7c27f0eab13388645aea1eedb4a342c06333a14d74c1a10dfca04d6455
47d1daf5310181bcb80736fea288a88b86a74ae4ddbfba957e4c309a7e528bc8
4cec5cc3d371f94f08a60359a9b091741063dee000b4dfe0ac5522bad4019dc3
52851782c4450b0c68b0fd2ed7ffb3a726feb00c8a8e957c3207a901dc71938b
5b9573e1023da775390e9284ec0eb1c606df9b468a28980055b4a6aa804f4350
64d44a52f542592416d6dca74edebd9d478ba55c3a43a6faa588d2b3fbff0fef
6b46737ec17d04244eb04c2c164cf604b1d41e5176e524a536eefdda3de056a5
6b6ca31cce239c5f5fe78c5441a9236466aa62cfd5d4262f5a9a2a6730b6fc1c
9e40f8628ff91d0ce48797958656cc78f1f17917746921ca9d6359bfbf2ea066
ae95d608ee76e064ca676f3114fc5f48b0d5adac9ea3c9dbd137112f53c9b055
f456cdb0762281ddf6d92890b29fb72d953cf75ada51c5edc9e2003a2295172d
f886516f3d41e9e7bd994c7f7a39a89cafae9483f90396cb0ddeafe8d1ea5e72
f9035e34f5734e89ddb03b601b1c0fd58323a93f176c5c7e220d7aa7a2062ed5
fe28dc38bc057f6eb11180235bbe458b3295a39b674d889075d3d9a0b5071d9f

paypall.wellmargo.com Open in urlscan Pro 2606:4700:3033::ac43:b8a4 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

18 Requests

100 %HTTPS

100 %IPv6

6 Domains

6 Subdomains

6 IPs

2 Countries

473 kBTransfer

1443 kBSize

0 Cookies

0 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

Indicators

paypall.wellmargo.com Open in urlscan Pro
2606:4700:3033::ac43:b8a4 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

100 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

473 kB
Transfer

1443 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!