wu-traking.com
Open in
urlscan Pro
185.98.131.157
Malicious Activity!
Public Scan
Submission Tags: phishing malicious Search All
Submission: On January 18 via api from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on November 28th 2019. Valid for: 3 months.
This is the only time wu-traking.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 185.98.131.157 185.98.131.157 | 16347 (RMI-FITECH) (RMI-FITECH) | |
1 10 | 2.21.38.79 2.21.38.79 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
5 | 23.210.248.226 23.210.248.226 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 1 | 95.100.74.22 95.100.74.22 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 2 | 64.4.245.84 64.4.245.84 | 17012 (PAYPAL) (PAYPAL) | |
23 | 5 |
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-21-38-79.deploy.static.akamaitechnologies.com
www.paypalobjects.com | |
t.paypal.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-226.deploy.static.akamaitechnologies.com
www.paypal.com | |
c.paypal.com |
ASN16625 (AKAMAI-AS, US)
PTR: a95-100-74-22.deploy.static.akamaitechnologies.com
ak1s.abmr.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
paypalobjects.com
1 redirects
www.paypalobjects.com |
107 KB |
8 |
paypal.com
1 redirects
www.paypal.com c.paypal.com b.stats.paypal.com dub.stats.paypal.com t.paypal.com |
240 KB |
7 |
wu-traking.com
wu-traking.com |
148 KB |
1 |
abmr.net
1 redirects
ak1s.abmr.net |
711 B |
0 |
Failed
function sub() { [native code] }. Failed |
|
23 | 5 |
Domain | Requested by | |
---|---|---|
9 | www.paypalobjects.com |
1 redirects
wu-traking.com
|
7 | wu-traking.com |
wu-traking.com
www.paypalobjects.com |
3 | www.paypal.com |
wu-traking.com
|
2 | c.paypal.com |
wu-traking.com
c.paypal.com |
1 | t.paypal.com | |
1 | dub.stats.paypal.com | |
1 | b.stats.paypal.com | 1 redirects |
1 | ak1s.abmr.net | 1 redirects |
0 | 192.55.233.1 Failed |
www.paypalobjects.com
|
23 | 9 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.paypal.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
wu-traking.com Let's Encrypt Authority X3 |
2019-11-28 - 2020-02-26 |
3 months | crt.sh |
www.paypal.com DigiCert SHA2 Extended Validation Server CA |
2019-09-10 - 2020-08-18 |
a year | crt.sh |
b.stats.paypal.com DigiCert SHA2 High Assurance Server CA |
2018-02-16 - 2020-04-29 |
2 years | crt.sh |
This page contains 3 frames:
Primary Page:
https://wu-traking.com/gallery/800c2cab5b5b375db1c788c01e4603de.com-fr-signin
Frame ID: 61E7572E7C9C1B117E8EC7118E3BCAB2
Requests: 21 HTTP requests in this frame
Frame:
https://dub.stats.paypal.com/counter2.cgi
Frame ID: 601A6258D8237781CE5CD0E323A43543
Requests: 1 HTTP requests in this frame
Frame:
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
Frame ID: D5D02A677C7AD8C85CF00C246A43732E
Requests: 1 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
Title: Bouton audio
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- https://www.paypalobjects.com/images/shared/glyph_alert_critical_big-2x.png HTTP 302
- https://ak1s.abmr.net/is/www.paypalobjects.com?U=/images/shared/glyph_alert_critical_big-2x.png&V=3-%2fkF9TMcbTHp2v+cMLDkGkjVCjxxxDf17pF3lwB4ZuSyGOJTj58+23TSRH6ry2M3v&I=C05848E882E6E62&D=paypalobjects.com&01AD=1& HTTP 302
- https://www.paypalobjects.com/images/shared/glyph_alert_critical_big-2x.png?01AD=3O0MzKTSR92q6fDaAwcv7FFZedfu6uJMbqYf3wNWNz6NkPAPyTQuNIg&01RI=C05848E882E6E62&01NA=na
- https://b.stats.paypal.com/v1/counter.cgi?r=cD1iYTQzZDNhZGIwZjg0NzU0OGMwNGY1N2RmOWY0ZmYzMCZpPTk0LjE3Ni4yMzYuNDcmdD0xNTY3NDc2MjkwLjk1NiZhPTIxJnM9VU5JRklFRF9MT0dJTsFJ38Say2L1mi7rCac84_dJ-XhQ HTTP 302
- https://dub.stats.paypal.com/counter2.cgi
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
800c2cab5b5b375db1c788c01e4603de.com-fr-signin
wu-traking.com/gallery/ |
146 KB 147 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xhr-ads.min.js
www.paypalobjects.com/web/res/c54/359e968cf4b91a2096b1cc7bb621b/js/ |
21 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
contextualLogin.css
www.paypalobjects.com/web/res/110/6659ced15f0c45d95e6b40e79a181/css/ |
87 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
secret.jpeg
www.paypal.com/cgi-bin/gs_web/R3aZaSrqDjFCdAAJbe7zHhH6m9W9j2rcfG24PM6PH1QaDwqoHHD3umicOaKRuMv7oJa0rA/ |
10 KB 10 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-PN-check.png
www.paypalobjects.com/images/shared/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
glyph_alert_critical_big-2x.png
www.paypalobjects.com/images/shared/ Redirect Chain
|
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pa.js
www.paypalobjects.com/pa/js/min/ |
44 KB 16 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptchav3.js
wu-traking.com/auth/createchallenge/2cdb42a794de8ded/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
paypal-logo-129x32.svg
www.paypalobjects.com/images/shared/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ui-sprite.png
www.paypalobjects.com/webstatic/mktg/consumer/onboarding/ |
24 KB 24 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
secret.mp3
www.paypal.com/cgi-bin/wv_web/R3aZaSrqDjFCdAAJbe7zHhH6m9W9j2rcfG24PM6PH1QaDwqoHHD3umicOaKRuMv7oJa0rA/ |
104 KB 105 KB |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
secret.mp3
www.paypal.com/cgi-bin/wv_web/R3aZaSrqDjFCdAAJbe7zHhH6m9W9j2rcfG24PM6PH1QaDwqoHHD3umicOaKRuMv7oJa0rA/ |
104 KB 105 KB |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
challenge.js
wu-traking.com/auth/createchallenge/a16d73d91e60c7df/ |
107 B 282 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fb-all-prod.pp2.min.js
c.paypal.com/webstatic/r/fb/ |
58 KB 18 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
client-log
wu-traking.com/signin/ |
107 B 282 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS |
resourceaccesstoken
192.55.233.1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cookie-banner
wu-traking.com/signin/ |
107 B 282 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
load-resource
wu-traking.com/signin/ |
107 B 282 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tealeaf-ul-prod_domcap.min.js
www.paypalobjects.com/web/res/110/6659ced15f0c45d95e6b40e79a181/js/lib/ |
110 KB 35 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
counter2.cgi
dub.stats.paypal.com/ Frame 601A Redirect Chain
|
42 B 494 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
i
c.paypal.com/v1/r/d/ Frame D5D0 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
load-resource
wu-traking.com/signin/ |
107 B 282 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ts
t.paypal.com/ |
42 B 564 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- 192.55.233.1
- URL
- https://192.55.233.1/resourceaccesstoken
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)38 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate boolean| paypalADSInterceptorInjected object| html5 object| Modernizr function| isEligibleIntegration object| antiClickjack object| PAYPAL function| $ function| _classCallCheck function| _typeof function| _createClass number| HTTPOK string| HTTPGET string| HTTPPOST number| DEFAULT_XHR_TIMEOUT object| fpti string| fptiserverurl object| _ifpti function| AjaxRequest string| PP_SERVICE_URL string| BASE_SWF_URL string| BEACON_BASE_URL string| PP_IFRAME_JS_URL string| PP_NEW_SERVICE_URL string| PP_VERSION object| Configuration object| PFB_4732Config object| PFB_4732 object| dataCollector object| fp undefined| runFb function| initTsFb object| jstz function| SwfStore function| SlvtStore object| pako object| TLT1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
wu-traking.com/ | Name: PHPSESSID Value: e6ee53eb64093d32d71f5eee5eab9ef7 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
192.55.233.1
ak1s.abmr.net
b.stats.paypal.com
c.paypal.com
dub.stats.paypal.com
t.paypal.com
wu-traking.com
www.paypal.com
www.paypalobjects.com
192.55.233.1
185.98.131.157
2.21.38.79
23.210.248.226
64.4.245.84
95.100.74.22
051139e3768ed3f9945e6fb8e5eab3ac3aeef767ebff4b334363dcdcadf9e3b9
0adaf22e6710cbc950db6526ac09b6c8757ed25e4701196e88cf2f87dca596c7
0fa586d42dadbe7582f450f432223e98a3f50ed6037568f79e13dc469c26aa13
13e4806e5c517e074ab1ea26fe0f2b7b87eaa3988006f35ed0bd4c89502d0d79
22027bb7a536c4631d05950c052600da4e4e6b697c0ffee2189da38e05857466
30eedefcdd6870576babcba3fcd73f44ad563b4087bf8d1dd4e4663433f44858
3ba795672c78c8f0f52ecd5d1a0a317d1e5c059509a6bead9d26b46fc831d83b
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4a77d272b8cf508cc4a7e0da5763faa9958e42a5554fdb5d29fc3be51d685653
64e95dfbaebb00d531005dfe2edab593c75a5899f35afa9834ff5e659c97152b
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
93e4d46564a0ae3f36d102fcac4aaa64dfac2d036c0a8a740e20cd7d67f7ffbe
96bbc6783209d9973a26beb485a2d6830fa4dd41d1e05491fc1dacfb48edc9ce
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
ce6ec607b7ba06d4d757db6940a7b2c5d4a184e83e615f63810b79afaeb11cfd