urlscan.io logo urlscan.io
SecurityTrails logo

pp-2021amneld.xyz Open in urlscan Pro
2606:4700:3031::ac43:932b  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://cutt.ly/NEUtpFm
Effective URL: https://pp-2021amneld.xyz/?hKgBYRcQe8i273iMCUpqWiHQGUFPtSA3zQWVfdA08skNP60Xluwgh7CsrTCyLzLk2olCNLyoQveaXrE8x0l2OUFJRowZZ1E...
Submission: On September 30 via manual from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 5 domains to perform 8 HTTP transactions. The main IP is 2606:4700:3031::ac43:932b, located in United States and belongs to CLOUDFLARENET, US. The main domain is pp-2021amneld.xyz.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on September 29th 2021. Valid for: a year.
This is the only time pp-2021amneld.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 1 172.67.151.208 13335 (CLOUDFLAR...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 8 2606:4700:303... 13335 (CLOUDFLAR...)
1 34.117.59.81 15169 (GOOGLE)
8 2
1    2606:4700:10::ac43:8ee (United States)

ASN13335 (CLOUDFLARENET, US)
cutt.ly
1    172.67.151.208 (United States)

ASN13335 (CLOUDFLARENET, US)
inside-bobsch.xyz
1    2606:4700:3035::6815:4f7c (United States)

ASN13335 (CLOUDFLARENET, US)
rainerwinkler1510.xyz
8    2606:4700:3031::ac43:932b (United States)

ASN13335 (CLOUDFLARENET, US)
pp-2021amneld.xyz
1    34.117.59.81 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 81.59.117.34.bc.googleusercontent.com
ipinfo.io
Apex Domain
Subdomains		 Transfer
8 pp-2021amneld.xyz
pp-2021amneld.xyz
50 KB
1 ipinfo.io
ipinfo.io
374 B
1 rainerwinkler1510.xyz
rainerwinkler1510.xyz
610 B
1 inside-bobsch.xyz
inside-bobsch.xyz
754 B
1 cutt.ly
cutt.ly
484 B
8 5
Domain Requested by
8 pp-2021amneld.xyz 1 redirects pp-2021amneld.xyz
1 ipinfo.io pp-2021amneld.xyz
1 rainerwinkler1510.xyz 1 redirects
1 inside-bobsch.xyz 1 redirects
1 cutt.ly 1 redirects
8 5

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-09-29 -
2022-09-28		 a year crt.sh
ipinfo.io
GTS CA 1D4		 2021-09-05 -
2021-12-04		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://pp-2021amneld.xyz/?hKgBYRcQe8i273iMCUpqWiHQGUFPtSA3zQWVfdA08skNP60Xluwgh7CsrTCyLzLk2olCNLyoQveaXrE8x0l2OUFJRowZZ1EomSk9Mnyunnjm6cLTzeFADXA5piLIJeLh&c=qfrtturc25n8blhp5923pugk91&c=qfrtturc25n8blhp5923pugk91
Frame ID: 7656F255FD56F304C46473F726217DA4
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

PayPal Verifizierung

Page URL History Show full URLs

  1. https://cutt.ly/NEUtpFm HTTP 301
    http://inside-bobsch.xyz/SSbNyiLm HTTP 302
    https://rainerwinkler1510.xyz/hans HTTP 307
    https://pp-2021amneld.xyz/?s=mfszj14dn0wlb7z9co2wuerzvdstlxhc HTTP 303
    https://pp-2021amneld.xyz/?hKgBYRcQe8i273iMCUpqWiHQGUFPtSA3zQWVfdA08skNP60Xluwgh7CsrTCyLzLk2olCNLyoQve... Page URL

Page Statistics

8
Requests

100 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

2
IPs

1
Countries

50 kB
Transfer

180 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cutt.ly/NEUtpFm HTTP 301
    http://inside-bobsch.xyz/SSbNyiLm HTTP 302
    https://rainerwinkler1510.xyz/hans HTTP 307
    https://pp-2021amneld.xyz/?s=mfszj14dn0wlb7z9co2wuerzvdstlxhc HTTP 303
    https://pp-2021amneld.xyz/?hKgBYRcQe8i273iMCUpqWiHQGUFPtSA3zQWVfdA08skNP60Xluwgh7CsrTCyLzLk2olCNLyoQveaXrE8x0l2OUFJRowZZ1EomSk9Mnyunnjm6cLTzeFADXA5piLIJeLh&c=qfrtturc25n8blhp5923pugk91&c=qfrtturc25n8blhp5923pugk91 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
pp-2021amneld.xyz/
Redirect Chain
  • https://cutt.ly/NEUtpFm
  • http://inside-bobsch.xyz/SSbNyiLm
  • https://rainerwinkler1510.xyz/hans
  • https://pp-2021amneld.xyz/?s=mfszj14dn0wlb7z9co2wuerzvdstlxhc
  • https://pp-2021amneld.xyz/?hKgBYRcQe8i273iMCUpqWiHQGUFPtSA3zQWVfdA08skNP60Xluwgh7CsrTCyLzLk2olCNLyoQveaXrE8x0l2OUFJRowZZ1EomSk9Mnyunnjm6cLTzeFADXA5piLIJeLh&c=qfrtturc25n8blhp5923pugk91&c=qfrtturc25...
9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pp-2021amneld.xyz/?hKgBYRcQe8i273iMCUpqWiHQGUFPtSA3zQWVfdA08skNP60Xluwgh7CsrTCyLzLk2olCNLyoQveaXrE8x0l2OUFJRowZZ1EomSk9Mnyunnjm6cLTzeFADXA5piLIJeLh&c=qfrtturc25n8blhp5923pugk91&c=qfrtturc25n8blhp5923pugk91
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:932b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf2f34f24b40546e3bcb75404e49f1b5050bd9e9b192d0f77194ed18a4698b23

Request headers

:method
GET
:authority
pp-2021amneld.xyz
:scheme
https
:path
/?hKgBYRcQe8i273iMCUpqWiHQGUFPtSA3zQWVfdA08skNP60Xluwgh7CsrTCyLzLk2olCNLyoQveaXrE8x0l2OUFJRowZZ1EomSk9Mnyunnjm6cLTzeFADXA5piLIJeLh&c=qfrtturc25n8blhp5923pugk91&c=qfrtturc25n8blhp5923pugk91
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
cookie
PHPSESSID=qfrtturc25n8blhp5923pugk91; usid=1c90406e9abfc85096a601a229d25a3d
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Thu, 30 Sep 2021 09:51:21 GMT
content-type
text/html; charset=UTF-8
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TXDQxlD0e1qPH5q2737s7UwI0vp6Y9X2NrRmEhK8Y0VJVmI%2BMoClzjDJ6FiDObLyI8ITFM2x4SToi%2FBB4f4uhVAx148doxuhym1qSOr8MF9Ktqa1onwGSrQpqWHCXUMqxL4Z4plS2ZAQwFFXD89RLw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
696c8d611cf80631-FRA
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

date
Thu, 30 Sep 2021 09:51:21 GMT
content-type
text/html; charset=UTF-8
set-cookie
PHPSESSID=qfrtturc25n8blhp5923pugk91; path=/ usid=1c90406e9abfc85096a601a229d25a3d
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
location
https://pp-2021amneld.xyz/?hKgBYRcQe8i273iMCUpqWiHQGUFPtSA3zQWVfdA08skNP60Xluwgh7CsrTCyLzLk2olCNLyoQveaXrE8x0l2OUFJRowZZ1EomSk9Mnyunnjm6cLTzeFADXA5piLIJeLh&c=qfrtturc25n8blhp5923pugk91&c=qfrtturc25n8blhp5923pugk91
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Du%2FPzmIzbGfsaq8r6KB12e6NJt8lKtQ2L7KNiXKy%2F0aYD0JoYuAHzb8PbZFd8Hov9EWSzVRTiKL9gJQsdcU1wn3q0iQmK0MpBI2dX%2FlsnT2FGDBPt65JRhOdLAMBI8Tc5GG0oEL52AQKZLuf241f%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
696c8d5fea9b0631-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
ppstyle.css
pp-2021amneld.xyz/assets/paypal/ 		83 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pp-2021amneld.xyz/assets/paypal/ppstyle.css?d=1
Requested by
Host: pp-2021amneld.xyz
URL: https://pp-2021amneld.xyz/?hKgBYRcQe8i273iMCUpqWiHQGUFPtSA3zQWVfdA08skNP60Xluwgh7CsrTCyLzLk2olCNLyoQveaXrE8x0l2OUFJRowZZ1EomSk9Mnyunnjm6cLTzeFADXA5piLIJeLh&c=qfrtturc25n8blhp5923pugk91&c=qfrtturc25n8blhp5923pugk91
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:932b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0782f6dbb0c5dced4285f8d1102a2557c7297b7dce77616ae0b44fec704bf1e

Request headers

:path
/assets/paypal/ppstyle.css?d=1
pragma
no-cache
cookie
PHPSESSID=qfrtturc25n8blhp5923pugk91; usid=1c90406e9abfc85096a601a229d25a3d
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
pp-2021amneld.xyz
referer
https://pp-2021amneld.xyz/?hKgBYRcQe8i273iMCUpqWiHQGUFPtSA3zQWVfdA08skNP60Xluwgh7CsrTCyLzLk2olCNLyoQveaXrE8x0l2OUFJRowZZ1EomSk9Mnyunnjm6cLTzeFADXA5piLIJeLh&c=qfrtturc25n8blhp5923pugk91&c=qfrtturc25n8blhp5923pugk91
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://pp-2021amneld.xyz/?hKgBYRcQe8i273iMCUpqWiHQGUFPtSA3zQWVfdA08skNP60Xluwgh7CsrTCyLzLk2olCNLyoQveaXrE8x0l2OUFJRowZZ1EomSk9Mnyunnjm6cLTzeFADXA5piLIJeLh&c=qfrtturc25n8blhp5923pugk91&c=qfrtturc25n8blhp5923pugk91
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 30 Sep 2021 09:51:22 GMT
content-encoding
br
cf-cache-status
BYPASS
last-modified
Wed, 20 Dec 2017 14:13:14 GMT
server
cloudflare
etag
W/"5a3a6ffa-14c91"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8qqKpTP7%2BAmYDScsT1yLxuCuyoNxTbhSgjSWibr6y6wYPKkQSK232ZlxmiJgQyYww14nlCTmU3LNS7SuzC%2BNrCT4oIKLZ1XJ7osY%2FtG96P99%2BHWcNwsE7lMYyyfnhVqmOeQAXXu%2F8Bb2Hlnwm7FkNA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
private
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
696c8d61ee730631-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
extra.css
pp-2021amneld.xyz/assets/paypal/ 		2 KB
894 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pp-2021amneld.xyz/assets/paypal/extra.css
Requested by
Host: pp-2021amneld.xyz
URL: https://pp-2021amneld.xyz/?hKgBYRcQe8i273iMCUpqWiHQGUFPtSA3zQWVfdA08skNP60Xluwgh7CsrTCyLzLk2olCNLyoQveaXrE8x0l2OUFJRowZZ1EomSk9Mnyunnjm6cLTzeFADXA5piLIJeLh&c=qfrtturc25n8blhp5923pugk91&c=qfrtturc25n8blhp5923pugk91
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:932b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5df8c8e700522d4b03352deb4ab74a2c62edd040046f7c90d90a512420b06787

Request headers

:path
/assets/paypal/extra.css
pragma
no-cache
cookie
PHPSESSID=qfrtturc25n8blhp5923pugk91; usid=1c90406e9abfc85096a601a229d25a3d
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
pp-2021amneld.xyz
referer
https://pp-2021amneld.xyz/?hKgBYRcQe8i273iMCUpqWiHQGUFPtSA3zQWVfdA08skNP60Xluwgh7CsrTCyLzLk2olCNLyoQveaXrE8x0l2OUFJRowZZ1EomSk9Mnyunnjm6cLTzeFADXA5piLIJeLh&c=qfrtturc25n8blhp5923pugk91&c=qfrtturc25n8blhp5923pugk91
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://pp-2021amneld.xyz/?hKgBYRcQe8i273iMCUpqWiHQGUFPtSA3zQWVfdA08skNP60Xluwgh7CsrTCyLzLk2olCNLyoQveaXrE8x0l2OUFJRowZZ1EomSk9Mnyunnjm6cLTzeFADXA5piLIJeLh&c=qfrtturc25n8blhp5923pugk91&c=qfrtturc25n8blhp5923pugk91
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 30 Sep 2021 09:51:22 GMT
content-encoding
br
cf-cache-status
BYPASS
last-modified
Sun, 11 Aug 2019 21:26:09 GMT
server
cloudflare
etag
W/"5d5087f1-6b6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QuUAxwRe9v%2BKtk36CKCqpONttq4vqU2RlEJPYhA49c7e2xHTETn2v3k9X%2BsP4%2BXG8E05NzeL3eamKgMOf0rEWyxgrwZAJycurrRyVwtn5AQx3EuiCHiCIuBJzsjFzdG0xidWZS8dZmVrBHDFt0IDsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
private
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
696c8d61ee750631-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
invisible.js
pp-2021amneld.xyz/cdn-cgi/challenge-platform/h/b/scripts/ 		44 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pp-2021amneld.xyz/cdn-cgi/challenge-platform/h/b/scripts/invisible.js
Requested by
Host: pp-2021amneld.xyz
URL: https://pp-2021amneld.xyz/?hKgBYRcQe8i273iMCUpqWiHQGUFPtSA3zQWVfdA08skNP60Xluwgh7CsrTCyLzLk2olCNLyoQveaXrE8x0l2OUFJRowZZ1EomSk9Mnyunnjm6cLTzeFADXA5piLIJeLh&c=qfrtturc25n8blhp5923pugk91&c=qfrtturc25n8blhp5923pugk91
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:932b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
590a431a9019e4d1508e63732ebe71a821698f6ec70946b627f2384317fdf468

Request headers

:path
/cdn-cgi/challenge-platform/h/b/scripts/invisible.js
pragma
no-cache
cookie
PHPSESSID=qfrtturc25n8blhp5923pugk91; usid=1c90406e9abfc85096a601a229d25a3d
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
pp-2021amneld.xyz
referer
https://pp-2021amneld.xyz/?hKgBYRcQe8i273iMCUpqWiHQGUFPtSA3zQWVfdA08skNP60Xluwgh7CsrTCyLzLk2olCNLyoQveaXrE8x0l2OUFJRowZZ1EomSk9Mnyunnjm6cLTzeFADXA5piLIJeLh&c=qfrtturc25n8blhp5923pugk91&c=qfrtturc25n8blhp5923pugk91
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://pp-2021amneld.xyz/?hKgBYRcQe8i273iMCUpqWiHQGUFPtSA3zQWVfdA08skNP60Xluwgh7CsrTCyLzLk2olCNLyoQveaXrE8x0l2OUFJRowZZ1EomSk9Mnyunnjm6cLTzeFADXA5piLIJeLh&c=qfrtturc25n8blhp5923pugk91&c=qfrtturc25n8blhp5923pugk91
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 30 Sep 2021 09:51:21 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lhcjm%2FmnF3S0iz%2BjGtcbc6xlCykb5aGOjQn5PDOhw6EZquWpwyq6Et5VvSTEB665eQHNVyS3zwXA3QzHVX%2BfAIDHZdV1gwpE4uuRNjujMtAj4dJjmGCI5L%2B4ULXozYAdUB5Ro1LOrEA9IPN%2FZwy7Kg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=604800, public
x-control-type-options
nosniff
cf-ray
696c8d61ee7a0631-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
extends.js
pp-2021amneld.xyz/assets/ 		29 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pp-2021amneld.xyz/assets/extends.js
Requested by
Host: pp-2021amneld.xyz
URL: https://pp-2021amneld.xyz/?hKgBYRcQe8i273iMCUpqWiHQGUFPtSA3zQWVfdA08skNP60Xluwgh7CsrTCyLzLk2olCNLyoQveaXrE8x0l2OUFJRowZZ1EomSk9Mnyunnjm6cLTzeFADXA5piLIJeLh&c=qfrtturc25n8blhp5923pugk91&c=qfrtturc25n8blhp5923pugk91
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:932b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
55424431c53b15d28e63977c63d54d1353aef24c691022215f95c4317e6daa27

Request headers

:path
/assets/extends.js
pragma
no-cache
cookie
PHPSESSID=qfrtturc25n8blhp5923pugk91; usid=1c90406e9abfc85096a601a229d25a3d
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
pp-2021amneld.xyz
referer
https://pp-2021amneld.xyz/?hKgBYRcQe8i273iMCUpqWiHQGUFPtSA3zQWVfdA08skNP60Xluwgh7CsrTCyLzLk2olCNLyoQveaXrE8x0l2OUFJRowZZ1EomSk9Mnyunnjm6cLTzeFADXA5piLIJeLh&c=qfrtturc25n8blhp5923pugk91&c=qfrtturc25n8blhp5923pugk91
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://pp-2021amneld.xyz/?hKgBYRcQe8i273iMCUpqWiHQGUFPtSA3zQWVfdA08skNP60Xluwgh7CsrTCyLzLk2olCNLyoQveaXrE8x0l2OUFJRowZZ1EomSk9Mnyunnjm6cLTzeFADXA5piLIJeLh&c=qfrtturc25n8blhp5923pugk91&c=qfrtturc25n8blhp5923pugk91
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 30 Sep 2021 09:51:22 GMT
content-encoding
br
cf-cache-status
BYPASS
last-modified
Sun, 03 May 2020 02:33:40 GMT
server
cloudflare
etag
W/"5eae2d84-7372"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CQilp04gyk44ruUUtEwOhys6dn19vH%2BoDHBXYCaLkIGQwVZDtlq6BBpatgANWc%2BHvVnZniHxEwU2VcgFgFvyuxxhd8xIK1T7Peu5c9AxmTc9CJZ4ScNGeXDwSbSdcF2lHhYv0e39GhxPlqVDeFobyw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
private
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
696c8d61ee770631-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
scripts.js
pp-2021amneld.xyz/assets/paypal/ 		8 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pp-2021amneld.xyz/assets/paypal/scripts.js
Requested by
Host: pp-2021amneld.xyz
URL: https://pp-2021amneld.xyz/?hKgBYRcQe8i273iMCUpqWiHQGUFPtSA3zQWVfdA08skNP60Xluwgh7CsrTCyLzLk2olCNLyoQveaXrE8x0l2OUFJRowZZ1EomSk9Mnyunnjm6cLTzeFADXA5piLIJeLh&c=qfrtturc25n8blhp5923pugk91&c=qfrtturc25n8blhp5923pugk91
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:932b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0df04eb70f61fafc372c81f0c4c6b758b6f1df629559d80ea2b0811466931adf

Request headers

:path
/assets/paypal/scripts.js
pragma
no-cache
cookie
PHPSESSID=qfrtturc25n8blhp5923pugk91; usid=1c90406e9abfc85096a601a229d25a3d
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
pp-2021amneld.xyz
referer
https://pp-2021amneld.xyz/?hKgBYRcQe8i273iMCUpqWiHQGUFPtSA3zQWVfdA08skNP60Xluwgh7CsrTCyLzLk2olCNLyoQveaXrE8x0l2OUFJRowZZ1EomSk9Mnyunnjm6cLTzeFADXA5piLIJeLh&c=qfrtturc25n8blhp5923pugk91&c=qfrtturc25n8blhp5923pugk91
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://pp-2021amneld.xyz/?hKgBYRcQe8i273iMCUpqWiHQGUFPtSA3zQWVfdA08skNP60Xluwgh7CsrTCyLzLk2olCNLyoQveaXrE8x0l2OUFJRowZZ1EomSk9Mnyunnjm6cLTzeFADXA5piLIJeLh&c=qfrtturc25n8blhp5923pugk91&c=qfrtturc25n8blhp5923pugk91
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 30 Sep 2021 09:51:22 GMT
content-encoding
br
cf-cache-status
BYPASS
last-modified
Thu, 30 Apr 2020 03:29:43 GMT
server
cloudflare
etag
W/"5eaa4627-1f8b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ogm3t9wwXUTyolEwUV0PW%2BfdujRuz6cYr3kT3ImI3J1J%2BpE0een5mhcyrb41MfZQue39RXqkwpTEy52OCNqO08LGFjR2ndVoZO0bV%2FmcxjdI6p0MYyBEKmdwDQAIgdQARLxaVh6uAOlO1SdGazmH1g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
private
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
696c8d61ee780631-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
json
ipinfo.io/ 		250 B
374 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ipinfo.io/json
Requested by
Host: pp-2021amneld.xyz
URL: https://pp-2021amneld.xyz/assets/extends.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.59.81 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
81.59.117.34.bc.googleusercontent.com
Software
/
Resource Hash
587f1fd7d9d6d7128d739e8cbc899505089bdce3da731cda84e745ffabb0929f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json
Referer
https://pp-2021amneld.xyz/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 30 Sep 2021 09:51:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-envoy-upstream-service-time
2
alt-svc
clear
via
1.1 google
paypal-logo-129x32.svg
pp-2021amneld.xyz/assets/paypal/img/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pp-2021amneld.xyz/assets/paypal/img/paypal-logo-129x32.svg
Requested by
Host: pp-2021amneld.xyz
URL: https://pp-2021amneld.xyz/assets/paypal/ppstyle.css?d=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:932b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5

Request headers

:path
/assets/paypal/img/paypal-logo-129x32.svg
pragma
no-cache
cookie
PHPSESSID=qfrtturc25n8blhp5923pugk91; usid=1c90406e9abfc85096a601a229d25a3d
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
pp-2021amneld.xyz
referer
https://pp-2021amneld.xyz/assets/paypal/ppstyle.css?d=1
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://pp-2021amneld.xyz/assets/paypal/ppstyle.css?d=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 30 Sep 2021 09:51:22 GMT
content-encoding
br
cf-cache-status
BYPASS
last-modified
Wed, 20 Dec 2017 14:01:53 GMT
server
cloudflare
etag
W/"5a3a6d51-1351"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JATm1Ktw2abLfd0H5hMrnBKW2Hu4jpbTzsWAFkEKbK7nhATr5UyrXA4hJCa3KOh8uUqpx0qADT5ziVSgPok9PPzgWSzCRdeqleOUzSIwTRxBdLAXUjKSvcnt0vtokaHbOpm3tVdsWAWJ%2BzTG%2BZxWaA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
private
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
696c8d63899b0631-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster function| __cf_worker_run_after_load function| __cf_run_after_load object| __CF$cv$params object| fonts string| plugins function| getFingerPrint function| getPlugins function| getFonts string| ip function| prepareLogin function| Detector object| megafontlist object| files function| submitForm function| fileSelect string| lastToggle function| toggleInputField number| lastDobLength function| dobChanger function| submitInternal function| getCookie boolean| bankReady function| openBankFrame function| bankFrameReady function| bankFinished string| fingerprint

3 Cookies

Domain/Path Name / Value
cutt.ly/ Name: PHPSESSID
Value: km4hs9baslauufg6i92uerfb66
pp-2021amneld.xyz/ Name: PHPSESSID
Value: qfrtturc25n8blhp5923pugk91
pp-2021amneld.xyz/ Name: usid
Value: 1c90406e9abfc85096a601a229d25a3d