ip-160-153-246-94.ip.secureserver.net Open in urlscan Pro
160.153.246.94 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ip-160-153-246-94.ip.secureserver.net/
Effective URL:
https://ip-160-153-246-94.ip.secureserver.net/PAYonline/signn.php?x.country=en_GB&pp_authID=eSzOJzAmPJkZFLwcvCVdskMegq
Submission: On October 23 via automatic, source openphish (October 23rd 2020, 1:29:16 am UTC)

Summary HTTP 7 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 7 HTTP transactions. The main IP is 160.153.246.94, located in Scottsdale, United States and belongs to GODADDY-AMS, DE. The main domain is ip-160-153-246-94.ip.secureserver.net.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 21st 2020. Valid for: a year.

This is the only time ip-160-153-246-94.ip.secureserver.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 6	160.153.246.94 160.153.246.94	21501 (GODADDY-AMS) (GODADDY-AMS)
1	2606:4700:20:... 2606:4700:20::681a:507	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	67.202.94.93 67.202.94.93	32748 (STEADFAST) (STEADFAST)
7	4

6 160.153.246.94 (Scottsdale, United States) 1 redirects

ASN21501 (GODADDY-AMS, DE)
PTR: ip-160-153-246-94.ip.secureserver.net

ip-160-153-246-94.ip.secureserver.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:507 (United States)

ASN13335 (CLOUDFLARENET, US)

waust.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.94.93 (Chicago, United States)

ASN32748 (STEADFAST, US)
PTR: amung.us

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	secureserver.net 1 redirects ip-160-153-246-94.ip.secureserver.net	80 KB
1	amung.us whos.amung.us	144 B
1	waust.at waust.at	4 KB
7	3

	Domain	Requested by
6	ip-160-153-246-94.ip.secureserver.net	1 redirects ip-160-153-246-94.ip.secureserver.net
1	whos.amung.us	waust.at
1	waust.at	ip-160-153-246-94.ip.secureserver.net
7	3

This site contains no links.

Subject Issuer	Validity	Valid
ip-160-153-246-94.ip.secureserver.net Sectigo RSA Domain Validation Secure Server CA	`2020-10-21` - `2021-10-21`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-09-04` - `2021-09-04`	a year	crt.sh
whos.amung.us Sectigo RSA Domain Validation Secure Server CA	`2020-05-21` - `2022-05-21`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://ip-160-153-246-94.ip.secureserver.net/PAYonline/signn.php?x.country=en_GB&pp_authID=eSzOJzAmPJkZFLwcvCVdskMegq
Frame ID: 3335E5CC5DCA9700990A8C884AB02672
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://ip-160-153-246-94.ip.secureserver.net/ Page URL
https://ip-160-153-246-94.ip.secureserver.net/PAYonline HTTP 301
https://ip-160-153-246-94.ip.secureserver.net/PAYonline/ Page URL
https://ip-160-153-246-94.ip.secureserver.net/PAYonline/signn.php?x.country=en_GB&pp_authID=eSzOJzAmPJkZFLwcvCVdskMegq Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /php\/?([\d.]+)?/i

CentOS (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /CentOS/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

7
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

83 kB
Transfer

86 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ip-160-153-246-94.ip.secureserver.net/ Page URL
https://ip-160-153-246-94.ip.secureserver.net/PAYonline HTTP 301
https://ip-160-153-246-94.ip.secureserver.net/PAYonline/ Page URL
https://ip-160-153-246-94.ip.secureserver.net/PAYonline/signn.php?x.country=en_GB&pp_authID=eSzOJzAmPJkZFLwcvCVdskMegq Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://ip-160-153-246-94.ip.secureserver.net/PAYonline HTTP 301
https://ip-160-153-246-94.ip.secureserver.net/PAYonline/

7 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response ip-160-153-246-94.ip.secureserver.net/	101 B 446 B	76ms 17ms	Document text/html	160.153.246.94 GODADDY-AMS
General Check archive.org Show headers Download Go to Full URL https://ip-160-153-246-94.ip.secureserver.net/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 160.153.246.94 Scottsdale, United States, ASN21501 (GODADDY-AMS, DE), Reverse DNS ip-160-153-246-94.ip.secureserver.net Software Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 / Resource Hash `72f76d12714f23143e1e530e140f9a47190b1d124c7ca47e3c7c6358e5b9d998` Request headers Host ip-160-153-246-94.ip.secureserver.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 23 Oct 2020 01:29:00 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 Last-Modified Wed, 21 Oct 2020 17:25:55 GMT ETag "65-5b231a3d8413d" Accept-Ranges bytes Content-Length 101 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	Cookie set / Show response ip-160-153-246-94.ip.secureserver.net/PAYonline/ Redirect Chain https://ip-160-153-246-94.ip.secureserver.net/PAYonline https://ip-160-153-246-94.ip.secureserver.net/PAYonline/	114 B 585 B	20ms 19ms	Document text/html	160.153.246.94 GODADDY-AMS
General Check archive.org Show headers Download Go to Full URL https://ip-160-153-246-94.ip.secureserver.net/PAYonline/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 160.153.246.94 Scottsdale, United States, ASN21501 (GODADDY-AMS, DE), Reverse DNS ip-160-153-246-94.ip.secureserver.net Software Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 / PHP/5.4.16 Resource Hash `548b6aa737b7a9e6780f5b0ce8d25b6a2029c3a8eaa2c2824587e2ba7924aeff` Request headers Host ip-160-153-246-94.ip.secureserver.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site same-origin Sec-Fetch-Mode navigate Sec-Fetch-Dest document Referer https://ip-160-153-246-94.ip.secureserver.net/ Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://ip-160-153-246-94.ip.secureserver.net/ Response headers Date Fri, 23 Oct 2020 01:29:00 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 X-Powered-By PHP/5.4.16 Set-Cookie PHPSESSID=kcf46ccphe93hipthk6hujtad0; path=/ Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache Content-Length 114 Keep-Alive timeout=5, max=98 Connection Keep-Alive Content-Type text/html; charset=UTF-8 Redirect headers Date Fri, 23 Oct 2020 01:29:00 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 Location https://ip-160-153-246-94.ip.secureserver.net/PAYonline/ Content-Length 264 Keep-Alive timeout=5, max=99 Connection Keep-Alive Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	Primary Request signn.php Show response ip-160-153-246-94.ip.secureserver.net/PAYonline/	7 KB 8 KB	18ms 18ms	Document text/html	160.153.246.94 GODADDY-AMS
General Check archive.org Show headers Download Go to Full URL https://ip-160-153-246-94.ip.secureserver.net/PAYonline/signn.php?x.country=en_GB&pp_authID=eSzOJzAmPJkZFLwcvCVdskMegq Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 160.153.246.94 Scottsdale, United States, ASN21501 (GODADDY-AMS, DE), Reverse DNS ip-160-153-246-94.ip.secureserver.net Software Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 / PHP/5.4.16 Resource Hash `350866dcc96c0fb15ee365d9b0f37b1c6366d105fe57cbd2cfd4118641a5b54e` Request headers Host ip-160-153-246-94.ip.secureserver.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site same-origin Sec-Fetch-Mode navigate Sec-Fetch-Dest document Referer https://ip-160-153-246-94.ip.secureserver.net/PAYonline/ Accept-Encoding gzip, deflate, br Accept-Language en-US Cookie PHPSESSID=kcf46ccphe93hipthk6hujtad0 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://ip-160-153-246-94.ip.secureserver.net/PAYonline/ Response headers Date Fri, 23 Oct 2020 01:29:00 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 X-Powered-By PHP/5.4.16 Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache Content-Length 7412 Keep-Alive timeout=5, max=97 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	contextualLogin.css ip-160-153-246-94.ip.secureserver.net/PAYonline/main/face/	66 KB 66 KB	17ms 16ms	Stylesheet text/css	160.153.246.94 GODADDY-AMS
General Check archive.org Show headers Download Go to Full URL https://ip-160-153-246-94.ip.secureserver.net/PAYonline/main/face/contextualLogin.css Requested by Host: ip-160-153-246-94.ip.secureserver.net URL: https://ip-160-153-246-94.ip.secureserver.net/PAYonline/signn.php?x.country=en_GB&pp_authID=eSzOJzAmPJkZFLwcvCVdskMegq Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 160.153.246.94 Scottsdale, United States, ASN21501 (GODADDY-AMS, DE), Reverse DNS ip-160-153-246-94.ip.secureserver.net Software Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 / Resource Hash `472023cccf3536e266f3ba522807720a821d2c3b4565446321b9809fdcdcf69e` Request headers Referer https://ip-160-153-246-94.ip.secureserver.net/PAYonline/signn.php?x.country=en_GB&pp_authID=eSzOJzAmPJkZFLwcvCVdskMegq User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 23 Oct 2020 01:29:00 GMT Last-Modified Mon, 18 Dec 2017 22:24:04 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 ETag "1060e-560a4cecd0900" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 67086
GET H2	200	s.js Show response waust.at/	8 KB 4 KB	29ms 12ms	Script application/x-javascript	2606:4700:20::681a:507 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://waust.at/s.js Requested by Host: ip-160-153-246-94.ip.secureserver.net URL: https://ip-160-153-246-94.ip.secureserver.net/PAYonline/signn.php?x.country=en_GB&pp_authID=eSzOJzAmPJkZFLwcvCVdskMegq Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:507 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0298a25db873588e37945ece2b90e9f573dda86bfc84ae9f3efb8c3fbdcbce84` Request headers Referer https://ip-160-153-246-94.ip.secureserver.net/PAYonline/signn.php?x.country=en_GB&pp_authID=eSzOJzAmPJkZFLwcvCVdskMegq User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 23 Oct 2020 01:29:01 GMT content-encoding br cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 986 status 200 cf-request-id 05f4abdf9100009abce9971000000001 last-modified Mon, 05 Oct 2020 15:47:22 GMT server cloudflare etag W/"5f7b400a-1ed7" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=eUCP4Yk0PJEkkaun2939x7JHVYq6NgW2SBFgl5wYHp5lXKgIEf4jKabAQseY%2Fzl6KwOiIs85d%2Fgd3VnnSGMECoqp340b3exk2MwfpgDhFiqK5C7wOQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript access-control-allow-origin * cache-control max-age=86400 cf-ray 5e67af45ba129abc-FRA expires Sat, 24 Oct 2020 01:12:35 GMT
GET H/1.1	200 OK	paypal-logo-129x32.svg ip-160-153-246-94.ip.secureserver.net/PAYonline/main/face/depend/	5 KB 5 KB	17ms 17ms	Image image/svg+xml	160.153.246.94 GODADDY-AMS
General Check archive.org Show headers Download Go to Show image Full URL https://ip-160-153-246-94.ip.secureserver.net/PAYonline/main/face/depend/paypal-logo-129x32.svg Requested by Host: ip-160-153-246-94.ip.secureserver.net URL: https://ip-160-153-246-94.ip.secureserver.net/PAYonline/main/face/contextualLogin.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 160.153.246.94 Scottsdale, United States, ASN21501 (GODADDY-AMS, DE), Reverse DNS ip-160-153-246-94.ip.secureserver.net Software Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 / Resource Hash `b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5` Request headers Referer https://ip-160-153-246-94.ip.secureserver.net/PAYonline/main/face/contextualLogin.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 23 Oct 2020 01:29:01 GMT Last-Modified Mon, 18 Dec 2017 22:20:40 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 ETag "1351-560a4c2a43e00" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 4945
GET H2	200	/ Show response whos.amung.us/pingjs/	28 B 144 B	337ms 113ms	Script text/javascript	67.202.94.93 STEADFAST
General Check archive.org Show headers Download Go to Full URL https://whos.amung.us/pingjs/?k=i3jbkggqlz&t=Log%20in%20to%20your%20account&c=s&x=https%3A%2F%2Fip-160-153-246-94.ip.secureserver.net%2FPAYonline%2Fsignn.php%3Fx.country%3Den_GB%26pp_authID%3DeSzOJzAmPJkZFLwcvCVdskMegq&y=https%3A%2F%2Fip-160-153-246-94.ip.secureserver.net%2FPAYonline%2F&a=0&d=0.123&v=27&r=4595 Requested by Host: waust.at URL: https://waust.at/s.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 67.202.94.93 Chicago, United States, ASN32748 (STEADFAST, US), Reverse DNS amung.us Software / Resource Hash `b934092906819f506f6a7ea533daba60785f4908baf4cf24221816bba435e6ca` Request headers Referer https://ip-160-153-246-94.ip.secureserver.net/PAYonline/signn.php?x.country=en_GB&pp_authID=eSzOJzAmPJkZFLwcvCVdskMegq User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Fri, 23 Oct 2020 01:29:01 GMT content-encoding gzip content-type text/javascript;charset=UTF-8
GET DATA	200 OK	truncated /	439 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			ip-160-153-246-94.ip.secureserver.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: kcf46ccphe93hipthk6hujtad0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ip-160-153-246-94.ip.secureserver.net
waust.at
whos.amung.us
160.153.246.94
2606:4700:20::681a:507
67.202.94.93
0298a25db873588e37945ece2b90e9f573dda86bfc84ae9f3efb8c3fbdcbce84
350866dcc96c0fb15ee365d9b0f37b1c6366d105fe57cbd2cfd4118641a5b54e
472023cccf3536e266f3ba522807720a821d2c3b4565446321b9809fdcdcf69e
548b6aa737b7a9e6780f5b0ce8d25b6a2029c3a8eaa2c2824587e2ba7924aeff
72f76d12714f23143e1e530e140f9a47190b1d124c7ca47e3c7c6358e5b9d998
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
b934092906819f506f6a7ea533daba60785f4908baf4cf24221816bba435e6ca
f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac

ip-160-153-246-94.ip.secureserver.net Open in urlscan Pro 160.153.246.94 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

4 IPs

1 Countries

83 kBTransfer

86 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

24 JavaScript Global Variables

1 Cookies

Indicators

ip-160-153-246-94.ip.secureserver.net Open in urlscan Pro
160.153.246.94 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

83 kB
Transfer

86 kB
Size

1
Cookies

7 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!