myhosting.cn Open in urlscan Pro
103.195.187.13 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/safe/fileUpload.php?e1s1_=taeiwnl3v6dwpuiiy...
Submission: On September 26 via automatic, source phishtank (September 26th 2019, 5:13:03 am UTC)

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 8 HTTP transactions. The main IP is 103.195.187.13, located in Hong Kong and belongs to PUBLIC-DOMAIN-REGISTRY - PDR, US. The main domain is myhosting.cn.

This is the only time myhosting.cn was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
5	103.195.187.13 103.195.187.13	394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY - PDR)
1	2606:4700::68... 2606:4700::6813:c797	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	2.18.232.222 2.18.232.222	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
8	3

5 103.195.187.13 (Hong Kong)

ASN394695 (PUBLIC-DOMAIN-REGISTRY - PDR, US)

myhosting.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:c797 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.232.222 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-232-222.deploy.static.akamaitechnologies.com

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	myhosting.cn myhosting.cn	212 KB
2	paypalobjects.com www.paypalobjects.com	26 KB
1	cloudflare.com cdnjs.cloudflare.com	73 KB
8	3

	Domain	Requested by
5	myhosting.cn	myhosting.cn
2	www.paypalobjects.com	myhosting.cn
1	cdnjs.cloudflare.com	myhosting.cn
8	3

This site contains no links.

Subject Issuer	Validity	Valid
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-08-10` - `2020-02-16`	6 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2019-09-10` - `2020-08-18`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/safe/fileUpload.php?e1s1_=taeiwnl3v6dwpuiiy9hiswpt5cj6jv_&FileId=BQ6t0lHp2UISRBfRogpWPCW6ikHSCNmMv7GKLaKT
Frame ID: 5E76CF59A66C1D9E3FD7E22A789B8F00
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

RequireJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

script /require.*\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

8
Requests

38 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

311 kB
Transfer

493 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set fileUpload.php Show response
myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/safe/ 8 KB
8 KB 560ms
200ms Document
text/html 103.195.187.13
PDR

General

Check archive.org

Show headers Download Go to

Full URL: http://myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/safe/fileUpload.php?e1s1_=taeiwnl3v6dwpuiiy9hiswpt5cj6jv_&FileId=BQ6t0lHp2UISRBfRogpWPCW6ikHSCNmMv7GKLaKT
Protocol: HTTP/1.1
Server: 103.195.187.13 , Hong Kong, ASN394695 (PUBLIC-DOMAIN-REGISTRY - PDR, US),
Reverse DNS
Software: Apache /
Resource Hash: 5b8da9f0890adff2cfc591d84f35253b9a2cfbd007ca77d489978302f82c2886

Request headers

Host: myhosting.cn
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 26 Sep 2019 05:12:44 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=mhc5e20g8o2761ckbfltak2lp6; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

GET
H/1.1 200
OK app.css
myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/css/ 184 KB
184 KB 1154ms
1153ms Stylesheet
text/css 103.195.187.13
PDR

General

Check archive.org

Show headers Download Go to

Full URL: http://myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/css/app.css
Requested by: Host: myhosting.cn
URL: http://myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/safe/fileUpload.php?e1s1_=taeiwnl3v6dwpuiiy9hiswpt5cj6jv_&FileId=BQ6t0lHp2UISRBfRogpWPCW6ikHSCNmMv7GKLaKT
Protocol: HTTP/1.1
Server: 103.195.187.13 , Hong Kong, ASN394695 (PUBLIC-DOMAIN-REGISTRY - PDR, US),
Reverse DNS
Software: Apache /
Resource Hash: 44a31cd74f5581ee4458d7181b755119e59b7e6dcf22e5e9f6fc4ae8e0246fa5

Request headers

Referer: http://myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/safe/fileUpload.php?e1s1_=taeiwnl3v6dwpuiiy9hiswpt5cj6jv_&FileId=BQ6t0lHp2UISRBfRogpWPCW6ikHSCNmMv7GKLaKT
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 26 Sep 2019 05:12:44 GMT
Last-Modified: Thu, 05 Oct 2017 14:43:58 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 188134

GET
H2 200 jquery.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.1.0/ 258 KB
73 KB 21ms
21ms Script
application/javascript 2606:4700::6813:c797
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.0/jquery.js

Requested by

Host: myhosting.cn
URL: http://myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/safe/fileUpload.php?e1s1_=taeiwnl3v6dwpuiiy9hiswpt5cj6jv_&FileId=BQ6t0lHp2UISRBfRogpWPCW6ikHSCNmMv7GKLaKT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:c797 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b25a2092f0752b754e933008f10213c55dd5ce93a791e355b0abed9182cc8df9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/safe/fileUpload.php?e1s1_=taeiwnl3v6dwpuiiy9hiswpt5cj6jv_&FileId=BQ6t0lHp2UISRBfRogpWPCW6ikHSCNmMv7GKLaKT
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 26 Sep 2019 05:12:44 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 14108651
status: 200
served-in-seconds: 0.015
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:20:15 GMT
server: cloudflare
etag: W/"5afd494f-40657"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 51c2be9d7de25982-VIE
expires: Tue, 15 Sep 2020 05:12:44 GMT

GET
H/1.1 200
OK logo_paypal_106x29.png
myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/safe/fille/ 5 KB
5 KB 408ms
209ms Image
image/png 103.195.187.13
PDR

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/safe/fille/logo_paypal_106x29.png
Requested by: Host: myhosting.cn
URL: http://myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/safe/fileUpload.php?e1s1_=taeiwnl3v6dwpuiiy9hiswpt5cj6jv_&FileId=BQ6t0lHp2UISRBfRogpWPCW6ikHSCNmMv7GKLaKT
Protocol: HTTP/1.1
Server: 103.195.187.13 , Hong Kong, ASN394695 (PUBLIC-DOMAIN-REGISTRY - PDR, US),
Reverse DNS
Software: Apache /
Resource Hash: ab39e6288837a25d62b740906db369081f38978b23570148c28ed41f509d4fe2

Request headers

Referer: http://myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/safe/fileUpload.php?e1s1_=taeiwnl3v6dwpuiiy9hiswpt5cj6jv_&FileId=BQ6t0lHp2UISRBfRogpWPCW6ikHSCNmMv7GKLaKT
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 26 Sep 2019 05:12:44 GMT
Last-Modified: Wed, 08 Feb 2017 09:00:02 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 4699

GET
H/1.1 200
OK require-spinner.js Show response
myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/safe/fille/ 6 KB
6 KB 204ms
200ms Script
application/javascript 103.195.187.13
PDR

General

Check archive.org

Show headers Download Go to

Full URL: http://myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/safe/fille/require-spinner.js
Requested by: Host: myhosting.cn
URL: http://myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/safe/fileUpload.php?e1s1_=taeiwnl3v6dwpuiiy9hiswpt5cj6jv_&FileId=BQ6t0lHp2UISRBfRogpWPCW6ikHSCNmMv7GKLaKT
Protocol: HTTP/1.1
Server: 103.195.187.13 , Hong Kong, ASN394695 (PUBLIC-DOMAIN-REGISTRY - PDR, US),
Reverse DNS
Software: Apache /
Resource Hash: 8d0a9ed41b0007f5d7f2de7ee84cdf756057058afd1ae6bebec40468eea04abc

Request headers

Referer: http://myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/safe/fileUpload.php?e1s1_=taeiwnl3v6dwpuiiy9hiswpt5cj6jv_&FileId=BQ6t0lHp2UISRBfRogpWPCW6ikHSCNmMv7GKLaKT
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 26 Sep 2019 05:12:44 GMT
Last-Modified: Wed, 08 Feb 2017 09:01:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 5849

GET
H/1.1 200
OK fou.js Show response
myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/js/ 8 KB
9 KB 195ms
195ms Script
application/javascript 103.195.187.13
PDR

General

Check archive.org

Show headers Download Go to

Full URL: http://myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/js/fou.js
Requested by: Host: myhosting.cn
URL: http://myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/safe/fileUpload.php?e1s1_=taeiwnl3v6dwpuiiy9hiswpt5cj6jv_&FileId=BQ6t0lHp2UISRBfRogpWPCW6ikHSCNmMv7GKLaKT
Protocol: HTTP/1.1
Server: 103.195.187.13 , Hong Kong, ASN394695 (PUBLIC-DOMAIN-REGISTRY - PDR, US),
Reverse DNS
Software: Apache /
Resource Hash: a2d8e94b9d89d24a9d7270e7fd1dada4550652ea1013b01046e75e586acc2b49

Request headers

Referer: http://myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/safe/fileUpload.php?e1s1_=taeiwnl3v6dwpuiiy9hiswpt5cj6jv_&FileId=BQ6t0lHp2UISRBfRogpWPCW6ikHSCNmMv7GKLaKT
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 26 Sep 2019 05:12:44 GMT
Last-Modified: Sun, 12 Feb 2017 19:01:46 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 8462

GET
H2 200 sprite_ui.png
www.paypalobjects.com/webstatic/i/sprite/ 24 KB
24 KB 177ms
177ms Image
image/png 2.18.232.222
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/i/sprite/sprite_ui.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2.18.232.222 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a2-18-232-222.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

051139e3768ed3f9945e6fb8e5eab3ac3aeef767ebff4b334363dcdcadf9e3b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/css/app.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 26 Sep 2019 05:12:46 GMT
x-content-type-options: nosniff
last-modified: Tue, 07 Jan 2014 00:36:52 GMT
server: Apache
strict-transport-security: max-age=31536000
p3p: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-type: image/png
content-length: 24374
expires: Thu, 26 Sep 2019 05:12:46 GMT

GET
H2 200 upload-error-icon.png
www.paypalobjects.com/webstatic/icon/ 2 KB
2 KB 32ms
32ms Image
image/png 2.18.232.222
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/icon/upload-error-icon.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2.18.232.222 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a2-18-232-222.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

d294847438f8f2718f0813d9a8cbd5a44f1a94db3c221f9fde736b20a635f6ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/css/app.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 26 Sep 2019 05:12:46 GMT
x-content-type-options: nosniff
last-modified: Tue, 27 May 2014 13:15:11 GMT
server: Apache
strict-transport-security: max-age=31536000
p3p: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-type: image/png
content-length: 1748
expires: Thu, 26 Sep 2019 05:12:46 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			myhosting.cn/	1969-12-31 23:59:59	Name: PHPSESSID Value: mhc5e20g8o2761ckbfltak2lp6

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
myhosting.cn
www.paypalobjects.com
103.195.187.13
2.18.232.222
2606:4700::6813:c797
051139e3768ed3f9945e6fb8e5eab3ac3aeef767ebff4b334363dcdcadf9e3b9
44a31cd74f5581ee4458d7181b755119e59b7e6dcf22e5e9f6fc4ae8e0246fa5
5b8da9f0890adff2cfc591d84f35253b9a2cfbd007ca77d489978302f82c2886
8d0a9ed41b0007f5d7f2de7ee84cdf756057058afd1ae6bebec40468eea04abc
a2d8e94b9d89d24a9d7270e7fd1dada4550652ea1013b01046e75e586acc2b49
ab39e6288837a25d62b740906db369081f38978b23570148c28ed41f509d4fe2
b25a2092f0752b754e933008f10213c55dd5ce93a791e355b0abed9182cc8df9
d294847438f8f2718f0813d9a8cbd5a44f1a94db3c221f9fde736b20a635f6ee

myhosting.cn Open in urlscan Pro 103.195.187.13 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

8 Requests

38 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

311 kBTransfer

493 kBSize

1 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

1 Cookies

Indicators

myhosting.cn Open in urlscan Pro
103.195.187.13 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

38 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

311 kB
Transfer

493 kB
Size

1
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!