myhosting.cn
Open in
urlscan Pro
103.195.187.13
Malicious Activity!
Public Scan
Submission: On September 26 via automatic, source phishtank
Summary
This is the only time myhosting.cn was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 103.195.187.13 103.195.187.13 | 394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY - PDR) | |
1 | 2606:4700::68... 2606:4700::6813:c797 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
2 | 2.18.232.222 2.18.232.222 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
8 | 3 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-232-222.deploy.static.akamaitechnologies.com
www.paypalobjects.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
myhosting.cn
myhosting.cn |
212 KB |
2 |
paypalobjects.com
www.paypalobjects.com |
26 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com |
73 KB |
8 | 3 |
Domain | Requested by | |
---|---|---|
5 | myhosting.cn |
myhosting.cn
|
2 | www.paypalobjects.com |
myhosting.cn
|
1 | cdnjs.cloudflare.com |
myhosting.cn
|
8 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-08-10 - 2020-02-16 |
6 months | crt.sh |
www.paypal.com DigiCert SHA2 Extended Validation Server CA |
2019-09-10 - 2020-08-18 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/safe/fileUpload.php?e1s1_=taeiwnl3v6dwpuiiy9hiswpt5cj6jv_&FileId=BQ6t0lHp2UISRBfRogpWPCW6ikHSCNmMv7GKLaKT
Frame ID: 5E76CF59A66C1D9E3FD7E22A789B8F00
Requests: 8 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
RequireJS (JavaScript Frameworks) Expand
Detected patterns
- script /require.*\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
fileUpload.php
myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/safe/ |
8 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.css
myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/css/ |
184 KB 184 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.1.0/ |
258 KB 73 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_paypal_106x29.png
myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/safe/fille/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
require-spinner.js
myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/safe/fille/ |
6 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fou.js
myhosting.cn/wp-includes/SimplePie/HTTP/txt/mmp/webapps/myaccount/js/ |
8 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sprite_ui.png
www.paypalobjects.com/webstatic/i/sprite/ |
24 KB 24 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
upload-error-icon.png
www.paypalobjects.com/webstatic/icon/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery object| RequireSpinners function| Spinner object| _0x25823 function| _0x2583A1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
myhosting.cn/ | Name: PHPSESSID Value: mhc5e20g8o2761ckbfltak2lp6 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
myhosting.cn
www.paypalobjects.com
103.195.187.13
2.18.232.222
2606:4700::6813:c797
051139e3768ed3f9945e6fb8e5eab3ac3aeef767ebff4b334363dcdcadf9e3b9
44a31cd74f5581ee4458d7181b755119e59b7e6dcf22e5e9f6fc4ae8e0246fa5
5b8da9f0890adff2cfc591d84f35253b9a2cfbd007ca77d489978302f82c2886
8d0a9ed41b0007f5d7f2de7ee84cdf756057058afd1ae6bebec40468eea04abc
a2d8e94b9d89d24a9d7270e7fd1dada4550652ea1013b01046e75e586acc2b49
ab39e6288837a25d62b740906db369081f38978b23570148c28ed41f509d4fe2
b25a2092f0752b754e933008f10213c55dd5ce93a791e355b0abed9182cc8df9
d294847438f8f2718f0813d9a8cbd5a44f1a94db3c221f9fde736b20a635f6ee