paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com Open in urlscan Pro
208.91.197.46 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin
Effective URL:
http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/fYPTS/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin
Submission Tags: phishing malicious Search All
Submission: On April 16 via api (April 16th 2022, 9:21:44 am UTC) from US — Scanned from DE

Summary HTTP 2 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 2 HTTP transactions. The main IP is 208.91.197.46, located in Virgin Islands (British) and belongs to NEUSTAR-AS6, US. The main domain is paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com.

This is the only time paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
6 8	208.91.197.46 208.91.197.46		19905 (NEUSTAR-AS6) (NEUSTAR-AS6)
2	1

8 208.91.197.46 (Virgin Islands (British)) 6 redirects

ASN19905 (NEUSTAR-AS6, US)

paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	friendshipcabin.com 6 redirects paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com	3 KB
2	1

	Domain	Requested by
8	paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com	6 redirects paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com
2	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 2 frames:

Primary Page: http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/fYPTS/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin
Frame ID: 76F507BE8C4AACCD51BDE7BD755F5416
Requests: 1 HTTP requests in this frame

Frame: http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/?fp=EWFCG%2BdN0HYU%2BksCMI7oJMYVOAgY6effHFj0%2BiqmCAKUEmXX%2BymETUF6QmsbVxLfl%2F6Hk8NbO124FwjzbcTHO0xXMymm7vGyVMZdfcepvl0CYCukjXPh3pI1PMUVKml%2FiZX3d8skI9Jv7KsW6dUcis%2Bp8KIXr16sl7477MuhkS%2BDsw1oyeuthkQA03orwDyc&prvtof=2cGT6B47bmLtS8I9tA9aMEjdCnvB62NhQPCTRFVMmd0%3D&poru=e4qpglcqfjksHO7u6OfB7%2FwqZF9XQMXzqdbmqMnzXi0dx9dX6LE2B4jrbCa3QQp%2B8Q7oILbOO8Vs6TRrgPb1vcCBnwWnD5JVyTEhFqDRziA7RFw5rTzA0nnrx5NreRa%2Bqaht4ofJY84z4AA2nSRammhJcuipidrbkr%2F%2Ff9H1XzI%3D&
Frame ID: BAC2B7E441A5D08A4EAAA942730B0E9A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin HTTP 302
http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/fYPTS/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin HTTP 302
http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/KUdSN/fYPTS/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin HTTP 302
http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/KUdSN/fYPTS/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin HTTP 302
http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/KUdSN/fYPTS/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin HTTP 302
http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/KUdSN/fYPTS/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin HTTP 302
http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/fYPTS/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin Page URL

Page Statistics

2
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

2 kB
Transfer

3 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin HTTP 302
http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/fYPTS/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin HTTP 302
http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/KUdSN/fYPTS/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin HTTP 302
http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/KUdSN/fYPTS/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin HTTP 302
http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/KUdSN/fYPTS/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin HTTP 302
http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/KUdSN/fYPTS/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin HTTP 302
http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/fYPTS/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request signin Show response paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/fYPTS/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/ Redirect Chain http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/fYPTS/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/KUdSN/fYPTS/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/KUdSN/fYPTS/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/KUdSN/fYPTS/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/KUdSN/fYPTS/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/fYPTS/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin	2 KB 2 KB	320ms 189ms	Document text/html	208.91.197.46 NEUSTAR-AS6
General Check archive.org Show headers Download Go to Full URL http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/fYPTS/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin Protocol HTTP/1.1 Server 208.91.197.46 , Virgin Islands (British), ASN19905 (NEUSTAR-AS6, US), Reverse DNS Software Apache / Resource Hash `2e2da561d24d8756ef1badcf4f1da9c39e7e9f615e0f34db767f7a5ac45e2748` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control private Connection Keep-Alive Content-Encoding gzip Content-Length 1393 Content-Type text/html; charset=UTF-8 Date Sat, 16 Apr 2022 09:21:40 GMT Keep-Alive timeout=5, max=108 Server Apache X-Adblock-Key MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_WV0HXd6BBmINEEMcTY3Kbn+r30Hyp0GuoEm31fncWYXpJ5BCFR0mDXKQp+wzFgeKuVqxEUxETMGgX0joZyNCiA== ntCoent-Length 2405 Redirect headers Connection close Location /fYPTS/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin Pragma no-cache cache-control no-cache
GET H/1.1	200 OK	/ Show response paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/ Frame BAC2	272 B 461 B	197ms 197ms	Document text/html	208.91.197.46 NEUSTAR-AS6
General Check archive.org Show headers Download Go to Full URL http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/?fp=EWFCG%2BdN0HYU%2BksCMI7oJMYVOAgY6effHFj0%2BiqmCAKUEmXX%2BymETUF6QmsbVxLfl%2F6Hk8NbO124FwjzbcTHO0xXMymm7vGyVMZdfcepvl0CYCukjXPh3pI1PMUVKml%2FiZX3d8skI9Jv7KsW6dUcis%2Bp8KIXr16sl7477MuhkS%2BDsw1oyeuthkQA03orwDyc&prvtof=2cGT6B47bmLtS8I9tA9aMEjdCnvB62NhQPCTRFVMmd0%3D&poru=e4qpglcqfjksHO7u6OfB7%2FwqZF9XQMXzqdbmqMnzXi0dx9dX6LE2B4jrbCa3QQp%2B8Q7oILbOO8Vs6TRrgPb1vcCBnwWnD5JVyTEhFqDRziA7RFw5rTzA0nnrx5NreRa%2Bqaht4ofJY84z4AA2nSRammhJcuipidrbkr%2F%2Ff9H1XzI%3D& Requested by Host: paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com URL: http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/fYPTS/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin Protocol HTTP/1.1 Server 208.91.197.46 , Virgin Islands (British), ASN19905 (NEUSTAR-AS6, US), Reverse DNS Software Apache / Resource Hash `b825edbb55450e309fe823143f985893b399da08d9166f4523cdffbfb7f48310` Request headers Referer http://paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/fYPTS/VbLPN/YeeKV/UTSPn/UanOb/lNXKO/app/signin Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control private Connection Keep-Alive Content-Encoding gzip Content-Length 196 Content-Type text/html; charset=UTF-8 Date Sat, 16 Apr 2022 09:21:40 GMT Keep-Alive timeout=5, max=107 Server Apache ntCoent-Length 272

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| structuredClone object| oncontextlost object| oncontextrestored

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com/	1969-12-31 23:59:59	Name: isframesetenabled Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com
208.91.197.46
2e2da561d24d8756ef1badcf4f1da9c39e7e9f615e0f34db767f7a5ac45e2748
b825edbb55450e309fe823143f985893b399da08d9166f4523cdffbfb7f48310

paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com Open in urlscan Pro 208.91.197.46 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

2 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

2 kBTransfer

3 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

1 Cookies

Indicators

paypal.com.vgnibezpybtzbetrqgfeksqrj.friendshipcabin.com Open in urlscan Pro
208.91.197.46 Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

2 kB
Transfer

3 kB
Size

1
Cookies

2 HTTP transactions
0 data transactions