r4r.7ff.myftpupload.com
Open in
urlscan Pro
160.153.137.99
Malicious Activity!
Public Scan
Submission Tags: phishing malicious Search All
Submission: On December 08 via api from US — Scanned from NL
Summary
This is the only time r4r.7ff.myftpupload.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
13 | 160.153.137.99 160.153.137.99 | 20773 (GODADDY) (GODADDY) | |
14 | 2 |
ASN20773 (GODADDY, DE)
PTR: ip-160-153-137-99.ip.secureserver.net
r4r.7ff.myftpupload.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
myftpupload.com
r4r.7ff.myftpupload.com |
209 KB |
0 |
paypal.com
Failed
www.paypal.com Failed |
|
14 | 2 |
Domain | Requested by | |
---|---|---|
13 | r4r.7ff.myftpupload.com |
r4r.7ff.myftpupload.com
|
0 | www.paypal.com Failed | |
14 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Frame:
https://www.paypal.com/
Frame ID: E9244F7C8FC73FA2032E8E04D23A0B34
Requests: 14 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
confirmed.php
r4r.7ff.myftpupload.com/paypal/service/UserID&126001448/myaccount/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fonts.css
r4r.7ff.myftpupload.com/paypal/service/UserID&126001448/assets/vendors/styles/ |
676 B 612 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
r4r.7ff.myftpupload.com/paypal/service/UserID&126001448/assets/main/styles/ |
9 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sections.css
r4r.7ff.myftpupload.com/paypal/service/UserID&126001448/assets/main/styles/ |
9 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
responsev.css
r4r.7ff.myftpupload.com/paypal/service/UserID&126001448/assets/main/styles/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
r4r.7ff.myftpupload.com/paypal/service/UserID&126001448/assets/main/scripts/ |
926 B 680 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sections.js
r4r.7ff.myftpupload.com/paypal/service/UserID&126001448/assets/main/scripts/ |
1 KB 730 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
r4r.7ff.myftpupload.com/paypal/service/UserID&126001448/assets/vendors/scripts/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.jpg
r4r.7ff.myftpupload.com/paypal/service/UserID&126001448/assets/main/images/ |
115 KB 116 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bblogo.svg
r4r.7ff.myftpupload.com/paypal/service/UserID&126001448/assets/main/images/ |
5 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
success.png
r4r.7ff.myftpupload.com/paypal/service/UserID&126001448/assets/main/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
flags.png
r4r.7ff.myftpupload.com/paypal/service/UserID&126001448/assets/main/images/ |
25 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ZombieSansSmallRegular.woff2
r4r.7ff.myftpupload.com/paypal/service/UserID&126001448/assets/vendors/fonts/ |
18 KB 18 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
www.paypal.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.paypal.com
- URL
- https://www.paypal.com/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| alerttobill function| addnewbnk function| birthfocus function| birthblur function| ccfocus function| ccblur function| expfocus function| expblur function| ssnfocus function| ssnblur function| atmfocus function| atmblur function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
r4r.7ff.myftpupload.com
www.paypal.com
www.paypal.com
160.153.137.99
25d10c94e55f3b0c203d9f822ef03a7f47f209464222310876e07798c851ba2d
7a5c64972577ba4944ca756b5e5de9e1e1b3095215fbafdea1c1545cb52994a8
7f3978351568eae4ac9cfa71a9d3ac8f55dfc9b1bcdee9cd07588ed6e15d8ece
8fdefbf5f79a5675993120fd5b6315bd79cf5aefd46e95fbf436d1369f0b4753
914d2718f9c932fd30b01e28fdabf2dfa9ad42aec224443e2f4ddf26be873a06
af93d1d952b2dc42c029871cbbb92988835b31c86d4f0cb6a9674b1d1714a20f
b9fb3d228929206770d439c727d59462484d84ba44277945b46906fee2ea009b
cdf9fc9839558ac682a5443c549f86dbb38e3a8be175b8a7d3f4e3568c2f2e61
cfe7c382defbfc5ccdf773fa6e55ffff274480e3383a25fb4dc9cd415c9ee5b1
d3a518dea876de39f9e5dc1ffcdeb6c661aee25d8a62474386b664ef3bf1b40f
dd8d04423e8f925ae8d5b47567e78ce92df2b95b30034cdc764676355fc65296
e35c57fad02017983d4261c8d65697ec8b312a2a19127cb93f92d1eca6408015
f16d633398ab5d9a74815e5a9e2a948adf0c2c3773fecf8eafe94148300a4d29