paypal.co.uk.zittec.net
Open in
urlscan Pro
50.28.39.49
Malicious Activity!
Public Scan
Effective URL: http://paypal.co.uk.zittec.net/Pool=0/login.php
Submission: On December 14 via manual from US
Summary
This is the only time paypal.co.uk.zittec.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 50.28.39.49 50.28.39.49 | 32244 (LIQUIDWEB) (LIQUIDWEB - Liquid Web) | |
1 22 | 23.210.248.226 23.210.248.226 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
1 1 | 23.43.114.50 23.43.114.50 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
23 | 2 |
ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US)
PTR: merge.hddserver.com
paypal.co.uk.zittec.net |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-210-248-226.deploy.static.akamaitechnologies.com
www.paypalobjects.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-43-114-50.deploy.static.akamaitechnologies.com
ak1s.abmr.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
paypalobjects.com
1 redirects
www.paypalobjects.com |
337 KB |
2 |
zittec.net
paypal.co.uk.zittec.net |
7 KB |
1 |
abmr.net
1 redirects
ak1s.abmr.net |
706 B |
23 | 3 |
Domain | Requested by | |
---|---|---|
22 | www.paypalobjects.com |
1 redirects
paypal.co.uk.zittec.net
www.paypalobjects.com |
2 | paypal.co.uk.zittec.net | |
1 | ak1s.abmr.net | 1 redirects |
23 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.paypal.com |
www.paypal-marketing.com |
www.paypal-media.com |
www.thepaypalblog.com |
www.paypal-labs.com |
www.ebay.com |
www.paypal.ca |
www.paypal.co.uk |
www.paypal.com.au |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.paypal.com DigiCert SHA2 Extended Validation Server CA |
2018-08-14 - 2020-08-18 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://paypal.co.uk.zittec.net/Pool=0/login.php
Frame ID: E5AC5866DE085644E627A17533C63ABC
Requests: 23 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://paypal.co.uk.zittec.net/Pool=0/ Page URL
- http://paypal.co.uk.zittec.net/Pool=0/login.php Page URL
Detected technologies
OpenSSL (Web Server Extensions) ExpandDetected patterns
- headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
PayPal (Payment Processors) Expand
Detected patterns
- script /paypalobjects\.com\/js/i
- env /^PAYPAL$/i
Modernizr (JavaScript Libraries) Expand
Detected patterns
- env /^Modernizr$/i
SiteCatalyst (Analytics) Expand
Detected patterns
- env /^s_(?:account|objectID|code|INST)$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
Page Statistics
37 Outgoing links
These are links going to different origins than the main page.
Title: Personal
Search URL Search Domain Scan URL
Title: Business
Search URL Search Domain Scan URL
Title: forgot? Close Forgot your email address? Enter up to 3 of your email addresses and we'll help you find your account. Get started
Search URL Search Domain Scan URL
Title: Get started
Search URL Search Domain Scan URL
Title: Sign up
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Buy
Search URL Search Domain Scan URL
Title: Make a Payment...
Search URL Search Domain Scan URL
Title: How to Purchase Online
Search URL Search Domain Scan URL
Title: How to Purchase in Stores
Search URL Search Domain Scan URL
Title: Sell
Search URL Search Domain Scan URL
Title: Request a Payment...
Search URL Search Domain Scan URL
Title: How to Sell Online
Search URL Search Domain Scan URL
Title: Transfer
Search URL Search Domain Scan URL
Title: Send Someone Money...
Search URL Search Domain Scan URL
Title: Explore
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Title: Contact us
Search URL Search Domain Scan URL
Title: Fees
Search URL Search Domain Scan URL
Title: Security
Search URL Search Domain Scan URL
Title: Account features
Search URL Search Domain Scan URL
Title: Developers
Search URL Search Domain Scan URL
Title: Partners
Search URL Search Domain Scan URL
Title: About PayPal
Search URL Search Domain Scan URL
Title: Merchant services
Search URL Search Domain Scan URL
Title: PayPal blog
Search URL Search Domain Scan URL
Title: PayPal Labs
Search URL Search Domain Scan URL
Title: Jobs
Search URL Search Domain Scan URL
Title: Site map
Search URL Search Domain Scan URL
Title: eBay
Search URL Search Domain Scan URL
Title: Canada
Search URL Search Domain Scan URL
Title: Mexico
Search URL Search Domain Scan URL
Title: United Kingdom
Search URL Search Domain Scan URL
Title: Australia
Search URL Search Domain Scan URL
Title: See all countries
Search URL Search Domain Scan URL
Title: Privacy policy
Search URL Search Domain Scan URL
Title: Legal agreements
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://paypal.co.uk.zittec.net/Pool=0/ Page URL
- http://paypal.co.uk.zittec.net/Pool=0/login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 10- https://www.paypalobjects.com/webstatic/i/ex_ce2/scr/scr_gray-bkgd.png HTTP 302
- https://ak1s.abmr.net/is/www.paypalobjects.com?U=/webstatic/i/ex_ce2/scr/scr_gray-bkgd.png&V=3-Fr%2fOnAKZDH54d6Q7n5Ar+898gb1VaHZXVda+ZyIzpi6q+ii%2fFLQBXsOlFRVmlIpe&I=375D5ADC4A7C342&D=paypalobjects.com&01AD=1& HTTP 302
- https://www.paypalobjects.com/webstatic/i/ex_ce2/scr/scr_gray-bkgd.png?01AD=3IQ9xEfCUoS1gJ5hB3vWVFAQz0W2bAtRzM85pIGhV3zYn0saY5yBsgA&01RI=375D5ADC4A7C342&01NA=na
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
paypal.co.uk.zittec.net/Pool=0/ |
486 B 557 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login.php
paypal.co.uk.zittec.net/Pool=0/ |
24 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
46381bec3780f95d0a439814e0c7da.css
www.paypalobjects.com/eboxapps/css/7a/ |
82 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
40db0c074183048f12bf5a3fc9c0d.js
www.paypalobjects.com/eboxapps/js/65/ |
12 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_paypal_106x29.png
www.paypalobjects.com/webstatic/i/ex_ce2/logo/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
homepage-buy.png
www.paypalobjects.com/webstatic/mktg/consumer/pages/home/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
homepage-sell.png
www.paypalobjects.com/webstatic/mktg/consumer/pages/home/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
homepage-transfer.png
www.paypalobjects.com/webstatic/mktg/consumer/pages/home/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4abadeffed5ad75c4e26165aac36b7.js
www.paypalobjects.com/eboxapps/js/fa/ |
208 KB 65 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
c6d6ea263e92ec39d113b6708b31e4.js
www.paypalobjects.com/eboxapps/js/6d/ |
36 KB 11 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pp_jscode_080706.js
www.paypalobjects.com/js/site_catalyst/ |
60 KB 23 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
scr_gray-bkgd.png
www.paypalobjects.com/webstatic/i/ex_ce2/scr/ Redirect Chain
|
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
scr_content-bkgd.png
www.paypalobjects.com/webstatic/i/ex_ce2/scr/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sprite_ia.png
www.paypalobjects.com/webstatic/i/ex_ce2/sprite/ |
18 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
homepage-gradient-bottom.png
www.paypalobjects.com/webstatic/mktg/consumer/pages/home/ |
944 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
interior-gradient-top.png
www.paypalobjects.com/webstatic/mktg/consumer/gradients/ |
952 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
homepage-hero-v2.jpg
www.paypalobjects.com/webstatic/mktg/consumer/pages/home/ |
110 KB 110 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vertical-gradient-sprite.png
www.paypalobjects.com/webstatic/mktg/consumer/pages/home/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
homepage-gradient-top.png
www.paypalobjects.com/webstatic/mktg/consumer/pages/home/ |
955 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sprite_ia.png
www.paypalobjects.com/webstatic/i/ex_ce2/sprite/ |
18 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_feedback.gif
www.paypalobjects.com/webstatic/i/ex_ce2/icon/ |
715 B 929 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sprite_globalIcons.png
www.paypalobjects.com/webstatic/i/ex_ce2/sprite/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
baynote.js
www.paypalobjects.com/js/Customer/min/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)88 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| antiClickjack undefined| Tracker object| Modernizr string| jsPath string| siteCatalystPageName string| siteCatalystC7 string| siteCatalystAccountNumber string| feedback_link boolean| isPaymentFlow boolean| isSiteRedirect string| languageCode string| countryCode string| serverName string| commentCardCmd string| accountNumber string| miniBrowser string| sitefb_plus_icon string| rLogId string| showSitefbIcon object| PAYPAL function| $ function| jQuery function| DP_jQuery_1544828517528 object| Iconix string| custom_var string| _sp string| _rp number| _poE number| _poX number| _sH object| _doc object| _w string| _ht string| _hr number| _tm number| _kp number| _sW undefined| baseurl function| _fC function| O_LC function| PP_O_LC function| _fPe function| _fPx function| O_GoT function| PP_O_GoT function| Mini_O_GoT function| siteFeedBackImage function| assignSiteCatalystVars function| PayPalURL undefined| url_var undefined| url_var_temp object| paypal_url string| _ht_temp string| _hr_temp string| custom_var_temp undefined| ppbce number| getOpinionLabURL function| OpinionLabOnCloseEvent function| showpopup object| jQuery17100554392402644619 number| trident_verOffset string| sc_code_ver string| s_account object| s function| s_doPlugins string| s_code string| s_objectID function| s_gi function| s_giqf string| s_an function| s_sp function| s_jn function| s_rep function| s_d function| s_fe function| s_fa function| s_ft object| s_c_il number| s_c_in number| s_giq function| scOnload boolean| webkit string| readerContent string| j object| s_i_paypal2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.zittec.net/ | Name: s_sess Value: %20s_ppv%3D100%3B%20s_cc%3Dtrue%3B%20v31%3Dmain%253Amktg%253Apersonal%253A%253Ahome%3B%20s_sq%3D%3B |
|
.zittec.net/ | Name: s_pers Value: %20s_fid%3D227A4375C57C13D1-37A1C8C9C5C2E224%7C1607986917671%3B%20gpv_c43%3Dmain%253Amktg%253Apersonal%253A%253Ahome%7C1544830317673%3B%20tr_p1%3Dmain%253Amktg%253Apersonal%253A%253Ahome%7C1544830317675%3B%20gpv_events%3Dno%2520value%7C1544830317675%3B |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ak1s.abmr.net
paypal.co.uk.zittec.net
www.paypalobjects.com
23.210.248.226
23.43.114.50
50.28.39.49
04b551d9208235e33cd8b023321f31d32853a085e52c000e454c8757cd330e93
0a2da1b9e4aaba875a1785dbe02298c3004da77ac7065a90d340ffdff7d7d52d
0de9dc4df795b30e9fa458090c49ab8137e65a7901803c81895cef56ac543d13
18c9428f5ed837e027c6fcf29afe9d1f63a1e1e5b53ee1dc6373cf1cd1ea22aa
33ede4a9d2fa9da02d09e0e333187f1da5cbacf054d11b8c039abfbe9174b794
418bcf3c73cffc79e2e3c26dd741362b7981dca47497fb534436d6cc0804dec9
44394b743f692cfabfeeb2e5e5bfa82eda8b38cd8948f51e420ace08db5d377c
44b723fb0381bdd0d64668657183586d69a627fedca7516f31f17c0158f93aeb
57afe877bbe708dfb3d497a7ec11fe17d9107ecc24c7122c3c46027127e551eb
6905e777eb369cbb997b42ec09a2e45406b3d5f525376dd090625e6bfc910395
713be2b4e284567cbe1052bf8b5e43b0e4f6cf232b4f0cb429e51c1a748bac22
8989f902aac638178b44581ddfd4245ea17d61c77c450657bf752083c95c688f
90eb8b2e897ff55ef2c3cbc92cd30afb9344a4d72d92d9e3d8a87066e609c485
9917864d4614c66173dfe4e4108dd0cfc6ada50df77c9929312b41e00c68fc36
ac6d3f82bae1ade3fa1962f2b07d2f75376a6993f18f1af1a60f8fb3e793a090
afff936e0285a2fa1fedd45279eb27ba855183ec96c8c0bee3f559df477a10ac
b1294cdd8fd123c39e49b9a69c03d4b30043395338297d1ff4c0535a39cfb239
bbf40134304a63796fa2b6a75466a19d6e675c205af5cb0c41387def3841bd04
c4539b6d99ff1b7e97943f3dcbb3a1eb45b77b81248455e3c15f374487ddf9eb
f2c173be6a198adf60868c86f6e093f3b850bef0da34689e981fe218ad2a43a1
fb2434a896e3e106be72dbbcb361d048b3e1edc30239ae94113becd33ec4fa39