www.guzheng.com.my Open in urlscan Pro
2400:cb00:2048:1::681c:183b Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexi...
Submission: On April 07 via automatic, source phishtank (April 7th 2017, 2:40:58 pm UTC)

Summary HTTP 13 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 13 HTTP transactions. The main IP is 2400:cb00:2048:1::681c:183b, located in United States and belongs to CLOUDFLARENET - CloudFlare, Inc., US. The main domain is www.guzheng.com.my.

This is the only time www.guzheng.com.my was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
3	2400:cb00:204... 2400:cb00:2048:1::681c:183b	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
5	2400:cb00:204... 2400:cb00:2048:1::681c:193b	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
4	104.96.4.11 104.96.4.11	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	66.235.138.193 66.235.138.193	15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.)
13	4

3 2400:cb00:2048:1::681c:183b (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

www.guzheng.com.my	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2400:cb00:2048:1::681c:193b (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

www.guzheng.com.my	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.96.4.11 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-96-4-11.deploy.static.akamaitechnologies.com

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.235.138.193 (Lehi, United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: *.112.2o7.net

paypal.112.2o7.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	guzheng.com.my www.guzheng.com.my	43 KB
4	paypalobjects.com www.paypalobjects.com	368 B
1	2o7.net paypal.112.2o7.net	43 B
13	3

	Domain	Requested by
8	www.guzheng.com.my	www.guzheng.com.my
4	www.paypalobjects.com	www.guzheng.com.my
1	paypal.112.2o7.net	www.guzheng.com.my
13	3

This site contains links to these domains. Also see Links.

Domain
www.paypal.com

Subject Issuer	Validity	Valid
www.paypalobjects.com Symantec Class 3 EV SSL CA - G3	`2015-10-12` - `2017-09-02`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion
Frame ID: 20823.1
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

13
Requests

31 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

43 kB
Transfer

156 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.paypal.com/fr/cgi-bin/webscr?cmd=_home

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request 10

http://paypal.112.2o7.net/b/ss/paypalglobal/1/H.19.3/s88365903645700?AQB=1&ndh=1&t=7/3/2017%2014%3A40%3A47%205%200&ce=UTF-8&ns=paypal&pageName=p/gen/cnf/email-password%3A%3A_ece&g=http%3A//www.guzh...
http://paypal.112.2o7.net/b/ss/paypalglobal/1/H.19.3/s88365903645700?AQB=1&pccr=true&vidn=2C73D27785193380-60000608600026DE&&ndh=1&t=7/3/2017%2014%3A40%3A47%205%200&ce=UTF-8&ns=paypal&pageName=p/ge...

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set Connexion.php Show response www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/	9 KB 3 KB	609ms 594ms	Document text/html	2400:cb00:2048:1::681c:183b CloudFlare
General Check archive.org Show headers Download Go to Full URL http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion Protocol HTTP/1.1 Server 2400:cb00:2048:1::681c:183b , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / PHP/5.3.29 Resource Hash `a510b84d73470c229afede5bcd9f6ceea5cdfc53b357c30142705064270561bf` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host www.guzheng.com.my Accept-Language en-US,en;q=0.8 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Cache-Control no-cache Connection keep-alive Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Response headers Date Fri, 07 Apr 2017 14:40:47 GMT Content-Encoding gzip Vary Accept-Encoding,User-Agent Server cloudflare-nginx X-Powered-By PHP/5.3.29 Transfer-Encoding chunked Content-Type text/html Set-Cookie __cfduid=d4998669dc242016676676e583082a33a1491576046; expires=Sat, 07-Apr-18 14:40:46 GMT; path=/; domain=.guzheng.com.my; HttpOnly Connection keep-alive CF-RAY 34bdbe74578964ed-FRA
GET H/1.1	200 OK	global.css www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/files/	60 KB 8 KB	9ms 7ms	Stylesheet text/css	2400:cb00:2048:1::681c:183b CloudFlare
General Check archive.org Show headers Download Go to Full URL http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/files/global.css Requested by Host: www.guzheng.com.my URL: http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion Protocol HTTP/1.1 Server 2400:cb00:2048:1::681c:183b , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `ccf27823816dd9c1674beca235d07d1c65a2dd95ac3e7ec1dbdde0256454bd0f` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host www.guzheng.com.my Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Accept text/css,/;q=0.1 Referer http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion Cookie __cfduid=d4998669dc242016676676e583082a33a1491576046 Connection keep-alive Cache-Control no-cache Referer http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Response headers Date Fri, 07 Apr 2017 14:40:47 GMT Content-Encoding gzip CF-Cache-Status HIT Last-Modified Mon, 27 Mar 2017 12:42:11 GMT Server cloudflare-nginx Vary Accept-Encoding Content-Type text/css Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 34bdbe78212b64ed-FRA Content-Length 8317 Expires Fri, 07 Apr 2017 18:40:47 GMT
GET H/1.1	200 OK	country.css www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/files/	30 B 50 B	17ms 10ms	Stylesheet text/css	2400:cb00:2048:1::681c:193b CloudFlare
General Check archive.org Show headers Download Go to Full URL http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/files/country.css Requested by Host: www.guzheng.com.my URL: http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion Protocol HTTP/1.1 Server 2400:cb00:2048:1::681c:193b , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `c36bef44937289a54acc239aac93f322ac2f1bf4e880e050d4ad80473a16ca4b` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host www.guzheng.com.my Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Accept text/css,/;q=0.1 Referer http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion Cookie __cfduid=d4998669dc242016676676e583082a33a1491576046 Connection keep-alive Cache-Control no-cache Referer http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Response headers Date Fri, 07 Apr 2017 14:40:47 GMT Content-Encoding gzip CF-Cache-Status HIT Last-Modified Mon, 27 Mar 2017 12:42:11 GMT Server cloudflare-nginx Vary Accept-Encoding Content-Type text/css Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 34bdbe7825b12384-FRA Content-Length 50 Expires Fri, 07 Apr 2017 18:40:47 GMT
GET H/1.1	200 OK	global.js Show response www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/files/	47 KB 13 KB	20ms 13ms	Script application/javascript	2400:cb00:2048:1::681c:193b CloudFlare
General Check archive.org Show headers Download Go to Full URL http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/files/global.js Requested by Host: www.guzheng.com.my URL: http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion Protocol HTTP/1.1 Server 2400:cb00:2048:1::681c:193b , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `7d59f3b63ab445337909c76e9f89b039886bc873f48547760898fe8fd17b4571` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host www.guzheng.com.my Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Accept / Referer http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion Cookie __cfduid=d4998669dc242016676676e583082a33a1491576046 Connection keep-alive Cache-Control no-cache Referer http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Response headers Date Fri, 07 Apr 2017 14:40:47 GMT Content-Encoding gzip CF-Cache-Status HIT Last-Modified Mon, 27 Mar 2017 12:42:11 GMT Server cloudflare-nginx Vary Accept-Encoding Content-Type application/javascript Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 34bdbe782104278c-FRA Content-Length 13383 Expires Fri, 07 Apr 2017 18:40:47 GMT
GET H/1.1	200 OK	paypal_logo.gif www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/files/	1 KB 1 KB	8ms 7ms	Image image/gif	2400:cb00:2048:1::681c:193b CloudFlare
General Check archive.org Show headers Download Go to Show image Full URL http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/files/paypal_logo.gif Requested by Host: www.guzheng.com.my URL: http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion Protocol HTTP/1.1 Server 2400:cb00:2048:1::681c:193b , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `87a2207c48e5927d03764ac10a3ebf6425f801e8a71856b36305431d3b41fe71` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host www.guzheng.com.my Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion Cookie __cfduid=d4998669dc242016676676e583082a33a1491576046 Connection keep-alive Cache-Control no-cache Referer http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Response headers Date Fri, 07 Apr 2017 14:40:47 GMT CF-Cache-Status HIT Last-Modified Mon, 27 Mar 2017 12:42:11 GMT Server cloudflare-nginx Vary Accept-Encoding Content-Type image/gif Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 34bdbe785119278c-FRA Content-Length 1071 Expires Fri, 07 Apr 2017 18:40:47 GMT
GET H/1.1	200 OK	pp_naturalsearch.js Show response www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/files/	6 KB 2 KB	8ms 8ms	Script application/javascript	2400:cb00:2048:1::681c:193b CloudFlare
General Check archive.org Show headers Download Go to Full URL http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/files/pp_naturalsearch.js Requested by Host: www.guzheng.com.my URL: http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion Protocol HTTP/1.1 Server 2400:cb00:2048:1::681c:193b , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `568397a8b27bd4417cf61d1491d43ddf5090cad4369d2a48a7379a94a1b9bfa9` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host www.guzheng.com.my Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Accept / Referer http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion Cookie __cfduid=d4998669dc242016676676e583082a33a1491576046 Connection keep-alive Cache-Control no-cache Referer http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Response headers Date Fri, 07 Apr 2017 14:40:47 GMT Content-Encoding gzip CF-Cache-Status HIT Last-Modified Mon, 27 Mar 2017 12:42:11 GMT Server cloudflare-nginx Vary Accept-Encoding Content-Type application/javascript Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 34bdbe7835b92384-FRA Content-Length 2007 Expires Fri, 07 Apr 2017 18:40:47 GMT
GET H/1.1	200 OK	pp_jscode_080706.js Show response www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/files/	29 KB 14 KB	9ms 7ms	Script application/javascript	2400:cb00:2048:1::681c:193b CloudFlare
General Check archive.org Show headers Download Go to Full URL http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/files/pp_jscode_080706.js Requested by Host: www.guzheng.com.my URL: http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion Protocol HTTP/1.1 Server 2400:cb00:2048:1::681c:193b , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `ba7276139b4cd045b416105b0bb857b837c4eb7991a584251ddcb1f643af78c0` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host www.guzheng.com.my Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Accept / Referer http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion Cookie __cfduid=d4998669dc242016676676e583082a33a1491576046 Connection keep-alive Cache-Control no-cache Referer http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Response headers Date Fri, 07 Apr 2017 14:40:47 GMT Content-Encoding gzip CF-Cache-Status HIT Last-Modified Mon, 27 Mar 2017 12:42:11 GMT Server cloudflare-nginx Vary Accept-Encoding Content-Type application/javascript Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 34bdbe7845c32384-FRA Content-Length 14716 Expires Fri, 07 Apr 2017 18:40:47 GMT
GET H/1.1	200 OK	print.css www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/files/	4 KB 786 B	7ms 7ms	Stylesheet text/css	2400:cb00:2048:1::681c:183b CloudFlare
General Check archive.org Show headers Download Go to Full URL http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/files/print.css Requested by Host: www.guzheng.com.my URL: http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion Protocol HTTP/1.1 Server 2400:cb00:2048:1::681c:183b , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `7c18b4d749ec7d193df7be7f9054af4f09418dd2a140e06fe8a9b4902d8a109b` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host www.guzheng.com.my Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Accept text/css,/;q=0.1 Referer http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion Cookie __cfduid=d4998669dc242016676676e583082a33a1491576046 Connection keep-alive Cache-Control no-cache Referer http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Response headers Date Fri, 07 Apr 2017 14:40:47 GMT Content-Encoding gzip CF-Cache-Status HIT Last-Modified Mon, 27 Mar 2017 12:42:11 GMT Server cloudflare-nginx Vary Accept-Encoding Content-Type text/css Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 34bdbe78514464ed-FRA Content-Length 786 Expires Fri, 07 Apr 2017 18:40:47 GMT
GET H/1.1	404 Not Found	Cookie set hdr_search_bg.gif www.paypalobjects.com/WEBSCR-620-20100330-1/en_US/i/pui/core/	373 B 0	269ms 211ms	Image text/html	104.96.4.11 Akamai Technologies
General Check archive.org Show headers Download Go to Show image Full URL https://www.paypalobjects.com/WEBSCR-620-20100330-1/en_US/i/pui/core/hdr_search_bg.gif Requested by Host: www.guzheng.com.my URL: http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.96.4.11 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a104-96-4-11.deploy.static.akamaitechnologies.com Software Apache / Resource Hash `3a82ad3843ca77f937a1c61cb135a02bd7be6fc90626f9dd2652518dc55c9ebf` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch, br Host www.paypalobjects.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/files/global.css Connection keep-alive Cache-Control no-cache Referer http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/files/global.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Response headers Pragma no-cache Date Fri, 07 Apr 2017 14:40:47 GMT Server Apache P3P CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI" Connection keep-alive Content-Type text/html; charset=iso-8859-1 Cache-Control max-age=0, no-cache, no-store Set-Cookie PYPF=CT; expires=Fri, 05-May-2017 14:40:47 GMT; path=/; domain=.paypalobjects.com Content-Length 373 Expires Fri, 07 Apr 2017 14:40:47 GMT
GET H/1.1	404 Not Found	Cookie set btn_bg_sprite.gif www.paypalobjects.com/WEBSCR-620-20100330-1/en_US/i/pui/core/	373 B 0	263ms 207ms	Image text/html	104.96.4.11 Akamai Technologies
General Check archive.org Show headers Download Go to Show image Full URL https://www.paypalobjects.com/WEBSCR-620-20100330-1/en_US/i/pui/core/btn_bg_sprite.gif Requested by Host: www.guzheng.com.my URL: http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.96.4.11 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a104-96-4-11.deploy.static.akamaitechnologies.com Software Apache / Resource Hash `0acf873ad6cb29db53ee5dd4a182913681dd20d020ab21bb18621f063726e92a` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch, br Host www.paypalobjects.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/files/global.css Connection keep-alive Cache-Control no-cache Referer http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/files/global.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Response headers Pragma no-cache Date Fri, 07 Apr 2017 14:40:47 GMT Server Apache P3P CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI" Connection keep-alive Content-Type text/html; charset=iso-8859-1 Cache-Control max-age=0, no-cache, no-store Set-Cookie PYPF=CT; expires=Fri, 05-May-2017 14:40:47 GMT; path=/; domain=.paypalobjects.com Content-Length 373 Expires Fri, 07 Apr 2017 14:40:47 GMT
GET H/1.1	404 Not Found	Cookie set nav_sprite.gif www.paypalobjects.com/WEBSCR-620-20100330-1/en_US/i/pui/core/	370 B 0	264ms 207ms	Image text/html	104.96.4.11 Akamai Technologies
General Check archive.org Show headers Download Go to Show image Full URL https://www.paypalobjects.com/WEBSCR-620-20100330-1/en_US/i/pui/core/nav_sprite.gif Requested by Host: www.guzheng.com.my URL: http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.96.4.11 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a104-96-4-11.deploy.static.akamaitechnologies.com Software Apache / Resource Hash `b14490b59c5123956875bf34e553d721bd43ae99e5b80a376eb15a9593710b48` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch, br Host www.paypalobjects.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/files/global.css Connection keep-alive Cache-Control no-cache Referer http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/files/global.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Response headers Pragma no-cache Date Fri, 07 Apr 2017 14:40:47 GMT Server Apache P3P CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI" Connection keep-alive Content-Type text/html; charset=iso-8859-1 Cache-Control max-age=0, no-cache, no-store Set-Cookie PYPF=CT; expires=Fri, 05-May-2017 14:40:47 GMT; path=/; domain=.paypalobjects.com Content-Length 370 Expires Fri, 07 Apr 2017 14:40:47 GMT
GET H/1.1	200 OK	Cookie set s88365903645700 paypal.112.2o7.net/b/ss/paypalglobal/1/H.19.3/ Redirect Chain http://paypal.112.2o7.net/b/ss/paypalglobal/1/H.19.3/s88365903645700?AQB=1&ndh=1&t=7/3/2017%2014%3A40%3A47%205%200&ce=UTF-8&ns=paypal&pageName=p/gen/cnf/email-password%3A%3A_ece&g=http%3A//www.guzh... http://paypal.112.2o7.net/b/ss/paypalglobal/1/H.19.3/s88365903645700?AQB=1&pccr=true&vidn=2C73D27785193380-60000608600026DE&&ndh=1&t=7/3/2017%2014%3A40%3A47%205%200&ce=UTF-8&ns=paypal&pageName=p/ge...	43 B 43 B	170ms 169ms	Image image/gif	66.235.138.193 Adobe Systems Inc.
General Check archive.org Show headers Download Go to Show image Full URL http://paypal.112.2o7.net/b/ss/paypalglobal/1/H.19.3/s88365903645700?AQB=1&pccr=true&vidn=2C73D27785193380-60000608600026DE&&ndh=1&t=7/3/2017%2014%3A40%3A47%205%200&ce=UTF-8&ns=paypal&pageName=p/gen/cnf/email-password%3A%3A_ece&g=http%3A//www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/connexion.php%3Fcmd%3D_connexion&cc=USD&ch=p/gen/cnf/email-password&c1=p/gen/cnf/email-password&c7=unknown&c8=unknown&c9=unknown&c10=fr&c17=pp-mot%20de%20passe%20-%20paypal-pp&c19=p/gen/cnf/email-password%3A%3A_ece&c30=value%20not%20set&c31=value%20not%20set&c34=paypalcredit%3Aservicing%3Aco%3Anotransactions&c36=http%3A//www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f&c47=p/gen/cnf/email-password%3A%3A_ece&c50=fr_fr&s=1600x1200&c=24&j=1.6&v=N&k=N&bw=1598&bh=1132&p=Chrome%20PDF%20Viewer%3BShockwave%20Flash%3BWidevine%20Content%20Decryption%20Module%3BNative%20Client%3B&AQE=1 Requested by Host: www.guzheng.com.my URL: http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion Protocol HTTP/1.1 Server 66.235.138.193 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US), Reverse DNS .112.2o7.net Software Omniture DC/2.0.0 / Resource Hash* `a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host paypal.112.2o7.net Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion Cookie s_vi=[CS]v1\|2C73D27785193380-60000608600026DE[CE] Connection keep-alive Cache-Control no-cache Referer http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Response headers Date Fri, 07 Apr 2017 14:40:47 GMT X-C ms-5.1.0 P3P policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" Connection Keep-Alive Content-Length 43 Pragma no-cache Last-Modified Sat, 08 Apr 2017 14:40:47 GMT Server Omniture DC/2.0.0 xserver www68 ETag "58E7A4EF-2368-69D443C1" Vary * Content-Type image/gif Access-Control-Allow-Origin * Cache-Control no-cache, no-store, max-age=0, no-transform, private Set-Cookie s_vi=[CS]v1\|2C73D27785193380-60000608600026DE[CE]; Expires=Sun, 7 Apr 2019 14:40:47 GMT; Domain=paypal.112.2o7.net; Path=/ Keep-Alive timeout=15 Expires Thu, 06 Apr 2017 14:40:47 GMT Redirect headers Date Fri, 07 Apr 2017 14:40:47 GMT Access-Control-Allow-Origin * X-C ms-5.1.0 P3P policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" Connection Keep-Alive Content-Length 0 Pragma no-cache Last-Modified Sat, 08 Apr 2017 14:40:47 GMT Server Omniture DC/2.0.0 xserver www2467 Content-Type text/plain Location http://paypal.112.2o7.net/b/ss/paypalglobal/1/H.19.3/s88365903645700?AQB=1&pccr=true&vidn=2C73D27785193380-60000608600026DE&&ndh=1&t=7/3/2017%2014%3A40%3A47%205%200&ce=UTF-8&ns=paypal&pageName=p/gen/cnf/email-password%3A%3A_ece&g=http%3A//www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/connexion.php%3Fcmd%3D_connexion&cc=USD&ch=p/gen/cnf/email-password&c1=p/gen/cnf/email-password&c7=unknown&c8=unknown&c9=unknown&c10=fr&c17=pp-mot%20de%20passe%20-%20paypal-pp&c19=p/gen/cnf/email-password%3A%3A_ece&c30=value%20not%20set&c31=value%20not%20set&c34=paypalcredit%3Aservicing%3Aco%3Anotransactions&c36=http%3A//www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f&c47=p/gen/cnf/email-password%3A%3A_ece&c50=fr_fr&s=1600x1200&c=24&j=1.6&v=N&k=N&bw=1598&bh=1132&p=Chrome%20PDF%20Viewer%3BShockwave%20Flash%3BWidevine%20Content%20Decryption%20Module%3BNative%20Client%3B&AQE=1 Cache-Control no-cache, no-store, max-age=0, no-transform, private Set-Cookie s_vi=[CS]v1\|2C73D27785193380-60000608600026DE[CE]; Expires=Sun, 7 Apr 2019 14:40:47 GMT; Domain=paypal.112.2o7.net; Path=/ Keep-Alive timeout=15 Expires Thu, 06 Apr 2017 14:40:47 GMT
GET H/1.1	404 Not Found	pp_favicon_x.ico www.paypalobjects.com/WEBSCR-580-20090807-1/en_US/i/icon/	368 B 368 B	210ms 210ms	Other text/html	104.96.4.11 Akamai Technologies
General Check archive.org Show headers Download Go to Full URL https://www.paypalobjects.com/WEBSCR-580-20090807-1/en_US/i/icon/pp_favicon_x.ico Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.96.4.11 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a104-96-4-11.deploy.static.akamaitechnologies.com Software Apache / Resource Hash `46783421e61d1194fd78ae4e96b4a2d1a52ddebca80f8d861d91101a8d8ee97e` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch, br Host www.paypalobjects.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion Cookie PYPF=CT Connection keep-alive Cache-Control no-cache Referer http://www.guzheng.com.my/components/com_newsfeeds/views/categories/tmpl/regional/25b673da491afafd6f81d29f2b975e05/Connexion.php?cmd=_Connexion User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Response headers Pragma no-cache Date Fri, 07 Apr 2017 14:40:48 GMT Server Apache Content-Type text/html; charset=iso-8859-1 Cache-Control max-age=0, no-cache, no-store Connection keep-alive Content-Length 368 Expires Fri, 07 Apr 2017 14:40:48 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.guzheng.com.my/	2018-04-07 14:40:46	Name: __cfduid Value: d4998669dc242016676676e583082a33a1491576046

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

paypal.112.2o7.net
www.guzheng.com.my
www.paypalobjects.com
104.96.4.11
2400:cb00:2048:1::681c:183b
2400:cb00:2048:1::681c:193b
66.235.138.193
0acf873ad6cb29db53ee5dd4a182913681dd20d020ab21bb18621f063726e92a
3a82ad3843ca77f937a1c61cb135a02bd7be6fc90626f9dd2652518dc55c9ebf
46783421e61d1194fd78ae4e96b4a2d1a52ddebca80f8d861d91101a8d8ee97e
568397a8b27bd4417cf61d1491d43ddf5090cad4369d2a48a7379a94a1b9bfa9
7c18b4d749ec7d193df7be7f9054af4f09418dd2a140e06fe8a9b4902d8a109b
7d59f3b63ab445337909c76e9f89b039886bc873f48547760898fe8fd17b4571
87a2207c48e5927d03764ac10a3ebf6425f801e8a71856b36305431d3b41fe71
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a510b84d73470c229afede5bcd9f6ceea5cdfc53b357c30142705064270561bf
b14490b59c5123956875bf34e553d721bd43ae99e5b80a376eb15a9593710b48
ba7276139b4cd045b416105b0bb857b837c4eb7991a584251ddcb1f643af78c0
c36bef44937289a54acc239aac93f322ac2f1bf4e880e050d4ad80473a16ca4b
ccf27823816dd9c1674beca235d07d1c65a2dd95ac3e7ec1dbdde0256454bd0f

www.guzheng.com.my Open in urlscan Pro 2400:cb00:2048:1::681c:183b Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

13 Requests

31 %HTTPS

50 %IPv6

3 Domains

3 Subdomains

4 IPs

2 Countries

43 kBTransfer

156 kBSize

1 Cookies

1 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Indicators

www.guzheng.com.my Open in urlscan Pro
2400:cb00:2048:1::681c:183b Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

31 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

43 kB
Transfer

156 kB
Size

1
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!