resolved-remindrlmtedaccount.politicsoftheunitedstates.com Open in urlscan Pro
190.92.137.198 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/MWFxPp1CZu?EAEAEA252581
Effective URL:
https://resolved-remindrlmtedaccount.politicsoftheunitedstates.com/de4a5085a7fcebac6ab0fb7325474bbd/a2856fd7e8e9dfd8ec67b4b946df65c5.aspx
Submission Tags: phishing malicious Search All
Submission: On December 21 via api (December 21st 2022, 8:02:48 pm UTC) from US — Scanned from DE

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 5 domains to perform 8 HTTP transactions. The main IP is 190.92.137.198, located in United States and belongs to A2HOSTING, US. The main domain is resolved-remindrlmtedaccount.politicsoftheunitedstates.com.
TLS certificate: Issued by R3 on December 21st 2022. Valid for: 3 months.

This is the only time resolved-remindrlmtedaccount.politicsoftheunitedstates.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1 1	99.86.4.56 99.86.4.56	16509 (AMAZON-02) (AMAZON-02)
1 3	190.92.137.198 190.92.137.198	55293 (A2HOSTING) (A2HOSTING)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2a	20446 (STACKPATH...) (STACKPATH-CDN)
4	151.101.2.133 151.101.2.133	54113 (FASTLY) (FASTLY)
8	4

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.56 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-56.fra6.r.cloudfront.net

qrs.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 190.92.137.198 (United States) 1 redirects

ASN55293 (A2HOSTING, US)
PTR: server.kebojungkel.net

resolved-remindrlmtedaccount.politicsoftheunitedstates.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.2.133 (United States)

ASN54113 (FASTLY, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2008	148 KB
3	politicsoftheunitedstates.com 1 redirects resolved-remindrlmtedaccount.politicsoftheunitedstates.com	152 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 686	31 KB
1	qrs.ly 1 redirects qrs.ly — Cisco Umbrella Rank: 348867	469 B
1	t.co t.co — Cisco Umbrella Rank: 521	549 B
8	5

	Domain	Requested by
4	www.paypalobjects.com	resolved-remindrlmtedaccount.politicsoftheunitedstates.com
3	resolved-remindrlmtedaccount.politicsoftheunitedstates.com	1 redirects t.co resolved-remindrlmtedaccount.politicsoftheunitedstates.com
1	code.jquery.com	resolved-remindrlmtedaccount.politicsoftheunitedstates.com
1	qrs.ly	1 redirects
1	t.co
8	5

This site contains no links.

Subject Issuer	Validity	Valid
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
resolved-remindrlmtedaccount.politicsoftheunitedstates.com R3	`2022-12-21` - `2023-03-21`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
www.paypalobjects.com DigiCert SHA2 Extended Validation Server CA	`2022-10-13` - `2023-11-13`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://resolved-remindrlmtedaccount.politicsoftheunitedstates.com/de4a5085a7fcebac6ab0fb7325474bbd/a2856fd7e8e9dfd8ec67b4b946df65c5.aspx
Frame ID: B7EA0C60AE50F1DC65A5CC79313B4FBC
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Melden Sie sich bei Ihrem PayPal-Konto an

Page URL History Show full URLs

https://t.co/MWFxPp1CZu?EAEAEA252581 Page URL
https://qrs.ly/8tebo7k?aa HTTP 302
https://resolved-remindrlmtedaccount.politicsoftheunitedstates.com/?deva HTTP 302
https://resolved-remindrlmtedaccount.politicsoftheunitedstates.com/de4a5085a7fcebac6ab0fb7325474bbd/a2856fd7e8e9dfd8ec67b4b946df65c5.aspx Page URL

Detected technologies

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

\.aspx?(?:$|\?)

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

100 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

331 kB
Transfer

385 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/MWFxPp1CZu?EAEAEA252581 Page URL
https://qrs.ly/8tebo7k?aa HTTP 302
https://resolved-remindrlmtedaccount.politicsoftheunitedstates.com/?deva HTTP 302
https://resolved-remindrlmtedaccount.politicsoftheunitedstates.com/de4a5085a7fcebac6ab0fb7325474bbd/a2856fd7e8e9dfd8ec67b4b946df65c5.aspx Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 MWFxPp1CZu
t.co/ 230 B
549 B 144ms
121ms Document
text/html 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/MWFxPp1CZu?EAEAEA252581

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,max-age=300
content-encoding: gzip
content-length: 176
content-type: text/html; charset=utf-8
date: Wed, 21 Dec 2022 20:02:40 GMT
expires: Wed, 21 Dec 2022 20:07:41 GMT
perf: 7626143928
server: tsa_o
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: 88cd7eb1648d9ea49fc54ce39a73018d8b7599f844535988755e654714a5fcd2
x-response-time: 113
x-transaction-id: 76a55a1b8f74e7a9
x-xss-protection: 0

GET
H2

200

Primary Request a2856fd7e8e9dfd8ec67b4b946df65c5.aspx Show response
resolved-remindrlmtedaccount.politicsoftheunitedstates.com/de4a5085a7fcebac6ab0fb7325474bbd/
Redirect Chain

https://qrs.ly/8tebo7k?aa
https://resolved-remindrlmtedaccount.politicsoftheunitedstates.com/?deva
https://resolved-remindrlmtedaccount.politicsoftheunitedstates.com/de4a5085a7fcebac6ab0fb7325474bbd/a2856fd7e8e9dfd8ec67b4b946df65c5.aspx

5 KB
5 KB

191ms
191ms

Document
text/html

190.92.137.198
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://resolved-remindrlmtedaccount.politicsoftheunitedstates.com/de4a5085a7fcebac6ab0fb7325474bbd/a2856fd7e8e9dfd8ec67b4b946df65c5.aspx

Requested by

Host: t.co
URL: https://t.co/MWFxPp1CZu?EAEAEA252581

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.92.137.198 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

server.kebojungkel.net

Software

Apache /

Resource Hash

700d1a869448205b4dcd4398018b185c101a626d16eab52cfdaa47ba8b533cd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://t.co/MWFxPp1CZu?EAEAEA252581
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-type: text/html;charset=UTF-8
date: Wed, 21 Dec 2022 20:02:43 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 21 Dec 2022 20:02:42 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: ./de4a5085a7fcebac6ab0fb7325474bbd/a2856fd7e8e9dfd8ec67b4b946df65c5.aspx
pragma: no-cache
server: Apache
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

GET
H2 200 asset@css_login.css
resolved-remindrlmtedaccount.politicsoftheunitedstates.com/de4a5085a7fcebac6ab0fb7325474bbd/ 146 KB
147 KB 191ms
190ms Stylesheet
text/css 190.92.137.198
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://resolved-remindrlmtedaccount.politicsoftheunitedstates.com/de4a5085a7fcebac6ab0fb7325474bbd/asset@css_login.css

Requested by

Host: resolved-remindrlmtedaccount.politicsoftheunitedstates.com
URL: https://resolved-remindrlmtedaccount.politicsoftheunitedstates.com/de4a5085a7fcebac6ab0fb7325474bbd/a2856fd7e8e9dfd8ec67b4b946df65c5.aspx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.92.137.198 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

server.kebojungkel.net

Software

Apache /

Resource Hash

38ba2de692840ff661c2df4a66f34216481ca3c169ee581300480c639ff70fc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://resolved-remindrlmtedaccount.politicsoftheunitedstates.com/de4a5085a7fcebac6ab0fb7325474bbd/a2856fd7e8e9dfd8ec67b4b946df65c5.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=63072000; includeSubDomains
date: Wed, 21 Dec 2022 20:02:43 GMT
x-content-type-options: nosniff
server: Apache
x-frame-options: SAMEORIGIN
content-type: text/css;charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 jquery-3.5.1.min.js Show response
code.jquery.com/ 87 KB
31 KB 93ms
21ms Script
application/javascript 2001:4de0:ac18::1:a:2a
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.5.1.min.js
Requested by: Host: resolved-remindrlmtedaccount.politicsoftheunitedstates.com
URL: https://resolved-remindrlmtedaccount.politicsoftheunitedstates.com/de4a5085a7fcebac6ab0fb7325474bbd/a2856fd7e8e9dfd8ec67b4b946df65c5.aspx
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://resolved-remindrlmtedaccount.politicsoftheunitedstates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 20:02:43 GMT
content-encoding: gzip
x-sp-metadata: HS256.CPPojZ0GEokBCiRjYjBiYjI1Yi03Y2FmLTRlMTctOTI0MC0wM2VhYzY0ZTMxN2EQ+OiCoKvU+wIaBgjjzI2dBiIOMmEwMTo0YTA6MmI6Ojgo6o4DMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogM2U5YjIwNjEwMDk4YjZjOWJmZjk1Mzg1NmU1ODAxNmEaLAgBEiQzZDA0MGFhZi0zYzFiLTQ3NGEtOGYyOS0wZTc1NWQ1ZmU4ZDUYn/EBIhgIAhIUY2RzMjgwLmZyOC5od2Nkbi5uZXQ=.uZ/bCSrKM3vlWPi1pLmT6H8D9/KvNrDmo6ECfpwYIZI=
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
etag: W/"28feccc0-15d84"
vary: Accept-Encoding
x-hw: 1671652963.dop101.fr8.t,1671652963.cds240.fr8.hn,1671652963.cds280.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30879

GET
H2 200 momgram@2x.png
www.paypalobjects.com/images/shared/ 2 KB
2 KB 42ms
7ms Image
image/png 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/images/shared/momgram@2x.png

Requested by

Host: resolved-remindrlmtedaccount.politicsoftheunitedstates.com
URL: https://resolved-remindrlmtedaccount.politicsoftheunitedstates.com/de4a5085a7fcebac6ab0fb7325474bbd/asset@css_login.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b3f1bf1d5e25838bcad8535a2b700486644f4ea888e46c77d3e82783cb9da1b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://resolved-remindrlmtedaccount.politicsoftheunitedstates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 20:02:44 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
x-cache: HIT, HIT
fastly-io-info: ifsz=1996 idim=60x74 ifmt=png ofsz=1768 odim=60x74 ofmt=png
paypal-debug-id: 45a424a496421
fastly-stats: io=1
dc: ccg11-origin-www-1.paypal.com
content-length: 1768
x-served-by: cache-sjc10028-SJC, cache-hhn-etou8220077-HHN
traceparent: 00-000000000000000000045a424a496421-f28cd3b92d3596e3-01
x-timer: S1671652964.035458,VS0,VE0
etag: "LHps6R8Wex/Pe402WtH8JutIg2gfHBaSzwZJf+zZHlM"
content-type: image/png
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits: 6042, 2092

GET
H2 200 PayPalSansSmall-Regular.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ 46 KB
47 KB 43ms
9ms Font
font/woff 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/PayPalSansSmall-Regular.woff

Requested by

Host: resolved-remindrlmtedaccount.politicsoftheunitedstates.com
URL: https://resolved-remindrlmtedaccount.politicsoftheunitedstates.com/de4a5085a7fcebac6ab0fb7325474bbd/asset@css_login.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://resolved-remindrlmtedaccount.politicsoftheunitedstates.com/
Origin: https://resolved-remindrlmtedaccount.politicsoftheunitedstates.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 20:02:44 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
x-cache: HIT, HIT
paypal-debug-id: 3e57b78193ac3
dc: ccg11-origin-www-1.paypal.com
content-length: 47339
x-served-by: cache-sjc10066-SJC, cache-hhn-etou8220043-HHN
last-modified: Wed, 30 Sep 2015 05:09:04 GMT
x-timer: S1671652964.036433,VS0,VE0
etag: "560b6e70-b8eb"
content-type: font/woff
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits: 23652, 7339

GET
H2 200 PayPalSansBig-Medium.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ 50 KB
50 KB 41ms
10ms Font
font/woff 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/PayPalSansBig-Medium.woff

Requested by

Host: resolved-remindrlmtedaccount.politicsoftheunitedstates.com
URL: https://resolved-remindrlmtedaccount.politicsoftheunitedstates.com/de4a5085a7fcebac6ab0fb7325474bbd/asset@css_login.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ba20c92df54a4333cc16983eb8c0043e0ea8781319e03edcf6d5093cd109cf43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://resolved-remindrlmtedaccount.politicsoftheunitedstates.com/
Origin: https://resolved-remindrlmtedaccount.politicsoftheunitedstates.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 20:02:44 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
x-cache: HIT, HIT
paypal-debug-id: 4641afce1750d
dc: ccg11-origin-www-1.paypal.com
content-length: 51051
x-served-by: cache-sjc10047-SJC, cache-hhn-etou8220043-HHN
last-modified: Wed, 30 Sep 2015 05:09:04 GMT
traceparent: 00-00000000000000000004641afce1750d-4d0a3120ebd3db51-01
x-timer: S1671652964.036435,VS0,VE0
etag: "560b6e70-c76b"
content-type: font/woff
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits: 29362, 4

GET
H2 200 PayPalSansBig-Regular.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ 49 KB
49 KB 42ms
10ms Font
font/woff 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/PayPalSansBig-Regular.woff

Requested by

Host: resolved-remindrlmtedaccount.politicsoftheunitedstates.com
URL: https://resolved-remindrlmtedaccount.politicsoftheunitedstates.com/de4a5085a7fcebac6ab0fb7325474bbd/asset@css_login.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4d5c29e41277f543455e865a69634f17a2846fd001553890d5801379df3a7c47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://resolved-remindrlmtedaccount.politicsoftheunitedstates.com/
Origin: https://resolved-remindrlmtedaccount.politicsoftheunitedstates.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 20:02:44 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
x-cache: HIT, HIT
paypal-debug-id: e5fe70db9e689
dc: phx-origin-www-3.paypal.com
content-length: 50031
x-served-by: cache-sjc10069-SJC, cache-hhn-etou8220043-HHN
last-modified: Wed, 30 Sep 2015 05:09:04 GMT
x-timer: S1671652964.036415,VS0,VE0
etag: "560b6e70-c36f"
content-type: font/woff
access-control-allow-origin: *
cache-control: public,max-age=3600
accept-ranges: bytes
x-cache-hits: 611834, 3

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| $ function| jQuery

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.t.co/	1970-01-20 17:51:07	Name: muc Value: 4d993ab5-4589-47af-a20d-6c731462aed0
qrs.ly/	1969-12-31 23:59:59	Name: PHPSESSID Value: 22517512c8b26993083a92217544d4f9
resolved-remindrlmtedaccount.politicsoftheunitedstates.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: dd07f7683b742171b55cc1b6b94adf6d

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
qrs.ly
resolved-remindrlmtedaccount.politicsoftheunitedstates.com
t.co
www.paypalobjects.com
104.244.42.133
151.101.2.133
190.92.137.198
2001:4de0:ac18::1:a:2a
99.86.4.56
38ba2de692840ff661c2df4a66f34216481ca3c169ee581300480c639ff70fc9
4d5c29e41277f543455e865a69634f17a2846fd001553890d5801379df3a7c47
700d1a869448205b4dcd4398018b185c101a626d16eab52cfdaa47ba8b533cd1
ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8
b3f1bf1d5e25838bcad8535a2b700486644f4ea888e46c77d3e82783cb9da1b4
ba20c92df54a4333cc16983eb8c0043e0ea8781319e03edcf6d5093cd109cf43
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

resolved-remindrlmtedaccount.politicsoftheunitedstates.com Open in urlscan Pro 190.92.137.198 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

20 %IPv6

5 Domains

5 Subdomains

4 IPs

2 Countries

331 kBTransfer

385 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

3 Cookies

Security Headers

Indicators

resolved-remindrlmtedaccount.politicsoftheunitedstates.com Open in urlscan Pro
190.92.137.198 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

331 kB
Transfer

385 kB
Size

3
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!