boosting24.altervista.org Open in urlscan Pro
104.18.38.234 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://boosting24.altervista.org/index.html
Submission: On September 10 via manual (September 10th 2017, 2:38:02 pm UTC) from US

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 12 HTTP transactions. The main IP is 104.18.38.234, located in San Francisco, United States and belongs to CLOUDFLARENET - CloudFlare, Inc., US. The main domain is boosting24.altervista.org.

This is the only time boosting24.altervista.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
3	104.18.38.234 104.18.38.234	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
3	92.123.92.235 92.123.92.235	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	95.101.242.51 95.101.242.51	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1 2	176.120.18.70 176.120.18.70	198911 (BML-AS) (BML-AS)
12	5

3 104.18.38.234 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

boosting24.altervista.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 92.123.92.235 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a92-123-92-235.deploy.akamaitechnologies.com

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 95.101.242.51 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-101-242-51.deploy.akamaitechnologies.com

t.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 176.120.18.70 (United States) 1 redirects

ASN198911 (BML-AS, US)

b.stats.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dub.stats.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	paypal.com 1 redirects t.paypal.com c.paypal.com b.stats.paypal.com dub.stats.paypal.com	18 KB
3	paypalobjects.com www.paypalobjects.com	24 KB
3	altervista.org boosting24.altervista.org	19 KB
0	Failed function sub() { [native code] }. Failed
12	4

	Domain	Requested by
3	www.paypalobjects.com	boosting24.altervista.org
3	boosting24.altervista.org	boosting24.altervista.org
2	t.paypal.com	boosting24.altervista.org
1	dub.stats.paypal.com
1	b.stats.paypal.com	1 redirects
1	c.paypal.com	boosting24.altervista.org c.paypal.com
0	192.55.233.1 Failed	boosting24.altervista.org
12	7

This site contains no links.

Subject Issuer	Validity	Valid
www.paypalobjects.com Symantec Class 3 EV SSL CA - G3	`2017-07-11` - `2019-09-02`	2 years	crt.sh
www.paypal.com Symantec Class 3 EV SSL CA - G3	`2016-02-02` - `2017-10-30`	2 years	crt.sh
b.stats.paypal.com DigiCert SHA2 Extended Validation Server CA	`2016-03-19` - `2018-03-23`	2 years	crt.sh

This page contains 3 frames:

Primary Page: http://boosting24.altervista.org/index.html
Frame ID: 8858.1
Requests: 10 HTTP requests in this frame

Frame: https://dub.stats.paypal.com/counter2.cgi
Frame ID: 8858.4
Requests: 1 HTTP requests in this frame

Frame: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
Frame ID: 8858.5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Page Statistics

12
Requests

50 %
HTTPS

0 %
IPv6

4
Domains

7
Subdomains

5
IPs

2
Countries

61 kB
Transfer

215 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8

https://b.stats.paypal.com/v1/counter.cgi?r=cD03NjEwMDEwODI0MTg0Y2NmOTIzNzAyZjliOTU0M2IyZCZpPTkzLjE0OS4xNTQuMTU0JnQ9MTUwNTA0NjY4My4yOTMmYT0yMSZzPVVOSUZJRURfTE9HSU4CuQMaD_h3xEh5Ig5hm4qX_kfdNw HTTP 302
https://dub.stats.paypal.com/counter2.cgi

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.html Show response boosting24.altervista.org/	55 KB 17 KB	85ms 53ms	Document text/html	104.18.38.234 CloudFlare
General Check archive.org Show headers Download Go to Full URL http://boosting24.altervista.org/index.html Protocol HTTP/1.1 Server 104.18.38.234 San Francisco, United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `e7d0c7c0e79792320feb88b11590378f7bf618f6a76c86882e37acf29bde705a` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sun, 10 Sep 2017 14:37:51 GMT Content-Encoding gzip Last-Modified Sun, 10 Sep 2017 12:35:01 GMT Server cloudflare-nginx Vary Accept-Encoding Content-Type text/html Transfer-Encoding chunked Connection keep-alive CF-RAY 39c320af31f56457-FRA
GET S	200	contextualLogin.css www.paypalobjects.com/web/res/d4e/acbd9e1d7c65ad892ddc260f628e8/css/	59 KB 11 KB	25ms 8ms	Stylesheet text/css	92.123.92.235 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www.paypalobjects.com/web/res/d4e/acbd9e1d7c65ad892ddc260f628e8/css/contextualLogin.css Requested by Host: boosting24.altervista.org URL: http://boosting24.altervista.org/index.html Protocol SPDY Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.123.92.235 , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a92-123-92-235.deploy.akamaitechnologies.com Software Apache / Resource Hash `5c574a7e4f073382e0b5626d6cebac62ef47eea7946632ceba5ef20cb9b62f47` Request headers Referer http://boosting24.altervista.org/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers date Sun, 10 Sep 2017 14:37:51 GMT content-encoding gzip last-modified Thu, 07 Sep 2017 21:17:34 GMT server Apache vary Accept-Encoding content-type text/css status 200 cache-control max-age=7776000 accept-ranges bytes content-length 10877 expires Sat, 09 Dec 2017 14:37:51 GMT
GET S	200	pa.js Show response www.paypalobjects.com/pa/js/min/	34 KB 9 KB	11ms 8ms	Script application/x-javascript	92.123.92.235 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www.paypalobjects.com/pa/js/min/pa.js Requested by Host: boosting24.altervista.org URL: http://boosting24.altervista.org/index.html Protocol SPDY Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.123.92.235 , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a92-123-92-235.deploy.akamaitechnologies.com Software Apache / Resource Hash `f57532babdb4626effc5887a4f01a20df5819d6039bb4448a44b3096ab1770db` Request headers Referer http://boosting24.altervista.org/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers date Sun, 10 Sep 2017 14:37:51 GMT x-pad avoid browser bug last-modified Tue, 13 Jun 2017 05:20:48 GMT server Apache vary Accept-Encoding content-type application/x-javascript status 200 cache-control max-age=3600 accept-ranges bytes content-encoding gzip content-length 9144 expires Sun, 10 Sep 2017 15:37:51 GMT
GET S	200	paypal-logo-129x32.svg www.paypalobjects.com/images/shared/	5 KB 5 KB	6ms 6ms	Image image/svg+xml	92.123.92.235 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www.paypalobjects.com/images/shared/paypal-logo-129x32.svg Requested by Host: boosting24.altervista.org URL: http://boosting24.altervista.org/index.html Protocol SPDY Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.123.92.235 , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a92-123-92-235.deploy.akamaitechnologies.com Software Apache / Resource Hash `b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5` Request headers Referer https://www.paypalobjects.com/web/res/d4e/acbd9e1d7c65ad892ddc260f628e8/css/contextualLogin.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers date Sun, 10 Sep 2017 14:37:51 GMT last-modified Fri, 24 Oct 2014 22:52:57 GMT server Apache status 200 vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * accept-ranges bytes content-length 4945 expires Tue, 10 Oct 2017 14:37:51 GMT
GET H/1.1	200 OK	ts t.paypal.com/	42 B 42 B	380ms 355ms	Image image/gif	95.101.242.51 Akamai Technologies
General Check archive.org Show headers Download Go to Show image Full URL http://t.paypal.com/ts?v=1.1.8&t=1505054271989&g=0&e=im&pgrp=main%3Aunifiedlogin%3A%3A%3Alogin&page=main%3Aunifiedlogin%3A%3A%3Alogin%3A%3A%3A&tmpl=unifiedloginnodeweb%2Fpublic%2Ftemplates%2FcontextualLoginView%2Fsignin.dust&pgst=1505046683211&calc=33fefd172c966&rsta=it_IT&pgtf=Nodejs&s=ci&csci=04ed3830020541299f1eafcc77ab95a0&comp=unifiedloginnodeweb&tsrce=unifiedloginnodeweb&transition_name=process_ul_browser_render&xe=2322%2C2923&xt=5566%2C6992&fn_sync_enabled=Y&ctx_login_ot_content=1&obex=signin&landing_page=login&state_name=LOGIN_UL&ctx_login_ctxid_fetch=ctxid-not-exist&ctx_login_content_fetch=success&ctx_login_lang_footer=shown&ctx_login_signup_btn=shown%7Cdefault&ctx_login_intent=signin&ctx_login_flow=Signin&ctx_login_state_transition=login_loaded&view=%7B%22t10%22%3A33%2C%22t14%22%3A1505054271844%2C%22t11%22%3A142.2%7D&pt=Accedi%20al%20tuo%20conto%20PayPal&cd=24&sw=1600&sh=1200&dw=1600&dh=1200&bw=1600&bh=1200&ce=1&t1=33&t1c=33&t1d=26&t1s=0&t2=54&t3=16&t4d=0&t4=0&t4e=0&tt=0&teal=bRC72ShSs7zayaZO0Cm1sJ%252BRJS0oCwmIbwna%252F%252FTPJEGNjUEbISD7Y0dOdrWj7rZ7TurePdxyaCLQgWkEnZiwbdAdqG83w%252Bgb_15e6bc5de4b&res=%7B%22css%22%3A%7B%22t9%22%3A27.6%2C%22t12%22%3A27.6%2C%22t13%22%3A0%2C%22cnt%22%3A1%7D%2C%22scr%22%3A%7B%22t9%22%3A11%2C%22t12%22%3A11%2C%22t13%22%3A0%2C%22cnt%22%3A1%7D%7D Requested by Host: boosting24.altervista.org URL: http://boosting24.altervista.org/index.html Protocol HTTP/1.1 Server 95.101.242.51 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a95-101-242-51.deploy.akamaitechnologies.com Software Apache-Coyote/1.1 / Resource Hash `6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93` Request headers Referer http://boosting24.altervista.org/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Pragma no-cache Date Sun, 10 Sep 2017 14:37:52 GMT Server Apache-Coyote/1.1 P3P policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM" Cache-Control max-age=0, no-cache, no-store Rlogid dAtg9JLNmFvBOoWty0zBuIwCmEBt7pfm9zQbxIa6hSokmcgiEnzFn80t826bP1NBRxZE8TBgYvIXQAz5t%2F1K0npVaT3Mobes7vC7XDfugU0_15e6c39ab12 Connection keep-alive Content-Type image/gif Content-Length 42 Expires Sun, 10 Sep 2017 14:37:52 GMT
GET H/1.1	404 Not Found	challenge.js Show response boosting24.altervista.org/auth/createchallenge/65382024a6a10dde/	2 KB 989 B	66ms 66ms	XHR text/html	104.18.38.234 CloudFlare
General Check archive.org Show headers Download Go to Full URL http://boosting24.altervista.org/auth/createchallenge/65382024a6a10dde/challenge.js Requested by Host: boosting24.altervista.org URL: http://boosting24.altervista.org/index.html Protocol HTTP/1.1 Server 104.18.38.234 San Francisco, United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `e6b33d3bdce8cdcf03ab5b855b7a3f8ea5549a9d80ff852013d412a0a1db4433` Request headers Accept application/json Referer http://boosting24.altervista.org/index.html X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sun, 10 Sep 2017 14:37:52 GMT Content-Encoding gzip CF-Cache-Status MISS Server cloudflare-nginx Vary Accept-Encoding Content-Type text/html Transfer-Encoding chunked Connection keep-alive CF-RAY 39c320b253676457-FRA
GET H/1.1	200 OK	fb-all-prod.pp2.min.js Show response c.paypal.com/webstatic/r/fb/	57 KB 18 KB	49ms 12ms	Script application/x-javascript	95.101.242.51 Akamai Technologies
General Check archive.org Show headers Download Go to Full URL https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js Requested by Host: boosting24.altervista.org URL: http://boosting24.altervista.org/index.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.101.242.51 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a95-101-242-51.deploy.akamaitechnologies.com Software Apache / Resource Hash `33c44e9dbb5ba62305f29ffe3d3561d781ee802005bc1f15c174e15145c798b2` Request headers Referer http://boosting24.altervista.org/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sun, 10 Sep 2017 14:37:52 GMT X-Pad avoid browser bug Last-Modified Tue, 29 Aug 2017 05:48:35 GMT Server Apache Vary Accept-Encoding Content-Type application/x-javascript Cache-Control max-age=86400 Connection keep-alive Accept-Ranges bytes Content-Encoding gzip Content-Length 17961 Expires Mon, 11 Sep 2017 14:37:52 GMT
POST H/1.1	404 Not Found	client-log Show response boosting24.altervista.org/signin/	2 KB 980 B	53ms 47ms	XHR text/html	104.18.38.234 CloudFlare
General Check archive.org Show headers Download Go to Full URL http://boosting24.altervista.org/signin/client-log Requested by Host: boosting24.altervista.org URL: http://boosting24.altervista.org/index.html Protocol HTTP/1.1 Server 104.18.38.234 San Francisco, United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `78ae5d8d00389cee10c09e3833e492f1e13512f084d7d955809c3703d7dbdc10` Request headers Accept application/json Referer http://boosting24.altervista.org/index.html Origin http://boosting24.altervista.org X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Content-type application/x-www-form-urlencoded Response headers Date Sun, 10 Sep 2017 14:37:52 GMT Content-Encoding gzip Server cloudflare-nginx Connection keep-alive CF-RAY 39c320b2609d6499-FRA Transfer-Encoding chunked Content-Type text/html
OPTIONS		resourceaccesstoken 192.55.233.1/	0 0

GET H/1.1	200 OK	counter2.cgi dub.stats.paypal.com/ Frame 8858 Redirect Chain https://b.stats.paypal.com/v1/counter.cgi?r=cD03NjEwMDEwODI0MTg0Y2NmOTIzNzAyZjliOTU0M2IyZCZpPTkzLjE0OS4xNTQuMTU0JnQ9MTUwNTA0NjY4My4yOTMmYT0yMSZzPVVOSUZJRURfTE9HSU4CuQMaD_h3xEh5Ig5hm4qX_kfdNw https://dub.stats.paypal.com/counter2.cgi	42 B 42 B	270ms 39ms	Image image/jpeg	176.120.18.70 BML-AS
General Check archive.org Show headers Download Go to Show image Full URL https://dub.stats.paypal.com/counter2.cgi Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 176.120.18.70 , United States, ASN198911 (BML-AS, US), Reverse DNS Software / Resource Hash `47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292` Request headers Referer http://boosting24.altervista.org/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sun, 10 Sep 2017 14:37:53 GMT Cache-Control private, must-revalidate, proxy-revalidate Server Connection close ETag "9b6510d07c75919d7ffc" Content-Length 42 Content-type image/jpeg Redirect headers Location https://dub.stats.paypal.com/counter2.cgi Date Sun, 10 Sep 2017 14:37:52 GMT Server Connection close Content-Length 289 Content-Type text/html; charset=utf-8
GET		i c.paypal.com/v1/r/d/ Frame 8858	0 0

GET H/1.1	200 OK	ts t.paypal.com/	42 B 42 B	196ms 184ms	Image image/gif	95.101.242.51 Akamai Technologies
General Check archive.org Show headers Download Go to Show image Full URL https://t.paypal.com/ts?v=1.1.8&t=1505054272487&g=0&e=im&pgrp=main%3Aunifiedlogin%3A%3A%3Alogin&page=main%3Aunifiedlogin%3A%3A%3Alogin%3A%3A%3A&tmpl=unifiedloginnodeweb%2Fpublic%2Ftemplates%2FcontextualLoginView%2Fsignin.dust&pgst=1505046683211&calc=33fefd172c966&rsta=it_IT&pgtf=Nodejs&s=ci&csci=04ed3830020541299f1eafcc77ab95a0&comp=unifiedloginnodeweb&tsrce=unifiedloginnodeweb&transition_name=process_ul_browser_render&xe=2322%2C2923&xt=5566%2C6992&fn_sync_enabled=Y&ctx_login_ot_content=1&obex=signin&landing_page=login&state_name=LOGIN_UL&ctx_login_ctxid_fetch=ctxid-not-exist&ctx_login_content_fetch=success&ctx_login_lang_footer=shown&ctx_login_signup_btn=shown%7Cdefault&ctx_login_intent=signin&ctx_login_flow=Signin&ctx_login_state_transition=login_loaded&pt=Accedi%20al%20tuo%20conto%20PayPal&cd=24&sw=1600&sh=1200&dw=1600&dh=1200&bw=1600&bh=1200&ce=1&teal=bRC72ShSs7zayaZO0Cm1sJ%252BRJS0oCwmIbwna%252F%252FTPJEGNjUEbISD7Y0dOdrWj7rZ7TurePdxyaCLQgWkEnZiwbdAdqG83w%252Bgb_15e6bc5de4b Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.101.242.51 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a95-101-242-51.deploy.akamaitechnologies.com Software Apache-Coyote/1.1 / Resource Hash `6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93` Request headers Referer http://boosting24.altervista.org/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Pragma no-cache Date Sun, 10 Sep 2017 14:37:52 GMT Server Apache-Coyote/1.1 P3P policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM" Cache-Control max-age=0, no-cache, no-store Rlogid %2BrYIDfq0lT3uy9LfxFkFI9QbTy9gwOyeBz5F22Rz0Rxog3FqlqgYIKfE5671twMlsMWWjah71WlnaJpFo4ez6h7sXhgW%2FiaA7A6mYIux5Rw_15e6c39ac4c Connection keep-alive Content-Type image/gif Content-Length 42 Expires Sun, 10 Sep 2017 14:37:52 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 192.55.233.1
URL: https://192.55.233.1/resourceaccesstoken

Domain: c.paypal.com
URL: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.boosting24.altervista.org/	2018-09-10 14:37:51	Name: __cfduid Value: ddc8a1119257c1c33fa8c4f50701641f61505054271

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

192.55.233.1
b.stats.paypal.com
boosting24.altervista.org
c.paypal.com
dub.stats.paypal.com
t.paypal.com
www.paypalobjects.com
192.55.233.1
c.paypal.com
104.18.38.234
176.120.18.70
92.123.92.235
95.101.242.51
33c44e9dbb5ba62305f29ffe3d3561d781ee802005bc1f15c174e15145c798b2
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
5c574a7e4f073382e0b5626d6cebac62ef47eea7946632ceba5ef20cb9b62f47
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
78ae5d8d00389cee10c09e3833e492f1e13512f084d7d955809c3703d7dbdc10
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
e6b33d3bdce8cdcf03ab5b855b7a3f8ea5549a9d80ff852013d412a0a1db4433
e7d0c7c0e79792320feb88b11590378f7bf618f6a76c86882e37acf29bde705a
f57532babdb4626effc5887a4f01a20df5819d6039bb4448a44b3096ab1770db

boosting24.altervista.org Open in urlscan Pro 104.18.38.234 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

12 Requests

50 %HTTPS

0 %IPv6

4 Domains

7 Subdomains

5 IPs

2 Countries

61 kBTransfer

215 kBSize

1 Cookies

0 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Indicators

boosting24.altervista.org Open in urlscan Pro
104.18.38.234 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

50 %
HTTPS

0 %
IPv6

4
Domains

7
Subdomains

5
IPs

2
Countries

61 kB
Transfer

215 kB
Size

1
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!