boosting24.altervista.org
Open in
urlscan Pro
104.18.38.234
Malicious Activity!
Public Scan
Submission: On September 10 via manual from US
Summary
This is the only time boosting24.altervista.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 104.18.38.234 104.18.38.234 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare) | |
3 | 92.123.92.235 92.123.92.235 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
3 | 95.101.242.51 95.101.242.51 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
1 2 | 176.120.18.70 176.120.18.70 | 198911 (BML-AS) (BML-AS) | |
12 | 5 |
ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)
boosting24.altervista.org |
ASN20940 (AKAMAI-ASN1, US)
PTR: a92-123-92-235.deploy.akamaitechnologies.com
www.paypalobjects.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-101-242-51.deploy.akamaitechnologies.com
t.paypal.com | |
c.paypal.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
paypal.com
1 redirects
t.paypal.com c.paypal.com b.stats.paypal.com dub.stats.paypal.com |
18 KB |
3 |
paypalobjects.com
www.paypalobjects.com |
24 KB |
3 |
altervista.org
boosting24.altervista.org |
19 KB |
0 |
Failed
function sub() { [native code] }. Failed |
|
12 | 4 |
Domain | Requested by | |
---|---|---|
3 | www.paypalobjects.com |
boosting24.altervista.org
|
3 | boosting24.altervista.org |
boosting24.altervista.org
|
2 | t.paypal.com |
boosting24.altervista.org
|
1 | dub.stats.paypal.com | |
1 | b.stats.paypal.com | 1 redirects |
1 | c.paypal.com |
boosting24.altervista.org
c.paypal.com |
0 | 192.55.233.1 Failed |
boosting24.altervista.org
|
12 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.paypalobjects.com Symantec Class 3 EV SSL CA - G3 |
2017-07-11 - 2019-09-02 |
2 years | crt.sh |
www.paypal.com Symantec Class 3 EV SSL CA - G3 |
2016-02-02 - 2017-10-30 |
2 years | crt.sh |
b.stats.paypal.com DigiCert SHA2 Extended Validation Server CA |
2016-03-19 - 2018-03-23 |
2 years | crt.sh |
This page contains 3 frames:
Primary Page:
http://boosting24.altervista.org/index.html
Frame ID: 8858.1
Requests: 10 HTTP requests in this frame
Frame:
https://dub.stats.paypal.com/counter2.cgi
Frame ID: 8858.4
Requests: 1 HTTP requests in this frame
Frame:
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
Frame ID: 8858.5
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
CloudFlare (CDN) Expand
Detected patterns
- headers server /cloudflare/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 8- https://b.stats.paypal.com/v1/counter.cgi?r=cD03NjEwMDEwODI0MTg0Y2NmOTIzNzAyZjliOTU0M2IyZCZpPTkzLjE0OS4xNTQuMTU0JnQ9MTUwNTA0NjY4My4yOTMmYT0yMSZzPVVOSUZJRURfTE9HSU4CuQMaD_h3xEh5Ig5hm4qX_kfdNw HTTP 302
- https://dub.stats.paypal.com/counter2.cgi
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
boosting24.altervista.org/ |
55 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
contextualLogin.css
www.paypalobjects.com/web/res/d4e/acbd9e1d7c65ad892ddc260f628e8/css/ |
59 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
pa.js
www.paypalobjects.com/pa/js/min/ |
34 KB 9 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
paypal-logo-129x32.svg
www.paypalobjects.com/images/shared/ |
5 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ts
t.paypal.com/ |
42 B 42 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
challenge.js
boosting24.altervista.org/auth/createchallenge/65382024a6a10dde/ |
2 KB 989 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fb-all-prod.pp2.min.js
c.paypal.com/webstatic/r/fb/ |
57 KB 18 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
client-log
boosting24.altervista.org/signin/ |
2 KB 980 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS |
resourceaccesstoken
192.55.233.1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
counter2.cgi
dub.stats.paypal.com/ Frame 8858 Redirect Chain
|
42 B 42 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
i
c.paypal.com/v1/r/d/ Frame 8858 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ts
t.paypal.com/ |
42 B 42 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- 192.55.233.1
- URL
- https://192.55.233.1/resourceaccesstoken
- Domain
- c.paypal.com
- URL
- https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.boosting24.altervista.org/ | Name: __cfduid Value: ddc8a1119257c1c33fa8c4f50701641f61505054271 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
192.55.233.1
b.stats.paypal.com
boosting24.altervista.org
c.paypal.com
dub.stats.paypal.com
t.paypal.com
www.paypalobjects.com
192.55.233.1
c.paypal.com
104.18.38.234
176.120.18.70
92.123.92.235
95.101.242.51
33c44e9dbb5ba62305f29ffe3d3561d781ee802005bc1f15c174e15145c798b2
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
5c574a7e4f073382e0b5626d6cebac62ef47eea7946632ceba5ef20cb9b62f47
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
78ae5d8d00389cee10c09e3833e492f1e13512f084d7d955809c3703d7dbdc10
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
e6b33d3bdce8cdcf03ab5b855b7a3f8ea5549a9d80ff852013d412a0a1db4433
e7d0c7c0e79792320feb88b11590378f7bf618f6a76c86882e37acf29bde705a
f57532babdb4626effc5887a4f01a20df5819d6039bb4448a44b3096ab1770db