Submitted URL: https://u.to/CDTtGA
Effective URL: https://paypalable.info/
Submission: On June 30 via manual from US

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 16 HTTP transactions.
The main IP is 67.222.6.139, located in Dallas, United States and belongs to PRIVATESYSTEMS, US. The main domain is paypalable.info.
TLS certificate: Issued by cPanel, Inc. Certification Authority on June 30th 2020. Valid for: 3 months.
This is the first time this domain was scanned on urlscan.io!

Verdict: Malicious (Score: 100/100) Show Details

  • urlscan - Score: 100
    phishing
    Phishing against PayPal (Financial)

Domain & IP information

IP Address AS Autonomous System
1 195.216.243.155 57724 (DDOS-GUARD)
1 142.93.149.16 14061 (DIGITALOC...)
1 4 2a02:6b8::1:119 13238 (YANDEX)
1 2 88.212.201.204 39134 (UNITEDNET)
4 14 67.222.6.139 63410 (PRIVATESY...)
16 5
Domain
Subdomains
Transfer
14 paypalable.info
264 KB
4 yandex.ru
94 KB
2 yadro.ru
918 B
1 flopesic.com
872 B
1 u.to
1004 B
16 5
Domain Requested by
14 paypalable.info 4 redirects paypalable.info
4 mc.yandex.ru 1 redirects u.to
2 counter.yadro.ru 1 redirects
1 flopesic.com u.to
1 u.to
16 5

This site contains links to these domains. Also see Links.

Domain
Subject / Issuer Validity Valid
u.to
Sectigo RSA Domain Validation Secure Server CA
2019-08-23 -
2021-08-22
2 years
mc.yandex.ru
Yandex CA
2019-09-23 -
2020-09-22
a year
counter.yadro.ru
GoGetSSL ECC DV CA
2020-02-02 -
2022-05-02
2 years
paypalable.info
cPanel, Inc. Certification Authority
2020-06-30 -
2020-09-28
3 months

Screenshot


Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i


Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

16 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Cookie set CDTtGA
u.to
976 B
1004 B
Document
General
Full URL
https://u.to/CDTtGA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.216.243.155 Moscow, Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
s5.unet.com
Software
nginx/1.8.0 /
Resource Hash
91de26b756e8c089d9ecbdf69c409b94a5e636ba517baa0c71c00b75dd144cf4

Request headers

Host
u.to
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx/1.8.0
Date
Tue, 30 Jun 2020 21:16:48 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Keep-Alive
timeout=15
Set-Cookie
lng=en; path=/; expires=Wed, 30-Jun-2021 21:16:48 GMT; domain=.u.to;
Cache-Control
no-cache no-store
Pragma
no-cache
Vary
host
Content-Encoding
gzip
/
flopesic.com/preacfna
630 B
872 B
Document
General
Full URL
http://flopesic.com/preacfna/
Requested by
Host: u.to
URL: https://u.to/CDTtGA
Protocol
HTTP/1.1
Server
142.93.149.16 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
lokaosnerw.org
Software
Apache /
Resource Hash
165a9393c68634ccdc321b9270d93637dc55882936ea74153336adeed4d479a6

Request headers

Host
flopesic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 30 Jun 2020 21:16:48 GMT
Server
Apache
Last-Modified
Tue, 30 Jun 2020 20:53:07 GMT
Accept-Ranges
bytes
Content-Length
630
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html
tag.js
mc.yandex.ru/metrika
359 KB
91 KB
Script
General
Full URL
https://mc.yandex.ru/metrika/tag.js
Requested by
Host: u.to
URL: https://u.to/CDTtGA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://u.to/CDTtGA
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 30 Jun 2020 21:16:48 GMT
Content-Encoding
br
Last-Modified
Fri, 26 Jun 2020 20:59:37 GMT
Server
nginx/1.14.2
ETag
"5ef661b9-16bfc"
Strict-Transport-Security
max-age=31536000
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Connection
keep-alive
Content-Length
93180
Expires
Tue, 30 Jun 2020 22:16:48 GMT
CDTtGA;1593551808213
counter.yadro.ru/hit;utostat?q;r;s1600*1200*24;uhttps%3A//u.to
Redirect Chain
  • https://counter.yadro.ru/hit;utostat?r;s1600*1200*24;uhttps%3A//u.to/CDTtGA;1593551808213
  • https://counter.yadro.ru/hit;utostat?q;r;s1600*1200*24;uhttps%3A//u.to/CDTtGA;1593551808213
43 B
421 B
Image
General
Full URL
https://counter.yadro.ru/hit;utostat?q;r;s1600*1200*24;uhttps%3A//u.to/CDTtGA;1593551808213
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
88.212.201.204 , Russian Federation, ASN39134 (UNITEDNET, RU),
Reverse DNS
host204.rax.ru
Software
nginx/1.17.9 /
Resource Hash

Request headers

Referer
https://u.to/CDTtGA
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 30 Jun 2020 21:16:48 GMT
Server
nginx/1.17.9
P3P
policyref="/w3c/p3p.xml", CP="UNI"
Cache-control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 01 Jul 2019 21:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 30 Jun 2020 21:16:48 GMT
Server
nginx/1.17.9
P3P
policyref="/w3c/p3p.xml", CP="UNI"
Location
https://counter.yadro.ru/hit;utostat?q;r;s1600*1200*24;uhttps%3A//u.to/CDTtGA;1593551808213
Cache-control
no-cache
Connection
keep-alive
Content-Type
text/html
Content-Length
32
Expires
Mon, 01 Jul 2019 21:00:00 GMT
1?wmode=7&page-url=https%3A%2F%2Fu.to%2FCDTtGA&charset=utf-8&browser-info=ti%3A10%3Ans%3A1593551807732%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A120%...
mc.yandex.ru/watch/51604940
Redirect Chain
  • https://mc.yandex.ru/watch/51604940?wmode=7&page-url=https%3A%2F%2Fu.to%2FCDTtGA&charset=utf-8&browser-info=ti%3A10%3Ans%3A1593551807732%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3...
  • https://mc.yandex.ru/watch/51604940/1?wmode=7&page-url=https%3A%2F%2Fu.to%2FCDTtGA&charset=utf-8&browser-info=ti%3A10%3Ans%3A1593551807732%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101...
171 B
711 B
XHR
General
Full URL
https://mc.yandex.ru/watch/51604940/1?wmode=7&page-url=https%3A%2F%2Fu.to%2FCDTtGA&charset=utf-8&browser-info=ti%3A10%3Ans%3A1593551807732%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A120%3Ai%3A20200630231648%3Aet%3A1593551809%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A1393171475772%3Arqn%3A1%3Arn%3A314462843%3Ahid%3A867329662%3Ads%3A0%2C416%2C56%2C2%2C0%2C0%2C0%2C%2C%2C482%2C%2C%2C%3Agdpr%3A14%3Av%3A1885%3Awv%3A2%3Arqnl%3A1%3Ast%3A1593551809%3Au%3A1593551808973899179%3At%3ARedirecting
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://u.to/CDTtGA
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 30 Jun 2020 21:16:48 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 30-Jun-2020 21:16:48 GMT
Server
nginx/1.14.2
Strict-Transport-Security
max-age=31536000
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://u.to
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
171
X-XSS-Protection
1; mode=block
Expires
Tue, 30-Jun-2020 21:16:48 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 30 Jun 2020 21:16:48 GMT
Last-Modified
Tue, 30-Jun-2020 21:16:48 GMT
Server
nginx/1.14.2
Access-Control-Allow-Origin
https://u.to
Strict-Transport-Security
max-age=31536000
Location
/watch/51604940/1?wmode=7&page-url=https%3A%2F%2Fu.to%2FCDTtGA&charset=utf-8&browser-info=ti%3A10%3Ans%3A1593551807732%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A120%3Ai%3A20200630231648%3Aet%3A1593551809%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A1393171475772%3Arqn%3A1%3Arn%3A314462843%3Ahid%3A867329662%3Ads%3A0%2C416%2C56%2C2%2C0%2C0%2C0%2C%2C%2C482%2C%2C%2C%3Agdpr%3A14%3Av%3A1885%3Awv%3A2%3Arqnl%3A1%3Ast%3A1593551809%3Au%3A1593551808973899179%3At%3ARedirecting
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
X-XSS-Protection
1; mode=block
Expires
Tue, 30-Jun-2020 21:16:48 GMT
advert.gif
mc.yandex.ru/metrika
43 B
425 B
Image
General
Full URL
https://mc.yandex.ru/metrika/advert.gif
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://u.to/CDTtGA
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 30 Jun 2020 21:16:48 GMT
Last-Modified
Fri, 17 Jan 2020 08:05:01 GMT
Server
nginx/1.14.2
ETag
"5e216aad-2b"
Strict-Transport-Security
max-age=31536000
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 30 Jun 2020 22:16:48 GMT
Cookie set /
117 B
745 B
Document
General
Full URL
https://paypalable.info/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
67.222.6.139 Dallas, United States, ASN63410 (PRIVATESYSTEMS, US),
Reverse DNS
host.knewhockie.org
Software
Apache /
Resource Hash
21cd7aea4b7f617db61b830c942669002c3c627fb18fbe299b5e9ed644521eab
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Host
paypalable.info
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
http://flopesic.com/preacfna/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://flopesic.com/preacfna/

Response headers

Date
Tue, 30 Jun 2020 21:16:49 GMT
Server
Apache
Set-Cookie
PHPSESSID=21246ff97bbdd08ce15486808f4c2143; path=/
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
X-Content-Type
nosniff
X_FORWARDED_FOR
104.16.77.187
REMOTE_ADDR
104.16.77.187
Connection
keep-alive, Keep-Alive
Host
www.fbi.gov
Origin
https://www.fbi.gov
Referer
https://www.fbi.gov
X-Forwarded-Host
www.fbi.gov
X-Forwarded-Proto
https
X-XSS-Protection
1; mode=block
Content-Length
117
Keep-Alive
timeout=5, max=100
Content-Type
text/html; charset=UTF-8
/
/users/userID-64146/en
Redirect Chain
  • https://paypalable.info/?ID=1&/signin/login.html?813db7e69b0dded12b31e5f1c51232a3&path=/signin/?
  • https://paypalable.info/users/userID-64146
  • https://paypalable.info/users/userID-64146/
  • https://paypalable.info/users/userID-64146/en
  • https://paypalable.info/users/userID-64146/en/
130 B
693 B
Document
General
Full URL
https://paypalable.info/users/userID-64146/en/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
67.222.6.139 Dallas, United States, ASN63410 (PRIVATESYSTEMS, US),
Reverse DNS
host.knewhockie.org
Software
Apache /
Resource Hash
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Host
paypalable.info
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-origin
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://paypalable.info/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
PHPSESSID=21246ff97bbdd08ce15486808f4c2143
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://paypalable.info/

Response headers

Date
Tue, 30 Jun 2020 21:16:51 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
X-Content-Type
nosniff
X_FORWARDED_FOR
104.16.77.187
REMOTE_ADDR
104.16.77.187
Connection
keep-alive, Keep-Alive
Host
www.fbi.gov
Origin
https://www.fbi.gov
Referer
https://www.fbi.gov
X-Forwarded-Host
www.fbi.gov
X-Forwarded-Proto
https
X-XSS-Protection
1; mode=block
Content-Length
130
Keep-Alive
timeout=5, max=95
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Tue, 30 Jun 2020 21:16:51 GMT
Server
Apache
Location
https://paypalable.info/users/userID-64146/en/
Content-Length
254
Keep-Alive
timeout=5, max=96
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
season.php?country.x=856efe016303a0808c35a2d20fe6c88a856efe016303a0808c35a2d20fe6c88a
/users/userID-64146/en
20 KB
21 KB
Document
General
Full URL
https://paypalable.info/users/userID-64146/en/season.php?country.x=856efe016303a0808c35a2d20fe6c88a856efe016303a0808c35a2d20fe6c88a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
67.222.6.139 Dallas, United States, ASN63410 (PRIVATESYSTEMS, US),
Reverse DNS
host.knewhockie.org
Software
Apache /
Resource Hash
9641d30b8c507f408f966d5096d32b6d528ba4f284dff300f764cb163c0a02c8
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Host
paypalable.info
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-origin
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://paypalable.info/users/userID-64146/en/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
PHPSESSID=21246ff97bbdd08ce15486808f4c2143
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://paypalable.info/users/userID-64146/en/

Response headers

Date
Tue, 30 Jun 2020 21:16:51 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
X-Content-Type
nosniff
X_FORWARDED_FOR
104.16.77.187
REMOTE_ADDR
104.16.77.187
Connection
keep-alive, Keep-Alive
Host
www.fbi.gov
Origin
https://www.fbi.gov
Referer
https://www.fbi.gov
X-Forwarded-Host
www.fbi.gov
X-Forwarded-Proto
https
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=5, max=94
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
khawarezmialgo.js
/users/userID-64146/en/js
10 KB
10 KB
Script
General
Full URL
https://paypalable.info/users/userID-64146/en/js/khawarezmialgo.js
Requested by
Host: paypalable.info
URL: https://paypalable.info/users/userID-64146/en/season.php?country.x=856efe016303a0808c35a2d20fe6c88a856efe016303a0808c35a2d20fe6c88a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
67.222.6.139 Dallas, United States, ASN63410 (PRIVATESYSTEMS, US),
Reverse DNS
host.knewhockie.org
Software
Apache /
Resource Hash
18f40ec7eebad0f047ee2cfb0c07766d1914a69b3293c69f1ace52528fe68674
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://paypalable.info/users/userID-64146/en/season.php?country.x=856efe016303a0808c35a2d20fe6c88a856efe016303a0808c35a2d20fe6c88a
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 30 Jun 2020 21:16:52 GMT
Origin
https://www.fbi.gov
Connection
keep-alive, Keep-Alive
X_FORWARDED_FOR
104.16.77.187
X-Forwarded-Proto
https
Content-Length
9756
X-XSS-Protection
1; mode=block
Server
Apache
X-Content-Type
nosniff
REMOTE_ADDR
104.16.77.187
Last-Modified
Tue, 30 Jun 2020 21:16:50 GMT
X-Forwarded-Host
www.fbi.gov
Host
www.fbi.gov
Content-Type
application/javascript
Referer
https://www.fbi.gov
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=93
contextualLogin.css
/users/userID-64146/en/System
74 KB
75 KB
Stylesheet
General
Full URL
https://paypalable.info/users/userID-64146/en/System/contextualLogin.css
Requested by
Host: paypalable.info
URL: https://paypalable.info/users/userID-64146/en/season.php?country.x=856efe016303a0808c35a2d20fe6c88a856efe016303a0808c35a2d20fe6c88a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
67.222.6.139 Dallas, United States, ASN63410 (PRIVATESYSTEMS, US),
Reverse DNS
host.knewhockie.org
Software
Apache /
Resource Hash
5f30b9d063e3b1e723874d10ece4e92485ffbb08e1822f7d43550116b0f485d5
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://paypalable.info/users/userID-64146/en/season.php?country.x=856efe016303a0808c35a2d20fe6c88a856efe016303a0808c35a2d20fe6c88a
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 30 Jun 2020 21:16:52 GMT
Origin
https://www.fbi.gov
Connection
keep-alive, Keep-Alive
X_FORWARDED_FOR
104.16.77.187
X-Forwarded-Proto
https
Content-Length
75973
X-XSS-Protection
1; mode=block
Server
Apache
X-Content-Type
nosniff
REMOTE_ADDR
104.16.77.187
Last-Modified
Tue, 30 Jun 2020 21:16:50 GMT
X-Forwarded-Host
www.fbi.gov
Host
www.fbi.gov
Content-Type
text/css
Referer
https://www.fbi.gov
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=92
jquery-3.2.1.min.js
/users/userID-64146/en/js
85 KB
86 KB
Script
General
Full URL
https://paypalable.info/users/userID-64146/en/js/jquery-3.2.1.min.js
Requested by
Host: paypalable.info
URL: https://paypalable.info/users/userID-64146/en/season.php?country.x=856efe016303a0808c35a2d20fe6c88a856efe016303a0808c35a2d20fe6c88a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
67.222.6.139 Dallas, United States, ASN63410 (PRIVATESYSTEMS, US),
Reverse DNS
host.knewhockie.org
Software
Apache /
Resource Hash
a9cb021d2bf22fd7b002d027be449f491ed1c34928a9d49abb9551cda88ee727
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://paypalable.info/users/userID-64146/en/season.php?country.x=856efe016303a0808c35a2d20fe6c88a856efe016303a0808c35a2d20fe6c88a
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 30 Jun 2020 21:16:52 GMT
Origin
https://www.fbi.gov
Connection
keep-alive, Keep-Alive
X_FORWARDED_FOR
104.16.77.187
X-Forwarded-Proto
https
Content-Length
87312
X-XSS-Protection
1; mode=block
Server
Apache
X-Content-Type
nosniff
REMOTE_ADDR
104.16.77.187
Last-Modified
Tue, 30 Jun 2020 21:16:50 GMT
X-Forwarded-Host
www.fbi.gov
Host
www.fbi.gov
Content-Type
application/javascript
Referer
https://www.fbi.gov
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
login.js
/users/userID-64146/en/js
4 KB
5 KB
Script
General
Full URL
https://paypalable.info/users/userID-64146/en/js/login.js
Requested by
Host: paypalable.info
URL: https://paypalable.info/users/userID-64146/en/season.php?country.x=856efe016303a0808c35a2d20fe6c88a856efe016303a0808c35a2d20fe6c88a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
67.222.6.139 Dallas, United States, ASN63410 (PRIVATESYSTEMS, US),
Reverse DNS
host.knewhockie.org
Software
Apache /
Resource Hash
40018c15ae45f4265cdc58cb3703ecdada5a69990976d2e499ba9f09c5bfab6a
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://paypalable.info/users/userID-64146/en/season.php?country.x=856efe016303a0808c35a2d20fe6c88a856efe016303a0808c35a2d20fe6c88a
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 30 Jun 2020 21:16:52 GMT
Origin
https://www.fbi.gov
Connection
keep-alive, Keep-Alive
X_FORWARDED_FOR
104.16.77.187
X-Forwarded-Proto
https
Content-Length
4372
X-XSS-Protection
1; mode=block
Server
Apache
X-Content-Type
nosniff
REMOTE_ADDR
104.16.77.187
Last-Modified
Tue, 30 Jun 2020 21:16:50 GMT
X-Forwarded-Host
www.fbi.gov
Host
www.fbi.gov
Content-Type
application/javascript
Referer
https://www.fbi.gov
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
plugins.js
/users/userID-64146/en/js
55 KB
55 KB
Script
General
Full URL
https://paypalable.info/users/userID-64146/en/js/plugins.js
Requested by
Host: paypalable.info
URL: https://paypalable.info/users/userID-64146/en/season.php?country.x=856efe016303a0808c35a2d20fe6c88a856efe016303a0808c35a2d20fe6c88a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
67.222.6.139 Dallas, United States, ASN63410 (PRIVATESYSTEMS, US),
Reverse DNS
host.knewhockie.org
Software
Apache /
Resource Hash
656b81fc8ce755e7cdacde6bcb9e9c2af44902025e0c10cd1ac897ca3945dacb
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://paypalable.info/users/userID-64146/en/season.php?country.x=856efe016303a0808c35a2d20fe6c88a856efe016303a0808c35a2d20fe6c88a
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 30 Jun 2020 21:16:52 GMT
Origin
https://www.fbi.gov
Connection
keep-alive, Keep-Alive
X_FORWARDED_FOR
104.16.77.187
X-Forwarded-Proto
https
Content-Length
55810
X-XSS-Protection
1; mode=block
Server
Apache
X-Content-Type
nosniff
REMOTE_ADDR
104.16.77.187
Last-Modified
Tue, 30 Jun 2020 21:16:50 GMT
X-Forwarded-Host
www.fbi.gov
Host
www.fbi.gov
Content-Type
application/javascript
Referer
https://www.fbi.gov
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
cfpp.svg
/users/userID-64146/en/css/shared
5 KB
5 KB
Image
General
Full URL
https://paypalable.info/users/userID-64146/en/css/shared/cfpp.svg
Requested by
Host: paypalable.info
URL: https://paypalable.info/users/userID-64146/en/season.php?country.x=856efe016303a0808c35a2d20fe6c88a856efe016303a0808c35a2d20fe6c88a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
67.222.6.139 Dallas, United States, ASN63410 (PRIVATESYSTEMS, US),
Reverse DNS
host.knewhockie.org
Software
Apache /
Resource Hash
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://paypalable.info/users/userID-64146/en/System/contextualLogin.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 30 Jun 2020 21:16:55 GMT
Origin
https://www.fbi.gov
Connection
keep-alive, Keep-Alive
X_FORWARDED_FOR
104.16.77.187
X-Forwarded-Proto
https
Content-Length
4945
X-XSS-Protection
1; mode=block
Server
Apache
X-Content-Type
nosniff
REMOTE_ADDR
104.16.77.187
Last-Modified
Tue, 30 Jun 2020 21:16:50 GMT
X-Forwarded-Host
www.fbi.gov
Host
www.fbi.gov
Content-Type
image/svg+xml
Referer
https://www.fbi.gov
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=91
icon_alter.png
/users/userID-64146/en/css/shared
5 KB
5 KB
Image
General
Full URL
https://paypalable.info/users/userID-64146/en/css/shared/icon_alter.png
Requested by
Host: paypalable.info
URL: https://paypalable.info/users/userID-64146/en/season.php?country.x=856efe016303a0808c35a2d20fe6c88a856efe016303a0808c35a2d20fe6c88a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
67.222.6.139 Dallas, United States, ASN63410 (PRIVATESYSTEMS, US),
Reverse DNS
host.knewhockie.org
Software
Apache /
Resource Hash
54436312813c5ba0070898ec0ac998a94e0486d12417a8fa4602cc501a94029e
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://paypalable.info/users/userID-64146/en/System/contextualLogin.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 30 Jun 2020 21:16:55 GMT
Origin
https://www.fbi.gov
Connection
keep-alive, Keep-Alive
X_FORWARDED_FOR
104.16.77.187
X-Forwarded-Proto
https
Content-Length
4675
X-XSS-Protection
1; mode=block
Server
Apache
X-Content-Type
nosniff
REMOTE_ADDR
104.16.77.187
Last-Modified
Tue, 30 Jun 2020 21:16:50 GMT
X-Forwarded-Host
www.fbi.gov
Host
www.fbi.gov
Content-Type
image/png
Referer
https://www.fbi.gov
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

Request 3
  • https://counter.yadro.ru/hit;utostat?r;s1600*1200*24;uhttps%3A//u.to/CDTtGA;1593551808213
  • https://counter.yadro.ru/hit;utostat?q;r;s1600*1200*24;uhttps%3A//u.to/CDTtGA;1593551808213
Request 4
  • https://mc.yandex.ru/watch/51604940?wmode=7&page-url=https%3A%2F%2Fu.to%2FCDTtGA&charset=utf-8&browser-info=ti%3A10%3Ans%3A1593551807732%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3...
  • https://mc.yandex.ru/watch/51604940/1?wmode=7&page-url=https%3A%2F%2Fu.to%2FCDTtGA&charset=utf-8&browser-info=ti%3A10%3Ans%3A1593551807732%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101...
Request 7
  • https://paypalable.info/?ID=1&/signin/login.html?813db7e69b0dded12b31e5f1c51232a3&path=/signin/?
  • https://paypalable.info/users/userID-64146
  • https://paypalable.info/users/userID-64146/
  • https://paypalable.info/users/userID-64146/en
  • https://paypalable.info/users/userID-64146/en/

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan - Score: 100

Categories:
phishing

Tags:
phishing

Phishing against: PayPal (Financial)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| Aes object| Base64 object| Utf8 string| khawarezmifou string| khawarezmic string| output string| ctrTxt object| _0xfc4d function| $ function| jQuery function| validateEmail function| makeid

0 Cookies