arereducation.org Open in urlscan Pro
41.213.137.61 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://arereducation.org/lib/h08530fab-x/back/wp/indx/lhwa.php
Effective URL:
http://arereducation.org/lib/h08530fab-x/back/wp/indx/index2.html
Submission: On October 11 via automatic, source openphish (October 11th 2018, 9:15:15 am UTC)

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 12 HTTP transactions. The main IP is 41.213.137.61, located in Reunion and belongs to Reunicable, RE. The main domain is arereducation.org.

This is the only time arereducation.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 12	41.213.137.61 41.213.137.61	37002 (Reunicable) (Reunicable)
1	23.210.248.226 23.210.248.226	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
12	2

12 41.213.137.61 (Reunion) 1 redirects

ASN37002 (Reunicable, RE)
PTR: cpanel-01.run.hostin.network

arereducation.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.210.248.226 (Cambridge, United States)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-210-248-226.deploy.static.akamaitechnologies.com

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	arereducation.org 1 redirects arereducation.org	422 KB
1	paypalobjects.com www.paypalobjects.com	1 KB
12	2

	Domain	Requested by
12	arereducation.org	1 redirects arereducation.org
1	www.paypalobjects.com	arereducation.org
12	2

This site contains no links.

Subject Issuer	Validity	Valid
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2018-08-14` - `2020-08-18`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://arereducation.org/lib/h08530fab-x/back/wp/indx/index2.html
Frame ID: D37C916C61FBA092EA58C413DD152B44
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://arereducation.org/lib/h08530fab-x/back/wp/indx/lhwa.php HTTP 302
http://arereducation.org/lib/h08530fab-x/back/wp/indx/index2.html Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

12
Requests

8 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

423 kB
Transfer

422 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://arereducation.org/lib/h08530fab-x/back/wp/indx/lhwa.php HTTP 302
http://arereducation.org/lib/h08530fab-x/back/wp/indx/index2.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request index2.html Show response
arereducation.org/lib/h08530fab-x/back/wp/indx/
Redirect Chain

http://arereducation.org/lib/h08530fab-x/back/wp/indx/lhwa.php
http://arereducation.org/lib/h08530fab-x/back/wp/indx/index2.html

23 KB
23 KB

251ms
250ms

Document
text/html

41.213.137.61
Reunicable

General

Check archive.org

Show headers Download Go to

Full URL: http://arereducation.org/lib/h08530fab-x/back/wp/indx/index2.html
Protocol: HTTP/1.1
Server: 41.213.137.61 , Reunion, ASN37002 (Reunicable, RE),
Reverse DNS: cpanel-01.run.hostin.network
Software: Apache /
Resource Hash: be48882c072a58112367cca473fe0a5d5c7ee953ae6993cafdb29b80029bf0b0

Request headers

Host: arereducation.org
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 11 Oct 2018 09:14:51 GMT
Server: Apache
Last-Modified: Tue, 29 May 2018 00:19:06 GMT
Accept-Ranges: bytes
Content-Length: 23610
Keep-Alive: timeout=5, max=249
Connection: Keep-Alive
Content-Type: text/html

Redirect headers

Date: Thu, 11 Oct 2018 09:14:47 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: index2.html
Keep-Alive: timeout=5, max=250
Transfer-Encoding: chunked
Content-Type: text/html

GET
H/1.1 200
OK jquery_002.js Show response
arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/ 95 KB
95 KB 260ms
259ms Script
application/javascript 41.213.137.61
Reunicable

General

Check archive.org

Show headers Download Go to

Full URL: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/jquery_002.js
Requested by: Host: arereducation.org
URL: http://arereducation.org/lib/h08530fab-x/back/wp/indx/index2.html
Protocol: HTTP/1.1
Server: 41.213.137.61 , Reunion, ASN37002 (Reunicable, RE),
Reverse DNS: cpanel-01.run.hostin.network
Software: Apache /
Resource Hash: 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: arereducation.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://arereducation.org/lib/h08530fab-x/back/wp/indx/index2.html
Connection: keep-alive
Cache-Control: no-cache
Referer: http://arereducation.org/lib/h08530fab-x/back/wp/indx/index2.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 11 Oct 2018 09:14:51 GMT
Last-Modified: Sat, 26 May 2018 23:42:06 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Content-Type: application/javascript
Keep-Alive: timeout=5, max=250
Content-Length: 97163

GET
H/1.1 200
OK jquery.js Show response
arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/ 10 KB
10 KB 533ms
262ms Script
application/javascript 41.213.137.61
Reunicable

General

Check archive.org

Show headers Download Go to

Full URL: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/jquery.js
Requested by: Host: arereducation.org
URL: http://arereducation.org/lib/h08530fab-x/back/wp/indx/index2.html
Protocol: HTTP/1.1
Server: 41.213.137.61 , Reunion, ASN37002 (Reunicable, RE),
Reverse DNS: cpanel-01.run.hostin.network
Software: Apache /
Resource Hash: c75ef4ed711014b31fe4cc01e7b96ee7723d2fe8b77c7158f45a885f1a15d4ad

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: arereducation.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://arereducation.org/lib/h08530fab-x/back/wp/indx/index2.html
Connection: keep-alive
Cache-Control: no-cache
Referer: http://arereducation.org/lib/h08530fab-x/back/wp/indx/index2.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 11 Oct 2018 09:14:52 GMT
Last-Modified: Sat, 26 May 2018 23:42:06 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Content-Type: application/javascript
Keep-Alive: timeout=5, max=250
Content-Length: 10426

GET
H/1.1 200
OK appSuperBowl.css
arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/ 146 KB
146 KB 521ms
252ms Stylesheet
text/css 41.213.137.61
Reunicable

General

Check archive.org

Show headers Download Go to

Full URL: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/appSuperBowl.css
Requested by: Host: arereducation.org
URL: http://arereducation.org/lib/h08530fab-x/back/wp/indx/index2.html
Protocol: HTTP/1.1
Server: 41.213.137.61 , Reunion, ASN37002 (Reunicable, RE),
Reverse DNS: cpanel-01.run.hostin.network
Software: Apache /
Resource Hash: 6247b6a4adbefb7ccfbea592140bcda2651689db5427726d841a637814460865

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: arereducation.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://arereducation.org/lib/h08530fab-x/back/wp/indx/index2.html
Connection: keep-alive
Cache-Control: no-cache
Referer: http://arereducation.org/lib/h08530fab-x/back/wp/indx/index2.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 11 Oct 2018 09:14:52 GMT
Last-Modified: Sat, 26 May 2018 23:42:06 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Content-Type: text/css
Keep-Alive: timeout=5, max=250
Content-Length: 149127

GET
S 200 logo_emailheader_113wx46h.gif
www.paypalobjects.com/en_US/i/logo/ 1 KB
1 KB 85ms
25ms Image
image/gif 23.210.248.226
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/en_US/i/logo/logo_emailheader_113wx46h.gif

Requested by

Host: arereducation.org
URL: http://arereducation.org/lib/h08530fab-x/back/wp/indx/index2.html

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.210.248.226 Cambridge, United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a23-210-248-226.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

2b41474a5694c455d4be840c45effb03790a57c950cef749e11b79fcca07736b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: http://arereducation.org/lib/h08530fab-x/back/wp/indx/index2.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 11 Oct 2018 09:14:52 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 May 2018 20:41:53 GMT
server: Apache
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
cache-control: max-age=7776000
accept-ranges: bytes
content-length: 1103
expires: Wed, 09 Jan 2019 09:14:52 GMT

GET
H/1.1 404
Not Found bck.jpeg
arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/ 371 B
371 B 256ms
255ms Image
text/html 41.213.137.61
Reunicable

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/bck.jpeg
Requested by: Host: arereducation.org
URL: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/jquery_002.js
Protocol: HTTP/1.1
Server: 41.213.137.61 , Reunion, ASN37002 (Reunicable, RE),
Reverse DNS: cpanel-01.run.hostin.network
Software: Apache /
Resource Hash: 61b3860fb722d8a850e2258a97a593cb4669eb4ade786a298c10b01e5dc9022e

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: arereducation.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/appSuperBowl.css
Connection: keep-alive
Cache-Control: no-cache
Referer: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/appSuperBowl.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 11 Oct 2018 09:15:00 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=249
Content-Length: 371
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found scf.png
arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/ 370 B
370 B 262ms
262ms Image
text/html 41.213.137.61
Reunicable

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/scf.png
Requested by: Host: arereducation.org
URL: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/jquery_002.js
Protocol: HTTP/1.1
Server: 41.213.137.61 , Reunion, ASN37002 (Reunicable, RE),
Reverse DNS: cpanel-01.run.hostin.network
Software: Apache /
Resource Hash: 883530388516011672d9c1583c51ef65f0944474605cc44d1935c668f1e36e57

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: arereducation.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/appSuperBowl.css
Connection: keep-alive
Cache-Control: no-cache
Referer: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/appSuperBowl.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 11 Oct 2018 09:15:00 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=249
Content-Length: 370
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found psr.woff
arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/ 0
0 494ms
246ms Font
text/html 41.213.137.61
Reunicable

General

Check archive.org

Show headers Download Go to

Full URL: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/psr.woff
Requested by: Host: arereducation.org
URL: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/jquery_002.js
Protocol: HTTP/1.1
Server: 41.213.137.61 , Reunion, ASN37002 (Reunicable, RE),
Reverse DNS: cpanel-01.run.hostin.network
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Origin: http://arereducation.org
Accept-Encoding: gzip, deflate
Host: arereducation.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/appSuperBowl.css
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/appSuperBowl.css
Origin: http://arereducation.org

Response headers

Date: Thu, 11 Oct 2018 09:15:00 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=248
Content-Length: 371
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found lgerr.png
arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/ 372 B
372 B 513ms
258ms Image
text/html 41.213.137.61
Reunicable

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/lgerr.png
Requested by: Host: arereducation.org
URL: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/jquery_002.js
Protocol: HTTP/1.1
Server: 41.213.137.61 , Reunion, ASN37002 (Reunicable, RE),
Reverse DNS: cpanel-01.run.hostin.network
Software: Apache /
Resource Hash: 8f204fb2876b32872f00a2888605732f4a949a1a1acbe3d935a6ee950c5891f7

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: arereducation.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/appSuperBowl.css
Connection: keep-alive
Cache-Control: no-cache
Referer: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/appSuperBowl.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 11 Oct 2018 09:15:00 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=248
Content-Length: 372
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found tpcc.png
arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/ 371 B
371 B 502ms
248ms Image
text/html 41.213.137.61
Reunicable

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/tpcc.png
Requested by: Host: arereducation.org
URL: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/jquery_002.js
Protocol: HTTP/1.1
Server: 41.213.137.61 , Reunion, ASN37002 (Reunicable, RE),
Reverse DNS: cpanel-01.run.hostin.network
Software: Apache /
Resource Hash: e4c7840e0eb9514d54a56e0f78e376589c2f90204bd6c0f6bb8eee4f4d95fbd8

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: arereducation.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/appSuperBowl.css
Connection: keep-alive
Cache-Control: no-cache
Referer: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/appSuperBowl.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 11 Oct 2018 09:15:00 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=250
Content-Length: 371
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found psl.woff
arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/ 0
0 499ms
247ms Font
text/html 41.213.137.61
Reunicable

General

Check archive.org

Show headers Download Go to

Full URL: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/psl.woff
Requested by: Host: arereducation.org
URL: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/jquery_002.js
Protocol: HTTP/1.1
Server: 41.213.137.61 , Reunion, ASN37002 (Reunicable, RE),
Reverse DNS: cpanel-01.run.hostin.network
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Origin: http://arereducation.org
Accept-Encoding: gzip, deflate
Host: arereducation.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/appSuperBowl.css
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/appSuperBowl.css
Origin: http://arereducation.org

Response headers

Date: Thu, 11 Oct 2018 09:15:00 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=250
Content-Length: 371
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK appSuperBowl.css
arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/ 146 KB
146 KB 247ms
246ms Font
text/css 41.213.137.61
Reunicable

General

Check archive.org

Show headers Download Go to

Full URL: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/appSuperBowl.css
Requested by: Host: arereducation.org
URL: http://arereducation.org/lib/h08530fab-x/back/wp/indx/index2.html
Protocol: HTTP/1.1
Server: 41.213.137.61 , Reunion, ASN37002 (Reunicable, RE),
Reverse DNS: cpanel-01.run.hostin.network
Software: Apache /
Resource Hash: 6247b6a4adbefb7ccfbea592140bcda2651689db5427726d841a637814460865

Request headers

Pragma: no-cache
Origin: http://arereducation.org
Accept-Encoding: gzip, deflate
Host: arereducation.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/appSuperBowl.css
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://arereducation.org/lib/h08530fab-x/back/wp/indx/ONEPAGE_fichiers/appSuperBowl.css
Origin: http://arereducation.org

Response headers

Date: Thu, 11 Oct 2018 09:15:00 GMT
Last-Modified: Sat, 26 May 2018 23:42:06 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=247
Content-Length: 149127

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

arereducation.org
www.paypalobjects.com
23.210.248.226
41.213.137.61
2b41474a5694c455d4be840c45effb03790a57c950cef749e11b79fcca07736b
61b3860fb722d8a850e2258a97a593cb4669eb4ade786a298c10b01e5dc9022e
6247b6a4adbefb7ccfbea592140bcda2651689db5427726d841a637814460865
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
883530388516011672d9c1583c51ef65f0944474605cc44d1935c668f1e36e57
8f204fb2876b32872f00a2888605732f4a949a1a1acbe3d935a6ee950c5891f7
be48882c072a58112367cca473fe0a5d5c7ee953ae6993cafdb29b80029bf0b0
c75ef4ed711014b31fe4cc01e7b96ee7723d2fe8b77c7158f45a885f1a15d4ad
e4c7840e0eb9514d54a56e0f78e376589c2f90204bd6c0f6bb8eee4f4d95fbd8

arereducation.org Open in urlscan Pro 41.213.137.61 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

8 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

423 kBTransfer

422 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

Indicators

arereducation.org Open in urlscan Pro
41.213.137.61 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

8 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

423 kB
Transfer

422 kB
Size

0
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!