urlscan.io logo urlscan.io
SecurityTrails logo

www.greenleafmedmarijuana.com Open in urlscan Pro
160.153.77.193  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
Submission: On March 18 via automatic, source phishtank
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 18 HTTP transactions. The main IP is 160.153.77.193, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US. The main domain is www.greenleafmedmarijuana.com.
This is the only time www.greenleafmedmarijuana.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

IP Address AS Autonomous System
5 160.153.77.193 26496 (AS-26496-...)
2 13 2.18.233.20 16625 (AKAMAI-AS)
1 34.198.7.181 14618 (AMAZON-AES)
1 2.21.161.21 16625 (AKAMAI-AS)
18 5
Domain Requested by
13 www.paypalobjects.com 2 redirects www.greenleafmedmarijuana.com
www.paypalobjects.com
5 www.greenleafmedmarijuana.com www.greenleafmedmarijuana.com
1 t.paypal.com
1 nexus.ensighten.com www.paypalobjects.com
18 4

This site contains links to these domains. Also see Links.

Domain
www.paypal.com
smallbusiness.magento.com
Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
Frame ID: E54704C78C7208C21FF10582C2AA9CEB
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • env /^PAYPAL$/i
Overall confidence: 100%
Detected patterns
  • env /^Modernizr$/i
Overall confidence: 100%
Detected patterns
  • env /^s_(?:account|objectID|code|INST)$/i
Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Page Statistics

18
Requests

0 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

626 kB
Transfer

1331 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • http://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js HTTP 301
  • https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js
Request Chain 7
  • http://www.paypalobjects.com/pa/js/min/pa.js HTTP 301
  • https://www.paypalobjects.com/pa/js/min/pa.js

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request webapps
www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/ 		33 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
Protocol
HTTP/1.1
Server
160.153.77.193 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS
ip-160-153-77-193.ip.secureserver.net
Software
Apache / PHP/7.1.14
Resource Hash
fa057526d24216161d3170a9971dd16126cc2cf8183ab72243817f0ff563e452

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.greenleafmedmarijuana.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control
no-cache
Connection
keep-alive
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Sun, 18 Mar 2018 16:59:21 GMT
Content-Encoding
gzip
Server
Apache
X-Powered-By
PHP/7.1.14
Vary
Accept-Encoding,User-Agent
Content-Type
text/html; charset=UTF-8
Connection
Keep-Alive
Keep-Alive
timeout=5
Content-Length
8797
baa6f0c24cb9d133d3191b0d05d815d3d58c2d.css
www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapp/ 		220 KB
37 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapp/baa6f0c24cb9d133d3191b0d05d815d3d58c2d.css
Requested by
Host: www.greenleafmedmarijuana.com
URL: http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
Protocol
HTTP/1.1
Server
160.153.77.193 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS
ip-160-153-77-193.ip.secureserver.net
Software
Apache /
Resource Hash
b3b5cbf48a6d4ed02493abae6c52b5ce1e91a9042a1232fd73a59c39c1a1b39c

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.greenleafmedmarijuana.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Sun, 18 Mar 2018 16:59:21 GMT
Content-Encoding
gzip
Last-Modified
Sat, 17 Mar 2018 19:39:19 GMT
Server
Apache
ETag
"30402e2-36f4e-567a0e181eccd-gzip"
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
37573
fa89f17d37eb3f97e39b926835ba73c0a3fd63.css
www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapp/ 		2 KB
927 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapp/fa89f17d37eb3f97e39b926835ba73c0a3fd63.css
Requested by
Host: www.greenleafmedmarijuana.com
URL: http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
Protocol
HTTP/1.1
Server
160.153.77.193 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS
ip-160-153-77-193.ip.secureserver.net
Software
Apache /
Resource Hash
72caaa80aaa9a5c50bca15b8d1372c0b7107aa6e68d5caf6314422d206f121a5

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.greenleafmedmarijuana.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Sun, 18 Mar 2018 16:59:21 GMT
Content-Encoding
gzip
Last-Modified
Sat, 17 Mar 2018 19:39:19 GMT
Server
Apache
ETag
"30402e4-63d-567a0e181eccd-gzip"
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
597
e9b9292024afccf7df630712931439f495e5ad.css
www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapp/ 		21 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapp/e9b9292024afccf7df630712931439f495e5ad.css
Requested by
Host: www.greenleafmedmarijuana.com
URL: http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
Protocol
HTTP/1.1
Server
160.153.77.193 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS
ip-160-153-77-193.ip.secureserver.net
Software
Apache /
Resource Hash
e498f6af22e5b4c860907645363b201aaefe56d2b75e8b8e74a08508938c44da

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.greenleafmedmarijuana.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Sun, 18 Mar 2018 16:59:21 GMT
Content-Encoding
gzip
Last-Modified
Sat, 17 Mar 2018 19:39:19 GMT
Server
Apache
ETag
"30402e3-55bd-567a0e181eccd-gzip"
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
2353
ea4036584eb447c76fa631c627fa535fc50633.js
www.paypalobjects.com/eboxapps/js/32/ 		509 KB
141 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/eboxapps/js/32/ea4036584eb447c76fa631c627fa535fc50633.js
Requested by
Host: www.greenleafmedmarijuana.com
URL: http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
Protocol
SPDY
Server
2.18.233.20 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
3e23800165afa11b8901cc0f65159bb2baacbb34f0af721683dffcfab4b41839
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Sun, 18 Mar 2018 16:59:21 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
last-modified
Thu, 20 Oct 2016 23:07:19 GMT
server
Apache
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=7776000
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-encoding
gzip
content-length
143461
expires
Sat, 16 Jun 2018 16:59:21 GMT
87bb0f810aee0913f809ed370697c372fed7b3.js
www.paypalobjects.com/eboxapps/js/ad/ 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/eboxapps/js/ad/87bb0f810aee0913f809ed370697c372fed7b3.js
Requested by
Host: www.greenleafmedmarijuana.com
URL: http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
Protocol
SPDY
Server
2.18.233.20 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
6469c40d4e6780f700149fb74610f44cde368f3a5badb3af6140d87d685c367f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Sun, 18 Mar 2018 16:59:21 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
last-modified
Wed, 28 Sep 2016 22:29:45 GMT
server
Apache
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=7776000
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-encoding
gzip
content-length
3994
expires
Sat, 16 Jun 2018 16:59:21 GMT
bs.js
www.paypalobjects.com/tagmgmt/ 		63 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/tagmgmt/bs.js
Requested by
Host: www.greenleafmedmarijuana.com
URL: http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
Protocol
SPDY
Server
2.18.233.20 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
ca9211d44577bcf49901ddafb9bf118342f644b45cfeca651a344caa28c4dc39
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Sun, 18 Mar 2018 16:59:21 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
last-modified
Wed, 01 Nov 2017 18:34:52 GMT
server
Apache
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=7776000
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-encoding
gzip
content-length
19418
expires
Sat, 16 Jun 2018 16:59:21 GMT
pp_jscode_080706.js
www.paypalobjects.com/js/site_catalyst/
Redirect Chain
  • http://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js
  • https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js
60 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js
Requested by
Host: www.greenleafmedmarijuana.com
URL: http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
Protocol
SPDY
Server
2.18.233.20 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
18c9428f5ed837e027c6fcf29afe9d1f63a1e1e5b53ee1dc6373cf1cd1ea22aa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Sun, 18 Mar 2018 16:59:21 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
last-modified
Thu, 22 Feb 2018 00:46:30 GMT
server
Apache
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=7776000
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-encoding
gzip
content-length
22880
expires
Sat, 16 Jun 2018 16:59:21 GMT

Redirect headers

Date
Sun, 18 Mar 2018 16:59:21 GMT
X-Content-Type-Options
nosniff
Server
AkamaiGHost
Vary
Accept-Encoding
Location
https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js
Cache-Control
max-age=7776000
Connection
keep-alive
Content-Length
0
Expires
Sat, 16 Jun 2018 16:59:21 GMT
pa.js
www.paypalobjects.com/pa/js/min/
Redirect Chain
  • http://www.paypalobjects.com/pa/js/min/pa.js
  • https://www.paypalobjects.com/pa/js/min/pa.js
33 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/pa/js/min/pa.js
Requested by
Host: www.greenleafmedmarijuana.com
URL: http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
Protocol
SPDY
Server
2.18.233.20 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
d192e8079e6281352f90d96c06353e87003420e9e0649c40e21166639b680441
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Sun, 18 Mar 2018 16:59:21 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
last-modified
Wed, 21 Feb 2018 21:49:00 GMT
server
Apache
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-encoding
gzip
content-length
9912
expires
Sun, 18 Mar 2018 17:59:21 GMT

Redirect headers

Date
Sun, 18 Mar 2018 16:59:21 GMT
X-Content-Type-Options
nosniff
Server
AkamaiGHost
Vary
Accept-Encoding
Location
https://www.paypalobjects.com/pa/js/min/pa.js
Cache-Control
max-age=3600
Connection
keep-alive
Content-Length
0
Expires
Sun, 18 Mar 2018 17:59:21 GMT
webapps
www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/ 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
Requested by
Host: www.greenleafmedmarijuana.com
URL: http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
Protocol
HTTP/1.1
Server
160.153.77.193 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS
ip-160-153-77-193.ip.secureserver.net
Software
Apache / PHP/7.1.14
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.greenleafmedmarijuana.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Sun, 18 Mar 2018 16:59:21 GMT
Content-Encoding
gzip
Server
Apache
X-Powered-By
PHP/7.1.14
Vary
Accept-Encoding,User-Agent
Content-Type
text/html; charset=UTF-8
Connection
Keep-Alive
Keep-Alive
timeout=5
Content-Length
8797
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
994cecff0e6c4728f23d55b697d65e23dfea6d902ba8386400fa241989215b08

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
hero-holiday-season.jpg
www.paypalobjects.com/digitalassets/c/website/marketing/na/us/home-merchant/ 		148 KB
149 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/digitalassets/c/website/marketing/na/us/home-merchant/hero-holiday-season.jpg
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/eboxapps/js/32/ea4036584eb447c76fa631c627fa535fc50633.js
Protocol
SPDY
Server
2.18.233.20 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
77bb9a34a584123d9d56963f791aa571f68667abf3bc1f776454e87b1f860b76
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapp/e9b9292024afccf7df630712931439f495e5ad.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 18 Mar 2018 16:59:21 GMT
x-content-type-options
nosniff
last-modified
Thu, 29 Sep 2016 13:21:15 GMT
server
Apache
strict-transport-security
max-age=31536000
p3p
CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-type
image/jpeg
content-length
151764
expires
Sun, 18 Mar 2018 16:59:21 GMT
ppcom-white.svg
www.paypalobjects.com/webstatic/i/logo/rebrand/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/webstatic/i/logo/rebrand/ppcom-white.svg
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/eboxapps/js/32/ea4036584eb447c76fa631c627fa535fc50633.js
Protocol
SPDY
Server
2.18.233.20 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
e35c57fad02017983d4261c8d65697ec8b312a2a19127cb93f92d1eca6408015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapp/baa6f0c24cb9d133d3191b0d05d815d3d58c2d.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Sun, 18 Mar 2018 16:59:21 GMT
x-content-type-options
nosniff
last-modified
Sat, 21 Mar 2015 01:00:01 GMT
server
Apache
status
200
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
5189
expires
Tue, 17 Apr 2018 16:59:21 GMT
PayPalSansBig-Medium.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ 		50 KB
50 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/PayPalSansBig-Medium.woff
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/eboxapps/js/32/ea4036584eb447c76fa631c627fa535fc50633.js
Protocol
SPDY
Server
2.18.233.20 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
ba20c92df54a4333cc16983eb8c0043e0ea8781319e03edcf6d5093cd109cf43
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapp/baa6f0c24cb9d133d3191b0d05d815d3d58c2d.css
Origin
http://www.greenleafmedmarijuana.com

Response headers

date
Sun, 18 Mar 2018 16:59:21 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
last-modified
Wed, 30 Sep 2015 05:09:04 GMT
server
Apache
status
200
vary
Accept-Encoding
content-type
application/x-font-woff
access-control-allow-origin
*
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
51051
expires
Tue, 17 Apr 2018 16:59:21 GMT
PayPalSansBig-Light.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ 		48 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/PayPalSansBig-Light.woff
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/eboxapps/js/32/ea4036584eb447c76fa631c627fa535fc50633.js
Protocol
SPDY
Server
2.18.233.20 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
c599c554590d1a336ffcb9627f6caaac34b6228f60e15f5f25454bff38facb7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapp/baa6f0c24cb9d133d3191b0d05d815d3d58c2d.css
Origin
http://www.greenleafmedmarijuana.com

Response headers

date
Sun, 18 Mar 2018 16:59:21 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
last-modified
Wed, 30 Sep 2015 05:09:04 GMT
server
Apache
status
200
vary
Accept-Encoding
content-type
application/x-font-woff
access-control-allow-origin
*
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
49115
expires
Tue, 17 Apr 2018 16:59:21 GMT
PayPalSansSmall-Regular.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ 		46 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/PayPalSansSmall-Regular.woff
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/eboxapps/js/32/ea4036584eb447c76fa631c627fa535fc50633.js
Protocol
SPDY
Server
2.18.233.20 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapp/baa6f0c24cb9d133d3191b0d05d815d3d58c2d.css
Origin
http://www.greenleafmedmarijuana.com

Response headers

date
Sun, 18 Mar 2018 16:59:21 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
last-modified
Wed, 30 Sep 2015 05:09:04 GMT
server
Apache
status
200
vary
Accept-Encoding
content-type
application/x-font-woff
access-control-allow-origin
*
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
47339
expires
Tue, 17 Apr 2018 16:59:21 GMT
PayPalSansSmall-Bold.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ 		46 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/PayPalSansSmall-Bold.woff
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/eboxapps/js/32/ea4036584eb447c76fa631c627fa535fc50633.js
Protocol
SPDY
Server
2.18.233.20 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
8d7c7b88c76638544187e6bd2df9a2795124e4cb876fc48915f51b8c205c2ccc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapp/baa6f0c24cb9d133d3191b0d05d815d3d58c2d.css
Origin
http://www.greenleafmedmarijuana.com

Response headers

date
Sun, 18 Mar 2018 16:59:21 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
last-modified
Wed, 30 Sep 2015 05:09:04 GMT
server
Apache
status
200
vary
Accept-Encoding
content-type
application/x-font-woff
access-control-allow-origin
*
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
47363
expires
Tue, 17 Apr 2018 16:59:21 GMT
serverComponent.php
nexus.ensighten.com/paypal/prod/ 		0
730 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://nexus.ensighten.com/paypal/prod/serverComponent.php?r=84719839.45074593&ensJson=true&ClientID=1620&PageID=http%3A%2F%2Fwww.greenleafmedmarijuana.com%2F56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk%3D%2Fwebapps%3Fscrubbed%26tms_country%3Dus%26ensJson%3Dtrue
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/tagmgmt/bs.js
Protocol
HTTP/1.1
Server
34.198.7.181 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-198-7-181.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
Origin
http://www.greenleafmedmarijuana.com

Response headers

Date
Sun, 18 Mar 2018 16:59:22 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
no-cache, no-store
Connection
keep-alive
Content-Length
446
Expires
Sun, 18 Mar 2018 16:59:21 GMT
ts
t.paypal.com/ 		42 B
728 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://t.paypal.com/ts?v=1.2.0&t=1521392362427&g=0&e=im&pgrp=main%3Amktg%3Abusiness%3A%3Ahome-merchant&page=main%3Amktg%3Abusiness%3A%3Ahome-merchant%3A%3A%3A5094&tmpl=home-merchant.dust&pgst=Unknown&lgin=out&calc=7c62921734cae&rsta=en_US&s=ci&ccpg=us&csci=74563a8f823147ff8be029032205f6a6&comp=mppnodeweb&tsrce=mppnodeweb&xe=2137&xt=5094&pgld=Unknown&bzsr=main&bchn=mktg&pgsf=business&shir=main_mktg_business_&pros=2&lgcook=3&pt=Powerful%20tools%20for%20your%20business&cd=24&sw=1600&sh=1200&dw=1600&dh=1200&bw=1600&bh=1200&ce=1&t1=146&t1c=146&t1d=0&t1s=0&t2=205&t3=5&t4d=477&t4=496&t4e=19&tt=849
Protocol
HTTP/1.1
Server
2.21.161.21 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software
akka-http/10.0.9-PayPal-2 /
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer
http://www.greenleafmedmarijuana.com/56accfe73063bb86d0df4967e48c80b6MWNmNmUzNmE4NDYyNTdmMjZjZjJmYmExMjQ1MjNhYjk=/webapps?scrubbed
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 18 Mar 2018 16:59:22 GMT
Server
akka-http/10.0.9-PayPal-2
P3P
policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
HTTP_X_PP_AZ_LOCATOR
slca.slc
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
42
Expires
Sun, 18 Mar 2018 16:59:22 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

47 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| PP_GLOBAL_JS_STRINGS string| HOLIDAYS string| BROWSER_TYPE object| html5 object| Modernizr function| yepnope function| $ function| jQuery object| PAYPAL object| jQuery1112020741575585065064 object| OOo object| isMobile function| attachScroll function| doScroll function| setSkrollr function| animatePopout function| GA_Handler object| dataLayer object| ensBootstraps object| Bootstrapper string| k string| sc_code_ver string| s_account object| s function| s_doPlugins string| s_code string| s_objectID function| s_gi function| s_giqf string| s_an function| s_sp function| s_jn function| s_rep function| s_d function| s_fe function| s_fa function| s_ft object| s_c_il number| s_c_in number| s_giq string| ContentTask string| subFeature2 function| scOnload object| fpti string| fptiserverurl string| j object| s_i_paypal

2 Cookies

Domain/Path Name / Value
.greenleafmedmarijuana.com/ Name: s_sess
Value: %20s_ppv%3D83%3B%20s_cc%3Dtrue%3B%20v31%3Dmain%253Amktg%253Abusiness%253A%253Ahome-merchant%3B%20s_sq%3D%3B
.greenleafmedmarijuana.com/ Name: s_pers
Value: %20s_fid%3D11CB2165807B6E32-10B1A525B645978A%7C1584550761989%3B%20gpv_c43%3Dmain%253Amktg%253Abusiness%253A%253Ahome-merchant%7C1521394161991%3B%20tr_p1%3Dmain%253Amktg%253Abusiness%253A%253Ahome-merchant%7C1521394161993%3B%20gpv_events%3Dno%2520value%7C1521394161993%3B