paypro.info Open in urlscan Pro
5.61.54.215 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://paypro.info/
Submission: On August 31 via manual (August 31st 2022, 11:48:21 am UTC) from DE — Scanned from NL

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 21 HTTP transactions. The main IP is 5.61.54.215, located in Dronten, Netherlands and belongs to SCALAXY-AS, NL. The main domain is paypro.info.

This is the only time paypro.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Coinbase (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
14	5.61.54.215 5.61.54.215	58061 (SCALAXY-AS) (SCALAXY-AS)
1	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
1 2	2606:4700::68... 2606:4700::6810:7aaf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:5814	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
21	5

14 5.61.54.215 (Dronten, Netherlands)

ASN58061 (SCALAXY-AS, NL)

paypro.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7aaf (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	paypro.info paypro.info	273 KB
3	gstatic.com fonts.gstatic.com	24 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 384	101 KB
2	unpkg.com 1 redirects unpkg.com — Cisco Umbrella Rank: 792	88 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 43	1014 B
21	5

	Domain	Requested by
14	paypro.info	paypro.info unpkg.com
3	fonts.gstatic.com	fonts.googleapis.com
2	cdn.jsdelivr.net	paypro.info cdn.jsdelivr.net
2	unpkg.com	1 redirects paypro.info
1	fonts.googleapis.com	paypro.info
21	5

This site contains no links.

Subject Issuer	Validity	Valid
upload.video.google.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-02` - `2023-06-01`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://paypro.info/
Frame ID: FB6F5C2E72149F32E9596088559033BB
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Payment solution for MT4 / MT5

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

21
Requests

29 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

487 kB
Transfer

1646 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js HTTP 302
https://unpkg.com/@lottiefiles/lottie-player@1.5.7/dist/lottie-player.js

21 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
paypro.info/ 10 KB
3 KB 154ms
78ms Document
text/html 5.61.54.215
SCALAXY-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://paypro.info/
Protocol: HTTP/1.1
Server: 5.61.54.215 Dronten, Netherlands, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 4394be8cd9bce69c21f8766266f1d109c6f2ccdef6b1ed9debf188b679facf2f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Cache-Control: private, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 31 Aug 2022 11:48:14 GMT
Server: nginx/1.18.0
Transfer-Encoding: chunked
Vary: Accept-Encoding
expires: -1
pragma: no-cache

GET
H/1.1 200
OK landing.js Show response
paypro.info/js/ 578 KB
134 KB 30ms
29ms Script
application/javascript 5.61.54.215
SCALAXY-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://paypro.info/js/landing.js
Requested by: Host: paypro.info
URL: http://paypro.info/
Protocol: HTTP/1.1
Server: 5.61.54.215 Dronten, Netherlands, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: d2053dd207e4be1f41269b50fd4f99e1f66050cf57cb741713e312535ec6be7c

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://paypro.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 11:48:14 GMT
Content-Encoding: gzip
Last-Modified: Sat, 23 Apr 2022 19:57:23 GMT
Server: nginx/1.18.0
ETag: "90800-5dd57c0608ec0-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes

GET
H2 200 css2
fonts.googleapis.com/ 3 KB
1014 B 83ms
30ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:wght@200;400;600&display=swap

Requested by

Host: paypro.info
URL: http://paypro.info/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

36bed36fbfb75daa50564e6a45a1a95ac13ac50dc6f742f8f7538c855ddfa8c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://paypro.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 31 Aug 2022 10:33:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 31 Aug 2022 11:48:14 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 31 Aug 2022 11:48:14 GMT

GET
H/1.1 200
OK landing.css
paypro.info/css/ 205 KB
27 KB 63ms
45ms Stylesheet
text/css 5.61.54.215
SCALAXY-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://paypro.info/css/landing.css
Requested by: Host: paypro.info
URL: http://paypro.info/
Protocol: HTTP/1.1
Server: 5.61.54.215 Dronten, Netherlands, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: dc48e386339fc1ab68817db89138b2f1f06f7dce0ba1263372c8710c356c6119

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://paypro.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 11:48:14 GMT
Content-Encoding: gzip
Last-Modified: Sat, 23 Apr 2022 19:57:23 GMT
Server: nginx/1.18.0
ETag: "333dd-5dd57c0608ec0-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27449

GET
H/1.1 200
OK stripe.svg
paypro.info/images/gateways/ 1 KB
2 KB 50ms
32ms Image
image/svg+xml 5.61.54.215
SCALAXY-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://paypro.info/images/gateways/stripe.svg
Requested by: Host: paypro.info
URL: http://paypro.info/
Protocol: HTTP/1.1
Server: 5.61.54.215 Dronten, Netherlands, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 06fb7688d2ea73c329eb5303d2f1d34f611fc1e7717fcd34d1c5fedabe3de551

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://paypro.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 11:48:14 GMT
Last-Modified: Sun, 09 Jan 2022 00:19:44 GMT
Server: nginx/1.18.0
ETag: "526-5d51b2d46c800"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1318

GET
H/1.1 200
OK anet.svg
paypro.info/images/gateways/ 12 KB
12 KB 91ms
73ms Image
image/svg+xml 5.61.54.215
SCALAXY-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://paypro.info/images/gateways/anet.svg
Requested by: Host: paypro.info
URL: http://paypro.info/
Protocol: HTTP/1.1
Server: 5.61.54.215 Dronten, Netherlands, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: d71dc97e9162d5a7e1ccc52dfe33a1affc076ae2e49ae0dc41dfc0d952cd51f4

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://paypro.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 11:48:14 GMT
Last-Modified: Fri, 07 Jan 2022 02:02:20 GMT
Server: nginx/1.18.0
ETag: "3036-5d4f460852300"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12342

GET
H/1.1 200
OK vogue.svg
paypro.info/images/gateways/ 8 KB
8 KB 129ms
111ms Image
image/svg+xml 5.61.54.215
SCALAXY-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://paypro.info/images/gateways/vogue.svg
Requested by: Host: paypro.info
URL: http://paypro.info/
Protocol: HTTP/1.1
Server: 5.61.54.215 Dronten, Netherlands, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: adbbbb4d4ad395bc91f9d3cc7bd0d6484fef7ba4f8234a7c970c03d385d80be2

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://paypro.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 11:48:14 GMT
Last-Modified: Fri, 07 Jan 2022 01:51:21 GMT
Server: nginx/1.18.0
ETag: "1f95-5d4f4393d9840"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8085

GET
H/1.1 200
OK coinbase.svg
paypro.info/images/gateways/ 4 KB
4 KB 959ms
941ms Image
image/svg+xml 5.61.54.215
SCALAXY-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://paypro.info/images/gateways/coinbase.svg
Requested by: Host: paypro.info
URL: http://paypro.info/
Protocol: HTTP/1.1
Server: 5.61.54.215 Dronten, Netherlands, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 126270d27d1ac1a29b8d7d01238377840fe79b70212bd230adc6b2d9da82bf38

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://paypro.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 11:48:15 GMT
Last-Modified: Fri, 07 Jan 2022 02:43:15 GMT
Server: nginx/1.18.0
ETag: "ecc-5d4f4f2d976c0"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3788

GET
H/1.1 200
OK bitpay.svg
paypro.info/images/gateways/ 5 KB
5 KB 1928ms
1928ms Image
image/svg+xml 5.61.54.215
SCALAXY-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://paypro.info/images/gateways/bitpay.svg
Requested by: Host: paypro.info
URL: http://paypro.info/
Protocol: HTTP/1.1
Server: 5.61.54.215 Dronten, Netherlands, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 9847f5410ae7fae865a9aa256fafb352f825f7a808333459188ed34fd6733652

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://paypro.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 11:48:16 GMT
Last-Modified: Fri, 07 Jan 2022 02:44:14 GMT
Server: nginx/1.18.0
ETag: "1358-5d4f4f65dbb80"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4952

GET
H/1.1 200
OK vouchermatic.png
paypro.info/images/gateways/ 27 KB
28 KB 1928ms
1928ms Image
image/png 5.61.54.215
SCALAXY-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://paypro.info/images/gateways/vouchermatic.png
Requested by: Host: paypro.info
URL: http://paypro.info/
Protocol: HTTP/1.1
Server: 5.61.54.215 Dronten, Netherlands, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 2295d8a7bb3de237430226f70f989ceaf953cf5ca9c8471052d7d0187281aeca

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://paypro.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 11:48:16 GMT
Last-Modified: Fri, 07 Jan 2022 02:07:26 GMT
Server: nginx/1.18.0
ETag: "6d94-5d4f472c25380"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 28052

GET
H/1.1 200
OK 2fav.png
paypro.info/images/gateways/ 23 KB
23 KB 2913ms
2913ms Image
image/png 5.61.54.215
SCALAXY-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://paypro.info/images/gateways/2fav.png
Requested by: Host: paypro.info
URL: http://paypro.info/
Protocol: HTTP/1.1
Server: 5.61.54.215 Dronten, Netherlands, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: d53553d7f6f876c1f7cfc85a4ab87cbf69ea7b84c61b25c210b2f507013e95f3

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://paypro.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 11:48:17 GMT
Last-Modified: Fri, 07 Jan 2022 02:10:14 GMT
Server: nginx/1.18.0
ETag: "5be4-5d4f47cc5cd80"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 23524

GET
H2

200

lottie-player.js Show response
unpkg.com/@lottiefiles/lottie-player@1.5.7/dist/
Redirect Chain

https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js
https://unpkg.com/@lottiefiles/lottie-player@1.5.7/dist/lottie-player.js

337 KB
88 KB

36ms
36ms

Script
application/javascript

2606:4700::6810:7aaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/@lottiefiles/lottie-player@1.5.7/dist/lottie-player.js

Requested by

Host: paypro.info
URL: http://paypro.info/

Protocol

Server

2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99a251662165f4ce8a58450330d03b4578f05a17a3aa625f9cae9f8867b91868

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://paypro.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 11:48:14 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3533208
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"54557-mEzLpqpg5bSX6hg9TQvipFKQcc8"
fly-request-id: 01G8GJ4GJZFG0SWSGZZMA5KPT4-fra
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 743589382f798fe9-FRA

Redirect headers

date: Wed, 31 Aug 2022 11:48:14 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
fly-request-id: 01GBSV7WCM7N450WX169V8NT2V-fra
server: cloudflare
age: 461
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
location: /@lottiefiles/lottie-player@1.5.7/dist/lottie-player.js
cache-control: public, s-maxage=600, max-age=60
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 74358937ff428fe9-FRA
access-control-allow-origin: *

GET
H2 200 bootstrap-icons.css
cdn.jsdelivr.net/npm/bootstrap-icons@1.7.2/font/ 72 KB
11 KB 78ms
32ms Stylesheet
text/css 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap-icons@1.7.2/font/bootstrap-icons.css

Requested by

Host: paypro.info
URL: http://paypro.info/css/landing.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb18ec4bd71814b4e39a5afc8f98be0eabce2c206e811cc4796c5431665e6174

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://paypro.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 11:48:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 14091985
x-jsd-version: 1.7.2
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19179-FRA, cache-hhn4022-HHN
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"11e37-gaZqnrLenLCs4BvyXVKzdrhY6WA"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fAtx%2BjyPV7BE6HoEC59XlzpMPdcp2jjkRfxx7jjvSlhIMLB1BC%2BwZ0YuKg8NzWy0%2Bc4E8NK7jPUFqFzUKRYqY2eM5o8QnYMin1Lw17rfCUNKt2S8OPZKpT0zkP6%2FRKqAZAk3Vqj7N4jNjqvrMbE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 743589382ab29b2b-FRA

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 83ms
32ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@200;400;600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://paypro.info
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 21:23:03 GMT
x-content-type-options: nosniff
age: 570311
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8000
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 24 Aug 2023 21:23:03 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 81ms
31ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@200;400;600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://paypro.info
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 19:24:53 GMT
x-content-type-options: nosniff
age: 577401
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 24 Aug 2023 19:24:53 GMT

GET
H3 200 bootstrap-icons.woff2
cdn.jsdelivr.net/npm/bootstrap-icons@1.7.2/font/fonts/ 90 KB
91 KB 55ms
29ms Font
font/woff2 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap-icons@1.7.2/font/fonts/bootstrap-icons.woff2?30af91bf14e37666a085fb8a161ff36d

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/bootstrap-icons@1.7.2/font/bootstrap-icons.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9829fbbcc18407deb28b49dac24d8146981b22b4a4813f1699c7773e80c01b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.jsdelivr.net/npm/bootstrap-icons@1.7.2/font/bootstrap-icons.css
Origin: http://paypro.info
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 11:48:14 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 14091997
x-jsd-version: 1.7.2
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 92064
x-served-by: cache-fra19137-FRA, cache-hhn4047-HHN
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"167a0-ABUDSebr2vJiivnqTlbWsC29o5M"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZkV1ubx3lcunWxyyqLIslFNdoX%2BBp%2FLpMBQ9omeigW%2BW3xGdG1ZK%2BE1tdP0GoBE2L%2FbtCom3cTrrQUO3BC5hzNA0lliwp5Gn6qRa4%2B4W3DlDy77BDJHg1xHShbfBRjWAApKkerxdEoMejw5NCOU%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
cf-ray: 743589389857699f-FRA

GET
H2 200 pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 82ms
32ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@200;400;600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f0c572590421075878908e0b380c5a6d404f72aa7d6d125385943be658f8399

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://paypro.info
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 19:37:12 GMT
x-content-type-options: nosniff
age: 576662
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7932
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:10:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 24 Aug 2023 19:37:12 GMT

GET
H/1.1 200
OK logo.json Show response
paypro.info/images/ 72 KB
9 KB 2788ms
2788ms XHR
application/json 5.61.54.215
SCALAXY-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://paypro.info/images/logo.json
Requested by: Host: unpkg.com
URL: https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js
Protocol: HTTP/1.1
Server: 5.61.54.215 Dronten, Netherlands, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 210169cae4bfbd721c23150102e9d7b7288cb596c998b0b4aa1b3fa4cfeb8ec3

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://paypro.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 11:48:17 GMT
Content-Encoding: gzip
Last-Modified: Fri, 07 Jan 2022 03:18:49 GMT
Server: nginx/1.18.0
ETag: W/"11e67-5d4f5720bb840"
Transfer-Encoding: chunked
Content-Type: application/json
Connection: keep-alive

GET
H/1.1 200
OK logo.json Show response
paypro.info/images/ 72 KB
9 KB 2788ms
2788ms Fetch
application/json 5.61.54.215
SCALAXY-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://paypro.info/images/logo.json
Requested by: Host: unpkg.com
URL: https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js
Protocol: HTTP/1.1
Server: 5.61.54.215 Dronten, Netherlands, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 210169cae4bfbd721c23150102e9d7b7288cb596c998b0b4aa1b3fa4cfeb8ec3

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://paypro.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 11:48:17 GMT
Content-Encoding: gzip
Last-Modified: Fri, 07 Jan 2022 03:18:49 GMT
Server: nginx/1.18.0
ETag: W/"11e67-5d4f5720bb840"
Transfer-Encoding: chunked
Content-Type: application/json
Connection: keep-alive

GET
H/1.1 200
OK manage.json Show response
paypro.info/images/ 52 KB
5 KB 2788ms
2003ms XHR
application/json 5.61.54.215
SCALAXY-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://paypro.info/images/manage.json
Requested by: Host: unpkg.com
URL: https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js
Protocol: HTTP/1.1
Server: 5.61.54.215 Dronten, Netherlands, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 6b7f3f0e42f63e77e269c896c067220da81dd0a3055e7b6ad0b1f2c07b7ef4b6

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://paypro.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 11:48:17 GMT
Content-Encoding: gzip
Last-Modified: Fri, 07 Jan 2022 04:06:36 GMT
Server: nginx/1.18.0
ETag: W/"d1b3-5d4f61ceeab00"
Transfer-Encoding: chunked
Content-Type: application/json
Connection: keep-alive

GET
H/1.1 200
OK manage.json Show response
paypro.info/images/ 52 KB
5 KB 3800ms
2014ms Fetch
application/json 5.61.54.215
SCALAXY-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://paypro.info/images/manage.json
Requested by: Host: unpkg.com
URL: https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js
Protocol: HTTP/1.1
Server: 5.61.54.215 Dronten, Netherlands, ASN58061 (SCALAXY-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 6b7f3f0e42f63e77e269c896c067220da81dd0a3055e7b6ad0b1f2c07b7ef4b6

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://paypro.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 11:48:18 GMT
Content-Encoding: gzip
Last-Modified: Fri, 07 Jan 2022 04:06:36 GMT
Server: nginx/1.18.0
ETag: W/"d1b3-5d4f61ceeab00"
Transfer-Encoding: chunked
Content-Type: application/json
Connection: keep-alive

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Coinbase (Crypto Exchange)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
fonts.googleapis.com
fonts.gstatic.com
paypro.info
unpkg.com
2606:4700::6810:5814
2606:4700::6810:7aaf
2a00:1450:4001:811::200a
2a00:1450:4001:82a::2003
5.61.54.215
06fb7688d2ea73c329eb5303d2f1d34f611fc1e7717fcd34d1c5fedabe3de551
126270d27d1ac1a29b8d7d01238377840fe79b70212bd230adc6b2d9da82bf38
210169cae4bfbd721c23150102e9d7b7288cb596c998b0b4aa1b3fa4cfeb8ec3
2295d8a7bb3de237430226f70f989ceaf953cf5ca9c8471052d7d0187281aeca
36bed36fbfb75daa50564e6a45a1a95ac13ac50dc6f742f8f7538c855ddfa8c5
4394be8cd9bce69c21f8766266f1d109c6f2ccdef6b1ed9debf188b679facf2f
6b7f3f0e42f63e77e269c896c067220da81dd0a3055e7b6ad0b1f2c07b7ef4b6
6f0c572590421075878908e0b380c5a6d404f72aa7d6d125385943be658f8399
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
9847f5410ae7fae865a9aa256fafb352f825f7a808333459188ed34fd6733652
99a251662165f4ce8a58450330d03b4578f05a17a3aa625f9cae9f8867b91868
adbbbb4d4ad395bc91f9d3cc7bd0d6484fef7ba4f8234a7c970c03d385d80be2
bb18ec4bd71814b4e39a5afc8f98be0eabce2c206e811cc4796c5431665e6174
d2053dd207e4be1f41269b50fd4f99e1f66050cf57cb741713e312535ec6be7c
d53553d7f6f876c1f7cfc85a4ab87cbf69ea7b84c61b25c210b2f507013e95f3
d71dc97e9162d5a7e1ccc52dfe33a1affc076ae2e49ae0dc41dfc0d952cd51f4
dc48e386339fc1ab68817db89138b2f1f06f7dce0ba1263372c8710c356c6119
e9829fbbcc18407deb28b49dac24d8146981b22b4a4813f1699c7773e80c01b9
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

paypro.info Open in urlscan Pro 5.61.54.215 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

21 Requests

29 %HTTPS

80 %IPv6

5 Domains

5 Subdomains

5 IPs

3 Countries

487 kBTransfer

1646 kBSize

0 Cookies

0 Outgoing links

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

0 Cookies

Indicators

paypro.info Open in urlscan Pro
5.61.54.215 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

29 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

487 kB
Transfer

1646 kB
Size

0
Cookies

21 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!