mypaypal.cf Open in urlscan Pro
23.88.68.4  Malicious Activity! Public Scan

4 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
5 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response mypaypal.cf/	4 KB 2 KB	115ms 14ms	Document text/html	23.88.68.4 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://mypaypal.cf/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 23.88.68.4 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS ndp.crystalregistry.com Software Apache/2 / Resource Hash ca0860b13751146703ed0509a7f62c2993919ffde02332023fb68e9ca0397e1b Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes content-encoding gzip content-length 1467 content-type text/html date Sun, 18 Dec 2022 09:42:45 GMT etag "10cd-5eaeece8cc000-gzip" last-modified Thu, 13 Oct 2022 18:37:52 GMT server Apache/2 vary Accept-Encoding,User-Agent
GET H2	200	nicepage.css mypaypal.cf/	971 KB 89 KB	32ms 30ms	Stylesheet text/css	23.88.68.4 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://mypaypal.cf/nicepage.css Requested by Host: mypaypal.cf URL: https://mypaypal.cf/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 23.88.68.4 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS ndp.crystalregistry.com Software Apache/2 / Resource Hash 93de20f8d3f01eccf72dc57d14cbab9ebb00916e0629aec58a60d5d6e9175d04 Request headers accept-language de-DE,de;q=0.9 Referer https://mypaypal.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sun, 18 Dec 2022 09:42:46 GMT content-encoding gzip last-modified Thu, 13 Oct 2022 18:37:26 GMT server Apache/2 etag "f2d2c-5eaeecd000580-gzip" vary Accept-Encoding,User-Agent content-type text/css accept-ranges bytes
GET H2	200	Paypal.css mypaypal.cf/	4 KB 938 B	15ms 13ms	Stylesheet text/css	23.88.68.4 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://mypaypal.cf/Paypal.css Requested by Host: mypaypal.cf URL: https://mypaypal.cf/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 23.88.68.4 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS ndp.crystalregistry.com Software Apache/2 / Resource Hash 8e48807bd33ed5d36aca94a407c51e77305f1ae35c01053cb46682a0b8cf22ab Request headers accept-language de-DE,de;q=0.9 Referer https://mypaypal.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sun, 18 Dec 2022 09:42:46 GMT content-encoding gzip last-modified Thu, 13 Oct 2022 18:37:26 GMT server Apache/2 etag "1154-5eaeecd000580-gzip" vary Accept-Encoding,User-Agent content-type text/css accept-ranges bytes content-length 831
GET H2	200	jquery.js Show response mypaypal.cf/	87 KB 30 KB	23ms 22ms	Script application/javascript	23.88.68.4 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://mypaypal.cf/jquery.js Requested by Host: mypaypal.cf URL: https://mypaypal.cf/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 23.88.68.4 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS ndp.crystalregistry.com Software Apache/2 / Resource Hash f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Request headers accept-language de-DE,de;q=0.9 Referer https://mypaypal.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sun, 18 Dec 2022 09:42:46 GMT content-encoding gzip last-modified Thu, 13 Oct 2022 18:37:26 GMT server Apache/2 etag "15d84-5eaeecd000580-gzip" vary Accept-Encoding,User-Agent content-type application/javascript accept-ranges bytes content-length 30910
GET H2	200	nicepage.js Show response mypaypal.cf/	156 KB 49 KB	26ms 26ms	Script application/javascript	23.88.68.4 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://mypaypal.cf/nicepage.js Requested by Host: mypaypal.cf URL: https://mypaypal.cf/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 23.88.68.4 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS ndp.crystalregistry.com Software Apache/2 / Resource Hash ddd38b59aea390aa776b4c087a45e1908419bd82f57937b5c2ecbcd8ae39303e Request headers accept-language de-DE,de;q=0.9 Referer https://mypaypal.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sun, 18 Dec 2022 09:42:46 GMT content-encoding gzip last-modified Thu, 13 Oct 2022 18:37:26 GMT server Apache/2 etag "26f24-5eaeecd000580-gzip" vary Accept-Encoding,User-Agent content-type application/javascript accept-ranges bytes content-length 49745
GET H2	200	css fonts.googleapis.com/	50 KB 2 KB	188ms 71ms	Stylesheet text/css	2a00:1450:400d:807::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i|Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i Requested by Host: mypaypal.cf URL: https://mypaypal.cf/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:807::200a , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 691fff672704cb7767fe5f9de458be94e4578f12e76754a859353bb3e42b79b3 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://mypaypal.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Sun, 18 Dec 2022 09:42:46 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Sun, 18 Dec 2022 09:16:26 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Sun, 18 Dec 2022 09:42:46 GMT
GET H2	200	download5.png mypaypal.cf/images/	3 KB 3 KB	22ms 21ms	Image image/png	23.88.68.4 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://mypaypal.cf/images/download5.png Requested by Host: mypaypal.cf URL: https://mypaypal.cf/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 23.88.68.4 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS ndp.crystalregistry.com Software Apache/2 / Resource Hash 2c52c1cf9159613504d54fc3d3c9f8074e7b99630607a5cce8f768a736e8c0f8 Request headers accept-language de-DE,de;q=0.9 Referer https://mypaypal.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sun, 18 Dec 2022 09:42:46 GMT last-modified Thu, 13 Oct 2022 18:37:26 GMT server Apache/2 accept-ranges bytes etag "c91-5eaeecd000580" content-length 3217 content-type image/png
GET H2	200	/ Show response www.yksupport.live/ Frame 5DEA	711 B 840 B	414ms 192ms	Document text/html	85.239.33.214 ALEXHOST
General Check archive.org Show headers Download Go to Full URL https://www.yksupport.live/ Requested by Host: mypaypal.cf URL: https://mypaypal.cf/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 85.239.33.214 , Russian Federation, ASN200019 (ALEXHOST, MD), Reverse DNS redear.finsure.live Software Microsoft-IIS/10.0 / Resource Hash 3047b382166bfcfc55cf8476d1bb408e85d8c4b256e222284fca9a66b9fb374e Request headers Referer https://mypaypal.cf/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes content-length 711 content-type text/html date Sun, 18 Dec 2022 09:42:46 GMT etag "0a1b9acabf9d81:0" last-modified Wed, 16 Nov 2022 11:07:54 GMT server Microsoft-IIS/10.0
GET H2	200	Capture.PNG mypaypal.cf/images/	991 KB 997 KB	14ms 14ms	Image image/png	23.88.68.4 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://mypaypal.cf/images/Capture.PNG Requested by Host: mypaypal.cf URL: https://mypaypal.cf/Paypal.css Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 23.88.68.4 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS ndp.crystalregistry.com Software Apache/2 / Resource Hash 33cf117543df6685417f6e9d923c47ba50d9d478441aad9ae0d894df005c773d Request headers accept-language de-DE,de;q=0.9 Referer https://mypaypal.cf/Paypal.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sun, 18 Dec 2022 09:42:46 GMT last-modified Thu, 13 Oct 2022 18:37:26 GMT server Apache/2 accept-ranges bytes etag "f7c67-5eaeecd000580" content-length 1014887 content-type image/png
GET H2	200	Capture1.PNG mypaypal.cf/images/	38 KB 38 KB	15ms 14ms	Image image/png	23.88.68.4 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://mypaypal.cf/images/Capture1.PNG Requested by Host: mypaypal.cf URL: https://mypaypal.cf/Paypal.css Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 23.88.68.4 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS ndp.crystalregistry.com Software Apache/2 / Resource Hash 5d6abd2a009274962f3eda5993b3743d5c43eefea07fc1a3d447f7b657cb18fb Request headers accept-language de-DE,de;q=0.9 Referer https://mypaypal.cf/Paypal.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sun, 18 Dec 2022 09:42:46 GMT last-modified Thu, 13 Oct 2022 18:37:26 GMT server Apache/2 accept-ranges bytes etag "960c-5eaeecd000580" content-length 38412 content-type image/png
GET H2	200	memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 fonts.gstatic.com/s/opensans/v34/	44 KB 44 KB	186ms 83ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i|Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://mypaypal.cf accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 12 Dec 2022 18:50:24 GMT x-content-type-options nosniff age 485542 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 44856 x-xss-protection 0 last-modified Mon, 15 Aug 2022 18:20:18 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 12 Dec 2023 18:50:24 GMT
GET H2	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v30/	15 KB 16 KB	141ms 38ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i|Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://mypaypal.cf accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Thu, 15 Dec 2022 19:42:15 GMT x-content-type-options nosniff age 223231 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15744 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:48 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Fri, 15 Dec 2023 19:42:15 GMT
GET H2	200	KFOlCnqEu92Fr1MmWUlfBBc4.woff2 fonts.gstatic.com/s/roboto/v30/	15 KB 16 KB	153ms 50ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i|Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://mypaypal.cf accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 12 Dec 2022 16:44:52 GMT x-content-type-options nosniff age 493074 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15860 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:42 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 12 Dec 2023 16:44:52 GMT
GET H2	200	/ Show response ykbackend.xyz/ Frame F1F5	29 KB 7 KB	371ms 119ms	Document text/html	192.210.236.152 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://ykbackend.xyz/ Requested by Host: www.yksupport.live URL: https://www.yksupport.live/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 192.210.236.152 Elk Grove Village, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 192-210-236-152-host.colocrossing.com Software ScreenConnect/22.5.7881.8171-2173333266 Microsoft-HTTPAPI/2.0 / Resource Hash bb5cfc274dc7d39f14b468f55ceffe9c21ba20ab827d76cedbf7e0b5881907d0 Request headers Referer https://www.yksupport.live/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control private content-encoding gzip content-length 6961 content-type text/html; charset=utf-8 date Sun, 18 Dec 2022 09:42:46 GMT p3p CP="NON CUR OUR STP STA PRE" server ScreenConnect/22.5.7881.8171-2173333266 Microsoft-HTTPAPI/2.0
GET H2	200	Script.ashx Show response ykbackend.xyz/ Frame F1F5	487 KB 91 KB	159ms 158ms	Script text/javascript	192.210.236.152 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://ykbackend.xyz/Script.ashx?__Cache=7c8bd1dd-38f8-45cf-ad95-992cdd2c39da Requested by Host: ykbackend.xyz URL: https://ykbackend.xyz/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 192.210.236.152 Elk Grove Village, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 192-210-236-152-host.colocrossing.com Software ScreenConnect/22.5.7881.8171-2173333266 Microsoft-HTTPAPI/2.0 / Resource Hash f3b0c07d00a77420512629bfa0caa7a5644297ac951c36c0f8f19bbe0da61ccc Request headers accept-language de-DE,de;q=0.9 Referer https://ykbackend.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sun, 18 Dec 2022 09:42:46 GMT content-encoding gzip server ScreenConnect/22.5.7881.8171-2173333266 Microsoft-HTTPAPI/2.0 vary Accept-Encoding, Accept-Language, Host, X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto content-type text/javascript; charset=utf-8 cache-control public, max-age=31536000 content-length 92619 expires Mon, 18 Dec 2023 09:42:46 GMT
GET H2	200	Default.css ykbackend.xyz/App_Themes/LightWithBlue/ Frame F1F5	368 KB 108 KB	266ms 266ms	Stylesheet text/css	192.210.236.152 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://ykbackend.xyz/App_Themes/LightWithBlue/Default.css?__Cache=ea9af358-2bdf-4257-b785-9a5b652aa1e4 Requested by Host: ykbackend.xyz URL: https://ykbackend.xyz/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 192.210.236.152 Elk Grove Village, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 192-210-236-152-host.colocrossing.com Software ScreenConnect/22.5.7881.8171-2173333266 Microsoft-HTTPAPI/2.0 / Resource Hash cb8cb2a791f8bb79d366a5a4c8b6d9f16da79b7e16230c7434aea0aad105929f Request headers accept-language de-DE,de;q=0.9 Referer https://ykbackend.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sun, 18 Dec 2022 09:42:46 GMT content-encoding gzip server ScreenConnect/22.5.7881.8171-2173333266 Microsoft-HTTPAPI/2.0 vary Accept-Encoding content-type text/css; charset=utf-8 cache-control public, max-age=31275428 content-length 109970 expires Fri, 15 Dec 2023 09:19:55 GMT
GET DATA	200 OK	truncated / Frame F1F5	20 KB 0		Font text/plain
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash Request headers Referer Origin https://ykbackend.xyz accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type text/plain;charset=US-ASCII
GET DATA	200 OK	truncated / Frame F1F5	20 KB 0		Font text/plain
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash Request headers Referer Origin https://ykbackend.xyz accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type text/plain;charset=US-ASCII
GET DATA	200 OK	truncated / Frame F1F5	20 KB 0		Font text/plain
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash Request headers Referer Origin https://ykbackend.xyz accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type text/plain;charset=US-ASCII
POST H2	200	GetGuestSessionInfo Show response ykbackend.xyz/Services/PageService.ashx/ Frame F1F5	105 B 242 B	115ms 115ms	XHR application/json	192.210.236.152 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://ykbackend.xyz/Services/PageService.ashx/GetGuestSessionInfo Requested by Host: ykbackend.xyz URL: https://ykbackend.xyz/Script.ashx?__Cache=7c8bd1dd-38f8-45cf-ad95-992cdd2c39da Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 192.210.236.152 Elk Grove Village, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 192-210-236-152-host.colocrossing.com Software ScreenConnect/22.5.7881.8171-2173333266 Microsoft-HTTPAPI/2.0 / Resource Hash 1c308978d085a3a7f055fc54fe18ac0df058ecd97cef91d27b63abed3f20a79a Request headers Referer https://ykbackend.xyz/ X-Anti-Forgery-Token OMuowMnaeXG5flUvaV5SeoNrP8PU+27fKnuuiQvMxRYBAAA9mS2vYbYtQg== accept-language de-DE,de;q=0.9 X-Unauthorized-Status-Code 403 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Content-Type application/json Response headers pragma no-cache date Sun, 18 Dec 2022 09:42:46 GMT server ScreenConnect/22.5.7881.8171-2173333266 Microsoft-HTTPAPI/2.0 content-type application/json; charset=utf-8 access-control-allow-origin https://ykbackend.xyz cache-control no-cache, no-store access-control-allow-credentials true content-length 105 expires -1
GET DATA	200 OK	truncated / Frame F1F5	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash a64a4a5925c17d36b6e4e8e60c5bdf7cb0804499e57a46446f000c8ceedbb1f3 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/png
GET H2	200	Default.css ykbackend.xyz/App_Themes/LightWithBlue/ Frame F1F5	14 KB 14 KB	110ms 110ms	Image image/jpeg	192.210.236.152 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://ykbackend.xyz/App_Themes/LightWithBlue/Default.css?r=Page.Background&__Cache=13897 Requested by Host: ykbackend.xyz URL: https://ykbackend.xyz/App_Themes/LightWithBlue/Default.css?__Cache=ea9af358-2bdf-4257-b785-9a5b652aa1e4 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 192.210.236.152 Elk Grove Village, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 192-210-236-152-host.colocrossing.com Software ScreenConnect/22.5.7881.8171-2173333266 Microsoft-HTTPAPI/2.0 / Resource Hash fd2423803366aec2267b7576e896b23b80bea85492cb1e96a46427609fe44072 Request headers accept-language de-DE,de;q=0.9 Referer https://ykbackend.xyz/App_Themes/LightWithBlue/Default.css?__Cache=ea9af358-2bdf-4257-b785-9a5b652aa1e4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers expires Fri, 15 Dec 2023 11:27:52 GMT date Sun, 18 Dec 2022 09:42:46 GMT cache-control public, max-age=31283105 server ScreenConnect/22.5.7881.8171-2173333266 Microsoft-HTTPAPI/2.0 content-length 13897 vary Accept-Encoding content-type image/jpeg
GET H2	200	ActivityIndicator.gif ykbackend.xyz/Images/ Frame F1F5	27 KB 27 KB	112ms 112ms	Image image/gif	192.210.236.152 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://ykbackend.xyz/Images/ActivityIndicator.gif Requested by Host: ykbackend.xyz URL: https://ykbackend.xyz/App_Themes/LightWithBlue/Default.css?__Cache=ea9af358-2bdf-4257-b785-9a5b652aa1e4 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 192.210.236.152 Elk Grove Village, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 192-210-236-152-host.colocrossing.com Software ScreenConnect/22.5.7881.8171-2173333266 Microsoft-HTTPAPI/2.0 / Resource Hash 9d070c98f02f1d6287952256b47f7cd72eda89bda25ef99782325214a042f01a Request headers accept-language de-DE,de;q=0.9 Referer https://ykbackend.xyz/App_Themes/LightWithBlue/Default.css?__Cache=ea9af358-2bdf-4257-b785-9a5b652aa1e4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sun, 18 Dec 2022 09:42:46 GMT last-modified Thu, 12 May 2022 16:33:42 GMT server ScreenConnect/22.5.7881.8171-2173333266 Microsoft-HTTPAPI/2.0 etag "1D8661E0A94B700" content-type image/gif cache-control public accept-ranges bytes content-length 27503 expires Mon, 19 Dec 2022 09:42:47 GMT
GET H2	200	Extras.svg ykbackend.xyz/Images/ Frame F1F5	322 B 374 B	112ms 111ms	Image image/svg+xml	192.210.236.152 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://ykbackend.xyz/Images/Extras.svg Requested by Host: ykbackend.xyz URL: https://ykbackend.xyz/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 192.210.236.152 Elk Grove Village, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 192-210-236-152-host.colocrossing.com Software ScreenConnect/22.5.7881.8171-2173333266 Microsoft-HTTPAPI/2.0 / Resource Hash 8fce4aad3b04f9b76a08bad9b2459e355bbf16a470486d689fa801b9a30e3061 Request headers accept-language de-DE,de;q=0.9 Referer https://ykbackend.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sun, 18 Dec 2022 09:42:46 GMT last-modified Thu, 12 May 2022 16:33:42 GMT server ScreenConnect/22.5.7881.8171-2173333266 Microsoft-HTTPAPI/2.0 etag "1D8661E0A94B700" content-type image/svg+xml cache-control public accept-ranges bytes content-length 322 expires Mon, 19 Dec 2022 09:42:47 GMT
GET H2	200	WaffleIcon.svg ykbackend.xyz/Images/ Frame F1F5	821 B 861 B	112ms 112ms	Image image/svg+xml	192.210.236.152 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://ykbackend.xyz/Images/WaffleIcon.svg Requested by Host: ykbackend.xyz URL: https://ykbackend.xyz/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 192.210.236.152 Elk Grove Village, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 192-210-236-152-host.colocrossing.com Software ScreenConnect/22.5.7881.8171-2173333266 Microsoft-HTTPAPI/2.0 / Resource Hash 5bf4f707f250958980d313203989f1fca55b9446f34d667e7256f853d52e494d Request headers accept-language de-DE,de;q=0.9 Referer https://ykbackend.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sun, 18 Dec 2022 09:42:46 GMT last-modified Thu, 12 May 2022 16:33:42 GMT server ScreenConnect/22.5.7881.8171-2173333266 Microsoft-HTTPAPI/2.0 etag "1D8661E0A94B700" content-type image/svg+xml cache-control public accept-ranges bytes content-length 821 expires Mon, 19 Dec 2022 09:42:47 GMT
GET DATA	200 OK	truncated / Frame F1F5	241 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash f65d4472eab3ae1671e14b2d09ccfc0345458929a18f797afd82dcf7cd3e1628 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/svg+xml
POST H2	200	GetGuestSessionInfo Show response ykbackend.xyz/Services/PageService.ashx/ Frame F1F5	105 B 165 B	113ms 112ms	XHR application/json	192.210.236.152 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://ykbackend.xyz/Services/PageService.ashx/GetGuestSessionInfo Requested by Host: ykbackend.xyz URL: https://ykbackend.xyz/Script.ashx?__Cache=7c8bd1dd-38f8-45cf-ad95-992cdd2c39da Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 192.210.236.152 Elk Grove Village, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 192-210-236-152-host.colocrossing.com Software ScreenConnect/22.5.7881.8171-2173333266 Microsoft-HTTPAPI/2.0 / Resource Hash 22d8bf971caba11105ef32cac84dde16d3b4920bc85eb3578812107df4646dbe Request headers Referer https://ykbackend.xyz/ X-Anti-Forgery-Token OMuowMnaeXG5flUvaV5SeoNrP8PU+27fKnuuiQvMxRYBAAA9mS2vYbYtQg== accept-language de-DE,de;q=0.9 X-Unauthorized-Status-Code 403 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Content-Type application/json Response headers pragma no-cache date Sun, 18 Dec 2022 09:42:48 GMT server ScreenConnect/22.5.7881.8171-2173333266 Microsoft-HTTPAPI/2.0 content-type application/json; charset=utf-8 access-control-allow-origin https://ykbackend.xyz cache-control no-cache, no-store access-control-allow-credentials true content-length 105 expires -1
POST		GetGuestSessionInfo ykbackend.xyz/Services/PageService.ashx/ Frame F1F5	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

ykbackend.xyz

URL

https://ykbackend.xyz/Services/PageService.ashx/GetGuestSessionInfo

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

44 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontentvisibilityautostatechange function| $ function| jQuery object| cssBgParser function| ResponsiveMenu function| Dialog function| MailChimpForm object| bootstrap function| loadMapsContent function| mapIframeApiReady object| MapsLoader object| Utils object| Const object| Wait object| Previews function| Lightbox object| Utility object| skrollr function| Waypoint function| WaypointAdapter function| AnimationInfo function| CountUp function| CountUpAdapter function| CounterAnimation function| AnimateCssAnimation object| AnimationFactory object| AnimationEventScroll function| AnimationEventSlider object| WillChangeHint undefined| uAnimation object| _npScrollAnchor function| _npScrollSpyInit function| ImageZoom function| HorizontalLayoutSlider function| TabsControl function| _npTabsInit object| lazySizes object| _npLazyImages object| lazySizesConfig function| _npDialogsInit function| Accordion function| _npAccordionInit object| _responsive

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
mypaypal.cf
www.yksupport.live
ykbackend.xyz
ykbackend.xyz
192.210.236.152
23.88.68.4
2a00:1450:4001:829::2003
2a00:1450:400d:807::200a
85.239.33.214
1c308978d085a3a7f055fc54fe18ac0df058ecd97cef91d27b63abed3f20a79a
22d8bf971caba11105ef32cac84dde16d3b4920bc85eb3578812107df4646dbe
2c52c1cf9159613504d54fc3d3c9f8074e7b99630607a5cce8f768a736e8c0f8
3047b382166bfcfc55cf8476d1bb408e85d8c4b256e222284fca9a66b9fb374e
33cf117543df6685417f6e9d923c47ba50d9d478441aad9ae0d894df005c773d
5bf4f707f250958980d313203989f1fca55b9446f34d667e7256f853d52e494d
5d6abd2a009274962f3eda5993b3743d5c43eefea07fc1a3d447f7b657cb18fb
691fff672704cb7767fe5f9de458be94e4578f12e76754a859353bb3e42b79b3
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
8e48807bd33ed5d36aca94a407c51e77305f1ae35c01053cb46682a0b8cf22ab
8fce4aad3b04f9b76a08bad9b2459e355bbf16a470486d689fa801b9a30e3061
93de20f8d3f01eccf72dc57d14cbab9ebb00916e0629aec58a60d5d6e9175d04
9d070c98f02f1d6287952256b47f7cd72eda89bda25ef99782325214a042f01a
a64a4a5925c17d36b6e4e8e60c5bdf7cb0804499e57a46446f000c8ceedbb1f3
bb5cfc274dc7d39f14b468f55ceffe9c21ba20ab827d76cedbf7e0b5881907d0
ca0860b13751146703ed0509a7f62c2993919ffde02332023fb68e9ca0397e1b
cb8cb2a791f8bb79d366a5a4c8b6d9f16da79b7e16230c7434aea0aad105929f
ddd38b59aea390aa776b4c087a45e1908419bd82f57937b5c2ecbcd8ae39303e
f3b0c07d00a77420512629bfa0caa7a5644297ac951c36c0f8f19bbe0da61ccc
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f65d4472eab3ae1671e14b2d09ccfc0345458929a18f797afd82dcf7cd3e1628
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fd2423803366aec2267b7576e896b23b80bea85492cb1e96a46427609fe44072