urlscan.io logo urlscan.io
SecurityTrails logo

nic-home.com Open in urlscan Pro
108.167.141.191  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://nic-home.com/1142/account/customer_center/customer-IDPP00C114/myaccount/safe/activity/
Submission Tags: phishing malicious Search All
Submission: On January 08 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 9 HTTP transactions. The main IP is 108.167.141.191, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is nic-home.com.
This is the only time nic-home.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online) PayPal (Financial)

Domain & IP information

IP Address AS Autonomous System
5 108.167.141.191 46606 (UNIFIEDLA...)
4 151.101.2.133 54113 (FASTLY)
9 2
Apex Domain
Subdomains		 Transfer
5 nic-home.com
nic-home.com
80 KB
4 paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 1452
192 KB
9 2
Domain Requested by
5 nic-home.com nic-home.com
4 www.paypalobjects.com nic-home.com
9 2

This site contains no links.

Subject Issuer Validity Valid
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2021-11-02 -
2022-03-15		 4 months crt.sh

This page contains 1 frames:

Primary Page: http://nic-home.com/1142/account/customer_center/customer-IDPP00C114/myaccount/safe/activity/
Frame ID: 78DC7E5A032E50EFF9455404AA158D17
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

ΡayΡal Safety & Security

Detected technologies

Overall confidence: 100%
Detected patterns
  • paypalobjects\.com

Page Statistics

9
Requests

44 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

273 kB
Transfer

451 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
nic-home.com/1142/account/customer_center/customer-IDPP00C114/myaccount/safe/activity/ 		8 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://nic-home.com/1142/account/customer_center/customer-IDPP00C114/myaccount/safe/activity/
Protocol
HTTP/1.1
Server
108.167.141.191 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
mail.unitedagrogroup.com
Software
nginx/1.19.5 /
Resource Hash
50008dc0d943ec8ff19a4e1af440c79a3ecab2f368a769db43d1b209e3cd9123
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Sat, 08 Jan 2022 08:13:24 GMT
Server
nginx/1.19.5
Content-Type
text/html; charset=UTF-8
Content-Length
6538
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Vary
Accept-Encoding
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
X-Endurance-Cache-Level
2
X-nginx-cache
WordPress
X-Server-Cache
false
hok.js
nic-home.com/1142/account/customer_center/customer-IDPP00C114/myaccount/safe/activity/ 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://nic-home.com/1142/account/customer_center/customer-IDPP00C114/myaccount/safe/activity/hok.js
Requested by
Host: nic-home.com
URL: http://nic-home.com/1142/account/customer_center/customer-IDPP00C114/myaccount/safe/activity/
Protocol
HTTP/1.1
Server
108.167.141.191 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
mail.unitedagrogroup.com
Software
Apache /
Resource Hash
847c86ae982abe9180233276125b930b4a1b6f1bd12649b0c07535c1e984def8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://nic-home.com/1142/account/customer_center/customer-IDPP00C114/myaccount/safe/activity/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Sat, 08 Jan 2022 08:13:24 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-nginx-cache
WordPress
Last-Modified
Thu, 06 Jan 2022 14:12:55 GMT
Server
Apache
Vary
Accept-Encoding
X-Endurance-Cache-Level
2
Content-Type
application/javascript
Cache-Control
max-age=21600
Accept-Ranges
bytes
Content-Length
7931
X-XSS-Protection
1; mode=block
Expires
Sat, 08 Jan 2022 14:13:24 GMT
appSuperBowl.css
nic-home.com/1142/account/customer_center/customer-IDPP00C114/myaccount/safe/linguo/ 		221 KB
55 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://nic-home.com/1142/account/customer_center/customer-IDPP00C114/myaccount/safe/linguo/appSuperBowl.css
Requested by
Host: nic-home.com
URL: http://nic-home.com/1142/account/customer_center/customer-IDPP00C114/myaccount/safe/activity/
Protocol
HTTP/1.1
Server
108.167.141.191 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
mail.unitedagrogroup.com
Software
Apache /
Resource Hash
718bcc128f71d9dc56fb0f3754e2146e208fbc79f9460923eaf745d30c3c0dd0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://nic-home.com/1142/account/customer_center/customer-IDPP00C114/myaccount/safe/activity/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Sat, 08 Jan 2022 08:13:24 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-nginx-cache
WordPress
Last-Modified
Thu, 06 Jan 2022 14:12:55 GMT
Server
Apache
Vary
Accept-Encoding
X-Endurance-Cache-Level
2
Content-Type
text/css
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Accept-Ranges
bytes
X-XSS-Protection
1; mode=block
Expires
Mon, 07 Feb 2022 08:13:24 GMT
shield.png
nic-home.com/1142/account/customer_center/customer-IDPP00C114/myaccount/safe/linguo/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://nic-home.com/1142/account/customer_center/customer-IDPP00C114/myaccount/safe/linguo/shield.png
Requested by
Host: nic-home.com
URL: http://nic-home.com/1142/account/customer_center/customer-IDPP00C114/myaccount/safe/activity/
Protocol
HTTP/1.1
Server
108.167.141.191 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
mail.unitedagrogroup.com
Software
Apache /
Resource Hash
6c24e9fc3844d713e81e8182d435b1ec16df0b291e559742c5842f995b2e0498
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://nic-home.com/1142/account/customer_center/customer-IDPP00C114/myaccount/safe/activity/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Sat, 08 Jan 2022 08:13:24 GMT
X-Content-Type-Options
nosniff
X-nginx-cache
WordPress
Last-Modified
Thu, 06 Jan 2022 14:12:55 GMT
Server
Apache
X-Endurance-Cache-Level
2
Upgrade
h2,h2c
Cache-Control
max-age=31536000
Connection
Upgrade
Accept-Ranges
bytes
Content-Type
image/png
Content-Length
4440
X-XSS-Protection
1; mode=block
Expires
Sun, 08 Jan 2023 08:13:24 GMT
pplm.svg
nic-home.com/1142/account/customer_center/customer-IDPP00C114/myaccount/safe/linguo/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://nic-home.com/1142/account/customer_center/customer-IDPP00C114/myaccount/safe/linguo/pplm.svg
Requested by
Host: nic-home.com
URL: http://nic-home.com/1142/account/customer_center/customer-IDPP00C114/myaccount/safe/linguo/appSuperBowl.css
Protocol
HTTP/1.1
Server
108.167.141.191 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
mail.unitedagrogroup.com
Software
Apache /
Resource Hash
bb230994469278cbe80e0336a575209516879ad6a5e8cc9233956e71747de578
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://nic-home.com/1142/account/customer_center/customer-IDPP00C114/myaccount/safe/linguo/appSuperBowl.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Sat, 08 Jan 2022 08:13:25 GMT
X-Content-Type-Options
nosniff
X-nginx-cache
WordPress
Last-Modified
Thu, 06 Jan 2022 14:12:55 GMT
Server
Apache
X-Endurance-Cache-Level
2
Content-Type
image/svg+xml
Cache-Control
max-age=21600
Accept-Ranges
bytes
Content-Length
5588
X-XSS-Protection
1; mode=block
Expires
Sat, 08 Jan 2022 14:13:25 GMT
PayPalSansBig-Medium.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ 		50 KB
50 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/PayPalSansBig-Medium.woff
Requested by
Host: nic-home.com
URL: http://nic-home.com/1142/account/customer_center/customer-IDPP00C114/myaccount/safe/linguo/appSuperBowl.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ba20c92df54a4333cc16983eb8c0043e0ea8781319e03edcf6d5093cd109cf43
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Referer
http://nic-home.com/
Origin
http://nic-home.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sat, 08 Jan 2022 08:13:25 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
x-cache
HIT, HIT
paypal-debug-id
60e094c1feccf
dc
ccg11-origin-www-1.paypal.com
content-length
51051
x-served-by
cache-sjc10036-SJC, cache-hhn4082-HHN
last-modified
Wed, 30 Sep 2015 05:09:04 GMT
x-timer
S1641629605.232735,VS0,VE1
etag
"560b6e70-c76b"
strict-transport-security
max-age=31557600
content-type
font/woff
access-control-allow-origin
*
cache-control
public,max-age=3600
accept-ranges
bytes
x-cache-hits
98, 1
PayPalSansBig-Light.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ 		48 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/PayPalSansBig-Light.woff
Requested by
Host: nic-home.com
URL: http://nic-home.com/1142/account/customer_center/customer-IDPP00C114/myaccount/safe/linguo/appSuperBowl.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c599c554590d1a336ffcb9627f6caaac34b6228f60e15f5f25454bff38facb7e
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Referer
http://nic-home.com/
Origin
http://nic-home.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sat, 08 Jan 2022 08:13:25 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
x-cache
HIT, HIT
paypal-debug-id
15ed59fb192f1
dc
ccg11-origin-www-1.paypal.com
content-length
49115
x-served-by
cache-sjc10027-SJC, cache-hhn4082-HHN
last-modified
Wed, 30 Sep 2015 05:09:04 GMT
x-timer
S1641629605.232868,VS0,VE0
etag
"560b6e70-bfdb"
strict-transport-security
max-age=31557600
content-type
font/woff
access-control-allow-origin
*
cache-control
public,max-age=3600
accept-ranges
bytes
x-cache-hits
3059, 10
PayPalSansSmall-Regular.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ 		46 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/PayPalSansSmall-Regular.woff
Requested by
Host: nic-home.com
URL: http://nic-home.com/1142/account/customer_center/customer-IDPP00C114/myaccount/safe/linguo/appSuperBowl.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Referer
http://nic-home.com/
Origin
http://nic-home.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sat, 08 Jan 2022 08:13:25 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
x-cache
HIT, HIT
paypal-debug-id
dc9f7adddf8b6
dc
ccg11-origin-www-1.paypal.com
content-length
47339
x-served-by
cache-sjc10040-SJC, cache-hhn4082-HHN
last-modified
Wed, 30 Sep 2015 05:09:04 GMT
x-timer
S1641629605.232946,VS0,VE0
etag
"560b6e70-b8eb"
strict-transport-security
max-age=31557600
content-type
font/woff
access-control-allow-origin
*
cache-control
public,max-age=3600
accept-ranges
bytes
x-cache-hits
104363, 85
PayPalSansSmall-Medium.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ 		47 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/PayPalSansSmall-Medium.woff
Requested by
Host: nic-home.com
URL: http://nic-home.com/1142/account/customer_center/customer-IDPP00C114/myaccount/safe/linguo/appSuperBowl.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1fc978067430d2bf5d50d4adebd57ec8cb847f63cb8925fddb76fb5825071e85
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Referer
http://nic-home.com/
Origin
http://nic-home.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sat, 08 Jan 2022 08:13:25 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
x-cache
HIT, HIT
paypal-debug-id
292bf8b1f9f99
dc
phx-origin-www-2.paypal.com
content-length
48487
x-served-by
cache-sjc10065-SJC, cache-hhn4082-HHN
last-modified
Wed, 30 Sep 2015 05:09:04 GMT
x-timer
S1641629605.232995,VS0,VE0
etag
"560b6e70-bd67"
strict-transport-security
max-age=31557600
content-type
font/woff
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
x-cache-hits
17283, 113239

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online) PayPal (Financial)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onsecuritypolicyviolation object| onslotchange object| Aes object| Base64 object| Utf8 string| hea2p string| hea2t string| output string| ctrTxt object| antiClickjack function| disableselect function| reEnable function| clickIE

1 Cookies

Domain/Path Name / Value
nic-home.com/ Name: PHPSESSID
Value: b312f5637e45f36563c74ed4333236cf

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block