urlscan.io logo urlscan.io
SecurityTrails logo

huspitals.ml Open in urlscan Pro
104.209.221.91  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://huspitals.ml/Ppals/cy.htm
Submission: On December 24 via api from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 3 countries across 4 domains to perform 22 HTTP transactions. The main IP is 104.209.221.91, located in Boydton, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US. The main domain is huspitals.ml.
This is the only time huspitals.ml was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

IP Address AS Autonomous System
1 104.209.221.91 8075 (MICROSOFT...)
1 22 2.18.232.222 16625 (AKAMAI-AS)
1 1 104.109.71.98 20940 (AKAMAI-ASN1)
22 2
Apex Domain
Subdomains		 Transfer
21 paypalobjects.com
www.paypalobjects.com
336 KB
1 paypal.com
t.paypal.com
687 B
1 abmr.net
ak1s.abmr.net
706 B
1 huspitals.ml
huspitals.ml
26 KB
22 4
Domain Requested by
21 www.paypalobjects.com 1 redirects huspitals.ml
www.paypalobjects.com
1 t.paypal.com
1 ak1s.abmr.net 1 redirects
1 huspitals.ml
22 4

This site contains links to these domains. Also see Links.

Domain
www.paypal.com
www.x.com
www.paypal.co.uk
www.paypal.ca
www.paypal.com.au
Subject Issuer Validity Valid
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2018-08-14 -
2020-08-18		 2 years crt.sh

This page contains 1 frames:

Primary Page: http://huspitals.ml/Ppals/cy.htm
Frame ID: 199B4300D8106EEA376FF36DEB8ABDEB
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • env /^PAYPAL$/i
Overall confidence: 100%
Detected patterns
  • env /^Modernizr$/i
Overall confidence: 100%
Detected patterns
  • env /^s_(?:account|objectID|code|INST)$/i
Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Page Statistics

22
Requests

91 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

2
IPs

3
Countries

361 kB
Transfer

688 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10
  • https://www.paypalobjects.com/webstatic/i/ex_ce2/scr/scr_gray-bkgd.png HTTP 302
  • https://ak1s.abmr.net/is/www.paypalobjects.com?U=/webstatic/i/ex_ce2/scr/scr_gray-bkgd.png&V=3-b6G8b5NmsjVxTTDZuccXqWCvlFZH%2f6PQkOGsRclT8VKIao460m+gELOEGhbkOj%2fY&I=BC99F9C4092FE23&D=paypalobjects.com&01AD=1& HTTP 302
  • https://www.paypalobjects.com/webstatic/i/ex_ce2/scr/scr_gray-bkgd.png?01AD=3OhqpCoNq_BMN-7ZP3k2EDXnQTHo-TQXq9a57-Gj3wHKaqX3gInbN7g&01RI=BC99F9C4092FE23&01NA=na

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request cy.htm
huspitals.ml/Ppals/ 		25 KB
26 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://huspitals.ml/Ppals/cy.htm
Protocol
HTTP/1.1
Server
104.209.221.91 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Apache /
Resource Hash
c710afe96170cf47ae5eac49f6f69cbe39be80579b7adbad6f8e486a8e844e8e

Request headers

Host
huspitals.ml
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 24 Dec 2018 15:30:36 GMT
Server
Apache
Last-Modified
Fri, 22 Mar 2013 10:49:54 GMT
Accept-Ranges
bytes
Content-Length
26062
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html
3a7fe10706977841840e4e16a475f0.css
www.paypalobjects.com/eboxapps/css/55/ 		87 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/eboxapps/css/55/3a7fe10706977841840e4e16a475f0.css
Requested by
Host: huspitals.ml
URL: http://huspitals.ml/Ppals/cy.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8238549d499c23715725087f4d5a36d2cf6e307a349d03bed87332ea2c22d438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
http://huspitals.ml/Ppals/cy.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 24 Dec 2018 15:30:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 17 Mar 2014 23:40:20 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7776000
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
14236
expires
Sun, 24 Mar 2019 15:30:36 GMT
60bbeafcbc85a0f7883ec53f63ed67.js
www.paypalobjects.com/eboxapps/js/3c/ 		48 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/eboxapps/js/3c/60bbeafcbc85a0f7883ec53f63ed67.js
Requested by
Host: huspitals.ml
URL: http://huspitals.ml/Ppals/cy.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c0232ad683e60dbba1b5909f9ca847fa56f56779c502002ce1d85759ce98f041
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
http://huspitals.ml/Ppals/cy.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 24 Dec 2018 15:30:36 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
last-modified
Thu, 14 Jun 2018 08:51:44 GMT
server
Apache
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=7776000
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-encoding
gzip
content-length
15255
expires
Sun, 24 Mar 2019 15:30:36 GMT
logo_paypal_106x29.png
www.paypalobjects.com/webstatic/i/ex_ce2/logo/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/webstatic/i/ex_ce2/logo/logo_paypal_106x29.png
Requested by
Host: huspitals.ml
URL: http://huspitals.ml/Ppals/cy.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6905e777eb369cbb997b42ec09a2e45406b3d5f525376dd090625e6bfc910395
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
http://huspitals.ml/Ppals/cy.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 24 Dec 2018 15:30:36 GMT
x-content-type-options
nosniff
last-modified
Wed, 30 Apr 2014 15:54:51 GMT
server
Apache
strict-transport-security
max-age=31536000
p3p
CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-type
image/png
content-length
4698
expires
Mon, 24 Dec 2018 15:30:36 GMT
emea-shoppingbags.png
www.paypalobjects.com/webstatic/emea/i/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/webstatic/emea/i/emea-shoppingbags.png
Requested by
Host: huspitals.ml
URL: http://huspitals.ml/Ppals/cy.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1294cdd8fd123c39e49b9a69c03d4b30043395338297d1ff4c0535a39cfb239
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
http://huspitals.ml/Ppals/cy.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 24 Dec 2018 15:30:36 GMT
x-content-type-options
nosniff
last-modified
Tue, 07 Jan 2014 00:24:17 GMT
server
Apache
strict-transport-security
max-age=31536000
p3p
CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-type
image/png
content-length
14359
expires
Mon, 24 Dec 2018 15:30:36 GMT
emea-shoe-sale.png
www.paypalobjects.com/webstatic/emea/i/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/webstatic/emea/i/emea-shoe-sale.png
Requested by
Host: huspitals.ml
URL: http://huspitals.ml/Ppals/cy.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
44394b743f692cfabfeeb2e5e5bfa82eda8b38cd8948f51e420ace08db5d377c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
http://huspitals.ml/Ppals/cy.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 24 Dec 2018 15:30:37 GMT
x-content-type-options
nosniff
last-modified
Tue, 07 Jan 2014 00:24:19 GMT
server
Apache
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
16233
expires
Mon, 24 Dec 2018 15:30:37 GMT
emea-couple.png
www.paypalobjects.com/webstatic/emea/i/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/webstatic/emea/i/emea-couple.png
Requested by
Host: huspitals.ml
URL: http://huspitals.ml/Ppals/cy.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c4539b6d99ff1b7e97943f3dcbb3a1eb45b77b81248455e3c15f374487ddf9eb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
http://huspitals.ml/Ppals/cy.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 24 Dec 2018 15:30:37 GMT
x-content-type-options
nosniff
last-modified
Tue, 07 Jan 2014 00:24:16 GMT
server
Apache
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
14988
expires
Mon, 24 Dec 2018 15:30:37 GMT
6186e50147f85246590133c26ca7e0.js
www.paypalobjects.com/eboxapps/js/b1/ 		203 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/eboxapps/js/b1/6186e50147f85246590133c26ca7e0.js
Requested by
Host: huspitals.ml
URL: http://huspitals.ml/Ppals/cy.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c6cfdb3d12a4d29890050daf3a841b080ff563652d912c088023f1947a5e2951
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
http://huspitals.ml/Ppals/cy.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 24 Dec 2018 15:30:37 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
last-modified
Thu, 31 Jul 2014 05:42:56 GMT
server
Apache
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=7776000
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-encoding
gzip
expires
Sun, 24 Mar 2019 15:30:37 GMT
9cd0103aa4951e13ec7b539f5d2435.js
www.paypalobjects.com/eboxapps/js/7f/ 		40 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/eboxapps/js/7f/9cd0103aa4951e13ec7b539f5d2435.js
Requested by
Host: huspitals.ml
URL: http://huspitals.ml/Ppals/cy.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c7c4e0e59643936db3261d9e3cf073934f1a5e0ff1c2a8d52879289d9caea034
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
http://huspitals.ml/Ppals/cy.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 24 Dec 2018 15:30:36 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
last-modified
Tue, 05 Feb 2013 17:36:21 GMT
server
Apache
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=7776000
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-encoding
gzip
content-length
12083
expires
Sun, 24 Mar 2019 15:30:36 GMT
pp_jscode_080706.js
www.paypalobjects.com/js/site_catalyst/ 		60 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js
Requested by
Host: huspitals.ml
URL: http://huspitals.ml/Ppals/cy.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
18c9428f5ed837e027c6fcf29afe9d1f63a1e1e5b53ee1dc6373cf1cd1ea22aa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
http://huspitals.ml/Ppals/cy.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 24 Dec 2018 15:30:36 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=31536000
content-encoding
gzip
content-length
22880
last-modified
Mon, 15 Oct 2018 07:50:33 GMT
server
Apache
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=7776000
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
expires
Sun, 24 Mar 2019 15:30:36 GMT
pa.js
www.paypalobjects.com/pa/js/ 		34 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/pa/js/pa.js
Requested by
Host: huspitals.ml
URL: http://huspitals.ml/Ppals/cy.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6c7f4c40b3d0a594b08bb341aab45af2a7b6ac1c7906eaa7d2d642d6a5a0e91f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
http://huspitals.ml/Ppals/cy.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 24 Dec 2018 15:30:36 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=31536000
content-encoding
gzip
content-length
11924
last-modified
Sat, 15 Dec 2018 18:52:36 GMT
server
Apache
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
expires
Mon, 24 Dec 2018 16:30:36 GMT
scr_gray-bkgd.png
www.paypalobjects.com/webstatic/i/ex_ce2/scr/
Redirect Chain
  • https://www.paypalobjects.com/webstatic/i/ex_ce2/scr/scr_gray-bkgd.png
  • https://ak1s.abmr.net/is/www.paypalobjects.com?U=/webstatic/i/ex_ce2/scr/scr_gray-bkgd.png&V=3-b6G8b5NmsjVxTTDZuccXqWCvlFZH%2f6PQkOGsRclT8VKIao460m+gELOEGhbkOj%2fY&I=BC99F9C4092FE23&D=paypalobjects...
  • https://www.paypalobjects.com/webstatic/i/ex_ce2/scr/scr_gray-bkgd.png?01AD=3OhqpCoNq_BMN-7ZP3k2EDXnQTHo-TQXq9a57-Gj3wHKaqX3gInbN7g&01RI=BC99F9C4092FE23&01NA=na
2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/webstatic/i/ex_ce2/scr/scr_gray-bkgd.png?01AD=3OhqpCoNq_BMN-7ZP3k2EDXnQTHo-TQXq9a57-Gj3wHKaqX3gInbN7g&01RI=BC99F9C4092FE23&01NA=na
Requested by
Host: huspitals.ml
URL: http://huspitals.ml/Ppals/cy.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8989f902aac638178b44581ddfd4245ea17d61c77c450657bf752083c95c688f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypalobjects.com/eboxapps/css/55/3a7fe10706977841840e4e16a475f0.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 24 Dec 2018 15:30:37 GMT
x-content-type-options
nosniff
last-modified
Tue, 07 Jan 2014 00:36:45 GMT
server
Apache
strict-transport-security
max-age=31536000
p3p
CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-type
image/png
content-length
1706
expires
Mon, 24 Dec 2018 15:30:37 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 24 Dec 2018 15:30:37 GMT
P3P
policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"
Location
https://www.paypalobjects.com/webstatic/i/ex_ce2/scr/scr_gray-bkgd.png?01AD=3OhqpCoNq_BMN-7ZP3k2EDXnQTHo-TQXq9a57-Gj3wHKaqX3gInbN7g&01RI=BC99F9C4092FE23&01NA=na
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
0
Expires
Mon, 24 Dec 2018 15:30:37 GMT
scr_content-bkgd.png
www.paypalobjects.com/webstatic/i/ex_ce2/scr/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/webstatic/i/ex_ce2/scr/scr_content-bkgd.png
Requested by
Host: huspitals.ml
URL: http://huspitals.ml/Ppals/cy.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0de9dc4df795b30e9fa458090c49ab8137e65a7901803c81895cef56ac543d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypalobjects.com/eboxapps/css/55/3a7fe10706977841840e4e16a475f0.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 24 Dec 2018 15:30:37 GMT
x-content-type-options
nosniff
last-modified
Tue, 07 Jan 2014 00:36:46 GMT
server
Apache
strict-transport-security
max-age=31536000
p3p
CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-type
image/png
content-length
2681
expires
Mon, 24 Dec 2018 15:30:37 GMT
sprite_ia.png
www.paypalobjects.com/webstatic/i/ex_ce2/sprite/ 		18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/webstatic/i/ex_ce2/sprite/sprite_ia.png
Requested by
Host: huspitals.ml
URL: http://huspitals.ml/Ppals/cy.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
fb2434a896e3e106be72dbbcb361d048b3e1edc30239ae94113becd33ec4fa39
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypalobjects.com/eboxapps/css/55/3a7fe10706977841840e4e16a475f0.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 24 Dec 2018 15:30:37 GMT
x-content-type-options
nosniff
last-modified
Tue, 07 Jan 2014 00:36:47 GMT
server
Apache
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
18929
expires
Mon, 24 Dec 2018 15:30:37 GMT
homepage-gradient-bottom.png
www.paypalobjects.com/webstatic/mktg/consumer/pages/home/ 		944 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/webstatic/mktg/consumer/pages/home/homepage-gradient-bottom.png
Requested by
Host: huspitals.ml
URL: http://huspitals.ml/Ppals/cy.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ac6d3f82bae1ade3fa1962f2b07d2f75376a6993f18f1af1a60f8fb3e793a090
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypalobjects.com/eboxapps/css/55/3a7fe10706977841840e4e16a475f0.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 24 Dec 2018 15:30:37 GMT
x-content-type-options
nosniff
last-modified
Tue, 07 Jan 2014 00:43:04 GMT
server
Apache
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
944
expires
Mon, 24 Dec 2018 15:30:37 GMT
interior-gradient-top.png
www.paypalobjects.com/webstatic/mktg/consumer/gradients/ 		952 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/webstatic/mktg/consumer/gradients/interior-gradient-top.png
Requested by
Host: huspitals.ml
URL: http://huspitals.ml/Ppals/cy.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
f2c173be6a198adf60868c86f6e093f3b850bef0da34689e981fe218ad2a43a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypalobjects.com/eboxapps/css/55/3a7fe10706977841840e4e16a475f0.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 24 Dec 2018 15:30:37 GMT
x-content-type-options
nosniff
last-modified
Tue, 07 Jan 2014 00:43:12 GMT
server
Apache
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
952
expires
Mon, 24 Dec 2018 15:30:37 GMT
emea-hero-homepage-couple.jpg
www.paypalobjects.com/webstatic/emea/i/ 		96 KB
97 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/webstatic/emea/i/emea-hero-homepage-couple.jpg
Requested by
Host: huspitals.ml
URL: http://huspitals.ml/Ppals/cy.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
edb1b1c07187853ea14d33c745b9fc4eb901a923c6fc1206b76af2c320f1fc49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
http://huspitals.ml/Ppals/cy.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 24 Dec 2018 15:30:37 GMT
x-content-type-options
nosniff
last-modified
Tue, 07 Jan 2014 00:24:17 GMT
server
Apache
strict-transport-security
max-age=31536000
content-type
image/jpeg
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
98332
expires
Mon, 24 Dec 2018 15:30:37 GMT
vertical-gradient-sprite.png
www.paypalobjects.com/webstatic/mktg/consumer/pages/home/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/webstatic/mktg/consumer/pages/home/vertical-gradient-sprite.png
Requested by
Host: huspitals.ml
URL: http://huspitals.ml/Ppals/cy.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
713be2b4e284567cbe1052bf8b5e43b0e4f6cf232b4f0cb429e51c1a748bac22
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypalobjects.com/eboxapps/css/55/3a7fe10706977841840e4e16a475f0.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 24 Dec 2018 15:30:37 GMT
x-content-type-options
nosniff
last-modified
Tue, 07 Jan 2014 00:43:02 GMT
server
Apache
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
1482
expires
Mon, 24 Dec 2018 15:30:37 GMT
homepage-gradient-top.png
www.paypalobjects.com/webstatic/mktg/consumer/pages/home/ 		955 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/webstatic/mktg/consumer/pages/home/homepage-gradient-top.png
Requested by
Host: huspitals.ml
URL: http://huspitals.ml/Ppals/cy.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
bbf40134304a63796fa2b6a75466a19d6e675c205af5cb0c41387def3841bd04
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypalobjects.com/eboxapps/css/55/3a7fe10706977841840e4e16a475f0.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 24 Dec 2018 15:30:37 GMT
x-content-type-options
nosniff
last-modified
Tue, 07 Jan 2014 00:43:02 GMT
server
Apache
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
955
expires
Mon, 24 Dec 2018 15:30:37 GMT
sprite_ia.png
www.paypalobjects.com/webstatic/i/ex_ce2/sprite/ 		18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/webstatic/i/ex_ce2/sprite/sprite_ia.png
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/eboxapps/js/b1/6186e50147f85246590133c26ca7e0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
fb2434a896e3e106be72dbbcb361d048b3e1edc30239ae94113becd33ec4fa39
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypalobjects.com/eboxapps/css/55/3a7fe10706977841840e4e16a475f0.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 24 Dec 2018 15:30:37 GMT
x-content-type-options
nosniff
last-modified
Tue, 07 Jan 2014 00:36:47 GMT
server
Apache
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
18929
expires
Mon, 24 Dec 2018 15:30:37 GMT
icon_feedback.gif
www.paypalobjects.com/webstatic/i/ex_ce2/icon/ 		715 B
929 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/webstatic/i/ex_ce2/icon/icon_feedback.gif
Requested by
Host: huspitals.ml
URL: http://huspitals.ml/Ppals/cy.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0a2da1b9e4aaba875a1785dbe02298c3004da77ac7065a90d340ffdff7d7d52d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
http://huspitals.ml/Ppals/cy.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 24 Dec 2018 15:30:37 GMT
x-content-type-options
nosniff
last-modified
Tue, 07 Jan 2014 00:36:45 GMT
server
Apache
strict-transport-security
max-age=31536000
content-type
image/gif
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
715
expires
Mon, 24 Dec 2018 15:30:37 GMT
ts
t.paypal.com/ 		42 B
687 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://t.paypal.com/ts?v=1.3.3&t=1545665437778&g=0&e=im&pgrp=main%3Amktg%3Apersonal%3A%3Ahome&page=main%3Amktg%3Apersonal%3A%3Ahome%3A%3A%3A&tmpl=home.jsp&pgst=Unknown&lgin=out&calc=ea637c52eb0cc&rsta=en_GB&md5h=7882957e0dbf25d1d81089a7c6f6d7b5&shfp=%7C%7C&usce=%2B&pgtf=Sparta&s=ci&aver=unverified&rstr=unrestricted&pfid=ea637c52eb0cc&bzsr=main&bchn=mktg&pgsf=personal&ccpg=gbr&pgld=Unknown&shir=main_mktg_personal_&view=%7B%22t10%22%3A1136%2C%22t11%22%3A2842%2C%22tcp%22%3A2196%2C%22nt%22%3A%22navigate%22%2C%22ebs%22%3A26062%7D&pt=Pay%20Online%2C%20Transfer%20Money%20or%20Accept%20Card%20Payments%20Online%20-%20PayPal&cd=24&sw=1600&sh=1200&dw=1600&dh=1200&bw=1600&bh=1200&ce=1&teal=EuORsgbXAjDPOVHLV3XEWqYVfMvUcf9Gmn%25252Bdknm%25252BLrGvx36r1zxxXFdg3KVRSGtcjn5TKhwBJcs_13b0d7bbb8b&t1=1135&t1c=1135&t1d=35&t1s=0&t2=96&t3=98&t4d=1467&t4=1494&t4e=27&tt=2791&res=%7B%7D
Protocol
HTTP/1.1
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
akka-http/10.1.5 /
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer
http://huspitals.ml/Ppals/cy.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 24 Dec 2018 15:30:41 GMT
Server
akka-http/10.1.5
P3P
policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
42
Expires
Mon, 24 Dec 2018 15:30:41 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

90 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| antiClickjack undefined| Tracker object| Modernizr string| jsPath string| siteCatalystPageName string| siteCatalystC7 string| siteCatalystAccountNumber string| feedback_link boolean| isPaymentFlow boolean| isSiteRedirect string| languageCode string| countryCode string| serverName string| commentCardCmd string| accountNumber string| miniBrowser string| sitefb_plus_icon string| rLogId string| showSitefbIcon string| _sp string| _rp function| _fC object| PAYPAL function| $ function| jQuery function| DP_jQuery_1545665437123 object| Iconix string| custom_var number| _poE number| _poX number| _sH object| _doc object| _w string| _ht string| _hr number| _tm number| _kp number| _sW undefined| baseurl function| O_LC function| PP_O_LC function| _fPe function| _fPx function| O_GoT function| PP_O_GoT function| Mini_O_GoT function| siteFeedBackImage function| assignSiteCatalystVars function| PayPalURL undefined| url_var undefined| url_var_temp object| paypal_url string| _ht_temp string| _hr_temp string| custom_var_temp undefined| ppbce number| getOpinionLabURL function| OpinionLabOnCloseEvent function| showpopup object| jQuery171017446361089465312 number| trident_verOffset string| sc_code_ver string| s_account object| s function| s_doPlugins string| s_code string| s_objectID function| s_gi function| s_giqf string| s_an function| s_sp function| s_jn function| s_rep function| s_d function| s_fe function| s_fa function| s_ft object| s_c_il number| s_c_in number| s_giq function| scOnload object| fpti string| fptiserverurl object| _ifpti string| readerContent string| j object| s_i_paypal

2 Cookies

Domain/Path Name / Value
.huspitals.ml/ Name: s_sess
Value: %20s_ppv%3D100%3B%20s_cc%3Dtrue%3B%20v31%3Dmain%253Amktg%253Apersonal%253A%253Ahome%3B%20s_sq%3D%3B
.huspitals.ml/ Name: s_pers
Value: %20s_fid%3D4709D89D1522106A-3870789D7BB9E095%7C1608823837707%3B%20gpv_c43%3Dmain%253Amktg%253Apersonal%253A%253Ahome%7C1545667237711%3B%20tr_p1%3Dmain%253Amktg%253Apersonal%253A%253Ahome%7C1545667237714%3B%20gpv_events%3Dno%2520value%7C1545667237716%3B

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ak1s.abmr.net
huspitals.ml
t.paypal.com
www.paypalobjects.com
104.109.71.98
104.209.221.91
2.18.232.222
0a2da1b9e4aaba875a1785dbe02298c3004da77ac7065a90d340ffdff7d7d52d
0de9dc4df795b30e9fa458090c49ab8137e65a7901803c81895cef56ac543d13
18c9428f5ed837e027c6fcf29afe9d1f63a1e1e5b53ee1dc6373cf1cd1ea22aa
44394b743f692cfabfeeb2e5e5bfa82eda8b38cd8948f51e420ace08db5d377c
6905e777eb369cbb997b42ec09a2e45406b3d5f525376dd090625e6bfc910395
6c7f4c40b3d0a594b08bb341aab45af2a7b6ac1c7906eaa7d2d642d6a5a0e91f
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
713be2b4e284567cbe1052bf8b5e43b0e4f6cf232b4f0cb429e51c1a748bac22
8238549d499c23715725087f4d5a36d2cf6e307a349d03bed87332ea2c22d438
8989f902aac638178b44581ddfd4245ea17d61c77c450657bf752083c95c688f
ac6d3f82bae1ade3fa1962f2b07d2f75376a6993f18f1af1a60f8fb3e793a090
b1294cdd8fd123c39e49b9a69c03d4b30043395338297d1ff4c0535a39cfb239
bbf40134304a63796fa2b6a75466a19d6e675c205af5cb0c41387def3841bd04
c0232ad683e60dbba1b5909f9ca847fa56f56779c502002ce1d85759ce98f041
c4539b6d99ff1b7e97943f3dcbb3a1eb45b77b81248455e3c15f374487ddf9eb
c6cfdb3d12a4d29890050daf3a841b080ff563652d912c088023f1947a5e2951
c710afe96170cf47ae5eac49f6f69cbe39be80579b7adbad6f8e486a8e844e8e
c7c4e0e59643936db3261d9e3cf073934f1a5e0ff1c2a8d52879289d9caea034
edb1b1c07187853ea14d33c745b9fc4eb901a923c6fc1206b76af2c320f1fc49
f2c173be6a198adf60868c86f6e093f3b850bef0da34689e981fe218ad2a43a1
fb2434a896e3e106be72dbbcb361d048b3e1edc30239ae94113becd33ec4fa39