paypal.com.confirm-information.co.technology

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 5 HTTP transactions. The main IP is 104.250.159.146, located in Los Angeles, United States and belongs to GORILLASERVERS - GorillaServers, Inc., US. The main domain is paypal.com.confirm-information.co.technology.

This is the only time paypal.com.confirm-information.co.technology was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
2 6	104.250.159.146 104.250.159.146	53850 (GORILLASE...) (GORILLASERVERS - GorillaServers)
1	203.143.20.8 203.143.20.8	5087 (LANKA-COM...) (LANKA-COM Lanka Communication Services)
5	2

6 104.250.159.146 (Los Angeles, United States) 2 redirects

ASN53850 (GORILLASERVERS - GorillaServers, Inc., US)
PTR: forever002.mysecureservers.com

paypal.com.confirm-information.co.technology	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 203.143.20.8 (Colombo, Sri Lanka)

ASN5087 (LANKA-COM Lanka Communication Services, LK)
PTR: phoenix.lankacom.net

css.transconpackaging.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	co.technology 2 redirects paypal.com.confirm-information.co.technology	115 KB
1	transconpackaging.com css.transconpackaging.com
5	2

	Domain	Requested by
6	paypal.com.confirm-information.co.technology	2 redirects paypal.com.confirm-information.co.technology
1	css.transconpackaging.com	paypal.com.confirm-information.co.technology
5	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c/
Frame ID: 1EB49895E7505E8405C9A87285B8D4B9
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://paypal.com.confirm-information.co.technology/ HTTP 302
http://paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c HTTP 301
http://paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c/ Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

5
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

114 kB
Transfer

113 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://paypal.com.confirm-information.co.technology/ HTTP 302
http://paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c HTTP 301
http://paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c/ Redirect Chain http://paypal.com.confirm-information.co.technology/ http://paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c http://paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c/	9 KB 9 KB	211ms 211ms	Document text/html	104.250.159.146 GorillaServers
General Check archive.org Show headers Download Go to Full URL http://paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c/ Protocol HTTP/1.1 Server 104.250.159.146 Los Angeles, United States, ASN53850 (GORILLASERVERS - GorillaServers, Inc., US), Reverse DNS forever002.mysecureservers.com Software Apache / Resource Hash `b80e5b896add9ba1b31ea9d9b24c418c3f507abf6cb3c259220174cd9f8c221e` Request headers Host paypal.com.confirm-information.co.technology Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 1EB49895E7505E8405C9A87285B8D4B9 Response headers Date Wed, 01 Aug 2018 19:08:21 GMT Server Apache Keep-Alive timeout=5, max=98 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Redirect headers Date Wed, 01 Aug 2018 19:08:20 GMT Server Apache Location http://paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c/ Content-Length 293 Keep-Alive timeout=5, max=99 Connection Keep-Alive Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	login.css paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c/style/css/	15 KB 15 KB	169ms 168ms	Stylesheet text/css	104.250.159.146 GorillaServers
General Check archive.org Show headers Download Go to Full URL http://paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c/style/css/login.css Requested by Host: paypal.com.confirm-information.co.technology URL: http://paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c/ Protocol HTTP/1.1 Server 104.250.159.146 Los Angeles, United States, ASN53850 (GORILLASERVERS - GorillaServers, Inc., US), Reverse DNS forever002.mysecureservers.com Software Apache / Resource Hash `5b192c406e84597ceff06e53e8add3e5bd14634656bee8b488f04629fd2f18fa` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host paypal.com.confirm-information.co.technology User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c/ Connection keep-alive Cache-Control no-cache Referer http://paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 01 Aug 2018 19:08:21 GMT Last-Modified Wed, 01 Aug 2018 19:08:20 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 15128
GET H/1.1	200 OK	jquery.min.js Show response paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c/style/js/	85 KB 85 KB	171ms 171ms	Script application/javascript	104.250.159.146 GorillaServers
General Check archive.org Show headers Download Go to Full URL http://paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c/style/js/jquery.min.js Requested by Host: paypal.com.confirm-information.co.technology URL: http://paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c/ Protocol HTTP/1.1 Server 104.250.159.146 Los Angeles, United States, ASN53850 (GORILLASERVERS - GorillaServers, Inc., US), Reverse DNS forever002.mysecureservers.com Software Apache / Resource Hash `d3a518dea876de39f9e5dc1ffcdeb6c661aee25d8a62474386b664ef3bf1b40f` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host paypal.com.confirm-information.co.technology User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c/ Connection keep-alive Cache-Control no-cache Referer http://paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 01 Aug 2018 19:08:21 GMT Last-Modified Wed, 01 Aug 2018 19:08:20 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 86661
GET H/1.1	404 Not Found	style.css css.transconpackaging.com/	0 0	715ms 215ms	Stylesheet text/html	203.143.20.8 LANKA-COM Lanka C...
General Check archive.org Show headers Download Go to Full URL http://css.transconpackaging.com/style.css Requested by Host: paypal.com.confirm-information.co.technology URL: http://paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c/ Protocol HTTP/1.1 Server 203.143.20.8 Colombo, Sri Lanka, ASN5087 (LANKA-COM Lanka Communication Services, LK), Reverse DNS phoenix.lankacom.net Software / Resource Hash Request headers Referer http://paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Content-Type text/html
GET H/1.1	200 OK	logo-129x32.svg paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c/style/img/	5 KB 5 KB	202ms 202ms	Image image/svg+xml	104.250.159.146 GorillaServers
General Check archive.org Show headers Download Go to Show image Full URL http://paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c/style/img/logo-129x32.svg Requested by Host: paypal.com.confirm-information.co.technology URL: http://paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c/ Protocol HTTP/1.1 Server 104.250.159.146 Los Angeles, United States, ASN53850 (GORILLASERVERS - GorillaServers, Inc., US), Reverse DNS forever002.mysecureservers.com Software Apache / Resource Hash `b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host paypal.com.confirm-information.co.technology User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c/style/css/login.css Connection keep-alive Cache-Control no-cache Referer http://paypal.com.confirm-information.co.technology/2f9f2d32346a295fda6dd64aa5a4942c/style/css/login.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 01 Aug 2018 19:08:22 GMT Last-Modified Wed, 01 Aug 2018 19:08:20 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 4945

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| validatePayForm

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

css.transconpackaging.com
paypal.com.confirm-information.co.technology
104.250.159.146
203.143.20.8
5b192c406e84597ceff06e53e8add3e5bd14634656bee8b488f04629fd2f18fa
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
b80e5b896add9ba1b31ea9d9b24c418c3f507abf6cb3c259220174cd9f8c221e
d3a518dea876de39f9e5dc1ffcdeb6c661aee25d8a62474386b664ef3bf1b40f

paypal.com.confirm-information.co.technology Open in urlscan Pro 104.250.159.146 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

5 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

114 kBTransfer

113 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Indicators

paypal.com.confirm-information.co.technology Open in urlscan Pro
104.250.159.146 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

114 kB
Transfer

113 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!