paypal.damiettafurniture.com

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 158.69.159.112, located in Montréal, Canada and belongs to OVH, FR. The main domain is paypal.damiettafurniture.com.

This is the only time paypal.damiettafurniture.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
3	158.69.159.112 158.69.159.112	16276 (OVH) (OVH)
3	92.123.92.235 92.123.92.235	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	2

3 158.69.159.112 (Montréal, Canada)

ASN16276 (OVH, FR)
PTR: ip112.ip-158-69-159.net

paypal.damiettafurniture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 92.123.92.235 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a92-123-92-235.deploy.akamaitechnologies.com

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	paypalobjects.com www.paypalobjects.com	22 KB
3	damiettafurniture.com paypal.damiettafurniture.com	121 KB
6	2

	Domain	Requested by
3	www.paypalobjects.com	paypal.damiettafurniture.com
3	paypal.damiettafurniture.com	paypal.damiettafurniture.com
6	2

This site contains no links.

Subject Issuer	Validity	Valid
www.paypalobjects.com Symantec Class 3 EV SSL CA - G3	`2017-07-11` - `2019-09-02`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://paypal.damiettafurniture.com/paypal.com/ID/submit.php
Frame ID: 1277.1
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

6
Requests

50 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

144 kB
Transfer

144 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request submit.php Show response paypal.damiettafurniture.com/paypal.com/ID/	3 KB 3 KB	8383ms 182ms	Document text/html	158.69.159.112 OVH
General Check archive.org Show headers Download Go to Full URL http://paypal.damiettafurniture.com/paypal.com/ID/submit.php Protocol HTTP/1.1 Server 158.69.159.112 Montréal, Canada, ASN16276 (OVH, FR), Reverse DNS ip112.ip-158-69-159.net Software Apache / PHP/5.6.31 Resource Hash `a4caf7e12ad36f7bd6f1feb95bd72e5289d2ba54dd4a0eca7316e8d8a44db809` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Wed, 19 Jul 2017 05:15:31 GMT Server Apache Connection Keep-Alive X-Powered-By PHP/5.6.31 Transfer-Encoding chunked Keep-Alive timeout=5, max=100 Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	app.css paypal.damiettafurniture.com/paypal.com/ID/img/	116 KB 116 KB	102ms 94ms	Stylesheet text/css	158.69.159.112 OVH
General Check archive.org Show headers Download Go to Full URL http://paypal.damiettafurniture.com/paypal.com/ID/img/app.css Requested by Host: paypal.damiettafurniture.com URL: http://paypal.damiettafurniture.com/paypal.com/ID/submit.php Protocol HTTP/1.1 Server 158.69.159.112 Montréal, Canada, ASN16276 (OVH, FR), Reverse DNS ip112.ip-158-69-159.net Software Apache / Resource Hash `07d8ad4cb3a4151f78452da62f1eed6efb7873ebc6431ffcabd90dfeb64908b8` Request headers Referer http://paypal.damiettafurniture.com/paypal.com/ID/submit.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Wed, 19 Jul 2017 05:15:32 GMT Last-Modified Wed, 11 Jun 2014 02:39:18 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 118645
GET H/1.1	200 OK	logo_paypal_106x29.png paypal.damiettafurniture.com/paypal.com/ID/img/	2 KB 2 KB	508ms 94ms	Image image/png	158.69.159.112 OVH
General Check archive.org Show headers Download Go to Show image Full URL http://paypal.damiettafurniture.com/paypal.com/ID/img/logo_paypal_106x29.png Requested by Host: paypal.damiettafurniture.com URL: http://paypal.damiettafurniture.com/paypal.com/ID/submit.php Protocol HTTP/1.1 Server 158.69.159.112 Montréal, Canada, ASN16276 (OVH, FR), Reverse DNS ip112.ip-158-69-159.net Software Apache / Resource Hash `5c048fbf9c37503ddfbc3131ff91818d3f26cb2f1e308d576aae6b5ddb8bffb4` Request headers Referer http://paypal.damiettafurniture.com/paypal.com/ID/submit.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Wed, 19 Jul 2017 05:15:32 GMT Last-Modified Mon, 19 May 2014 02:57:04 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 2354
GET S	200	scr_content-bkgd.png www.paypalobjects.com/webstatic/i/ex_ce2/scr/	3 KB 3 KB	28ms 9ms	Image image/png	92.123.92.235 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www.paypalobjects.com/webstatic/i/ex_ce2/scr/scr_content-bkgd.png Requested by Host: paypal.damiettafurniture.com URL: http://paypal.damiettafurniture.com/paypal.com/ID/submit.php Protocol SPDY Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.123.92.235 , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a92-123-92-235.deploy.akamaitechnologies.com Software Apache / Resource Hash `0de9dc4df795b30e9fa458090c49ab8137e65a7901803c81895cef56ac543d13` Request headers Referer http://paypal.damiettafurniture.com/paypal.com/ID/img/app.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers pragma no-cache date Wed, 19 Jul 2017 05:15:33 GMT last-modified Tue, 07 Jan 2014 00:36:46 GMT server Apache p3p CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI" status 200 cache-control max-age=0, no-cache, no-store accept-ranges bytes content-type image/png content-length 2681 expires Wed, 19 Jul 2017 05:15:33 GMT
GET S	200	interior-gradient-top.png www.paypalobjects.com/webstatic/mktg/consumer/gradients/	952 B 970 B	33ms 14ms	Image image/png	92.123.92.235 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www.paypalobjects.com/webstatic/mktg/consumer/gradients/interior-gradient-top.png Requested by Host: paypal.damiettafurniture.com URL: http://paypal.damiettafurniture.com/paypal.com/ID/submit.php Protocol SPDY Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.123.92.235 , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a92-123-92-235.deploy.akamaitechnologies.com Software Apache / Resource Hash `f2c173be6a198adf60868c86f6e093f3b850bef0da34689e981fe218ad2a43a1` Request headers Referer http://paypal.damiettafurniture.com/paypal.com/ID/img/app.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers pragma no-cache date Wed, 19 Jul 2017 05:15:33 GMT last-modified Tue, 07 Jan 2014 00:43:12 GMT server Apache p3p CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI" status 200 cache-control max-age=0, no-cache, no-store accept-ranges bytes content-type image/png content-length 952 expires Wed, 19 Jul 2017 05:15:33 GMT
GET S	200	scr_Balloon-Background-Landscape.png www.paypalobjects.com/webstatic/i/ex_me2/scr/	19 KB 19 KB	27ms 9ms	Image image/png	92.123.92.235 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www.paypalobjects.com/webstatic/i/ex_me2/scr/scr_Balloon-Background-Landscape.png Requested by Host: paypal.damiettafurniture.com URL: http://paypal.damiettafurniture.com/paypal.com/ID/submit.php Protocol SPDY Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.123.92.235 , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a92-123-92-235.deploy.akamaitechnologies.com Software Apache / Resource Hash `ea22f5a6930eea363d2880429636875aa20d9ab992c4fd44d124ef2ac9a96196` Request headers Referer http://paypal.damiettafurniture.com/paypal.com/ID/img/app.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers pragma no-cache date Wed, 19 Jul 2017 05:15:33 GMT last-modified Tue, 07 Jan 2014 00:36:35 GMT server Apache p3p CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI" status 200 cache-control max-age=0, no-cache, no-store accept-ranges bytes content-type image/png content-length 19298 expires Wed, 19 Jul 2017 05:15:33 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

paypal.damiettafurniture.com
www.paypalobjects.com
158.69.159.112
92.123.92.235
07d8ad4cb3a4151f78452da62f1eed6efb7873ebc6431ffcabd90dfeb64908b8
0de9dc4df795b30e9fa458090c49ab8137e65a7901803c81895cef56ac543d13
5c048fbf9c37503ddfbc3131ff91818d3f26cb2f1e308d576aae6b5ddb8bffb4
a4caf7e12ad36f7bd6f1feb95bd72e5289d2ba54dd4a0eca7316e8d8a44db809
ea22f5a6930eea363d2880429636875aa20d9ab992c4fd44d124ef2ac9a96196
f2c173be6a198adf60868c86f6e093f3b850bef0da34689e981fe218ad2a43a1

paypal.damiettafurniture.com Open in urlscan Pro 158.69.159.112 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

6 Requests

50 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

144 kBTransfer

144 kBSize

0 Cookies

0 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

paypal.damiettafurniture.com Open in urlscan Pro
158.69.159.112 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

50 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

144 kB
Transfer

144 kB
Size

0
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!