paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com
Open in
urlscan Pro
63.247.87.2
Malicious Activity!
Public Scan
Submission: On May 29 via automatic, source openphish
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 20th 2018. Valid for: 3 months.
This is the only time paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
20 | 63.247.87.2 63.247.87.2 | 3595 (GNAXNET-AS) (GNAXNET-AS - Global Net Access) | |
1 | 2.18.233.20 2.18.233.20 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
21 | 2 |
ASN3595 (GNAXNET-AS - Global Net Access, LLC, US)
PTR: ns7.waveservice.com
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-20.deploy.static.akamaitechnologies.com
www.paypalobjects.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
20 |
ok-dui.com
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com |
1 MB |
1 |
paypalobjects.com
www.paypalobjects.com |
2 KB |
21 | 2 |
Domain | Requested by | |
---|---|---|
20 | paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com |
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com
|
1 | www.paypalobjects.com |
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com
|
21 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com cPanel, Inc. Certification Authority |
2018-05-20 - 2018-08-18 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com/7ed090c4f80add1e83e3e70df8278c03/
Frame ID: 91188F86D5C7A825814FFA7A719A79A5
Requests: 21 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
PayPal (Payment Processors) Expand
Detected patterns
- env /^PAYPAL$/i
RequireJS (JavaScript Frameworks) Expand
Detected patterns
- env /^requirejs$/i
Modernizr (JavaScript Libraries) Expand
Detected patterns
- env /^Modernizr$/i
SiteCatalyst (Analytics) Expand
Detected patterns
- env /^s_(?:account|objectID|code|INST)$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com/7ed090c4f80add1e83e3e70df8278c03/ |
43 KB 44 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tabs.css
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com/7ed090c4f80add1e83e3e70df8278c03/Files/ |
4 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
b12f805d36df7aca13bbc605721ca3a32f60e2.css
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com/7ed090c4f80add1e83e3e70df8278c03/Files/ |
124 KB 124 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bcb7c8e6582ef64aa6f074d24ee20b9e8b4740.css
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com/7ed090c4f80add1e83e3e70df8278c03/Files/ |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
04dfb545c84dd4d9a77ca0ca185a4c8824ce31.css
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com/7ed090c4f80add1e83e3e70df8278c03/Files/ |
24 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
f5548e5cfa43a3f52574a061e4fe89f59ae5bd.js
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com/7ed090c4f80add1e83e3e70df8278c03/Files/ |
9 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com/7ed090c4f80add1e83e3e70df8278c03/Files/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
em.gif
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com/7ed090c4f80add1e83e3e70df8278c03/Files/ |
722 B 927 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ps.gif
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com/7ed090c4f80add1e83e3e70df8278c03/Files/ |
739 B 944 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ico.png
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com/7ed090c4f80add1e83e3e70df8278c03/Files/ |
9 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cvw.png
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com/7ed090c4f80add1e83e3e70df8278c03/Files/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
79a5b471d548a27870ff6ef437351b5425ca20.js
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com/7ed090c4f80add1e83e3e70df8278c03/Files/ |
338 KB 338 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
af4fc98945d23c69f7d1da8d75a5fc2f4b31b9.js
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com/7ed090c4f80add1e83e3e70df8278c03/Files/ |
26 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pp_jscode_080706.js
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com/7ed090c4f80add1e83e3e70df8278c03/Files/ |
60 KB 61 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pa.js
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com/7ed090c4f80add1e83e3e70df8278c03/Files/ |
64 KB 64 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bl-bg.jpg
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com/7ed090c4f80add1e83e3e70df8278c03/Files/ |
36 KB 36 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pixel
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com/7ed090c4f80add1e83e3e70df8278c03/Files/ |
43 B 222 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
saved_resource
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com/7ed090c4f80add1e83e3e70df8278c03/Files/ |
42 B 221 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hero-bg.jpg
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com/7ed090c4f80add1e83e3e70df8278c03/Files/ |
378 KB 378 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
hamburger2x.png
www.paypalobjects.com/webstatic/mktg/2014design/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com/7ed090c4f80add1e83e3e70df8278c03/ |
43 KB 44 KB |
Media
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)32 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| html5 object| Modernizr function| numbersonly function| requirejs function| require function| define function| opinionLabFn function| onlineOpinionPopupFn function| $ function| jQuery object| PAYPAL string| sc_code_ver string| s_account object| s function| s_doPlugins string| s_code undefined| s_objectID function| s_gi function| s_giqf string| s_an function| s_sp function| s_jn function| s_rep function| s_d function| s_fe function| s_fa function| s_ft object| s_c_il number| s_c_in number| s_giq object| fpti string| fptiserverurl1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.ok-dui.com/ | Name: s_sess Value: %20s_ppv%3D93%3B |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
paypal.com.ma.cgi.bin.webscr.cmd.flow.session.ok-dui.com
www.paypalobjects.com
2.18.233.20
63.247.87.2
1b57c16ff28f078db409481269c16a2ca9e83df8a23675f7c7f1f2d02ae887ff
263ba1f3c94118c3aa89ed118950ecc0afb0845918dd90faf652b2a71e03e56b
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3e5e7ada07b81c61389cce569f5e54c9dec0fccf9fec0f7b25f5947bac1ecbcc
54bd5c318bbe7054546c25210272518082a2ae7edfb77645b2003f0270221cf4
5dd0d891e6d465dc79fa2d827d1d6247cb9781fac311e8709843fd8f4ec214de
765e1b59fe3e91ee528b5695c7a315605213d44c55166f180a13ecbab238437b
8eef803bf969709e14bcd8741cf45e92cc62c801474051cf87eb3214f02250ad
962d823ed5962c92421a07afbea9b4d6ef0d051cbc5b4f2f08cd3d7b6f7e96b6
b206a1f5d9f445e1b1fd58422115079d5e75704af26f40fb382bcea340ce9f55
cae59178f280cc223d940c90a75e16e0f54d1dde68e7a780d6d79b5e3871b1d6
cb6103c84c25d8d36b84f87f6fe4f455f239816de06499f4f9abf934fdd9a6d2
daec57af71befd70375562699883d6f1091069d3fc098f7142396857e6ddf95c
e453303444d7b6754f9607fa73afc3edcb15239eca8f82c241973ba4feedc138
e7f72a19cdcd2d67ec593df5362a4005ae5bd6748eafc62cd358029d67dd1381
ee774bff0f846d61bce0be28114dc65bcd60e21ebd6f26d307403dac66ae272e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f7bb35a324bb22a308ab0044bf3628736a7dd32ea315c34eb4ff08ed42afb7ff
f8cb9fc15b87485873b111d0b5ec268cdf731099e9ff82be12b406571a24282c
faf4c8712af4b102b27567633380974e9b011f68bf58f4201222c84fd7e582bd