amera7.ml
Open in
urlscan Pro
2606:4700:3034::681c:1877
Malicious Activity!
Public Scan
Submission Tags: phishing malicious Search All
Submission: On September 24 via api from US
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 21st 2020. Valid for: a year.
This is the only time amera7.ml was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 2606:4700:303... 2606:4700:3034::681c:1877 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 104.111.228.123 104.111.228.123 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
2 | 184.24.17.191 184.24.17.191 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 2 | 64.4.245.84 64.4.245.84 | 17012 (PAYPAL) (PAYPAL) | |
1 | 151.101.129.35 151.101.129.35 | 54113 (FASTLY) (FASTLY) | |
12 | 5 |
ASN16625 (AKAMAI-AS, US)
PTR: a104-111-228-123.deploy.static.akamaitechnologies.com
www.paypalobjects.com |
ASN16625 (AKAMAI-AS, US)
PTR: a184-24-17-191.deploy.static.akamaitechnologies.com
c.paypal.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
paypalobjects.com
www.paypalobjects.com |
72 KB |
5 |
paypal.com
1 redirects
c.paypal.com b.stats.paypal.com dub.stats.paypal.com t.paypal.com |
20 KB |
2 |
amera7.ml
amera7.ml |
33 KB |
12 | 3 |
Domain | Requested by | |
---|---|---|
6 | www.paypalobjects.com |
amera7.ml
www.paypalobjects.com |
2 | c.paypal.com |
amera7.ml
c.paypal.com |
2 | amera7.ml |
amera7.ml
|
1 | t.paypal.com | |
1 | dub.stats.paypal.com | |
1 | b.stats.paypal.com | 1 redirects |
12 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-06-21 - 2021-06-21 |
a year | crt.sh |
www.paypal.com DigiCert SHA2 Extended Validation Server CA |
2020-01-09 - 2022-01-12 |
2 years | crt.sh |
c.paypal.com DigiCert SHA2 Extended Validation Server CA |
2020-01-09 - 2022-01-13 |
2 years | crt.sh |
b.stats.paypal.com DigiCert SHA2 High Assurance Server CA |
2020-03-13 - 2022-06-03 |
2 years | crt.sh |
t.paypal.com DigiCert SHA2 High Assurance Server CA |
2020-07-15 - 2022-07-20 |
2 years | crt.sh |
This page contains 3 frames:
Primary Page:
https://amera7.ml/Ahmed/Jordan.php
Frame ID: 0FF85A7C7D0BE2DD96B64BA2832F41F0
Requests: 10 HTTP requests in this frame
Frame:
https://dub.stats.paypal.com/v1/counter2.cgi?r=cD1FQy0yUkg2NzQxMDFFNjE3NTQyRCZpPTM3LjIzOC4xMjQuMzAmdD0xNTUyMzg2NjA0LjQ2NCZhPTIxJnM9VU5JRklFRF9MT0dJTuDVmsFb3HtSK7m9r_hhWMMwrJtY
Frame ID: 705DCD6C44110B21C2ED301286650478
Requests: 1 HTTP requests in this frame
Frame:
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
Frame ID: AB5C7877B2B161237AE6A9EA1D395BB8
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
CloudFlare (CDN) Expand
Detected patterns
- headers server /^cloudflare$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 8- https://b.stats.paypal.com/v1/counter.cgi?r=cD1FQy0yUkg2NzQxMDFFNjE3NTQyRCZpPTM3LjIzOC4xMjQuMzAmdD0xNTUyMzg2NjA0LjQ2NCZhPTIxJnM9VU5JRklFRF9MT0dJTuDVmsFb3HtSK7m9r_hhWMMwrJtY HTTP 302
- https://dub.stats.paypal.com/v1/counter2.cgi?r=cD1FQy0yUkg2NzQxMDFFNjE3NTQyRCZpPTM3LjIzOC4xMjQuMzAmdD0xNTUyMzg2NjA0LjQ2NCZhPTIxJnM9VU5JRklFRF9MT0dJTuDVmsFb3HtSK7m9r_hhWMMwrJtY
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
Jordan.php
amera7.ml/Ahmed/ |
124 KB 32 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
contextualLogin.css
www.paypalobjects.com/web/res/a45/deaee98315db3e6d8ad6a08b776eb/css/ |
78 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-PN-check.png
www.paypalobjects.com/images/shared/ |
1 KB 1 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
glyph_alert_critical_big-2x.png
www.paypalobjects.com/images/shared/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pa.js
www.paypalobjects.com/pa/js/min/ |
46 KB 18 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
paypal-logo-129x32.svg
www.paypalobjects.com/images/shared/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
challenge.js
amera7.ml/auth/createchallenge/7c3a9eab10018a59/ |
2 KB 870 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fb-all-prod.pp2.min.js
c.paypal.com/webstatic/r/fb/ |
58 KB 18 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tealeaf-ul-prod_domcap.min.js
www.paypalobjects.com/web/res/a45/deaee98315db3e6d8ad6a08b776eb/js/lib/ |
110 KB 35 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
counter2.cgi
dub.stats.paypal.com/v1/ Frame 705D Redirect Chain
|
42 B 299 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
i
c.paypal.com/v1/r/d/ Frame AB5C |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ts
t.paypal.com/ |
42 B 638 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)29 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes object| html5 object| Modernizr function| isEligibleIntegration object| antiClickjack object| PAYPAL function| $ object| fpti string| fptiserverurl object| _ifpti object| pako object| TLT function| AjaxRequest string| PP_SERVICE_URL string| BASE_SWF_URL string| BEACON_BASE_URL string| PP_IFRAME_JS_URL string| PP_NEW_SERVICE_URL string| PP_VERSION object| Configuration object| PFB_4732Config object| PFB_4732 object| dataCollector object| fp undefined| runFb function| initTsFb object| jstz function| SwfStore function| SlvtStore1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.amera7.ml/ | Name: __cfduid Value: dd0b80e277893630eab1475d888c062f51600945959 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
amera7.ml
b.stats.paypal.com
c.paypal.com
dub.stats.paypal.com
t.paypal.com
www.paypalobjects.com
104.111.228.123
151.101.129.35
184.24.17.191
2606:4700:3034::681c:1877
64.4.245.84
04748dd9a27ac47177d01a763fd68b4ca09f5b9acb4208149f2de40251d07dd2
073b65f1d0ec72bbe5402e8e463d76f2c1832984060353312262af398e8cda0a
0adaf22e6710cbc950db6526ac09b6c8757ed25e4701196e88cf2f87dca596c7
22027bb7a536c4631d05950c052600da4e4e6b697c0ffee2189da38e05857466
39545c3d6ce63f833f1f86b6eaf9ce071a5ee173ddf3d642b9ec596c0b9fa2c4
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
743269eba97930520fffacfbab90f4468674fd06d329e45e6557d298fd16f2ed
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
b983de83ef078e5d567be19b5724c4e9666b4f1dd4ead74b291b88d920b2a21c
ec9afdaeb9677d1220cb4c098d90c3f8c88724ad164dbb810634f18cb889c1d2