paypal-assistances.com
Open in
urlscan Pro
163.5.112.7
Malicious Activity!
Public Scan
Effective URL: http://paypal-assistances.com/email.html
Submission: On April 09 via api from US — Scanned from FR
Summary
This is the only time paypal-assistances.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 163.5.112.7 163.5.112.7 | 399486 (VIRTUO) (VIRTUO) | |
9 | 192.229.221.25 192.229.221.25 | 15133 (EDGECAST) (EDGECAST) | |
10 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 2681 |
91 KB |
2 |
paypal-assistances.com
1 redirects
paypal-assistances.com |
8 KB |
10 | 2 |
Domain | Requested by | |
---|---|---|
9 | www.paypalobjects.com |
paypal-assistances.com
www.paypalobjects.com |
2 | paypal-assistances.com | 1 redirects |
10 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.paypal.com DigiCert SHA2 Extended Validation Server CA |
2023-10-12 - 2024-10-31 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
http://paypal-assistances.com/email.html
Frame ID: 1471B8D42322C8A5CF3C45FB425EE8B3
Requests: 9 HTTP requests in this frame
Frame:
https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.html
Frame ID: B82628F62B65A590D5FB8278A44D9F74
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Accedi al tuo conto PayPalPage URL History Show full URLs
-
http://paypal-assistances.com/
HTTP 307
https://paypal-assistances.com/ HTTP 307
http://paypal-assistances.com/ HTTP 302
http://paypal-assistances.com/email.html Page URL
Detected technologies
PayPal (Payment Processors) ExpandDetected patterns
- paypalobjects\.com
Modernizr (JavaScript Libraries) Expand
Detected patterns
- ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://paypal-assistances.com/
HTTP 307
https://paypal-assistances.com/ HTTP 307
http://paypal-assistances.com/ HTTP 302
http://paypal-assistances.com/email.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
email.html
paypal-assistances.com/ Redirect Chain
|
27 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ngrlCaptcha.min.js
www.paypalobjects.com/webcaptcha/ |
23 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
contextualLoginElementalUIv4.css
www.paypalobjects.com/web/res/4be/6b43cc6927f79aa546788a3a0f5e3/css/ |
152 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modernizr-2.6.1.js
www.paypalobjects.com/web/res/4be/6b43cc6927f79aa546788a3a0f5e3/js/lib/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
grcenterprise_v3_static.js
www.paypalobjects.com/webcaptcha/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
paypal-mark-color.svg
www.paypalobjects.com/paypal-ui/logos/svg/ |
1 KB 705 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalOpen-Regular.woff2
www.paypalobjects.com/paypal-ui/fonts/ |
27 KB 27 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalOpen-Bold.woff2
www.paypalobjects.com/paypal-ui/fonts/ |
26 KB 26 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
grcenterprise_v3_static.html
www.paypalobjects.com/webcaptcha/ Frame B826 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pp_favicon_x.ico
www.paypalobjects.com/en_US/i/icon/ |
5 KB 2 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 boolean| paypalADSInterceptorInjected object| html5 object| Modernizr function| isEligibleIntegration object| antiClickjack function| init function| setStyle function| resizeWidget function| getListenerSearchKey function| getTargetOrigin function| renderGRCV3Enterprise function| recaptchaClientLogPostData0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
paypal-assistances.com
www.paypalobjects.com
163.5.112.7
192.229.221.25
0ec34b2c64cf8ac9e34f0ab429c9b2909b504c4c4ffc9a550a4a39771d410ec8
0f1e9dffddfaa7350df2a4e605c5923f938b30bd34e0c10ca7acfa1850bcab25
1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
75c159c9974a7207171cf1f4ed302f91f90ae95233fdd64e994fd66ada89ab20
9ae7b95f034d76b21aaf8fcc0cdd39f4ba7ba59dd9751348a32c7e5cfdfdb6df
9ed6dcb699f10e85624a4579731f929b5d8b91f0c73b9fc01b8893021c83f4a0
a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44
a9f014aa871c2c5576ef1ecc7f3f7b7885f19c2faec9d9537e5f69439c7c3457
f9035e34f5734e89ddb03b601b1c0fd58323a93f176c5c7e220d7aa7a2062ed5