www.66thand2nd.com Open in urlscan Pro
31.11.32.102 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.66thand2nd.com/images/on/modeul.shtml
Effective URL:
https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypal.com/signin/
Submission: On June 05 via automatic, source phishtank (June 5th 2017, 2:10:33 pm UTC)

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 31.11.32.102, located in Arezzo, Italy and belongs to ARUBA-ASN, IT. The main domain is www.66thand2nd.com.
TLS certificate: Issued by Actalis Domain Validation Server CA G1 on June 1st 2017. Valid for: a year.

This is the only time www.66thand2nd.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address		AS Autonomous System
10	31.11.32.102 31.11.32.102		31034 (ARUBA-ASN) (ARUBA-ASN)
11	2

10 31.11.32.102 (Arezzo, Italy)

ASN31034 (ARUBA-ASN, IT)
PTR: websn1s092.aruba.it

www.66thand2nd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	66thand2nd.com www.66thand2nd.com	151 KB
11	1

	Domain	Requested by
10	www.66thand2nd.com	www.66thand2nd.com
11	1

This site contains no links.

Subject Issuer	Validity	Valid
*.66thand2nd.com Actalis Domain Validation Server CA G1	`2017-06-01` - `2018-06-01`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypal.com/signin/
Frame ID: 21309.1
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.66thand2nd.com/images/on/modeul.shtml Page URL
https://www.66thand2nd.com/images/on/Notice-ca/ Page URL
https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/ Page URL
https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.payp... Page URL

Page Statistics

11
Requests

91 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

151 kB
Transfer

628 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.66thand2nd.com/images/on/modeul.shtml Page URL
https://www.66thand2nd.com/images/on/Notice-ca/ Page URL
https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/ Page URL
https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypal.com/signin/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request 3

https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554
https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	modeul.shtml Show response www.66thand2nd.com/images/on/	94 B 94 B	180ms 42ms	Document text/html	31.11.32.102 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL https://www.66thand2nd.com/images/on/modeul.shtml Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 31.11.32.102 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS websn1s092.aruba.it Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `dec683ed1ae0e3742f12e1fc80e26b7f3a2883f041b5e520f7d843e5c73e3e0e` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch, br Host www.66thand2nd.com Accept-Language en-US,en;q=0.8 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Cache-Control no-cache Connection keep-alive Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers Date Mon, 05 Jun 2017 14:10:22 GMT ETag "9b1a69ffe3dcd21:0" Last-Modified Sun, 04 Jun 2017 03:38:14 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET Content-Length 94 Content-Type text/html
GET H/1.1	200 OK	/ Show response www.66thand2nd.com/images/on/Notice-ca/	166 B 166 B	43ms 42ms	Document text/html	31.11.32.102 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL https://www.66thand2nd.com/images/on/Notice-ca/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 31.11.32.102 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS websn1s092.aruba.it Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `c554c436de11aae95fbff8d1545990e08025b2516b7c7754a0dada127886b4e5` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch, br Host www.66thand2nd.com Accept-Language en-US,en;q=0.8 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Referer https://www.66thand2nd.com/images/on/modeul.shtml Connection keep-alive Cache-Control no-cache Upgrade-Insecure-Requests 1 Referer https://www.66thand2nd.com/images/on/modeul.shtml User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers Date Mon, 05 Jun 2017 14:10:22 GMT Last-Modified Sun, 04 Jun 2017 03:35:36 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "ecb226a1e3dcd21:0" Content-Type text/html Accept-Ranges bytes Content-Length 166
GET		favicon.ico www.66thand2nd.com/	0 0

GET H/1.1	200 OK	/ Show response www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/ Redirect Chain https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554 https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/	70 B 70 B	59ms 59ms	Document text/html	31.11.32.102 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 31.11.32.102 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS websn1s092.aruba.it Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `631560d0b6be58d9d42c640483964cef0d5f30d5a8e10156d58d5a5cbcc7e8f0` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch, br Host www.66thand2nd.com Accept-Language en-US,en;q=0.8 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Referer https://www.66thand2nd.com/images/on/Notice-ca/ Connection keep-alive Cache-Control no-cache Referer https://www.66thand2nd.com/images/on/Notice-ca/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers Date Mon, 05 Jun 2017 14:10:22 GMT Last-Modified Mon, 05 Jun 2017 14:10:23 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag W/"d647795ded21:0" Content-Type text/html Accept-Ranges bytes Content-Length 70 Redirect headers Location https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/ Date Mon, 05 Jun 2017 14:10:22 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET Content-Length 218 Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	favicon.ico www.66thand2nd.com/	1 KB 1 KB	81ms 48ms	Other image/x-icon	31.11.32.102 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL https://www.66thand2nd.com/favicon.ico Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 31.11.32.102 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS websn1s092.aruba.it Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `c8f8730e03ab4e5c62bdb834d88331bf019919b82241ef9e1bd49d6da7a62ac6` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch, br Host www.66thand2nd.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* https://www.66thand2nd.com/images/on/Notice-ca/ Connection keep-alive Cache-Control no-cache Referer https://www.66thand2nd.com/images/on/Notice-ca/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers Date Mon, 05 Jun 2017 14:10:22 GMT Last-Modified Thu, 16 May 2013 16:21:45 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "ce379d755152ce1:0" Content-Type image/x-icon Accept-Ranges bytes Content-Length 1150
GET H/1.1	200 OK	Primary Request / Show response www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypal.com/signin/ Redirect Chain https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypal.com/signin https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypal.com/signin/	5 KB 2 KB	59ms 59ms	Document text/html	31.11.32.102 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypal.com/signin/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 31.11.32.102 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS websn1s092.aruba.it Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `58ce7d3f5845cd14f04220fef8030a325a68b4bee2926eff1f4ca7d25e0369b5` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch, br Host www.66thand2nd.com Accept-Language en-US,en;q=0.8 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Referer https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/ Connection keep-alive Cache-Control no-cache Referer https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers Date Mon, 05 Jun 2017 14:10:22 GMT Content-Encoding gzip Last-Modified Mon, 05 Jun 2017 14:10:23 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag W/"80f1cb785ded21:0" Vary Accept-Encoding Content-Type text/html Accept-Ranges bytes Content-Length 1800 Redirect headers Location https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypal.com/signin/ Date Mon, 05 Jun 2017 14:10:22 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET Content-Length 240 Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	app.css www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypalobjects.com/web/res/831/b96ba40cafd390153f00902783ddb/css/	48 KB 8 KB	78ms 77ms	Stylesheet text/css	31.11.32.102 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypalobjects.com/web/res/831/b96ba40cafd390153f00902783ddb/css/app.css Requested by Host: www.66thand2nd.com URL: https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypal.com/signin/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 31.11.32.102 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS websn1s092.aruba.it Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `cb1d10887769093a7e35298ad4f294babc743bf1adb722d8b76238f45b9c01b5` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch, br Host www.66thand2nd.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept text/css,/;q=0.1 Referer https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypal.com/signin/ Connection keep-alive Cache-Control no-cache Referer https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypal.com/signin/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers Date Mon, 05 Jun 2017 14:10:22 GMT Content-Encoding gzip Last-Modified Mon, 05 Jun 2017 14:10:23 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag W/"80f1cb785ded21:0" Vary Accept-Encoding Content-Type text/css Accept-Ranges bytes Content-Length 8020
GET H/1.1	200 OK	require.js Show response www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypalobjects.com/web/res/831/b96ba40cafd390153f00902783ddb/js/lib/	15 KB 6 KB	62ms 61ms	Script application/javascript	31.11.32.102 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypalobjects.com/web/res/831/b96ba40cafd390153f00902783ddb/js/lib/require.js Requested by Host: www.66thand2nd.com URL: https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypal.com/signin/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 31.11.32.102 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS websn1s092.aruba.it Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `d500329cde0de6ca976d3a879b71814eb85595ac7b0f8ce651bb8798e2278daa` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch, br Host www.66thand2nd.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept / Referer https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypal.com/signin/ Connection keep-alive Cache-Control no-cache Referer https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypal.com/signin/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers Date Mon, 05 Jun 2017 14:10:22 GMT Content-Encoding gzip Last-Modified Mon, 05 Jun 2017 14:10:23 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag W/"80f1cb785ded21:0" Vary Accept-Encoding Content-Type application/javascript Accept-Ranges bytes Content-Length 6060
GET H/1.1	200 OK	app.js Show response www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypalobjects.com/web/res/831/b96ba40cafd390153f00902783ddb/js/	488 KB 103 KB	234ms 233ms	Script application/javascript	31.11.32.102 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypalobjects.com/web/res/831/b96ba40cafd390153f00902783ddb/js/app.js Requested by Host: www.66thand2nd.com URL: https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypal.com/signin/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 31.11.32.102 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS websn1s092.aruba.it Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `ba55793e12445e3cf3545d98a980a1f23b3ffaac40b294f1f6833a02af654b3a` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch, br Host www.66thand2nd.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept / Referer https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypal.com/signin/ Connection keep-alive Cache-Control no-cache Referer https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypal.com/signin/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers Date Mon, 05 Jun 2017 14:10:23 GMT Content-Encoding gzip Last-Modified Mon, 05 Jun 2017 14:10:23 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag W/"80f1cb785ded21:0" Vary Accept-Encoding Content-Type application/javascript Accept-Ranges bytes Content-Length 105730
GET H/1.1	200 OK	pp_jscode_080706.js Show response www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypalobjects.com/js/site_catalyst/	61 KB 23 KB	171ms 108ms	Script application/javascript	31.11.32.102 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js Requested by Host: www.66thand2nd.com URL: https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypal.com/signin/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 31.11.32.102 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS websn1s092.aruba.it Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `754b12f0ecfc8d0df4511bc0ce634d222d627b947cfc0312bef56325e71c5b99` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch, br Host www.66thand2nd.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept / Referer https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypal.com/signin/ Connection keep-alive Cache-Control no-cache Referer https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypal.com/signin/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers Date Mon, 05 Jun 2017 14:10:23 GMT Content-Encoding gzip Last-Modified Mon, 05 Jun 2017 14:10:23 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag W/"80f1cb785ded21:0" Vary Accept-Encoding Content-Type application/javascript Accept-Ranges bytes Content-Length 23300
GET H/1.1	200 OK	paypal-logo-129x32.jpg www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypalobjects.com/images/shared/	8 KB 8 KB	45ms 45ms	Image image/jpeg	31.11.32.102 ARUBA-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypalobjects.com/images/shared/paypal-logo-129x32.jpg Requested by Host: www.66thand2nd.com URL: https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypal.com/signin/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 31.11.32.102 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS websn1s092.aruba.it Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `cbb44243c44c9e21a4e32fb8d3b07f30efd4bc8462dce18ed7f2c88b3df081c0` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch, br Host www.66thand2nd.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypalobjects.com/web/res/831/b96ba40cafd390153f00902783ddb/css/app.css Connection keep-alive Cache-Control no-cache Referer https://www.66thand2nd.com/images/on/Notice-ca/NoticeOfPolicy/6c317f4390d36344d3515fbdd9fef554/www.paypalobjects.com/web/res/831/b96ba40cafd390153f00902783ddb/css/app.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers Date Mon, 05 Jun 2017 14:10:23 GMT Last-Modified Mon, 05 Jun 2017 14:10:23 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag W/"228be795ded21:0" Content-Type image/jpeg Accept-Ranges bytes Content-Length 8025

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.66thand2nd.com
URL: https://www.66thand2nd.com/favicon.ico

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.66thand2nd.com/	1970-01-01 00:00:00	Name: s_sess Value: %20s_ppv%3D100%3B

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.66thand2nd.com
www.66thand2nd.com
31.11.32.102
58ce7d3f5845cd14f04220fef8030a325a68b4bee2926eff1f4ca7d25e0369b5
631560d0b6be58d9d42c640483964cef0d5f30d5a8e10156d58d5a5cbcc7e8f0
754b12f0ecfc8d0df4511bc0ce634d222d627b947cfc0312bef56325e71c5b99
ba55793e12445e3cf3545d98a980a1f23b3ffaac40b294f1f6833a02af654b3a
c554c436de11aae95fbff8d1545990e08025b2516b7c7754a0dada127886b4e5
c8f8730e03ab4e5c62bdb834d88331bf019919b82241ef9e1bd49d6da7a62ac6
cb1d10887769093a7e35298ad4f294babc743bf1adb722d8b76238f45b9c01b5
cbb44243c44c9e21a4e32fb8d3b07f30efd4bc8462dce18ed7f2c88b3df081c0
d500329cde0de6ca976d3a879b71814eb85595ac7b0f8ce651bb8798e2278daa
dec683ed1ae0e3742f12e1fc80e26b7f3a2883f041b5e520f7d843e5c73e3e0e

www.66thand2nd.com Open in urlscan Pro 31.11.32.102 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

11 Requests

91 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

151 kBTransfer

628 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Indicators

www.66thand2nd.com Open in urlscan Pro
31.11.32.102 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

91 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

151 kB
Transfer

628 kB
Size

1
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!