web-proxy.io
Open in
urlscan Pro
2606:4700:3035::6812:26ec
Malicious Activity!
Public Scan
Effective URL: https://web-proxy.io/auth/validatecaptcha
Submission Tags: phishing malicious Search All
Submission: On December 09 via api from US
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 2nd 2020. Valid for: a year.
This is the only time web-proxy.io was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 2606:4700:303... 2606:4700:3035::6812:26ec | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
8 | 151.101.114.133 151.101.114.133 | 54113 (FASTLY) (FASTLY) | |
1 | 2a00:1450:400... 2a00:1450:4001:803::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:816::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:802::2004 | 15169 (GOOGLE) (GOOGLE) | |
23 | 5 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
web-proxy.io
web-proxy.io |
43 KB |
8 |
paypalobjects.com
www.paypalobjects.com |
61 KB |
1 |
google.com
www.google.com |
|
1 |
gstatic.com
www.gstatic.com |
131 KB |
1 |
recaptcha.net
www.recaptcha.net |
1 KB |
23 | 5 |
Domain | Requested by | |
---|---|---|
12 | web-proxy.io |
web-proxy.io
|
8 | www.paypalobjects.com |
web-proxy.io
|
1 | www.google.com |
www.gstatic.com
|
1 | www.gstatic.com |
www.recaptcha.net
|
1 | www.recaptcha.net |
web-proxy.io
|
23 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-08-02 - 2021-08-02 |
a year | crt.sh |
www.paypalobjects.com DigiCert SHA2 Extended Validation Server CA |
2019-12-09 - 2021-12-13 |
2 years | crt.sh |
misc.google.com GTS CA 1O1 |
2020-11-03 - 2021-01-26 |
3 months | crt.sh |
*.gstatic.com GTS CA 1O1 |
2020-11-10 - 2021-02-02 |
3 months | crt.sh |
www.google.com GTS CA 1O1 |
2020-11-03 - 2021-01-26 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
https://web-proxy.io/auth/validatecaptcha
Frame ID: A479CFC1B28EAC7A4B04B758A919427A
Requests: 19 HTTP requests in this frame
Frame:
https://web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/recaptcha/recaptcha_v2.html?siteKey=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG&locale.x=en_US&country.x=US&checkConnectionTimeout=5000&reCaptchaEnterpriseEnabled=true
Frame ID: 4437EBC78204ACF782FD032E659B6F7A
Requests: 3 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG&co=aHR0cHM6Ly93ZWItcHJveHkuaW86NDQz&hl=en&v=UFwvoDBMjc8LiYc1DKXiAomK&theme=light&size=normal&cb=e4cifkj07hpa
Frame ID: 1DE47E4E231EC99DE4099AA08B5C1BE0
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://web-proxy.io/proxy/www.paypal.com/ch/signin Page URL
- https://web-proxy.io/auth/validatecaptcha Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://web-proxy.io/proxy/www.paypal.com/ch/signin Page URL
- https://web-proxy.io/auth/validatecaptcha Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
signin
web-proxy.io/proxy/www.paypal.com/ch/ |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pa.js
web-proxy.io/proxy/www.paypalobjects.com/pa/js/ |
49 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ts
web-proxy.io/proxy/https//t.paypal.com/ |
72 B 72 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.css
web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/css/ |
33 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modernizr-2.6.1.js
web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/lib/ |
4 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
authchallenge.js
web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/ |
15 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
require.js
web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/lib/ |
15 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha_v2.html
web-proxy.io/proxy/www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/recaptcha/ Frame 4437 |
7 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
logclientdata
web-proxy.io/auth/ |
158 B 431 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
momgram@2x.png
www.paypalobjects.com/images/shared/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
config.js
www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/ |
1 KB 879 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.js
www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/ |
154 KB 51 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dust-core.js
www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/lib/ |
11 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
authcaptcha.js
www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/view/ |
2 KB 860 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pageView.js
www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/view/ |
962 B 707 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
validation.js
www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/widgets/ |
693 B 697 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
errorDisplay.js
www.paypalobjects.com/web/res/dc9/99e63da7c23f04e84d0e82bce06b5/js/widgets/ |
2 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
enterprise.js
www.recaptcha.net/recaptcha/ Frame 4437 |
1012 B 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__en.js
www.gstatic.com/recaptcha/releases/UFwvoDBMjc8LiYc1DKXiAomK/ Frame 4437 |
335 KB 131 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
anchor
www.google.com/recaptcha/enterprise/ Frame 1DE4 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
logclientdata
web-proxy.io/auth/ |
158 B 380 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
logclientdata
web-proxy.io/auth/ |
158 B 381 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
Primary Request
validatecaptcha
web-proxy.io/auth/ |
160 B 360 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.web-proxy.io/ | Name: __cfduid Value: d9b5200b41bd1e4517a5212589141a2741607473100 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
web-proxy.io
www.google.com
www.gstatic.com
www.paypalobjects.com
www.recaptcha.net
151.101.114.133
2606:4700:3035::6812:26ec
2a00:1450:4001:802::2004
2a00:1450:4001:803::2003
2a00:1450:4001:816::2003
07eaef599b02ebe517d00263e84e98ce0941974c5ed967ebdff56277f7d579d2
14a2806a256579773a3680e21459dea7827d002104c6336856e0bef9a39be0c9
1cfdcde6589c3242279a43730a0fd03009e95333c46b61456e540ecc65c9d9e1
1f758f186455381a56a7c9c67e6d03e155cbe2485fa4404fadc9e8960e525d53
366bae1b916be92a9770fe0e10eb743859678ba144f2527b1366af63cef0d4b1
3a10e94adc4b9facb2258e11abf6e0c992f22e9d773fe61bc0ba5580e0591309
3ab59d6a93eea708acd7de12f0f1a969ee43aec05af9c8233cf8bd8b7ebbb9ac
6119ac6d472ccadd7fb7b2dedc5eaeee89ff479d0a56c090d06d1786f7dd4ee3
7549618e528fd1eccd42defb37f7b18d7330813a4c7214f5b9660f7a6c23032b
7f86a24a10a1eeed3c466d4ef9c2c770cee74a5c7ddb5abe46254fe332b5d2a6
a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44
b3f1bf1d5e25838bcad8535a2b700486644f4ea888e46c77d3e82783cb9da1b4
b5a8625ac074103a36ddef69e1a8ee3a4dcb10df29abe8be9511469bc0d7d479
b9c1fbd8f6b13011e0c3e0e9ca294884f09dc3ec0c305b41f567bf9b088aebbe
c007d73792ac2d25882bfbb573e700e721a0adacfab947e6a0b64a61991fecf0
c6482fe77ac7dc6fc145cc367d9380b3e9ffb592ed39ca6fc560182c33612688
d1a7d216019da8388df7eae074e71b0acfc005ad84409a5ff6c7e0f36ef9eb96
d77ac2a04e151edafd3c999339aaba5b79fee3967621ed5172838d8ef7312528
f054fae6fb3433f5e1f7d3f964156276a85b82298d8b5bdc12aac342124f88be
f977d4284f71bb9418da0e2ced1408b073cd2484cba7fc04a90ff3ee72eab60c