www.vipprofessional.net
Open in
urlscan Pro
51.75.242.37
Malicious Activity!
Public Scan
Submission Tags: phishing malicious Search All
Submission: On January 15 via api from US — Scanned from FR
Summary
This is the only time www.vipprofessional.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial) Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 51.75.242.37 51.75.242.37 | 16276 (OVH) (OVH) | |
1 | 2606:4700::68... 2606:4700::6810:125e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 151.101.2.133 151.101.2.133 | 54113 (FASTLY) (FASTLY) | |
9 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
vipprofessional.net
www.vipprofessional.net |
433 KB |
1 |
paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 1452 |
2 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 202 |
64 KB |
9 | 3 |
Domain | Requested by | |
---|---|---|
7 | www.vipprofessional.net |
www.vipprofessional.net
|
1 | www.paypalobjects.com |
www.vipprofessional.net
|
1 | cdnjs.cloudflare.com |
www.vipprofessional.net
|
9 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.paypal.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-09-21 - 2022-09-20 |
a year | crt.sh |
www.paypal.com DigiCert SHA2 Extended Validation Server CA |
2021-11-02 - 2022-03-15 |
4 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://www.vipprofessional.net/us/signin/signin.php?country.x=de&locale.x=de_de&safeauth-v=+e1sr6e_439u2o9w7rpgao1b5ri6oger3b7bsfrre
Frame ID: B95EF349078DC683026554A944E48892
Requests: 9 HTTP requests in this frame
Screenshot
Page Title
Log in to your PayPaI accountDetected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
PayPal (Payment Processors) Expand
Detected patterns
- paypalobjects\.com
RequireJS (JavaScript Frameworks) Expand
Detected patterns
- require.*\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
signin.php
www.vipprofessional.net/us/signin/ |
3 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.css
www.vipprofessional.net/us/signin/lib/ |
38 KB 38 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.1.0/ |
258 KB 64 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
crypt.js
www.vipprofessional.net/us/signin/js/ |
20 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
signin.js
www.vipprofessional.net/us/signin/lib/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
require.js
www.vipprofessional.net/us/signin/lib/ |
15 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app_.js
www.vipprofessional.net/us/signin/lib/ |
288 KB 289 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pa.js
www.vipprofessional.net/us/signin/lib/ |
66 KB 67 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
paypal-logo-129x32.svg
www.paypalobjects.com/images/shared/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial) Generic (Online)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onsecuritypolicyviolation object| onslotchange function| $ function| jQuery object| Aes object| Base64 object| Utf8 object| _0xce15 function| require function| requirejs function| define function| getGlobal object| dust function| extend function| _ object| Backbone object| PAYPAL object| fpti string| fptiserverurl object| jQuery1800416660876312765271 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.vipprofessional.net/ | Name: PHPSESSID Value: f8j62141fgu1t33iglsjfv0gb3 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
www.paypalobjects.com
www.vipprofessional.net
151.101.2.133
2606:4700::6810:125e
51.75.242.37
4d67be3098fe33e8d2a27c5d28dc1ecc214f94afa77740f8c9ff7848edbe93f8
847c86ae982abe9180233276125b930b4a1b6f1bd12649b0c07535c1e984def8
98ecaad59fce14516bd1c79d6361e1f798a6cf3d077b68b5807adc153c5fb389
a69d9129779b4f56bec86f110934bf96e884af4c4f51d83c42fefc906240e95b
b25a2092f0752b754e933008f10213c55dd5ce93a791e355b0abed9182cc8df9
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
bce5af51a37543cd46614e90db944fbce529806f0a22c786e3454da7131c782b
c007d73792ac2d25882bfbb573e700e721a0adacfab947e6a0b64a61991fecf0
c8c0595b709d3b91af6b173aa2f7027eee3fb617bd45d94ad61654f45564d4c6