www.trendsspotting.com Open in urlscan Pro
212.150.139.30 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.trendsspotting.com/js/hs/processing.html
Submission: On February 08 via automatic, source phishtank (February 8th 2017, 9:08:50 pm UTC)

Summary HTTP 13 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 212.150.139.30, located in Israel and belongs to NV-ASN 013 NetVision Ltd., IL. The main domain is www.trendsspotting.com.

This is the only time www.trendsspotting.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
9	212.150.139.30 212.150.139.30	1680 (NV-ASN 01...) (NV-ASN 013 NetVision Ltd.)
4	95.101.242.48 95.101.242.48	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
13	2

9 212.150.139.30 (Israel)

ASN1680 (NV-ASN 013 NetVision Ltd., IL)

www.trendsspotting.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 95.101.242.48 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-101-242-48.deploy.akamaitechnologies.com

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	trendsspotting.com www.trendsspotting.com	44 KB
4	paypalobjects.com www.paypalobjects.com	25 KB
13	2

	Domain	Requested by
9	www.trendsspotting.com	www.trendsspotting.com
4	www.paypalobjects.com	www.trendsspotting.com
13	2

This site contains links to these domains. Also see Links.

Domain
www.paypal.com

Subject Issuer	Validity	Valid
www.paypalobjects.com Symantec Class 3 EV SSL CA - G3	`2015-10-12` - `2017-09-02`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://www.trendsspotting.com/js/hs/processing.html
Frame ID: 15557.1
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

13
Requests

31 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

69 kB
Transfer

248 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.paypal.com/ro/cgi-bin/webscr?cmd=_account

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request processing.html Show response www.trendsspotting.com/js/hs/	3 KB 1 KB	165ms 88ms	Document text/html	212.150.139.30 NV-ASN 013 NetVis...
General Check archive.org Show headers Download Go to Full URL http://www.trendsspotting.com/js/hs/processing.html Protocol HTTP/1.1 Server 212.150.139.30 , Israel, ASN1680 (NV-ASN 013 NetVision Ltd., IL), Reverse DNS Software Apache/6.6.6 mod_fcgid/2.3.9 / Resource Hash `d3ebb559690fd53c13d3f1b3e0cf7be1e919efeedb75f4c706e4a240141e8a3e` Request headers Host www.trendsspotting.com Accept-Language en-US,en;q=0.8 Upgrade-Insecure-Requests 1 Cache-Control no-cache Pragma no-cache Accept-Encoding gzip, deflate, sdch User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Connection keep-alive Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Last-Modified Fri, 20 May 2011 13:15:36 GMT Keep-Alive timeout=2, max=100 Content-Length 1404 Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Date Wed, 08 Feb 2017 21:08:43 GMT Content-Encoding gzip Server Apache/6.6.6 mod_fcgid/2.3.9 ETag "d24-4a3b4ead34e00-gzip" Vary Accept-Encoding,User-Agent
GET H/1.1	200 OK	global.css www.trendsspotting.com/js/hs/files/	47 KB 9 KB	86ms 85ms	Stylesheet text/css	212.150.139.30 NV-ASN 013 NetVis...
General Check archive.org Show headers Download Go to Full URL http://www.trendsspotting.com/js/hs/files/global.css Requested by Host: www.trendsspotting.com URL: http://www.trendsspotting.com/js/hs/processing.html Protocol HTTP/1.1 Server 212.150.139.30 , Israel, ASN1680 (NV-ASN 013 NetVision Ltd., IL), Reverse DNS Software Apache/6.6.6 mod_fcgid/2.3.9 / Resource Hash `bc5b827233fe10b44e2f55b60125f6bd5af47b68b299fa4475f48eb51dd24e80` Request headers Connection keep-alive Cache-Control no-cache Referer http://www.trendsspotting.com/js/hs/processing.html Accept-Encoding gzip, deflate, sdch Host www.trendsspotting.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept text/css,/;q=0.1 Pragma no-cache Referer http://www.trendsspotting.com/js/hs/processing.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Content-Length 9375 Content-Encoding gzip Last-Modified Fri, 20 May 2011 13:13:24 GMT Server Apache/6.6.6 mod_fcgid/2.3.9 ETag "bda3-4a3b4e2f52500-gzip" Date Wed, 08 Feb 2017 21:08:43 GMT Vary Accept-Encoding,User-Agent Keep-Alive timeout=2, max=99
GET H/1.1	200 OK	pageSalsa.css www.trendsspotting.com/js/hs/files/	33 KB 7 KB	155ms 81ms	Stylesheet text/css	212.150.139.30 NV-ASN 013 NetVis...
General Check archive.org Show headers Download Go to Full URL http://www.trendsspotting.com/js/hs/files/pageSalsa.css Requested by Host: www.trendsspotting.com URL: http://www.trendsspotting.com/js/hs/processing.html Protocol HTTP/1.1 Server 212.150.139.30 , Israel, ASN1680 (NV-ASN 013 NetVision Ltd., IL), Reverse DNS Software Apache/6.6.6 mod_fcgid/2.3.9 / Resource Hash `4567b4c8dcff731a6670702531e23a682167ed700140a6a4ca1c7bb76dcd58c6` Request headers Accept-Encoding gzip, deflate, sdch Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Referer http://www.trendsspotting.com/js/hs/processing.html Connection keep-alive Pragma no-cache Host www.trendsspotting.com Accept text/css,/;q=0.1 Cache-Control no-cache Referer http://www.trendsspotting.com/js/hs/processing.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Content-Encoding gzip Last-Modified Fri, 20 May 2011 13:14:38 GMT Server Apache/6.6.6 mod_fcgid/2.3.9 ETag "84f9-4a3b4e75e4b80-gzip" Vary Accept-Encoding,User-Agent Content-Length 6928 Date Wed, 08 Feb 2017 21:08:43 GMT Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=100
GET H/1.1	200 OK	global.css www.paypalobjects.com/WEBSCR-640-20110401-1/css/core/	55 KB 11 KB	23ms 10ms	Stylesheet text/css	95.101.242.48 Akamai Technologies
General Check archive.org Show headers Download Go to Full URL https://www.paypalobjects.com/WEBSCR-640-20110401-1/css/core/global.css Requested by Host: www.trendsspotting.com URL: http://www.trendsspotting.com/js/hs/processing.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.101.242.48 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a95-101-242-48.deploy.akamaitechnologies.com Software Apache / Resource Hash `6d1356e516b31aece81e8fc703aa3737fa590ae3d9d844e2fdd3c1628a3b10af` Request headers Accept-Encoding gzip, deflate, sdch, br Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Referer http://www.trendsspotting.com/js/hs/processing.html Connection keep-alive Cache-Control no-cache Pragma no-cache Host www.paypalobjects.com Accept text/css,/;q=0.1 Referer http://www.trendsspotting.com/js/hs/processing.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Last-Modified Fri, 03 Feb 2017 01:18:31 GMT Server Apache Vary Accept-Encoding Connection keep-alive Expires Tue, 09 May 2017 21:08:43 GMT Date Wed, 08 Feb 2017 21:08:43 GMT Content-Encoding gzip Accept-Ranges bytes Content-Length 10975 Content-Type text/css Cache-Control max-age=7776000
GET H/1.1	200 OK	pageSalsa.css www.paypalobjects.com/WEBSCR-640-20110401-1/css/Customer/pages/	37 KB 8 KB	405ms 391ms	Stylesheet text/css	95.101.242.48 Akamai Technologies
General Check archive.org Show headers Download Go to Full URL https://www.paypalobjects.com/WEBSCR-640-20110401-1/css/Customer/pages/pageSalsa.css Requested by Host: www.trendsspotting.com URL: http://www.trendsspotting.com/js/hs/processing.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.101.242.48 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a95-101-242-48.deploy.akamaitechnologies.com Software Apache / Resource Hash `89488b763b4bd151af82b09699daad7da36821ae3c43c92a1d34c30dbf05cd72` Request headers Accept text/css,/;q=0.1 Referer http://www.trendsspotting.com/js/hs/processing.html Connection keep-alive Pragma no-cache Accept-Encoding gzip, deflate, sdch, br Host www.paypalobjects.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Cache-Control no-cache Referer http://www.trendsspotting.com/js/hs/processing.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Date Wed, 08 Feb 2017 21:08:43 GMT Last-Modified Fri, 03 Feb 2017 01:18:31 GMT Vary Accept-Encoding Cache-Control max-age=7776000 Connection keep-alive Expires Tue, 09 May 2017 21:08:43 GMT Content-Encoding gzip Server Apache Content-Type text/css Accept-Ranges bytes Content-Length 7954
GET H/1.1	200 OK	global.js Show response www.trendsspotting.com/js/hs/files/	55 KB 18 KB	160ms 85ms	Script application/javascript	212.150.139.30 NV-ASN 013 NetVis...
General Check archive.org Show headers Download Go to Full URL http://www.trendsspotting.com/js/hs/files/global.js Requested by Host: www.trendsspotting.com URL: http://www.trendsspotting.com/js/hs/processing.html Protocol HTTP/1.1 Server 212.150.139.30 , Israel, ASN1680 (NV-ASN 013 NetVision Ltd., IL), Reverse DNS Software Apache/6.6.6 mod_fcgid/2.3.9 / Resource Hash `5009a58a65adbadb995c313fa028c4f5233d9204355926b2e21e1a0974db5dc1` Request headers Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Connection keep-alive Pragma no-cache Accept-Encoding gzip, deflate, sdch Host www.trendsspotting.com Accept / Referer http://www.trendsspotting.com/js/hs/processing.html Cache-Control no-cache Referer http://www.trendsspotting.com/js/hs/processing.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Content-Encoding gzip Vary Accept-Encoding,User-Agent Content-Type application/javascript Keep-Alive timeout=2, max=100 Content-Length 18662 Date Wed, 08 Feb 2017 21:08:43 GMT Server Apache/6.6.6 mod_fcgid/2.3.9 ETag "ddc3-4a3b4e350b280-gzip" Connection Keep-Alive Accept-Ranges bytes Last-Modified Fri, 20 May 2011 13:13:30 GMT
GET H/1.1	200 OK	print.css www.trendsspotting.com/js/hs/files/	3 KB 1 KB	83ms 83ms	Stylesheet text/css	212.150.139.30 NV-ASN 013 NetVis...
General Check archive.org Show headers Download Go to Full URL http://www.trendsspotting.com/js/hs/files/print.css Requested by Host: www.trendsspotting.com URL: http://www.trendsspotting.com/js/hs/processing.html Protocol HTTP/1.1 Server 212.150.139.30 , Israel, ASN1680 (NV-ASN 013 NetVision Ltd., IL), Reverse DNS Software Apache/6.6.6 mod_fcgid/2.3.9 / Resource Hash `4b40ace1d6613a81c58a9420333f5f30652876cd3f13cdcdc6ad224867d2e6a7` Request headers Accept text/css,/;q=0.1 Connection keep-alive Cache-Control no-cache Accept-Encoding gzip, deflate, sdch Host www.trendsspotting.com Accept-Language en-US,en;q=0.8 Pragma no-cache User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Referer http://www.trendsspotting.com/js/hs/processing.html Referer http://www.trendsspotting.com/js/hs/processing.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Accept-Ranges bytes Keep-Alive timeout=2, max=98 Date Wed, 08 Feb 2017 21:08:43 GMT Content-Encoding gzip Server Apache/6.6.6 mod_fcgid/2.3.9 ETag "b95-4a3b4e8bd3f40-gzip" Content-Type text/css Connection Keep-Alive Content-Length 1044 Last-Modified Fri, 20 May 2011 13:15:01 GMT Vary Accept-Encoding,User-Agent
GET H/1.1	200 OK	counter.gif www.trendsspotting.com/js/hs/files/	42 B 42 B	81ms 81ms	Image image/gif	212.150.139.30 NV-ASN 013 NetVis...
General Check archive.org Show headers Download Go to Show image Full URL http://www.trendsspotting.com/js/hs/files/counter.gif Requested by Host: www.trendsspotting.com URL: http://www.trendsspotting.com/js/hs/processing.html Protocol HTTP/1.1 Server 212.150.139.30 , Israel, ASN1680 (NV-ASN 013 NetVision Ltd., IL), Reverse DNS Software Apache/6.6.6 mod_fcgid/2.3.9 / Resource Hash `47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292` Request headers Cache-Control no-cache Pragma no-cache Host www.trendsspotting.com Referer http://www.trendsspotting.com/js/hs/processing.html Connection keep-alive Accept-Encoding gzip, deflate, sdch Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://www.trendsspotting.com/js/hs/processing.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Date Wed, 08 Feb 2017 21:08:43 GMT Last-Modified Fri, 20 May 2011 13:12:43 GMT ETag "2a-4a3b4e08388c0" Content-Type image/gif Connection Keep-Alive Content-Length 42 Server Apache/6.6.6 mod_fcgid/2.3.9 Accept-Ranges bytes Keep-Alive timeout=2, max=99
GET H/1.1	200 OK	paypal_logo.gif www.trendsspotting.com/js/hs/files/	1 KB 1 KB	81ms 81ms	Image image/gif	212.150.139.30 NV-ASN 013 NetVis...
General Check archive.org Show headers Download Go to Show image Full URL http://www.trendsspotting.com/js/hs/files/paypal_logo.gif Requested by Host: www.trendsspotting.com URL: http://www.trendsspotting.com/js/hs/processing.html Protocol HTTP/1.1 Server 212.150.139.30 , Israel, ASN1680 (NV-ASN 013 NetVision Ltd., IL), Reverse DNS Software Apache/6.6.6 mod_fcgid/2.3.9 / Resource Hash `57ec72c70bf1eff7a24b120662527955a6a406f726bb52efcd863146d3891697` Request headers Cache-Control no-cache Pragma no-cache Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Referer http://www.trendsspotting.com/js/hs/processing.html Connection keep-alive Accept-Encoding gzip, deflate, sdch Host www.trendsspotting.com Accept image/webp,image/,/;q=0.8 User-Agent* Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Referer http://www.trendsspotting.com/js/hs/processing.html Response headers Last-Modified Fri, 20 May 2011 13:14:49 GMT Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=98 Date Wed, 08 Feb 2017 21:08:43 GMT Server Apache/6.6.6 mod_fcgid/2.3.9 ETag "45b-4a3b4e8062440" Content-Type image/gif Content-Length 1115
GET H/1.1	200 OK	icon_load_roundcorner_lock1_186x42_withlock.gif www.trendsspotting.com/js/hs/files/	6 KB 6 KB	79ms 79ms	Image image/gif	212.150.139.30 NV-ASN 013 NetVis...
General Check archive.org Show headers Download Go to Show image Full URL http://www.trendsspotting.com/js/hs/files/icon_load_roundcorner_lock1_186x42_withlock.gif Requested by Host: www.trendsspotting.com URL: http://www.trendsspotting.com/js/hs/processing.html Protocol HTTP/1.1 Server 212.150.139.30 , Israel, ASN1680 (NV-ASN 013 NetVision Ltd., IL), Reverse DNS Software Apache/6.6.6 mod_fcgid/2.3.9 / Resource Hash `c978bbecf8c51329b37db86bde0c580b8c6d85ba9dbc0480ed7992e7ab2d0992` Request headers Accept-Encoding gzip, deflate, sdch User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Referer http://www.trendsspotting.com/js/hs/processing.html Pragma no-cache Host www.trendsspotting.com Accept-Language en-US,en;q=0.8 Accept image/webp,image/,/;q=0.8 Connection* keep-alive Cache-Control no-cache Referer http://www.trendsspotting.com/js/hs/processing.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Last-Modified Fri, 20 May 2011 13:13:39 GMT Accept-Ranges bytes Keep-Alive timeout=2, max=99 Content-Length 6625 Date Wed, 08 Feb 2017 21:08:43 GMT Server Apache/6.6.6 mod_fcgid/2.3.9 ETag "19e1-4a3b4e3da06c0" Content-Type image/gif Connection Keep-Alive
GET H/1.1	200 OK	Cookie set nav_sprite.gif www.paypalobjects.com/en_US/i/pui/core/	755 B 755 B	8ms 8ms	Image image/gif	95.101.242.48 Akamai Technologies
General Check archive.org Show headers Download Go to Show image Full URL https://www.paypalobjects.com/en_US/i/pui/core/nav_sprite.gif Requested by Host: www.trendsspotting.com URL: http://www.trendsspotting.com/js/hs/processing.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.101.242.48 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a95-101-242-48.deploy.akamaitechnologies.com Software Apache / Resource Hash `c292cecf17ed53d1756b4eb38b7fec014604d2201716226100dc54353637ff3d` Request headers Host www.paypalobjects.com Referer https://www.paypalobjects.com/WEBSCR-640-20110401-1/css/core/global.css Pragma no-cache Accept-Encoding gzip, deflate, sdch, br Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept image/webp,image/,/;q=0.8 Connection* keep-alive Cache-Control no-cache Referer https://www.paypalobjects.com/WEBSCR-640-20110401-1/css/core/global.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Content-Type image/gif Accept-Ranges bytes Expires Wed, 08 Feb 2017 21:08:43 GMT Pragma no-cache Date Wed, 08 Feb 2017 21:08:43 GMT Last-Modified Fri, 03 Feb 2017 01:18:41 GMT Server Apache P3P CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI" Connection keep-alive Cache-Control max-age=0, no-cache, no-store Set-Cookie PYPF=CT; expires=Wed, 08-Mar-2017 21:08:43 GMT; path=/; domain=.paypalobjects.com Content-Length 755
GET H/1.1	404 Not Found	animation.js www.trendsspotting.com/js/lib/yui/	0 0	1130ms 1130ms	Script text/html	212.150.139.30 NV-ASN 013 NetVis...
General Check archive.org Show headers Download Go to Full URL http://www.trendsspotting.com/js/lib/yui/animation.js Requested by Host: www.trendsspotting.com URL: http://www.trendsspotting.com/js/hs/files/global.js Protocol HTTP/1.1 Server 212.150.139.30 , Israel, ASN1680 (NV-ASN 013 NetVision Ltd., IL), Reverse DNS Software Apache/6.6.6 mod_fcgid/2.3.9 / PHP/5.2.17 Resource Hash Request headers Accept-Encoding gzip, deflate, sdch Accept / Referer http://www.trendsspotting.com/js/hs/processing.html Cache-Control no-cache Pragma no-cache Host www.trendsspotting.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Connection keep-alive Referer http://www.trendsspotting.com/js/hs/processing.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Vary Accept-Encoding,User-Agent Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Connection Keep-Alive Link <http://www.trendsspotting.com/wp-json/>; rel="https://api.w.org/" Pragma no-cache Date Wed, 08 Feb 2017 21:08:43 GMT Content-Encoding gzip Content-Length 3354 Expires Wed, 11 Jan 1984 05:00:00 GMT Server Apache/6.6.6 mod_fcgid/2.3.9 X-Powered-By PHP/5.2.17 Keep-Alive timeout=2, max=97
GET H/1.1	200 OK	pp_favicon_x.ico www.paypalobjects.com/WEBSCR-640-20110124-1/en_US/i/icon/	5 KB 5 KB	204ms 204ms	Other image/x-icon	95.101.242.48 Akamai Technologies
General Check archive.org Show headers Download Go to Full URL https://www.paypalobjects.com/WEBSCR-640-20110124-1/en_US/i/icon/pp_favicon_x.ico Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.101.242.48 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a95-101-242-48.deploy.akamaitechnologies.com Software Apache / Resource Hash `1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch, br Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept image/webp,image/,/;q=0.8 Connection* keep-alive Host www.paypalobjects.com Referer http://www.trendsspotting.com/js/hs/processing.html Cookie PYPF=CT Cache-Control no-cache Referer http://www.trendsspotting.com/js/hs/processing.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Accept-Ranges bytes Content-Length 5430 Date Wed, 08 Feb 2017 21:08:43 GMT Server Apache Content-Type image/x-icon Connection keep-alive Last-Modified Fri, 03 Feb 2017 01:18:40 GMT Cache-Control max-age=7776000 Expires Tue, 09 May 2017 21:08:43 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.paypalobjects.com
www.trendsspotting.com
212.150.139.30
95.101.242.48
1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
4567b4c8dcff731a6670702531e23a682167ed700140a6a4ca1c7bb76dcd58c6
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4b40ace1d6613a81c58a9420333f5f30652876cd3f13cdcdc6ad224867d2e6a7
5009a58a65adbadb995c313fa028c4f5233d9204355926b2e21e1a0974db5dc1
57ec72c70bf1eff7a24b120662527955a6a406f726bb52efcd863146d3891697
6d1356e516b31aece81e8fc703aa3737fa590ae3d9d844e2fdd3c1628a3b10af
89488b763b4bd151af82b09699daad7da36821ae3c43c92a1d34c30dbf05cd72
bc5b827233fe10b44e2f55b60125f6bd5af47b68b299fa4475f48eb51dd24e80
c292cecf17ed53d1756b4eb38b7fec014604d2201716226100dc54353637ff3d
c978bbecf8c51329b37db86bde0c580b8c6d85ba9dbc0480ed7992e7ab2d0992
d3ebb559690fd53c13d3f1b3e0cf7be1e919efeedb75f4c706e4a240141e8a3e

www.trendsspotting.com Open in urlscan Pro 212.150.139.30 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

13 Requests

31 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

69 kBTransfer

248 kBSize

0 Cookies

1 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

www.trendsspotting.com Open in urlscan Pro
212.150.139.30 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

31 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

69 kB
Transfer

248 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!