urlscan.io logo urlscan.io
SecurityTrails logo

jerando.com Open in urlscan Pro
88.99.169.127  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://jerando.com/uploads/user_617/CB-menuiserie/.store/index.html
Submission Tags: falconsandbox
Submission: On October 31 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 8 HTTP transactions. The main IP is 88.99.169.127, located in Nuremberg, Germany and belongs to HETZNER-AS, DE. The main domain is jerando.com.
TLS certificate: Issued by R10 on September 7th 2024. Valid for: 3 months.
This is the only time jerando.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

IP Address AS Autonomous System
1 88.99.169.127 24940 (HETZNER-AS)
1 2606:4700:310... 13335 (CLOUDFLAR...)
6 151.101.131.1 54113 (FASTLY)
8 3
Apex Domain
Subdomains		 Transfer
6 paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 2817
50 KB
1 pages.dev
dovian983767892098767289287.pages.dev
24 KB
1 jerando.com
jerando.com
10 KB
8 3
Domain Requested by
6 www.paypalobjects.com jerando.com
dovian983767892098767289287.pages.dev
1 dovian983767892098767289287.pages.dev jerando.com
1 jerando.com
8 3

This site contains no links.

Subject Issuer Validity Valid
jerando.com
R10		 2024-09-07 -
2024-12-06		 3 months crt.sh
dovian983767892098767289287.pages.dev
WE1		 2024-10-31 -
2025-01-29		 3 months crt.sh
www.paypalobjects.com
DigiCert SHA2 Extended Validation Server CA		 2024-08-26 -
2025-08-25		 a year crt.sh

This page contains 1 frames:

Primary Page: https://jerando.com/uploads/user_617/CB-menuiserie/.store/index.html
Frame ID: 94D9BF2831C09F7A021989A1A55AF6DC
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Log in to your PayPal account

Detected technologies

Overall confidence: 100%
Detected patterns
  • paypalobjects\.com

Page Statistics

8
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

84 kB
Transfer

241 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.html
jerando.com/uploads/user_617/CB-menuiserie/.store/ 		45 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://jerando.com/uploads/user_617/CB-menuiserie/.store/index.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
88.99.169.127 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.127.169.99.88.clients.your-server.de
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
2b9cd2f3c7ac9796a9f6651596a1769c41aa13f5ebd3ad0bec40e23decce12cc

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
9458
Content-Type
text/html
Date
Thu, 31 Oct 2024 10:46:48 GMT
ETag
"b5e5-5a5ba76221b00-gzip"
Keep-Alive
timeout=5, max=100
Last-Modified
Sat, 16 May 2020 02:12:28 GMT
Server
Apache/2.4.41 (Ubuntu)
Vary
Accept-Encoding
contextualLoginElementalUIv2.css
dovian983767892098767289287.pages.dev/ 		144 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://dovian983767892098767289287.pages.dev/contextualLoginElementalUIv2.css
Requested by
Host: jerando.com
URL: https://jerando.com/uploads/user_617/CB-menuiserie/.store/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:310c::ac42:2f75 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d35c23a6813d07463bdda22d4c0ddc4c96e56ad8d68312c97249acf672724a4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://jerando.com/

Response headers

cache-control
public, max-age=0, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
etag
W/"c67b8eda205bd609ad4091d97747d1da"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FvKxkZYIs5MunZ%2BwL0fBFD%2BdBcduLKMBN35U6snhGUhHaCUV2%2FIyB7TwVRTw6Nf8QDctA1bUdtswfHzFBVpp%2FS3aDcNezsJmoZk1FqsvbHubAfqHO70%2FcfikePKHAvaQkDzAEOM3B2Yt60NMoi7wZHHcdDaxrSshmVzxJkqL0NOyDqoj"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
cf-ray
8db3103a4b9b21d9-MIA
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=30243&sent=7&recv=10&lost=0&retrans=0&sent_bytes=4033&recv_bytes=2241&delivery_rate=127976&cwnd=252&unsent_bytes=0&cid=ed00cd11b60ec6cf&ts=65&x=0"
date
Thu, 31 Oct 2024 10:46:48 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
server
cloudflare
icon-PN-check.png
www.paypalobjects.com/images/shared/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/images/shared/icon-PN-check.png
Requested by
Host: jerando.com
URL: https://jerando.com/uploads/user_617/CB-menuiserie/.store/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d2847bea03b68a100caf41aca4d972b58368b4ee956ab13dde15963d905d7c24
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://jerando.com/

Response headers

fastly-io-info
ifsz=2236 idim=121x133 ifmt=png ofsz=1238 odim=121x133 ofmt=png
paypal-debug-id
62bf5b922946e
etag
"juRbjo28Q9q7Ca+T2l9coQ3XNXGGGPrTLd30UBTHy+M"
x-content-type-options
nosniff
traceparent
00-000000000000000000062bf5b922946e-18e1576dcb2e28e0-01
dc
ccg11-origin-www-1.paypal.com
x-cache
HIT, HIT
date
Thu, 31 Oct 2024 10:46:48 GMT
content-type
image/png
x-served-by
cache-dfw-kdfw8210112-DFW, cache-mia-kmia1760092-MIA
x-cache-hits
10, 3692
fastly-stats
io=1
strict-transport-security
max-age=31557600
cache-control
s-maxage=31536000, public,max-age=3600
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
log-origin
shield=DFW,src_ip=140.248.68.126,alternate_path=0,ip=140.248.68.112,port=443,name=shield_ssl_cache_dfw_kdfw8210112_DFW,status=200,reason=OK,method=GET,url="/images/shared/icon-PN-check.png",host=www.paypalobjects.com
x-timer
S1730371609.686695,VS0,VE0
via
1.1 varnish, 1.1 varnish
log-timing
fetch=31310,misspass=93,do_stream=0
accept-ranges
bytes
content-length
1238
glyph_alert_critical_big-2x.png
www.paypalobjects.com/images/shared/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/images/shared/glyph_alert_critical_big-2x.png
Requested by
Host: jerando.com
URL: https://jerando.com/uploads/user_617/CB-menuiserie/.store/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4b16c98214d45bedb1513b7fd53a02ce204f6a2091a920c3122fb213168c3139
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://jerando.com/

Response headers

fastly-io-info
ifsz=5828 idim=224x200 ifmt=png ofsz=1709 odim=224x200 ofmt=png
paypal-debug-id
541f5961b6a61
etag
"06e7g2A2uh9gOtrAR/AAX1pvXevadwBfhbhh/bNOQEI"
x-content-type-options
nosniff
traceparent
00-0000000000000000000541f5961b6a61-38560fa3b00ee33a-01
dc
ccg11-origin-www-1.paypal.com
x-cache
HIT, HIT
date
Thu, 31 Oct 2024 10:46:48 GMT
content-type
image/png
x-served-by
cache-dfw-kdfw8210127-DFW, cache-mia-kmia1760092-MIA
x-cache-hits
26302, 3688
fastly-stats
io=1
strict-transport-security
max-age=31557600
cache-control
s-maxage=31536000, public,max-age=3600
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
log-origin
ip=66.211.169.102,port=443,name=F_ccg01_phx_origin_www_1_paypal_com,status=200,reason=OK,method=GET,url="/images/shared/glyph_alert_critical_big-2x.png",host=www.paypalobjects.com,shield=DFW,src_ip=140.248.68.127,alternate_path=0
x-timer
S1730371609.686618,VS0,VE0
via
1.1 varnish, 1.1 varnish
log-timing
fetch=73755,misspass=85,do_stream=0
accept-ranges
bytes
content-length
1709
paypal-mark-color.svg
www.paypalobjects.com/paypal-ui/logos/svg/ 		709 B
665 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/paypal-ui/logos/svg/paypal-mark-color.svg
Requested by
Host: dovian983767892098767289287.pages.dev
URL: https://dovian983767892098767289287.pages.dev/contextualLoginElementalUIv2.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8766a4211434d2c318fbfa412ea9633b385ecf1cab6119f8894019d91ed7e027
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dovian983767892098767289287.pages.dev/

Response headers

paypal-debug-id
6882e19098f44
content-encoding
br
etag
W/"66d9ab63-2c5"
x-content-type-options
nosniff
traceparent
00-00000000000000000006882e19098f44-bbaeef29f9c52c6c-01
dc
ccg11-origin-www-1.paypal.com
x-cache
HIT, HIT
date
Thu, 31 Oct 2024 10:46:48 GMT
content-type
image/svg+xml
last-modified
Thu, 05 Sep 2024 13:00:19 GMT
x-served-by
cache-dfw-kdfw8210056-DFW, cache-mia-kmia1760092-MIA
x-cache-hits
5, 4390
vary
Accept-Encoding, Accept-Encoding
strict-transport-security
max-age=31557600
cache-control
s-maxage=31536000, public,max-age=3600
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
x-timer
S1730371609.759050,VS0,VE0
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
396
PayPalSansBig-Regular.woff2
www.paypalobjects.com/paypal-ui/fonts/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/paypal-ui/fonts/PayPalSansBig-Regular.woff2
Requested by
Host: dovian983767892098767289287.pages.dev
URL: https://dovian983767892098767289287.pages.dev/contextualLoginElementalUIv2.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1f70ff447ed799a34f4c3ae37ef1f49ed4af71123ba2c2aefe354565354284be
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://jerando.com
Referer
https://dovian983767892098767289287.pages.dev/

Response headers

paypal-debug-id
546d02178abbf
etag
"60271cda-6318"
access-control-allow-methods
GET
x-content-type-options
nosniff
traceparent
00-0000000000000000000546d02178abbf-e0bc4a0752162a15-01
dc
ccg11-origin-www-1.paypal.com
x-cache
HIT, HIT
date
Thu, 31 Oct 2024 10:46:48 GMT
last-modified
Sat, 13 Feb 2021 00:27:06 GMT
x-served-by
cache-dfw-kdfw8210108-DFW, cache-mia-kmia1760021-MIA
x-cache-hits
5, 2948
content-type
application/font-woff2
vary
Accept-Encoding, Accept-Encoding
strict-transport-security
max-age=31557600
cache-control
s-maxage=31536000, public,max-age=31536000
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
x-timer
S1730371609.829321,VS0,VE0
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
25368
PayPalSansBig-Medium.woff2
www.paypalobjects.com/paypal-ui/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/paypal-ui/fonts/PayPalSansBig-Medium.woff2
Requested by
Host: dovian983767892098767289287.pages.dev
URL: https://dovian983767892098767289287.pages.dev/contextualLoginElementalUIv2.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2ae6779c6c3579643ab6deb5cfb822e843bf637d006a4ec25d9857ec7fb6d8c1
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://jerando.com
Referer
https://dovian983767892098767289287.pages.dev/

Response headers

paypal-debug-id
37d6760af98a3
etag
"60271cda-484c"
access-control-allow-methods
GET
x-content-type-options
nosniff
traceparent
00-000000000000000000037d6760af98a3-1877749704bfd087-01
dc
ccg11-origin-www-1.paypal.com
x-cache
HIT, HIT
date
Thu, 31 Oct 2024 10:46:48 GMT
last-modified
Sat, 13 Feb 2021 00:27:06 GMT
x-served-by
cache-dfw-kdfw8210035-DFW, cache-mia-kmia1760021-MIA
x-cache-hits
6, 2798
content-type
application/font-woff2
vary
Accept-Encoding, Accept-Encoding
strict-transport-security
max-age=31557600
cache-control
s-maxage=31536000, public,max-age=31536000
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
x-timer
S1730371609.829286,VS0,VE0
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
18508
pp_favicon_x.ico
www.paypalobjects.com/en_US/i/icon/ 		5 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://jerando.com/

Response headers

paypal-debug-id
6bc3e2afef838
content-encoding
br
etag
W/"5d5637bd-1536"
x-content-type-options
nosniff
traceparent
00-00000000000000000006bc3e2afef838-8c34394bcb026e2b-01
dc
ccg11-origin-www-1.paypal.com
x-cache
HIT, HIT
date
Thu, 31 Oct 2024 10:46:48 GMT
content-type
image/x-icon
last-modified
Fri, 16 Aug 2019 04:57:33 GMT
x-served-by
cache-dfw-kdfw8210080-DFW, cache-mia-kmia1760092-MIA
x-cache-hits
548, 3057
vary
Accept-Encoding
strict-transport-security
max-age=31557600
cache-control
s-maxage=31536000, public,max-age=3600
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
log-origin
shield=DFW,src_ip=140.248.68.37,alternate_path=0,ip=140.248.68.80,port=443,name=shield_ssl_cache_dfw_kdfw8210080_DFW,status=200,reason=OK,method=GET,url="/en_US/i/icon/pp_favicon_x.ico",host=www.paypalobjects.com
x-timer
S1730371609.872056,VS0,VE0
via
1.1 varnish, 1.1 varnish
log-timing
fetch=33636,misspass=102,do_stream=0
accept-ranges
bytes
content-length
1309

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies