resolvemyaccount-paypal.casacam.net Open in urlscan Pro
178.62.238.139 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://kusia.ga/XgzTe?p0p
Effective URL:
https://resolvemyaccount-paypal.casacam.net/nl/signin
Submission: On May 05 via manual (May 5th 2020, 7:32:00 pm UTC) from US

Summary HTTP 24 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 5 countries across 8 domains to perform 24 HTTP transactions. The main IP is 178.62.238.139, located in Amsterdam, Netherlands and belongs to DIGITALOCEAN-ASN, US. The main domain is resolvemyaccount-paypal.casacam.net.
TLS certificate: Issued by Let's Encrypt Authority X3 on April 29th 2020. Valid for: 3 months.

This is the only time resolvemyaccount-paypal.casacam.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
9	104.198.14.52 104.198.14.52	15169 (GOOGLE) (GOOGLE)
2	2001:4de0:ac1... 2001:4de0:ac19::1:b:1b	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2a00:1450:400... 2a00:1450:4001:824::2008	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:1a	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2606:4700::68... 2606:4700::6810:5614	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:81b::200e	15169 (GOOGLE) (GOOGLE)
1	103.126.226.22 103.126.226.22	138115 (IDNIC-DEN...) (IDNIC-DENEVA-AS-ID PT Deneva)
1 1	222.154.250.47 222.154.250.47	4771 (SPARKNZ S...) (SPARKNZ Spark New Zealand Trading Ltd.)
1 8	178.62.238.139 178.62.238.139	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
24	9

9 104.198.14.52 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 52.14.198.104.bc.googleusercontent.com

kusia.ga	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4de0:ac19::1:b:1b (Netherlands)

ASN20446 (HIGHWINDS3, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:1a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.126.226.22 (Indonesia)

ASN138115 (IDNIC-DENEVA-AS-ID PT Deneva, ID)
PTR: jessie.id.rapidplex.com

api.kusia.ga	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 222.154.250.47 (Christchurch, New Zealand) 1 redirects

ASN4771 (SPARKNZ Spark New Zealand Trading Ltd., NZ)
PTR: bifrost.itmate.net

cya.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 178.62.238.139 (Amsterdam, Netherlands) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

resolvemyaccount-paypal.casacam.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	kusia.ga kusia.ga api.kusia.ga	119 KB
8	casacam.net 1 redirects resolvemyaccount-paypal.casacam.net	257 KB
2	google-analytics.com www.google-analytics.com	18 KB
2	bootstrapcdn.com stackpath.bootstrapcdn.com	39 KB
1	cya.nz 1 redirects cya.nz	505 B
1	jsdelivr.net cdn.jsdelivr.net	7 KB
1	jquery.com code.jquery.com	24 KB
1	googletagmanager.com www.googletagmanager.com	30 KB
24	8

	Domain	Requested by
9	kusia.ga	kusia.ga
8	resolvemyaccount-paypal.casacam.net	1 redirects kusia.ga resolvemyaccount-paypal.casacam.net
2	www.google-analytics.com	www.googletagmanager.com kusia.ga
2	stackpath.bootstrapcdn.com	kusia.ga
1	cya.nz	1 redirects
1	api.kusia.ga	kusia.ga
1	cdn.jsdelivr.net	kusia.ga
1	code.jquery.com	kusia.ga
1	www.googletagmanager.com	kusia.ga
24	9

This site contains no links.

Subject Issuer	Validity	Valid
kusia.ga Let's Encrypt Authority X3	`2020-04-16` - `2020-07-15`	3 months	crt.sh
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-09-14` - `2020-10-13`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-04-07` - `2020-06-30`	3 months	crt.sh
jquery.org COMODO RSA Domain Validation Secure Server CA	`2018-10-17` - `2020-10-16`	2 years	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2020-04-06` - `2020-10-09`	6 months	crt.sh
cpcalendars.resolvemyaccount-paypal.casacam.net Let's Encrypt Authority X3	`2020-04-29` - `2020-07-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://resolvemyaccount-paypal.casacam.net/nl/signin
Frame ID: E9E324D77A2D2F344C4B5C3B71B81C90
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://kusia.ga/XgzTe?p0p Page URL
https://cya.nz/4FnS HTTP 301
https://resolvemyaccount-paypal.casacam.net/?secure HTTP 302
https://resolvemyaccount-paypal.casacam.net/nl/signin Page URL

Detected technologies

Netlify (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^Netlify/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

24
Requests

100 %
HTTPS

56 %
IPv6

8
Domains

9
Subdomains

9
IPs

5
Countries

493 kB
Transfer

1049 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://kusia.ga/XgzTe?p0p Page URL
https://cya.nz/4FnS HTTP 301
https://resolvemyaccount-paypal.casacam.net/?secure HTTP 302
https://resolvemyaccount-paypal.casacam.net/nl/signin Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 XgzTe Show response
kusia.ga/ 3 KB
1 KB 1026ms
432ms Document
text/html 104.198.14.52
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://kusia.ga/XgzTe?p0p

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.198.14.52 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

52.14.198.104.bc.googleusercontent.com

Software

Netlify /

Resource Hash

a5dd79e3df2c1e446df1104ef638708f1d3850ca2fc7273fc106e85debe58e16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: kusia.ga
:scheme: https
:path: /XgzTe?p0p
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
cache-control: public, max-age=0, must-revalidate
content-type: text/html; charset=UTF-8
date: Tue, 05 May 2020 19:31:43 GMT
etag: "baa54c41b36003b10616ca219bab12fc-ssl-df"
strict-transport-security: max-age=31536000
content-encoding: gzip
content-length: 1205
age: 1
server: Netlify
vary: Accept-Encoding
x-nf-request-id: 7a1f571a-9852-45c9-90a0-cb73e4cd4a89-12114364

GET
H2 200 app.cedcde94.css
kusia.ga/css/ 5 KB
1 KB 308ms
306ms Stylesheet
text/css 104.198.14.52
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://kusia.ga/css/app.cedcde94.css

Requested by

Host: kusia.ga
URL: https://kusia.ga/XgzTe?p0p

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.198.14.52 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

52.14.198.104.bc.googleusercontent.com

Software

Netlify /

Resource Hash

4fff6f72288426decc4b9b11692bcbae00277f2ec444ffb9cf8b5e6d361878f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://kusia.ga/XgzTe?p0p
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: 7a1f571a-9852-45c9-90a0-cb73e4cd4a89-12114482
date: Tue, 05 May 2020 19:31:43 GMT
content-encoding: gzip
server: Netlify
age: 0
etag: "3729d0e8793a6fb813c157e6c68f5603-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
status: 200
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 1327

GET
H2 200 chunk-vendors.e5613aff.css
kusia.ga/css/ 6 KB
1 KB 321ms
319ms Stylesheet
text/css 104.198.14.52
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://kusia.ga/css/chunk-vendors.e5613aff.css

Requested by

Host: kusia.ga
URL: https://kusia.ga/XgzTe?p0p

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.198.14.52 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

52.14.198.104.bc.googleusercontent.com

Software

Netlify /

Resource Hash

c548b148e84834b3a057dd7d392c052d15e5d735dda680f68adc76ba9761c199

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://kusia.ga/XgzTe?p0p
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: 7a1f571a-9852-45c9-90a0-cb73e4cd4a89-12114483
date: Tue, 05 May 2020 19:31:43 GMT
content-encoding: gzip
server: Netlify
age: 0
etag: "57ea1c3415e848347e5622377d44b0e3-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
status: 200
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 1375

GET
H2 200 app.1acbf3e7.js Show response
kusia.ga/js/ 17 KB
6 KB 306ms
305ms Script
application/javascript 104.198.14.52
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://kusia.ga/js/app.1acbf3e7.js

Requested by

Host: kusia.ga
URL: https://kusia.ga/XgzTe?p0p

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.198.14.52 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

52.14.198.104.bc.googleusercontent.com

Software

Netlify /

Resource Hash

5bedd67cfa8e390a70d1598bf8ea5102d86fb70b9f941fb8bc92b62703199c08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://kusia.ga/XgzTe?p0p
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: 7a1f571a-9852-45c9-90a0-cb73e4cd4a89-12114484
date: Tue, 05 May 2020 19:31:43 GMT
content-encoding: gzip
server: Netlify
age: 0
etag: "c8243d3b3c20897b0056b82fd5c505ec-ssl-df"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 5540

GET
H2 200 chunk-vendors.11046883.js Show response
kusia.ga/js/ 323 KB
105 KB 441ms
440ms Script
application/javascript 104.198.14.52
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://kusia.ga/js/chunk-vendors.11046883.js

Requested by

Host: kusia.ga
URL: https://kusia.ga/XgzTe?p0p

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.198.14.52 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

52.14.198.104.bc.googleusercontent.com

Software

Netlify /

Resource Hash

923f8086bbfaf507583aae4c66814a049dfc3708465d8c6cdf8ab8d7d86245b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://kusia.ga/XgzTe?p0p
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: 7a1f571a-9852-45c9-90a0-cb73e4cd4a89-12114485
date: Tue, 05 May 2020 19:31:43 GMT
content-encoding: gzip
server: Netlify
age: 0
etag: "41fe67c6b81449cd101463a9c21c55a0-ssl-df"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes

GET
H2 200 bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/ 156 KB
23 KB 32ms
12ms Stylesheet
text/css 2001:4de0:ac19::1:b:1b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css

Requested by

Host: kusia.ga
URL: https://kusia.ga/XgzTe?p0p

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4de0:ac19::1:b:1b , Netherlands, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Resource Hash

2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://kusia.ga/XgzTe?p0p
Origin: https://kusia.ga

Response headers

date: Tue, 05 May 2020 19:31:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 28 Nov 2019 17:52:46 GMT
status: 200
etag: "1574963566"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 23681

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 80 KB
30 KB 38ms
37ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-112771033-2

Requested by

Host: kusia.ga
URL: https://kusia.ga/XgzTe?p0p

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

55985504c9b15152ae8d2f6d823db6acf1a4edc8dad0e2dcfbf93b782d8df5f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://kusia.ga/XgzTe?p0p
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 19:31:43 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30218
x-xss-protection: 0
last-modified: Tue, 05 May 2020 18:53:35 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 05 May 2020 19:31:43 GMT

GET
H/1.1 200
OK jquery-3.4.1.slim.min.js Show response
code.jquery.com/ 69 KB
24 KB 29ms
6ms Script
application/javascript 2001:4de0:ac19::1:b:1a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.4.1.slim.min.js
Requested by: Host: kusia.ga
URL: https://kusia.ga/XgzTe?p0p
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:4de0:ac19::1:b:1a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: a5ab2a00a0439854f8787a0dda775dea5377ef4905886505c938941d6854ee4f

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://kusia.ga/XgzTe?p0p
Origin: https://kusia.ga

Response headers

Date: Tue, 05 May 2020 19:31:43 GMT
Content-Encoding: gzip
Last-Modified: Wed, 01 May 2019 21:14:27 GMT
Server: nginx
ETag: W/"5cca0c33-1157d"
Vary: Accept-Encoding
X-HW: 1588707103.dop040.fr8.t,1588707103.cds120.fr8.shn,1588707103.cds120.fr8.c
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 24328

GET
H2 200 popper.min.js Show response
cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/ 21 KB
7 KB 13ms
12ms Script
application/javascript 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js

Requested by

Host: kusia.ga
URL: https://kusia.ga/XgzTe?p0p

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://kusia.ga/XgzTe?p0p
Origin: https://kusia.ga

Response headers

date: Tue, 05 May 2020 19:31:43 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 15834907
x-cache: HIT, HIT
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-request-id: 0287ebaa31000007ae72937200000001
x-served-by: cache-ams21026-AMS, cache-hhn4073-HHN
timing-allow-origin: *
server: cloudflare
etag: W/"5309-YvI45zNIx3656GVCan0bfeI8uy0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 58ece2238b5007ae-FRA

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/ 59 KB
16 KB 37ms
17ms Script
text/javascript 2001:4de0:ac19::1:b:1b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js

Requested by

Host: kusia.ga
URL: https://kusia.ga/XgzTe?p0p

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4de0:ac19::1:b:1b , Netherlands, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Resource Hash

5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://kusia.ga/XgzTe?p0p
Origin: https://kusia.ga

Response headers

date: Tue, 05 May 2020 19:31:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 28 Nov 2019 17:52:52 GMT
status: 200
etag: "1574963572"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 15919

GET
H2 200 about.f7019aaf.css
kusia.ga/css/ 0
329 B 415ms
415ms Other
text/css 104.198.14.52
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://kusia.ga/css/about.f7019aaf.css

Requested by

Host: kusia.ga
URL: https://kusia.ga/XgzTe?p0p

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.198.14.52 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

52.14.198.104.bc.googleusercontent.com

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://kusia.ga/XgzTe?p0p
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: 7a1f571a-9852-45c9-90a0-cb73e4cd4a89-12114494
date: Tue, 05 May 2020 19:31:43 GMT
content-encoding: gzip
server: Netlify
age: 0
etag: "8301c3f3d9772f69a604517c23debd68-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
status: 200
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 220

GET
H2 200 about.5d2e7602.js
kusia.ga/js/ 0
1 KB 395ms
395ms Other
application/javascript 104.198.14.52
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://kusia.ga/js/about.5d2e7602.js

Requested by

Host: kusia.ga
URL: https://kusia.ga/XgzTe?p0p

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.198.14.52 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

52.14.198.104.bc.googleusercontent.com

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://kusia.ga/XgzTe?p0p
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: 7a1f571a-9852-45c9-90a0-cb73e4cd4a89-12114495
date: Tue, 05 May 2020 19:31:43 GMT
content-encoding: gzip
server: Netlify
age: 0
etag: "8bdfd48fdc6dc48f123a7fa113d4ae1d-ssl-df"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 1133

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-112771033-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://kusia.ga/XgzTe?p0p
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 2123
date: Tue, 05 May 2020 18:56:20 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18174
expires: Tue, 05 May 2020 20:56:20 GMT

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
101 B 13ms
13ms Image
image/gif 2a00:1450:4001:81b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=131337776&t=pageview&_s=1&dl=https%3A%2F%2Fkusia.ga%2FXgzTe%3Fp0p&ul=en-us&de=UTF-8&dt=Kusiaga%20%7C%20A%20Secure%20URL%20Shortener%20Bring%20Business%20to%20the%20Next%20Level&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=1728817958&gjid=1818614041&cid=1658251765.1588707103&tid=UA-112771033-2&_gid=2100138287.1588707103&_r=1&gtm=2ou4m0&z=1061863415

Requested by

Host: kusia.ga
URL: https://kusia.ga/XgzTe?p0p

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://kusia.ga/XgzTe?p0p
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 May 2020 19:31:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 about.f7019aaf.css
kusia.ga/css/ 603 B
293 B 149ms
148ms Stylesheet
text/css 104.198.14.52
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://kusia.ga/css/about.f7019aaf.css

Requested by

Host: kusia.ga
URL: https://kusia.ga/js/app.1acbf3e7.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.198.14.52 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

52.14.198.104.bc.googleusercontent.com

Software

Netlify /

Resource Hash

f9801a0341969ff38f45281836c63f2111d91d0025d2c9df44373e180b9e6b32

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://kusia.ga/XgzTe?p0p
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: 7a1f571a-9852-45c9-90a0-cb73e4cd4a89-12115007
date: Tue, 05 May 2020 19:31:43 GMT
content-encoding: gzip
server: Netlify
age: 1
etag: "8301c3f3d9772f69a604517c23debd68-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
status: 200
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 220

GET
H2 200 about.5d2e7602.js Show response
kusia.ga/js/ 3 KB
1 KB 150ms
149ms Script
application/javascript 104.198.14.52
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://kusia.ga/js/about.5d2e7602.js

Requested by

Host: kusia.ga
URL: https://kusia.ga/js/app.1acbf3e7.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.198.14.52 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

52.14.198.104.bc.googleusercontent.com

Software

Netlify /

Resource Hash

ab0922898b0a95712f2c69aecc9437d64bde5b174c980bee17429c0965213cfa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://kusia.ga/XgzTe?p0p
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: 7a1f571a-9852-45c9-90a0-cb73e4cd4a89-12115008
date: Tue, 05 May 2020 19:31:43 GMT
content-encoding: gzip
server: Netlify
age: 1
etag: "8bdfd48fdc6dc48f123a7fa113d4ae1d-ssl-df"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=0, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 1133

GET
H2 200 XgzTe
api.kusia.ga/api/v1/retrieve/ 284 B
772 B 374ms
374ms XHR
application/json 103.126.226.22
IDNIC-DENEVA-AS-I...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.kusia.ga/api/v1/retrieve/XgzTe
Requested by: Host: kusia.ga
URL: https://kusia.ga/js/chunk-vendors.11046883.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.126.226.22 , Indonesia, ASN138115 (IDNIC-DENEVA-AS-ID PT Deneva, ID),
Reverse DNS: jessie.id.rapidplex.com
Software: /
Resource Hash

Request headers

Accept: application/json, text/plain, */*
Referer: https://kusia.ga/XgzTe?p0p
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
authorization: Bearer M8LSfv64n5mAQ5RMWqOXuHSAWKFS4aBZa9JolKoVafH2mvBIRuU6SDdz53aZoO5SvPka08jvQVVNPIh9Ku6dKoYyZfyQt4plgBHW

Response headers

pragma: no-cache
date: Tue, 05 May 2020 19:31:46 GMT
content-encoding: br
status: 200
x-cache-status: BYPASS
vary: Accept-Encoding
access-control-allow-methods: *
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=0, public
access-control-allow-headers: *
expires: Tue, 05 May 2020 19:31:46 GMT

GET
H/1.1

200
OK

Primary Request signin Show response
resolvemyaccount-paypal.casacam.net/nl/
Redirect Chain

https://cya.nz/4FnS
https://resolvemyaccount-paypal.casacam.net/?secure
https://resolvemyaccount-paypal.casacam.net/nl/signin

12 KB
13 KB

379ms
378ms

Document
text/html

178.62.238.139
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://resolvemyaccount-paypal.casacam.net/nl/signin
Requested by: Host: kusia.ga
URL: https://kusia.ga/js/about.5d2e7602.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.62.238.139 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: c126b32c859efdbbca3b0709b977607e0c2d6a32d442156252143fa6c936f32f

Request headers

Host: resolvemyaccount-paypal.casacam.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://kusia.ga/XgzTe?p0p
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: PHPSESSID=a64582a923b12077b61930af46f1f5fa; access_key=9a4a4d669064504d01976734b969d26f
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://kusia.ga/XgzTe?p0p

Response headers

Date: Tue, 05 May 2020 19:31:48 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Tue, 05 May 2020 19:31:48 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=a64582a923b12077b61930af46f1f5fa; path=/ access_key=9a4a4d669064504d01976734b969d26f; expires=Tue, 05-May-2020 21:31:48 GMT; Max-Age=7200
location: nl/signin
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK myaccount.signin.css
resolvemyaccount-paypal.casacam.net/assets/css/ 81 KB
81 KB 25ms
24ms Stylesheet
text/css 178.62.238.139
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://resolvemyaccount-paypal.casacam.net/assets/css/myaccount.signin.css
Requested by: Host: resolvemyaccount-paypal.casacam.net
URL: https://resolvemyaccount-paypal.casacam.net/nl/signin
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.62.238.139 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: aeca6ed44ebd13a042b3658002538072444f5b395bfa0e01e1eacbbd00c30415

Request headers

Referer: https://resolvemyaccount-paypal.casacam.net/nl/signin
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 19:31:48 GMT
Last-Modified: Sun, 30 Jun 2019 12:46:34 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 83087

GET
H/1.1 200
OK jquery.js Show response
resolvemyaccount-paypal.casacam.net/assets/js/ 86 KB
86 KB 56ms
26ms Script
application/javascript 178.62.238.139
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://resolvemyaccount-paypal.casacam.net/assets/js/jquery.js
Requested by: Host: resolvemyaccount-paypal.casacam.net
URL: https://resolvemyaccount-paypal.casacam.net/nl/signin
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.62.238.139 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: bd6e8593ef34f3b762959d6deaeffe46c5a029ab0a10647df9e637b41fb72cd9

Request headers

Referer: https://resolvemyaccount-paypal.casacam.net/nl/signin
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 19:31:48 GMT
Last-Modified: Tue, 30 Jul 2019 19:52:10 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 88061

GET
H/1.1 200
OK jquery.validate.js Show response
resolvemyaccount-paypal.casacam.net/assets/js/ 24 KB
24 KB 54ms
24ms Script
application/javascript 178.62.238.139
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://resolvemyaccount-paypal.casacam.net/assets/js/jquery.validate.js
Requested by: Host: resolvemyaccount-paypal.casacam.net
URL: https://resolvemyaccount-paypal.casacam.net/nl/signin
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.62.238.139 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 8d4b679684e21e6893b4de26990c9bffba931aad35698a8514f06296cec22ad7

Request headers

Referer: https://resolvemyaccount-paypal.casacam.net/nl/signin
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 19:31:48 GMT
Last-Modified: Tue, 30 Jul 2019 19:51:54 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 24239

GET
H/1.1 200
OK signin.auth.js Show response
resolvemyaccount-paypal.casacam.net/assets/js/ 4 KB
4 KB 59ms
28ms Script
application/javascript 178.62.238.139
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://resolvemyaccount-paypal.casacam.net/assets/js/signin.auth.js
Requested by: Host: resolvemyaccount-paypal.casacam.net
URL: https://resolvemyaccount-paypal.casacam.net/nl/signin
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.62.238.139 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 39c145003eeeddbda6c4ed742ce7a278c222cd47ad05b6233b25bec60ecae8cb

Request headers

Referer: https://resolvemyaccount-paypal.casacam.net/nl/signin
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 19:31:48 GMT
Last-Modified: Tue, 30 Jul 2019 02:11:48 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 4141

GET
H/1.1 200
OK signin.post.js Show response
resolvemyaccount-paypal.casacam.net/assets/js/ 1 KB
2 KB 53ms
23ms Script
application/javascript 178.62.238.139
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://resolvemyaccount-paypal.casacam.net/assets/js/signin.post.js
Requested by: Host: resolvemyaccount-paypal.casacam.net
URL: https://resolvemyaccount-paypal.casacam.net/nl/signin
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.62.238.139 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: eb879339162a1a0b0fbde33df22e6581349df5531a077debb3b598538a72fbf0

Request headers

Referer: https://resolvemyaccount-paypal.casacam.net/nl/signin
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 19:31:48 GMT
Last-Modified: Tue, 30 Jul 2019 02:12:12 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1298

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ae2f35fd8057b3e69fc564355d4389def395c928b9079972b3eec441fc2e45c0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 54436312813c5ba0070898ec0ac998a94e0486d12417a8fa4602cc501a94029e

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK sansregular.woff
resolvemyaccount-paypal.casacam.net/assets/font/ 46 KB
46 KB 23ms
22ms Font
font/woff 178.62.238.139
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://resolvemyaccount-paypal.casacam.net/assets/font/sansregular.woff
Requested by: Host: resolvemyaccount-paypal.casacam.net
URL: https://resolvemyaccount-paypal.casacam.net/nl/signin
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.62.238.139 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://resolvemyaccount-paypal.casacam.net/assets/css/myaccount.signin.css
Origin: https://resolvemyaccount-paypal.casacam.net

Response headers

Date: Tue, 05 May 2020 19:31:48 GMT
Last-Modified: Fri, 28 Jun 2019 18:23:00 GMT
Server: Apache
Content-Type: font/woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 47339

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			resolvemyaccount-paypal.casacam.net/	1970-01-19 09:18:34	Name: access_key Value: 9a4a4d669064504d01976734b969d26f
			resolvemyaccount-paypal.casacam.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: a64582a923b12077b61930af46f1f5fa

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.kusia.ga
cdn.jsdelivr.net
code.jquery.com
cya.nz
kusia.ga
resolvemyaccount-paypal.casacam.net
stackpath.bootstrapcdn.com
www.google-analytics.com
www.googletagmanager.com
103.126.226.22
104.198.14.52
178.62.238.139
2001:4de0:ac19::1:b:1a
2001:4de0:ac19::1:b:1b
222.154.250.47
2606:4700::6810:5614
2a00:1450:4001:81b::200e
2a00:1450:4001:824::2008
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6
39c145003eeeddbda6c4ed742ce7a278c222cd47ad05b6233b25bec60ecae8cb
4fff6f72288426decc4b9b11692bcbae00277f2ec444ffb9cf8b5e6d361878f8
54436312813c5ba0070898ec0ac998a94e0486d12417a8fa4602cc501a94029e
55985504c9b15152ae8d2f6d823db6acf1a4edc8dad0e2dcfbf93b782d8df5f9
5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548
5bedd67cfa8e390a70d1598bf8ea5102d86fb70b9f941fb8bc92b62703199c08
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8d4b679684e21e6893b4de26990c9bffba931aad35698a8514f06296cec22ad7
923f8086bbfaf507583aae4c66814a049dfc3708465d8c6cdf8ab8d7d86245b3
a5ab2a00a0439854f8787a0dda775dea5377ef4905886505c938941d6854ee4f
a5dd79e3df2c1e446df1104ef638708f1d3850ca2fc7273fc106e85debe58e16
ab0922898b0a95712f2c69aecc9437d64bde5b174c980bee17429c0965213cfa
ae2f35fd8057b3e69fc564355d4389def395c928b9079972b3eec441fc2e45c0
ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8
aeca6ed44ebd13a042b3658002538072444f5b395bfa0e01e1eacbbd00c30415
bd6e8593ef34f3b762959d6deaeffe46c5a029ab0a10647df9e637b41fb72cd9
c126b32c859efdbbca3b0709b977607e0c2d6a32d442156252143fa6c936f32f
c548b148e84834b3a057dd7d392c052d15e5d735dda680f68adc76ba9761c199
c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
eb879339162a1a0b0fbde33df22e6581349df5531a077debb3b598538a72fbf0
f9801a0341969ff38f45281836c63f2111d91d0025d2c9df44373e180b9e6b32

resolvemyaccount-paypal.casacam.net Open in urlscan Pro 178.62.238.139 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

24 Requests

100 %HTTPS

56 %IPv6

8 Domains

9 Subdomains

9 IPs

5 Countries

493 kBTransfer

1049 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

2 Cookies

resolvemyaccount-paypal.casacam.net Open in urlscan Pro
178.62.238.139 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

24
Requests

100 %
HTTPS

56 %
IPv6

8
Domains

9
Subdomains

9
IPs

5
Countries

493 kB
Transfer

1049 kB
Size

2
Cookies

24 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!