Submitted URL: http://bit.ly/2Q415oB
Effective URL: https://needdecemberintlus.serveftp.com/signin/
Submission: On December 28 via manual from US

Summary

This website contacted 8 IPs in 3 countries across 11 domains to perform 22 HTTP transactions. The main IP is 159.203.182.233, located in North Bergen, United States and belongs to DIGITALOCEAN-ASN - DigitalOcean, LLC, US. The main domain is needdecemberintlus.serveftp.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on December 28th 2018. Valid for: 3 months.
This is the only time needdecemberintlus.serveftp.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 67.199.248.11 395224 (BITLY-AS)
1 13.58.57.95 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2 45.40.140.1 26496 (AS-26496-...)
2 5 159.203.182.233 14061 (DIGITALOC...)
11 2.18.232.222 16625 (AKAMAI-AS)
1 2 176.120.18.70 198911 (BML-AS)
22 8
Domain Requested by
7 www.paypalobjects.com needdecemberintlus.serveftp.com
5 needdecemberintlus.serveftp.com 2 redirects uqr.to
needdecemberintlus.serveftp.com
www.paypalobjects.com
3 c.paypal.com needdecemberintlus.serveftp.com
www.paypalobjects.com
3 www.google-analytics.com
2 x.co 2 redirects
2 stats.g.doubleclick.net 1 redirects
1 t.paypal.com
1 dub.stats.paypal.com
1 b.stats.paypal.com 1 redirects
1 www.google.de
1 www.google.com 1 redirects
1 www.googletagmanager.com uqr.to
1 uqr.to
1 bit.ly 1 redirects
22 14

This site contains no links.

Subject Issuer Validity Valid
*.google-analytics.com
Google Internet Authority G3
2018-12-04 -
2019-02-26
3 months crt.sh
www.google.de
Google Internet Authority G3
2018-12-04 -
2019-02-26
3 months crt.sh
*.g.doubleclick.net
Google Internet Authority G3
2018-12-04 -
2019-02-26
3 months crt.sh
needdecemberintlus.serveftp.com
Let's Encrypt Authority X3
2018-12-28 -
2019-03-28
3 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA
2018-08-14 -
2020-08-18
2 years crt.sh
b.stats.paypal.com
DigiCert SHA2 High Assurance Server CA
2018-02-16 -
2020-04-29
2 years crt.sh

This page contains 3 frames:

Primary Page: https://needdecemberintlus.serveftp.com/signin/
Frame ID: 7A5FDEE808C8524E82173D7358E81EA3
Requests: 20 HTTP requests in this frame

Frame: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
Frame ID: 0BF948B5FBF48A043E311A41446097B9
Requests: 1 HTTP requests in this frame

Frame: https://dub.stats.paypal.com/counter2.cgi
Frame ID: 1EB801F47D3A3A2FB853A2A7C4833FA4
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://bit.ly/2Q415oB HTTP 301
    http://uqr.to/dgfr Page URL
  2. http://x.co/6nbhJ HTTP 301
    https://x.co/6nbhJ HTTP 302
    https://needdecemberintlus.serveftp.com/ HTTP 302
    https://needdecemberintlus.serveftp.com/signin HTTP 301
    https://needdecemberintlus.serveftp.com/signin/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Ubuntu/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Overall confidence: 100%
Detected patterns
  • env /^Backbone$/i

Overall confidence: 100%
Detected patterns
  • script /paypalobjects\.com\/js/i
  • env /^PAYPAL$/i

Overall confidence: 100%
Detected patterns
  • script /require.*\.js/i
  • env /^requirejs$/i

Overall confidence: 100%
Detected patterns
  • script /modernizr(?:-([\d.]*[\d]))?.*\.js/i
  • env /^Modernizr$/i

Overall confidence: 100%
Detected patterns
  • env /^s_(?:account|objectID|code|INST)$/i

Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Overall confidence: 100%
Detected patterns
  • env /^Backbone$/i

Page Statistics

22
Requests

91 %
HTTPS

45 %
IPv6

11
Domains

14
Subdomains

8
IPs

3
Countries

233 kB
Transfer

705 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://bit.ly/2Q415oB HTTP 301
    http://uqr.to/dgfr Page URL
  2. http://x.co/6nbhJ HTTP 301
    https://x.co/6nbhJ HTTP 302
    https://needdecemberintlus.serveftp.com/ HTTP 302
    https://needdecemberintlus.serveftp.com/signin HTTP 301
    https://needdecemberintlus.serveftp.com/signin/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://bit.ly/2Q415oB HTTP 301
  • http://uqr.to/dgfr
Request Chain 2
  • http://www.google-analytics.com/analytics.js HTTP 307
  • https://www.google-analytics.com/analytics.js
Request Chain 3
  • http://www.google-analytics.com/collect?v=1&_v=j72&a=324203586&t=pageview&_s=1&dl=http%3A%2F%2Fuqr.to%2Fdgfr&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEAB~&jid=955537811&gjid=1862296200&cid=1510636462.1546031655&tid=UA-18982026-1&_gid=1751435549.1546031655&gtm=2wgbc0NSZ7GSJ&cd1=1&cd2=525424&z=309656731 HTTP 307
  • https://www.google-analytics.com/collect?v=1&_v=j72&a=324203586&t=pageview&_s=1&dl=http%3A%2F%2Fuqr.to%2Fdgfr&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEAB~&jid=955537811&gjid=1862296200&cid=1510636462.1546031655&tid=UA-18982026-1&_gid=1751435549.1546031655&gtm=2wgbc0NSZ7GSJ&cd1=1&cd2=525424&z=309656731
Request Chain 4
  • https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j72&tid=UA-18982026-1&cid=1510636462.1546031655&jid=955537811&gjid=1862296200&_gid=1751435549.1546031655&_u=YGBAgEAB~&z=123549089 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-18982026-1&cid=1510636462.1546031655&jid=955537811&_v=j72&z=123549089 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-18982026-1&cid=1510636462.1546031655&jid=955537811&_v=j72&z=123549089&slf_rd=1&random=1184027598
Request Chain 5
  • http://www.google-analytics.com/collect?v=1&_v=j72&a=324203586&t=pageview&_s=1&dl=http%3A%2F%2Fuqr.to%2Fdgfr&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDAgEAB~&jid=823344050&gjid=1994727808&cid=1510636462.1546031655&tid=UA-18982026-3&_gid=1751435549.1546031655&gtm=2wgbc0NSZ7GSJ&cd1=525424&cd2=%20-%20test&z=414347404 HTTP 307
  • https://www.google-analytics.com/collect?v=1&_v=j72&a=324203586&t=pageview&_s=1&dl=http%3A%2F%2Fuqr.to%2Fdgfr&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDAgEAB~&jid=823344050&gjid=1994727808&cid=1510636462.1546031655&tid=UA-18982026-3&_gid=1751435549.1546031655&gtm=2wgbc0NSZ7GSJ&cd1=525424&cd2=%20-%20test&z=414347404
Request Chain 19
  • https://b.stats.paypal.com/v1/counter.cgi?r=cD00ZjRhZTM0NjAxZWY0ZTU3YjcyZDRiZjI5OTkwZjlhNSZpPTE4MC4yNDEuMTYwLjE1MiZ0PTE0Njc1OTIxMjcuNDI3JmE9MjEmcz1VTklGSUVEX0xPR0lOe5GqkUpE1nuzTOJZFqQJRsReCxw HTTP 302
  • https://dub.stats.paypal.com/counter2.cgi

22 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Cookie set dgfr
uqr.to/
Redirect Chain
  • http://bit.ly/2Q415oB
  • http://uqr.to/dgfr
1 KB
1 KB
Document
General
Full URL
http://uqr.to/dgfr
Protocol
HTTP/1.1
Server
13.58.57.95 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-13-58-57-95.us-east-2.compute.amazonaws.com
Software
Apache/2.4.37 (Ubuntu) /
Resource Hash
8fc1914c5946baba0d0d209bac0d8a57367517c9f89e281cef0f02146b7fef60

Request headers

Host
uqr.to
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 28 Dec 2018 21:14:14 GMT
Server
Apache/2.4.37 (Ubuntu)
Cache-Control
no-cache, private, max-age=2592000
Set-Cookie
device_view=full; expires=Mon, 28-Jan-2019 21:14:15 GMT; Max-Age=2678400; path=/; HttpOnly
Expires
Sun, 27 Jan 2019 21:14:14 GMT
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
708
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Redirect headers

Server
nginx
Date
Fri, 28 Dec 2018 21:14:14 GMT
Content-Type
text/html; charset=utf-8
Content-Length
105
Connection
keep-alive
Cache-Control
private, max-age=90
Location
http://uqr.to/dgfr
Set-Cookie
_bit=ibslee-bc96542e7c19991eca-00c; Domain=bit.ly; Expires=Wed, 26 Jun 2019 21:14:14 GMT
gtm.js
www.googletagmanager.com/
75 KB
26 KB
Script
General
Full URL
http://www.googletagmanager.com/gtm.js?id=GTM-NSZ7GSJ&l=uqtdl
Requested by
Host: uqr.to
URL: http://uqr.to/dgfr
Protocol
HTTP/1.1
Server
2a00:1450:4001:821::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager (scaffolding) /
Resource Hash
de92ba2956d73e027bd92f5d60d29356ccb024b4a0e2be07357fa90a760467b7
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
http://uqr.to/dgfr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 28 Dec 2018 21:14:15 GMT
Content-Encoding
gzip
Server
Google Tag Manager (scaffolding)
Vary
Accept-Encoding
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
http://www.googletagmanager.com
Cache-Control
private, max-age=900
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
Cache-Control
Content-Length
26056
X-XSS-Protection
1; mode=block
Expires
Fri, 28 Dec 2018 21:14:15 GMT
analytics.js
www.google-analytics.com/
Redirect Chain
  • http://www.google-analytics.com/analytics.js
  • https://www.google-analytics.com/analytics.js
43 KB
17 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:808::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://uqr.to/dgfr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 05 Nov 2018 21:10:09 GMT
server
Golfe2
age
7194
date
Fri, 28 Dec 2018 19:14:21 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
17404
expires
Fri, 28 Dec 2018 21:14:21 GMT

Redirect headers

Location
https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason
HSTS
collect
www.google-analytics.com/
Redirect Chain
  • http://www.google-analytics.com/collect?v=1&_v=j72&a=324203586&t=pageview&_s=1&dl=http%3A%2F%2Fuqr.to%2Fdgfr&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEAB~&jid=955537811&gj...
  • https://www.google-analytics.com/collect?v=1&_v=j72&a=324203586&t=pageview&_s=1&dl=http%3A%2F%2Fuqr.to%2Fdgfr&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEAB~&jid=955537811&g...
35 B
99 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j72&a=324203586&t=pageview&_s=1&dl=http%3A%2F%2Fuqr.to%2Fdgfr&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEAB~&jid=955537811&gjid=1862296200&cid=1510636462.1546031655&tid=UA-18982026-1&_gid=1751435549.1546031655&gtm=2wgbc0NSZ7GSJ&cd1=1&cd2=525424&z=309656731
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:808::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://uqr.to/dgfr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Dec 2018 04:48:53 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
836722
content-type
image/gif
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
cache-control
no-cache, no-store, must-revalidate
access-control-allow-origin
*
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://www.google-analytics.com/collect?v=1&_v=j72&a=324203586&t=pageview&_s=1&dl=http%3A%2F%2Fuqr.to%2Fdgfr&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEAB~&jid=955537811&gjid=1862296200&cid=1510636462.1546031655&tid=UA-18982026-1&_gid=1751435549.1546031655&gtm=2wgbc0NSZ7GSJ&cd1=1&cd2=525424&z=309656731
Non-Authoritative-Reason
HSTS
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j72&tid=UA-18982026-1&cid=1510636462.1546031655&jid=955537811&gjid=1862296200&_gid=1751435549.1546031655&_u=YGBAgEAB~&z=123549089
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-18982026-1&cid=1510636462.1546031655&jid=955537811&_v=j72&z=123549089
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-18982026-1&cid=1510636462.1546031655&jid=955537811&_v=j72&z=123549089&slf_rd=1&random=1184027598
42 B
109 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-18982026-1&cid=1510636462.1546031655&jid=955537811&_v=j72&z=123549089&slf_rd=1&random=1184027598
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:816::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://uqr.to/dgfr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 28 Dec 2018 21:14:15 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 28 Dec 2018 21:14:15 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-18982026-1&cid=1510636462.1546031655&jid=955537811&_v=j72&z=123549089&slf_rd=1&random=1184027598
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
0
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
Redirect Chain
  • http://www.google-analytics.com/collect?v=1&_v=j72&a=324203586&t=pageview&_s=1&dl=http%3A%2F%2Fuqr.to%2Fdgfr&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDAgEAB~&jid=823344050&gj...
  • https://www.google-analytics.com/collect?v=1&_v=j72&a=324203586&t=pageview&_s=1&dl=http%3A%2F%2Fuqr.to%2Fdgfr&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDAgEAB~&jid=823344050&g...
35 B
93 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j72&a=324203586&t=pageview&_s=1&dl=http%3A%2F%2Fuqr.to%2Fdgfr&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDAgEAB~&jid=823344050&gjid=1994727808&cid=1510636462.1546031655&tid=UA-18982026-3&_gid=1751435549.1546031655&gtm=2wgbc0NSZ7GSJ&cd1=525424&cd2=%20-%20test&z=414347404
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:808::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://uqr.to/dgfr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Dec 2018 04:48:53 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
836722
content-type
image/gif
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
cache-control
no-cache, no-store, must-revalidate
access-control-allow-origin
*
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://www.google-analytics.com/collect?v=1&_v=j72&a=324203586&t=pageview&_s=1&dl=http%3A%2F%2Fuqr.to%2Fdgfr&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDAgEAB~&jid=823344050&gjid=1994727808&cid=1510636462.1546031655&tid=UA-18982026-3&_gid=1751435549.1546031655&gtm=2wgbc0NSZ7GSJ&cd1=525424&cd2=%20-%20test&z=414347404
Non-Authoritative-Reason
HSTS
collect
stats.g.doubleclick.net/r/
35 B
110 B
Image
General
Full URL
https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j72&tid=UA-18982026-3&cid=1510636462.1546031655&jid=823344050&gjid=1994727808&_gid=1751435549.1546031655&_u=YGDAgEAB~&z=513934514
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:400c:c08::9b , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://uqr.to/dgfr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
date
Fri, 28 Dec 2018 21:14:15 GMT
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
Primary Request /
needdecemberintlus.serveftp.com/signin/
Redirect Chain
  • http://x.co/6nbhJ
  • https://x.co/6nbhJ
  • https://needdecemberintlus.serveftp.com/
  • https://needdecemberintlus.serveftp.com/signin
  • https://needdecemberintlus.serveftp.com/signin/
15 KB
6 KB
Document
General
Full URL
https://needdecemberintlus.serveftp.com/signin/
Requested by
Host: uqr.to
URL: http://uqr.to/dgfr
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.203.182.233 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software
Apache /
Resource Hash
6ccb7bf0b374aa97f404c72be0c81d5ce04d3d0d7bbc5e238c3b7f1f287d37b2

Request headers

Host
needdecemberintlus.serveftp.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://uqr.to/dgfr
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://uqr.to/dgfr

Response headers

Date
Fri, 28 Dec 2018 21:14:16 GMT
Server
Apache
Content-Encoding
gzip
Vary
Accept-Encoding
Keep-Alive
timeout=5, max=98
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Fri, 28 Dec 2018 21:14:16 GMT
Server
Apache
Location
https://needdecemberintlus.serveftp.com/signin/
Content-Length
255
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
app.css
www.paypalobjects.com/web/res/dd1/3776a01d8c6d0e1d251f0de8e5e55/css/
41 KB
8 KB
Stylesheet
General
Full URL
https://www.paypalobjects.com/web/res/dd1/3776a01d8c6d0e1d251f0de8e5e55/css/app.css
Requested by
Host: needdecemberintlus.serveftp.com
URL: https://needdecemberintlus.serveftp.com/signin/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
2f55d1691615c70e7f2bd076b025b17de86275a13f5e47d1aba3bbc80e4f2672
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://needdecemberintlus.serveftp.com/signin/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 28 Dec 2018 21:14:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 01 Jul 2016 03:12:01 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7776000
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
8118
expires
Thu, 28 Mar 2019 21:14:16 GMT
modernizr-2.6.1.js
www.paypalobjects.com/web/res/dd1/3776a01d8c6d0e1d251f0de8e5e55/js/lib/
4 KB
2 KB
Script
General
Full URL
https://www.paypalobjects.com/web/res/dd1/3776a01d8c6d0e1d251f0de8e5e55/js/lib/modernizr-2.6.1.js
Requested by
Host: needdecemberintlus.serveftp.com
URL: https://needdecemberintlus.serveftp.com/signin/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://needdecemberintlus.serveftp.com/signin/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 28 Dec 2018 21:14:17 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=31536000
content-encoding
gzip
content-length
1788
last-modified
Fri, 01 Jul 2016 03:12:01 GMT
server
Apache
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=7776000
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
expires
Thu, 28 Mar 2019 21:14:17 GMT
fb-all-prod.pp2.min.js
c.paypal.com/webstatic/r/fb/
58 KB
18 KB
Script
General
Full URL
https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
Requested by
Host: needdecemberintlus.serveftp.com
URL: https://needdecemberintlus.serveftp.com/signin/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
eda0a3b80b9a6c146817151721cb4e4c38bb88bae41419df26f5f67156fa14b3

Request headers

Referer
https://needdecemberintlus.serveftp.com/signin/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 28 Dec 2018 21:14:16 GMT
X-Pad
avoid browser bug
Last-Modified
Wed, 04 Oct 2017 04:33:25 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=86400
Connection
keep-alive
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
18154
Expires
Sat, 29 Dec 2018 21:14:16 GMT
require.js
www.paypalobjects.com/web/res/dd1/3776a01d8c6d0e1d251f0de8e5e55/js/lib/
15 KB
6 KB
Script
General
Full URL
https://www.paypalobjects.com/web/res/dd1/3776a01d8c6d0e1d251f0de8e5e55/js/lib/require.js
Requested by
Host: needdecemberintlus.serveftp.com
URL: https://needdecemberintlus.serveftp.com/signin/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c007d73792ac2d25882bfbb573e700e721a0adacfab947e6a0b64a61991fecf0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://needdecemberintlus.serveftp.com/signin/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 28 Dec 2018 21:14:16 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=31536000
content-encoding
gzip
content-length
5999
last-modified
Fri, 01 Jul 2016 03:12:01 GMT
server
Apache
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=7776000
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
expires
Thu, 28 Mar 2019 21:14:16 GMT
app.js
www.paypalobjects.com/web/res/dd1/3776a01d8c6d0e1d251f0de8e5e55/js/
297 KB
91 KB
Script
General
Full URL
https://www.paypalobjects.com/web/res/dd1/3776a01d8c6d0e1d251f0de8e5e55/js/app.js
Requested by
Host: needdecemberintlus.serveftp.com
URL: https://needdecemberintlus.serveftp.com/signin/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ab4017e3f5f315af5f2e8ee8b184180ed2cc8ee6eab6df7fbaa7c7716036a9b8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://needdecemberintlus.serveftp.com/signin/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 28 Dec 2018 21:14:17 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=31536000
content-encoding
gzip
content-length
93161
last-modified
Fri, 01 Jul 2016 03:12:01 GMT
server
Apache
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=7776000
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
expires
Thu, 28 Mar 2019 21:14:17 GMT
pp_jscode_080706.js
www.paypalobjects.com/js/site_catalyst/
60 KB
23 KB
Script
General
Full URL
https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js
Requested by
Host: needdecemberintlus.serveftp.com
URL: https://needdecemberintlus.serveftp.com/signin/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
18c9428f5ed837e027c6fcf29afe9d1f63a1e1e5b53ee1dc6373cf1cd1ea22aa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://needdecemberintlus.serveftp.com/signin/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 28 Dec 2018 21:14:17 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=31536000
content-encoding
gzip
content-length
22880
last-modified
Mon, 15 Oct 2018 07:50:33 GMT
server
Apache
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=7776000
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
expires
Thu, 28 Mar 2019 21:14:17 GMT
pa.js
www.paypalobjects.com/pa/js/
34 KB
12 KB
Script
General
Full URL
https://www.paypalobjects.com/pa/js/pa.js
Requested by
Host: needdecemberintlus.serveftp.com
URL: https://needdecemberintlus.serveftp.com/signin/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6c7f4c40b3d0a594b08bb341aab45af2a7b6ac1c7906eaa7d2d642d6a5a0e91f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://needdecemberintlus.serveftp.com/signin/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 28 Dec 2018 21:14:16 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=31536000
content-encoding
gzip
content-length
11924
last-modified
Sat, 15 Dec 2018 18:52:36 GMT
server
Apache
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
expires
Fri, 28 Dec 2018 22:14:16 GMT
paypal-logo-129x32.svg
www.paypalobjects.com/images/shared/
5 KB
2 KB
Image
General
Full URL
https://www.paypalobjects.com/images/shared/paypal-logo-129x32.svg
Requested by
Host: needdecemberintlus.serveftp.com
URL: https://needdecemberintlus.serveftp.com/signin/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypalobjects.com/web/res/dd1/3776a01d8c6d0e1d251f0de8e5e55/css/app.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 28 Dec 2018 21:14:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 24 Oct 2014 22:52:57 GMT
server
Apache
access-control-allow-origin
*
vary
Accept-Encoding
content-type
image/svg+xml
status
200
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
1929
expires
Sun, 27 Jan 2019 21:14:17 GMT
i
c.paypal.com/v1/r/d/ Frame 0BF9
0
0
Document
General
Full URL
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
Requested by
Host: needdecemberintlus.serveftp.com
URL: https://needdecemberintlus.serveftp.com/signin/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash

Request headers

:method
GET
:authority
c.paypal.com
:scheme
https
:path
/v1/r/d/i?js_src=https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://needdecemberintlus.serveftp.com/signin/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://needdecemberintlus.serveftp.com/signin/

Response headers

status
200
server
Apache
x-cnection
keep-alive, close
correlation-id
3092f91e4ab5c
server_info
riskfraudnetapiserv:ppaas_1_2.v1.r.d.i.GET&CalThreadId=130&TopLevelTxnStartTime=167f51a08bc&Host=ccg23b01riskfraudnetapiserv1768&pid=3177
http_x_pp_az_locator
ccg23.lvs
paypal-debug-id
3092f91e4ab5c
pragma
no-cache
content-type
text/html;charset=UTF-8
vary
Accept-Encoding
content-encoding
gzip
content-length
160
cache-control
no-cache, no-store, must-revalidate
date
Fri, 28 Dec 2018 21:14:17 GMT
verifychallenge
needdecemberintlus.serveftp.com/auth/
337 B
537 B
XHR
General
Full URL
https://needdecemberintlus.serveftp.com/auth/verifychallenge
Requested by
Host: needdecemberintlus.serveftp.com
URL: https://needdecemberintlus.serveftp.com/signin/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.203.182.233 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software
Apache /
Resource Hash
607926bdd974e2fe1da587c5ae5ccc2bd335d67c9333830cc8b9d1bcb710705d

Request headers

Pragma
no-cache
Origin
https://needdecemberintlus.serveftp.com
Accept-Encoding
gzip, deflate, br
Host
needdecemberintlus.serveftp.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type
application/x-www-form-urlencoded
Accept
*/*
Cache-Control
no-cache
Referer
https://needdecemberintlus.serveftp.com/signin/
Connection
keep-alive
Content-Length
175
Referer
https://needdecemberintlus.serveftp.com/signin/
Origin
https://needdecemberintlus.serveftp.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

Date
Fri, 28 Dec 2018 21:14:17 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=97
Content-Length
337
Content-Type
text/html; charset=iso-8859-1
challenge.js
needdecemberintlus.serveftp.com/auth/createchallenge/a72570e5b9cbc4e4/
367 B
567 B
XHR
General
Full URL
https://needdecemberintlus.serveftp.com/auth/createchallenge/a72570e5b9cbc4e4/challenge.js
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/web/res/dd1/3776a01d8c6d0e1d251f0de8e5e55/js/app.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.203.182.233 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software
Apache /
Resource Hash
6ad23cd64c3ac42db44de7e487b527cdc37d323911b55b5d373c54deaf49794c

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, br
Host
needdecemberintlus.serveftp.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
https://needdecemberintlus.serveftp.com/signin/
X-Requested-With
XMLHttpRequest
Connection
keep-alive
Cache-Control
no-cache
Accept
*/*
Referer
https://needdecemberintlus.serveftp.com/signin/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 28 Dec 2018 21:14:17 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=96
Content-Length
367
Content-Type
text/html; charset=iso-8859-1
fb-all-prod.pp2.min.js
c.paypal.com/webstatic/r/fb/
58 KB
18 KB
Script
General
Full URL
https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/web/res/dd1/3776a01d8c6d0e1d251f0de8e5e55/js/lib/require.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
eda0a3b80b9a6c146817151721cb4e4c38bb88bae41419df26f5f67156fa14b3

Request headers

Referer
https://needdecemberintlus.serveftp.com/signin/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 28 Dec 2018 21:14:17 GMT
x-pad
avoid browser bug
last-modified
Wed, 04 Oct 2017 04:33:25 GMT
server
Apache
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=86400
accept-ranges
bytes
content-encoding
gzip
content-length
18154
expires
Sat, 29 Dec 2018 21:14:17 GMT
counter2.cgi
dub.stats.paypal.com/ Frame 1EB8
Redirect Chain
  • https://b.stats.paypal.com/v1/counter.cgi?r=cD00ZjRhZTM0NjAxZWY0ZTU3YjcyZDRiZjI5OTkwZjlhNSZpPTE4MC4yNDEuMTYwLjE1MiZ0PTE0Njc1OTIxMjcuNDI3JmE9MjEmcz1VTklGSUVEX0xPR0lOe5GqkUpE1nuzTOJZFqQJRsReCxw
  • https://dub.stats.paypal.com/counter2.cgi
42 B
494 B
Image
General
Full URL
https://dub.stats.paypal.com/counter2.cgi
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
176.120.18.70 , United States, ASN198911 (BML-AS, US),
Reverse DNS
Software
/
Resource Hash
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer
https://needdecemberintlus.serveftp.com/signin/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 28 Dec 2018 21:14:17 GMT
Cache-Control
private, must-revalidate, proxy-revalidate
Server
Connection
close
ETag
"caccbdfb99b3102458be"
Content-Length
42
Content-type
image/jpeg

Redirect headers

Location
https://dub.stats.paypal.com/counter2.cgi
Date
Fri, 28 Dec 2018 21:14:17 GMT
Server
Connection
close
Content-Length
289
Content-Type
text/html; charset=utf-8
ts
t.paypal.com/
42 B
494 B
Image
General
Full URL
https://t.paypal.com/ts?v=1.3.3&t=1546031657197&g=0&e=im&pgrp=main%3Aunifiedloginnodeweb%3A%3A%3Alogin-captcha&page=main%3Aunifiedloginnodeweb%3A%3A%3Alogin-captcha%3A%3A%3A&tmpl=unifiedloginnodeweb%2Fpublic%2Ftemplates%2Flogin.dust&pgst=1467592127381&lgin=%3A%3A&vers=unifiedloginnodeweb&calc=b7274a1059ef6&rsta=en_US&pgtf=Nodejs&s=ci&csci=4f4ae34601ef4e57b72d4bf29990f9a5&comp=unifiedloginnodeweb&tsrce=mppnodeweb&view=%7B%22t10%22%3A1295%2C%22t11%22%3A1698%2C%22tcp%22%3A1552%2C%22nt%22%3A%22navigate%22%2C%22ebs%22%3A5892%7D&pt=Log%20in%20to%20your%20PayPal%20account&ru=http%3A%2F%2Fuqr.to%2Fdgfr&cd=24&sw=1600&sh=1200&dw=1600&dh=1200&bw=1600&bh=1200&ce=1&t1=1&t1c=0&t1d=0&t1s=0&t2=112&t3=4&t4d=219&t4=234&t4e=15&tt=1647&res=%7B%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
akka-http/10.1.5 /
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer
https://needdecemberintlus.serveftp.com/signin/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 28 Dec 2018 21:14:17 GMT
server
akka-http/10.1.5
p3p
policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
status
200
http_x_pp_az_locator
slca.slc
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
42
expires
Fri, 28 Dec 2018 21:14:17 GMT

Verdicts & Comments Add Verdict or Comment

62 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| html5 object| Modernizr object| antiClickjack function| AjaxRequest string| PP_SERVICE_URL string| BASE_SWF_URL string| BEACON_BASE_URL string| PP_IFRAME_JS_URL string| PP_NEW_SERVICE_URL string| PP_VERSION object| Configuration object| PFB_4732Config object| PFB_4732 object| dataCollector object| fp undefined| runFb function| initTsFb object| jstz function| SwfStore function| SlvtStore function| require function| requirejs function| define function| extend function| $ function| jQuery object| dust function| _ object| Backbone string| sc_code_ver string| s_account object| s function| s_doPlugins string| s_code string| s_objectID function| s_gi function| s_giqf string| s_an function| s_sp function| s_jn function| s_rep function| s_d function| s_fe function| s_fa function| s_ft object| s_c_il number| s_c_in number| s_giq function| scOnload object| PAYPAL object| fpti string| fptiserverurl object| _ifpti function| clientCalLog function| cdebbdcdce object| jQuery180006366573177561463 boolean| webkit string| j object| s_i_paypal

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

b.stats.paypal.com
bit.ly
c.paypal.com
dub.stats.paypal.com
needdecemberintlus.serveftp.com
stats.g.doubleclick.net
t.paypal.com
uqr.to
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.paypalobjects.com
x.co
13.58.57.95
159.203.182.233
176.120.18.70
2.18.232.222
2a00:1450:4001:808::200e
2a00:1450:4001:816::2003
2a00:1450:4001:819::2004
2a00:1450:4001:821::2008
2a00:1450:400c:c08::9b
45.40.140.1
67.199.248.11
18c9428f5ed837e027c6fcf29afe9d1f63a1e1e5b53ee1dc6373cf1cd1ea22aa
2f55d1691615c70e7f2bd076b025b17de86275a13f5e47d1aba3bbc80e4f2672
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
607926bdd974e2fe1da587c5ae5ccc2bd335d67c9333830cc8b9d1bcb710705d
6ad23cd64c3ac42db44de7e487b527cdc37d323911b55b5d373c54deaf49794c
6c7f4c40b3d0a594b08bb341aab45af2a7b6ac1c7906eaa7d2d642d6a5a0e91f
6ccb7bf0b374aa97f404c72be0c81d5ce04d3d0d7bbc5e238c3b7f1f287d37b2
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8fc1914c5946baba0d0d209bac0d8a57367517c9f89e281cef0f02146b7fef60
a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44
ab4017e3f5f315af5f2e8ee8b184180ed2cc8ee6eab6df7fbaa7c7716036a9b8
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255
c007d73792ac2d25882bfbb573e700e721a0adacfab947e6a0b64a61991fecf0
de92ba2956d73e027bd92f5d60d29356ccb024b4a0e2be07357fa90a760467b7
eda0a3b80b9a6c146817151721cb4e4c38bb88bae41419df26f5f67156fa14b3