| paypalinvoicedepartment.com/login.php | 103.194.228.34 | 302 Found | 244 B |
URL User Request GET HTTP/1.1paypalinvoicedepartment.com/login.php IP103.194.228.34:80
File typeHTML document, ASCII text Hash92f25830beeb1eb8855eea57fa92001b f636801e243852af4c4c4790d7280087340f6c8d c0325e9292ecb8125f8e86cb073d213f75cb9699ec70ca1127f97b672a01f076
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /login.php HTTP/1.1
Host: paypalinvoicedepartment.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Sat, 04 May 2024 13:17:11 GMT
Server: Apache
Location: http://paypalinvoicedepartment.com/cgi-sys/suspendedpage.cgi
Content-Length: 244
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
|
|
| paypalinvoicedepartment.com/cgi-sys/suspendedpage.cgi | 103.194.228.34 | 200 OK | 7.6 kB |
URL GET HTTP/1.1paypalinvoicedepartment.com/cgi-sys/suspendedpage.cgi IP103.194.228.34:80
Requested byhttp://paypalinvoicedepartment.com/cgi-sys/suspendedpage.cgi
File typeHTML document, ASCII text, with very long lines (4070) Hash7daf4c6b4011a8dc44ae125bc96f3cdd 790337fd7b25a4baf2427ccf68ca3b79e406dbcc fdf3b821e541f977c0ccb31407e6b208219f67b87a29bbc83f2f48a8af66c7d8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: paypalinvoicedepartment.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 13:17:11 GMT
Server: Apache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
|
|
| use.fontawesome.com/releases/v5.0.6/css/all.css | 172.67.142.245 | 200 OK | 7.5 kB |
URL GET HTTP/1.1use.fontawesome.com/releases/v5.0.6/css/all.css IP172.67.142.245:80
Requested byhttp://paypalinvoicedepartment.com/cgi-sys/suspendedpage.cgi
File typeASCII text, with very long lines (34556) Hash42eaa52604673b64d6b356c2fd7f87e3 6b59cb703b2d4a7a2691f13008062b46a6bc7fdb ed0f122470c4d13d86bbabdc38046d743d0228204a56d786d2e17bd83fd358ce
GET /releases/v5.0.6/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://paypalinvoicedepartment.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 13:17:12 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=31556926
ETag: W/"42eaa52604673b64d6b356c2fd7f87e3"
Last-Modified: Fri, 22 Sep 2023 01:44:11 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 330624
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RjhNrzTPsT%2Bi%2BrfQYStUqcZZkoqdYHZqdcArn8uDYotcKKza92C0GqZirej7msz2VwcQ8OzkCFlj9xuG0JE1Mm8bPhNlgNwpBYnQtLSlVCkaf4%2FA7NNKeDEkFH5bOkDFlYcHu5eW"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87e8c506dd247128-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| paypalinvoicedepartment.com/favicon.ico | 103.194.228.34 | 302 Found | 244 B |
URL GET HTTP/1.1paypalinvoicedepartment.com/favicon.ico IP103.194.228.34:80
Requested byhttp://paypalinvoicedepartment.com/cgi-sys/suspendedpage.cgi
File typeHTML document, ASCII text Hash92f25830beeb1eb8855eea57fa92001b f636801e243852af4c4c4790d7280087340f6c8d c0325e9292ecb8125f8e86cb073d213f75cb9699ec70ca1127f97b672a01f076
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: paypalinvoicedepartment.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://paypalinvoicedepartment.com/cgi-sys/suspendedpage.cgi
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Sat, 04 May 2024 13:17:12 GMT
Server: Apache
Location: http://paypalinvoicedepartment.com/cgi-sys/suspendedpage.cgi
Content-Length: 244
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
|
|
| use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.woff2 | 172.67.142.245 | 200 OK | 39 kB |
URL GET HTTP/1.1use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.woff2 IP172.67.142.245:80
Requested byhttp://paypalinvoicedepartment.com/cgi-sys/suspendedpage.cgi
File typeWeb Open Font Format (Version 2), TrueType, length 38784, version 1.0 Hashf9b85c9463af7103b9b24bbbf09a06ed d28d7222bcbeb8ea701a771e85f7efe006e62fb1 62554277d07b20c6bfae7c6267b3198b4846f604a37d4085bf9f54c392210b56
GET /releases/v5.0.6/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://paypalinvoicedepartment.com
DNT: 1
Connection: keep-alive
Referer: http://use.fontawesome.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 13:17:12 GMT
Content-Type: application/font-woff2
Content-Length: 38784
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=31556926
ETag: "f9b85c9463af7103b9b24bbbf09a06ed"
Last-Modified: Fri, 22 Sep 2023 01:44:10 GMT
Vary: Origin, Accept-Encoding
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Ik2mWUbE6X70ljpLYejzQGq3dP3KywbvUbLXC%2BpUeMugERuRzNHHAxrAThkfvZyBGnx5pDi1UOKlsUMhHivW6bra6AGrZJEvSO1S7BHXU95h0XRnN23co%2BUXLx%2BbC8E7CTjopbk"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87e8c50768ab1c06-OSL
alt-svc: h2=":443"; ma=60
|
|
| paypalinvoicedepartment.com/cgi-sys/suspendedpage.cgi | 103.194.228.34 | 200 OK | 7.6 kB |
URL GET HTTP/1.1paypalinvoicedepartment.com/cgi-sys/suspendedpage.cgi IP103.194.228.34:80
Requested byhttp://paypalinvoicedepartment.com/cgi-sys/suspendedpage.cgi
File typeHTML document, ASCII text, with very long lines (4070) Hash7daf4c6b4011a8dc44ae125bc96f3cdd 790337fd7b25a4baf2427ccf68ca3b79e406dbcc fdf3b821e541f977c0ccb31407e6b208219f67b87a29bbc83f2f48a8af66c7d8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: paypalinvoicedepartment.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://paypalinvoicedepartment.com/cgi-sys/suspendedpage.cgi
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 13:17:12 GMT
Server: Apache
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
|
|