webapps-ssl.paypal.com.recovrt-accutser.net Open in urlscan Pro
74.63.245.246 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity
Submission: On March 04 via automatic, source phishtank (March 4th 2018, 9:38:33 pm UTC)

Summary HTTP 11 Redirects Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 74.63.245.246, located in Dallas, United States and belongs to LIMESTONENETWORKS - Limestone Networks, Inc., US. The main domain is webapps-ssl.paypal.com.recovrt-accutser.net.
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 26th 2018. Valid for: 3 months.

This is the only time webapps-ssl.paypal.com.recovrt-accutser.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address		AS Autonomous System
11	74.63.245.246 74.63.245.246		46475 (LIMESTONE...) (LIMESTONENETWORKS - Limestone Networks)
11	1

11 74.63.245.246 (Dallas, United States)

ASN46475 (LIMESTONENETWORKS - Limestone Networks, Inc., US)
PTR: rs4-246.dallas-servers.net

webapps-ssl.paypal.com.recovrt-accutser.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	recovrt-accutser.net webapps-ssl.paypal.com.recovrt-accutser.net	726 KB
11	1

	Domain	Requested by
11	webapps-ssl.paypal.com.recovrt-accutser.net	webapps-ssl.paypal.com.recovrt-accutser.net
11	1

This site contains no links.

Subject Issuer	Validity	Valid
webapps-ssl.paypal.com.recovrt-accutser.net cPanel, Inc. Certification Authority	`2018-02-26` - `2018-05-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity
Frame ID: (CEEF3BAA404FF6A99A71E5C8B9006767)
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

env /^PAYPAL$/i

RequireJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

script /require.*\.js/i
env /^requirejs$/i

SiteCatalyst (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^s_(?:account|objectID|code|INST)$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

726 kB
Transfer

723 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request activity Show response webapps-ssl.paypal.com.recovrt-accutser.net/safe/	6 KB 7 KB	836ms 492ms	Document text/html	74.63.245.246 Limestone Networks
General Check archive.org Show headers Download Go to Full URL https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 74.63.245.246 Dallas, United States, ASN46475 (LIMESTONENETWORKS - Limestone Networks, Inc., US), Reverse DNS rs4-246.dallas-servers.net Software Apache / Resource Hash `223edd3dc8bac8baefb43a7c7be4ad700deb35bbe6b034bb0ac4dc19b87d4311` Request headers Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Connection keep-alive Accept-Encoding gzip, deflate Host webapps-ssl.paypal.com.recovrt-accutser.net Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sun, 04 Mar 2018 21:38:21 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=2, max=100 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	app.css webapps-ssl.paypal.com.recovrt-accutser.net/css/activity/	172 KB 172 KB	132ms 132ms	Stylesheet text/css	74.63.245.246 Limestone Networks
General Check archive.org Show headers Download Go to Full URL https://webapps-ssl.paypal.com.recovrt-accutser.net/css/activity/app.css Requested by Host: webapps-ssl.paypal.com.recovrt-accutser.net URL: https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 74.63.245.246 Dallas, United States, ASN46475 (LIMESTONENETWORKS - Limestone Networks, Inc., US), Reverse DNS rs4-246.dallas-servers.net Software Apache / Resource Hash `a8d3de57e087dd9c582db37407f3369d6fc880c456158b5c8615babe2480e319` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host webapps-ssl.paypal.com.recovrt-accutser.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept text/css,/;q=0.1 Referer https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity Connection keep-alive Cache-Control no-cache Referer https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sun, 04 Mar 2018 21:38:21 GMT Last-Modified Tue, 21 Feb 2017 21:02:04 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=99 Content-Length 176146
GET H/1.1	200 OK	logo_paypal_106x29.png webapps-ssl.paypal.com.recovrt-accutser.net/gambar/	5 KB 5 KB	386ms 131ms	Image image/png	74.63.245.246 Limestone Networks
General Check archive.org Show headers Download Go to Show image Full URL https://webapps-ssl.paypal.com.recovrt-accutser.net/gambar/logo_paypal_106x29.png Requested by Host: webapps-ssl.paypal.com.recovrt-accutser.net URL: https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 74.63.245.246 Dallas, United States, ASN46475 (LIMESTONENETWORKS - Limestone Networks, Inc., US), Reverse DNS rs4-246.dallas-servers.net Software Apache / Resource Hash `ab39e6288837a25d62b740906db369081f38978b23570148c28ed41f509d4fe2` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host webapps-ssl.paypal.com.recovrt-accutser.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity Connection keep-alive Cache-Control no-cache Referer https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sun, 04 Mar 2018 21:38:21 GMT Last-Modified Thu, 02 Mar 2017 16:39:02 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=100 Content-Length 4699
GET H/1.1	200 OK	peek-shield-logo.png webapps-ssl.paypal.com.recovrt-accutser.net/gambar/	4 KB 5 KB	131ms 131ms	Image image/png	74.63.245.246 Limestone Networks
General Check archive.org Show headers Download Go to Show image Full URL https://webapps-ssl.paypal.com.recovrt-accutser.net/gambar/peek-shield-logo.png Requested by Host: webapps-ssl.paypal.com.recovrt-accutser.net URL: https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 74.63.245.246 Dallas, United States, ASN46475 (LIMESTONENETWORKS - Limestone Networks, Inc., US), Reverse DNS rs4-246.dallas-servers.net Software Apache / Resource Hash `6c24e9fc3844d713e81e8182d435b1ec16df0b291e559742c5842f995b2e0498` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host webapps-ssl.paypal.com.recovrt-accutser.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity Connection keep-alive Cache-Control no-cache Referer https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sun, 04 Mar 2018 21:38:22 GMT Last-Modified Thu, 02 Mar 2017 16:39:34 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=99 Content-Length 4440
GET H/1.1	200 OK	require-spinner.js Show response webapps-ssl.paypal.com.recovrt-accutser.net/js/activity/	6 KB 6 KB	385ms 131ms	Script application/javascript	74.63.245.246 Limestone Networks
General Check archive.org Show headers Download Go to Full URL https://webapps-ssl.paypal.com.recovrt-accutser.net/js/activity/require-spinner.js Requested by Host: webapps-ssl.paypal.com.recovrt-accutser.net URL: https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 74.63.245.246 Dallas, United States, ASN46475 (LIMESTONENETWORKS - Limestone Networks, Inc., US), Reverse DNS rs4-246.dallas-servers.net Software Apache / Resource Hash `9c0821da2aee265221ce1c392604dd4b0901e2f671b87c6c7d141e8f698d4ca7` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host webapps-ssl.paypal.com.recovrt-accutser.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept / Referer https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity Connection keep-alive Cache-Control no-cache Referer https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sun, 04 Mar 2018 21:38:21 GMT Last-Modified Tue, 21 Feb 2017 20:55:34 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=100 Content-Length 5844
GET H/1.1	200 OK	require.js Show response webapps-ssl.paypal.com.recovrt-accutser.net/js/activity/lib/	15 KB 15 KB	132ms 131ms	Script application/javascript	74.63.245.246 Limestone Networks
General Check archive.org Show headers Download Go to Full URL https://webapps-ssl.paypal.com.recovrt-accutser.net/js/activity/lib/require.js Requested by Host: webapps-ssl.paypal.com.recovrt-accutser.net URL: https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 74.63.245.246 Dallas, United States, ASN46475 (LIMESTONENETWORKS - Limestone Networks, Inc., US), Reverse DNS rs4-246.dallas-servers.net Software Apache / Resource Hash `c007d73792ac2d25882bfbb573e700e721a0adacfab947e6a0b64a61991fecf0` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host webapps-ssl.paypal.com.recovrt-accutser.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept / Referer https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity Connection keep-alive Cache-Control no-cache Referer https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sun, 04 Mar 2018 21:38:21 GMT Last-Modified Tue, 21 Feb 2017 20:48:28 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=99 Content-Length 14854
GET H/1.1	200 OK	pp_jscode_080706.js Show response webapps-ssl.paypal.com.recovrt-accutser.net/js/	60 KB 60 KB	132ms 132ms	Script application/javascript	74.63.245.246 Limestone Networks
General Check archive.org Show headers Download Go to Full URL https://webapps-ssl.paypal.com.recovrt-accutser.net/js/pp_jscode_080706.js Requested by Host: webapps-ssl.paypal.com.recovrt-accutser.net URL: https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 74.63.245.246 Dallas, United States, ASN46475 (LIMESTONENETWORKS - Limestone Networks, Inc., US), Reverse DNS rs4-246.dallas-servers.net Software Apache / Resource Hash `d35bf5c67160cf31207c6743d3dfe0e2d1e7d4a6ea1f378cad5b2878c5e6fff0` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host webapps-ssl.paypal.com.recovrt-accutser.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept / Referer https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity Connection keep-alive Cache-Control no-cache Referer https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sun, 04 Mar 2018 21:38:22 GMT Last-Modified Tue, 21 Feb 2017 20:57:38 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=98 Content-Length 61220
GET H/1.1	200 OK	pa.js Show response webapps-ssl.paypal.com.recovrt-accutser.net/js/	74 KB 74 KB	132ms 131ms	Script application/javascript	74.63.245.246 Limestone Networks
General Check archive.org Show headers Download Go to Full URL https://webapps-ssl.paypal.com.recovrt-accutser.net/js/pa.js Requested by Host: webapps-ssl.paypal.com.recovrt-accutser.net URL: https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 74.63.245.246 Dallas, United States, ASN46475 (LIMESTONENETWORKS - Limestone Networks, Inc., US), Reverse DNS rs4-246.dallas-servers.net Software Apache / Resource Hash `99878852a92bc88fbe1201084bbeb53326c1f4bf42d61e57889beb3889fb7e13` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host webapps-ssl.paypal.com.recovrt-accutser.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept / Referer https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity Connection keep-alive Cache-Control no-cache Referer https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sun, 04 Mar 2018 21:38:22 GMT Last-Modified Tue, 21 Feb 2017 20:59:12 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=98 Content-Length 75375
GET H/1.1	200 OK	app.js Show response webapps-ssl.paypal.com.recovrt-accutser.net/js/activity/	382 KB 382 KB	230ms 133ms	Script application/javascript	74.63.245.246 Limestone Networks
General Check archive.org Show headers Download Go to Full URL https://webapps-ssl.paypal.com.recovrt-accutser.net/js/activity/app.js Requested by Host: webapps-ssl.paypal.com.recovrt-accutser.net URL: https://webapps-ssl.paypal.com.recovrt-accutser.net/js/activity/lib/require.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 74.63.245.246 Dallas, United States, ASN46475 (LIMESTONENETWORKS - Limestone Networks, Inc., US), Reverse DNS rs4-246.dallas-servers.net Software Apache / Resource Hash `3ce93bd8ef08799ebe2955de39379e97e176e81468a5849a0a8bf9059b365467` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host webapps-ssl.paypal.com.recovrt-accutser.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept / Referer https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity Connection keep-alive Cache-Control no-cache Referer https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sun, 04 Mar 2018 21:38:22 GMT Last-Modified Tue, 21 Feb 2017 20:47:48 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=98 Content-Length 391026
GET H/1.1	200 OK	config.js Show response webapps-ssl.paypal.com.recovrt-accutser.net/js/activity/	600 B 854 B	235ms 131ms	Script application/javascript	74.63.245.246 Limestone Networks
General Check archive.org Show headers Download Go to Full URL https://webapps-ssl.paypal.com.recovrt-accutser.net/js/activity/config.js Requested by Host: webapps-ssl.paypal.com.recovrt-accutser.net URL: https://webapps-ssl.paypal.com.recovrt-accutser.net/js/activity/lib/require.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 74.63.245.246 Dallas, United States, ASN46475 (LIMESTONENETWORKS - Limestone Networks, Inc., US), Reverse DNS rs4-246.dallas-servers.net Software Apache / Resource Hash `05b3965cbe7889bbba309939196020bc0d3d935a5d185d82f7df429f389f9696` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host webapps-ssl.paypal.com.recovrt-accutser.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept / Referer https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity Connection keep-alive Cache-Control no-cache Referer https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sun, 04 Mar 2018 21:38:22 GMT Last-Modified Tue, 21 Feb 2017 20:50:36 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=97 Content-Length 600
GET H/1.1	200 OK	activity.js Show response webapps-ssl.paypal.com.recovrt-accutser.net/js/activity/view/s12n/ato/	1 B 253 B	132ms 132ms	Script application/javascript	74.63.245.246 Limestone Networks
General Check archive.org Show headers Download Go to Full URL https://webapps-ssl.paypal.com.recovrt-accutser.net/js/activity/view/s12n/ato/activity.js Requested by Host: webapps-ssl.paypal.com.recovrt-accutser.net URL: https://webapps-ssl.paypal.com.recovrt-accutser.net/js/activity/lib/require.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 74.63.245.246 Dallas, United States, ASN46475 (LIMESTONENETWORKS - Limestone Networks, Inc., US), Reverse DNS rs4-246.dallas-servers.net Software Apache / Resource Hash `41b805ea7ac014e23556e98bb374702a08344268f92489a02f0880849394a1e4` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host webapps-ssl.paypal.com.recovrt-accutser.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept / Referer https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity Cookie s_sess=%20s_ppv%3D100%3B Connection keep-alive Cache-Control no-cache Referer https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sun, 04 Mar 2018 21:38:23 GMT Last-Modified Tue, 21 Feb 2017 20:54:14 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=97 Content-Length 1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| RequireSpinners function| Spinner function| requirejs function| require function| define string| sc_code_ver string| s_account object| s function| s_doPlugins string| s_code undefined| s_objectID function| s_gi function| s_giqf string| s_an function| s_sp function| s_jn function| s_rep function| s_d function| s_fe function| s_fa function| s_ft object| s_c_il number| s_c_in number| s_giq object| PAYPAL object| fpti string| fptiserverurl function| $ function| jQuery object| dust object| jQuery1110018948766421619379

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.recovrt-accutser.net/	1969-12-31 23:59:59	Name: s_sess Value: %20s_ppv%3D100%3B

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://webapps-ssl.paypal.com.recovrt-accutser.net/safe/activity(Line 78) Message: view/s12n/ato/activity loaded.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

webapps-ssl.paypal.com.recovrt-accutser.net
74.63.245.246
05b3965cbe7889bbba309939196020bc0d3d935a5d185d82f7df429f389f9696
223edd3dc8bac8baefb43a7c7be4ad700deb35bbe6b034bb0ac4dc19b87d4311
3ce93bd8ef08799ebe2955de39379e97e176e81468a5849a0a8bf9059b365467
41b805ea7ac014e23556e98bb374702a08344268f92489a02f0880849394a1e4
6c24e9fc3844d713e81e8182d435b1ec16df0b291e559742c5842f995b2e0498
99878852a92bc88fbe1201084bbeb53326c1f4bf42d61e57889beb3889fb7e13
9c0821da2aee265221ce1c392604dd4b0901e2f671b87c6c7d141e8f698d4ca7
a8d3de57e087dd9c582db37407f3369d6fc880c456158b5c8615babe2480e319
ab39e6288837a25d62b740906db369081f38978b23570148c28ed41f509d4fe2
c007d73792ac2d25882bfbb573e700e721a0adacfab947e6a0b64a61991fecf0
d35bf5c67160cf31207c6743d3dfe0e2d1e7d4a6ea1f378cad5b2878c5e6fff0