paypalsupport.sbs Open in urlscan Pro
172.67.187.44 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://paypalsupport.sbs/
Submission Tags: falconsandbox
Submission: On December 04 via api (December 4th 2024, 7:59:18 pm UTC) from US — Scanned from US

Summary HTTP 12 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 12 HTTP transactions. The main IP is 172.67.187.44, located in United States and belongs to CLOUDFLARENET, US. The main domain is paypalsupport.sbs.
TLS certificate: Issued by WE1 on December 4th 2024. Valid for: 3 months.

This is the only time paypalsupport.sbs was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
7	172.67.187.44 172.67.187.44	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	192.229.210.155 192.229.210.155	15133 (EDGECAST) (EDGECAST)
12	3

7 172.67.187.44 (United States)

ASN13335 (CLOUDFLARENET, US)

paypalsupport.sbs	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.229.210.155 (United States)

ASN15133 (EDGECAST, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	paypalsupport.sbs paypalsupport.sbs	153 KB
4	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2811	56 KB
0	Failed function sub() { [native code] }. Failed
12	3

	Domain	Requested by
7	paypalsupport.sbs	paypalsupport.sbs
4	www.paypalobjects.com	paypalsupport.sbs
0	invalid Failed	paypalsupport.sbs
12	3

This site contains links to these domains. Also see Links.

Domain
www.paypal.com

Subject Issuer	Validity	Valid
paypalsupport.sbs WE1	`2024-12-04` - `2025-03-04`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2024-06-13` - `2025-06-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://paypalsupport.sbs/
Frame ID: D8139181A864424C58C8BBC995743376
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log in to your PayPal account

Detected technologies

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

92 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

209 kB
Transfer

580 kB
Size

1
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://www.paypal.com/signin
Title: Change

Search URL Search Domain Scan URL

URL: https://www.paypal.com/signin?country.x=US&locale.x=en_US&langTgl=en
Title: English

Search URL Search Domain Scan URL

URL: https://www.paypal.com/signin?country.x=US&locale.x=fr_XC&langTgl=fr
Title: Français

Search URL Search Domain Scan URL

URL: https://www.paypal.com/signin?country.x=US&locale.x=es_XC&langTgl=es
Title: Español

Search URL Search Domain Scan URL

URL: https://www.paypal.com/signin?country.x=US&locale.x=zh_XC&langTgl=zh
Title: 中文

Search URL Search Domain Scan URL

URL: https://www.paypal.com/authflow/email-recovery/?contextId=&redirectUri=%252Fsignin
Title: Forgot email?

Search URL Search Domain Scan URL

URL: https://www.paypal.com/us/smarthelp/contact-us
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.paypal.com/us/webapps/mpp/ua/privacy-full
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.paypal.com/us/webapps/mpp/ua/legalhub-full
Title: Legal

Search URL Search Domain Scan URL

URL: https://www.paypal.com/us/webapps/mpp/ua/upcoming-policies-full
Title: Policy Updates

Search URL Search Domain Scan URL

URL: https://www.paypal.com/us/webapps/mpp/country-worldwide
Title: Worldwide

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
paypalsupport.sbs/ 42 KB
12 KB 610ms
473ms Document
text/html 172.67.187.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paypalsupport.sbs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.44 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.3.14 PleskLin
Resource Hash: 0d8c0f17e87aa40bb0c70c626bc7c965089fec19254f0cd43080bebe88960120

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8ece602b5f0c420d-EWR
content-encoding: zstd
content-type: text/html; charset=UTF-8
date: Wed, 04 Dec 2024 19:59:13 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cDvUh4ePQQnksjXDV%2B3a1x0jEPMrEbYoJMLweUTR4iC48187JDl1U0fpF05R1fD813a5FGP1lO6ImsGVJrJ2CzPJD0K8TmJJUieJZTgb6ZEMXuIUtZhXoHCQJJmUN0cUR85b1w%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=7278&min_rtt=7122&rtt_var=1318&sent=12&recv=11&lost=0&retrans=0&sent_bytes=4193&recv_bytes=4536&delivery_rate=861&cwnd=12000&unsent_bytes=0&cid=3f1757ee8de1ef9b&ts=584&x=1" cfExtPri cfHdrFlush;dur=0
vary: Accept-Encoding
x-powered-by: PHP/8.3.14 PleskLin

GET
H3 200 jquery.js Show response
paypalsupport.sbs/cntdjs/ 87 KB
33 KB 552ms
550ms Script
text/javascript 172.67.187.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paypalsupport.sbs/cntdjs/jquery.js
Requested by: Host: paypalsupport.sbs
URL: https://paypalsupport.sbs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.44 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypalsupport.sbs/

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"623bbcc4-15d9d"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NkiIAhc15L1RkOZ9ukG7ijWPWsOeg0XIVqwNZDtM4tDXBGWZzD7b8Asa9oc62BMjtIktA88ZRxofhPy3Wcq0w7XjlBHFtIcpWrZiTKxb9%2B%2FFJn72Mr5lyLvWbBkdZp67%2FQmB0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=59842&min_rtt=7122&rtt_var=9551&sent=45&recv=33&lost=0&retrans=1&sent_bytes=36805&recv_bytes=6944&delivery_rate=138742&cwnd=12000&unsent_bytes=0&cid=3f1757ee8de1ef9b&ts=1262&x=1", cfExtPri, cfHdrFlush;dur=0
date: Wed, 04 Dec 2024 19:59:14 GMT
content-type: text/javascript
last-modified: Thu, 24 Mar 2022 00:35:16 GMT
vary: Accept-Encoding
priority: u=1,i=?0
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ece602f1cca420d-EWR
x-powered-by: PleskLin
server: cloudflare

GET
H3 200 jquery.mask.js Show response
paypalsupport.sbs/cntdjs/ 23 KB
7 KB 474ms
472ms Script
text/javascript 172.67.187.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paypalsupport.sbs/cntdjs/jquery.mask.js
Requested by: Host: paypalsupport.sbs
URL: https://paypalsupport.sbs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.44 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypalsupport.sbs/

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"623bbcc4-5a88"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mARP3JYWG2RDJ6hOvQdiSQJS550JA0l1Cn8UW%2BtmlJaSREWnRzkZ6OkHqqaHy%2F%2BBR4TbfDjQE51CBB16Mn%2FyiXj9F4UgRFoKBy1pnUqlwFIYdHZOcseFs1T0HqTbqzB8yh%2BBcg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=54671&min_rtt=7122&rtt_var=14913&sent=36&recv=28&lost=0&retrans=1&sent_bytes=27806&recv_bytes=6728&delivery_rate=50076&cwnd=12000&unsent_bytes=0&cid=3f1757ee8de1ef9b&ts=1127&x=1", cfExtPri, cfHdrFlush;dur=0
date: Wed, 04 Dec 2024 19:59:14 GMT
content-type: text/javascript
last-modified: Thu, 24 Mar 2022 00:35:16 GMT
vary: Accept-Encoding
priority: u=1,i=?0
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ece602f1ccb420d-EWR
x-powered-by: PleskLin
server: cloudflare

GET
H3 200 cntd.js Show response
paypalsupport.sbs/cntdjs/ 2 KB
2 KB 474ms
473ms Script
text/javascript 172.67.187.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paypalsupport.sbs/cntdjs/cntd.js
Requested by: Host: paypalsupport.sbs
URL: https://paypalsupport.sbs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.44 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 7cb16eaa505542e5bdcda6c3e764e241fbb4e35e07bf21a820cc19fac1bb3864

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypalsupport.sbs/

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"623be9e4-91b"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oYpr74K5dfJpig7msFo7ZJjxF6xaTHfXnNp7L%2FLQMmZ4LpaavpdZD3owG6Kww3k3gqkSi%2B21gd4URMgTPHSM92EZNAex46k1a0dtRHK6vw5hS8XnaegxbnrR0Yd3l%2BMeemgAaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=54671&min_rtt=7122&rtt_var=14913&sent=43&recv=28&lost=0&retrans=1&sent_bytes=35068&recv_bytes=6728&delivery_rate=50076&cwnd=12000&unsent_bytes=0&cid=3f1757ee8de1ef9b&ts=1142&x=1", cfExtPri, cfHdrFlush;dur=0
date: Wed, 04 Dec 2024 19:59:14 GMT
content-type: text/javascript
last-modified: Thu, 24 Mar 2022 03:47:48 GMT
vary: Accept-Encoding
priority: u=1,i=?0
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ece602f1ccd420d-EWR
x-powered-by: PleskLin
server: cloudflare

GET
H3 200 contextualLoginElementalUIv4.css
paypalsupport.sbs/theme/ 199 KB
34 KB 615ms
614ms Stylesheet
text/css 172.67.187.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paypalsupport.sbs/theme/contextualLoginElementalUIv4.css
Requested by: Host: paypalsupport.sbs
URL: https://paypalsupport.sbs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.44 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: ec1c66a2e9c3cc500ae967e5ce4705cb9957e2effa48ce8084b61b155771eb1c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypalsupport.sbs/

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"6730714a-31c1d"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mBiSYNuCPHHpRv02YMjmU79fd1bIXV506l%2Bjo6KIj7JRnvr2VrodcBbysPbck6N1dTBe2k75yhqB5Z4wAG6XVVTFgoCFlgBMEQhqiDp6odiqvtieUXfs1PcziPwYMjmLaM0q3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20312&min_rtt=7122&rtt_var=8849&sent=78&recv=49&lost=0&retrans=1&sent_bytes=71231&recv_bytes=7912&delivery_rate=422729&cwnd=25200&unsent_bytes=0&cid=3f1757ee8de1ef9b&ts=1325&x=1", cfExtPri, cfHdrFlush;dur=0
date: Wed, 04 Dec 2024 19:59:14 GMT
content-type: text/css
last-modified: Sun, 10 Nov 2024 08:39:38 GMT
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ece602f1cd0420d-EWR
x-powered-by: PleskLin
server: cloudflare

GET /
invalid/ 0
0

GET
H3 200 css2
paypalsupport.sbs/theme/ 9 KB
10 KB 215ms
214ms Stylesheet
application/octet-stream 172.67.187.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paypalsupport.sbs/theme/css2
Requested by: Host: paypalsupport.sbs
URL: https://paypalsupport.sbs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.44 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 8e878b38c0c357b63eb23d45c6182fd4f1ac0e92a5601a7e27f04edcfad5b4af

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypalsupport.sbs/

Response headers

server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
etag: "6730714c-2568"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X6IwBW0Y2jGNKEKOAbh12mXfXi%2FKjQTeWTmXfPNvK%2BgY3c7hNj8sCoL6FOFoWAmYz6eiKR4iregQ16Z161Y7WbBL7SX4wOrO9zGCHtKbgb8T1PRSqRxCCNgjfXrwlkqKSRxzNw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ece602f1cd1420d-EWR
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=50161&min_rtt=7122&rtt_var=40861&sent=27&recv=23&lost=0&retrans=1&sent_bytes=17328&recv_bytes=6512&delivery_rate=66961&cwnd=12000&unsent_bytes=0&cid=3f1757ee8de1ef9b&ts=874&x=1", cfExtPri, cfHdrFlush;dur=0
content-length: 9576
date: Wed, 04 Dec 2024 19:59:13 GMT
content-type: application/octet-stream
last-modified: Sun, 10 Nov 2024 08:39:40 GMT
x-powered-by: PleskLin
priority: u=0,i=?0

GET
H3 200 datadog-rum.js.download Show response
paypalsupport.sbs/theme/ 159 KB
56 KB 287ms
287ms Script
text/javascript 172.67.187.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paypalsupport.sbs/theme/datadog-rum.js.download
Requested by: Host: paypalsupport.sbs
URL: https://paypalsupport.sbs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.187.44 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: ee4cd96d72ca2d21a8df21e2f76629df9ad636fc7ecd59d24825def20bc2ee0e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypalsupport.sbs/

Response headers

server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: DYNAMIC
etag: W/"6730714c-27b83"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5ioScYnOV88Fgb4SlpxryWV3Z3qZMujow8ZArNNOazmENIXJCquaYxnKqG8dckLvYTE0xxI8vs5vo0HbhUndY2R3jkjfDeYlSKuIuo2ZbdY%2BgW5efPQ97suO7gtE0FG2JrbYCw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ece6032b9fe420d-EWR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9122&min_rtt=6870&rtt_var=3635&sent=108&recv=64&lost=0&retrans=1&sent_bytes=106502&recv_bytes=8573&delivery_rate=526524&cwnd=39600&unsent_bytes=0&cid=3f1757ee8de1ef9b&ts=1571&x=1", cfExtPri, cfHdrFlush;dur=0
date: Wed, 04 Dec 2024 19:59:14 GMT
content-type: text/javascript
last-modified: Sun, 10 Nov 2024 08:39:40 GMT
x-powered-by: PleskLin
priority: u=3,i=?0

GET
H2 200 paypal-mark-color.svg
www.paypalobjects.com/paypal-ui/logos/svg/ 709 B
840 B 182ms
71ms Image
image/svg+xml 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/paypal-ui/logos/svg/paypal-mark-color.svg

Requested by

Host: paypalsupport.sbs
URL: https://paypalsupport.sbs/theme/contextualLoginElementalUIv4.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dce/26E1) /

Resource Hash

8766a4211434d2c318fbfa412ea9633b385ecf1cab6119f8894019d91ed7e027

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypalsupport.sbs/

Response headers

paypal-debug-id: 43474b45ce2b2
content-encoding: br
etag: W/"66d9ab63-2c5"
x-content-type-options: nosniff
expires: Wed, 04 Dec 2024 20:59:14 GMT
traceparent: 00-000000000000000000043474b45ce2b2-ffaa7b9bd94a3e35-01
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT
date: Wed, 04 Dec 2024 19:59:14 GMT
content-type: image/svg+xml
last-modified: Thu, 05 Sep 2024 13:00:19 GMT
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: s-maxage=31536000, public,max-age=3600
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-origin: *
content-length: 422
server: ECAcc (dce/26E1)

GET
H2 200 PayPalOpen-Regular.woff2
www.paypalobjects.com/paypal-ui/fonts/ 27 KB
27 KB 122ms
23ms Font
application/font-woff2 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/paypal-ui/fonts/PayPalOpen-Regular.woff2

Requested by

Host: paypalsupport.sbs
URL: https://paypalsupport.sbs/theme/contextualLoginElementalUIv4.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dce/26DF) /

Resource Hash

9ae7b95f034d76b21aaf8fcc0cdd39f4ba7ba59dd9751348a32c7e5cfdfdb6df

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://paypalsupport.sbs
Referer: https://paypalsupport.sbs/

Response headers

paypal-debug-id: 00bfe9da7abcb
etag: "6298f2c0-6b41"
access-control-allow-methods: GET
x-content-type-options: nosniff
expires: Wed, 04 Dec 2024 20:59:14 GMT
traceparent: 00-000000000000000000000bfe9da7abcb-16fa7657f98f3ea2-01
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT
date: Wed, 04 Dec 2024 19:59:14 GMT
content-type: application/font-woff2
last-modified: Thu, 02 Jun 2022 17:26:24 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: s-maxage=31536000, public,max-age=31536000
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27457
server: ECAcc (dce/26DF)

GET
H2 200 PayPalOpen-Bold.woff2
www.paypalobjects.com/paypal-ui/fonts/ 26 KB
26 KB 128ms
30ms Font
application/font-woff2 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/paypal-ui/fonts/PayPalOpen-Bold.woff2

Requested by

Host: paypalsupport.sbs
URL: https://paypalsupport.sbs/theme/contextualLoginElementalUIv4.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dce/26DA) /

Resource Hash

9ed6dcb699f10e85624a4579731f929b5d8b91f0c73b9fc01b8893021c83f4a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://paypalsupport.sbs
Referer: https://paypalsupport.sbs/

Response headers

paypal-debug-id: b6f71d5aac9ca
etag: "6298f2c0-684c"
access-control-allow-methods: GET
x-content-type-options: nosniff
expires: Wed, 04 Dec 2024 20:59:14 GMT
traceparent: 00-0000000000000000000b6f71d5aac9ca-59dbc6ad8855841a-01
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT
date: Wed, 04 Dec 2024 19:59:14 GMT
content-type: application/font-woff2
last-modified: Thu, 02 Jun 2022 17:26:24 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: s-maxage=31536000, public,max-age=31536000
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
accept-ranges: bytes
access-control-allow-origin: *
content-length: 26700
server: ECAcc (dce/26DA)

GET
H2 200 pp_favicon_x.ico
www.paypalobjects.com/en_US/i/icon/ 5 KB
2 KB 16ms
16ms Other
image/x-icon 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dce/2687) /

Resource Hash

1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://paypalsupport.sbs/

Response headers

paypal-debug-id: 24d3439d2f8c5
content-encoding: br
etag: W/"5d5637bd-1536"
x-content-type-options: nosniff
expires: Wed, 04 Dec 2024 20:59:14 GMT
traceparent: 00-000000000000000000024d3439d2f8c5-1240c8c31ae4cbf8-01
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT
date: Wed, 04 Dec 2024 19:59:14 GMT
content-type: image/x-icon
last-modified: Fri, 16 Aug 2019 04:57:33 GMT
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: s-maxage=31536000, public,max-age=3600
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
content-length: 1471
server: ECAcc (dce/2687)

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: invalid
URL: chrome-extension://invalid/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			paypalsupport.sbs/	1969-12-31 23:59:59	Name: PHPSESSID Value: 02cqommo2n7vjhbkn5s4d91b7e

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: chrome-extension://invalid/ Message: Failed to load resource: net::ERR_BLOCKED_BY_CLIENT

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

invalid
paypalsupport.sbs
www.paypalobjects.com
invalid
172.67.187.44
192.229.210.155
0d8c0f17e87aa40bb0c70c626bc7c965089fec19254f0cd43080bebe88960120
1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
7cb16eaa505542e5bdcda6c3e764e241fbb4e35e07bf21a820cc19fac1bb3864
8766a4211434d2c318fbfa412ea9633b385ecf1cab6119f8894019d91ed7e027
8e878b38c0c357b63eb23d45c6182fd4f1ac0e92a5601a7e27f04edcfad5b4af
9ae7b95f034d76b21aaf8fcc0cdd39f4ba7ba59dd9751348a32c7e5cfdfdb6df
9ed6dcb699f10e85624a4579731f929b5d8b91f0c73b9fc01b8893021c83f4a0
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8
ec1c66a2e9c3cc500ae967e5ce4705cb9957e2effa48ce8084b61b155771eb1c
ee4cd96d72ca2d21a8df21e2f76629df9ad636fc7ecd59d24825def20bc2ee0e
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

paypalsupport.sbs Open in urlscan Pro 172.67.187.44 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

12 Requests

92 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

209 kBTransfer

580 kBSize

1 Cookies

11 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

paypalsupport.sbs Open in urlscan Pro
172.67.187.44 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

92 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

209 kB
Transfer

580 kB
Size

1
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!