update-account-credit-service.server-activation.limit.e4cb.com Open in urlscan Pro
131.153.37.2 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://update-account-credit-service.server-activation.limit.e4cb.com/
Effective URL:
https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/secureaccount.php?country.x=PL&locale.x=pl_PL&customer.x=ID-PA$...
Submission Tags: phishing malicious Search All
Submission: On September 09 via api (September 9th 2020, 7:00:40 pm UTC) from US

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 10 HTTP transactions. The main IP is 131.153.37.2, located in Phoenix, United States and belongs to SSASN2, US. The main domain is update-account-credit-service.server-activation.limit.e4cb.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 1st 2020. Valid for: 3 months.

This is the only time update-account-credit-service.server-activation.limit.e4cb.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
3 8	131.153.37.2 131.153.37.2	20454 (SSASN2) (SSASN2)
5	104.111.228.123 104.111.228.123	16625 (AKAMAI-AS) (AKAMAI-AS)
10	2

8 131.153.37.2 (Phoenix, United States) 3 redirects

ASN20454 (SSASN2, US)
PTR: svr156.edns1.com

update-account-credit-service.server-activation.limit.e4cb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.111.228.123 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-228-123.deploy.static.akamaitechnologies.com

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	e4cb.com 3 redirects update-account-credit-service.server-activation.limit.e4cb.com	197 KB
5	paypalobjects.com www.paypalobjects.com	145 KB
10	2

	Domain	Requested by
8	update-account-credit-service.server-activation.limit.e4cb.com	3 redirects update-account-credit-service.server-activation.limit.e4cb.com
5	www.paypalobjects.com	update-account-credit-service.server-activation.limit.e4cb.com
10	2

This site contains no links.

Subject Issuer	Validity	Valid
update-account-credit-service.server-activation.limit.e4cb.com cPanel, Inc. Certification Authority	`2020-09-01` - `2020-11-30`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2020-01-09` - `2022-01-12`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/secureaccount.php?country.x=PL&locale.x=pl_PL&customer.x=ID-PA$1$RkPakqW7$W79bkF.krkIv2CkxAfCVk.&safety=cdT24mj01tW29NkD6LS35vI0Zbro01faus33i5H8KgAdU2zdEqXG8fc1yd4F2793Bfed6JhOfQ7wV14Rfl3pYPn6M8fCx3
Frame ID: 3421D4E3FED896A3C6607ED7C4F4E386
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://update-account-credit-service.server-activation.limit.e4cb.com/ HTTP 302
https://update-account-credit-service.server-activation.limit.e4cb.com/to.php HTTP 302
https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4 HTTP 301
https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/ Page URL
https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/secureaccount.php?country.x=PL&locale.x=pl_... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

342 kB
Transfer

339 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://update-account-credit-service.server-activation.limit.e4cb.com/ HTTP 302
https://update-account-credit-service.server-activation.limit.e4cb.com/to.php HTTP 302
https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4 HTTP 301
https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/ Page URL
https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/secureaccount.php?country.x=PL&locale.x=pl_PL&customer.x=ID-PA$1$RkPakqW7$W79bkF.krkIv2CkxAfCVk.&safety=cdT24mj01tW29NkD6LS35vI0Zbro01faus33i5H8KgAdU2zdEqXG8fc1yd4F2793Bfed6JhOfQ7wV14Rfl3pYPn6M8fCx3 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://update-account-credit-service.server-activation.limit.e4cb.com/ HTTP 302
https://update-account-credit-service.server-activation.limit.e4cb.com/to.php HTTP 302
https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4 HTTP 301
https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Cookie set / Show response
update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/
Redirect Chain

https://update-account-credit-service.server-activation.limit.e4cb.com/
https://update-account-credit-service.server-activation.limit.e4cb.com/to.php
https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4
https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/

285 B
667 B

931ms
542ms

Document
text/html

131.153.37.2
SSASN2

General

Check archive.org

Show headers Download Go to

Full URL: https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 131.153.37.2 Phoenix, United States, ASN20454 (SSASN2, US),
Reverse DNS: svr156.edns1.com
Software: Apache / PHP/7.2.33
Resource Hash: f6b125b425c2d84e7ae5e8fee945ab8ee0f4100a6c2f04efc520b1dc3a07bfda

Request headers

Host: update-account-credit-service.server-activation.limit.e4cb.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 09 Sep 2020 19:00:23 GMT
Server: Apache
X-Powered-By: PHP/7.2.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=d850b18e4d7d684fe9cc05f8c5ff4797; path=/
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Wed, 09 Sep 2020 19:00:22 GMT
Server: Apache
Location: https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/
Content-Length: 312
Connection: close
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK Primary Request secureaccount.php Show response
update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/ 2 KB
2 KB 800ms
408ms Document
text/html 131.153.37.2
SSASN2

General

Check archive.org

Show headers Download Go to

Full URL: https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/secureaccount.php?country.x=PL&locale.x=pl_PL&customer.x=ID-PA$1$RkPakqW7$W79bkF.krkIv2CkxAfCVk.&safety=cdT24mj01tW29NkD6LS35vI0Zbro01faus33i5H8KgAdU2zdEqXG8fc1yd4F2793Bfed6JhOfQ7wV14Rfl3pYPn6M8fCx3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 131.153.37.2 Phoenix, United States, ASN20454 (SSASN2, US),
Reverse DNS: svr156.edns1.com
Software: Apache / PHP/7.2.33
Resource Hash: a007f54d6d5e2628eec4360219df69fc77700f34b0602d479e80cb18601ddaa1

Request headers

Host: update-account-credit-service.server-activation.limit.e4cb.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: PHPSESSID=d850b18e4d7d684fe9cc05f8c5ff4797
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/

Response headers

Date: Wed, 09 Sep 2020 19:00:24 GMT
Server: Apache
X-Powered-By: PHP/7.2.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK jquery.min.js Show response
update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/open/js/ 85 KB
85 KB 754ms
377ms Script
application/javascript 131.153.37.2
SSASN2

General

Check archive.org

Show headers Download Go to

Full URL: https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/open/js/jquery.min.js
Requested by: Host: update-account-credit-service.server-activation.limit.e4cb.com
URL: https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/secureaccount.php?country.x=PL&locale.x=pl_PL&customer.x=ID-PA$1$RkPakqW7$W79bkF.krkIv2CkxAfCVk.&safety=cdT24mj01tW29NkD6LS35vI0Zbro01faus33i5H8KgAdU2zdEqXG8fc1yd4F2793Bfed6JhOfQ7wV14Rfl3pYPn6M8fCx3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 131.153.37.2 Phoenix, United States, ASN20454 (SSASN2, US),
Reverse DNS: svr156.edns1.com
Software: Apache /
Resource Hash: d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d

Request headers

Referer: https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/secureaccount.php?country.x=PL&locale.x=pl_PL&customer.x=ID-PA$1$RkPakqW7$W79bkF.krkIv2CkxAfCVk.&safety=cdT24mj01tW29NkD6LS35vI0Zbro01faus33i5H8KgAdU2zdEqXG8fc1yd4F2793Bfed6JhOfQ7wV14Rfl3pYPn6M8fCx3
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 09 Sep 2020 19:00:25 GMT
Last-Modified: Wed, 09 Sep 2020 19:00:20 GMT
Server: Apache
Connection: close
Accept-Ranges: bytes
Content-Length: 86927
Content-Type: application/javascript

GET
H/1.1 200
OK xappx.css
update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/open/css/ 108 KB
108 KB 730ms
375ms Stylesheet
text/css 131.153.37.2
SSASN2

General

Check archive.org

Show headers Download Go to

Full URL: https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/open/css/xappx.css
Requested by: Host: update-account-credit-service.server-activation.limit.e4cb.com
URL: https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/secureaccount.php?country.x=PL&locale.x=pl_PL&customer.x=ID-PA$1$RkPakqW7$W79bkF.krkIv2CkxAfCVk.&safety=cdT24mj01tW29NkD6LS35vI0Zbro01faus33i5H8KgAdU2zdEqXG8fc1yd4F2793Bfed6JhOfQ7wV14Rfl3pYPn6M8fCx3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 131.153.37.2 Phoenix, United States, ASN20454 (SSASN2, US),
Reverse DNS: svr156.edns1.com
Software: Apache /
Resource Hash: 544dfa59462862db7bafc2d2e4b3925ac3eacb11e52834916df02bd1cda19b1d

Request headers

Referer: https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/secureaccount.php?country.x=PL&locale.x=pl_PL&customer.x=ID-PA$1$RkPakqW7$W79bkF.krkIv2CkxAfCVk.&safety=cdT24mj01tW29NkD6LS35vI0Zbro01faus33i5H8KgAdU2zdEqXG8fc1yd4F2793Bfed6JhOfQ7wV14Rfl3pYPn6M8fCx3
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 09 Sep 2020 19:00:25 GMT
Last-Modified: Wed, 09 Sep 2020 19:00:20 GMT
Server: Apache
Connection: close
Accept-Ranges: bytes
Content-Length: 110339
Content-Type: text/css

GET
H/1.1 200
OK xsecx.js Show response
update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/open/js/ 268 B
486 B 784ms
394ms Script
application/javascript 131.153.37.2
SSASN2

General

Check archive.org

Show headers Download Go to

Full URL: https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/open/js/xsecx.js
Requested by: Host: update-account-credit-service.server-activation.limit.e4cb.com
URL: https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/secureaccount.php?country.x=PL&locale.x=pl_PL&customer.x=ID-PA$1$RkPakqW7$W79bkF.krkIv2CkxAfCVk.&safety=cdT24mj01tW29NkD6LS35vI0Zbro01faus33i5H8KgAdU2zdEqXG8fc1yd4F2793Bfed6JhOfQ7wV14Rfl3pYPn6M8fCx3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 131.153.37.2 Phoenix, United States, ASN20454 (SSASN2, US),
Reverse DNS: svr156.edns1.com
Software: Apache /
Resource Hash: 12bec3e411f30e9f988a001dc06817aef7a8d2513fb2e78c989d75a4946714de

Request headers

Referer: https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/secureaccount.php?country.x=PL&locale.x=pl_PL&customer.x=ID-PA$1$RkPakqW7$W79bkF.krkIv2CkxAfCVk.&safety=cdT24mj01tW29NkD6LS35vI0Zbro01faus33i5H8KgAdU2zdEqXG8fc1yd4F2793Bfed6JhOfQ7wV14Rfl3pYPn6M8fCx3
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 09 Sep 2020 19:00:25 GMT
Last-Modified: Wed, 09 Sep 2020 19:00:20 GMT
Server: Apache
Connection: close
Accept-Ranges: bytes
Content-Length: 268
Content-Type: application/javascript

GET
H2 200 monogram@2x.png
www.paypalobjects.com/images/shared/ 1 KB
2 KB 191ms
47ms Image
image/png 104.111.228.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/images/shared/monogram@2x.png

Requested by

Host: update-account-credit-service.server-activation.limit.e4cb.com
URL: https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/open/css/xappx.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-228-123.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

bbe3177aa5d225f117aea0e2eeb27f11d853a33d6d162733c5be8b1de8d36dc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/open/css/xappx.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Sep 2020 19:00:27 GMT
x-content-type-options: nosniff
x-check-cacheable: YES
x-serial: 653
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
cache-control: private, no-transform, max-age=43200
last-modified: Fri, 08 May 2020 01:20:32 GMT
content-length: 1507
server: Akamai Image Manager
expires: Thu, 10 Sep 2020 07:00:27 GMT

GET
H2 200 animation-oval.png
www.paypalobjects.com/images/shared/ 2 KB
3 KB 194ms
50ms Image
image/webp 104.111.228.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/images/shared/animation-oval.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-228-123.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

da775dd10f868447dea4c3522fb3b55bd4a5df650d3f2233a76d31bb711f6c2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/open/css/xappx.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Sep 2020 19:00:27 GMT
x-content-type-options: nosniff
last-modified: Fri, 08 May 2020 01:20:32 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/webp
status: 200
cache-control: private, no-transform, max-age=43200
content-length: 2448
expires: Thu, 10 Sep 2020 07:00:27 GMT

GET
H2 200 PayPalSansBig-Light.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ 48 KB
48 KB 190ms
46ms Font
application/x-font-woff 104.111.228.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/PayPalSansBig-Light.woff

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-228-123.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c599c554590d1a336ffcb9627f6caaac34b6228f60e15f5f25454bff38facb7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Origin: https://update-account-credit-service.server-activation.limit.e4cb.com
Referer: https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/open/css/xappx.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Sep 2020 19:00:27 GMT
x-pad: avoid browser bug
x-content-type-options: nosniff
last-modified: Wed, 30 Sep 2015 05:09:04 GMT
server: Apache
status: 200
vary: Accept-Encoding
content-type: application/x-font-woff
access-control-allow-origin: *
cache-control: max-age=3600
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 49115
expires: Wed, 09 Sep 2020 20:00:27 GMT

GET
H2 200 PayPalSansSmall-Light.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ 46 KB
46 KB 230ms
87ms Font
application/x-font-woff 104.111.228.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/PayPalSansSmall-Light.woff

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-228-123.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

843e67ad522a908162007f4b7601819a5bbfef00e38ac7aec778766da8b7b2ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Origin: https://update-account-credit-service.server-activation.limit.e4cb.com
Referer: https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/open/css/xappx.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Sep 2020 19:00:27 GMT
x-pad: avoid browser bug
x-content-type-options: nosniff
last-modified: Wed, 30 Sep 2015 05:09:04 GMT
server: Apache
status: 200
vary: Accept-Encoding
content-type: application/x-font-woff
access-control-allow-origin: *
cache-control: max-age=3600
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 46703
expires: Wed, 09 Sep 2020 20:00:27 GMT

GET
H2 200 PayPalSansSmall-Regular.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ 46 KB
47 KB 248ms
106ms Font
application/x-font-woff 104.111.228.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/PayPalSansSmall-Regular.woff

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-228-123.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Origin: https://update-account-credit-service.server-activation.limit.e4cb.com
Referer: https://update-account-credit-service.server-activation.limit.e4cb.com/50862d9169b388a36bcc0b0410715ab4/open/css/xappx.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Sep 2020 19:00:27 GMT
x-pad: avoid browser bug
x-content-type-options: nosniff
last-modified: Wed, 30 Sep 2015 05:09:04 GMT
server: Apache
status: 200
vary: Accept-Encoding
content-type: application/x-font-woff
access-control-allow-origin: *
cache-control: max-age=3600
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 47339
expires: Wed, 09 Sep 2020 20:00:27 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			update-account-credit-service.server-activation.limit.e4cb.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: d850b18e4d7d684fe9cc05f8c5ff4797

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

update-account-credit-service.server-activation.limit.e4cb.com
www.paypalobjects.com
104.111.228.123
131.153.37.2
12bec3e411f30e9f988a001dc06817aef7a8d2513fb2e78c989d75a4946714de
544dfa59462862db7bafc2d2e4b3925ac3eacb11e52834916df02bd1cda19b1d
843e67ad522a908162007f4b7601819a5bbfef00e38ac7aec778766da8b7b2ab
a007f54d6d5e2628eec4360219df69fc77700f34b0602d479e80cb18601ddaa1
ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8
bbe3177aa5d225f117aea0e2eeb27f11d853a33d6d162733c5be8b1de8d36dc5
c599c554590d1a336ffcb9627f6caaac34b6228f60e15f5f25454bff38facb7e
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d
da775dd10f868447dea4c3522fb3b55bd4a5df650d3f2233a76d31bb711f6c2a
f6b125b425c2d84e7ae5e8fee945ab8ee0f4100a6c2f04efc520b1dc3a07bfda

update-account-credit-service.server-activation.limit.e4cb.com Open in urlscan Pro 131.153.37.2 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

342 kBTransfer

339 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

Indicators

update-account-credit-service.server-activation.limit.e4cb.com Open in urlscan Pro
131.153.37.2 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

342 kB
Transfer

339 kB
Size

1
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!