www.ee-billingform-update.com Open in urlscan Pro
104.219.248.63 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.ee-billingform-update.com/
Effective URL:
https://www.ee-billingform-update.com/account/index?ac=ee
Submission: On December 23 via automatic, source certstream-suspicious (December 23rd 2020, 7:28:22 pm UTC)

Summary HTTP 14 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 14 HTTP transactions. The main IP is 104.219.248.63, located in Los Angeles, United States and belongs to NAMECHEAP-NET, US. The main domain is www.ee-billingform-update.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on December 23rd 2020. Valid for: a year.

This is the only time www.ee-billingform-update.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: EE (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
1 13	104.219.248.63 104.219.248.63	22612 (NAMECHEAP...) (NAMECHEAP-NET)
1	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.217.71.156 52.217.71.156	16509 (AMAZON-02) (AMAZON-02)
14	3

13 104.219.248.63 (Los Angeles, United States) 1 redirects

ASN22612 (NAMECHEAP-NET, US)
PTR: business23-1.web-hosting.com

www.ee-billingform-update.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.217.71.156 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

ee-dtp-static.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	ee-billingform-update.com 1 redirects www.ee-billingform-update.com	331 KB
1	amazonaws.com ee-dtp-static.s3.amazonaws.com	181 KB
1	cloudflare.com cdnjs.cloudflare.com	6 KB
14	3

	Domain	Requested by
13	www.ee-billingform-update.com	1 redirects www.ee-billingform-update.com
1	ee-dtp-static.s3.amazonaws.com	www.ee-billingform-update.com
1	cdnjs.cloudflare.com	www.ee-billingform-update.com
14	3

This site contains links to these domains. Also see Links.

Domain
yourhomeaccount.orange.co.uk
accessories.ee.co.uk
newsroom.ee.co.uk
recycle.ee.co.uk
jobs.ee.co.uk
twitter.com
www.facebook.com
www.youtube.com
www.linkedin.com

Subject Issuer	Validity	Valid
ee-billingform-update.com Sectigo RSA Domain Validation Secure Server CA	`2020-12-23` - `2021-12-23`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-10-21` - `2021-10-20`	a year	crt.sh
*.s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2019-11-09` - `2021-03-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.ee-billingform-update.com/account/index?ac=ee
Frame ID: F6885C3A5455E2EFF17830AF5C8CCA62
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.ee-billingform-update.com/ HTTP 302
https://www.ee-billingform-update.com/account/index?ac=ee Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

14
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

517 kB
Transfer

982 kB
Size

1
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://yourhomeaccount.orange.co.uk/
Title: My EE Broadband

Search URL Search Domain Scan URL

URL: https://yourhomeaccount.orange.co.uk/b2cselfcare/b2c/your-bills
Title: Bills

Search URL Search Domain Scan URL

URL: https://yourhomeaccount.orange.co.uk/b2cselfcare/b2c/makepayment
Title: Payments

Search URL Search Domain Scan URL

URL: https://yourhomeaccount.orange.co.uk/b2cselfcare/b2c/viewaccountdetails
Title: Manage account

Search URL Search Domain Scan URL

URL: https://accessories.ee.co.uk/
Title: Accessories

Search URL Search Domain Scan URL

URL: https://newsroom.ee.co.uk/
Title: Newsroom

Search URL Search Domain Scan URL

URL: https://recycle.ee.co.uk/
Title: Trade In

Search URL Search Domain Scan URL

URL: https://jobs.ee.co.uk/
Title: Careers

Search URL Search Domain Scan URL

URL: https://twitter.com/EE
Title: EE on Twitter

Search URL Search Domain Scan URL

URL: http://www.facebook.com/ee
Title: EE on Facebook

Search URL Search Domain Scan URL

URL: http://www.youtube.com/ee
Title: EE on YouTube

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/company/ee-uk
Title: EE on LinkedIn

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.ee-billingform-update.com/ HTTP 302
https://www.ee-billingform-update.com/account/index?ac=ee Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request index Show response
www.ee-billingform-update.com/account/
Redirect Chain

https://www.ee-billingform-update.com/
https://www.ee-billingform-update.com/account/index?ac=ee

109 KB
12 KB

174ms
174ms

Document
text/html

104.219.248.63
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ee-billingform-update.com/account/index?ac=ee

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.219.248.63 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business23-1.web-hosting.com

Software

Apache / PHP/7.2.34

Resource Hash

da1ab92446e47f28b45a7f81f1d981f1f68f003312916d9c5f836dac22e6b681

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.ee-billingform-update.com
:scheme: https
:path: /account/index?ac=ee
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Dec 2020 19:28:04 GMT
server: Apache
x-powered-by: PHP/7.2.34
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=d43cd7c4c41ceb8bf9b97ac023c1ec84; path=/
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade

Redirect headers

date: Wed, 23 Dec 2020 19:28:04 GMT
server: Apache
x-powered-by: PHP/7.2.34
location: account/index?ac=ee
content-length: 0
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
6 KB 15ms
13ms Stylesheet
text/css 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: www.ee-billingform-update.com
URL: https://www.ee-billingform-update.com/account/index?ac=ee

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ee-billingform-update.com/account/index?ac=ee
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Dec 2020 19:28:04 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 578908
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
content-length: 5631
cf-request-id: 0732abb5340000d6e10b092000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7918"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=wrIW9j8GFBClByav4%2Bs8%2FBwrL%2BInl0wpt6mHm11ReNOrFzFPWqejckzbfim91d4mQmDCibiYDe3NDJurLKiu6HShUkyiniv8D%2FVjO%2FeGI1ZBn7eX7mYiSSCB3ugXEDtr5A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 60647bcebbd9d6e1-FRA
expires: Mon, 13 Dec 2021 19:28:04 GMT

GET
H2 200 jquery-3.2.1.min.js Show response
www.ee-billingform-update.com/account/js/ 85 KB
30 KB 457ms
454ms Script
application/javascript 104.219.248.63
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ee-billingform-update.com/account/js/jquery-3.2.1.min.js

Requested by

Host: www.ee-billingform-update.com
URL: https://www.ee-billingform-update.com/account/index?ac=ee

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.219.248.63 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business23-1.web-hosting.com

Software

Apache /

Resource Hash

87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ee-billingform-update.com/account/index?ac=ee
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Dec 2020 19:28:05 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 05 May 2020 18:13:34 GMT
server: Apache
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains; preload;
accept-ranges: bytes
vary: Accept-Encoding
content-length: 30138
x-content-type-options: nosniff

GET
H2 200 jquery.validate.js Show response
www.ee-billingform-update.com/account/js/ 47 KB
13 KB 455ms
453ms Script
application/javascript 104.219.248.63
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ee-billingform-update.com/account/js/jquery.validate.js

Requested by

Host: www.ee-billingform-update.com
URL: https://www.ee-billingform-update.com/account/index?ac=ee

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.219.248.63 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business23-1.web-hosting.com

Software

Apache /

Resource Hash

1fb74efcae5b93fdf6808ca0291ea01ee867ddb4e2a1facd3169ff355790f1dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ee-billingform-update.com/account/index?ac=ee
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Dec 2020 19:28:05 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 05 May 2020 18:13:34 GMT
server: Apache
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains; preload;
accept-ranges: bytes
vary: Accept-Encoding
content-length: 12803
x-content-type-options: nosniff

GET
H2 200 main.1e1767e.min.css
www.ee-billingform-update.com/account/css/ 171 KB
31 KB 597ms
595ms Stylesheet
text/css 104.219.248.63
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ee-billingform-update.com/account/css/main.1e1767e.min.css

Requested by

Host: www.ee-billingform-update.com
URL: https://www.ee-billingform-update.com/account/index?ac=ee

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.219.248.63 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business23-1.web-hosting.com

Software

Apache /

Resource Hash

14ac1414e1056ea29151ebb50a50c4e63fea58fee37a27df73ff729883673fd3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ee-billingform-update.com/account/index?ac=ee
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Dec 2020 19:28:05 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 05 May 2020 18:13:34 GMT
server: Apache
x-frame-options: SAMEORIGIN
content-type: text/css
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains; preload;
accept-ranges: bytes
vary: Accept-Encoding
content-length: 31565
x-content-type-options: nosniff

GET
H2 200 login.1e1767e.min.css
www.ee-billingform-update.com/account/css/ 68 KB
11 KB 314ms
312ms Stylesheet
text/css 104.219.248.63
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ee-billingform-update.com/account/css/login.1e1767e.min.css

Requested by

Host: www.ee-billingform-update.com
URL: https://www.ee-billingform-update.com/account/index?ac=ee

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.219.248.63 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business23-1.web-hosting.com

Software

Apache /

Resource Hash

7f2548ca77dd03dfa09b5d4b083e432e6eff5f98032394a3b0ee662d2f5a65d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ee-billingform-update.com/account/index?ac=ee
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Dec 2020 19:28:05 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 05 May 2020 18:13:34 GMT
server: Apache
x-frame-options: SAMEORIGIN
content-type: text/css
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains; preload;
accept-ranges: bytes
vary: Accept-Encoding
content-length: 10785
x-content-type-options: nosniff

GET
H/1.1 200
OK clientlibs_myee.min.css
ee-dtp-static.s3.amazonaws.com/prod/css/ 181 KB
181 KB 411ms
118ms Stylesheet
text/css 52.217.71.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ee-dtp-static.s3.amazonaws.com/prod/css/clientlibs_myee.min.css
Requested by: Host: www.ee-billingform-update.com
URL: https://www.ee-billingform-update.com/account/index?ac=ee
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.71.156 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: f9df72dd9a1de3785ddf199fe18c2f587cf3bd1ef9c8cce34c4dec162bc1bc8a

Request headers

Referer: https://www.ee-billingform-update.com/account/index?ac=ee
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 23 Dec 2020 19:28:06 GMT
Last-Modified: Wed, 02 Sep 2020 22:48:38 GMT
Server: AmazonS3
x-amz-request-id: 0AA2D626CE3C4DFA
ETag: "8cb24de368b0f3217de2060fa04c0a08"
Content-Type: text/css
x-amz-version-id: GZI_FDYBp3BkLOaj1ODJIK7IE3J_YHJD
Accept-Ranges: bytes
Content-Length: 184930
x-amz-id-2: eU7PQzn20ZZqOWzF+/XF9naw6mTCR6gFgaLxRlBptkGWO58aK/+GeRMCIKVREq0y91qGdhjSGYE=

GET
H2 200 clientlibs_meganav.min.css
www.ee-billingform-update.com/account/css/ 72 KB
11 KB 175ms
173ms Stylesheet
text/css 104.219.248.63
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ee-billingform-update.com/account/css/clientlibs_meganav.min.css

Requested by

Host: www.ee-billingform-update.com
URL: https://www.ee-billingform-update.com/account/index?ac=ee

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.219.248.63 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business23-1.web-hosting.com

Software

Apache /

Resource Hash

8e95a0dbb04516e5241a70af051414a259037b8584c9be4fcf53e86d489c1a07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ee-billingform-update.com/account/index?ac=ee
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Dec 2020 19:28:05 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 05 May 2020 18:13:34 GMT
server: Apache
x-frame-options: SAMEORIGIN
content-type: text/css
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains; preload;
accept-ranges: bytes
vary: Accept-Encoding
content-length: 10783
x-content-type-options: nosniff

GET
H2 200 ee-icons.woff
www.ee-billingform-update.com/account/fonts/ 47 KB
48 KB 178ms
178ms Font
font/woff 104.219.248.63
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ee-billingform-update.com/account/fonts/ee-icons.woff

Requested by

Host: www.ee-billingform-update.com
URL: https://www.ee-billingform-update.com/account/css/main.1e1767e.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.219.248.63 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business23-1.web-hosting.com

Software

Apache /

Resource Hash

da4cc80a79084aaf4e6edd60228913b0244dec63332d25b36c076632619b19ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.ee-billingform-update.com
Referer: https://www.ee-billingform-update.com/account/css/main.1e1767e.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Dec 2020 19:28:05 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 05 May 2020 18:13:34 GMT
server: Apache
x-frame-options: SAMEORIGIN
content-type: font/woff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains; preload;
accept-ranges: bytes
content-length: 48388
x-content-type-options: nosniff

GET
H2 200 rubrik_regular.woff
www.ee-billingform-update.com/account/fonts/ 31 KB
32 KB 173ms
173ms Font
font/woff 104.219.248.63
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ee-billingform-update.com/account/fonts/rubrik_regular.woff

Requested by

Host: www.ee-billingform-update.com
URL: https://www.ee-billingform-update.com/account/css/login.1e1767e.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.219.248.63 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business23-1.web-hosting.com

Software

Apache /

Resource Hash

717f88116eeb521c6f62d2507b1df5331a3422cfe73126c2675382b5540cf57f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.ee-billingform-update.com
Referer: https://www.ee-billingform-update.com/account/css/login.1e1767e.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Dec 2020 19:28:05 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 05 May 2020 18:13:34 GMT
server: Apache
x-frame-options: SAMEORIGIN
content-type: font/woff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains; preload;
accept-ranges: bytes
content-length: 32224
x-content-type-options: nosniff

GET
H2 200 rubrik_semibold.woff
www.ee-billingform-update.com/account/fonts/ 32 KB
33 KB 321ms
321ms Font
font/woff 104.219.248.63
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ee-billingform-update.com/account/fonts/rubrik_semibold.woff

Requested by

Host: www.ee-billingform-update.com
URL: https://www.ee-billingform-update.com/account/css/login.1e1767e.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.219.248.63 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business23-1.web-hosting.com

Software

Apache /

Resource Hash

92570d2534fc4d673622e3881535a6dc39213c9f6ff05903ec90a8381b1a2ffe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.ee-billingform-update.com
Referer: https://www.ee-billingform-update.com/account/css/login.1e1767e.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Dec 2020 19:28:05 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 05 May 2020 18:13:34 GMT
server: Apache
x-frame-options: SAMEORIGIN
content-type: font/woff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains; preload;
accept-ranges: bytes
content-length: 33016
x-content-type-options: nosniff

GET
H2 200 nobblee_light.woff
www.ee-billingform-update.com/account/fonts/ 32 KB
32 KB 316ms
316ms Font
font/woff 104.219.248.63
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ee-billingform-update.com/account/fonts/nobblee_light.woff

Requested by

Host: www.ee-billingform-update.com
URL: https://www.ee-billingform-update.com/account/css/main.1e1767e.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.219.248.63 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business23-1.web-hosting.com

Software

Apache /

Resource Hash

a2b35cb11e44fb935099d43e70a5a61c3e4af9769b48c3ff27778c359052ab78

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.ee-billingform-update.com
Referer: https://www.ee-billingform-update.com/account/css/main.1e1767e.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Dec 2020 19:28:05 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 05 May 2020 18:13:34 GMT
server: Apache
x-frame-options: SAMEORIGIN
content-type: font/woff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains; preload;
accept-ranges: bytes
content-length: 32272
x-content-type-options: nosniff

GET
H2 200 nobblee_regular.woff
www.ee-billingform-update.com/account/fonts/ 47 KB
48 KB 551ms
550ms Font
font/woff 104.219.248.63
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ee-billingform-update.com/account/fonts/nobblee_regular.woff

Requested by

Host: www.ee-billingform-update.com
URL: https://www.ee-billingform-update.com/account/css/main.1e1767e.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.219.248.63 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business23-1.web-hosting.com

Software

Apache /

Resource Hash

59a88d64e191e0adfd848a14cd3be24ac3dbbc4c2d888bb20c6e768d7ae59514

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.ee-billingform-update.com
Referer: https://www.ee-billingform-update.com/account/css/main.1e1767e.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Dec 2020 19:28:05 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 05 May 2020 18:13:34 GMT
server: Apache
x-frame-options: SAMEORIGIN
content-type: font/woff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains; preload;
accept-ranges: bytes
content-length: 48360
x-content-type-options: nosniff

GET
H2 200 rubrik_light.woff
www.ee-billingform-update.com/account/fonts/ 31 KB
31 KB 559ms
558ms Font
font/woff 104.219.248.63
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ee-billingform-update.com/account/fonts/rubrik_light.woff

Requested by

Host: www.ee-billingform-update.com
URL: https://www.ee-billingform-update.com/account/css/login.1e1767e.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.219.248.63 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business23-1.web-hosting.com

Software

Apache /

Resource Hash

1af05253947be88483e3340c3f971b3c0a6830a71851b9d3e5f3de83a89005f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.ee-billingform-update.com
Referer: https://www.ee-billingform-update.com/account/css/login.1e1767e.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Dec 2020 19:28:05 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 05 May 2020 18:13:34 GMT
server: Apache
x-frame-options: SAMEORIGIN
content-type: font/woff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains; preload;
accept-ranges: bytes
content-length: 31860
x-content-type-options: nosniff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: EE (Telecommunication)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.ee-billingform-update.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: d43cd7c4c41ceb8bf9b97ac023c1ec84

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
ee-dtp-static.s3.amazonaws.com
www.ee-billingform-update.com
104.219.248.63
2606:4700::6810:135e
52.217.71.156
14ac1414e1056ea29151ebb50a50c4e63fea58fee37a27df73ff729883673fd3
1af05253947be88483e3340c3f971b3c0a6830a71851b9d3e5f3de83a89005f1
1fb74efcae5b93fdf6808ca0291ea01ee867ddb4e2a1facd3169ff355790f1dd
59a88d64e191e0adfd848a14cd3be24ac3dbbc4c2d888bb20c6e768d7ae59514
717f88116eeb521c6f62d2507b1df5331a3422cfe73126c2675382b5540cf57f
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7f2548ca77dd03dfa09b5d4b083e432e6eff5f98032394a3b0ee662d2f5a65d2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8e95a0dbb04516e5241a70af051414a259037b8584c9be4fcf53e86d489c1a07
92570d2534fc4d673622e3881535a6dc39213c9f6ff05903ec90a8381b1a2ffe
a2b35cb11e44fb935099d43e70a5a61c3e4af9769b48c3ff27778c359052ab78
da1ab92446e47f28b45a7f81f1d981f1f68f003312916d9c5f836dac22e6b681
da4cc80a79084aaf4e6edd60228913b0244dec63332d25b36c076632619b19ed
f9df72dd9a1de3785ddf199fe18c2f587cf3bd1ef9c8cce34c4dec162bc1bc8a

www.ee-billingform-update.com Open in urlscan Pro 104.219.248.63 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

517 kBTransfer

982 kBSize

1 Cookies

12 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

www.ee-billingform-update.com Open in urlscan Pro
104.219.248.63 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

517 kB
Transfer

982 kB
Size

1
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!