support-services.4sbcm.com Open in urlscan Pro
103.140.239.49 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://support-services.4sbcm.com/sign.php
Submission: On May 05 via api (May 5th 2024, 12:24:19 am UTC) from BE — Scanned from DE

Summary HTTP 15 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 2 domains to perform 15 HTTP transactions. The main IP is 103.140.239.49, located in Hong Kong and belongs to UFO-AS-AP UFO Network Limited, HK. The main domain is support-services.4sbcm.com.
TLS certificate: Issued by R3 on May 2nd 2024. Valid for: 3 months.

This is the only time support-services.4sbcm.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPay (Financial)

Domain & IP information

	IP Address	AS Autonomous System
12	103.140.239.49 103.140.239.49	139293 (UFO-AS-AP...) (UFO-AS-AP UFO Network Limited)
2	18.66.192.113 18.66.192.113	16509 (AMAZON-02) (AMAZON-02)
1	108.138.36.9 108.138.36.9	16509 (AMAZON-02) (AMAZON-02)
15	4

12 103.140.239.49 (Hong Kong)

ASN139293 (UFO-AS-AP UFO Network Limited, HK)

support-services.4sbcm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.192.113 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-192-113.muc50.r.cloudfront.net

static.paypay.ne.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.36.9 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-9.muc50.r.cloudfront.net

cdn.assets.paypay.ne.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	4sbcm.com support-services.4sbcm.com	137 KB
3	paypay.ne.jp static.paypay.ne.jp — Cisco Umbrella Rank: 680698 cdn.assets.paypay.ne.jp	101 KB
15	2

	Domain	Requested by
12	support-services.4sbcm.com	support-services.4sbcm.com
2	static.paypay.ne.jp	support-services.4sbcm.com
1	cdn.assets.paypay.ne.jp
15	3

This site contains links to these domains. Also see Links.

Domain
about.paypay.ne.jp
paypay.ne.jp

Subject Issuer	Validity	Valid
support-services.4sbcm.com R3	`2024-05-02` - `2024-07-31`	3 months	crt.sh
*.paypay.ne.jp Amazon RSA 2048 M03	`2024-03-13` - `2025-04-10`	a year	crt.sh
*.assets.paypay.ne.jp Amazon RSA 2048 M03	`2024-01-11` - `2025-02-08`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://support-services.4sbcm.com/sign.php
Frame ID: 35C62B4A0985819CA0CE9F8D12A9F2CA
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

PayPay

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Page Statistics

15
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

4
IPs

2
Countries

237 kB
Transfer

580 kB
Size

0
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://about.paypay.ne.jp/docs/terms/paypay-consumer-terms/
Title: 利用規約

Search URL Search Domain Scan URL

URL: https://about.paypay.ne.jp/docs/terms/privacy/
Title: プライバシーポリシー

Search URL Search Domain Scan URL

URL: https://paypay.ne.jp/rd/support/help/?external_id=&platform=web
Title: ヘルプページを見る

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request sign.php Show response
support-services.4sbcm.com/ 22 KB
13 KB 975ms
282ms Document
text/html 103.140.239.49
UFO-AS-AP UFO Net...

General

Check archive.org

Show headers Download Go to

Full URL: https://support-services.4sbcm.com/sign.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.140.239.49 , Hong Kong, ASN139293 (UFO-AS-AP UFO Network Limited, HK),
Reverse DNS
Software: Apache /
Resource Hash: e3b06708eeabde2354e76f9e859bd127eb353924e691845a14f6f62c2fb464e9

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: gzip
content-length: 13057
content-type: text/html; charset=UTF-8
date: Sun, 05 May 2024 00:24:13 GMT
server: Apache
vary: Accept-Encoding

GET
H2 200 main~748942c6.5b03cf49.css
support-services.4sbcm.com/PayPay_files/ 127 KB
56 KB 284ms
283ms Stylesheet
text/css 103.140.239.49
UFO-AS-AP UFO Net...

General

Check archive.org

Show headers Download Go to

Full URL: https://support-services.4sbcm.com/PayPay_files/main~748942c6.5b03cf49.css
Requested by: Host: support-services.4sbcm.com
URL: https://support-services.4sbcm.com/sign.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.140.239.49 , Hong Kong, ASN139293 (UFO-AS-AP UFO Network Limited, HK),
Reverse DNS
Software: Apache /
Resource Hash: 00cec79a5d33b06ecf30de729de5f9aaa0c0e663bd311f87416d04a10e2c868f

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://support-services.4sbcm.com/sign.php
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 05 May 2024 00:24:13 GMT
content-encoding: gzip
last-modified: Tue, 30 Apr 2024 15:11:03 GMT
server: Apache
etag: "1fabd-61751c7414fc0-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes

GET
H2 200 cashier-page~21833f8f.593f8e2e.css
support-services.4sbcm.com/PayPay_files/ 87 KB
8 KB 283ms
283ms Stylesheet
text/css 103.140.239.49
UFO-AS-AP UFO Net...

General

Check archive.org

Show headers Download Go to

Full URL: https://support-services.4sbcm.com/PayPay_files/cashier-page~21833f8f.593f8e2e.css
Requested by: Host: support-services.4sbcm.com
URL: https://support-services.4sbcm.com/sign.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.140.239.49 , Hong Kong, ASN139293 (UFO-AS-AP UFO Network Limited, HK),
Reverse DNS
Software: Apache /
Resource Hash: d4c510b036f671ccb86d6f9d341e2ecf0715487004e8366b7de65bb3a80c6af6

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://support-services.4sbcm.com/sign.php
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 05 May 2024 00:24:13 GMT
content-encoding: gzip
last-modified: Tue, 30 Apr 2024 15:10:06 GMT
server: Apache
etag: "15a71-61751c3db8f80-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 8510

GET
H2 200 cashier-page~8f033120.02462ff4.css
support-services.4sbcm.com/PayPay_files/ 109 KB
10 KB 560ms
560ms Stylesheet
text/css 103.140.239.49
UFO-AS-AP UFO Net...

General

Check archive.org

Show headers Download Go to

Full URL: https://support-services.4sbcm.com/PayPay_files/cashier-page~8f033120.02462ff4.css
Requested by: Host: support-services.4sbcm.com
URL: https://support-services.4sbcm.com/sign.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.140.239.49 , Hong Kong, ASN139293 (UFO-AS-AP UFO Network Limited, HK),
Reverse DNS
Software: Apache /
Resource Hash: 6ad8188957e4c5a7b861a696055e8c7f275ba159b7ceee51ad41c68a8080d01b

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://support-services.4sbcm.com/sign.php
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 05 May 2024 00:24:13 GMT
content-encoding: gzip
last-modified: Tue, 30 Apr 2024 15:10:14 GMT
server: Apache
etag: "1b268-61751c455a180-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 10093

GET
H2 200 cashier-page~4624be9b.e2e8e3b9.css
support-services.4sbcm.com/PayPay_files/ 89 KB
9 KB 562ms
562ms Stylesheet
text/css 103.140.239.49
UFO-AS-AP UFO Net...

General

Check archive.org

Show headers Download Go to

Full URL: https://support-services.4sbcm.com/PayPay_files/cashier-page~4624be9b.e2e8e3b9.css
Requested by: Host: support-services.4sbcm.com
URL: https://support-services.4sbcm.com/sign.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.140.239.49 , Hong Kong, ASN139293 (UFO-AS-AP UFO Network Limited, HK),
Reverse DNS
Software: Apache /
Resource Hash: 9c29624f7a63e1cf9031458ef969f3f27c4eb44619c2038e681b3187fed1f03a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://support-services.4sbcm.com/sign.php
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 05 May 2024 00:24:13 GMT
content-encoding: gzip
last-modified: Tue, 30 Apr 2024 15:10:13 GMT
server: Apache
etag: "16531-61751c4465f40-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 9121

GET
H2 200 ic-expiry-timer-blue.12fb0056.svg
support-services.4sbcm.com/PayPay_files/ 787 B
480 B 562ms
562ms Image
image/svg+xml 103.140.239.49
UFO-AS-AP UFO Net...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://support-services.4sbcm.com/PayPay_files/ic-expiry-timer-blue.12fb0056.svg
Requested by: Host: support-services.4sbcm.com
URL: https://support-services.4sbcm.com/sign.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.140.239.49 , Hong Kong, ASN139293 (UFO-AS-AP UFO Network Limited, HK),
Reverse DNS
Software: Apache /
Resource Hash: 3ae505cde0d204562e204fcdb7960e6dc8718b8a19d5f33673743685da8eba0e

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://support-services.4sbcm.com/sign.php
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 05 May 2024 00:24:13 GMT
content-encoding: gzip
last-modified: Tue, 30 Apr 2024 15:10:52 GMT
server: Apache
etag: "313-61751c6997700-gzip"
vary: Accept-Encoding
content-type: image/svg+xml
accept-ranges: bytes
content-length: 391

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 96db9ca236e4eadf68ca5c79f1e1725270a5d1344021133441f6c9a9d9e48a93

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 btn-close-white.de9d9878.svg
support-services.4sbcm.com/PayPay_files/ 766 B
546 B 554ms
554ms Image
image/svg+xml 103.140.239.49
UFO-AS-AP UFO Net...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://support-services.4sbcm.com/PayPay_files/btn-close-white.de9d9878.svg
Requested by: Host: support-services.4sbcm.com
URL: https://support-services.4sbcm.com/sign.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.140.239.49 , Hong Kong, ASN139293 (UFO-AS-AP UFO Network Limited, HK),
Reverse DNS
Software: Apache /
Resource Hash: 4d95983644d067d0a2404934d1ff5f070e952335e9cb3f8f10b41201c0a261f4

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://support-services.4sbcm.com/sign.php
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 05 May 2024 00:24:14 GMT
content-encoding: gzip
last-modified: Tue, 30 Apr 2024 15:10:04 GMT
server: Apache
etag: "2fe-61751c3bd0b00-gzip"
vary: Accept-Encoding
content-type: image/svg+xml
accept-ranges: bytes
content-length: 447

GET
H2 200 toast-close.eca55063.svg
support-services.4sbcm.com/PayPay_files/ 291 B
281 B 554ms
554ms Image
image/svg+xml 103.140.239.49
UFO-AS-AP UFO Net...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://support-services.4sbcm.com/PayPay_files/toast-close.eca55063.svg
Requested by: Host: support-services.4sbcm.com
URL: https://support-services.4sbcm.com/sign.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.140.239.49 , Hong Kong, ASN139293 (UFO-AS-AP UFO Network Limited, HK),
Reverse DNS
Software: Apache /
Resource Hash: 5d8e6c8f65deb088f2065a1225c20a309a675fec73b4971e587ee66ebc9a7d08

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://support-services.4sbcm.com/sign.php
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 05 May 2024 00:24:14 GMT
content-encoding: gzip
last-modified: Tue, 30 Apr 2024 15:11:28 GMT
server: Apache
etag: "123-61751c8bec800-gzip"
vary: Accept-Encoding
content-type: image/svg+xml
accept-ranges: bytes
content-length: 206

GET
H2 200 settings.json Show response
support-services.4sbcm.com/ 949 B
514 B 278ms
278ms Fetch
application/json 103.140.239.49
UFO-AS-AP UFO Net...

General

Check archive.org

Show headers Download Go to

Full URL: https://support-services.4sbcm.com/settings.json
Requested by: Host: support-services.4sbcm.com
URL: https://support-services.4sbcm.com/sign.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.140.239.49 , Hong Kong, ASN139293 (UFO-AS-AP UFO Network Limited, HK),
Reverse DNS
Software: Apache /
Resource Hash: 158c64c2d9673310858bbe95e97c86f1a012d0b119b6cb1a5ba7d8aa6228b710

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://support-services.4sbcm.com/sign.php
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 05 May 2024 00:24:14 GMT
content-encoding: gzip
last-modified: Sat, 04 May 2024 12:41:35 GMT
server: Apache
etag: "3b5-617a028229b62-gzip"
vary: Accept-Encoding
content-type: application/json
accept-ranges: bytes
content-length: 425

GET
H2 200 Graphik-Semibold-Web.woff2
static.paypay.ne.jp/font/ 40 KB
41 KB 1266ms
1151ms Font
binary/octet-stream 18.66.192.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.paypay.ne.jp/font/Graphik-Semibold-Web.woff2

Requested by

Host: support-services.4sbcm.com
URL: https://support-services.4sbcm.com/PayPay_files/main~748942c6.5b03cf49.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.192.113 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-192-113.muc50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

6d9477835a788bf110c7d1cf1ff133197c095cef8f74d136213fc0dfc0fe8e9f

Security Headers

Name	Value
X-Xss-Protection	1; report=https://sentry.platform.paypay.ne.jp/api/7/security/?sentry_key=ddc3869636314a46b67901b01b2c0780

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://support-services.4sbcm.com/
Origin: https://support-services.4sbcm.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: COoYnd7IDHod.z2O1wLaXRCGS67k.KXT
date: Sun, 05 May 2024 00:24:16 GMT
via: 1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P1
content-security-policy-report-only: default-src 'self' *.paypay.ne.jp; frame-ancestors 'self' https://www.youtube.com *.paypay-corp.co.jp *.paypay.ne.jp; frame-src 'self' https://www.youtube.com *.paypay.ne.jp paypay.ne.jp *.paypay-corp.co.jp; connect-src 'self' analytics.google.com firebaseinstallations.googleapis.com www.google-analytics.com stats.g.doubleclick.net; img-src 'self' *.paypay.ne.jp www.google.co.jp s.yimg.jp www.googletagmanager.com; script-src 'self' www.googletagmanager.com; script-src-elem 'self' www.googletagmanager.com; report-uri https://sentry.platform.paypay.ne.jp/api/7/security/?sentry_key=ddc3869636314a46b67901b01b2c0780
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 40841
x-xss-protection: 1; report=https://sentry.platform.paypay.ne.jp/api/7/security/?sentry_key=ddc3869636314a46b67901b01b2c0780
last-modified: Mon, 01 Mar 2021 03:37:28 GMT
server: AmazonS3
etag: "58f03fe229d9f03366b7710e683b4725"
expect-ct: max-age=86400, report-uri="https://sentry.platform.paypay.ne.jp/api/7/security/?sentry_key=ddc3869636314a46b67901b01b2c0780"
access-control-max-age: 600
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
cache-control: max-age=2592000
vary: Accept-Encoding,Origin
accept-ranges: bytes
x-amz-cf-id: tIJEnPese8I22aUynGWTkMZbLorF_sIZ6GKg-tHtR2S27frCOlXKDQ==

GET
H2 200 Graphik-Regular-Web.woff2
static.paypay.ne.jp/font/ 36 KB
37 KB 1226ms
1110ms Font
binary/octet-stream 18.66.192.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.paypay.ne.jp/font/Graphik-Regular-Web.woff2

Requested by

Host: support-services.4sbcm.com
URL: https://support-services.4sbcm.com/PayPay_files/main~748942c6.5b03cf49.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.192.113 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-192-113.muc50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

026edf5e5d1b243ee3f7df45916d0a5c09fc2512d72752d2fb80f1b27f3bebde

Security Headers

Name	Value
X-Xss-Protection	1; report=https://sentry.platform.paypay.ne.jp/api/7/security/?sentry_key=ddc3869636314a46b67901b01b2c0780

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://support-services.4sbcm.com/
Origin: https://support-services.4sbcm.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: 5ilXlD5l0v8NlQZ7Pd4jC4XwNDR22wXE
date: Sun, 05 May 2024 00:24:16 GMT
via: 1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P1
content-security-policy-report-only: default-src 'self' *.paypay.ne.jp; frame-ancestors 'self' https://www.youtube.com *.paypay-corp.co.jp *.paypay.ne.jp; frame-src 'self' https://www.youtube.com *.paypay.ne.jp paypay.ne.jp *.paypay-corp.co.jp; connect-src 'self' analytics.google.com firebaseinstallations.googleapis.com www.google-analytics.com stats.g.doubleclick.net; img-src 'self' *.paypay.ne.jp www.google.co.jp s.yimg.jp www.googletagmanager.com; script-src 'self' www.googletagmanager.com; script-src-elem 'self' www.googletagmanager.com; report-uri https://sentry.platform.paypay.ne.jp/api/7/security/?sentry_key=ddc3869636314a46b67901b01b2c0780
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 36525
x-xss-protection: 1; report=https://sentry.platform.paypay.ne.jp/api/7/security/?sentry_key=ddc3869636314a46b67901b01b2c0780
last-modified: Mon, 01 Mar 2021 03:37:28 GMT
server: AmazonS3
etag: "bb7e8769f1f60cf06fd62052a1059caf"
expect-ct: max-age=86400, report-uri="https://sentry.platform.paypay.ne.jp/api/7/security/?sentry_key=ddc3869636314a46b67901b01b2c0780"
access-control-max-age: 600
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
cache-control: max-age=2592000
vary: Accept-Encoding,Origin
accept-ranges: bytes
x-amz-cf-id: G95pdD9qNY10uqnXHu6SOiGbKzRfm6fISxzZo0s4IpI136y7zHNPqA==

GET
H2 200 03.png
support-services.4sbcm.com/ 5 KB
5 KB 279ms
279ms Image
image/png 103.140.239.49
UFO-AS-AP UFO Net...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://support-services.4sbcm.com/03.png
Requested by: Host: support-services.4sbcm.com
URL: https://support-services.4sbcm.com/sign.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.140.239.49 , Hong Kong, ASN139293 (UFO-AS-AP UFO Network Limited, HK),
Reverse DNS
Software: Apache /
Resource Hash: fc901f3deb9a6aacded46e430bca35294e32d6114cb911e2da4b12b7ea23cbba

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://support-services.4sbcm.com/sign.php
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 05 May 2024 00:24:15 GMT
last-modified: Sat, 04 May 2024 12:31:00 GMT
server: Apache
accept-ranges: bytes
etag: "133a-617a0024499d8"
content-length: 4922
content-type: image/png

GET
H2 200 photo_paypay1.jpg
support-services.4sbcm.com/ 27 KB
27 KB 279ms
278ms Image
image/jpeg 103.140.239.49
UFO-AS-AP UFO Net...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://support-services.4sbcm.com/photo_paypay1.jpg
Requested by: Host: support-services.4sbcm.com
URL: https://support-services.4sbcm.com/sign.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.140.239.49 , Hong Kong, ASN139293 (UFO-AS-AP UFO Network Limited, HK),
Reverse DNS
Software: Apache /
Resource Hash: 71d45139c39de66dbf86b418ab20d66a6bd4f8bb2a1a6103d58bb1cc56509712

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://support-services.4sbcm.com/sign.php
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 05 May 2024 00:24:15 GMT
last-modified: Wed, 01 May 2024 15:53:01 GMT
server: Apache
accept-ranges: bytes
etag: "6c22-617667b2e5140"
content-length: 27682
content-type: image/jpeg

GET
H2 200 photo_shangjiatupian.jpg
support-services.4sbcm.com/PayPay_files/ 6 KB
6 KB 279ms
279ms Image
image/jpeg 103.140.239.49
UFO-AS-AP UFO Net...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://support-services.4sbcm.com/PayPay_files/photo_shangjiatupian.jpg
Requested by: Host: support-services.4sbcm.com
URL: https://support-services.4sbcm.com/sign.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.140.239.49 , Hong Kong, ASN139293 (UFO-AS-AP UFO Network Limited, HK),
Reverse DNS
Software: Apache /
Resource Hash: eb1ab8271e4574caf28c9ea719c8729a4ea8e7e8c49677c32fb6b4743ef2f5b7

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://support-services.4sbcm.com/sign.php
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 05 May 2024 00:24:15 GMT
last-modified: Wed, 01 May 2024 15:55:00 GMT
server: Apache
accept-ranges: bytes
etag: "1892-6176682461d00"
content-length: 6290
content-type: image/jpeg

GET
H2 200 favicon.ico
cdn.assets.paypay.ne.jp/cdn/apps/prod/web/4-43-0/ 22 KB
23 KB 144ms
46ms Other
image/vnd.microsoft.icon 108.138.36.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.assets.paypay.ne.jp/cdn/apps/prod/web/4-43-0/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.36.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-36-9.muc50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

3850a133bfe3ac48100036a9452f60bfc74538bd94ced9aa53db40b5654749e5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .paypay.ne.jp; frame-ancestors 'none' .paypay.ne.jp; connect-src https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://support-services.4sbcm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 02:45:02 GMT
x-amz-version-id: tRH6oa3_nXTZsDa3_eGz_J5DsLoAKPq6
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
via: 1.1 d2e8c709d1f79bde6ed8f833f02bdd34.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' *.paypay.ne.jp; frame-ancestors 'none' *.paypay.ne.jp; connect-src https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com
x-amz-cf-pop: MUC50-P2
age: 77955
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 22382
x-xss-protection: 1; mode=block
last-modified: Wed, 24 Apr 2024 13:10:37 GMT
server: AmazonS3
etag: "576287a38d00e198b1e8b4881932be10"
expect-ct: max-age=86400, enforce
x-frame-options: DENY
content-type: image/vnd.microsoft.icon
accept-ranges: bytes
x-amz-cf-id: cckxSSNeNb5K8wJr2I51VYqbRcC3nYhKJT8aosxF8QcAOApIga3elg==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPay (Financial)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| updateCountdown function| startCountdown

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.assets.paypay.ne.jp
static.paypay.ne.jp
support-services.4sbcm.com
103.140.239.49
108.138.36.9
18.66.192.113
00cec79a5d33b06ecf30de729de5f9aaa0c0e663bd311f87416d04a10e2c868f
026edf5e5d1b243ee3f7df45916d0a5c09fc2512d72752d2fb80f1b27f3bebde
158c64c2d9673310858bbe95e97c86f1a012d0b119b6cb1a5ba7d8aa6228b710
3850a133bfe3ac48100036a9452f60bfc74538bd94ced9aa53db40b5654749e5
3ae505cde0d204562e204fcdb7960e6dc8718b8a19d5f33673743685da8eba0e
4d95983644d067d0a2404934d1ff5f070e952335e9cb3f8f10b41201c0a261f4
5d8e6c8f65deb088f2065a1225c20a309a675fec73b4971e587ee66ebc9a7d08
6ad8188957e4c5a7b861a696055e8c7f275ba159b7ceee51ad41c68a8080d01b
6d9477835a788bf110c7d1cf1ff133197c095cef8f74d136213fc0dfc0fe8e9f
71d45139c39de66dbf86b418ab20d66a6bd4f8bb2a1a6103d58bb1cc56509712
96db9ca236e4eadf68ca5c79f1e1725270a5d1344021133441f6c9a9d9e48a93
9c29624f7a63e1cf9031458ef969f3f27c4eb44619c2038e681b3187fed1f03a
d4c510b036f671ccb86d6f9d341e2ecf0715487004e8366b7de65bb3a80c6af6
e3b06708eeabde2354e76f9e859bd127eb353924e691845a14f6f62c2fb464e9
eb1ab8271e4574caf28c9ea719c8729a4ea8e7e8c49677c32fb6b4743ef2f5b7
fc901f3deb9a6aacded46e430bca35294e32d6114cb911e2da4b12b7ea23cbba

support-services.4sbcm.com Open in urlscan Pro 103.140.239.49 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

0 %IPv6

2 Domains

3 Subdomains

4 IPs

2 Countries

237 kBTransfer

580 kBSize

0 Cookies

3 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

support-services.4sbcm.com Open in urlscan Pro
103.140.239.49 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

4
IPs

2
Countries

237 kB
Transfer

580 kB
Size

0
Cookies

15 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!