paypal.csharmony.epsilon.com Open in urlscan Pro
159.127.208.126 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://epl.paypal-communication.com/T/v600000184152ed0709d1b0af4bbcfbb48/19cecaeaff6f4d480000021ef3a0bcd9/19cecaea-ff6f-4d48-b091-b0...
Effective URL:
https://paypal.csharmony.epsilon.com/Credit_Unsubscribe?e=michaele.odwyer@memorialhermann.org&k=91D408019A869535W
Submission: On October 26 via api (October 26th 2022, 8:50:48 pm UTC) from US — Scanned from DE

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 5 domains to perform 14 HTTP transactions. The main IP is 159.127.208.126, located in United States and belongs to EPSILON-INTERACTIVE, US. The main domain is paypal.csharmony.epsilon.com.
TLS certificate: Issued by Entrust Certification Authority - L1K on August 2nd 2022. Valid for: a year.

This is the only time paypal.csharmony.epsilon.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 1	159.127.187.100 159.127.187.100	19137 (EPSILON-I...) (EPSILON-INTERACTIVE)
2	159.127.208.126 159.127.208.126	19137 (EPSILON-I...) (EPSILON-INTERACTIVE)
5	208.76.140.155 208.76.140.155	30393 (BMLCORP) (BMLCORP)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	192.229.221.25 192.229.221.25	15133 (EDGECAST) (EDGECAST)
14	4

1 159.127.187.100 (United States) 1 redirects

ASN19137 (EPSILON-INTERACTIVE, US)

epl.paypal-communication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 159.127.208.126 (United States)

ASN19137 (EPSILON-INTERACTIVE, US)

paypal.csharmony.epsilon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 208.76.140.155 (United States)

ASN30393 (BMLCORP, US)

www.paypalcredit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 192.229.221.25 (United States)

ASN15133 (EDGECAST, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2248	187 KB
5	paypalcredit.com www.paypalcredit.com	45 KB
2	epsilon.com paypal.csharmony.epsilon.com	7 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 720	20 KB
1	paypal-communication.com 1 redirects epl.paypal-communication.com — Cisco Umbrella Rank: 55965	223 B
14	5

	Domain	Requested by
6	www.paypalobjects.com	paypal.csharmony.epsilon.com www.paypalobjects.com
5	www.paypalcredit.com	paypal.csharmony.epsilon.com www.paypalcredit.com
2	paypal.csharmony.epsilon.com	paypal.csharmony.epsilon.com
1	maxcdn.bootstrapcdn.com	paypal.csharmony.epsilon.com
1	epl.paypal-communication.com	1 redirects
14	5

This site contains no links.

Subject Issuer	Validity	Valid
*.csharmony.epsilon.com Entrust Certification Authority - L1K	`2022-08-02` - `2023-08-31`	a year	crt.sh
www.paypalcredit.com DigiCert SHA2 Extended Validation Server CA	`2022-03-24` - `2023-04-24`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-01-29` - `2023-01-29`	a year	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2022-04-25` - `2023-04-25`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://paypal.csharmony.epsilon.com/Credit_Unsubscribe?e=michaele.odwyer@memorialhermann.org&k=91D408019A869535W
Frame ID: 103A1095CE9326D9C958A4BB8F24193A
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

UnsubscribeUntitled Document

Page URL History Show full URLs

https://epl.paypal-communication.com/T/v600000184152ed0709d1b0af4bbcfbb48/19cecaeaff6f4d480000021ef3a0bcd9/19ceca... HTTP 302
https://paypal.csharmony.epsilon.com/Credit_Unsubscribe?e=michaele.odwyer@memorialhermann.org&k=91D408019A869535W Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

100 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

4
IPs

1
Countries

259 kB
Transfer

612 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://epl.paypal-communication.com/T/v600000184152ed0709d1b0af4bbcfbb48/19cecaeaff6f4d480000021ef3a0bcd9/19cecaea-ff6f-4d48-b091-b0ae6f25e858?__dU__=v0G4RBKTXg2GtDSXU69hUjn5RqR7EEyYkx HTTP 302
https://paypal.csharmony.epsilon.com/Credit_Unsubscribe?e=michaele.odwyer@memorialhermann.org&k=91D408019A869535W Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request Credit_Unsubscribe Show response
paypal.csharmony.epsilon.com/
Redirect Chain

https://epl.paypal-communication.com/T/v600000184152ed0709d1b0af4bbcfbb48/19cecaeaff6f4d480000021ef3a0bcd9/19cecaea-ff6f-4d48-b091-b0ae6f25e858?__dU__=v0G4RBKTXg2GtDSXU69hUjn5RqR7EEyYkx
https://paypal.csharmony.epsilon.com/Credit_Unsubscribe?e=michaele.odwyer@memorialhermann.org&k=91D408019A869535W

4 KB
5 KB

586ms
141ms

Document
text/html

159.127.208.126
EPSILON-INTERACTIVE

General

Check archive.org

Show headers Download Go to

Full URL

https://paypal.csharmony.epsilon.com/Credit_Unsubscribe?e=michaele.odwyer@memorialhermann.org&k=91D408019A869535W

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.127.208.126 , United States, ASN19137 (EPSILON-INTERACTIVE, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

135daaaa867c6d3f851066b97dcc19d46ef038a044e8923d10a0ea6bffc2c290

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private
Content-Length: 4385
Content-Type: text/html; charset=utf-8
Date: Wed, 26 Oct 2022 20:50:42 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 5.2
X-Frame-Options: SAMEORIGIN
X-Powered-By: ASP.NET

Redirect headers

cache-control: no-cache
content-length: 0
date: Wed, 26 Oct 2022 20:50:41 GMT
location: https://paypal.csharmony.epsilon.com/Credit_Unsubscribe?e=michaele.odwyer@memorialhermann.org&k=91D408019A869535W

GET
H/1.1 200
OK reset.css
www.paypalcredit.com/css/ 1 KB
1 KB 924ms
155ms Stylesheet
text/css 208.76.140.155
BMLCORP

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalcredit.com/css/reset.css

Requested by

Host: paypal.csharmony.epsilon.com
URL: https://paypal.csharmony.epsilon.com/Credit_Unsubscribe?e=michaele.odwyer@memorialhermann.org&k=91D408019A869535W

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

208.76.140.155 , United States, ASN30393 (BMLCORP, US),

Reverse DNS

Software

Apache /

Resource Hash

91e7fffa60ec1ce897f1c987041342a2524bc5b45d898fef8c7708cb3231b14f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paypal.csharmony.epsilon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 26 Oct 2022 20:50:43 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=15552000; includeSubDomains
Last-Modified: Mon, 18 Aug 2014 16:15:38 GMT
Server: Apache
ETag: "467-500e9ae777e80-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Content-Length: 619

GET
H/1.1 200
OK main.css
www.paypalcredit.com/css/ 7 KB
2 KB 924ms
155ms Stylesheet
text/css 208.76.140.155
BMLCORP

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalcredit.com/css/main.css

Requested by

Host: paypal.csharmony.epsilon.com
URL: https://paypal.csharmony.epsilon.com/Credit_Unsubscribe?e=michaele.odwyer@memorialhermann.org&k=91D408019A869535W

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

208.76.140.155 , United States, ASN30393 (BMLCORP, US),

Reverse DNS

Software

Apache /

Resource Hash

061a383aea8dd6baf3ddcb44183b46ef666fc023b4b892c4c80d090f8b6a5bb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paypal.csharmony.epsilon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 26 Oct 2022 20:50:43 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=15552000; includeSubDomains
Last-Modified: Tue, 13 Dec 2016 17:15:40 GMT
Server: Apache
ETag: "1d2f-5438d5e97a700-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Content-Length: 1946

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/ 118 KB
20 KB 62ms
42ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css

Requested by

Host: paypal.csharmony.epsilon.com
URL: https://paypal.csharmony.epsilon.com/Credit_Unsubscribe?e=michaele.odwyer@memorialhermann.org&k=91D408019A869535W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paypal.csharmony.epsilon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 26 Oct 2022 20:50:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 860
age: 21104554
cdn-cachedat: 02/17/2022 20:27:53
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: W/"2f624089c65f12185e79925bc5a7fc42"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 441a5c346e6138207e493340368ec0b9
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 760610da5c089a05-FRA
cdn-requestpullsuccess: True

GET
H/1.1 200
OK jquery-1.7.2.min.js Show response
www.paypalcredit.com/js/ 93 KB
33 KB 930ms
160ms Script
application/javascript 208.76.140.155
BMLCORP

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalcredit.com/js/jquery-1.7.2.min.js

Requested by

Host: paypal.csharmony.epsilon.com
URL: https://paypal.csharmony.epsilon.com/Credit_Unsubscribe?e=michaele.odwyer@memorialhermann.org&k=91D408019A869535W

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

208.76.140.155 , United States, ASN30393 (BMLCORP, US),

Reverse DNS

Software

Apache /

Resource Hash

0fb170f24675c84f8228ad6b61d69bf6705030949cc2fec316b3a006eab282f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paypal.csharmony.epsilon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 26 Oct 2022 20:50:43 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=15552000; includeSubDomains
Last-Modified: Fri, 13 Jun 2014 21:22:49 GMT
Server: Apache
ETag: "17277-4fbbe47837c40-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Content-Length: 33616

GET
H/1.1 200
OK ppcredit.js Show response
www.paypalcredit.com/js/ 1 KB
1 KB 924ms
154ms Script
application/javascript 208.76.140.155
BMLCORP

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalcredit.com/js/ppcredit.js

Requested by

Host: paypal.csharmony.epsilon.com
URL: https://paypal.csharmony.epsilon.com/Credit_Unsubscribe?e=michaele.odwyer@memorialhermann.org&k=91D408019A869535W

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

208.76.140.155 , United States, ASN30393 (BMLCORP, US),

Reverse DNS

Software

Apache /

Resource Hash

7607b32e8ad4c9aee4b26e928b79f11ecfc9be51484f613fe56fa5e0828f3a72

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paypal.csharmony.epsilon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 26 Oct 2022 20:50:43 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=15552000; includeSubDomains
Last-Modified: Wed, 02 Nov 2016 19:58:42 GMT
Server: Apache
ETag: "5a6-54056de26c080-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Content-Length: 647

GET
H2 200 baa6f0c24cb9d133d3191b0d05d815d3d58c2d.css
www.paypalobjects.com/eboxapps/css/7f/ 220 KB
38 KB 39ms
8ms Stylesheet
text/css 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/eboxapps/css/7f/baa6f0c24cb9d133d3191b0d05d815d3d58c2d.css

Requested by

Host: paypal.csharmony.epsilon.com
URL: https://paypal.csharmony.epsilon.com/Credit_Unsubscribe?e=michaele.odwyer@memorialhermann.org&k=91D408019A869535W

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CB8) /

Resource Hash

b3b5cbf48a6d4ed02493abae6c52b5ce1e91a9042a1232fd73a59c39c1a1b39c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paypal.csharmony.epsilon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 26 Oct 2022 20:50:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: d0bcb9e53eae9
dc: ccg11-origin-www-1.paypal.com
content-length: 38484
last-modified: Thu, 08 Sep 2016 22:06:55 GMT
server: ECAcc (frc/4CB8)
etag: W/"57d1e0ff-36f4e"
vary: Accept-Encoding
content-type: text/css
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
expires: Wed, 26 Oct 2022 21:50:42 GMT

GET
H2 200 fa89f17d37eb3f97e39b926835ba73c0a3fd63.css
www.paypalobjects.com/eboxapps/css/1b/ 2 KB
704 B 46ms
15ms Stylesheet
text/css 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/eboxapps/css/1b/fa89f17d37eb3f97e39b926835ba73c0a3fd63.css

Requested by

Host: paypal.csharmony.epsilon.com
URL: https://paypal.csharmony.epsilon.com/Credit_Unsubscribe?e=michaele.odwyer@memorialhermann.org&k=91D408019A869535W

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CEC) /

Resource Hash

3e08798b4612ce1d4700d2fe3c953f5b56be571619153da80e6012ccd9e8eb9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paypal.csharmony.epsilon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 26 Oct 2022 20:50:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: 5705e797dd27c
dc: ccg11-origin-www-1.paypal.com
content-length: 600
last-modified: Mon, 21 Dec 2015 23:11:11 GMT
server: ECAcc (frc/4CEC)
etag: W/"5678870f-641"
vary: Accept-Encoding
content-type: text/css
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
expires: Wed, 26 Oct 2022 21:50:42 GMT

GET
H2 200 9f6a7a811206b18807cb4e3f1f70ad8105e72e.css
www.paypalobjects.com/eboxapps/css/6d/ 14 KB
5 KB 46ms
16ms Stylesheet
text/css 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/eboxapps/css/6d/9f6a7a811206b18807cb4e3f1f70ad8105e72e.css

Requested by

Host: paypal.csharmony.epsilon.com
URL: https://paypal.csharmony.epsilon.com/Credit_Unsubscribe?e=michaele.odwyer@memorialhermann.org&k=91D408019A869535W

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CE3) /

Resource Hash

c3a22ee4672d17bf7b6fd38eb2861183160188f7d98a5af3751e4fa3ee076a25

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paypal.csharmony.epsilon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 26 Oct 2022 20:50:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: 1a4f1c62c809b
dc: ccg11-origin-www-1.paypal.com
content-length: 4707
last-modified: Wed, 28 Sep 2016 22:28:21 GMT
server: ECAcc (frc/4CE3)
etag: W/"57ec4405-3800"
vary: Accept-Encoding
content-type: text/css
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
expires: Wed, 26 Oct 2022 21:50:42 GMT

GET
H/1.1 200
OK Style_CreditUSA.css
paypal.csharmony.epsilon.com/Content/ 2 KB
2 KB 137ms
136ms Stylesheet
text/css 159.127.208.126
EPSILON-INTERACTIVE

General

Check archive.org

Show headers Download Go to

Full URL: https://paypal.csharmony.epsilon.com/Content/Style_CreditUSA.css
Requested by: Host: paypal.csharmony.epsilon.com
URL: https://paypal.csharmony.epsilon.com/Credit_Unsubscribe?e=michaele.odwyer@memorialhermann.org&k=91D408019A869535W
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 159.127.208.126 , United States, ASN19137 (EPSILON-INTERACTIVE, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 61b1bfc025ae85361358cfb2670f147786d119110b2d8a496a552c2efe12c0c4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paypal.csharmony.epsilon.com/Credit_Unsubscribe?e=michaele.odwyer@memorialhermann.org&k=91D408019A869535W
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 26 Oct 2022 20:50:42 GMT
Last-Modified: Thu, 09 Feb 2017 13:18:30 GMT
Server: Microsoft-IIS/10.0
ETag: "7a1e7f1d782d21:0"
X-Powered-By: ASP.NET
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 1592

GET
H/1.1 200
OK pp-credit-logo.png
www.paypalcredit.com/img/ 7 KB
8 KB 153ms
153ms Image
image/png 208.76.140.155
BMLCORP

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalcredit.com/img/pp-credit-logo.png

Requested by

Host: www.paypalcredit.com
URL: https://www.paypalcredit.com/css/main.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

208.76.140.155 , United States, ASN30393 (BMLCORP, US),

Reverse DNS

Software

Apache /

Resource Hash

faa96a9b8d3c5dbc31ed7fbd16200fa2f90f3af43dc68e89ac37356ce06963b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.paypalcredit.com/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 26 Oct 2022 20:50:44 GMT
Strict-Transport-Security: max-age=15552000; includeSubDomains
Last-Modified: Mon, 08 Dec 2014 18:28:15 GMT
Server: Apache
ETag: "1cb5-509b896f7adc0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=1800
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=99
Content-Length: 7349
Expires: Wed, 26 Oct 2022 21:20:44 GMT

GET
H2 200 PayPalSansBig-Regular.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ 49 KB
49 KB 41ms
19ms Font
font/woff 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/PayPalSansBig-Regular.woff

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/eboxapps/css/7f/baa6f0c24cb9d133d3191b0d05d815d3d58c2d.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CE1) /

Resource Hash

4d5c29e41277f543455e865a69634f17a2846fd001553890d5801379df3a7c47

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.paypalobjects.com/eboxapps/css/7f/baa6f0c24cb9d133d3191b0d05d815d3d58c2d.css
Origin: https://paypal.csharmony.epsilon.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 26 Oct 2022 20:50:44 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Wed, 30 Sep 2015 05:09:04 GMT
server: ECAcc (frc/4CE1)
etag: "560b6e70-c36f"
x-cache: HIT
content-type: font/woff
access-control-allow-origin: *
paypal-debug-id: 9ae178c72dde9
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
dc: ccg11-origin-www-1.paypal.com
content-length: 50031
expires: Wed, 26 Oct 2022 21:50:44 GMT

GET
H2 200 PayPalSansBig-Light.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ 48 KB
48 KB 37ms
15ms Font
font/woff 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/PayPalSansBig-Light.woff

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/eboxapps/css/7f/baa6f0c24cb9d133d3191b0d05d815d3d58c2d.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CAF) /

Resource Hash

c599c554590d1a336ffcb9627f6caaac34b6228f60e15f5f25454bff38facb7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.paypalobjects.com/eboxapps/css/7f/baa6f0c24cb9d133d3191b0d05d815d3d58c2d.css
Origin: https://paypal.csharmony.epsilon.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 26 Oct 2022 20:50:44 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-cache: HIT
paypal-debug-id: 3ec2828c13521
dc: ccg11-origin-www-1.paypal.com
content-length: 49115
last-modified: Wed, 30 Sep 2015 05:09:04 GMT
server: ECAcc (frc/4CAF)
traceparent: 00-00000000000000000003ec2828c13521-f94f77b1d64f8af3-01
etag: "560b6e70-bfdb"
content-type: font/woff
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Wed, 26 Oct 2022 21:50:44 GMT

GET
H2 200 PayPalSansSmall-Regular.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ 46 KB
47 KB 29ms
8ms Font
font/woff 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/PayPalSansSmall-Regular.woff

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/eboxapps/css/7f/baa6f0c24cb9d133d3191b0d05d815d3d58c2d.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CE2) /

Resource Hash

ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.paypalobjects.com/eboxapps/css/7f/baa6f0c24cb9d133d3191b0d05d815d3d58c2d.css
Origin: https://paypal.csharmony.epsilon.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 26 Oct 2022 20:50:44 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Wed, 30 Sep 2015 05:09:04 GMT
server: ECAcc (frc/4CE2)
etag: "560b6e70-b8eb"
x-cache: HIT
content-type: font/woff
access-control-allow-origin: *
paypal-debug-id: a957130434936
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
dc: ccg11-origin-www-1.paypal.com
content-length: 47339
expires: Wed, 26 Oct 2022 21:50:44 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			paypal.csharmony.epsilon.com/	1969-12-31 23:59:59	Name: __RequestVerificationToken Value: Qr68dBAUcVciCY1lk9Cqb-vmejfJ33Cri6NBh-Kd-LNMKhCSwGOu0kPCtzbqX6hbS7meG7ZFebYKEKjbmV2U2a8L3VmxnMHeg0ewV0GJa1s1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

epl.paypal-communication.com
maxcdn.bootstrapcdn.com
paypal.csharmony.epsilon.com
www.paypalcredit.com
www.paypalobjects.com
159.127.187.100
159.127.208.126
192.229.221.25
208.76.140.155
2606:4700::6812:bcf
061a383aea8dd6baf3ddcb44183b46ef666fc023b4b892c4c80d090f8b6a5bb4
0fb170f24675c84f8228ad6b61d69bf6705030949cc2fec316b3a006eab282f8
135daaaa867c6d3f851066b97dcc19d46ef038a044e8923d10a0ea6bffc2c290
3e08798b4612ce1d4700d2fe3c953f5b56be571619153da80e6012ccd9e8eb9b
4d5c29e41277f543455e865a69634f17a2846fd001553890d5801379df3a7c47
61b1bfc025ae85361358cfb2670f147786d119110b2d8a496a552c2efe12c0c4
7607b32e8ad4c9aee4b26e928b79f11ecfc9be51484f613fe56fa5e0828f3a72
91e7fffa60ec1ce897f1c987041342a2524bc5b45d898fef8c7708cb3231b14f
ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8
b3b5cbf48a6d4ed02493abae6c52b5ce1e91a9042a1232fd73a59c39c1a1b39c
c3a22ee4672d17bf7b6fd38eb2861183160188f7d98a5af3751e4fa3ee076a25
c599c554590d1a336ffcb9627f6caaac34b6228f60e15f5f25454bff38facb7e
eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c
faa96a9b8d3c5dbc31ed7fbd16200fa2f90f3af43dc68e89ac37356ce06963b2

paypal.csharmony.epsilon.com Open in urlscan Pro 159.127.208.126 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

20 %IPv6

5 Domains

5 Subdomains

4 IPs

1 Countries

259 kBTransfer

612 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

paypal.csharmony.epsilon.com Open in urlscan Pro
159.127.208.126 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

4
IPs

1
Countries

259 kB
Transfer

612 kB
Size

1
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!