urlscan.io logo urlscan.io
SecurityTrails logo

paypal.co.uk.centerservice.co.uk Open in urlscan Pro
92.204.220.70  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://paypal.co.uk.centerservice.co.uk/
Submission Tags: phishing malicious Search All
Submission: On December 27 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 7 HTTP transactions. The main IP is 92.204.220.70, located in Germany and belongs to GODADDY-SXB, DE. The main domain is paypal.co.uk.centerservice.co.uk.
This is the only time paypal.co.uk.centerservice.co.uk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

IP Address AS Autonomous System
4 92.204.220.70 21499 (GODADDY-SXB)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a04:4e42:3::621 54113 (FASTLY)
7 4
Domain Requested by
4 paypal.co.uk.centerservice.co.uk paypal.co.uk.centerservice.co.uk
1 cdn.jsdelivr.net paypal.co.uk.centerservice.co.uk
1 ajax.googleapis.com paypal.co.uk.centerservice.co.uk
1 stackpath.bootstrapcdn.com paypal.co.uk.centerservice.co.uk
7 4

This site contains no links.

Subject Issuer Validity Valid
*.bootstrapcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2020-09-22 -
2021-10-12		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2020-10-26 -
2021-04-17		 6 months crt.sh

This page contains 1 frames:

Primary Page: http://paypal.co.uk.centerservice.co.uk/
Frame ID: 8F0A7361114E8F1C803D8938D68D9074
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

7
Requests

43 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

110 kB
Transfer

362 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
paypal.co.uk.centerservice.co.uk/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://paypal.co.uk.centerservice.co.uk/
Protocol
HTTP/1.1
Server
92.204.220.70 , Germany, ASN21499 (GODADDY-SXB, DE),
Reverse DNS
ip-92-204-220-70.ip.secureserver.net
Software
Apache /
Resource Hash
2b12a636b3ef487a3e48094d60ace5d9b9fdc943db20fa82d25680a95d1327b1

Request headers

Host
paypal.co.uk.centerservice.co.uk
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 27 Dec 2020 20:37:23 GMT
Server
Apache
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Last-Modified
Tue, 03 Mar 2020 02:38:02 GMT
ETag
"24c0b74-aa7-59fea314f5680-gzip"
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Encoding
gzip
Content-Length
1285
Keep-Alive
timeout=5
Content-Type
text/html
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/ 		156 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css
Requested by
Host: paypal.co.uk.centerservice.co.uk
URL: http://paypal.co.uk.centerservice.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:3b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
http://paypal.co.uk.centerservice.co.uk
Referer
http://paypal.co.uk.centerservice.co.uk/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Dec 2020 20:37:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 28 Nov 2019 17:52:46 GMT
etag
"1574963566"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
23681
style.css
paypal.co.uk.centerservice.co.uk/css/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://paypal.co.uk.centerservice.co.uk/css/style.css
Requested by
Host: paypal.co.uk.centerservice.co.uk
URL: http://paypal.co.uk.centerservice.co.uk/
Protocol
HTTP/1.1
Server
92.204.220.70 , Germany, ASN21499 (GODADDY-SXB, DE),
Reverse DNS
ip-92-204-220-70.ip.secureserver.net
Software
Apache /
Resource Hash
373dfacf8d4c5efc7be66f9999182e3244301c3847def9d55babdcc34f21ac01

Request headers

Referer
http://paypal.co.uk.centerservice.co.uk/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 27 Dec 2020 20:37:23 GMT
Content-Encoding
gzip
Last-Modified
Tue, 03 Mar 2020 02:38:04 GMT
Server
Apache
ETag
"24c0b63-703-59fea316ddb00-gzip"
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
740
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.3/ 		94 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
Requested by
Host: paypal.co.uk.centerservice.co.uk
URL: http://paypal.co.uk.centerservice.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://paypal.co.uk.centerservice.co.uk/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Dec 2020 17:37:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
10831
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33507
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 27 Dec 2021 17:37:28 GMT
jquery.validate.min.js
cdn.jsdelivr.net/jquery.validation/1.16.0/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/jquery.validation/1.16.0/jquery.validate.min.js
Requested by
Host: paypal.co.uk.centerservice.co.uk
URL: http://paypal.co.uk.centerservice.co.uk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
50e497b00818378dcffe856b994f89947b620c66163768879c9b8a63d583f898
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://paypal.co.uk.centerservice.co.uk/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
3305520
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
7445
etag
W/"5a1e-IUhhlLqiLrEVX+mL969jFOd3PMc"
x-served-by
cache-fra19134-FRA
date
Sun, 27 Dec 2020 20:37:59 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
logo.png
paypal.co.uk.centerservice.co.uk/img/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://paypal.co.uk.centerservice.co.uk/img/logo.png
Requested by
Host: paypal.co.uk.centerservice.co.uk
URL: http://paypal.co.uk.centerservice.co.uk/
Protocol
HTTP/1.1
Server
92.204.220.70 , Germany, ASN21499 (GODADDY-SXB, DE),
Reverse DNS
ip-92-204-220-70.ip.secureserver.net
Software
Apache /
Resource Hash
52ad9dd17b113b22d357041d2972ee0e7e9cc7cfad03ab08ffb1c766a4ea185c

Request headers

Referer
http://paypal.co.uk.centerservice.co.uk/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 27 Dec 2020 20:37:23 GMT
Last-Modified
Tue, 03 Mar 2020 01:33:28 GMT
Server
Apache
ETag
"24c0b6e-b09-59fe94a66ca00"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
2825
Helvetica.ttf
paypal.co.uk.centerservice.co.uk/fonts/ 		83 KB
41 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://paypal.co.uk.centerservice.co.uk/fonts/Helvetica.ttf
Requested by
Host: paypal.co.uk.centerservice.co.uk
URL: http://paypal.co.uk.centerservice.co.uk/css/style.css
Protocol
HTTP/1.1
Server
92.204.220.70 , Germany, ASN21499 (GODADDY-SXB, DE),
Reverse DNS
ip-92-204-220-70.ip.secureserver.net
Software
Apache /
Resource Hash
3c3c9afbbd6fcbeb227957362d6f475a695e4d44775611b6f637c7d9c4b2dd76

Request headers

Origin
http://paypal.co.uk.centerservice.co.uk
Referer
http://paypal.co.uk.centerservice.co.uk/css/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 27 Dec 2020 20:37:23 GMT
Content-Encoding
gzip
Last-Modified
Tue, 03 Mar 2020 01:33:26 GMT
Server
Apache
ETag
"24c0b66-14bf0-59fe94a484580-gzip"
Vary
Accept-Encoding,User-Agent
Content-Type
font/ttf
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
41613

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery

0 Cookies