ericajohansson.se Open in urlscan Pro
2a00:16d8:2:200::20 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php
Submission: On September 02 via automatic, source openphish (September 2nd 2017, 12:56:18 pm UTC)

Summary HTTP 14 Redirects Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 14 HTTP transactions. The main IP is 2a00:16d8:2:200::20, located in Sweden and belongs to CNHAB, SE. The main domain is ericajohansson.se.

This is the only time ericajohansson.se was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address		AS Autonomous System
11	2a00:16d8:2:2... 2a00:16d8:2:200::20		42695 (CNHAB) (CNHAB)
3	92.123.92.235 92.123.92.235		20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
14	2

11 2a00:16d8:2:200::20 (Sweden)

ASN42695 (CNHAB, SE)

ericajohansson.se	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 92.123.92.235 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a92-123-92-235.deploy.akamaitechnologies.com

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	ericajohansson.se ericajohansson.se	193 KB
3	paypalobjects.com www.paypalobjects.com	108 KB
14	2

	Domain	Requested by
11	ericajohansson.se	ericajohansson.se
3	www.paypalobjects.com	ericajohansson.se
14	2

This site contains no links.

Subject Issuer	Validity	Valid
www.paypalobjects.com Symantec Class 3 EV SSL CA - G3	`2017-07-11` - `2019-09-02`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php
Frame ID: 23308.1
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Ubuntu (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Ubuntu/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /.*Varnish/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

RequireJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

script /require.*\.js/i

Page Statistics

14
Requests

21 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

302 kB
Transfer

1104 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request activity.php Show response ericajohansson.se/PayPal/64c9c5f29/safe/	5 KB 2 KB	1367ms 1262ms	Document text/html	2a00:16d8:2:200::20 CNHAB
General Check archive.org Show headers Download Go to Full URL http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php Protocol HTTP/1.1 Server 2a00:16d8:2:200::20 , Sweden, ASN42695 (CNHAB, SE), Reverse DNS Software Apache/2.4.25 (Ubuntu) / Resource Hash `167cff9ae31ac517ed8d8ae8020075f4c953b475a3d583d6c48285a1c2c6a2d3` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Pragma no-cache Date Sat, 02 Sep 2017 12:56:08 GMT Content-Encoding gzip Server Apache/2.4.25 (Ubuntu) Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Age 0 Vary Accept-Encoding Content-Type text/html; charset=UTF-8 Via 1.1 varnish X-Cache-Hit MISS X-Varnish 226798367 Connection keep-alive Accept-Ranges bytes Content-Length 1812 Expires Thu, 19 Nov 1981 08:52:00 GMT
GET H/1.1	200 OK	app.css ericajohansson.se/PayPal/64c9c5f29/safe/files/	172 KB 27 KB	57ms 57ms	Stylesheet text/css	2a00:16d8:2:200::20 CNHAB
General Check archive.org Show headers Download Go to Full URL http://ericajohansson.se/PayPal/64c9c5f29/safe/files/app.css Requested by Host: ericajohansson.se URL: http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php Protocol HTTP/1.1 Server 2a00:16d8:2:200::20 , Sweden, ASN42695 (CNHAB, SE), Reverse DNS Software Apache/2.4.25 (Ubuntu) / Resource Hash `a8984df4e076ee9c2741bd409c048895c2ec2e06d32532830e172b13de5f2ab0` Request headers Referer http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sat, 02 Sep 2017 12:56:08 GMT Content-Encoding gzip Last-Modified Mon, 28 Aug 2017 08:21:30 GMT Server Apache/2.4.25 (Ubuntu) Age 0 ETag "2b013-557cbfb57444f-gzip" Vary Accept-Encoding Content-Type text/css Via 1.1 varnish X-Cache-Hit MISS X-Varnish 226798462 Connection keep-alive Accept-Ranges bytes, bytes Content-Length 27647
GET H/1.1	200 OK	app.js Show response ericajohansson.se/PayPal/64c9c5f29/safe/files/	382 KB 107 KB	123ms 81ms	Script application/javascript	2a00:16d8:2:200::20 CNHAB
General Check archive.org Show headers Download Go to Full URL http://ericajohansson.se/PayPal/64c9c5f29/safe/files/app.js Requested by Host: ericajohansson.se URL: http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php Protocol HTTP/1.1 Server 2a00:16d8:2:200::20 , Sweden, ASN42695 (CNHAB, SE), Reverse DNS Software Apache/2.4.25 (Ubuntu) / Resource Hash `a21ff263f7734e004c8c482dfa12a6dcea8ad3973d16d8f8d74cce382d9f7f22` Request headers Referer http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sat, 02 Sep 2017 12:56:08 GMT Content-Encoding gzip Last-Modified Mon, 28 Aug 2017 08:21:30 GMT Server Apache/2.4.25 (Ubuntu) Age 0 ETag "5f773-557cbfb57662a-gzip" Vary Accept-Encoding Content-Type application/javascript Via 1.1 varnish X-Cache-Hit MISS X-Varnish 226798469 Connection keep-alive Accept-Ranges bytes, bytes Content-Length 109976
GET H/1.1	200 OK	config.js Show response ericajohansson.se/PayPal/64c9c5f29/safe/files/	600 B 318 B	90ms 42ms	Script application/javascript	2a00:16d8:2:200::20 CNHAB
General Check archive.org Show headers Download Go to Full URL http://ericajohansson.se/PayPal/64c9c5f29/safe/files/config.js Requested by Host: ericajohansson.se URL: http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php Protocol HTTP/1.1 Server 2a00:16d8:2:200::20 , Sweden, ASN42695 (CNHAB, SE), Reverse DNS Software Apache/2.4.25 (Ubuntu) / Resource Hash `05b3965cbe7889bbba309939196020bc0d3d935a5d185d82f7df429f389f9696` Request headers Referer http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sat, 02 Sep 2017 12:56:08 GMT Content-Encoding gzip Last-Modified Mon, 28 Aug 2017 08:21:30 GMT Server Apache/2.4.25 (Ubuntu) Age 0 ETag "258-557cbfb57574c-gzip" Vary Accept-Encoding Content-Type application/javascript Via 1.1 varnish X-Cache-Hit MISS X-Varnish 226798479 Connection keep-alive Accept-Ranges bytes, bytes Content-Length 318
GET H/1.1	200 OK	activity.js Show response ericajohansson.se/PayPal/64c9c5f29/safe/files/	1 B 1 B	125ms 44ms	Script application/javascript	2a00:16d8:2:200::20 CNHAB
General Check archive.org Show headers Download Go to Full URL http://ericajohansson.se/PayPal/64c9c5f29/safe/files/activity.js Requested by Host: ericajohansson.se URL: http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php Protocol HTTP/1.1 Server 2a00:16d8:2:200::20 , Sweden, ASN42695 (CNHAB, SE), Reverse DNS Software Apache/2.4.25 (Ubuntu) / Resource Hash `41b805ea7ac014e23556e98bb374702a08344268f92489a02f0880849394a1e4` Request headers Referer http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sat, 02 Sep 2017 12:56:08 GMT Via 1.1 varnish Last-Modified Mon, 28 Aug 2017 08:21:30 GMT Server Apache/2.4.25 (Ubuntu) Age 0 ETag "1-557cbfb574789" X-Varnish 226798481 X-Cache-Hit MISS Connection keep-alive Accept-Ranges bytes, bytes Content-Type application/javascript Content-Length 1
GET H/1.1	200 OK	logo_paypal_106x29.png ericajohansson.se/PayPal/64c9c5f29/safe/files/	5 KB 5 KB	57ms 42ms	Image image/png	2a00:16d8:2:200::20 CNHAB
General Check archive.org Show headers Download Go to Show image Full URL http://ericajohansson.se/PayPal/64c9c5f29/safe/files/logo_paypal_106x29.png Requested by Host: ericajohansson.se URL: http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php Protocol HTTP/1.1 Server 2a00:16d8:2:200::20 , Sweden, ASN42695 (CNHAB, SE), Reverse DNS Software Apache/2.4.25 (Ubuntu) / Resource Hash `ab39e6288837a25d62b740906db369081f38978b23570148c28ed41f509d4fe2` Request headers Referer http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sat, 02 Sep 2017 12:56:08 GMT Via 1.1 varnish Last-Modified Mon, 28 Aug 2017 08:21:30 GMT Server Apache/2.4.25 (Ubuntu) Age 0 ETag "125b-557cbfb575a84" X-Varnish 226798475 X-Cache-Hit MISS Connection keep-alive Accept-Ranges bytes, bytes Content-Type image/png Content-Length 4699
GET H/1.1	200 OK	peek-shield-logo.png ericajohansson.se/PayPal/64c9c5f29/safe/files/	4 KB 4 KB	66ms 51ms	Image image/png	2a00:16d8:2:200::20 CNHAB
General Check archive.org Show headers Download Go to Show image Full URL http://ericajohansson.se/PayPal/64c9c5f29/safe/files/peek-shield-logo.png Requested by Host: ericajohansson.se URL: http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php Protocol HTTP/1.1 Server 2a00:16d8:2:200::20 , Sweden, ASN42695 (CNHAB, SE), Reverse DNS Software Apache/2.4.25 (Ubuntu) / Resource Hash `6c24e9fc3844d713e81e8182d435b1ec16df0b291e559742c5842f995b2e0498` Request headers Referer http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sat, 02 Sep 2017 12:56:08 GMT Via 1.1 varnish Last-Modified Mon, 28 Aug 2017 08:21:30 GMT Server Apache/2.4.25 (Ubuntu) Age 0 ETag "1158-557cbfb5751e3" X-Varnish 226798476 X-Cache-Hit MISS Connection keep-alive Accept-Ranges bytes, bytes Content-Type image/png Content-Length 4440
GET H/1.1	200 OK	require-spinner.js Show response ericajohansson.se/PayPal/64c9c5f29/safe/files/	6 KB 3 KB	78ms 45ms	Script application/javascript	2a00:16d8:2:200::20 CNHAB
General Check archive.org Show headers Download Go to Full URL http://ericajohansson.se/PayPal/64c9c5f29/safe/files/require-spinner.js Requested by Host: ericajohansson.se URL: http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php Protocol HTTP/1.1 Server 2a00:16d8:2:200::20 , Sweden, ASN42695 (CNHAB, SE), Reverse DNS Software Apache/2.4.25 (Ubuntu) / Resource Hash `9c0821da2aee265221ce1c392604dd4b0901e2f671b87c6c7d141e8f698d4ca7` Request headers Referer http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sat, 02 Sep 2017 12:56:08 GMT Content-Encoding gzip Last-Modified Mon, 28 Aug 2017 08:21:30 GMT Server Apache/2.4.25 (Ubuntu) Age 0 ETag "16d4-557cbfb574d1d-gzip" Vary Accept-Encoding Content-Type application/javascript Via 1.1 varnish X-Cache-Hit MISS X-Varnish 226798468 Connection keep-alive Accept-Ranges bytes, bytes Content-Length 2722
GET H/1.1	200 OK	require.js Show response ericajohansson.se/PayPal/64c9c5f29/safe/files/	15 KB 6 KB	48ms 47ms	Script application/javascript	2a00:16d8:2:200::20 CNHAB
General Check archive.org Show headers Download Go to Full URL http://ericajohansson.se/PayPal/64c9c5f29/safe/files/require.js Requested by Host: ericajohansson.se URL: http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php Protocol HTTP/1.1 Server 2a00:16d8:2:200::20 , Sweden, ASN42695 (CNHAB, SE), Reverse DNS Software Apache/2.4.25 (Ubuntu) / Resource Hash `c007d73792ac2d25882bfbb573e700e721a0adacfab947e6a0b64a61991fecf0` Request headers Referer http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sat, 02 Sep 2017 12:56:08 GMT Content-Encoding gzip Last-Modified Mon, 28 Aug 2017 08:21:30 GMT Server Apache/2.4.25 (Ubuntu) Age 0 ETag "3a06-557cbfb5754f0-gzip" Vary Accept-Encoding Content-Type application/javascript Via 1.1 varnish X-Cache-Hit MISS X-Varnish 226798472 Connection keep-alive Accept-Ranges bytes, bytes Content-Length 5999
GET H/1.1	200 OK	pp_jscode_080706.js Show response ericajohansson.se/PayPal/64c9c5f29/safe/files/	60 KB 22 KB	50ms 50ms	Script application/javascript	2a00:16d8:2:200::20 CNHAB
General Check archive.org Show headers Download Go to Full URL http://ericajohansson.se/PayPal/64c9c5f29/safe/files/pp_jscode_080706.js Requested by Host: ericajohansson.se URL: http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php Protocol HTTP/1.1 Server 2a00:16d8:2:200::20 , Sweden, ASN42695 (CNHAB, SE), Reverse DNS Software Apache/2.4.25 (Ubuntu) / Resource Hash `18c9428f5ed837e027c6fcf29afe9d1f63a1e1e5b53ee1dc6373cf1cd1ea22aa` Request headers Referer http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sat, 02 Sep 2017 12:56:08 GMT Content-Encoding gzip Last-Modified Mon, 28 Aug 2017 08:21:30 GMT Server Apache/2.4.25 (Ubuntu) Age 0 ETag "ef25-557cbfb575e1a-gzip" Vary Accept-Encoding Content-Type application/javascript Via 1.1 varnish X-Cache-Hit MISS X-Varnish 226798473 Connection keep-alive Accept-Ranges bytes, bytes Content-Length 22879
GET H/1.1	200 OK	pa.js Show response ericajohansson.se/PayPal/64c9c5f29/safe/files/	74 KB 17 KB	91ms 53ms	Script application/javascript	2a00:16d8:2:200::20 CNHAB
General Check archive.org Show headers Download Go to Full URL http://ericajohansson.se/PayPal/64c9c5f29/safe/files/pa.js Requested by Host: ericajohansson.se URL: http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php Protocol HTTP/1.1 Server 2a00:16d8:2:200::20 , Sweden, ASN42695 (CNHAB, SE), Reverse DNS Software Apache/2.4.25 (Ubuntu) / Resource Hash `92186333ed540d15e6d401b6ff62b195337fb336c64796e458dfe2850f2429ef` Request headers Referer http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sat, 02 Sep 2017 12:56:08 GMT Content-Encoding gzip Last-Modified Mon, 28 Aug 2017 08:21:30 GMT Server Apache/2.4.25 (Ubuntu) Age 0 ETag "12670-557cbfb574ac1-gzip" Vary Accept-Encoding Content-Type application/javascript Via 1.1 varnish X-Cache-Hit MISS X-Varnish 226798477 Connection keep-alive Accept-Ranges bytes, bytes Content-Length 17332
GET S	200	app.js Show response www.paypalobjects.com/web/res/9ee/1202e2fd95aae52897c7f75a14f71/js/	382 KB 108 KB	33ms 13ms	Script application/x-javascript	92.123.92.235 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www.paypalobjects.com/web/res/9ee/1202e2fd95aae52897c7f75a14f71/js/app.js Requested by Host: ericajohansson.se URL: http://ericajohansson.se/PayPal/64c9c5f29/safe/files/require.js Protocol SPDY Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.123.92.235 , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a92-123-92-235.deploy.akamaitechnologies.com Software Apache / Resource Hash `a21ff263f7734e004c8c482dfa12a6dcea8ad3973d16d8f8d74cce382d9f7f22` Request headers Referer http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers date Sat, 02 Sep 2017 12:56:08 GMT x-pad avoid browser bug last-modified Tue, 27 Sep 2016 09:35:40 GMT server Apache vary Accept-Encoding content-type application/x-javascript status 200 cache-control max-age=7776000 accept-ranges bytes content-encoding gzip expires Fri, 01 Dec 2017 12:56:08 GMT
GET S	200	config.js Show response www.paypalobjects.com/web/res/9ee/1202e2fd95aae52897c7f75a14f71/js/	600 B 618 B	26ms 6ms	Script application/x-javascript	92.123.92.235 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www.paypalobjects.com/web/res/9ee/1202e2fd95aae52897c7f75a14f71/js/config.js Requested by Host: ericajohansson.se URL: http://ericajohansson.se/PayPal/64c9c5f29/safe/files/require.js Protocol SPDY Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.123.92.235 , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a92-123-92-235.deploy.akamaitechnologies.com Software Apache / Resource Hash `05b3965cbe7889bbba309939196020bc0d3d935a5d185d82f7df429f389f9696` Request headers Referer http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers date Sat, 02 Sep 2017 12:56:08 GMT last-modified Tue, 27 Sep 2016 09:35:40 GMT server Apache vary Accept-Encoding content-type application/x-javascript status 200 cache-control max-age=7776000 accept-ranges bytes content-length 600 expires Fri, 01 Dec 2017 12:56:08 GMT
GET S	200	activity.js Show response www.paypalobjects.com/web/res/9ee/1202e2fd95aae52897c7f75a14f71/js/view/s12n/ato/	1 B 19 B	6ms 6ms	Script application/x-javascript	92.123.92.235 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www.paypalobjects.com/web/res/9ee/1202e2fd95aae52897c7f75a14f71/js/view/s12n/ato/activity.js Requested by Host: ericajohansson.se URL: http://ericajohansson.se/PayPal/64c9c5f29/safe/files/require.js Protocol SPDY Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.123.92.235 , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a92-123-92-235.deploy.akamaitechnologies.com Software Apache / Resource Hash `41b805ea7ac014e23556e98bb374702a08344268f92489a02f0880849394a1e4` Request headers Referer http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers date Sat, 02 Sep 2017 12:56:08 GMT last-modified Tue, 27 Sep 2016 09:35:53 GMT server Apache vary Accept-Encoding content-type application/x-javascript status 200 cache-control max-age=7776000 accept-ranges bytes content-length 1 expires Fri, 01 Dec 2017 12:56:08 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.ericajohansson.se/	1970-01-01 00:00:00	Name: s_sess Value: %20s_ppv%3D100%3B
			ericajohansson.se/	1970-01-01 00:00:00	Name: PHPSESSID Value: 5itd4duurqiod3mgqah8cp6ep3

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: http://ericajohansson.se/PayPal/64c9c5f29/safe/activity.php(Line 90) Message: view/s12n/ato/activity loaded.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ericajohansson.se
www.paypalobjects.com
2a00:16d8:2:200::20
92.123.92.235
05b3965cbe7889bbba309939196020bc0d3d935a5d185d82f7df429f389f9696
167cff9ae31ac517ed8d8ae8020075f4c953b475a3d583d6c48285a1c2c6a2d3
18c9428f5ed837e027c6fcf29afe9d1f63a1e1e5b53ee1dc6373cf1cd1ea22aa
41b805ea7ac014e23556e98bb374702a08344268f92489a02f0880849394a1e4
6c24e9fc3844d713e81e8182d435b1ec16df0b291e559742c5842f995b2e0498
92186333ed540d15e6d401b6ff62b195337fb336c64796e458dfe2850f2429ef
9c0821da2aee265221ce1c392604dd4b0901e2f671b87c6c7d141e8f698d4ca7
a21ff263f7734e004c8c482dfa12a6dcea8ad3973d16d8f8d74cce382d9f7f22
a8984df4e076ee9c2741bd409c048895c2ec2e06d32532830e172b13de5f2ab0
ab39e6288837a25d62b740906db369081f38978b23570148c28ed41f509d4fe2
c007d73792ac2d25882bfbb573e700e721a0adacfab947e6a0b64a61991fecf0