pay.afterpay.nl Open in urlscan Pro
134.213.78.148 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://mijn.afterpay.be/betalen/m/0853bfda-502c-4e50-98b2-30b76777b207?origin=MAIL
Effective URL:
https://pay.afterpay.nl/
Submission: On June 18 via api (June 18th 2020, 3:56:48 am UTC) from BE

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 14 HTTP transactions. The main IP is 134.213.78.148, located in United Kingdom and belongs to RACKSPACE-LON, GB. The main domain is pay.afterpay.nl.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on February 20th 2020. Valid for: 2 years.

This is the only time pay.afterpay.nl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 1	134.213.165.188 134.213.165.188	15395 (RACKSPACE...) (RACKSPACE-LON)
10	134.213.78.148 134.213.78.148	15395 (RACKSPACE...) (RACKSPACE-LON)
1	2a00:1450:400... 2a00:1450:4001:814::200a	15169 (GOOGLE) (GOOGLE)
3	134.213.237.172 134.213.237.172	15395 (RACKSPACE...) (RACKSPACE-LON)
14	4

1 134.213.165.188 (United Kingdom) 1 redirects

ASN15395 (RACKSPACE-LON, GB)

mijn.afterpay.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 134.213.78.148 (United Kingdom)

ASN15395 (RACKSPACE-LON, GB)

pay.afterpay.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:814::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 134.213.237.172 (United Kingdom)

ASN15395 (RACKSPACE-LON, GB)

api.arvatofinance.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	afterpay.nl pay.afterpay.nl	1 MB
3	arvatofinance.nl api.arvatofinance.nl	20 KB
1	googleapis.com fonts.googleapis.com	465 B
1	afterpay.be 1 redirects mijn.afterpay.be	655 B
14	4

	Domain	Requested by
10	pay.afterpay.nl	pay.afterpay.nl
3	api.arvatofinance.nl	pay.afterpay.nl
1	fonts.googleapis.com	pay.afterpay.nl
1	mijn.afterpay.be	1 redirects
14	4

This site contains no links.

Subject Issuer	Validity	Valid
*.afterpay.nl GlobalSign RSA OV SSL CA 2018	`2020-02-20` - `2022-05-12`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2020-05-26` - `2020-08-18`	3 months	crt.sh
*.arvatofinance.nl Trust Provider B.V. TLS RSA CA G1	`2019-11-01` - `2021-12-30`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://pay.afterpay.nl/
Frame ID: 7313F5BA0208944F9EB6465B7E60FE6F
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://mijn.afterpay.be/betalen/m/0853bfda-502c-4e50-98b2-30b76777b207?origin=MAIL HTTP 302
https://pay.afterpay.nl/ Page URL

Detected technologies

UNIX (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Unix/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

14
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

1195 kB
Transfer

1203 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://mijn.afterpay.be/betalen/m/0853bfda-502c-4e50-98b2-30b76777b207?origin=MAIL HTTP 302
https://pay.afterpay.nl/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
pay.afterpay.nl/
Redirect Chain

https://mijn.afterpay.be/betalen/m/0853bfda-502c-4e50-98b2-30b76777b207?origin=MAIL
https://pay.afterpay.nl/

769 B
1 KB

120ms
24ms

Document
text/html

134.213.78.148
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL: https://pay.afterpay.nl/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 134.213.78.148 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),
Reverse DNS
Software: Apache/2.4.43 (Unix) /
Resource Hash: 182dc63f37d4a980ab542be24f76496164fa1fa51bf92478fd794ee72150d480

Request headers

Host: pay.afterpay.nl
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 18 Jun 2020 03:56:32 GMT
Server: Apache/2.4.43 (Unix)
Last-Modified: Wed, 06 May 2020 12:37:22 GMT
ETag: "301-5a4fa06896480"
Accept-Ranges: bytes
Content-Length: 769
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

Redirect headers

Server: Apache-Coyote/1.1
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Date: Thu, 18 Jun 2020 03:56:32 GMT
Location: https://pay.afterpay.nl/#/betalen/ebd2a6b1-73d8-41cc-b702-5450b4ee3376/64029fb8-f610-49e1-a801-034d65437287/be
Expires: 0
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Language: nl-NL
X-Content-Type-Options: nosniff
Set-Cookie: X-Mapping-fjhppofk=C209AC47C50632C5AA44CD52B6A27592; path=/ JSESSIONID=B22BCED86B99C6AE5216BEEDC7546EB6; Path=/; Secure; HttpOnly
X-Frame-Options: DENY
Content-Length: 0

GET
H2 200 icon
fonts.googleapis.com/ 574 B
465 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:814::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons

Requested by

Host: pay.afterpay.nl
URL: https://pay.afterpay.nl/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2f69acface5a975851bd8e100b7d2718c3791b90ab8321ca568748e6dd98d167

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.afterpay.nl/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-28=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 18 Jun 2020 03:56:32 GMT
server: ESF
date: Thu, 18 Jun 2020 03:56:32 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 18 Jun 2020 03:56:32 GMT

GET
H/1.1 200
OK styles.db9f2e2c59687ee9cd4a.css
pay.afterpay.nl/ 237 KB
237 KB 24ms
23ms Stylesheet
text/css 134.213.78.148
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL: https://pay.afterpay.nl/styles.db9f2e2c59687ee9cd4a.css
Requested by: Host: pay.afterpay.nl
URL: https://pay.afterpay.nl/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 134.213.78.148 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),
Reverse DNS
Software: Apache/2.4.43 (Unix) /
Resource Hash: e8916e2521f00bd35d4456e1b45859a823987134bd7004e633de4bad2d05e627

Request headers

Referer: https://pay.afterpay.nl/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 18 Jun 2020 03:56:32 GMT
Last-Modified: Wed, 06 May 2020 12:37:22 GMT
Server: Apache/2.4.43 (Unix)
ETag: "3b4d6-5a4fa06896480"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 242902

GET
H/1.1 200
OK runtime.ec2944dd8b20ec099bf3.js Show response
pay.afterpay.nl/ 1 KB
2 KB 71ms
27ms Script
application/javascript 134.213.78.148
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL: https://pay.afterpay.nl/runtime.ec2944dd8b20ec099bf3.js
Requested by: Host: pay.afterpay.nl
URL: https://pay.afterpay.nl/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 134.213.78.148 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),
Reverse DNS
Software: Apache/2.4.43 (Unix) /
Resource Hash: eb3d5f2600910179bef8b0709214b7c721ea66e92ebb35bc282264beb2631eaf

Request headers

Referer: https://pay.afterpay.nl/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 18 Jun 2020 03:56:32 GMT
Last-Modified: Wed, 06 May 2020 12:37:22 GMT
Server: Apache/2.4.43 (Unix)
ETag: "5a0-5a4fa06896480"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1440

GET
H/1.1 200
OK polyfills.21e94ee6001515a6523e.js Show response
pay.afterpay.nl/ 90 KB
90 KB 88ms
43ms Script
application/javascript 134.213.78.148
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL: https://pay.afterpay.nl/polyfills.21e94ee6001515a6523e.js
Requested by: Host: pay.afterpay.nl
URL: https://pay.afterpay.nl/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 134.213.78.148 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),
Reverse DNS
Software: Apache/2.4.43 (Unix) /
Resource Hash: e404db825cdf30ab6339db6d2fdb23fb48546321336a5761ec2f1fc6a8f0d659

Request headers

Referer: https://pay.afterpay.nl/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 18 Jun 2020 03:56:32 GMT
Last-Modified: Wed, 06 May 2020 12:37:22 GMT
Server: Apache/2.4.43 (Unix)
ETag: "16611-5a4fa06896480"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 91665

GET
H/1.1 200
OK main.f892b992750f9581d31e.js Show response
pay.afterpay.nl/ 697 KB
697 KB 71ms
25ms Script
application/javascript 134.213.78.148
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL: https://pay.afterpay.nl/main.f892b992750f9581d31e.js
Requested by: Host: pay.afterpay.nl
URL: https://pay.afterpay.nl/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 134.213.78.148 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),
Reverse DNS
Software: Apache/2.4.43 (Unix) /
Resource Hash: 7138cbd697728dc36bcff83209770cddb289d57a659808d680a58fdc73c38374

Request headers

Referer: https://pay.afterpay.nl/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 18 Jun 2020 03:56:32 GMT
Last-Modified: Wed, 06 May 2020 12:37:22 GMT
Server: Apache/2.4.43 (Unix)
ETag: "ae403-5a4fa06896480"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 713731

GET
H/1.1 200
OK nl.json Show response
pay.afterpay.nl/assets/i18n/ 3 KB
3 KB 26ms
25ms XHR
application/json 134.213.78.148
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL: https://pay.afterpay.nl/assets/i18n/nl.json
Requested by: Host: pay.afterpay.nl
URL: https://pay.afterpay.nl/polyfills.21e94ee6001515a6523e.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 134.213.78.148 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),
Reverse DNS
Software: Apache/2.4.43 (Unix) /
Resource Hash: 0821b3e429b4f849402ab33747841263e4722e3d65cc4f2d32cc4a4f4a399153

Request headers

Accept: application/json, text/plain, */*
Referer: https://pay.afterpay.nl/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 18 Jun 2020 03:56:33 GMT
Last-Modified: Wed, 06 May 2020 12:37:22 GMT
Server: Apache/2.4.43 (Unix)
ETag: "b8a-5a4fa06896480"
Content-Type: application/json
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2954

GET
H/1.1 200 info Show response
api.arvatofinance.nl/api/v1/web/contract/ebd2a6b1-73d8-41cc-b702-5450b4ee3376/transaction/64029fb8-f610-49e1-a801-034d65437287/ 385 B
847 B 258ms
155ms XHR
application/json 134.213.237.172
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL

https://api.arvatofinance.nl/api/v1/web/contract/ebd2a6b1-73d8-41cc-b702-5450b4ee3376/transaction/64029fb8-f610-49e1-a801-034d65437287/info

Requested by

Host: pay.afterpay.nl
URL: https://pay.afterpay.nl/polyfills.21e94ee6001515a6523e.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

134.213.237.172 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Resource Hash

14a452061abbf73b606204bb1e5455a09ac5acb6cc171d023d6f20a645c11898

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://pay.afterpay.nl/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 18 Jun 2020 03:56:33 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Access-Control-Allow-Origin, Access-Control-Allow-Credentials
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Transfer-Encoding: chunked
Vary: Origin
X-XSS-Protection: 1; mode=block
Expires: 0

GET
H/1.1 200 paymentoption Show response
api.arvatofinance.nl/api/v1/web/contract/ebd2a6b1-73d8-41cc-b702-5450b4ee3376/ 500 B
962 B 171ms
68ms XHR
application/json 134.213.237.172
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL

https://api.arvatofinance.nl/api/v1/web/contract/ebd2a6b1-73d8-41cc-b702-5450b4ee3376/paymentoption

Requested by

Host: pay.afterpay.nl
URL: https://pay.afterpay.nl/polyfills.21e94ee6001515a6523e.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

134.213.237.172 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Resource Hash

2e599abb827e230fd5424c521b47c2fe5a4ec5553e7ad9590ad5b5b80a47c79d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://pay.afterpay.nl/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 18 Jun 2020 03:56:32 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Access-Control-Allow-Origin, Access-Control-Allow-Credentials
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Transfer-Encoding: chunked
Vary: Origin
X-XSS-Protection: 1; mode=block
Expires: 0

GET
H/1.1 200 preferences Show response
api.arvatofinance.nl/api/v1/web/contract/ebd2a6b1-73d8-41cc-b702-5450b4ee3376/ 18 KB
18 KB 246ms
142ms XHR
application/json 134.213.237.172
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL

https://api.arvatofinance.nl/api/v1/web/contract/ebd2a6b1-73d8-41cc-b702-5450b4ee3376/preferences

Requested by

Host: pay.afterpay.nl
URL: https://pay.afterpay.nl/polyfills.21e94ee6001515a6523e.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

134.213.237.172 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Resource Hash

02376b4f9f46e44f530a05d61d0d55fb9a7088d59c7af1760016f6077275ff48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://pay.afterpay.nl/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 18 Jun 2020 03:56:32 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Access-Control-Allow-Origin, Access-Control-Allow-Credentials
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Transfer-Encoding: chunked
Vary: Origin
X-XSS-Protection: 1; mode=block
Expires: 0

GET
H/1.1 200
OK poppins-v5-latin-regular.woff2
pay.afterpay.nl/assets/fonts/Poppins/ 8 KB
8 KB 28ms
27ms Font
font/woff2 134.213.78.148
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL: https://pay.afterpay.nl/assets/fonts/Poppins/poppins-v5-latin-regular.woff2
Requested by: Host: pay.afterpay.nl
URL: https://pay.afterpay.nl/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 134.213.78.148 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),
Reverse DNS
Software: Apache/2.4.43 (Unix) /
Resource Hash: 44bae3586c48283835d9e8155b181de3f59c660b72e3a2b3f2ccb1c0ee618487

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://pay.afterpay.nl/styles.db9f2e2c59687ee9cd4a.css
Origin: https://pay.afterpay.nl

Response headers

Date: Thu, 18 Jun 2020 03:56:33 GMT
Last-Modified: Wed, 06 May 2020 12:37:22 GMT
Server: Apache/2.4.43 (Unix)
ETag: "1ee0-5a4fa06896480"
Content-Type: font/woff2
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 7904

GET
H/1.1 200
OK nl.e336d50a0531bb958fa9.svg
pay.afterpay.nl/ 364 B
651 B 24ms
24ms Image
image/svg+xml 134.213.78.148
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pay.afterpay.nl/nl.e336d50a0531bb958fa9.svg
Requested by: Host: pay.afterpay.nl
URL: https://pay.afterpay.nl/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 134.213.78.148 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),
Reverse DNS
Software: Apache/2.4.43 (Unix) /
Resource Hash: 7a8cedd29fcafb1961c0e8a19f2aecc7b4464a774ffc817ef3324b2a1082f1d7

Request headers

Referer: https://pay.afterpay.nl/styles.db9f2e2c59687ee9cd4a.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 18 Jun 2020 03:56:33 GMT
Last-Modified: Wed, 06 May 2020 12:37:22 GMT
Server: Apache/2.4.43 (Unix)
ETag: "16c-5a4fa06896480"
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 364

GET
H/1.1 200
OK bancontact-logo.png
pay.afterpay.nl/assets/images/ 60 KB
60 KB 28ms
27ms Image
image/png 134.213.78.148
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pay.afterpay.nl/assets/images/bancontact-logo.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 134.213.78.148 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),
Reverse DNS
Software: Apache/2.4.43 (Unix) /
Resource Hash: 550f730c219c972437a9d8d93c9a5208d1be0975bad2a1927cff3ab417deaf61

Request headers

Referer: https://pay.afterpay.nl/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 18 Jun 2020 03:56:33 GMT
Last-Modified: Wed, 06 May 2020 12:37:22 GMT
Server: Apache/2.4.43 (Unix)
ETag: "eed2-5a4fa06896480"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 61138

GET
H/1.1 200
OK fontawesome-webfont.af7ae505a9eed503f8b8.woff2
pay.afterpay.nl/ 75 KB
76 KB 26ms
26ms Font
font/woff2 134.213.78.148
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL: https://pay.afterpay.nl/fontawesome-webfont.af7ae505a9eed503f8b8.woff2?v=4.7.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 134.213.78.148 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),
Reverse DNS
Software: Apache/2.4.43 (Unix) /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://pay.afterpay.nl/styles.db9f2e2c59687ee9cd4a.css
Origin: https://pay.afterpay.nl

Response headers

Date: Thu, 18 Jun 2020 03:56:33 GMT
Last-Modified: Wed, 06 May 2020 12:37:22 GMT
Server: Apache/2.4.43 (Unix)
ETag: "12d68-5a4fa06896480"
Content-Type: font/woff2
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 77160

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2cfaa9a65e23e38991c8de1cfaa40dc87ee12e86827b1e97020995c411790f10

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 8 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b9538468061f04349d24bde4c0239fa4504e7420bd40ccf8c273457bf5b2a86a

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

38 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.arvatofinance.nl
fonts.googleapis.com
mijn.afterpay.be
pay.afterpay.nl
134.213.165.188
134.213.237.172
134.213.78.148
2a00:1450:4001:814::200a
02376b4f9f46e44f530a05d61d0d55fb9a7088d59c7af1760016f6077275ff48
0821b3e429b4f849402ab33747841263e4722e3d65cc4f2d32cc4a4f4a399153
14a452061abbf73b606204bb1e5455a09ac5acb6cc171d023d6f20a645c11898
182dc63f37d4a980ab542be24f76496164fa1fa51bf92478fd794ee72150d480
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2cfaa9a65e23e38991c8de1cfaa40dc87ee12e86827b1e97020995c411790f10
2e599abb827e230fd5424c521b47c2fe5a4ec5553e7ad9590ad5b5b80a47c79d
2f69acface5a975851bd8e100b7d2718c3791b90ab8321ca568748e6dd98d167
44bae3586c48283835d9e8155b181de3f59c660b72e3a2b3f2ccb1c0ee618487
550f730c219c972437a9d8d93c9a5208d1be0975bad2a1927cff3ab417deaf61
7138cbd697728dc36bcff83209770cddb289d57a659808d680a58fdc73c38374
7a8cedd29fcafb1961c0e8a19f2aecc7b4464a774ffc817ef3324b2a1082f1d7
b9538468061f04349d24bde4c0239fa4504e7420bd40ccf8c273457bf5b2a86a
e404db825cdf30ab6339db6d2fdb23fb48546321336a5761ec2f1fc6a8f0d659
e8916e2521f00bd35d4456e1b45859a823987134bd7004e633de4bad2d05e627
eb3d5f2600910179bef8b0709214b7c721ea66e92ebb35bc282264beb2631eaf

pay.afterpay.nl Open in urlscan Pro 134.213.78.148 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

1195 kBTransfer

1203 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

38 JavaScript Global Variables

0 Cookies

Indicators

pay.afterpay.nl Open in urlscan Pro
134.213.78.148 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

1195 kB
Transfer

1203 kB
Size

0
Cookies

14 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!