paypal.verifylog.xyz
Open in
urlscan Pro
45.148.121.166
Malicious Activity!
Public Scan
Submission Tags: phishing malicious Search All
Submission: On November 25 via api from US — Scanned from NL
Summary
This is the only time paypal.verifylog.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 45.148.121.166 45.148.121.166 | 64425 (SKB-ENTER...) (SKB-ENTERPRISE) | |
1 2 | 2a00:1450:400... 2a00:1450:4001:831::2004 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:810::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 2a00:1450:400... 2a00:1450:4001:82a::2002 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:831::2003 | 15169 (GOOGLE) (GOOGLE) | |
2 | 104.111.228.123 104.111.228.123 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
15 | 5 |
ASN64425 (SKB-ENTERPRISE, NL)
PTR: server70hector.f7-networks.com
paypal.verifylog.xyz |
ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net |
ASN16625 (AKAMAI-AS, US)
PTR: a104-111-228-123.deploy.static.akamaitechnologies.com
www.paypalobjects.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
verifylog.xyz
paypal.verifylog.xyz |
323 KB |
2 |
paypalobjects.com
www.paypalobjects.com |
51 KB |
2 |
google.com
1 redirects
www.google.com |
1 KB |
1 |
google.nl
www.google.nl |
548 B |
1 |
doubleclick.net
1 redirects
googleads.g.doubleclick.net |
1 KB |
1 |
google.com.gh
www.google.com.gh |
548 B |
15 | 6 |
Domain | Requested by | |
---|---|---|
10 | paypal.verifylog.xyz |
paypal.verifylog.xyz
|
2 | www.paypalobjects.com |
paypal.verifylog.xyz
|
2 | www.google.com |
1 redirects
paypal.verifylog.xyz
|
1 | www.google.nl |
paypal.verifylog.xyz
|
1 | googleads.g.doubleclick.net | 1 redirects |
1 | www.google.com.gh |
paypal.verifylog.xyz
|
15 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.google.com GTS CA 1C3 |
2021-11-01 - 2022-01-24 |
3 months | crt.sh |
*.google.com.gh GTS CA 1C3 |
2021-11-01 - 2022-01-24 |
3 months | crt.sh |
www.paypal.com DigiCert SHA2 Extended Validation Server CA |
2021-11-03 - 2022-10-31 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://paypal.verifylog.xyz/
Frame ID: 6538DE5734E1867CE58E2708C7EFC349
Requests: 15 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 11- https://googleads.g.doubleclick.net/pagead/viewthroughconversion/992191228/?random=118604740&cv=9&fst=1637672850245&num=1&label=vTDjCL3nvv4CEPzFjtkD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=4&u_tz=0&u_java=false&u_nplug=5&u_nmime=2>m=2oi4f0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fsignin&ref=https%3A%2F%2Fwww.paypal.com%2Fus%2Fhome&tiba=Log%20in%20to%20your%20PayPal%20account&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=tuecYdu7H8W2mLAPmvyhuAU&sscte=1&crd= HTTP 302
- https://www.google.com/pagead/1p-conversion/992191228/?random=118604740&cv=9&fst=1637672850245&num=1&label=vTDjCL3nvv4CEPzFjtkD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=4&u_tz=0&u_java=false&u_nplug=5&u_nmime=2>m=2oi4f0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fsignin&ref=https%3A%2F%2Fwww.paypal.com%2Fus%2Fhome&tiba=Log%20in%20to%20your%20PayPal%20account&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=tuecYdu7H8W2mLAPmvyhuAU&random=3696790641&resp=GooglemKTybQhCsO HTTP 302
- https://www.google.nl/pagead/1p-conversion/992191228/?random=118604740&cv=9&fst=1637672850245&num=1&label=vTDjCL3nvv4CEPzFjtkD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=4&u_tz=0&u_java=false&u_nplug=5&u_nmime=2>m=2oi4f0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fsignin&ref=https%3A%2F%2Fwww.paypal.com%2Fus%2Fhome&tiba=Log%20in%20to%20your%20PayPal%20account&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=tuecYdu7H8W2mLAPmvyhuAU&random=3696790641&resp=GooglemKTybQhCsO&ipr=y&prhg=0
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
paypal.verifylog.xyz/ |
29 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
f.txt
paypal.verifylog.xyz/paypalpj_files/ |
37 KB 14 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
analytics.js.download
paypal.verifylog.xyz/paypalpj_files/ |
44 KB 44 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gtag.js.download
paypal.verifylog.xyz/paypalpj_files/ |
79 KB 79 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
latmconf.js.download
paypal.verifylog.xyz/paypalpj_files/ |
131 KB 131 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ngrlCaptcha.min.js.download
paypal.verifylog.xyz/paypalpj_files/ |
21 KB 21 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
contextualLogin.css
paypal.verifylog.xyz/paypalpj_files/ |
119 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
modernizr-2.6.1.js.download
paypal.verifylog.xyz/paypalpj_files/ |
4 KB 4 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
f(1).txt
paypal.verifylog.xyz/paypalpj_files/ |
2 KB 1 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
f(2).txt
paypal.verifylog.xyz/paypalpj_files/ |
2 KB 1 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.com/pagead/1p-user-list/992191228/ |
42 B 548 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.com.gh/pagead/1p-user-list/992191228/ |
42 B 548 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.nl/pagead/1p-conversion/992191228/ Redirect Chain
|
42 B 548 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
paypal-logo-129x32.svg
www.paypalobjects.com/images/shared/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sprite_countries_flag4.png
www.paypalobjects.com/webstatic/mktg/icons/ |
48 KB 49 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| GooglemKTybQhCsO function| google_trackConversion object| google_tag_manager object| gDataLayer object| google_tag_data function| ga object| gaplugins object| latmconf boolean| paypalADSInterceptorInjected object| html5 object| Modernizr function| isEligibleIntegration object| antiClickjack1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.doubleclick.net/ | Name: test_cookie Value: CheckForPermission |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
googleads.g.doubleclick.net
paypal.verifylog.xyz
www.google.com
www.google.com.gh
www.google.nl
www.paypalobjects.com
104.111.228.123
2a00:1450:4001:810::2003
2a00:1450:4001:82a::2002
2a00:1450:4001:831::2003
2a00:1450:4001:831::2004
45.148.121.166
2b19e58107de9c6f430c04a86dc63192e5753c621676ae15992d52a6a1a39a6a
316bda79ebc11f2ec6c4654f6b0fe4ecdaea2382f1cdc27035972eb9e877b2ff
3ba795672c78c8f0f52ecd5d1a0a317d1e5c059509a6bead9d26b46fc831d83b
431b5f1f8a9b745d82bb9be17893a5601069d8b412d4ee0238b53cb4e52d09d1
62bb5685d837089cd6aedb6f5fe5375c83ce5facc879632628e1e63e51399580
6c95c7a38d45988433fee5ff9e9412c22a61c0c8212766c62f3c94c10ae84d88
9a96bec193d9cab5e4d01108de857530a2775363c08273c320b8cfb03bffa358
9d2cae5991852237acca6108a7550f34cd3d15605004b024d76d5a8d2e865f5d
a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
e049ad70c54b8f59fa0fcb3adc5fabdabdbccae2836183228e806b3c1ef8e9ce
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f982a9dad50b916735a08b8e6f40efa7f97163106b18da079b144764c86a44a1