urlscan.io logo urlscan.io
SecurityTrails logo

paypal.verifylog.xyz Open in urlscan Pro
45.148.121.166  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://paypal.verifylog.xyz/
Submission Tags: phishing malicious Search All
Submission: On November 25 via api from US — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 6 domains to perform 15 HTTP transactions. The main IP is 45.148.121.166, located in Netherlands and belongs to SKB-ENTERPRISE, NL. The main domain is paypal.verifylog.xyz.
This is the only time paypal.verifylog.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

IP Address AS Autonomous System
10 45.148.121.166 64425 (SKB-ENTER...)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 104.111.228.123 16625 (AKAMAI-AS)
15 5
10    45.148.121.166 (Netherlands)

ASN64425 (SKB-ENTERPRISE, NL)
PTR: server70hector.f7-networks.com
paypal.verifylog.xyz
2    2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com.gh
1    2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.nl
2    104.111.228.123 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-228-123.deploy.static.akamaitechnologies.com
www.paypalobjects.com
Domain Requested by
10 paypal.verifylog.xyz paypal.verifylog.xyz
2 www.paypalobjects.com paypal.verifylog.xyz
2 www.google.com 1 redirects paypal.verifylog.xyz
1 www.google.nl paypal.verifylog.xyz
1 googleads.g.doubleclick.net 1 redirects
1 www.google.com.gh paypal.verifylog.xyz
15 6

This site contains no links.

Subject Issuer Validity Valid
www.google.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.google.com.gh
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2021-11-03 -
2022-10-31		 a year crt.sh

This page contains 1 frames:

Primary Page: http://paypal.verifylog.xyz/
Frame ID: 6538DE5734E1867CE58E2708C7EFC349
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Log In

Page Statistics

15
Requests

27 %
HTTPS

67 %
IPv6

6
Domains

6
Subdomains

5
IPs

2
Countries

376 kB
Transfer

521 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/992191228/?random=118604740&cv=9&fst=1637672850245&num=1&label=vTDjCL3nvv4CEPzFjtkD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=4&u_tz=0&u_java=false&u_nplug=5&u_nmime=2&gtm=2oi4f0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fsignin&ref=https%3A%2F%2Fwww.paypal.com%2Fus%2Fhome&tiba=Log%20in%20to%20your%20PayPal%20account&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=tuecYdu7H8W2mLAPmvyhuAU&sscte=1&crd= HTTP 302
  • https://www.google.com/pagead/1p-conversion/992191228/?random=118604740&cv=9&fst=1637672850245&num=1&label=vTDjCL3nvv4CEPzFjtkD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=4&u_tz=0&u_java=false&u_nplug=5&u_nmime=2&gtm=2oi4f0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fsignin&ref=https%3A%2F%2Fwww.paypal.com%2Fus%2Fhome&tiba=Log%20in%20to%20your%20PayPal%20account&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=tuecYdu7H8W2mLAPmvyhuAU&random=3696790641&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.nl/pagead/1p-conversion/992191228/?random=118604740&cv=9&fst=1637672850245&num=1&label=vTDjCL3nvv4CEPzFjtkD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=4&u_tz=0&u_java=false&u_nplug=5&u_nmime=2&gtm=2oi4f0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fsignin&ref=https%3A%2F%2Fwww.paypal.com%2Fus%2Fhome&tiba=Log%20in%20to%20your%20PayPal%20account&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=tuecYdu7H8W2mLAPmvyhuAU&random=3696790641&resp=GooglemKTybQhCsO&ipr=y&prhg=0

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
paypal.verifylog.xyz/ 		29 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://paypal.verifylog.xyz/
Protocol
HTTP/1.1
Server
45.148.121.166 , Netherlands, ASN64425 (SKB-ENTERPRISE, NL),
Reverse DNS
server70hector.f7-networks.com
Software
LiteSpeed / PHP/7.1.33
Resource Hash
2b19e58107de9c6f430c04a86dc63192e5753c621676ae15992d52a6a1a39a6a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9

Response headers

Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
x-powered-by
PHP/7.1.33
content-type
text/html; charset=UTF-8
content-length
6536
content-encoding
gzip
vary
Accept-Encoding
date
Thu, 25 Nov 2021 11:20:36 GMT
server
LiteSpeed
f.txt
paypal.verifylog.xyz/paypalpj_files/ 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://paypal.verifylog.xyz/paypalpj_files/f.txt
Requested by
Host: paypal.verifylog.xyz
URL: http://paypal.verifylog.xyz/
Protocol
HTTP/1.1
Server
45.148.121.166 , Netherlands, ASN64425 (SKB-ENTERPRISE, NL),
Reverse DNS
server70hector.f7-networks.com
Software
LiteSpeed /
Resource Hash
316bda79ebc11f2ec6c4654f6b0fe4ecdaea2382f1cdc27035972eb9e877b2ff

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
http://paypal.verifylog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 25 Nov 2021 11:20:36 GMT
content-encoding
gzip
last-modified
Thu, 25 Nov 2021 11:18:27 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/plain
Connection
Keep-Alive
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
content-length
14419
analytics.js.download
paypal.verifylog.xyz/paypalpj_files/ 		44 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://paypal.verifylog.xyz/paypalpj_files/analytics.js.download
Requested by
Host: paypal.verifylog.xyz
URL: http://paypal.verifylog.xyz/
Protocol
HTTP/1.1
Server
45.148.121.166 , Netherlands, ASN64425 (SKB-ENTERPRISE, NL),
Reverse DNS
server70hector.f7-networks.com
Software
LiteSpeed /
Resource Hash
62bb5685d837089cd6aedb6f5fe5375c83ce5facc879632628e1e63e51399580

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
http://paypal.verifylog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 25 Nov 2021 11:20:36 GMT
last-modified
Thu, 25 Nov 2021 11:18:27 GMT
server
LiteSpeed
content-type
application/octet-stream
Connection
Keep-Alive
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
content-length
44761
gtag.js.download
paypal.verifylog.xyz/paypalpj_files/ 		79 KB
79 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://paypal.verifylog.xyz/paypalpj_files/gtag.js.download
Requested by
Host: paypal.verifylog.xyz
URL: http://paypal.verifylog.xyz/
Protocol
HTTP/1.1
Server
45.148.121.166 , Netherlands, ASN64425 (SKB-ENTERPRISE, NL),
Reverse DNS
server70hector.f7-networks.com
Software
LiteSpeed /
Resource Hash
f982a9dad50b916735a08b8e6f40efa7f97163106b18da079b144764c86a44a1

Request headers

Referer
http://paypal.verifylog.xyz/
Origin
http://paypal.verifylog.xyz
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 25 Nov 2021 11:20:36 GMT
last-modified
Thu, 25 Nov 2021 11:18:27 GMT
server
LiteSpeed
content-type
application/octet-stream
Connection
Keep-Alive
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
content-length
80826
latmconf.js.download
paypal.verifylog.xyz/paypalpj_files/ 		131 KB
131 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://paypal.verifylog.xyz/paypalpj_files/latmconf.js.download
Requested by
Host: paypal.verifylog.xyz
URL: http://paypal.verifylog.xyz/
Protocol
HTTP/1.1
Server
45.148.121.166 , Netherlands, ASN64425 (SKB-ENTERPRISE, NL),
Reverse DNS
server70hector.f7-networks.com
Software
LiteSpeed /
Resource Hash
431b5f1f8a9b745d82bb9be17893a5601069d8b412d4ee0238b53cb4e52d09d1

Request headers

Referer
http://paypal.verifylog.xyz/
Origin
http://paypal.verifylog.xyz
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 25 Nov 2021 11:20:36 GMT
last-modified
Thu, 25 Nov 2021 11:18:27 GMT
server
LiteSpeed
content-type
application/octet-stream
Connection
Keep-Alive
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
content-length
134275
ngrlCaptcha.min.js.download
paypal.verifylog.xyz/paypalpj_files/ 		21 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://paypal.verifylog.xyz/paypalpj_files/ngrlCaptcha.min.js.download
Requested by
Host: paypal.verifylog.xyz
URL: http://paypal.verifylog.xyz/
Protocol
HTTP/1.1
Server
45.148.121.166 , Netherlands, ASN64425 (SKB-ENTERPRISE, NL),
Reverse DNS
server70hector.f7-networks.com
Software
LiteSpeed /
Resource Hash
3ba795672c78c8f0f52ecd5d1a0a317d1e5c059509a6bead9d26b46fc831d83b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
http://paypal.verifylog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 25 Nov 2021 11:20:36 GMT
last-modified
Thu, 25 Nov 2021 11:18:27 GMT
server
LiteSpeed
content-type
application/octet-stream
Connection
Keep-Alive
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
content-length
21544
contextualLogin.css
paypal.verifylog.xyz/paypalpj_files/ 		119 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://paypal.verifylog.xyz/paypalpj_files/contextualLogin.css
Requested by
Host: paypal.verifylog.xyz
URL: http://paypal.verifylog.xyz/
Protocol
HTTP/1.1
Server
45.148.121.166 , Netherlands, ASN64425 (SKB-ENTERPRISE, NL),
Reverse DNS
server70hector.f7-networks.com
Software
LiteSpeed /
Resource Hash
6c95c7a38d45988433fee5ff9e9412c22a61c0c8212766c62f3c94c10ae84d88

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
http://paypal.verifylog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 25 Nov 2021 11:20:36 GMT
content-encoding
gzip
last-modified
Thu, 25 Nov 2021 11:18:27 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
Connection
Keep-Alive
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
content-length
19405
expires
Thu, 02 Dec 2021 11:20:36 GMT
modernizr-2.6.1.js.download
paypal.verifylog.xyz/paypalpj_files/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://paypal.verifylog.xyz/paypalpj_files/modernizr-2.6.1.js.download
Requested by
Host: paypal.verifylog.xyz
URL: http://paypal.verifylog.xyz/
Protocol
HTTP/1.1
Server
45.148.121.166 , Netherlands, ASN64425 (SKB-ENTERPRISE, NL),
Reverse DNS
server70hector.f7-networks.com
Software
LiteSpeed /
Resource Hash
a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
http://paypal.verifylog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 25 Nov 2021 11:20:36 GMT
last-modified
Thu, 25 Nov 2021 11:18:27 GMT
server
LiteSpeed
content-type
application/octet-stream
Connection
Keep-Alive
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
content-length
3807
f(1).txt
paypal.verifylog.xyz/paypalpj_files/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://paypal.verifylog.xyz/paypalpj_files/f(1).txt
Requested by
Host: paypal.verifylog.xyz
URL: http://paypal.verifylog.xyz/
Protocol
HTTP/1.1
Server
45.148.121.166 , Netherlands, ASN64425 (SKB-ENTERPRISE, NL),
Reverse DNS
server70hector.f7-networks.com
Software
LiteSpeed /
Resource Hash
9d2cae5991852237acca6108a7550f34cd3d15605004b024d76d5a8d2e865f5d

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
http://paypal.verifylog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 25 Nov 2021 11:20:36 GMT
content-encoding
gzip
last-modified
Thu, 25 Nov 2021 11:18:27 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/plain
Connection
Keep-Alive
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
content-length
1086
f(2).txt
paypal.verifylog.xyz/paypalpj_files/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://paypal.verifylog.xyz/paypalpj_files/f(2).txt
Requested by
Host: paypal.verifylog.xyz
URL: http://paypal.verifylog.xyz/
Protocol
HTTP/1.1
Server
45.148.121.166 , Netherlands, ASN64425 (SKB-ENTERPRISE, NL),
Reverse DNS
server70hector.f7-networks.com
Software
LiteSpeed /
Resource Hash
e049ad70c54b8f59fa0fcb3adc5fabdabdbccae2836183228e806b3c1ef8e9ce

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
http://paypal.verifylog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 25 Nov 2021 11:20:36 GMT
content-encoding
gzip
last-modified
Thu, 25 Nov 2021 11:18:27 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/plain
Connection
Keep-Alive
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
content-length
1187
/
www.google.com/pagead/1p-user-list/992191228/ 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/992191228/?random=1637672850240&cv=9&fst=1637672400000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=4&u_tz=0&u_java=false&u_nplug=5&u_nmime=2&gtm=2oi4f0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fsignin&ref=https%3A%2F%2Fwww.paypal.com%2Fus%2Fhome&tiba=Log%20in%20to%20your%20PayPal%20account&async=1&fmt=3&is_vtc=1&random=2821719600&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: paypal.verifylog.xyz
URL: http://paypal.verifylog.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
http://paypal.verifylog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 25 Nov 2021 11:20:36 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com.gh/pagead/1p-user-list/992191228/ 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com.gh/pagead/1p-user-list/992191228/?random=1637672850240&cv=9&fst=1637672400000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=4&u_tz=0&u_java=false&u_nplug=5&u_nmime=2&gtm=2oi4f0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fsignin&ref=https%3A%2F%2Fwww.paypal.com%2Fus%2Fhome&tiba=Log%20in%20to%20your%20PayPal%20account&async=1&fmt=3&is_vtc=1&random=2821719600&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: paypal.verifylog.xyz
URL: http://paypal.verifylog.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
http://paypal.verifylog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 25 Nov 2021 11:20:36 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.nl/pagead/1p-conversion/992191228/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/992191228/?random=118604740&cv=9&fst=1637672850245&num=1&label=vTDjCL3nvv4CEPzFjtkD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=3766...
  • https://www.google.com/pagead/1p-conversion/992191228/?random=118604740&cv=9&fst=1637672850245&num=1&label=vTDjCL3nvv4CEPzFjtkD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=768&u_w=136...
  • https://www.google.nl/pagead/1p-conversion/992191228/?random=118604740&cv=9&fst=1637672850245&num=1&label=vTDjCL3nvv4CEPzFjtkD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=768&u_w=1366...
42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.nl/pagead/1p-conversion/992191228/?random=118604740&cv=9&fst=1637672850245&num=1&label=vTDjCL3nvv4CEPzFjtkD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=4&u_tz=0&u_java=false&u_nplug=5&u_nmime=2&gtm=2oi4f0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fsignin&ref=https%3A%2F%2Fwww.paypal.com%2Fus%2Fhome&tiba=Log%20in%20to%20your%20PayPal%20account&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=tuecYdu7H8W2mLAPmvyhuAU&random=3696790641&resp=GooglemKTybQhCsO&ipr=y&prhg=0
Requested by
Host: paypal.verifylog.xyz
URL: http://paypal.verifylog.xyz/
Protocol
H2
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
http://paypal.verifylog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 25 Nov 2021 11:20:36 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 25 Nov 2021 11:20:36 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/gif
location
https://www.google.nl/pagead/1p-conversion/992191228/?random=118604740&cv=9&fst=1637672850245&num=1&label=vTDjCL3nvv4CEPzFjtkD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=4&u_tz=0&u_java=false&u_nplug=5&u_nmime=2&gtm=2oi4f0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fsignin&ref=https%3A%2F%2Fwww.paypal.com%2Fus%2Fhome&tiba=Log%20in%20to%20your%20PayPal%20account&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=tuecYdu7H8W2mLAPmvyhuAU&random=3696790641&resp=GooglemKTybQhCsO&ipr=y&prhg=0
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
paypal-logo-129x32.svg
www.paypalobjects.com/images/shared/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/images/shared/paypal-logo-129x32.svg
Requested by
Host: paypal.verifylog.xyz
URL: http://paypal.verifylog.xyz/paypalpj_files/contextualLogin.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.228.123 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-228-123.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
http://paypal.verifylog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 25 Nov 2021 11:20:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 24 Oct 2014 22:52:57 GMT
cache-control
public, max-age=3600
etag
W/"544ad849-1351"
surrogate-control
max-age=31536000
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
paypal-debug-id
67a6d6d32ed42
strict-transport-security
max-age=31536000
dc
slc-b-origin-www-1.paypal.com
content-length
1932
expires
Thu, 25 Nov 2021 12:20:36 GMT
sprite_countries_flag4.png
www.paypalobjects.com/webstatic/mktg/icons/ 		48 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/webstatic/mktg/icons/sprite_countries_flag4.png
Requested by
Host: paypal.verifylog.xyz
URL: http://paypal.verifylog.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.228.123 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-228-123.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
9a96bec193d9cab5e4d01108de857530a2775363c08273c320b8cfb03bffa358
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
http://paypal.verifylog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 25 Nov 2021 11:20:36 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
x-serial
1245
etag
"XyrhkHZDOkR7RmyrX11SqXi9LE9tzruVrgkvFWDhG7A"
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
private, no-transform, max-age=43200
last-modified
Sat, 30 Oct 2021 02:49:01 GMT
content-length
49586
server
Akamai Image Manager
expires
Thu, 25 Nov 2021 23:20:36 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| GooglemKTybQhCsO function| google_trackConversion object| google_tag_manager object| gDataLayer object| google_tag_data function| ga object| gaplugins object| latmconf boolean| paypalADSInterceptorInjected object| html5 object| Modernizr function| isEligibleIntegration object| antiClickjack

1 Cookies

Domain/Path Name / Value
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission