paypal-verificatie.com
Open in
urlscan Pro
78.142.19.174
Malicious Activity!
Public Scan
Submitted URL: http://paypal-verificatie.com/pp.html
Effective URL: https://paypal-verificatie.com/pp.html
Submission: On September 17 via automatic, source phishtank
Effective URL: https://paypal-verificatie.com/pp.html
Submission: On September 17 via automatic, source phishtank
Summary
This website contacted 2 IPs
in 2 countries
across 3 domains to perform 21 HTTP transactions.
The main IP is 78.142.19.174, located in
Bulgaria and
belongs to -Reserved AS-, ZZ.
The main domain is paypal-verificatie.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on September 15th 2019. Valid for: 3 months.
This is the only time paypal-verificatie.com was scanned on urlscan.io!
TLS certificate: Issued by Let's Encrypt Authority X3 on September 15th 2019. Valid for: 3 months.
This is the only time paypal-verificatie.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 17 | 78.142.19.174 78.142.19.174 | 209061 (-Reserved...) (-Reserved AS-) | |
| 5 | 23.210.248.226 23.210.248.226 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
| 21 | 2 |
17
78.142.19.174
(Bulgaria)
ASN209061 (-Reserved AS-, ZZ)
PTR: srv38.unsubscribes.reviews
ASN209061 (-Reserved AS-, ZZ)
PTR: srv38.unsubscribes.reviews
| paypal-verificatie.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 17 |
paypal-verificatie.com
1 redirects
paypal-verificatie.com |
205 KB |
| 4 |
paypal.com
www.paypal.com c.paypal.com t.paypal.com |
1 KB |
| 1 |
paypalobjects.com
www.paypalobjects.com |
5 KB |
| 21 | 3 |
| Domain | Requested by | |
|---|---|---|
| 17 | paypal-verificatie.com |
1 redirects
paypal-verificatie.com
|
| 2 | t.paypal.com |
paypal-verificatie.com
|
| 1 | c.paypal.com |
paypal-verificatie.com
|
| 1 | www.paypalobjects.com |
paypal-verificatie.com
|
| 1 | www.paypal.com |
paypal-verificatie.com
|
| 21 | 5 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.paypal.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| paypal-verificatie.com Let's Encrypt Authority X3 |
2019-09-15 - 2019-12-14 |
3 months | crt.sh |
| www.paypal.com DigiCert SHA2 Extended Validation Server CA |
2019-08-18 - 2020-08-18 |
a year | crt.sh |
This page contains 4 frames:
Primary Page:
https://paypal-verificatie.com/pp.html
Frame ID: D344A9E53C790BB95A13C9B00E51B7B7
Requests: 16 HTTP requests in this frame
Frame:
https://paypal-verificatie.com/Paypal_files/saved_resource.html
Frame ID: 57B42CE03BE1C72A4D658E59E80FBB18
Requests: 1 HTTP requests in this frame
Frame:
https://paypal-verificatie.com/Paypal_files/saved_resource(1).html
Frame ID: B86F299C91530A16F21675E17C8BCFB6
Requests: 2 HTTP requests in this frame
Frame:
https://paypal-verificatie.com/Paypal_files/i.html
Frame ID: D59ED4FFBB2BE8E99FA4619E72EAE398
Requests: 2 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://paypal-verificatie.com/pp.html
HTTP 301
https://paypal-verificatie.com/pp.html Page URL
Detected technologies
Ubuntu
(Operating Systems)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /Ubuntu/i
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
8 Outgoing links
These are links going to different origins than the main page.
URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fpaypalme&state=%2Fmy%2Fprofile%3Flocale.x%3Dnl_NL%26country.x%3DNL
Title: gebruik uw e-mailadres.
Title: gebruik uw e-mailadres.
Search URL Search Domain Scan URL
URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fpaypalme&state=%2Fmy%2Fprofile%3Flocale.x%3Dnl_NL%26country.x%3DNL
Title: Afbeelding opnieuw laden
Title: Afbeelding opnieuw laden
Search URL Search Domain Scan URL
URL: https://www.paypal.com/authflow/password-recovery/?redirectUri=%252Fsignin%253FreturnUri%253Dhttps%25253A%25252F%25252Fwww.paypal.com%25252Fpaypalme%2526state%253D%25252Fmy%25252Fprofile%25253Flocale.x%25253Dnl_NL%252526country.x%25253DNL&country.x=NL&locale.x=nl_NL
Title: Heeft u problemen met inloggen?
Title: Heeft u problemen met inloggen?
Search URL Search Domain Scan URL
URL: https://www.paypal.com/nl/webapps/mpp/account-selection
Title: Rekening openen
Title: Rekening openen
Search URL Search Domain Scan URL
URL: https://www.paypal.com/%7BcoBrand%7D/cgi-bin/helpscr?cmd=_help
Title: We zijn u graag van dienst
Title: We zijn u graag van dienst
Search URL Search Domain Scan URL
URL: https://www.paypal.com/nl/webapps/mpp/ua/privacy-full
Title: Privacy
Title: Privacy
Search URL Search Domain Scan URL
URL: https://www.paypal.com/nl
Title: PayPal
Title: PayPal
Search URL Search Domain Scan URL
URL: https://www.paypal.com/myaccount/profile/flow/cookies/?locale=nl_NL
Title: je cookies beheren
Title: je cookies beheren
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://paypal-verificatie.com/pp.html
HTTP 301
https://paypal-verificatie.com/pp.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
pp.html
paypal-verificatie.com/ Redirect Chain
|
186 KB 50 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
contextualLogin.css
paypal-verificatie.com/Paypal_files/ |
87 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
signin
www.paypal.com/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
icon-PN-check.png
paypal-verificatie.com/Paypal_files/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
glyph_alert_critical_big-2x.png
paypal-verificatie.com/Paypal_files/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
pa.js.download
paypal-verificatie.com/Paypal_files/ |
40 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
fb-all-prod.pp2.min.js.download
paypal-verificatie.com/Paypal_files/ |
58 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
tealeaf-ul-prod_domcap.min.js.download
paypal-verificatie.com/Paypal_files/ |
110 KB 35 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
miconfig.js.download
paypal-verificatie.com/Paypal_files/ |
30 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
analytics.js.download
paypal-verificatie.com/Paypal_files/ |
27 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
gtag.js.download
paypal-verificatie.com/Paypal_files/ |
63 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
saved_resource.html
paypal-verificatie.com/Paypal_files/ Frame 57B4 |
149 B 480 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
paypal-logo-129x32.svg
www.paypalobjects.com/images/shared/ |
5 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
saved_resource(1).html
paypal-verificatie.com/Paypal_files/ Frame B86F |
323 B 594 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
i.html
paypal-verificatie.com/Paypal_files/ Frame D59E |
354 B 593 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
e
c.paypal.com/v1/r/d/b/ |
18 B 181 B |
Script
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
tealeaftarget
paypal-verificatie.com/ |
285 B 501 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
counter.cgi
paypal-verificatie.com/Paypal_files/ Frame B86F |
42 B 299 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
fb-all-prod.pp2.min.js.download
paypal-verificatie.com/Paypal_files/ Frame D59E |
58 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ts
t.paypal.com/ |
42 B 560 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ts
t.paypal.com/ |
42 B 560 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)50 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| html5 object| Modernizr function| isEligibleIntegration object| antiClickjack object| PAYPAL function| $ function| _classCallCheck function| _typeof function| _createClass number| HTTPOK string| HTTPGET string| HTTPPOST number| DEFAULT_XHR_TIMEOUT object| fpti string| fptiserverurl object| _ifpti function| AjaxRequest string| PP_SERVICE_URL string| BASE_SWF_URL string| BEACON_BASE_URL string| PP_IFRAME_JS_URL string| PP_NEW_SERVICE_URL string| PP_VERSION object| Configuration object| PFB_4732Config object| PFB_4732 object| dataCollector object| fp undefined| runFb function| initTsFb object| jstz function| SwfStore function| SlvtStore object| pako object| TLT object| miconfig function| ga object| gaplugins object| google_tag_manager object| gDataLayer function| postAjax function| bindGdprEvents object| _0x2abd function| _0x1aa1 object| d function| adcfaeaaedfaabe object| err function| hideGdprBanner function| showGdprBanner boolean| error0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
c.paypal.com
paypal-verificatie.com
t.paypal.com
www.paypal.com
www.paypalobjects.com
23.210.248.226
78.142.19.174
13e4806e5c517e074ab1ea26fe0f2b7b87eaa3988006f35ed0bd4c89502d0d79
22027bb7a536c4631d05950c052600da4e4e6b697c0ffee2189da38e05857466
2e9702cb923fd9b54ced95f4af24b017f92452a547ff3e77eed3472e35da710a
38b69e3b3bff3cfecfd24783700c41a742a09e2100e9e9f56b947d21ef03fadc
3b383751b6bf88b401ab701e522156eab27cf0c704f022a936cb7a15509b89f3
462828d2dba3735d86b9f00fae38aa63c39d28582937a5231b300adfec9ea9d6
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4a77d272b8cf508cc4a7e0da5763faa9958e42a5554fdb5d29fc3be51d685653
5432a6cd551d2d20a95b28232310df54b57167ca742d85b756d6b29f6ff02490
5aa5acab723e19cdd3c08e54977ff487d39b0add98ebc646cb31a8ecd322fa9b
5d958909a71cd73245f86e4e9cae30c5b57c58d5501ed27582da225e82155295
62e7d1d3345eac1f9badc6e642515fbaf718d94c376fa03edb1b1fefdf3b1ffe
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
97f9b10039b05e1af4a3c9b778fc72ba44cf68a376e4ec1d55f2558f16cf3e50
98581bf58e5c202c1742212bb1351053431567fc3da31a0ee29f4f4826bb5214
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
ddc57da45283182ecfb0c487d8891aed98053562f0059a16777d28b5486edf49
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eda0a3b80b9a6c146817151721cb4e4c38bb88bae41419df26f5f67156fa14b3