us-paypal-login.blogspot.com
Open in
urlscan Pro
2a00:1450:4001:812::2001
Malicious Activity!
Public Scan
URL:
https://us-paypal-login.blogspot.com/
Submission: On June 28 via manual from US
Submission: On June 28 via manual from US
Summary
This website contacted 2 IPs
in 2 countries
across 2 domains to perform 10 HTTP transactions.
The main IP is 2a00:1450:4001:812::2001, located in
Ireland and
belongs to GOOGLE - Google LLC, US.
The main domain is us-paypal-login.blogspot.com.
TLS certificate: Issued by Google Internet Authority G3 on June 12th 2018. Valid for: 2 months.
This is the only time us-paypal-login.blogspot.com was scanned on urlscan.io!
TLS certificate: Issued by Google Internet Authority G3 on June 12th 2018. Valid for: 2 months.
This is the only time us-paypal-login.blogspot.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 | 2a00:1450:400... 2a00:1450:4001:812::2001 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 8 | 2a02:4780:dea... 2a02:4780:dead:efe::1 | 204915 (AWEX) (AWEX) | |
| 10 | 2 |
2
2a00:1450:4001:812::2001
(Ireland)
ASN15169 (GOOGLE - Google LLC, US)
ASN15169 (GOOGLE - Google LLC, US)
| us-paypal-login.blogspot.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 8 |
000webhostapp.com
loftiest-milliliter.000webhostapp.com |
86 KB |
| 2 |
blogspot.com
us-paypal-login.blogspot.com |
4 KB |
| 10 | 2 |
| Domain | Requested by | |
|---|---|---|
| 8 | loftiest-milliliter.000webhostapp.com |
us-paypal-login.blogspot.com
|
| 2 | us-paypal-login.blogspot.com |
us-paypal-login.blogspot.com
|
| 10 | 2 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.blogger.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.googleusercontent.com Google Internet Authority G3 |
2018-06-12 - 2018-08-21 |
2 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://us-paypal-login.blogspot.com/
Frame ID: 4F605D88B91BB077EF103B0483323A8E
Requests: 10 HTTP requests in this frame
Screenshot
Detected technologies
Blogger
(Blogs)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- url /\.blogspot\.com/i
Java
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /GSE/i
OpenGSE
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /GSE/i
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link[^>]* href=[^>]+font-awesome(?:\.min)?\.css/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Twitter Bootstrap () Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i
- script /(?:twitter\.github\.com\/bootstrap|bootstrap(?:\.js|\.min\.js))/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
URL: https://www.blogger.com/go/blogspot-cookies
Title: Weitere Informationen
Title: Weitere Informationen
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
us-paypal-login.blogspot.com/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET S |
normalize.css
loftiest-milliliter.000webhostapp.com/Log/ |
8 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET S |
bootstrap.min.css
loftiest-milliliter.000webhostapp.com/Log/ |
118 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET S |
font-awesome.min.css
loftiest-milliliter.000webhostapp.com/Log/ |
21 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET S |
login.css
loftiest-milliliter.000webhostapp.com/Log/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET S |
ppt.PNG
loftiest-milliliter.000webhostapp.com/Log/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET S |
jquery-1.11.3.min.js.download
loftiest-milliliter.000webhostapp.com/Log/ |
94 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET S |
bootstrap.min.js.download
loftiest-milliliter.000webhostapp.com/Log/ |
36 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET S |
plugins.js.download
loftiest-milliliter.000webhostapp.com/Log/ |
1 KB 653 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
cookienotice.js
us-paypal-login.blogspot.com/js/ |
6 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| adsbygoogle function| $ function| jQuery object| jQuery111307931030162126886 object| cookieChoices0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Content-Type-Options | nosniff |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
loftiest-milliliter.000webhostapp.com
us-paypal-login.blogspot.com
2a00:1450:4001:812::2001
2a02:4780:dead:efe::1
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
0fb1bbca73646e8e2b93c82e8d8b219647b13d4b440c48e338290b9a685b8de1
123a1d5f92b2744c003a176eb36ebcb867e8c46d6bea590ebccf57cac45d4f45
30956198f3f7ad95a65a31f44304a35f639917b4b7f7fdea4622b9549c037cd0
4e7e1c16e351e7bfc80cddef9f98e99113ddb0d1e201be00d53955fe62f0e523
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
723d45e660a32478800d48dc212655507d19fc24ce4424b137c0482577e46a63
c13ab36ef47c80231ddd9e6774f9ada731e439a298e4a3471ad347cf5e4f36b5
f00f02c037ca466166cccc713ea4c609dc0b6b1345916fe4acc3db6dd6d854fd
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c