vietphrase.com Open in urlscan Pro
2606:4700:30::681c:17a Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/
Submission Tags: phishing malicious Search All
Submission: On November 17 via api (November 17th 2019, 9:44:24 pm UTC) from US

Summary HTTP 17 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 8 IPs in 4 countries across 7 domains to perform 17 HTTP transactions. The main IP is 2606:4700:30::681c:17a, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is vietphrase.com.

This is the only time vietphrase.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
6	2606:4700:30:... 2606:4700:30::681c:17a	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
4	2.21.38.79 2.21.38.79	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	195.181.170.17 195.181.170.17	60068 (CDN77) (CDN77)
1	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2606:4700::68... 2606:4700::6811:a7ba	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	162.252.214.5 162.252.214.5	53334 (TUT-AS) (TUT-AS - Total Uptime Technologies)
1	216.21.13.10 216.21.13.10	53334 (TUT-AS) (TUT-AS - Total Uptime Technologies)
17	8

6 2606:4700:30::681c:17a (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

vietphrase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.21.38.79 (France)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-21-38-79.deploy.static.akamaitechnologies.com

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
t.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.181.170.17 (Frankfurt am Main, Germany)

ASN60068 (CDN77, GB)
PTR: frankfurt-15.cdn77.com

c1.popads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:a7ba (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

c.adsco.re	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
6.adsco.re	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.252.214.5 (United States)

ASN53334 (TUT-AS - Total Uptime Technologies, LLC, US)

adsco.re	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.21.13.10 (United States)

ASN53334 (TUT-AS - Total Uptime Technologies, LLC, US)

serve.popads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	vietphrase.com vietphrase.com	60 KB
3	adsco.re c.adsco.re 6.adsco.re adsco.re	12 KB
3	paypalobjects.com www.paypalobjects.com	27 KB
2	popads.net c1.popads.net serve.popads.net	9 KB
2	google-analytics.com 1 redirects www.google-analytics.com	17 KB
1	paypal.com t.paypal.com	559 B
1	doubleclick.net stats.g.doubleclick.net	102 B
17	7

	Domain	Requested by
6	vietphrase.com	vietphrase.com
3	www.paypalobjects.com	vietphrase.com
2	www.google-analytics.com	1 redirects vietphrase.com
1	t.paypal.com
1	serve.popads.net	c1.popads.net
1	adsco.re	c.adsco.re
1	6.adsco.re
1	c.adsco.re	c1.popads.net
1	stats.g.doubleclick.net	vietphrase.com
1	c1.popads.net	vietphrase.com
17	10

This site contains links to these domains. Also see Links.

Domain
www.paypal.com

Subject Issuer	Validity	Valid
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2019-09-10` - `2020-08-18`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
1355769017.rsc.cdn77.org Let's Encrypt Authority X3	`2019-11-04` - `2020-02-02`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
*.adsco.re COMODO RSA Organization Validation Secure Server CA	`2017-09-26` - `2020-09-25`	3 years	crt.sh
*.popads.net Sectigo RSA Domain Validation Secure Server CA	`2019-10-29` - `2021-10-29`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/
Frame ID: 0DD2A433F95C11225C8A0F577552B6D3
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

17
Requests

59 %
HTTPS

50 %
IPv6

7
Domains

10
Subdomains

8
IPs

4
Countries

126 kB
Transfer

404 kB
Size

6
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.paypal.com/pe/webapps/mpp
Title: Bookmarks

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8

http://www.google-analytics.com/ga.js HTTP 307
https://www.google-analytics.com/ga.js

Request Chain 10

http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=752914932&utmhn=vietphrase.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=PayPal&utmhid=746143012&utmr=-&utmp=%2Fgo%2Fwww.paypal.com%2Fpe%2Fwebapps%2Fmpp%2F&utmht=1574027047915&utmac=UA-21897545-3&utmcc=__utma%3D76890898.1248070826.1574027048.1574027048.1574027048.1%3B%2B__utmz%3D76890898.1574027048.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=2057367081&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 307
https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=752914932&utmhn=vietphrase.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=PayPal&utmhid=746143012&utmr=-&utmp=%2Fgo%2Fwww.paypal.com%2Fpe%2Fwebapps%2Fmpp%2F&utmht=1574027047915&utmac=UA-21897545-3&utmcc=__utma%3D76890898.1248070826.1574027048.1574027048.1574027048.1%3B%2B__utmz%3D76890898.1574027048.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=2057367081&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-21897545-3&cid=1248070826.1574027048&jid=2057367081&_v=5.7.2&z=752914932

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set / Show response
vietphrase.com/go/www.paypal.com/pe/webapps/mpp/ 7 KB
3 KB 3490ms
3488ms Document
text/html 2606:4700:30::681c:17a
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/
Protocol: HTTP/1.1
Server: 2606:4700:30::681c:17a , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0caae54c4146130a64df945b67fa2153d72a1ab33d972f8f2151dfd985a80c20

Request headers

Host: vietphrase.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 17 Nov 2019 21:44:07 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dea5e259372561e70e4d46e4f0bcde9d81574027044; expires=Mon, 16-Nov-20 21:44:04 GMT; path=/; domain=.vietphrase.com; HttpOnly
Vary: Accept-Encoding
Access-Control-Allow-Origin: http://localhost:3000
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 5374e242cb52cbc0-VIE
Content-Encoding: gzip

GET
H/1.1 200
OK bootstrap.css
vietphrase.com/bootstrap/css/ 80 KB
14 KB 85ms
85ms Stylesheet
text/css 2606:4700:30::681c:17a
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://vietphrase.com/bootstrap/css/bootstrap.css
Requested by: Host: vietphrase.com
URL: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/
Protocol: HTTP/1.1
Server: 2606:4700:30::681c:17a , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f65086c3fa923e7a17b5111a3c3cf0a8bbe7033cab4ac405906ab3c07f84011

Request headers

Referer: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 17 Nov 2019 21:44:07 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Sun, 02 Jun 2019 06:40:13 GMT
Server: cloudflare
Age: 2118
Cf-Polished: origSize=99188
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=86400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 5374e2589efccbc0-VIE
Cf-Bgj: minify

GET
H/1.1 200
OK botbie.css
vietphrase.com/bootstrap/css/ 3 KB
2 KB 83ms
83ms Stylesheet
text/css 2606:4700:30::681c:17a
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://vietphrase.com/bootstrap/css/botbie.css
Requested by: Host: vietphrase.com
URL: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/
Protocol: HTTP/1.1
Server: 2606:4700:30::681c:17a , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 489de347e2abd93658f74654a6e1aa856773da5090dba9430fb330a10155456f

Request headers

Referer: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 17 Nov 2019 21:44:07 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 2118
Cf-Polished: origSize=3817
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 02 Jun 2019 06:40:13 GMT
Server: cloudflare
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
Content-Type: text/css
Access-Control-Allow-Origin: http://localhost:3000
Cache-Control: max-age=86400
Access-Control-Allow-Credentials: true
CF-RAY: 5374e2589e64cba4-VIE
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
Cf-Bgj: minify

GET
H/1.1 200
OK jquery-1.7.min.js Show response
vietphrase.com/javascripts/ 92 KB
34 KB 84ms
84ms Script
application/javascript 2606:4700:30::681c:17a
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://vietphrase.com/javascripts/jquery-1.7.min.js
Requested by: Host: vietphrase.com
URL: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/
Protocol: HTTP/1.1
Server: 2606:4700:30::681c:17a , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff4e4975ef403004f8fe8e59008db7ad47f54b10d84c72eb90e728d1ec9157ce

Request headers

Referer: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 17 Nov 2019 21:44:07 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 2118
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 02 Jun 2019 06:40:13 GMT
Server: cloudflare
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: http://localhost:3000
Cache-Control: max-age=86400
Access-Control-Allow-Credentials: true
CF-RAY: 5374e2589a2f59b8-VIE
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization

GET
H/1.1 200
OK bootstrap.min.js Show response
vietphrase.com/bootstrap/js/ 22 KB
7 KB 83ms
83ms Script
application/javascript 2606:4700:30::681c:17a
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://vietphrase.com/bootstrap/js/bootstrap.min.js
Requested by: Host: vietphrase.com
URL: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/
Protocol: HTTP/1.1
Server: 2606:4700:30::681c:17a , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 51908d4844f98fe69f3488867b02fd9605c6f5ab205c451369a9a9a07a3efd63

Request headers

Referer: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 17 Nov 2019 21:44:07 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 2118
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 02 Jun 2019 06:40:13 GMT
Server: cloudflare
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: http://localhost:3000
Cache-Control: max-age=86400
Access-Control-Allow-Credentials: true
CF-RAY: 5374e2589943cbac-VIE
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization

GET
H2 200 app_1.0.0.css
www.paypalobjects.com/css/static/enweb/ 43 KB
9 KB 107ms
8ms Stylesheet
text/css 2.21.38.79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/css/static/enweb/app_1.0.0.css

Requested by

Host: vietphrase.com
URL: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2.21.38.79 , France, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-21-38-79.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c24a3a6ae39bb725f3c844abd1070811168f1c34cea1e1ec0b0497672da0a81b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 17 Nov 2019 21:44:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 08 Oct 2015 17:33:59 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=7776000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 8773
expires: Sat, 15 Feb 2020 21:44:07 GMT

GET
H/1.1 200
OK botbie.js Show response
vietphrase.com/javascripts/ 912 B
914 B 84ms
83ms Script
application/javascript 2606:4700:30::681c:17a
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://vietphrase.com/javascripts/botbie.js
Requested by: Host: vietphrase.com
URL: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/
Protocol: HTTP/1.1
Server: 2606:4700:30::681c:17a , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d20d6074e19f53813c67e9972b1900355c97a4eb22004b373e37dc29b607d2fe

Request headers

Referer: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 17 Nov 2019 21:44:07 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Sun, 02 Jun 2019 06:40:13 GMT
Server: cloudflare
Age: 2118
Cf-Polished: origSize=1468
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 5374e2589f48cba8-VIE
Cf-Bgj: minify

GET
H2 200 logo_paypal_106x27.png
www.paypalobjects.com/webstatic/logo/ 3 KB
3 KB 114ms
15ms Image
image/png 2.21.38.79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/logo/logo_paypal_106x27.png

Requested by

Host: vietphrase.com
URL: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2.21.38.79 , France, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-21-38-79.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

d5b4b06879f67d270c16984685854fffa267be3e05db4d025761676ddd46a1c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Nov 2019 21:44:07 GMT
x-content-type-options: nosniff
last-modified: Wed, 30 Apr 2014 15:54:51 GMT
server: Apache
strict-transport-security: max-age=31536000
p3p: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-type: image/png
content-length: 2787
expires: Sun, 17 Nov 2019 21:44:07 GMT

GET
H2 200 pa.js Show response
www.paypalobjects.com/pa/js/ 43 KB
16 KB 109ms
10ms Script
application/x-javascript 2.21.38.79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/pa/js/pa.js

Requested by

Host: vietphrase.com
URL: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2.21.38.79 , France, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-21-38-79.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

79dc5d32ab06d909d8565847ff4857fac1101096b8793e7d9065c4fb49033251

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 17 Nov 2019 21:44:07 GMT
x-pad: avoid browser bug
x-content-type-options: nosniff
status: 200
strict-transport-security: max-age=31536000
content-encoding: gzip
content-length: 15632
last-modified: Sun, 17 Nov 2019 03:56:24 GMT
server: Apache
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
expires: Sun, 17 Nov 2019 22:44:07 GMT

GET
H2

200

ga.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/ga.js
https://www.google-analytics.com/ga.js

45 KB
17 KB

6ms
6ms

Script
text/javascript

2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/ga.js

Requested by

Host: vietphrase.com
URL: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 1269
date: Sun, 17 Nov 2019 21:22:58 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17168
expires: Sun, 17 Nov 2019 23:22:58 GMT

Redirect headers

Location: https://www.google-analytics.com/ga.js
Non-Authoritative-Reason: HSTS

GET
H2 200 pop.js Show response
c1.popads.net/ 30 KB
9 KB 15ms
14ms Script
application/javascript 195.181.170.17
CDN77

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.popads.net/pop.js
Requested by: Host: vietphrase.com
URL: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.181.170.17 Frankfurt am Main, Germany, ASN60068 (CDN77, GB),
Reverse DNS: frankfurt-15.cdn77.com
Software: CDN77-Turbo /
Resource Hash: f305452ed13912ed36d9a1a0577b4211fd4e4cc6aea2a7d7a78ea1a601208a20

Request headers

Referer: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 17 Nov 2019 21:44:07 GMT
content-encoding: br
last-modified: Mon, 17 Jun 2019 22:20:49 GMT
server: CDN77-Turbo
access-control-allow-origin: *
x-edge-location: frankfurtDE
etag: W/"5d081241-79ce"
x-cache: HIT
content-type: application/javascript
status: 200
x-edge-ip: 195.181.170.15
x-age: 10751
alt-svc: quic="195.181.170.15:443"; ma=2592000; v="44,43,39"

GET
H2

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=752914932&utmhn=vietphrase.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=PayPal&...
https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=752914932&utmhn=vietphrase.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=PayPal...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-21897545-3&cid=1248070826.1574027048&jid=2057367081&_v=5.7.2&z=752914932

35 B
102 B

15ms
15ms

Image
image/gif

2a00:1450:400c:c00::9d
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-21897545-3&cid=1248070826.1574027048&jid=2057367081&_v=5.7.2&z=752914932

Requested by

Host: vietphrase.com
URL: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
date: Sun, 17 Nov 2019 21:44:07 GMT
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 17 Nov 2019 21:44:07 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-21897545-3&cid=1248070826.1574027048&jid=2057367081&_v=5.7.2&z=752914932
content-type: text/html; charset=UTF-8
status: 302
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 370
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
c.adsco.re/ 34 KB
11 KB 18ms
17ms Script
text/html 2606:4700::6811:a7ba
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://c.adsco.re/
Requested by: Host: c1.popads.net
URL: https://c1.popads.net/pop.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:a7ba , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b66e0ae4a3a7b8e6a280d5b512ba4dcf43afb3ae8862fed33266a038cbe1f154

Request headers

Referer: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 17 Nov 2019 21:44:08 GMT
content-encoding: gzip
cf-cache-status: HIT
alt-svc: h3-23=":443"; ma=86400
server: cloudflare
age: 1527035
etag: "a73Qdnp6tbMta3RY0Wgotw=="
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: max-age=43200,public,immutable,no-transform
cf-ray: 5374e25a2ab5cb98-VIE
link: <//adsco.re>;rel=preconnect,<//6.adsco.re>;rel=prefetch
expires: Thu, 31 Oct 2019 06:02:04 GMT

GET
H2 200 /
6.adsco.re/ 0
104 B 21ms
20ms Other
text/plain 2606:4700::6811:a7ba
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://6.adsco.re/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:a7ba , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 17 Nov 2019 21:44:08 GMT
content-encoding: br
alt-svc: h3-23=":443"; ma=86400
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: text/plain;charset=UTF-8
status: 200
access-control-max-age: 2592000
cache-control: max-age=600,public,immutable
cf-ray: 5374e25a4b17cb98-VIE
access-control-allow-headers: Content-Type

POST
H/1.1 200
OK t Show response
adsco.re/ 259 B
574 B 22ms
22ms XHR
text/html 162.252.214.5
Total Uptime Tech...

General

Check archive.org

Show headers Download Go to

Full URL: http://adsco.re/t
Requested by: Host: c.adsco.re
URL: https://c.adsco.re/
Protocol: HTTP/1.1
Server: 162.252.214.5 , United States, ASN53334 (TUT-AS - Total Uptime Technologies, LLC, US),
Reverse DNS
Software: /
Resource Hash: 9b53ed0f00bb15ab591cfefe431a0c6380e37ace17f21e3872fb2506cc714f5b

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/
Origin: http://vietphrase.com

Response headers

Date: Sun, 17 Nov 2019 21:44:08 GMT
Content-Encoding: gzip
Access-Control-Max-Age: 2592000
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: http://vietphrase.com
Cache-Control: no-transform
Access-Control-Allow-Credentials: true
Connection: keep-alive
Transfer-Encoding: chunked

GET
H/1.1 200
OK c Show response
serve.popads.net/ 0
202 B 116ms
116ms Script
text/html 216.21.13.10
Total Uptime Tech...

General

Check archive.org

Show headers Download Go to

Full URL: https://serve.popads.net/c?_=BAoAXdG-sQFd0b8ogAGBAcAAINstk8iK2B__4O1x0vcf7alIpQ8b6fJGUM9rL4XHt8WtwQAgRJUFymrGe_fqBVG7xfEwqB5we6UkdRlFuvf5Cq4vymrCACAhERNIZA6zpET7dzXKAjKhgJVPIDAlUelgnaZpPSIu9MQAECoBBPgBklQUAAAAAAAAAALFABDbwe13UPCQor49_x3xoAwywwAgxkXux6m8FH9yUacsxc5R2RYyDBwstWTrtyuUTT3WfQ4&v=4&siteId=18335&minBid=&popundersPerIP=&blockedCountries=&documentRef=&s=1600,1200,1,1600,1200
Requested by: Host: c1.popads.net
URL: https://c1.popads.net/pop.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 216.21.13.10 , United States, ASN53334 (TUT-AS - Total Uptime Technologies, LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Sun, 17 Nov 2019 21:44:08 GMT
PopAds-EC: ASB
Connection: Keep-Alive
Content-Length: 0
PopAds-CI: 89
Content-Type: text/html; charset=UTF-8

GET
H2 200 ts
t.paypal.com/ 42 B
559 B 438ms
437ms Image
image/gif 2.21.38.79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.paypal.com/ts?v=1.3.28&t=1574027048228&g=-60&e=im&pgrp=main%3AgenericError%3A421&page=main%3AgenericError%3A421&pgst=1574027047535&calc=a6ab5b2f65ec6&nsid=chIHZi3QhqgJkKNzajsoNhRHxze65-h5&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=dbafbf1cbf1b46c498b1211695204e81&comp=errorsnodeweb&tsrce=errorsnodeweb&cu=0&erpg=GenericErrorPage&l7=null&view=%7B%22t10%22%3A2%2C%22t11%22%3A3730%2C%22tcp%22%3A3630%2C%22et%22%3A%224g%22%2C%22nt%22%3A%22navigate%22%2C%22bt%22%3A50%7D&pt=PayPal&cd=24&sw=1600&sh=1200&dw=1600&dh=1200&bw=1600&bh=1200&ce=1&t1=2&t2=3488&t3=1&t4d=184&t4=186&t4e=2&tt=3679&res=%7B%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2.21.38.79 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-21-38-79.deploy.static.akamaitechnologies.com
Software: akka-http/10.1.7 /
Resource Hash: 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer: http://vietphrase.com/go/www.paypal.com/pe/webapps/mpp/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Nov 2019 21:44:08 GMT
server: akka-http/10.1.7
x-dc-origin-ip: 66.211.169.80
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
status: 200
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 42
expires: Sun, 17 Nov 2019 21:44:08 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.vietphrase.com/	1970-01-19 05:13:48	Name: __utmb Value: 76890898.1.10.1574027048
.vietphrase.com/	1970-01-19 05:13:47	Name: __utmt Value: 1
.vietphrase.com/	1970-01-19 09:36:35	Name: __utmz Value: 76890898.1574027048.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.vietphrase.com/	1970-01-19 22:44:59	Name: __utma Value: 76890898.1248070826.1574027048.1574027048.1574027048.1
.vietphrase.com/	1969-12-31 23:59:59	Name: __utmc Value: 76890898
.vietphrase.com/	1970-01-19 13:59:23	Name: __cfduid Value: dea5e259372561e70e4d46e4f0bcde9d81574027044

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://c1.popads.net/pop.js(Line 44) Message: CI BAoAXdG-sQFd0b8ogAGBAcAAINstk8iK2B__4O1x0vcf7alIpQ8b6fJGUM9rL4XHt8WtwQAgRJUFymrGe_fqBVG7xfEwqB5we6UkdRlFuvf5Cq4vymrCACAhERNIZA6zpET7dzXKAjKhgJVPIDAlUelgnaZpPSIu9MQAECoBBPgBklQUAAAAAAAAAALFABDbwe13UPCQor49_x3xoAwywwAgxkXux6m8FH9yUacsxc5R2RYyDBwstWTrtyuUTT3WfQ4

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6.adsco.re
adsco.re
c.adsco.re
c1.popads.net
serve.popads.net
stats.g.doubleclick.net
t.paypal.com
vietphrase.com
www.google-analytics.com
www.paypalobjects.com
162.252.214.5
195.181.170.17
2.21.38.79
216.21.13.10
2606:4700:30::681c:17a
2606:4700::6811:a7ba
2a00:1450:4001:808::200e
2a00:1450:400c:c00::9d
0caae54c4146130a64df945b67fa2153d72a1ab33d972f8f2151dfd985a80c20
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
2f65086c3fa923e7a17b5111a3c3cf0a8bbe7033cab4ac405906ab3c07f84011
489de347e2abd93658f74654a6e1aa856773da5090dba9430fb330a10155456f
51908d4844f98fe69f3488867b02fd9605c6f5ab205c451369a9a9a07a3efd63
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
79dc5d32ab06d909d8565847ff4857fac1101096b8793e7d9065c4fb49033251
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9b53ed0f00bb15ab591cfefe431a0c6380e37ace17f21e3872fb2506cc714f5b
b66e0ae4a3a7b8e6a280d5b512ba4dcf43afb3ae8862fed33266a038cbe1f154
c24a3a6ae39bb725f3c844abd1070811168f1c34cea1e1ec0b0497672da0a81b
d20d6074e19f53813c67e9972b1900355c97a4eb22004b373e37dc29b607d2fe
d5b4b06879f67d270c16984685854fffa267be3e05db4d025761676ddd46a1c9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f305452ed13912ed36d9a1a0577b4211fd4e4cc6aea2a7d7a78ea1a601208a20
ff4e4975ef403004f8fe8e59008db7ad47f54b10d84c72eb90e728d1ec9157ce

vietphrase.com Open in urlscan Pro 2606:4700:30::681c:17a Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

17 Requests

59 %HTTPS

50 %IPv6

7 Domains

10 Subdomains

8 IPs

4 Countries

126 kBTransfer

404 kBSize

6 Cookies

1 Outgoing links

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

22 JavaScript Global Variables

6 Cookies

1 Console Messages

Indicators

vietphrase.com Open in urlscan Pro
2606:4700:30::681c:17a Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

59 %
HTTPS

50 %
IPv6

7
Domains

10
Subdomains

8
IPs

4
Countries

126 kB
Transfer

404 kB
Size

6
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!