paypal-verifymycall.com Open in urlscan Pro
94.154.172.199 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://paypal-verifymycall.com/
Effective URL:
https://paypal-verifymycall.com/
Submission Tags: falconsandbox
Submission: On July 21 via api (July 21st 2024, 1:42:11 pm UTC) from US — Scanned from DE

Summary HTTP 17 Redirects Links 22 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 17 HTTP transactions. The main IP is 94.154.172.199, located in Bulgaria and belongs to COLOCATIONX-DATACENTER Dedicated Server Provider, GB. The main domain is paypal-verifymycall.com.
TLS certificate: Issued by R10 on July 21st 2024. Valid for: 3 months.

This is the only time paypal-verifymycall.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
15	94.154.172.199 94.154.172.199	208046 (COLOCATIO...) (COLOCATIONX-DATACENTER Dedicated Server Provider)
2	192.229.221.25 192.229.221.25	15133 (EDGECAST) (EDGECAST)
17	3

15 94.154.172.199 (Bulgaria)

ASN208046 (COLOCATIONX-DATACENTER Dedicated Server Provider, GB)
PTR: cp3.offsh.nl

paypal-verifymycall.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.229.221.25 (United States)

ASN15133 (EDGECAST, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	paypal-verifymycall.com paypal-verifymycall.com	142 KB
2	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 3281	109 KB
17	2

	Domain	Requested by
15	paypal-verifymycall.com	paypal-verifymycall.com
2	www.paypalobjects.com	paypal-verifymycall.com
17	2

This site contains links to these domains. Also see Links.

Domain
paypal.com
developer.paypal.com
www.paypal.com
about.pypl.com
newsroom.paypal-corp.com
careers.pypl.com
investor.pypl.com
publicpolicy.paypal-corp.com

Subject Issuer	Validity	Valid
*.paypal-verifymycall.com R10	`2024-07-21` - `2024-10-19`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2024-06-13` - `2025-06-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://paypal-verifymycall.com/
Frame ID: F0B0C75AE9200411BC73E47EFB3C6050
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Customer Service Call Verification | PayPal

Page URL History Show full URLs

http://paypal-verifymycall.com/ HTTP 307
https://paypal-verifymycall.com/ Page URL

Detected technologies

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

react(?:-with-addons)?[.-]([\d.]*\d)[^/]*\.js

Page Statistics

17
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

250 kB
Transfer

919 kB
Size

0
Cookies

22 Outgoing links

These are links going to different origins than the main page.

URL: https://paypal.com/
Title: PayPal logo

Search URL Search Domain Scan URL

URL: https://developer.paypal.com/home/
Title: Developer

Search URL Search Domain Scan URL

URL: https://www.paypal.com/whats-new/first-look
Title: What’s New

Search URL Search Domain Scan URL

URL: https://paypal.com/cshelp/personal
Title: Help

Search URL Search Domain Scan URL

URL: https://paypal.com/webapps/mpp/account-selection
Title: Sign Up

Search URL Search Domain Scan URL

URL: https://paypal.com/signin
Title: Log In

Search URL Search Domain Scan URL

URL: https://paypal.com/smarthelp/contact-us
Title: Contact

Search URL Search Domain Scan URL

URL: https://paypal.com/webapps/mpp/paypal-fees
Title: Fees

Search URL Search Domain Scan URL

URL: https://paypal.com/security
Title: Security

Search URL Search Domain Scan URL

URL: https://paypal.com/digital-wallet/mobile-apps
Title: Apps

Search URL Search Domain Scan URL

URL: https://paypal.com/webapps/mpp/shopping-selection
Title: Shop

Search URL Search Domain Scan URL

URL: https://paypal.com/enterprise
Title: Enterprise

Search URL Search Domain Scan URL

URL: https://paypal.com/enterprise/industry-solutions/platforms-and-marketplaces
Title: Partners

Search URL Search Domain Scan URL

URL: https://about.pypl.com/about-us/default.aspx
Title: About

Search URL Search Domain Scan URL

URL: https://newsroom.paypal-corp.com/
Title: Newsroom

Search URL Search Domain Scan URL

URL: https://careers.pypl.com/home/
Title: Jobs

Search URL Search Domain Scan URL

URL: https://investor.pypl.com/home/default.aspx
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://publicpolicy.paypal-corp.com/
Title: Public Policy

Search URL Search Domain Scan URL

URL: https://www.paypal.com/webapps/mpp/accessibility
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://www.paypal.com/myaccount/privacy/privacyhub
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.paypal.com/myaccount/privacy/cookiePrefs
Title: Cookies

Search URL Search Domain Scan URL

URL: https://www.paypal.com/legalhub/home
Title: Legal

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://paypal-verifymycall.com/ HTTP 307
https://paypal-verifymycall.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
paypal-verifymycall.com/
Redirect Chain

http://paypal-verifymycall.com/
https://paypal-verifymycall.com/

87 KB
14 KB

154ms
34ms

Document
text/html

94.154.172.199
COLOCATIONX-DATAC...

General

Check archive.org

Show headers Download Go to

Full URL: https://paypal-verifymycall.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 94.154.172.199 , Bulgaria, ASN208046 (COLOCATIONX-DATACENTER Dedicated Server Provider, GB),
Reverse DNS: cp3.offsh.nl
Software: LiteSpeed /
Resource Hash: 5f7cdada9954785c907e8171096fdc23f219bd46f12c5d453277b8d85f15389a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding: br
content-length: 13759
content-type: text/html
date: Sun, 21 Jul 2024 13:42:06 GMT
last-modified: Sun, 21 Jul 2024 10:27:46 GMT
server: LiteSpeed
vary: Accept-Encoding

Redirect headers

Location: https://paypal-verifymycall.com/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 helpers-8e22840c-1.css
paypal-verifymycall.com/marketing/pp-com-components/component-chunks/ 311 KB
29 KB 25ms
19ms Stylesheet
text/css 94.154.172.199
COLOCATIONX-DATAC...

General

Check archive.org

Show headers Download Go to

Full URL: https://paypal-verifymycall.com/marketing/pp-com-components/component-chunks/helpers-8e22840c-1.css
Requested by: Host: paypal-verifymycall.com
URL: https://paypal-verifymycall.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 94.154.172.199 , Bulgaria, ASN208046 (COLOCATIONX-DATACENTER Dedicated Server Provider, GB),
Reverse DNS: cp3.offsh.nl
Software: LiteSpeed /
Resource Hash: 8e22840c2455237b336e57458878bd44a7bde2de659209c73a7350a7e92865a0

Request headers

Referer: https://paypal-verifymycall.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sun, 21 Jul 2024 13:42:06 GMT
content-encoding: br
last-modified: Tue, 09 Jul 2024 17:51:40 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 29786
expires: Sun, 28 Jul 2024 13:42:06 GMT

GET
H2 200 PayPalOpen-Regular-1.woff2
paypal-verifymycall.com/paypal-ui/fonts/ 27 KB
27 KB 39ms
35ms Font
font/woff2 94.154.172.199
COLOCATIONX-DATAC...

General

Check archive.org

Show headers Download Go to

Full URL: https://paypal-verifymycall.com/paypal-ui/fonts/PayPalOpen-Regular-1.woff2
Requested by: Host: paypal-verifymycall.com
URL: https://paypal-verifymycall.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 94.154.172.199 , Bulgaria, ASN208046 (COLOCATIONX-DATACENTER Dedicated Server Provider, GB),
Reverse DNS: cp3.offsh.nl
Software: LiteSpeed /
Resource Hash: 9ae7b95f034d76b21aaf8fcc0cdd39f4ba7ba59dd9751348a32c7e5cfdfdb6df

Request headers

Referer: https://paypal-verifymycall.com/
Origin: https://paypal-verifymycall.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sun, 21 Jul 2024 13:42:06 GMT
last-modified: Thu, 02 Jun 2022 14:26:24 GMT
server: LiteSpeed
content-type: font/woff2
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 27457
expires: Sun, 28 Jul 2024 13:42:06 GMT

GET
H2 200 PayPalOpen-Bold-1.woff2
paypal-verifymycall.com/paypal-ui/fonts/ 26 KB
26 KB 39ms
35ms Font
font/woff2 94.154.172.199
COLOCATIONX-DATAC...

General

Check archive.org

Show headers Download Go to

Full URL: https://paypal-verifymycall.com/paypal-ui/fonts/PayPalOpen-Bold-1.woff2
Requested by: Host: paypal-verifymycall.com
URL: https://paypal-verifymycall.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 94.154.172.199 , Bulgaria, ASN208046 (COLOCATIONX-DATACENTER Dedicated Server Provider, GB),
Reverse DNS: cp3.offsh.nl
Software: LiteSpeed /
Resource Hash: 9ed6dcb699f10e85624a4579731f929b5d8b91f0c73b9fc01b8893021c83f4a0

Request headers

Referer: https://paypal-verifymycall.com/
Origin: https://paypal-verifymycall.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sun, 21 Jul 2024 13:42:06 GMT
last-modified: Thu, 02 Jun 2022 14:26:24 GMT
server: LiteSpeed
content-type: font/woff2
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 26700
expires: Sun, 28 Jul 2024 13:42:06 GMT

GET
H2 200 main-f032431a-1.css
paypal-verifymycall.com/globalnav/css/ 293 KB
20 KB 37ms
34ms Stylesheet
text/css 94.154.172.199
COLOCATIONX-DATAC...

General

Check archive.org

Show headers Download Go to

Full URL: https://paypal-verifymycall.com/globalnav/css/main-f032431a-1.css
Requested by: Host: paypal-verifymycall.com
URL: https://paypal-verifymycall.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 94.154.172.199 , Bulgaria, ASN208046 (COLOCATIONX-DATACENTER Dedicated Server Provider, GB),
Reverse DNS: cp3.offsh.nl
Software: LiteSpeed /
Resource Hash: e4e86a7d8e6e2d8185df2c2af9ca6e9f24eed64b7edd0041db44178b903f70ac

Request headers

Referer: https://paypal-verifymycall.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sun, 21 Jul 2024 13:42:06 GMT
content-encoding: br
last-modified: Fri, 21 Jun 2024 09:22:30 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 20355
expires: Sun, 28 Jul 2024 13:42:06 GMT

GET
H2 200 main-9cebfb4d-1.js Show response
paypal-verifymycall.com/globalnav/js/ 57 KB
19 KB 54ms
51ms Script
text/javascript 94.154.172.199
COLOCATIONX-DATAC...

General

Check archive.org

Show headers Download Go to

Full URL: https://paypal-verifymycall.com/globalnav/js/main-9cebfb4d-1.js
Requested by: Host: paypal-verifymycall.com
URL: https://paypal-verifymycall.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 94.154.172.199 , Bulgaria, ASN208046 (COLOCATIONX-DATACENTER Dedicated Server Provider, GB),
Reverse DNS: cp3.offsh.nl
Software: LiteSpeed /
Resource Hash: 4a330f444042b2f5cc3413273e6f57325d2347dadfff0c7be26bcb1a809c1328

Request headers

Referer: https://paypal-verifymycall.com/
Origin: https://paypal-verifymycall.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sun, 21 Jul 2024 13:42:06 GMT
content-encoding: br
last-modified: Fri, 21 Jun 2024 09:22:30 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/javascript
accept-ranges: bytes
content-length: 19492

GET
H2 404 react-18_2_0-bundle-1.js
paypal-verifymycall.com/marketing-resources/vendors/ 0
0 54ms
52ms Script
text/html 94.154.172.199
COLOCATIONX-DATAC...

General

Check archive.org

Show headers Download Go to

Full URL: https://paypal-verifymycall.com/marketing-resources/vendors/react-18_2_0-bundle-1.js
Requested by: Host: paypal-verifymycall.com
URL: https://paypal-verifymycall.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 94.154.172.199 , Bulgaria, ASN208046 (COLOCATIONX-DATACENTER Dedicated Server Provider, GB),
Reverse DNS: cp3.offsh.nl
Software: LiteSpeed /
Resource Hash

Request headers

Referer: https://paypal-verifymycall.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jul 2024 13:42:06 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
server: LiteSpeed
content-length: 1251
content-type: text/html

GET
H2 404 emotion-react-11_1_1-bundle-1.js
paypal-verifymycall.com/marketing-resources/vendors/ 0
0 53ms
52ms Script
text/html 94.154.172.199
COLOCATIONX-DATAC...

General

Check archive.org

Show headers Download Go to

Full URL: https://paypal-verifymycall.com/marketing-resources/vendors/emotion-react-11_1_1-bundle-1.js
Requested by: Host: paypal-verifymycall.com
URL: https://paypal-verifymycall.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 94.154.172.199 , Bulgaria, ASN208046 (COLOCATIONX-DATACENTER Dedicated Server Provider, GB),
Reverse DNS: cp3.offsh.nl
Software: LiteSpeed /
Resource Hash

Request headers

Referer: https://paypal-verifymycall.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jul 2024 13:42:06 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
server: LiteSpeed
content-length: 1251
content-type: text/html

GET
H2 200 valid-numbers.js Show response
paypal-verifymycall.com/ 128 B
179 B 53ms
52ms Script
text/javascript 94.154.172.199
COLOCATIONX-DATAC...

General

Check archive.org

Show headers Download Go to

Full URL: https://paypal-verifymycall.com/valid-numbers.js
Requested by: Host: paypal-verifymycall.com
URL: https://paypal-verifymycall.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 94.154.172.199 , Bulgaria, ASN208046 (COLOCATIONX-DATACENTER Dedicated Server Provider, GB),
Reverse DNS: cp3.offsh.nl
Software: LiteSpeed /
Resource Hash: 9b376ca0a10f2cd158179323341269d755a3f54714c22fae799a3ca842bcb2d6

Request headers

Referer: https://paypal-verifymycall.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sun, 21 Jul 2024 13:42:06 GMT
last-modified: Sun, 21 Jul 2024 10:38:14 GMT
server: LiteSpeed
accept-ranges: bytes
content-length: 128
content-type: text/javascript

GET
H3 200 paypal-mark-color-1.svg
paypal-verifymycall.com/paypal-ui/logos/svg/ 1 KB
796 B 18ms
18ms Image
image/svg+xml 94.154.172.199
COLOCATIONX-DATAC...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paypal-verifymycall.com/paypal-ui/logos/svg/paypal-mark-color-1.svg
Requested by: Host: paypal-verifymycall.com
URL: https://paypal-verifymycall.com/globalnav/css/main-f032431a-1.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 94.154.172.199 , Bulgaria, ASN208046 (COLOCATIONX-DATACENTER Dedicated Server Provider, GB),
Reverse DNS: cp3.offsh.nl
Software: LiteSpeed /
Resource Hash: f9035e34f5734e89ddb03b601b1c0fd58323a93f176c5c7e220d7aa7a2062ed5

Request headers

Referer: https://paypal-verifymycall.com/globalnav/css/main-f032431a-1.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sun, 21 Jul 2024 13:42:06 GMT
content-encoding: br
last-modified: Wed, 15 Jun 2022 19:33:20 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 511
expires: Sun, 28 Jul 2024 13:42:06 GMT

GET
DATA 200
OK truncated
/ 485 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0ae43ce889e681571d03d344efe658dd4ae957c10a186541aa5c59af478b92de

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 paypal-color-1.svg
paypal-verifymycall.com/paypal-ui/logos/svg/ 3 KB
1 KB 18ms
18ms Image
image/svg+xml 94.154.172.199
COLOCATIONX-DATAC...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paypal-verifymycall.com/paypal-ui/logos/svg/paypal-color-1.svg
Requested by: Host: paypal-verifymycall.com
URL: https://paypal-verifymycall.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 94.154.172.199 , Bulgaria, ASN208046 (COLOCATIONX-DATACENTER Dedicated Server Provider, GB),
Reverse DNS: cp3.offsh.nl
Software: LiteSpeed /
Resource Hash: cda7704463471358975d47c1934b73ae57baea4741abb04c0abfe9e9ebb20659

Request headers

Referer: https://paypal-verifymycall.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sun, 21 Jul 2024 13:42:06 GMT
content-encoding: br
last-modified: Thu, 23 Feb 2023 17:13:42 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1310
expires: Sun, 28 Jul 2024 13:42:06 GMT

GET
H2 200 trust-blue.svg
www.paypalobjects.com/marketing/web/US/en/rebrand/pictograms/ 988 B
856 B 62ms
9ms Image
image/svg+xml 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/marketing/web/US/en/rebrand/pictograms/trust-blue.svg

Requested by

Host: paypal-verifymycall.com
URL: https://paypal-verifymycall.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CAE) /

Resource Hash

15a59d966d1b1530548aa3d0c2e4eb70125615af9d330b271ee6c9c999d5ed52

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://paypal-verifymycall.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sun, 21 Jul 2024 13:42:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: 84b1eaa3c25c3
dc: ccg11-origin-www-1.paypal.com
content-length: 431
last-modified: Mon, 30 May 2022 08:20:28 GMT
server: ECAcc (frc/4CAE)
traceparent: 00-000000000000000000084b1eaa3c25c3-4526327a8eab9b5e-01
etag: W/"62947e4c-3dc"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Sun, 21 Jul 2024 14:42:06 GMT

GET
H3 200 phone.svg
paypal-verifymycall.com/img/ 1 KB
662 B 18ms
17ms Image
image/svg+xml 94.154.172.199
COLOCATIONX-DATAC...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paypal-verifymycall.com/img/phone.svg
Requested by: Host: paypal-verifymycall.com
URL: https://paypal-verifymycall.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 94.154.172.199 , Bulgaria, ASN208046 (COLOCATIONX-DATACENTER Dedicated Server Provider, GB),
Reverse DNS: cp3.offsh.nl
Software: LiteSpeed /
Resource Hash: fa5b52ad9544d5aed84f522d455968d20b129717788172a96ab6e83f3324215d

Request headers

Referer: https://paypal-verifymycall.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sun, 21 Jul 2024 13:42:06 GMT
content-encoding: br
last-modified: Sat, 20 Jul 2024 22:42:44 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 617
expires: Sun, 28 Jul 2024 13:42:06 GMT

GET
H3 404 pp32-1.png
paypal-verifymycall.com/webstatic/icon/ 1 KB
1 KB 17ms
17ms Other
text/html 94.154.172.199
COLOCATIONX-DATAC...

General

Check archive.org

Show headers Download Go to

Full URL: https://paypal-verifymycall.com/webstatic/icon/pp32-1.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 94.154.172.199 , Bulgaria, ASN208046 (COLOCATIONX-DATACENTER Dedicated Server Provider, GB),
Reverse DNS: cp3.offsh.nl
Software: LiteSpeed /
Resource Hash: 4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896

Request headers

Referer: https://paypal-verifymycall.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jul 2024 13:42:06 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
server: LiteSpeed
content-length: 1251
content-type: text/html

GET
H2 200 sprite_countries_flag4.png
www.paypalobjects.com/webstatic/mktg/icons/ 108 KB
108 KB 30ms
9ms Image
image/png 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/mktg/icons/sprite_countries_flag4.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CF1) /

Resource Hash

21f89c7c27f0eab13388645aea1eedb4a342c06333a14d74c1a10dfca04d6455

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://paypal-verifymycall.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sun, 21 Jul 2024 13:42:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-cache: HIT
paypal-debug-id: ca1c7ef240600
dc: ccg11-origin-www-1.paypal.com
content-length: 110177
last-modified: Sat, 13 Feb 2021 00:29:58 GMT
accept-ch: DPR, Viewport-Width, Width, ECT, Downlink
server: ECAcc (frc/4CF1)
traceparent: 00-0000000000000000000ca1c7ef240600-c8b6ff8d8fcc6475-01
etag: "60271d86-1ae61"
content-type: image/png
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Sun, 21 Jul 2024 14:42:06 GMT

GET
H3 404 favicon-1.ico
paypal-verifymycall.com/webstatic/icon/ 1 KB
1 KB 17ms
17ms Other
text/html 94.154.172.199
COLOCATIONX-DATAC...

General

Check archive.org

Show headers Download Go to

Full URL: https://paypal-verifymycall.com/webstatic/icon/favicon-1.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 94.154.172.199 , Bulgaria, ASN208046 (COLOCATIONX-DATACENTER Dedicated Server Provider, GB),
Reverse DNS: cp3.offsh.nl
Software: LiteSpeed /
Resource Hash: 4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896

Request headers

Referer: https://paypal-verifymycall.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jul 2024 13:42:06 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
server: LiteSpeed
content-length: 1251
content-type: text/html

GET
H3 404 pp196-1.png
paypal-verifymycall.com/webstatic/icon/ 1 KB
1 KB 17ms
17ms Other
text/html 94.154.172.199
COLOCATIONX-DATAC...

General

Check archive.org

Show headers Download Go to

Full URL: https://paypal-verifymycall.com/webstatic/icon/pp196-1.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 94.154.172.199 , Bulgaria, ASN208046 (COLOCATIONX-DATACENTER Dedicated Server Provider, GB),
Reverse DNS: cp3.offsh.nl
Software: LiteSpeed /
Resource Hash: 4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896

Request headers

Referer: https://paypal-verifymycall.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jul 2024 13:42:06 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
server: LiteSpeed
content-length: 1251
content-type: text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://paypal-verifymycall.com/marketing-resources/vendors/react-18_2_0-bundle-1.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://paypal-verifymycall.com/marketing-resources/vendors/emotion-react-11_1_1-bundle-1.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://paypal-verifymycall.com/webstatic/icon/pp32-1.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://paypal-verifymycall.com/webstatic/icon/favicon-1.ico Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://paypal-verifymycall.com/webstatic/icon/pp196-1.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

paypal-verifymycall.com
www.paypalobjects.com
192.229.221.25
94.154.172.199
0ae43ce889e681571d03d344efe658dd4ae957c10a186541aa5c59af478b92de
15a59d966d1b1530548aa3d0c2e4eb70125615af9d330b271ee6c9c999d5ed52
21f89c7c27f0eab13388645aea1eedb4a342c06333a14d74c1a10dfca04d6455
4a330f444042b2f5cc3413273e6f57325d2347dadfff0c7be26bcb1a809c1328
4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896
5f7cdada9954785c907e8171096fdc23f219bd46f12c5d453277b8d85f15389a
8e22840c2455237b336e57458878bd44a7bde2de659209c73a7350a7e92865a0
9ae7b95f034d76b21aaf8fcc0cdd39f4ba7ba59dd9751348a32c7e5cfdfdb6df
9b376ca0a10f2cd158179323341269d755a3f54714c22fae799a3ca842bcb2d6
9ed6dcb699f10e85624a4579731f929b5d8b91f0c73b9fc01b8893021c83f4a0
cda7704463471358975d47c1934b73ae57baea4741abb04c0abfe9e9ebb20659
e4e86a7d8e6e2d8185df2c2af9ca6e9f24eed64b7edd0041db44178b903f70ac
f9035e34f5734e89ddb03b601b1c0fd58323a93f176c5c7e220d7aa7a2062ed5
fa5b52ad9544d5aed84f522d455968d20b129717788172a96ab6e83f3324215d

paypal-verifymycall.com Open in urlscan Pro 94.154.172.199 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

250 kBTransfer

919 kBSize

0 Cookies

22 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

5 Console Messages

Indicators

paypal-verifymycall.com Open in urlscan Pro
94.154.172.199 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

250 kB
Transfer

919 kB
Size

0
Cookies

17 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!