verification-neededsecure.net
Open in
urlscan Pro
162.144.130.156
Malicious Activity!
Public Scan
Submission: On September 05 via automatic, source phishtank
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 4th 2018. Valid for: 3 months.
This is the only time verification-neededsecure.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 162.144.130.156 162.144.130.156 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
1 | 2.18.233.20 2.18.233.20 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
10 | 3 |
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: 162-144-130-156.unifiedlayer.com
verification-neededsecure.net |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-20.deploy.static.akamaitechnologies.com
www.paypalobjects.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
verification-neededsecure.net
verification-neededsecure.net |
1 MB |
1 |
paypalobjects.com
www.paypalobjects.com |
35 KB |
10 | 2 |
Domain | Requested by | |
---|---|---|
9 | verification-neededsecure.net |
verification-neededsecure.net
|
1 | www.paypalobjects.com |
verification-neededsecure.net
|
10 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
verification-neededsecure.net cPanel, Inc. Certification Authority |
2018-09-04 - 2018-12-03 |
3 months | crt.sh |
www.paypalobjects.com Symantec Class 3 EV SSL CA - G3 |
2017-07-11 - 2019-09-02 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://verification-neededsecure.net/myaccount/home
Frame ID: F388924891387CFC98787DEA4709C7E0
Requests: 11 HTTP requests in this frame
Screenshot
Detected technologies
OpenSSL (Web Server Extensions) ExpandDetected patterns
- headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
home
verification-neededsecure.net/myaccount/ |
13 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
myaccount_app.css
verification-neededsecure.net/assets/css/ |
290 KB 290 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
myaccount_sumarry.css
verification-neededsecure.net/assets/css/ |
297 KB 297 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
myaccount_wallet.css
verification-neededsecure.net/assets/css/ |
185 KB 186 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
myaccount_main.css
verification-neededsecure.net/assets/css/ |
62 KB 62 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
verification-neededsecure.net/assets/js/ |
125 KB 125 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.validate.js
verification-neededsecure.net/assets/js/ |
55 KB 55 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
warning.png
verification-neededsecure.net/assets/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
myaccount_normalize.css
verification-neededsecure.net/assets/css/ |
8 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
ConsumerIcons-Regular.woff
www.paypalobjects.com/ui-web/iconfont-consumer/3-3-0/fonts/ |
35 KB 35 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
verification-neededsecure.net
www.paypalobjects.com
162.144.130.156
2.18.233.20
0086689aa6c07a913fddd7af7e9f4698d126ac9c86522d3c80d9579063cc3965
281a25339d600fa64571295ef1500017ec5560ec3b42b0f374a227e47299654e
48edd52e523c142aa7635626d0bc620622c45ff1e6f8e91930123d044013b12e
656b81fc8ce755e7cdacde6bcb9e9c2af44902025e0c10cd1ac897ca3945dacb
6f4b480769aa50d874b0515e9a820f1163ef5b4718d2bcfc0540a4f9c8c217a2
776335e6aa754f9d5f4114fa6f675f6ac5f3459afe4316b71d08c35c5f534bec
aaab63586931c3f7c71941e1776bf7f3b99bd3d26b535a9ef41486bb0a6941f6
b88615c9cdc41e5cf8c5fec8fb3a52f9e75fa94a897780687bdad6f1f8da0056
d5db3b907609c4110204c6b690669146ea129afc11f5de317d7312f9d24536bf
d7793651ef95bfe8e9e0ca8660c9ee4e76744c40f04ee8427a388ca1005fc29b
f763bcb0fb63903ddd6d99311c4c6316122f0a1262b564059a635c51ac9042c2