urlscan.io logo urlscan.io
SecurityTrails logo

prismatic-vial-290917.uc.r.appspot.com Open in urlscan Pro
2a00:1450:4001:809::2014  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://prismatic-vial-290917.uc.r.appspot.com/
Effective URL: https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387
Submission: On October 08 via api from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 14 HTTP transactions. The main IP is 2a00:1450:4001:809::2014, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is prismatic-vial-290917.uc.r.appspot.com.
TLS certificate: Issued by GTS CA 1O1 on September 3rd 2020. Valid for: 3 months.
This is the only time prismatic-vial-290917.uc.r.appspot.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

IP Address AS Autonomous System
2 2a00:1450:400... 15169 (GOOGLE)
11 104.111.228.123 16625 (AKAMAI-AS)
8 8 151.101.65.21 54113 (FASTLY)
1 173.0.88.168 17012 (PAYPAL)
14 3
Domain Requested by
11 www.paypalobjects.com prismatic-vial-290917.uc.r.appspot.com
8 www.paypal.com 8 redirects
2 prismatic-vial-290917.uc.r.appspot.com
1 images.paypal.com prismatic-vial-290917.uc.r.appspot.com
14 4

This site contains links to these domains. Also see Links.

Domain
www.paypal.com
Subject Issuer Validity Valid
*.appspot.com
GTS CA 1O1		 2020-09-03 -
2020-11-26		 3 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2020-01-09 -
2022-01-12		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387
Frame ID: CEB0C4A794DA2BCD4B76DDB69B8CF014
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://prismatic-vial-290917.uc.r.appspot.com/ Page URL
  2. https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5u... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Google Frontend/i

Page Statistics

14
Requests

93 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

3
IPs

3
Countries

28 kB
Transfer

83 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://prismatic-vial-290917.uc.r.appspot.com/ Page URL
  2. https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://www.paypal.com/js/pp_main.js HTTP 301
  • https://www.paypalobjects.com/js/pp_main.js
Request Chain 3
  • http://www.paypalobjects.com/en_US/i/logo/paypal_logo.gif HTTP 307
  • https://www.paypalobjects.com/en_US/i/logo/paypal_logo.gif
Request Chain 4
  • https://www.paypal.com/en_US/i/nav/P_on_my_account.gif HTTP 301
  • https://www.paypalobjects.com/en_US/i/nav/P_on_my_account.gif
Request Chain 5
  • http://www.paypalobjects.com/en_US/i/scr/pixel.gif HTTP 307
  • https://www.paypalobjects.com/en_US/i/scr/pixel.gif
Request Chain 6
  • https://www.paypal.com/en_US/i/nav/P_off_send_money.gif HTTP 301
  • https://www.paypalobjects.com/en_US/i/nav/P_off_send_money.gif
Request Chain 7
  • https://www.paypal.com/en_US/i/nav/P_off_request_money.gif HTTP 301
  • https://www.paypalobjects.com/en_US/i/nav/P_off_request_money.gif
Request Chain 8
  • https://www.paypal.com/en_US/i/nav/P_off_merchant_tools.gif HTTP 301
  • https://www.paypalobjects.com/en_US/i/nav/P_off_merchant_tools.gif
Request Chain 9
  • https://www.paypal.com/en_US/i/nav/P_off_auction_tools.gif HTTP 301
  • https://www.paypalobjects.com/en_US/i/nav/P_off_auction_tools.gif
Request Chain 11
  • http://www.paypal.com/images/ebay_co.gif HTTP 307
  • https://www.paypal.com/images/ebay_co.gif HTTP 301
  • https://www.paypalobjects.com/images/ebay_co.gif
Request Chain 12
  • http://www.paypal.com/images/tabs/bg.gif HTTP 307
  • https://www.paypal.com/images/tabs/bg.gif HTTP 301
  • https://www.paypalobjects.com/images/tabs/bg.gif

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
prismatic-vial-290917.uc.r.appspot.com/ 		137 B
523 B 		Document
General
Check archive.org
Download Go to
Full URL
https://prismatic-vial-290917.uc.r.appspot.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
e4ccd781d0a2deedde96e626c7bae0b7bb82364b65abd2f63c0f20236089f05f

Request headers

:method
GET
:authority
prismatic-vial-290917.uc.r.appspot.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Thu, 08 Oct 2020 17:19:07 GMT
expires
Thu, 08 Oct 2020 17:29:07 GMT
cache-control
public, max-age=600
etag
"j1__hw"
x-cloud-trace-context
9b8a6d2f4d4d65d4d2507532e0b19f63
content-type
text/html
content-encoding
gzip
server
Google Frontend
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Primary Request file.html
prismatic-vial-290917.uc.r.appspot.com/ 		33 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
a400916bfec70e3e4cfa58e272c216066be60656883bdaaaa8fbe518d4178e0f

Request headers

:method
GET
:authority
prismatic-vial-290917.uc.r.appspot.com
:scheme
https
:path
/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://prismatic-vial-290917.uc.r.appspot.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://prismatic-vial-290917.uc.r.appspot.com/

Response headers

status
200
date
Thu, 08 Oct 2020 17:19:07 GMT
expires
Thu, 08 Oct 2020 17:29:07 GMT
cache-control
public, max-age=600
etag
"j1__hw"
x-cloud-trace-context
9b8a6d2f4d4d65d4d2507532e0b19f63
content-type
text/html
content-encoding
gzip
server
Google Frontend
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
pp_styles_082102.css
www.paypalobjects.com/css/ 		10 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/css/pp_styles_082102.css
Requested by
Host: prismatic-vial-290917.uc.r.appspot.com
URL: https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-228-123.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
5ec051f2547a010842f625c6fc6ee8f4df6ea2e60f8f83015cb23a2e4751317e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 17:19:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 30 Jul 2020 23:04:55 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=3600
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
1835
expires
Thu, 08 Oct 2020 18:19:07 GMT
pp_main.js
www.paypalobjects.com/js/
Redirect Chain
  • https://www.paypal.com/js/pp_main.js
  • https://www.paypalobjects.com/js/pp_main.js
35 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/js/pp_main.js
Requested by
Host: prismatic-vial-290917.uc.r.appspot.com
URL: https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-228-123.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e31d5c7948fd43e290e71096a765f65a19537575e07f43a2db8f61ad2cb5e9b9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 17:19:07 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
status
200
content-encoding
gzip
vary
Accept-Encoding
content-length
9449
last-modified
Thu, 30 Jul 2020 23:05:10 GMT
server
Apache
strict-transport-security
max-age=31536000
access-control-allow-methods
GET
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
expires
Thu, 08 Oct 2020 18:19:07 GMT

Redirect headers

date
Thu, 08 Oct 2020 17:19:07 GMT
via
1.1 varnish, 1.1 varnish
x-timer
S1602177548.718062,VS0,VE227
x-served-by
cache-lhr7368-LHR, cache-ams21077-AMS
status
301
x-cache
MISS, MISS
content-type
text/html; charset=iso-8859-1
location
https://www.paypalobjects.com/js/pp_main.js
cache-control
max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id
5553ab207b77c
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes, bytes, bytes, bytes
dc
slc-b-origin-www-2.paypal.com
content-length
251
x-cache-hits
0, 0
paypal_logo.gif
www.paypalobjects.com/en_US/i/logo/
Redirect Chain
  • http://www.paypalobjects.com/en_US/i/logo/paypal_logo.gif
  • https://www.paypalobjects.com/en_US/i/logo/paypal_logo.gif
1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/en_US/i/logo/paypal_logo.gif
Requested by
Host: prismatic-vial-290917.uc.r.appspot.com
URL: https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-228-123.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
66e40f1dee3ded177d607518a4d0368f6c5741a9a09dc197a5edc8fbb2a1099a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 17:19:07 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
x-serial
300
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
private, no-transform, max-age=43200
last-modified
Fri, 08 May 2020 01:20:36 GMT
content-length
1279
server
Akamai Image Manager
expires
Fri, 09 Oct 2020 05:19:07 GMT

Redirect headers

Location
https://www.paypalobjects.com/en_US/i/logo/paypal_logo.gif
Non-Authoritative-Reason
HSTS
P_on_my_account.gif
www.paypalobjects.com/en_US/i/nav/
Redirect Chain
  • https://www.paypal.com/en_US/i/nav/P_on_my_account.gif
  • https://www.paypalobjects.com/en_US/i/nav/P_on_my_account.gif
399 B
607 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/en_US/i/nav/P_on_my_account.gif
Requested by
Host: prismatic-vial-290917.uc.r.appspot.com
URL: https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-228-123.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
812061246226b788c65561f8b90bd949f4cf63a2435a3041fed61fe8e975e106
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 17:19:08 GMT
x-content-type-options
nosniff
last-modified
Fri, 04 Sep 2020 03:33:54 GMT
server
Akamai Image Manager
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
private, no-transform, max-age=43200
content-length
399
expires
Fri, 09 Oct 2020 05:19:08 GMT

Redirect headers

date
Thu, 08 Oct 2020 17:19:07 GMT
via
1.1 varnish, 1.1 varnish
x-timer
S1602177548.791244,VS0,VE149
x-served-by
cache-lhr7332-LHR, cache-ams21077-AMS
status
301
x-cache
MISS, MISS
content-type
text/html; charset=iso-8859-1
location
https://www.paypalobjects.com/en_US/i/nav/P_on_my_account.gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id
4ec6b35155390
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes, bytes, bytes, bytes
dc
phx-origin-www-1.paypal.com
content-length
269
x-cache-hits
0, 0
pixel.gif
www.paypalobjects.com/en_US/i/scr/
Redirect Chain
  • http://www.paypalobjects.com/en_US/i/scr/pixel.gif
  • https://www.paypalobjects.com/en_US/i/scr/pixel.gif
43 B
279 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/en_US/i/scr/pixel.gif
Requested by
Host: prismatic-vial-290917.uc.r.appspot.com
URL: https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-228-123.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 17:19:08 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
x-serial
56
strict-transport-security
max-age=31536000
content-type
image/gif
status
200
cache-control
private, no-transform, max-age=43200
last-modified
Fri, 08 May 2020 01:21:33 GMT
content-length
43
server
Akamai Image Manager
expires
Fri, 09 Oct 2020 05:19:08 GMT

Redirect headers

Location
https://www.paypalobjects.com/en_US/i/scr/pixel.gif
Non-Authoritative-Reason
HSTS
P_off_send_money.gif
www.paypalobjects.com/en_US/i/nav/
Redirect Chain
  • https://www.paypal.com/en_US/i/nav/P_off_send_money.gif
  • https://www.paypalobjects.com/en_US/i/nav/P_off_send_money.gif
239 B
477 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/en_US/i/nav/P_off_send_money.gif
Requested by
Host: prismatic-vial-290917.uc.r.appspot.com
URL: https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-228-123.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
5e11305cdb3b64e188c04e2b7fe3d506c592b10e9ffc7212ff08a21e1dbcfcbc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 17:19:08 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
x-serial
1079
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
private, no-transform, max-age=43200
last-modified
Wed, 02 Sep 2020 11:34:06 GMT
content-length
239
server
Akamai Image Manager
expires
Fri, 09 Oct 2020 05:19:08 GMT

Redirect headers

date
Thu, 08 Oct 2020 17:19:08 GMT
via
1.1 varnish, 1.1 varnish
x-timer
S1602177548.021926,VS0,VE162
x-served-by
cache-lhr7366-LHR, cache-ams21077-AMS
status
301
x-cache
MISS, MISS
content-type
text/html; charset=iso-8859-1
location
https://www.paypalobjects.com/en_US/i/nav/P_off_send_money.gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id
7eb8c81120b73
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes, bytes, bytes, bytes
dc
phx-origin-www-2.paypal.com
content-length
270
x-cache-hits
0, 0
P_off_request_money.gif
www.paypalobjects.com/en_US/i/nav/
Redirect Chain
  • https://www.paypal.com/en_US/i/nav/P_off_request_money.gif
  • https://www.paypalobjects.com/en_US/i/nav/P_off_request_money.gif
261 B
468 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/en_US/i/nav/P_off_request_money.gif
Requested by
Host: prismatic-vial-290917.uc.r.appspot.com
URL: https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-228-123.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
dda41981d2c9961339191152837c4131c1f5ca4156c74baf8e0490cb5af004f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 17:19:08 GMT
x-content-type-options
nosniff
last-modified
Sun, 13 Sep 2020 09:53:08 GMT
server
Akamai Image Manager
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
private, no-transform, max-age=43200
content-length
261
expires
Fri, 09 Oct 2020 05:19:08 GMT

Redirect headers

date
Thu, 08 Oct 2020 17:19:08 GMT
via
1.1 varnish, 1.1 varnish
x-timer
S1602177548.022017,VS0,VE223
x-served-by
cache-lhr7354-LHR, cache-ams21077-AMS
status
301
x-cache
MISS, MISS
content-type
text/html; charset=iso-8859-1
location
https://www.paypalobjects.com/en_US/i/nav/P_off_request_money.gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id
25d8639ce20a
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes, bytes, bytes, bytes
dc
slc-b-origin-www-2.paypal.com
content-length
273
x-cache-hits
0, 0
P_off_merchant_tools.gif
www.paypalobjects.com/en_US/i/nav/
Redirect Chain
  • https://www.paypal.com/en_US/i/nav/P_off_merchant_tools.gif
  • https://www.paypalobjects.com/en_US/i/nav/P_off_merchant_tools.gif
250 B
487 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/en_US/i/nav/P_off_merchant_tools.gif
Requested by
Host: prismatic-vial-290917.uc.r.appspot.com
URL: https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-228-123.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
759b02e5b12934710abd11fdee615a3b59871056bf8c8122cc0d228510a94874
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 17:19:08 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
x-serial
1263
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
private, no-transform, max-age=43200
last-modified
Fri, 08 May 2020 01:52:55 GMT
content-length
250
server
Akamai Image Manager
expires
Fri, 09 Oct 2020 05:19:08 GMT

Redirect headers

date
Thu, 08 Oct 2020 17:19:08 GMT
via
1.1 varnish, 1.1 varnish
x-timer
S1602177548.022180,VS0,VE173
x-served-by
cache-lhr7347-LHR, cache-ams21077-AMS
status
301
x-cache
MISS, MISS
content-type
text/html; charset=iso-8859-1
location
https://www.paypalobjects.com/en_US/i/nav/P_off_merchant_tools.gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id
24aad7623edb0
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes, bytes, bytes, bytes
dc
ccg11-origin-www-1.paypal.com
content-length
274
x-cache-hits
0, 0
P_off_auction_tools.gif
www.paypalobjects.com/en_US/i/nav/
Redirect Chain
  • https://www.paypal.com/en_US/i/nav/P_off_auction_tools.gif
  • https://www.paypalobjects.com/en_US/i/nav/P_off_auction_tools.gif
225 B
432 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/en_US/i/nav/P_off_auction_tools.gif
Requested by
Host: prismatic-vial-290917.uc.r.appspot.com
URL: https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-228-123.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
ac51959ca107f9169ff0c21575c1e36f6aff0eed163eda1645e5da746daacf4a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 17:19:08 GMT
x-content-type-options
nosniff
last-modified
Mon, 07 Sep 2020 18:05:54 GMT
server
Akamai Image Manager
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
private, no-transform, max-age=43200
content-length
225
expires
Fri, 09 Oct 2020 05:19:08 GMT

Redirect headers

date
Thu, 08 Oct 2020 17:19:08 GMT
via
1.1 varnish, 1.1 varnish
x-timer
S1602177548.022453,VS0,VE231
x-served-by
cache-lhr7361-LHR, cache-ams21077-AMS
status
301
x-cache
MISS, MISS
content-type
text/html; charset=iso-8859-1
location
https://www.paypalobjects.com/en_US/i/nav/P_off_auction_tools.gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id
8d4b5c3fd7ff
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes, bytes, bytes, bytes
dc
ccg11-origin-www-1.paypal.com
content-length
273
x-cache-hits
0, 0
logo_cards_150x26.gif
images.paypal.com/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://images.paypal.com/images/logo_cards_150x26.gif
Requested by
Host: prismatic-vial-290917.uc.r.appspot.com
URL: https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387
Protocol
HTTP/1.1
Server
173.0.88.168 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
images.paypal.com
Software
Apache /
Resource Hash
354cac498fd98fb9da08eee60231959dc2423ae44b3cb895fefd7458d35ff2a2

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 08 Oct 2020 17:19:08 GMT
Last-Modified
Fri, 16 Aug 2019 04:57:39 GMT
Server
Apache
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1780
ebay_co.gif
www.paypalobjects.com/images/
Redirect Chain
  • http://www.paypal.com/images/ebay_co.gif
  • https://www.paypal.com/images/ebay_co.gif
  • https://www.paypalobjects.com/images/ebay_co.gif
524 B
762 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/images/ebay_co.gif
Requested by
Host: prismatic-vial-290917.uc.r.appspot.com
URL: https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-228-123.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
2e9167e631c60acd01f31c60f81b837253febe931f831de117be1e56ce5ec3f0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 17:19:08 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
x-serial
1155
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
private, no-transform, max-age=43200
last-modified
Sun, 06 Sep 2020 14:52:06 GMT
content-length
524
server
Akamai Image Manager
expires
Fri, 09 Oct 2020 05:19:08 GMT

Redirect headers

date
Thu, 08 Oct 2020 17:19:08 GMT
via
1.1 varnish, 1.1 varnish
x-timer
S1602177548.066405,VS0,VE146
x-served-by
cache-lhr7347-LHR, cache-ams21077-AMS
status
301
x-cache
MISS, MISS
location
https://www.paypalobjects.com/images/ebay_co.gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id
9c27b99d238a6
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes, bytes, bytes, bytes
dc
phx-origin-www-2.paypal.com
content-length
0
x-cache-hits
0, 0
bg.gif
www.paypalobjects.com/images/tabs/
Redirect Chain
  • http://www.paypal.com/images/tabs/bg.gif
  • https://www.paypal.com/images/tabs/bg.gif
  • https://www.paypalobjects.com/images/tabs/bg.gif
154 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/images/tabs/bg.gif
Requested by
Host: prismatic-vial-290917.uc.r.appspot.com
URL: https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-228-123.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
d6f2dd544557b7f105ad05ca3cb7c445ef0e941df47bbf2faebc69dcaabb54d5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 17:19:08 GMT
x-content-type-options
nosniff
last-modified
Wed, 02 Sep 2020 22:48:30 GMT
server
Akamai Image Manager
strict-transport-security
max-age=31536000
content-type
image/webp
status
200
cache-control
private, max-age=777579
content-length
154
expires
Sat, 17 Oct 2020 17:18:47 GMT

Redirect headers

date
Thu, 08 Oct 2020 17:19:08 GMT
via
1.1 varnish, 1.1 varnish
x-timer
S1602177548.068301,VS0,VE160
x-served-by
cache-lhr7363-LHR, cache-ams21077-AMS
status
301
x-cache
MISS, MISS
location
https://www.paypalobjects.com/images/tabs/bg.gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id
c396aea185b56
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes, bytes, bytes, bytes
dc
phx-origin-www-2.paypal.com
content-length
0
x-cache-hits
0, 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

75 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| NS function| safeSubmitGood function| safeSubmit function| blockIt function| openWindow function| openWindow640 function| openWindowWH function| openWindowDemo function| openWindowDemoSmall function| openWindowATC undefined| singlePop function| openSinglePop function| windowNamer function| writeWindow function| ToggleBoxes function| countChecked function| printit number| scrX number| scrY number| tgtX object| win1 object| win2 number| balloonFlag undefined| winTracker function| ContextOpenHelp function| ContextShowHideHelp function| ReloadLocalizedPage function| ReloadPage function| ToggleCheck function| ToggleCheck_image function| submitToSF function| displaySubindustry function| textCounter function| FillPrefix function| removeComment function| resizeShoppingCartWindow function| insertAutoText function| blockCountry function| unblockCountry function| submitAllOptions function| transfer function| changeCurrencySymbol function| getCurrencySymbol function| appendQString undefined| bankWin function| openOffCenteredWindow function| openBankWindow function| openNewWindowAndSubmit function| createArray function| toggleDisabled function| UpdateProperties function| webscrUpdate function| updSetup string| ptr number| updTries number| intID function| toggleDisplay function| showMoreFields function| showBlock function| closeAll function| closeIt function| closePopup function| checkElement function| setDefault function| disableFormElements function| disableObject function| enableFieldset function| setTransID function| CC_noErrors function| check_all function| snapIn

0 Cookies