urlscan.io logo urlscan.io
SecurityTrails logo

prismatic-vial-290917.uc.r.appspot.com Open in urlscan Pro
2a00:1450:4001:81b::2014  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
Submission: On October 09 via automatic, source phishtank
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 13 HTTP transactions. The main IP is 2a00:1450:4001:81b::2014, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is prismatic-vial-290917.uc.r.appspot.com.
This is the only time prismatic-vial-290917.uc.r.appspot.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

IP Address AS Autonomous System
1 2a00:1450:400... 15169 (GOOGLE)
11 151.101.114.133 54113 (FASTLY)
8 8 151.101.1.21 54113 (FASTLY)
1 173.0.88.200 17012 (PAYPAL)
13 3
Domain Requested by
11 www.paypalobjects.com prismatic-vial-290917.uc.r.appspot.com
8 www.paypal.com 8 redirects
1 images.paypal.com prismatic-vial-290917.uc.r.appspot.com
1 prismatic-vial-290917.uc.r.appspot.com
13 4

This site contains links to these domains. Also see Links.

Domain
www.paypal.com
Subject Issuer Validity Valid
www.paypalobjects.com
DigiCert SHA2 Extended Validation Server CA		 2019-12-09 -
2021-12-13		 2 years crt.sh

This page contains 1 frames:

Primary Page: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
Frame ID: 0B8AF7CD5DA239F462CC2195F0A25CB0
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Google Frontend/i

Page Statistics

13
Requests

85 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

29 kB
Transfer

85 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://www.paypal.com/js/pp_main.js HTTP 301
  • https://www.paypalobjects.com/js/pp_main.js
Request Chain 2
  • http://www.paypalobjects.com/en_US/i/logo/paypal_logo.gif HTTP 307
  • https://www.paypalobjects.com/en_US/i/logo/paypal_logo.gif
Request Chain 3
  • https://www.paypal.com/en_US/i/nav/P_on_my_account.gif HTTP 301
  • https://www.paypalobjects.com/en_US/i/nav/P_on_my_account.gif
Request Chain 4
  • http://www.paypalobjects.com/en_US/i/scr/pixel.gif HTTP 307
  • https://www.paypalobjects.com/en_US/i/scr/pixel.gif
Request Chain 5
  • https://www.paypal.com/en_US/i/nav/P_off_send_money.gif HTTP 301
  • https://www.paypalobjects.com/en_US/i/nav/P_off_send_money.gif
Request Chain 6
  • https://www.paypal.com/en_US/i/nav/P_off_request_money.gif HTTP 301
  • https://www.paypalobjects.com/en_US/i/nav/P_off_request_money.gif
Request Chain 7
  • https://www.paypal.com/en_US/i/nav/P_off_merchant_tools.gif HTTP 301
  • https://www.paypalobjects.com/en_US/i/nav/P_off_merchant_tools.gif
Request Chain 8
  • https://www.paypal.com/en_US/i/nav/P_off_auction_tools.gif HTTP 301
  • https://www.paypalobjects.com/en_US/i/nav/P_off_auction_tools.gif
Request Chain 10
  • http://www.paypal.com/images/ebay_co.gif HTTP 307
  • https://www.paypal.com/images/ebay_co.gif HTTP 301
  • https://www.paypalobjects.com/images/ebay_co.gif
Request Chain 11
  • http://www.paypal.com/images/tabs/bg.gif HTTP 307
  • https://www.paypal.com/images/tabs/bg.gif HTTP 301
  • https://www.paypalobjects.com/images/tabs/bg.gif

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request file.html
prismatic-vial-290917.uc.r.appspot.com/ 		33 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
Protocol
HTTP/1.1
Server
2a00:1450:4001:81b::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
a400916bfec70e3e4cfa58e272c216066be60656883bdaaaa8fbe518d4178e0f

Request headers

Host
prismatic-vial-290917.uc.r.appspot.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 09 Oct 2020 17:50:36 GMT
Expires
Fri, 09 Oct 2020 18:00:36 GMT
Cache-Control
public, max-age=600
ETag
"j1__hw"
X-Cloud-Trace-Context
9547fe756c4f06cf6a46822bbdcbf823
Content-Type
text/html
Content-Encoding
gzip
Transfer-Encoding
chunked
Server
Google Frontend
pp_styles_082102.css
www.paypalobjects.com/css/ 		10 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/css/pp_styles_082102.css
Requested by
Host: prismatic-vial-290917.uc.r.appspot.com
URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5ec051f2547a010842f625c6fc6ee8f4df6ea2e60f8f83015cb23a2e4751317e
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Referer
http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 17:50:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
941693
x-cache
HIT, HIT
status
200
paypal-debug-id
3cc1cbe6db9ee
dc
phx-origin-www-1.paypal.com
vary
Accept-Encoding
content-length
2114
x-served-by
cache-sjc10025-SJC, cache-hhn4074-HHN
last-modified
Thu, 30 Jul 2020 23:04:55 GMT
x-timer
S1602265837.618391,VS0,VE1
etag
W/"5f235217-28a0"
strict-transport-security
max-age=31557600
content-type
text/css
via
1.1 varnish, 1.1 varnish
cache-control
max-age=3600
accept-ranges
bytes
x-cache-hits
1, 1
pp_main.js
www.paypalobjects.com/js/
Redirect Chain
  • https://www.paypal.com/js/pp_main.js
  • https://www.paypalobjects.com/js/pp_main.js
35 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/js/pp_main.js
Requested by
Host: prismatic-vial-290917.uc.r.appspot.com
URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
e31d5c7948fd43e290e71096a765f65a19537575e07f43a2db8f61ad2cb5e9b9
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Referer
http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 17:50:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
10635101
x-cache
HIT, HIT, HIT
status
200
vary
Accept-Encoding
content-length
9449
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-served-by
cache-lax8639-LAX, cache-sjc10073-SJC, cache-hhn4074-HHN
last-modified
Mon, 25 Mar 2019 18:12:10 GMT
server
Apache
x-timer
S1602265837.825359,VS0,VE1
strict-transport-security
max-age=31557600
access-control-allow-methods
GET
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
x-cache-hits
1, 1, 1

Redirect headers

date
Fri, 09 Oct 2020 17:50:36 GMT
via
1.1 varnish, 1.1 varnish
x-timer
S1602265837.616859,VS0,VE173
x-served-by
cache-lhr7349-LHR, cache-hhn4035-HHN
status
301
x-cache
MISS, MISS
content-type
text/html; charset=iso-8859-1
location
https://www.paypalobjects.com/js/pp_main.js
cache-control
max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id
ddacb3106559d
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes, bytes, bytes, bytes
dc
phx-origin-www-2.paypal.com
content-length
251
x-cache-hits
0, 0
paypal_logo.gif
www.paypalobjects.com/en_US/i/logo/
Redirect Chain
  • http://www.paypalobjects.com/en_US/i/logo/paypal_logo.gif
  • https://www.paypalobjects.com/en_US/i/logo/paypal_logo.gif
2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/en_US/i/logo/paypal_logo.gif
Requested by
Host: prismatic-vial-290917.uc.r.appspot.com
URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5c048fbf9c37503ddfbc3131ff91818d3f26cb2f1e308d576aae6b5ddb8bffb4
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Referer
http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 17:50:36 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
age
1315974
x-cache
HIT, HIT
status
200
paypal-debug-id
7467a32135109
dc
ccg11-origin-www-2.paypal.com
content-length
2354
x-served-by
cache-sjc10042-SJC, cache-hhn4074-HHN
last-modified
Fri, 16 Aug 2019 04:57:33 GMT
x-timer
S1602265837.660234,VS0,VE1
etag
"5d5637bd-932"
strict-transport-security
max-age=31557600
content-type
image/gif
cache-control
max-age=3600
accept-ranges
bytes
x-cache-hits
2, 1

Redirect headers

Location
https://www.paypalobjects.com/en_US/i/logo/paypal_logo.gif
Non-Authoritative-Reason
HSTS
P_on_my_account.gif
www.paypalobjects.com/en_US/i/nav/
Redirect Chain
  • https://www.paypal.com/en_US/i/nav/P_on_my_account.gif
  • https://www.paypalobjects.com/en_US/i/nav/P_on_my_account.gif
494 B
604 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/en_US/i/nav/P_on_my_account.gif
Requested by
Host: prismatic-vial-290917.uc.r.appspot.com
URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
368bccbf944fb19ea46f40b8c8f5e4ca0b9a27cfe0b6f40ae34391e4986773cb
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Referer
http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 17:50:36 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
age
2435924
x-cache
HIT, HIT
status
200
content-length
494
x-served-by
cache-lax8639-LAX, cache-hhn4074-HHN
last-modified
Fri, 16 Aug 2019 04:57:33 GMT
server
Apache
x-timer
S1602265837.956924,VS0,VE1
strict-transport-security
max-age=31557600
content-type
image/gif
cache-control
max-age=3600
accept-ranges
bytes
x-cache-hits
1, 1

Redirect headers

date
Fri, 09 Oct 2020 17:50:36 GMT
via
1.1 varnish, 1.1 varnish
x-timer
S1602265837.698459,VS0,VE221
x-served-by
cache-lhr7331-LHR, cache-hhn4035-HHN
status
301
x-cache
MISS, MISS
content-type
text/html; charset=iso-8859-1
location
https://www.paypalobjects.com/en_US/i/nav/P_on_my_account.gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id
fcc47f64eeb8a
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes, bytes, bytes, bytes
dc
ccg11-origin-www-1.paypal.com
content-length
269
x-cache-hits
0, 0
pixel.gif
www.paypalobjects.com/en_US/i/scr/
Redirect Chain
  • http://www.paypalobjects.com/en_US/i/scr/pixel.gif
  • https://www.paypalobjects.com/en_US/i/scr/pixel.gif
43 B
399 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/en_US/i/scr/pixel.gif
Requested by
Host: prismatic-vial-290917.uc.r.appspot.com
URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Referer
http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 17:50:36 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
age
17533020
x-cache
HIT, HIT
status
200
surrorage-key
/en_US/i/scr/pixel.gif /en_US/i/scr/pixel.gif /en_US/i/scr/pixel.gif /en_US/i/scr/pixel.gif /en_US/i/scr/pixel.gif /en_US/i/scr/pixel.gif /en_US/i/scr /en_US/i /en_US
content-length
43
x-served-by
cache-lax8622-LAX, cache-hhn4074-HHN
last-modified
Fri, 16 Aug 2019 04:57:34 GMT
server
Apache
x-timer
S1602265837.907388,VS0,VE0
strict-transport-security
max-age=31557600
content-type
image/gif
cache-control
max-age=3600
accept-ranges
bytes
x-cache-hits
1, 170504

Redirect headers

Location
https://www.paypalobjects.com/en_US/i/scr/pixel.gif
Non-Authoritative-Reason
HSTS
P_off_send_money.gif
www.paypalobjects.com/en_US/i/nav/
Redirect Chain
  • https://www.paypal.com/en_US/i/nav/P_off_send_money.gif
  • https://www.paypalobjects.com/en_US/i/nav/P_off_send_money.gif
257 B
400 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/en_US/i/nav/P_off_send_money.gif
Requested by
Host: prismatic-vial-290917.uc.r.appspot.com
URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
fa4b14f94e3f19ed6eefbeaa3963e5fb840a0e056b7f303b5b6b274612c6d34e
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Referer
http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 17:50:37 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
age
3109967
x-cache
HIT, HIT
status
200
content-length
257
x-served-by
cache-lax8628-LAX, cache-hhn4074-HHN
last-modified
Fri, 16 Aug 2019 04:57:33 GMT
server
Apache
x-timer
S1602265837.071585,VS0,VE1
strict-transport-security
max-age=31557600
content-type
image/gif
cache-control
max-age=3600
accept-ranges
bytes
x-cache-hits
1, 1

Redirect headers

date
Fri, 09 Oct 2020 17:50:37 GMT
via
1.1 varnish, 1.1 varnish
x-timer
S1602265837.870017,VS0,VE164
x-served-by
cache-lhr7375-LHR, cache-hhn4035-HHN
status
301
x-cache
MISS, MISS
content-type
text/html; charset=iso-8859-1
location
https://www.paypalobjects.com/en_US/i/nav/P_off_send_money.gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id
fd86e1d917440
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes, bytes, bytes, bytes
dc
ccg11-origin-www-2.paypal.com
content-length
270
x-cache-hits
0, 0
P_off_request_money.gif
www.paypalobjects.com/en_US/i/nav/
Redirect Chain
  • https://www.paypal.com/en_US/i/nav/P_off_request_money.gif
  • https://www.paypalobjects.com/en_US/i/nav/P_off_request_money.gif
288 B
643 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/en_US/i/nav/P_off_request_money.gif
Requested by
Host: prismatic-vial-290917.uc.r.appspot.com
URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
c3d109198414e5f8b1e696625aabc186d2bf2d2ab822190275958153117293fb
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Referer
http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 17:50:37 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
age
17528229
x-cache
MISS, HIT, HIT, HIT
status
200
surrorage-key
/en_US/i/nav/P_off_request_money.gif /en_US/i/nav/P_off_request_money.gif /en_US/i/nav/P_off_request_money.gif /en_US/i/nav/P_off_request_money.gif /en_US/i/nav/P_off_request_money.gif /en_US/i/nav/P_off_request_money.gif /en_US/i/nav /en_US/i /en_US
content-length
288
x-served-by
cache-lax8639-LAX, cache-dfw18680-DFW, cache-sjc10044-SJC, cache-hhn4074-HHN
last-modified
Fri, 16 Aug 2019 04:57:33 GMT
server
Apache
x-timer
S1602265837.142818,VS0,VE1
strict-transport-security
max-age=31557600
content-type
image/gif
cache-control
max-age=3600
accept-ranges
bytes
x-cache-hits
0, 1, 1, 1

Redirect headers

date
Fri, 09 Oct 2020 17:50:37 GMT
via
1.1 varnish, 1.1 varnish
x-timer
S1602265837.870028,VS0,VE237
x-served-by
cache-lhr7349-LHR, cache-hhn4035-HHN
status
301
x-cache
MISS, MISS
content-type
text/html; charset=iso-8859-1
location
https://www.paypalobjects.com/en_US/i/nav/P_off_request_money.gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id
73c993ffedb86
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes, bytes, bytes, bytes
dc
phx-origin-www-3.paypal.com
content-length
273
x-cache-hits
0, 0
P_off_merchant_tools.gif
www.paypalobjects.com/en_US/i/nav/
Redirect Chain
  • https://www.paypal.com/en_US/i/nav/P_off_merchant_tools.gif
  • https://www.paypalobjects.com/en_US/i/nav/P_off_merchant_tools.gif
293 B
628 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/en_US/i/nav/P_off_merchant_tools.gif
Requested by
Host: prismatic-vial-290917.uc.r.appspot.com
URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
843b3deff8372b87b925cda2a856280d35e0f19740ffda14b8b700c8030fa818
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Referer
http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 17:50:37 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
age
17528436
x-cache
HIT, HIT
status
200
surrorage-key
/en_US/i/nav/P_off_merchant_tools.gif /en_US/i/nav/P_off_merchant_tools.gif /en_US/i/nav/P_off_merchant_tools.gif /en_US/i/nav/P_off_merchant_tools.gif /en_US/i/nav/P_off_merchant_tools.gif /en_US/i/nav/P_off_merchant_tools.gif /en_US/i/nav /en_US/i /en_US
content-length
293
x-served-by
cache-sjc10075-SJC, cache-hhn4074-HHN
last-modified
Fri, 16 Aug 2019 04:57:33 GMT
server
Apache
x-timer
S1602265837.125915,VS0,VE1
strict-transport-security
max-age=31557600
content-type
image/gif
cache-control
max-age=3600
accept-ranges
bytes
x-cache-hits
1, 1

Redirect headers

date
Fri, 09 Oct 2020 17:50:37 GMT
via
1.1 varnish, 1.1 varnish
x-timer
S1602265837.869975,VS0,VE220
x-served-by
cache-lhr7383-LHR, cache-hhn4035-HHN
status
301
x-cache
MISS, MISS
content-type
text/html; charset=iso-8859-1
location
https://www.paypalobjects.com/en_US/i/nav/P_off_merchant_tools.gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id
e94b303c3179e
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes, bytes, bytes, bytes
dc
phx-origin-www-1.paypal.com
content-length
274
x-cache-hits
0, 0
P_off_auction_tools.gif
www.paypalobjects.com/en_US/i/nav/
Redirect Chain
  • https://www.paypal.com/en_US/i/nav/P_off_auction_tools.gif
  • https://www.paypalobjects.com/en_US/i/nav/P_off_auction_tools.gif
267 B
616 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/en_US/i/nav/P_off_auction_tools.gif
Requested by
Host: prismatic-vial-290917.uc.r.appspot.com
URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
317c0606fffd463d47047c60abbb7105bf582f37077c55f1fafbfb35170d7341
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Referer
http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 17:50:37 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
age
17529366
x-cache
HIT, HIT, HIT, HIT
status
200
surrorage-key
/en_US/i/nav/P_off_auction_tools.gif /en_US/i/nav/P_off_auction_tools.gif /en_US/i/nav/P_off_auction_tools.gif /en_US/i/nav/P_off_auction_tools.gif /en_US/i/nav/P_off_auction_tools.gif /en_US/i/nav/P_off_auction_tools.gif /en_US/i/nav /en_US/i /en_US
content-length
267
x-served-by
cache-lax8628-LAX, cache-dfw18626-DFW, cache-sjc10050-SJC, cache-hhn4074-HHN
last-modified
Fri, 16 Aug 2019 04:57:33 GMT
server
Apache
x-timer
S1602265837.081737,VS0,VE1
strict-transport-security
max-age=31557600
content-type
image/gif
cache-control
max-age=3600
accept-ranges
bytes
x-cache-hits
1, 1, 1, 1

Redirect headers

date
Fri, 09 Oct 2020 17:50:37 GMT
via
1.1 varnish, 1.1 varnish
x-timer
S1602265837.870066,VS0,VE176
x-served-by
cache-lhr7380-LHR, cache-hhn4035-HHN
status
301
x-cache
MISS, MISS
content-type
text/html; charset=iso-8859-1
location
https://www.paypalobjects.com/en_US/i/nav/P_off_auction_tools.gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id
df4dc29ed0dcd
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes, bytes, bytes, bytes
dc
ccg11-origin-www-3.paypal.com
content-length
273
x-cache-hits
0, 0
logo_cards_150x26.gif
images.paypal.com/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://images.paypal.com/images/logo_cards_150x26.gif
Requested by
Host: prismatic-vial-290917.uc.r.appspot.com
URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
Protocol
HTTP/1.1
Server
173.0.88.200 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
images.paypal.com
Software
Apache /
Resource Hash
354cac498fd98fb9da08eee60231959dc2423ae44b3cb895fefd7458d35ff2a2

Request headers

Referer
http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 09 Oct 2020 17:50:37 GMT
Last-Modified
Fri, 16 Aug 2019 04:57:39 GMT
Server
Apache
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1780
ebay_co.gif
www.paypalobjects.com/images/
Redirect Chain
  • http://www.paypal.com/images/ebay_co.gif
  • https://www.paypal.com/images/ebay_co.gif
  • https://www.paypalobjects.com/images/ebay_co.gif
578 B
736 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/images/ebay_co.gif
Requested by
Host: prismatic-vial-290917.uc.r.appspot.com
URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
34d08fda088515b00a5ded2b124fca1a729d72d009f9610fd9d1f0a4df051998
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Referer
http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 17:50:37 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
age
2435923
x-cache
HIT, HIT, HIT
status
200
content-length
578
x-served-by
cache-lax8631-LAX, cache-sjc10047-SJC, cache-hhn4074-HHN
last-modified
Fri, 16 Aug 2019 04:57:39 GMT
server
Apache
x-timer
S1602265837.097057,VS0,VE1
strict-transport-security
max-age=31557600
content-type
image/gif
cache-control
max-age=3600
accept-ranges
bytes
x-cache-hits
1, 1, 1

Redirect headers

date
Fri, 09 Oct 2020 17:50:37 GMT
via
1.1 varnish, 1.1 varnish
x-timer
S1602265837.908153,VS0,VE153
x-served-by
cache-lhr7354-LHR, cache-hhn4035-HHN
status
301
x-cache
MISS, MISS
location
https://www.paypalobjects.com/images/ebay_co.gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id
e3bad0956fd51
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes, bytes, bytes, bytes
dc
slc-b-origin-www-1.paypal.com
content-length
0
x-cache-hits
0, 0
bg.gif
www.paypalobjects.com/images/tabs/
Redirect Chain
  • http://www.paypal.com/images/tabs/bg.gif
  • https://www.paypal.com/images/tabs/bg.gif
  • https://www.paypalobjects.com/images/tabs/bg.gif
250 B
370 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/images/tabs/bg.gif
Requested by
Host: prismatic-vial-290917.uc.r.appspot.com
URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
1ded8a10124637949be89cd44baf531313a6b5f401151323c855018a85d5ae6e
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Referer
http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 17:50:37 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
age
2435922
x-cache
HIT, HIT
status
200
content-length
250
x-served-by
cache-lax8622-LAX, cache-hhn4074-HHN
last-modified
Fri, 16 Aug 2019 04:57:39 GMT
server
Apache
x-timer
S1602265837.107693,VS0,VE1
strict-transport-security
max-age=31557600
content-type
image/gif
cache-control
max-age=3600
accept-ranges
bytes
x-cache-hits
1, 1

Redirect headers

date
Fri, 09 Oct 2020 17:50:37 GMT
via
1.1 varnish, 1.1 varnish
x-timer
S1602265837.908615,VS0,VE161
x-served-by
cache-lhr7340-LHR, cache-hhn4035-HHN
status
301
x-cache
MISS, MISS
location
https://www.paypalobjects.com/images/tabs/bg.gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id
5330349771770
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes, bytes, bytes, bytes
dc
ccg11-origin-www-3.paypal.com
content-length
0
x-cache-hits
0, 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

72 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes boolean| NS function| safeSubmitGood function| safeSubmit function| blockIt function| openWindow function| openWindow640 function| openWindowWH function| openWindowDemo function| openWindowDemoSmall function| openWindowATC undefined| singlePop function| openSinglePop function| windowNamer function| writeWindow function| ToggleBoxes function| countChecked function| printit number| scrX number| scrY number| tgtX object| win1 object| win2 number| balloonFlag undefined| winTracker function| ContextOpenHelp function| ContextShowHideHelp function| ReloadLocalizedPage function| ReloadPage function| ToggleCheck function| ToggleCheck_image function| submitToSF function| displaySubindustry function| textCounter function| FillPrefix function| removeComment function| resizeShoppingCartWindow function| insertAutoText function| blockCountry function| unblockCountry function| submitAllOptions function| transfer function| changeCurrencySymbol function| getCurrencySymbol function| appendQString undefined| bankWin function| openOffCenteredWindow function| openBankWindow function| openNewWindowAndSubmit function| createArray function| toggleDisabled function| UpdateProperties function| webscrUpdate function| updSetup string| ptr number| updTries number| intID function| toggleDisplay function| showMoreFields function| showBlock function| closeAll function| closeIt function| closePopup function| checkElement function| setDefault function| disableFormElements function| disableObject function| enableFieldset function| setTransID function| CC_noErrors function| check_all function| snapIn

0 Cookies