urlscan.io logo urlscan.io
SecurityTrails logo

paypal.dvuashuihfwaedwhak.xyz Open in urlscan Pro
45.195.67.117  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://paypal.dvuashuihfwaedwhak.xyz/
Effective URL: https://paypal.dvuashuihfwaedwhak.xyz/hk/home
Submission: On March 12 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 23 HTTP transactions. The main IP is 45.195.67.117, located in Hong Kong and belongs to HKNEWCLOUD-AS-AP HK NEW CLOUD TECHNOLOGY LIMITED, HK. The main domain is paypal.dvuashuihfwaedwhak.xyz.
TLS certificate: Issued by TrustAsia TLS RSA CA on March 8th 2021. Valid for: a year.
This is the only time paypal.dvuashuihfwaedwhak.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

IP Address AS Autonomous System
1 5 45.195.67.117 139640 (HKNEWCLOU...)
17 104.108.64.37 16625 (AKAMAI-AS)
2 151.101.65.35 54113 (FASTLY)
23 3
Apex Domain
Subdomains		 Transfer
17 paypalobjects.com
www.paypalobjects.com
2 MB
5 dvuashuihfwaedwhak.xyz
paypal.dvuashuihfwaedwhak.xyz
157 KB
2 paypal.com
t.paypal.com
1 KB
23 3
Domain Requested by
17 www.paypalobjects.com paypal.dvuashuihfwaedwhak.xyz
www.paypalobjects.com
5 paypal.dvuashuihfwaedwhak.xyz 1 redirects paypal.dvuashuihfwaedwhak.xyz
www.paypalobjects.com
2 t.paypal.com
23 3

This site contains links to these domains. Also see Links.

Domain
newsroom.china.paypal-corp.com
Subject Issuer Validity Valid
paypal.daehwdiuawidhj.xyz
TrustAsia TLS RSA CA		 2021-03-08 -
2022-03-07		 a year crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2021-01-13 -
2022-01-11		 a year crt.sh
t.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2020-11-17 -
2021-11-21		 a year crt.sh

This page contains 1 frames:

Primary Page: https://paypal.dvuashuihfwaedwhak.xyz/hk/home
Frame ID: 4CC394D7AAECBB1866655026FAB85D6C
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://paypal.dvuashuihfwaedwhak.xyz/ HTTP 302
    https://paypal.dvuashuihfwaedwhak.xyz/hk/home Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers via /varnish(?: \(Varnish\/([\d.]+)\))?/i
Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

23
Requests

83 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

1717 kB
Transfer

2866 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://paypal.dvuashuihfwaedwhak.xyz/ HTTP 302
    https://paypal.dvuashuihfwaedwhak.xyz/hk/home Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set home
paypal.dvuashuihfwaedwhak.xyz/hk/
Redirect Chain
  • https://paypal.dvuashuihfwaedwhak.xyz/
  • https://paypal.dvuashuihfwaedwhak.xyz/hk/home
57 KB
60 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://paypal.dvuashuihfwaedwhak.xyz/hk/home
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.195.67.117 , Hong Kong, ASN139640 (HKNEWCLOUD-AS-AP HK NEW CLOUD TECHNOLOGY LIMITED, HK),
Reverse DNS
Software
openresty/1.19.3.1 /
Resource Hash
e8471eb39c09f40529b45ce154e82fc5f8ec3e8ed8a529cf0fab9091516ccade
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.brighttalk.com https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://www.wootag.com https://*.qualtrics.com; script-src 'nonce-UPKDJfSoOHPqxPRE45llO8MFiYePxyEXiqKuZ7dPfcfGn8wM' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://*.salesforce.com https://*.force.com https://*.eloqua.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://*.brighttalk.com https://*.dialogtech.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com https://*.salesforce.com https://*.eloqua.com https://secure.opinionlab.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
paypal.dvuashuihfwaedwhak.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
x-cdn=fastly:TYO
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server
openresty/1.19.3.1
Date
Fri, 12 Mar 2021 18:07:32 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
max-age=0, no-cache, no-store, must-revalidate
Content-Security-Policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.brighttalk.com https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://www.wootag.com https://*.qualtrics.com; script-src 'nonce-UPKDJfSoOHPqxPRE45llO8MFiYePxyEXiqKuZ7dPfcfGn8wM' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://*.salesforce.com https://*.force.com https://*.eloqua.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://*.brighttalk.com https://*.dialogtech.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com https://*.salesforce.com https://*.eloqua.com https://secure.opinionlab.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
Etag
W/"de33-tdjrs3vwBNaWdoN+Jnazo5wT2OY"
Paypal-Debug-Id
18915665ff60c
Set-Cookie
enforce_policy=; Domain=.dvuashuihfwaedwhak.xyz; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Secure; SameSite=None cookie_check=yes; Max-Age=315532799; Domain=.dvuashuihfwaedwhak.xyz; Path=/; Expires=Wed, 12 Mar 2031 18:07:31 GMT; HttpOnly; Secure; SameSite=None LANG=en_GB%3BHK; Max-Age=31556; Domain=.dvuashuihfwaedwhak.xyz; Path=/; Expires=Sat, 13 Mar 2021 02:53:28 GMT; HttpOnly; Secure; SameSite=None tsrce=mppnodeweb; Max-Age=259199; Domain=.dvuashuihfwaedwhak.xyz; Path=/; Expires=Mon, 15 Mar 2021 18:07:31 GMT; HttpOnly; Secure; SameSite=None x-pp-s=eyJ0IjoiMTYxNTU3MjQ1MjkxMSIsImwiOiIwIiwibSI6IjAifQ; Domain=.dvuashuihfwaedwhak.xyz; Path=/; HttpOnly; Secure; SameSite=None nsid=s%3AVc7q5NbsU7gRmPKOo9X7o0E-ZCZSNd_b.sqlu9pS88sXqMU3p%2FtHPl2Dmkoy0CNh2aiS9wopYr4Q; Path=/; HttpOnly; Secure; SameSite=None l7_az=dcg01.phx; Path=/; Domain=dvuashuihfwaedwhak.xyz; Expires=Fri, 12 Mar 2021 18:37:32 GMT; HttpOnly; Secure; SameSite=None ts=vreXpYrS%3D1710263252%26vteXpYrS%3D1615574252%26vr%3D279f445a1780a3041deed3b2fe8769b1%26vt%3D279f445a1780a3041deed3b2fe8769b0%26vtyp%3Dnew; Path=/; Domain=dvuashuihfwaedwhak.xyz; Expires=Mon, 11 Mar 2024 18:07:32 GMT; HttpOnly; Secure; SameSite=None ts_c=vr%3D279f445a1780a3041deed3b2fe8769b1%26vt%3D279f445a1780a3041deed3b2fe8769b0; Path=/; Domain=dvuashuihfwaedwhak.xyz; Expires=Mon, 11 Mar 2024 18:07:32 GMT; Secure; SameSite=None x-cdn=fastly:HND; Domain=dvuashuihfwaedwhak.xyz; Path=/; Secure
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Xss-Protection
1; mode=block
DC
phx-origin-www-3.paypal.com
Accept-Ranges
bytes
Via
1.1 varnish, 1.1 varnish
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
X-Served-By
cache-sjc10025-SJC, cache-hnd18725-HND
X-Cache
MISS, MISS
X-Cache-Hits
0, 0
X-Timer
S1615572452.326568,VS0,VE682
Vary
Accept-Encoding

Redirect headers

Server
openresty/1.19.3.1
Date
Fri, 12 Mar 2021 18:07:31 GMT
Content-Length
0
Location
https://paypal.dvuashuihfwaedwhak.xyz/hk/home
Connection
keep-alive
Retry-After
0
Accept-Ranges
bytes
Via
1.1 varnish
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
X-Served-By
cache-tyo11954-TYO
X-Cache
HIT
X-Cache-Hits
0
Set-Cookie
x-cdn=fastly:TYO; Domain=dvuashuihfwaedwhak.xyz; Path=/; Secure
PayPalSansSmall-Regular.woff2
www.paypalobjects.com/digitalassets/c/paypal-ui/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/digitalassets/c/paypal-ui/fonts/PayPalSansSmall-Regular.woff2
Requested by
Host: paypal.dvuashuihfwaedwhak.xyz
URL: https://paypal.dvuashuihfwaedwhak.xyz/hk/home
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.108.64.37 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-64-37.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
af93d1d952b2dc42c029871cbbb92988835b31c86d4f0cb6a9674b1d1714a20f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://paypal.dvuashuihfwaedwhak.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 18:07:33 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jan 2018 03:38:51 GMT
cache-control
public, max-age=3600
etag
"5a66ae4b-4790"
surrogate-control
max-age=31536000
vary
Accept-Encoding
content-type
application/font-woff2
access-control-allow-origin
*
paypal-debug-id
7fa8cab4f0578
strict-transport-security
max-age=31536000
accept-ranges
bytes
dc
ccg11-origin-www-3.paypal.com
content-length
18320
expires
Fri, 12 Mar 2021 19:07:33 GMT
PayPalSansBig-Light.woff2
www.paypalobjects.com/digitalassets/c/paypal-ui/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/digitalassets/c/paypal-ui/fonts/PayPalSansBig-Light.woff2
Requested by
Host: paypal.dvuashuihfwaedwhak.xyz
URL: https://paypal.dvuashuihfwaedwhak.xyz/hk/home
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.108.64.37 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-64-37.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0d4d4b0ee4bdbbbfdf2fa8cc4c0ba0332a3798c2629cb806d249712f6a7063e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://paypal.dvuashuihfwaedwhak.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 18:07:33 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jan 2018 02:50:53 GMT
cache-control
public, max-age=3600
etag
"5a66a30d-47b8"
surrogate-control
max-age=31536000
vary
Accept-Encoding
content-type
application/font-woff2
access-control-allow-origin
*
paypal-debug-id
b24478a9fb000
strict-transport-security
max-age=31536000
accept-ranges
bytes
dc
slc-b-origin-www-1.paypal.com
content-length
18360
expires
Fri, 12 Mar 2021 19:07:33 GMT
jquery.min.js
paypal.dvuashuihfwaedwhak.xyz/ 		87 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://paypal.dvuashuihfwaedwhak.xyz/jquery.min.js
Requested by
Host: paypal.dvuashuihfwaedwhak.xyz
URL: https://paypal.dvuashuihfwaedwhak.xyz/hk/home
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.195.67.117 , Hong Kong, ASN139640 (HKNEWCLOUD-AS-AP HK NEW CLOUD TECHNOLOGY LIMITED, HK),
Reverse DNS
Software
openresty/1.19.3.1 /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer
https://paypal.dvuashuihfwaedwhak.xyz/hk/home
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 12 Mar 2021 18:07:33 GMT
Last-Modified
Mon, 08 Mar 2021 10:43:59 GMT
Server
openresty/1.19.3.1
ETag
"6045ffef-15d84"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
89476
5531eb3c46cbd8507cd43037354c25d2fc3cd3.css
www.paypalobjects.com/marketing-resources/css/89/ 		309 KB
50 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/marketing-resources/css/89/5531eb3c46cbd8507cd43037354c25d2fc3cd3.css
Requested by
Host: paypal.dvuashuihfwaedwhak.xyz
URL: https://paypal.dvuashuihfwaedwhak.xyz/hk/home
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.108.64.37 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-64-37.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b174d60e6684308d4cf2467b2098513bbce02dad6142428425a6ee8562352e95
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://paypal.dvuashuihfwaedwhak.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 18:07:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Sat, 13 Feb 2021 00:20:40 GMT
etag
W/"60271b58-4d28b"
surrogate-control
max-age=31536000
vary
Accept-Encoding
content-type
text/css
paypal-debug-id
e47f790fd8503
cache-control
public, max-age=3600
strict-transport-security
max-age=31536000
dc
ccg11-origin-www-2.paypal.com
content-length
50853
expires
Fri, 12 Mar 2021 19:07:33 GMT
react-16_6_3-bundle.js
www.paypalobjects.com/digitalassets/c/website/js/ 		109 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/digitalassets/c/website/js/react-16_6_3-bundle.js
Requested by
Host: paypal.dvuashuihfwaedwhak.xyz
URL: https://paypal.dvuashuihfwaedwhak.xyz/hk/home
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.108.64.37 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-64-37.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a6cb296cc17962a45f2e1ec8caa628f675def3f2296af7c66a40ab9bfe17bd3a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://paypal.dvuashuihfwaedwhak.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 18:07:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 19 Dec 2018 01:10:32 GMT
etag
W/"5c199a88-1b4c8"
surrogate-control
max-age=31536000
vary
Accept-Encoding
content-type
application/javascript
paypal-debug-id
42c8670ac2f79
cache-control
max-age=3600
strict-transport-security
max-age=31536000
dc
phx-origin-www-2.paypal.com
content-length
36652
expires
Fri, 12 Mar 2021 19:07:33 GMT
bs-chunk.js
www.paypalobjects.com/tagmgmt/ 		19 B
380 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/tagmgmt/bs-chunk.js
Requested by
Host: paypal.dvuashuihfwaedwhak.xyz
URL: https://paypal.dvuashuihfwaedwhak.xyz/hk/home
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.108.64.37 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-64-37.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
be5c4f71eea822cbdcaefcf92963ab573e903f75a60b8bc0793e4eec935a1187
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://paypal.dvuashuihfwaedwhak.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 18:07:34 GMT
x-content-type-options
nosniff
surrogate-control
max-age=31536000
paypal-debug-id
3439ce9282ae9
dc
slc-b-origin-www-3.paypal.com
vary
Accept-Encoding
content-length
19
last-modified
Sat, 13 Feb 2021 00:28:58 GMT
etag
"60271d4a-13"
strict-transport-security
max-age=31536000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=3600
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
expires
Fri, 12 Mar 2021 19:07:34 GMT
pa.js
www.paypalobjects.com/pa/js/min/ 		52 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/pa/js/min/pa.js
Requested by
Host: paypal.dvuashuihfwaedwhak.xyz
URL: https://paypal.dvuashuihfwaedwhak.xyz/hk/home
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.108.64.37 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-64-37.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0eb22afbab03bbbd8a47d4fc5361ff7518a77273e99fd0b73e235c93dd6ea7aa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://paypal.dvuashuihfwaedwhak.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 18:07:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
surrogate-control
max-age=31536000
paypal-debug-id
fb0a10a0a0f8f
dc
ccg11-origin-www-3.paypal.com
vary
Accept-Encoding
content-length
20130
last-modified
Thu, 18 Feb 2021 06:57:36 GMT
etag
W/"602e0fe0-cfcb"
strict-transport-security
max-age=31536000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=3600
access-control-allow-headers
x-csrf-token
expires
Fri, 12 Mar 2021 19:07:33 GMT
open-chat.js
www.paypalobjects.com/helpcenter/smartchat/sales/v1/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/helpcenter/smartchat/sales/v1/open-chat.js
Requested by
Host: paypal.dvuashuihfwaedwhak.xyz
URL: https://paypal.dvuashuihfwaedwhak.xyz/hk/home
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.108.64.37 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-64-37.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
15213b958a0af95e33fb82a50fc1a68ef2f171b3762662957e91ef1d834291f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://paypal.dvuashuihfwaedwhak.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 18:07:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Sat, 13 Feb 2021 00:19:40 GMT
cache-control
public, max-age=3600
etag
W/"60271b1c-5bf"
surrogate-control
max-age=31536000
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
paypal-debug-id
a03bdbb9fac55
strict-transport-security
max-age=31536000
dc
slc-b-origin-www-3.paypal.com
content-length
779
expires
Fri, 12 Mar 2021 19:07:34 GMT
marketingIntentsV2.js
www.paypalobjects.com/activation/js/ 		554 B
661 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/activation/js/marketingIntentsV2.js
Requested by
Host: paypal.dvuashuihfwaedwhak.xyz
URL: https://paypal.dvuashuihfwaedwhak.xyz/hk/home
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.108.64.37 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-64-37.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4be8b546dbb09a4b486f6efab312ee3e5c94cb12e05dbe389c20d5cf391e3da2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://paypal.dvuashuihfwaedwhak.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 18:07:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 12 Feb 2021 23:55:13 GMT
etag
W/"60271561-22a"
surrogate-control
max-age=31536000
vary
Accept-Encoding
content-type
application/javascript
paypal-debug-id
d68b9535cb136
cache-control
max-age=86400
strict-transport-security
max-age=31536000
dc
ccg11-origin-www-2.paypal.com
content-length
365
expires
Sat, 13 Mar 2021 18:07:34 GMT
pes.js
paypal.dvuashuihfwaedwhak.xyz/ 		4 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://paypal.dvuashuihfwaedwhak.xyz/pes.js
Requested by
Host: paypal.dvuashuihfwaedwhak.xyz
URL: https://paypal.dvuashuihfwaedwhak.xyz/hk/home
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.195.67.117 , Hong Kong, ASN139640 (HKNEWCLOUD-AS-AP HK NEW CLOUD TECHNOLOGY LIMITED, HK),
Reverse DNS
Software
openresty/1.19.3.1 /
Resource Hash
6811aa7b69e9cead68dee24b73ce557644bd30abc7deaa345fea775dbf6db4ff

Request headers

Referer
https://paypal.dvuashuihfwaedwhak.xyz/hk/home
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 12 Mar 2021 18:07:33 GMT
Last-Modified
Mon, 08 Mar 2021 16:10:27 GMT
Server
openresty/1.19.3.1
ETag
"60464c73-1184"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4484
ppcom-white.svg
www.paypalobjects.com/webstatic/i/logo/rebrand/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/webstatic/i/logo/rebrand/ppcom-white.svg
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/marketing-resources/css/89/5531eb3c46cbd8507cd43037354c25d2fc3cd3.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.108.64.37 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-64-37.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e35c57fad02017983d4261c8d65697ec8b312a2a19127cb93f92d1eca6408015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypalobjects.com/marketing-resources/css/89/5531eb3c46cbd8507cd43037354c25d2fc3cd3.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 18:07:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Sat, 21 Mar 2015 01:00:01 GMT
cache-control
public, max-age=3600
etag
W/"550cc291-1445"
surrogate-control
max-age=31536000
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
paypal-debug-id
194663f7c8fe9
strict-transport-security
max-age=31536000
dc
ccg11-origin-www-3.paypal.com
content-length
1988
expires
Fri, 12 Mar 2021 19:07:34 GMT
video-bg.jpg
www.paypalobjects.com/marketing/web/us/en/home/ 		125 B
377 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/marketing/web/us/en/home/video-bg.jpg
Requested by
Host: paypal.dvuashuihfwaedwhak.xyz
URL: https://paypal.dvuashuihfwaedwhak.xyz/hk/home
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.108.64.37 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-64-37.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
7b8117fe88308ffbf1ed8cca63b869c65323e6daa52a45e799bf7c9348c964e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://paypal.dvuashuihfwaedwhak.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 18:07:34 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
x-serial
999
etag
"60271c73-1576"
strict-transport-security
max-age=31536000
content-type
image/png
cache-control
private, no-transform, max-age=43200
last-modified
Sun, 07 Mar 2021 05:08:44 GMT
content-length
125
server
Akamai Image Manager
expires
Sat, 13 Mar 2021 06:07:34 GMT
PayPalSansSmall-Regular.woff2
www.paypalobjects.com/digitalassets/c/paypal-ui/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/digitalassets/c/paypal-ui/fonts/PayPalSansSmall-Regular.woff2
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/marketing-resources/css/89/5531eb3c46cbd8507cd43037354c25d2fc3cd3.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.108.64.37 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-64-37.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
af93d1d952b2dc42c029871cbbb92988835b31c86d4f0cb6a9674b1d1714a20f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Origin
https://paypal.dvuashuihfwaedwhak.xyz
Referer
https://www.paypalobjects.com/marketing-resources/css/89/5531eb3c46cbd8507cd43037354c25d2fc3cd3.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 18:07:34 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jan 2018 03:38:51 GMT
cache-control
public, max-age=3600
etag
"5a66ae4b-4790"
surrogate-control
max-age=31536000
vary
Accept-Encoding
content-type
application/font-woff2
access-control-allow-origin
*
paypal-debug-id
7fa8cab4f0578
strict-transport-security
max-age=31536000
accept-ranges
bytes
dc
ccg11-origin-www-3.paypal.com
content-length
18320
expires
Fri, 12 Mar 2021 19:07:34 GMT
PayPalSansBig-Light.woff2
www.paypalobjects.com/digitalassets/c/paypal-ui/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/digitalassets/c/paypal-ui/fonts/PayPalSansBig-Light.woff2
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/marketing-resources/css/89/5531eb3c46cbd8507cd43037354c25d2fc3cd3.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.108.64.37 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-64-37.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0d4d4b0ee4bdbbbfdf2fa8cc4c0ba0332a3798c2629cb806d249712f6a7063e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Origin
https://paypal.dvuashuihfwaedwhak.xyz
Referer
https://www.paypalobjects.com/marketing-resources/css/89/5531eb3c46cbd8507cd43037354c25d2fc3cd3.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 18:07:34 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jan 2018 02:50:53 GMT
cache-control
public, max-age=3600
etag
"5a66a30d-47b8"
surrogate-control
max-age=31536000
vary
Accept-Encoding
content-type
application/font-woff2
access-control-allow-origin
*
paypal-debug-id
b24478a9fb000
strict-transport-security
max-age=31536000
accept-ranges
bytes
dc
slc-b-origin-www-1.paypal.com
content-length
18360
expires
Fri, 12 Mar 2021 19:07:34 GMT
HK_everyday_essentials_desktop_v3.mp4
www.paypalobjects.com/marketing/web/hk/home/everyday-essentials/ 		987 KB
989 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/marketing/web/hk/home/everyday-essentials/HK_everyday_essentials_desktop_v3.mp4
Requested by
Host: paypal.dvuashuihfwaedwhak.xyz
URL: https://paypal.dvuashuihfwaedwhak.xyz/hk/home
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.108.64.37 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-64-37.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c61ba3f1499903e8da579c9454b71a57f732fdd36ff25b56fd1fd181ef57efa1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://paypal.dvuashuihfwaedwhak.xyz/
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range
bytes=0-

Response headers

date
Fri, 12 Mar 2021 18:07:34 GMT
x-content-type-options
nosniff
last-modified
Sat, 13 Feb 2021 00:24:11 GMT
cache-control
max-age=3600
etag
"60271c2b-f6a5c"
surrogate-control
max-age=31536000
vary
Accept-Encoding
content-type
video/mp4
Content-Range
bytes 0-1010267/1010268
paypal-debug-id
132ed49b0ba2
strict-transport-security
max-age=31536000
accept-ranges
bytes
dc
ccg11-origin-www-1.paypal.com
Content-Length
1010268
expires
Fri, 12 Mar 2021 19:07:34 GMT
eligibility
paypal.dvuashuihfwaedwhak.xyz/smartchat/open/ 		1 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://paypal.dvuashuihfwaedwhak.xyz/smartchat/open/eligibility?intent=SALESCHAT&page=/hk/home
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/helpcenter/smartchat/sales/v1/open-chat.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.195.67.117 , Hong Kong, ASN139640 (HKNEWCLOUD-AS-AP HK NEW CLOUD TECHNOLOGY LIMITED, HK),
Reverse DNS
Software
openresty/1.19.3.1 /
Resource Hash
1b52b021c07e2637cf2611d85fd64b6256c09b424d3b2adba0ced7e02465619a
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'nonce-3pS3t6pbtSJiIlZGa9vhr/F3Rg+uC/cg5KNiY/i6VntvOSnb' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; img-src 'self' https: data:; object-src 'none'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.kampyle.com https://*.qualtrics.com; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; base-uri 'self' https://*.paypal.com; form-action 'self' https://*.paypal.com; frame-ancestors 'self' https://help.venmo.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://paypal.dvuashuihfwaedwhak.xyz/hk/home
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'nonce-3pS3t6pbtSJiIlZGa9vhr/F3Rg+uC/cg5KNiY/i6VntvOSnb' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; img-src 'self' https: data:; object-src 'none'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.kampyle.com https://*.qualtrics.com; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; base-uri 'self' https://*.paypal.com; form-action 'self' https://*.paypal.com; frame-ancestors 'self' https://help.venmo.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
Via
1.1 varnish, 1.1 varnish
X-Content-Type-Options
nosniff
X-Cache
MISS, MISS
Paypal-Debug-Id
6e7619d2a50d5
Connection
keep-alive
DC
phx-origin-www-1.paypal.com
Content-Length
1426
X-Xss-Protection
1; mode=block
X-Served-By
cache-sjc10036-SJC, cache-hnd18750-HND
Server
openresty/1.19.3.1
X-Timer
S1615572455.753279,VS0,VE206
Date
Fri, 12 Mar 2021 18:07:34 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, no-cache, no-store, must-revalidate
Etag
W/"592-S9wjW2M4sQnTkYLUURJwLh3U/gA"
Accept-Ranges
bytes
X-Cache-Hits
0, 0
5b9acec5c5ffe913e853ac063d77d5307e774d.js
www.paypalobjects.com/marketing-resources/js/7d/ 		988 KB
221 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/marketing-resources/js/7d/5b9acec5c5ffe913e853ac063d77d5307e774d.js
Requested by
Host: paypal.dvuashuihfwaedwhak.xyz
URL: https://paypal.dvuashuihfwaedwhak.xyz/hk/home
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.108.64.37 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-64-37.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
186084d78885e15f89bc80787db7ca787bffaedb2afdab408584c5cb0007dd82
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://paypal.dvuashuihfwaedwhak.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 18:07:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 22 Feb 2021 12:44:15 GMT
etag
W/"6033a71f-f6f17"
surrogate-control
max-age=31536000
vary
Accept-Encoding
content-type
application/javascript
paypal-debug-id
2d2d674b8c3be
cache-control
max-age=3600
strict-transport-security
max-age=31536000
dc
ccg11-origin-www-1.paypal.com
content-length
225212
expires
Fri, 12 Mar 2021 19:07:34 GMT
opinionLab-2.1.0.js
www.paypalobjects.com/digitalassets/c/website/marketing/global/kui/js/ 		41 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/digitalassets/c/website/marketing/global/kui/js/opinionLab-2.1.0.js
Requested by
Host: paypal.dvuashuihfwaedwhak.xyz
URL: https://paypal.dvuashuihfwaedwhak.xyz/hk/home
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.108.64.37 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-64-37.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
da3177d9f38349f23abc99dcc0a87a8e1178a1576f0b27192821b20ebecc45e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://paypal.dvuashuihfwaedwhak.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 18:07:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Sun, 14 Jun 2020 15:52:22 GMT
etag
W/"5ee647b6-a5a5"
surrogate-control
max-age=31536000
vary
Accept-Encoding
content-type
application/javascript
paypal-debug-id
3ae59e676228f
cache-control
public, max-age=3600
strict-transport-security
max-age=31536000
dc
ccg11-origin-www-1.paypal.com
content-length
12254
expires
Fri, 12 Mar 2021 19:07:34 GMT
ts
t.paypal.com/ 		42 B
709 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?v=1.4.30&t=1615572455061&g=-60&pgrp=main%3Amktg%3Apersonal%3A%3Ahome&page=main%3Amktg%3Apersonal%3A%3Ahome%3A%3A%3A&pgst=Unknown&calc=18915665ff60c&nsid=Vc7q5NbsU7gRmPKOo9X7o0E-ZCZSNd_b&rsta=en_HK&pgtf=Nodejs&env=live&s=ci&ccpg=hk&csci=cfe9ffbb91b04651a4e7594984f93f7b&comp=mppnodeweb&tsrce=mppnodeweb&cu=0&xe=102471&xt=109174&pgld=Unknown&bzsr=main&bchn=mktg&tmpl=home.dust&pgsf=personal&lgin=out&shir=main_mktg_personal_&pros=1&lgcook=0&e=im&imsrc=setup&view=%7B%22t10%22%3A1911%2C%22t11%22%3A4940%2C%22tcp%22%3A4333%2C%22et%22%3A%224g%22%2C%22nt%22%3A%22navigate%22%2C%22bt%22%3A50%7D&pt=International%20shopping%20is%20easy%20with%20PayPal%20%E2%80%93%20PayPal&cd=24&sw=1600&sh=1200&dw=1600&dh=1200&bw=1600&bh=1200&ce=1&t1=1&t1c=0&t1d=0&t1s=0&t2=1414&t3=399&t4d=1556&t4=1560&t4e=4&tt=4889&rdc=1&res=%7B%7D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
akka-http/10.1.11 /
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer
https://paypal.dvuashuihfwaedwhak.xyz/hk/home
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 12 Mar 2021 18:07:35 GMT
via
1.1 varnish, 1.1 varnish
server
akka-http/10.1.11
x-timer
S1615572455.109965,VS0,VE170
x-cache
MISS, MISS
p3p
policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
http_x_pp_az_locator
slca.slc
expires
Fri, 12 Mar 2021 18:07:35 GMT
cache-control
no-cache, no-store, max-age=0, no-transform
x-cache-hits
0, 0
accept-ranges
bytes
content-type
image/gif
content-length
42
x-served-by
cache-hhn4034-HHN, cache-cph20625-CPH
ts
t.paypal.com/ 		42 B
435 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?v=1.4.30&t=1615572455245&g=-60&e=err&page=main%3Amktg%3Apersonal%3A%3Ahome%3A%3A%3A&pgrp=main%3Amktg%3Apersonal%3A%3Ahome&comp=mppnodeweb&erpg=Script%20error&error_type=WINDOW_ONERROR&error_source=-%200%3A0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
akka-http/10.1.11 /
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer
https://paypal.dvuashuihfwaedwhak.xyz/hk/home
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 12 Mar 2021 18:07:35 GMT
via
1.1 varnish, 1.1 varnish
server
akka-http/10.1.11
x-timer
S1615572455.255851,VS0,VE246
x-cache
MISS, MISS
p3p
policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
expires
Fri, 12 Mar 2021 18:07:35 GMT
cache-control
no-cache, no-store, max-age=0, no-transform
x-cache-hits
0, 0
accept-ranges
bytes
content-type
image/gif
content-length
42
x-served-by
cache-hhn4066-HHN, cache-cph20625-CPH
Groceries-phone-dollars_grey_back.gif
www.paypalobjects.com/marketing/web/sg/home/everyday-essentials/ 		135 KB
136 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/marketing/web/sg/home/everyday-essentials/Groceries-phone-dollars_grey_back.gif
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.108.64.37 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-64-37.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
594b87ef4f472c946007ebc4ddbfa0744306d5cee4a8b62f693105cc82192cd4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://paypal.dvuashuihfwaedwhak.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 18:07:35 GMT
x-content-type-options
nosniff
last-modified
Mon, 15 Feb 2021 01:43:23 GMT
server
Akamai Image Manager
etag
"dayI1Jm2gXxDp77q1s/MpEXbJs5gNP8crEaEnsDLyFg"
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
private, no-transform, max-age=43200
content-length
138700
expires
Sat, 13 Mar 2021 06:07:35 GMT
shopping.png
www.paypalobjects.com/marketing/web/in/home/everyday-essentials/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/marketing/web/in/home/everyday-essentials/shopping.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.108.64.37 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-64-37.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
5709819c0fd4bd1266da6207c91efba6cabe689d0f1fc8637ca78ccaf60ad1a3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://paypal.dvuashuihfwaedwhak.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 18:07:35 GMT
x-content-type-options
nosniff
last-modified
Sun, 27 Dec 2020 15:35:08 GMT
server
Akamai Image Manager
etag
"uG3MMh5IVPL1CZYqF6+NbSdkMjBr4UGYeOOV3mNQQu8"
strict-transport-security
max-age=31536000
content-type
image/png
cache-control
private, max-age=768501
content-length
16901
expires
Sun, 21 Mar 2021 15:35:56 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| antiClickjack object| modelData object| dataLayer object| PAYPAL object| fpti string| fptiserverurl object| _ifpti function| addCookie function| getCookie object| React object| ReactDOM function| t function| openSalesChat object| PageBundle object| __core-js_shared__ object| OOo

0 Cookies

3 Console Messages

Source Level URL
Text
console-api log
Message:
%c WARNING!!! color:#FF8F1C; font-size:40px;
console-api log
Message:
%c This browser feature is for developers only. Please do not copy-paste any code or run any scripts here. It may cause your PayPal account to be compromised. color:#003087; font-size:16px; font-weight: bold;
console-api log
Message:
%c For more information, http://en.wikipedia.org/wiki/Self-XSS color:#003087; font-size:16px; font-weight: bold;

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.brighttalk.com https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://www.wootag.com https://*.qualtrics.com; script-src 'nonce-UPKDJfSoOHPqxPRE45llO8MFiYePxyEXiqKuZ7dPfcfGn8wM' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://*.salesforce.com https://*.force.com https://*.eloqua.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://*.brighttalk.com https://*.dialogtech.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com https://*.salesforce.com https://*.eloqua.com https://secure.opinionlab.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

paypal.dvuashuihfwaedwhak.xyz
t.paypal.com
www.paypalobjects.com
104.108.64.37
151.101.65.35
45.195.67.117
0d4d4b0ee4bdbbbfdf2fa8cc4c0ba0332a3798c2629cb806d249712f6a7063e3
0eb22afbab03bbbd8a47d4fc5361ff7518a77273e99fd0b73e235c93dd6ea7aa
15213b958a0af95e33fb82a50fc1a68ef2f171b3762662957e91ef1d834291f8
186084d78885e15f89bc80787db7ca787bffaedb2afdab408584c5cb0007dd82
1b52b021c07e2637cf2611d85fd64b6256c09b424d3b2adba0ced7e02465619a
4be8b546dbb09a4b486f6efab312ee3e5c94cb12e05dbe389c20d5cf391e3da2
5709819c0fd4bd1266da6207c91efba6cabe689d0f1fc8637ca78ccaf60ad1a3
594b87ef4f472c946007ebc4ddbfa0744306d5cee4a8b62f693105cc82192cd4
6811aa7b69e9cead68dee24b73ce557644bd30abc7deaa345fea775dbf6db4ff
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
7b8117fe88308ffbf1ed8cca63b869c65323e6daa52a45e799bf7c9348c964e6
a6cb296cc17962a45f2e1ec8caa628f675def3f2296af7c66a40ab9bfe17bd3a
af93d1d952b2dc42c029871cbbb92988835b31c86d4f0cb6a9674b1d1714a20f
b174d60e6684308d4cf2467b2098513bbce02dad6142428425a6ee8562352e95
be5c4f71eea822cbdcaefcf92963ab573e903f75a60b8bc0793e4eec935a1187
c61ba3f1499903e8da579c9454b71a57f732fdd36ff25b56fd1fd181ef57efa1
da3177d9f38349f23abc99dcc0a87a8e1178a1576f0b27192821b20ebecc45e3
e35c57fad02017983d4261c8d65697ec8b312a2a19127cb93f92d1eca6408015
e8471eb39c09f40529b45ce154e82fc5f8ec3e8ed8a529cf0fab9091516ccade
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d