heirheads.co.za Open in urlscan Pro
197.242.144.104 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://heirheads.co.za/.well-known/true/info/
Submission Tags: @ipnigh
Submission: On August 28 via api (August 28th 2019, 4:54:29 am UTC) from GB

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 21 HTTP transactions. The main IP is 197.242.144.104, located in South Africa and belongs to Afrihost, ZA. The main domain is heirheads.co.za.
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 7th 2019. Valid for: 3 months.

This is the only time heirheads.co.za was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 13	197.242.144.104 197.242.144.104	37611 (Afrihost) (Afrihost)
9	2.21.38.79 2.21.38.79	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
21	2

13 197.242.144.104 (South Africa) 1 redirects

ASN37611 (Afrihost, ZA)
PTR: dot.aserv.co.za

heirheads.co.za	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2.21.38.79 (France)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-21-38-79.deploy.static.akamaitechnologies.com

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	heirheads.co.za 1 redirects heirheads.co.za	639 KB
9	paypalobjects.com www.paypalobjects.com	36 KB
21	2

	Domain	Requested by
13	heirheads.co.za	1 redirects heirheads.co.za
9	www.paypalobjects.com	heirheads.co.za
21	2

This site contains no links.

Subject Issuer	Validity	Valid
heirheads.co.za cPanel, Inc. Certification Authority	`2019-07-07` - `2019-10-05`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2019-08-18` - `2020-08-18`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://heirheads.co.za/.well-known/true/info/
Frame ID: 6394F57D104801EB118E32CEC4E07BE5
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://heirheads.co.za/.well-known/true/info HTTP 301
https://heirheads.co.za/.well-known/true/info/ Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

21
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

675 kB
Transfer

669 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://heirheads.co.za/.well-known/true/info HTTP 301
https://heirheads.co.za/.well-known/true/info/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
heirheads.co.za/.well-known/true/info/
Redirect Chain

https://heirheads.co.za/.well-known/true/info
https://heirheads.co.za/.well-known/true/info/

14 KB
15 KB

191ms
191ms

Document
text/html

197.242.144.104
Afrihost

General

Check archive.org

Show headers Download Go to

Full URL: https://heirheads.co.za/.well-known/true/info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 197.242.144.104 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: dot.aserv.co.za
Software: Apache /
Resource Hash: 7bbc65e95b36ececb089c29be61503025be358653b7deb3af505ae1e880a08a1

Request headers

Host: heirheads.co.za
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1

Response headers

Date: Wed, 28 Aug 2019 04:54:09 GMT
Server: Apache
Last-Modified: Sat, 11 Jan 2014 00:38:26 GMT
ETag: "3944-4efa70f882480"
Accept-Ranges: bytes
Content-Length: 14660
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html

Redirect headers

Date: Wed, 28 Aug 2019 04:54:09 GMT
Server: Apache
Location: https://heirheads.co.za/.well-known/true/info/
Content-Length: 254
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK style.css
heirheads.co.za/.well-known/true/info/i/ 91 KB
92 KB 191ms
189ms Stylesheet
text/css 197.242.144.104
Afrihost

General

Check archive.org

Show headers Download Go to

Full URL: https://heirheads.co.za/.well-known/true/info/i/style.css
Requested by: Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 197.242.144.104 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: dot.aserv.co.za
Software: Apache /
Resource Hash: 7ee817ef7aab069bd57e8a3082f62ba70ed249e8f7faff7f1cc3b503fbe0fc7d

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://heirheads.co.za/.well-known/true/info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 28 Aug 2019 04:54:09 GMT
Last-Modified: Sun, 08 Dec 2013 07:56:48 GMT
Server: Apache
ETag: "16d29-4ed0138a61000"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 93481

GET
H/1.1 200
OK style1.css
heirheads.co.za/.well-known/true/info/i/ 80 KB
80 KB 629ms
186ms Stylesheet
text/css 197.242.144.104
Afrihost

General

Check archive.org

Show headers Download Go to

Full URL: https://heirheads.co.za/.well-known/true/info/i/style1.css
Requested by: Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 197.242.144.104 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: dot.aserv.co.za
Software: Apache /
Resource Hash: 7cabfc220823b90e666f378d3835c89b9c715279a2adf5ec4eb621c6781f7cf4

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://heirheads.co.za/.well-known/true/info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 28 Aug 2019 04:54:10 GMT
Last-Modified: Sun, 08 Dec 2013 08:04:40 GMT
Server: Apache
ETag: "13e5d-4ed0154c83600"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 81501

GET
H/1.1 200
OK style4.css
heirheads.co.za/.well-known/true/info/i/ 3 KB
4 KB 643ms
192ms Stylesheet
text/css 197.242.144.104
Afrihost

General

Check archive.org

Show headers Download Go to

Full URL: https://heirheads.co.za/.well-known/true/info/i/style4.css
Requested by: Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 197.242.144.104 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: dot.aserv.co.za
Software: Apache /
Resource Hash: 9db0dabd50fbadf8c46bda6dc6bc6f1ae53ccf8332921098b1fec4b0e7f772ee

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://heirheads.co.za/.well-known/true/info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 28 Aug 2019 04:54:10 GMT
Last-Modified: Sun, 08 Dec 2013 08:10:50 GMT
Server: Apache
ETag: "d19-4ed016ad5f680"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 3353

GET
H/1.1 200
OK style5.css
heirheads.co.za/.well-known/true/info/i/ 9 KB
9 KB 651ms
198ms Stylesheet
text/css 197.242.144.104
Afrihost

General

Check archive.org

Show headers Download Go to

Full URL: https://heirheads.co.za/.well-known/true/info/i/style5.css
Requested by: Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 197.242.144.104 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: dot.aserv.co.za
Software: Apache /
Resource Hash: 26f4d159a73ab641c683f4595d75e97ebde21740cede826ae73f4d036b3386b1

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://heirheads.co.za/.well-known/true/info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 28 Aug 2019 04:54:10 GMT
Last-Modified: Sun, 08 Dec 2013 08:11:20 GMT
Server: Apache
ETag: "24ac-4ed016c9fba00"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 9388

GET
H/1.1 200
OK 1.js Show response
heirheads.co.za/.well-known/true/info/i/ 14 KB
14 KB 667ms
208ms Script
application/javascript 197.242.144.104
Afrihost

General

Check archive.org

Show headers Download Go to

Full URL: https://heirheads.co.za/.well-known/true/info/i/1.js
Requested by: Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 197.242.144.104 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: dot.aserv.co.za
Software: Apache /
Resource Hash: a5e7ed4cc2cf01ddc29aa7bca5fd6d2c93a9c081c2d9f9de65d68c77b35c78d5

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://heirheads.co.za/.well-known/true/info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 28 Aug 2019 04:54:10 GMT
Last-Modified: Sun, 08 Dec 2013 08:38:34 GMT
Server: Apache
ETag: "38df-4ed01ce049680"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 14559

GET
H/1.1 200
OK logopaypal.png
heirheads.co.za/.well-known/true/info/i/ 983 B
1 KB 684ms
217ms Image
image/png 197.242.144.104
Afrihost

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://heirheads.co.za/.well-known/true/info/i/logopaypal.png
Requested by: Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 197.242.144.104 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: dot.aserv.co.za
Software: Apache /
Resource Hash: 042af5e5bcafb1c47c62475fb00a65bc522992e2bfb7a55edf243e04590dc0ba

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://heirheads.co.za/.well-known/true/info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 28 Aug 2019 04:54:10 GMT
Last-Modified: Sun, 08 Dec 2013 08:50:46 GMT
Server: Apache
ETag: "3d7-4ed01f9a60580"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 983

GET
H/1.1 200
OK homepage-buy.png
heirheads.co.za/.well-known/true/info/i/ 14 KB
14 KB 192ms
191ms Image
image/png 197.242.144.104
Afrihost

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://heirheads.co.za/.well-known/true/info/i/homepage-buy.png
Requested by: Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 197.242.144.104 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: dot.aserv.co.za
Software: Apache /
Resource Hash: b1294cdd8fd123c39e49b9a69c03d4b30043395338297d1ff4c0535a39cfb239

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://heirheads.co.za/.well-known/true/info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 28 Aug 2019 04:54:10 GMT
Last-Modified: Sun, 08 Dec 2013 09:06:40 GMT
Server: Apache
ETag: "3817-4ed023282e800"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 14359

GET
H/1.1 200
OK homepage-sell.png
heirheads.co.za/.well-known/true/info/i/ 16 KB
16 KB 193ms
192ms Image
image/png 197.242.144.104
Afrihost

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://heirheads.co.za/.well-known/true/info/i/homepage-sell.png
Requested by: Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 197.242.144.104 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: dot.aserv.co.za
Software: Apache /
Resource Hash: 44394b743f692cfabfeeb2e5e5bfa82eda8b38cd8948f51e420ace08db5d377c

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://heirheads.co.za/.well-known/true/info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 28 Aug 2019 04:54:10 GMT
Last-Modified: Sun, 08 Dec 2013 09:07:04 GMT
Server: Apache
ETag: "3f69-4ed0233f11e00"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 16233

GET
H/1.1 200
OK homepage-transfer.png
heirheads.co.za/.well-known/true/info/i/ 15 KB
15 KB 192ms
191ms Image
image/png 197.242.144.104
Afrihost

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://heirheads.co.za/.well-known/true/info/i/homepage-transfer.png
Requested by: Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 197.242.144.104 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: dot.aserv.co.za
Software: Apache /
Resource Hash: c4539b6d99ff1b7e97943f3dcbb3a1eb45b77b81248455e3c15f374487ddf9eb

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://heirheads.co.za/.well-known/true/info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 28 Aug 2019 04:54:11 GMT
Last-Modified: Sun, 08 Dec 2013 09:07:28 GMT
Server: Apache
ETag: "3a8c-4ed02355f5400"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 14988

GET
H/1.1 200
OK 2.js Show response
heirheads.co.za/.well-known/true/info/i/ 276 KB
276 KB 193ms
193ms Script
application/javascript 197.242.144.104
Afrihost

General

Check archive.org

Show headers Download Go to

Full URL: https://heirheads.co.za/.well-known/true/info/i/2.js
Requested by: Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 197.242.144.104 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: dot.aserv.co.za
Software: Apache /
Resource Hash: 9d40b569e56eb45951b82c076f76386c2d36efef6ba320d92be4af99e67c3575

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://heirheads.co.za/.well-known/true/info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 28 Aug 2019 04:54:10 GMT
Last-Modified: Sun, 08 Dec 2013 13:36:42 GMT
Server: Apache
ETag: "44ee8-4ed05f839ce80"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 282344

GET
H2 200 scr_gray-bkgd.png
www.paypalobjects.com/webstatic/i/ex_ce2/scr/ 2 KB
2 KB 160ms
80ms Image
image/png 2.21.38.79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/i/ex_ce2/scr/scr_gray-bkgd.png

Requested by

Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/i/1.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2.21.38.79 , France, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-21-38-79.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

8989f902aac638178b44581ddfd4245ea17d61c77c450657bf752083c95c688f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://heirheads.co.za/.well-known/true/info/i/style1.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Aug 2019 04:54:12 GMT
x-content-type-options: nosniff
last-modified: Tue, 07 Jan 2014 00:36:45 GMT
server: Apache
strict-transport-security: max-age=31536000
p3p: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-type: image/png
content-length: 1706
expires: Wed, 28 Aug 2019 04:54:12 GMT

GET
H2 200 scr_content-bkgd.png
www.paypalobjects.com/webstatic/i/ex_ce2/scr/ 3 KB
3 KB 144ms
80ms Image
image/png 2.21.38.79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/i/ex_ce2/scr/scr_content-bkgd.png

Requested by

Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2.21.38.79 , France, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-21-38-79.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0de9dc4df795b30e9fa458090c49ab8137e65a7901803c81895cef56ac543d13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://heirheads.co.za/.well-known/true/info/i/style1.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Aug 2019 04:54:12 GMT
x-content-type-options: nosniff
last-modified: Tue, 07 Jan 2014 00:36:46 GMT
server: Apache
strict-transport-security: max-age=31536000
p3p: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-type: image/png
content-length: 2681
expires: Wed, 28 Aug 2019 04:54:12 GMT

GET
H2 200 scr_gray-bkgd.png
www.paypalobjects.com/webstatic/i/sparta/scr/ 2 KB
2 KB 152ms
88ms Image
image/png 2.21.38.79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/i/sparta/scr/scr_gray-bkgd.png

Requested by

Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2.21.38.79 , France, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-21-38-79.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

8989f902aac638178b44581ddfd4245ea17d61c77c450657bf752083c95c688f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://heirheads.co.za/.well-known/true/info/i/style1.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Aug 2019 04:54:12 GMT
x-content-type-options: nosniff
last-modified: Tue, 07 Jan 2014 00:36:55 GMT
server: Apache
strict-transport-security: max-age=31536000
p3p: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-type: image/png
content-length: 1706
expires: Wed, 28 Aug 2019 04:54:12 GMT

GET
H2 200 sprite_ia.png
www.paypalobjects.com/webstatic/i/sparta/sprite/ 18 KB
19 KB 170ms
113ms Image
image/png 2.21.38.79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/i/sparta/sprite/sprite_ia.png

Requested by

Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2.21.38.79 , France, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-21-38-79.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

fb2434a896e3e106be72dbbcb361d048b3e1edc30239ae94113becd33ec4fa39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://heirheads.co.za/.well-known/true/info/i/style1.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Aug 2019 04:54:12 GMT
x-content-type-options: nosniff
last-modified: Tue, 07 Jan 2014 00:36:55 GMT
server: Apache
strict-transport-security: max-age=31536000
p3p: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-type: image/png
content-length: 18929
expires: Wed, 28 Aug 2019 04:54:12 GMT

GET
H2 200 interior-gradient-bottom.png
www.paypalobjects.com/webstatic/mktg/consumer/gradients/ 951 B
1 KB 175ms
117ms Image
image/png 2.21.38.79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/mktg/consumer/gradients/interior-gradient-bottom.png

Requested by

Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2.21.38.79 , France, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-21-38-79.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b960c231e8e59f6c73ba9e3af6e76dbe04b8c75b430ddac77f6f42e6ba47b98e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://heirheads.co.za/.well-known/true/info/i/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Aug 2019 04:54:12 GMT
x-content-type-options: nosniff
last-modified: Tue, 07 Jan 2014 00:43:12 GMT
server: Apache
strict-transport-security: max-age=31536000
p3p: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-type: image/png
content-length: 951
expires: Wed, 28 Aug 2019 04:54:12 GMT

GET
H2 200 interior-gradient-top.png
www.paypalobjects.com/webstatic/mktg/consumer/gradients/ 952 B
1 KB 140ms
83ms Image
image/png 2.21.38.79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/mktg/consumer/gradients/interior-gradient-top.png

Requested by

Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2.21.38.79 , France, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-21-38-79.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

f2c173be6a198adf60868c86f6e093f3b850bef0da34689e981fe218ad2a43a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://heirheads.co.za/.well-known/true/info/i/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Aug 2019 04:54:12 GMT
x-content-type-options: nosniff
last-modified: Tue, 07 Jan 2014 00:43:12 GMT
server: Apache
strict-transport-security: max-age=31536000
p3p: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-type: image/png
content-length: 952
expires: Wed, 28 Aug 2019 04:54:12 GMT

GET
H/1.1 200
OK hero_signup_counter.jpg
heirheads.co.za/.well-known/true/info/i/ 102 KB
102 KB 185ms
185ms Image
image/jpeg 197.242.144.104
Afrihost

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://heirheads.co.za/.well-known/true/info/i/hero_signup_counter.jpg
Requested by: Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 197.242.144.104 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: dot.aserv.co.za
Software: Apache /
Resource Hash: 883315dca8d8b7c8096c2b3371dda718cebcabd7a4966c0811eb2eb7dc63b4bb

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://heirheads.co.za/.well-known/true/info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 28 Aug 2019 04:54:11 GMT
Last-Modified: Sun, 08 Dec 2013 08:18:34 GMT
Server: Apache
ETag: "198ed-4ed01867e0a80"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 104685

GET
H2 200 vertical-gradient-sprite.png
www.paypalobjects.com/webstatic/mktg/consumer/pages/home/ 1 KB
2 KB 161ms
117ms Image
image/png 2.21.38.79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/mktg/consumer/pages/home/vertical-gradient-sprite.png

Requested by

Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2.21.38.79 , France, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-21-38-79.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

713be2b4e284567cbe1052bf8b5e43b0e4f6cf232b4f0cb429e51c1a748bac22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://heirheads.co.za/.well-known/true/info/i/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Aug 2019 04:54:12 GMT
x-content-type-options: nosniff
last-modified: Tue, 07 Jan 2014 00:43:02 GMT
server: Apache
strict-transport-security: max-age=31536000
p3p: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-type: image/png
content-length: 1482
expires: Wed, 28 Aug 2019 04:54:12 GMT

GET
H2 200 homepage-gradient-top.png
www.paypalobjects.com/webstatic/mktg/consumer/pages/home/ 955 B
1 KB 156ms
112ms Image
image/png 2.21.38.79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/mktg/consumer/pages/home/homepage-gradient-top.png

Requested by

Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2.21.38.79 , France, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-21-38-79.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

bbf40134304a63796fa2b6a75466a19d6e675c205af5cb0c41387def3841bd04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://heirheads.co.za/.well-known/true/info/i/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Aug 2019 04:54:12 GMT
x-content-type-options: nosniff
last-modified: Tue, 07 Jan 2014 00:43:02 GMT
server: Apache
strict-transport-security: max-age=31536000
p3p: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-type: image/png
content-length: 955
expires: Wed, 28 Aug 2019 04:54:12 GMT

GET
H2 200 sprite_header_footer_94.png
www.paypalobjects.com/webstatic/i/sparta/sprite/ 5 KB
5 KB 119ms
75ms Image
image/png 2.21.38.79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/i/sparta/sprite/sprite_header_footer_94.png

Requested by

Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2.21.38.79 , France, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-21-38-79.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0d20242be67c0597e0203dacb7f9b5cec66c3ad056045929faf4605142e854a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://heirheads.co.za/.well-known/true/info/i/style1.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 28 Aug 2019 04:54:12 GMT
x-content-type-options: nosniff
last-modified: Tue, 07 Jan 2014 00:36:55 GMT
server: Apache
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
cache-control: max-age=7776000
accept-ranges: bytes
content-length: 4984
expires: Tue, 26 Nov 2019 04:54:12 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

heirheads.co.za
www.paypalobjects.com
197.242.144.104
2.21.38.79
042af5e5bcafb1c47c62475fb00a65bc522992e2bfb7a55edf243e04590dc0ba
0d20242be67c0597e0203dacb7f9b5cec66c3ad056045929faf4605142e854a2
0de9dc4df795b30e9fa458090c49ab8137e65a7901803c81895cef56ac543d13
26f4d159a73ab641c683f4595d75e97ebde21740cede826ae73f4d036b3386b1
44394b743f692cfabfeeb2e5e5bfa82eda8b38cd8948f51e420ace08db5d377c
713be2b4e284567cbe1052bf8b5e43b0e4f6cf232b4f0cb429e51c1a748bac22
7bbc65e95b36ececb089c29be61503025be358653b7deb3af505ae1e880a08a1
7cabfc220823b90e666f378d3835c89b9c715279a2adf5ec4eb621c6781f7cf4
7ee817ef7aab069bd57e8a3082f62ba70ed249e8f7faff7f1cc3b503fbe0fc7d
883315dca8d8b7c8096c2b3371dda718cebcabd7a4966c0811eb2eb7dc63b4bb
8989f902aac638178b44581ddfd4245ea17d61c77c450657bf752083c95c688f
9d40b569e56eb45951b82c076f76386c2d36efef6ba320d92be4af99e67c3575
9db0dabd50fbadf8c46bda6dc6bc6f1ae53ccf8332921098b1fec4b0e7f772ee
a5e7ed4cc2cf01ddc29aa7bca5fd6d2c93a9c081c2d9f9de65d68c77b35c78d5
b1294cdd8fd123c39e49b9a69c03d4b30043395338297d1ff4c0535a39cfb239
b960c231e8e59f6c73ba9e3af6e76dbe04b8c75b430ddac77f6f42e6ba47b98e
bbf40134304a63796fa2b6a75466a19d6e675c205af5cb0c41387def3841bd04
c4539b6d99ff1b7e97943f3dcbb3a1eb45b77b81248455e3c15f374487ddf9eb
f2c173be6a198adf60868c86f6e093f3b850bef0da34689e981fe218ad2a43a1
fb2434a896e3e106be72dbbcb361d048b3e1edc30239ae94113becd33ec4fa39

heirheads.co.za Open in urlscan Pro 197.242.144.104 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

21 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

675 kBTransfer

669 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

0 Cookies

Indicators

heirheads.co.za Open in urlscan Pro
197.242.144.104 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

675 kB
Transfer

669 kB
Size

0
Cookies

21 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!