prismatic-vial-290917.uc.r.appspot.com
Open in
urlscan Pro
2a00:1450:4001:821::2014
Malicious Activity!
Public Scan
Effective URL: https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387
Submission Tags: phishing malicious Search All
Submission: On October 02 via api from US
Summary
TLS certificate: Issued by GTS CA 1O1 on September 3rd 2020. Valid for: 3 months.
This is the only time prismatic-vial-290917.uc.r.appspot.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 2a00:1450:400... 2a00:1450:4001:821::2014 | 15169 (GOOGLE) (GOOGLE) | |
11 | 104.111.228.123 104.111.228.123 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
8 8 | 151.101.65.21 151.101.65.21 | 54113 (FASTLY) (FASTLY) | |
1 | 173.0.84.200 173.0.84.200 | 17012 (PAYPAL) (PAYPAL) | |
14 | 3 |
ASN15169 (GOOGLE, US)
prismatic-vial-290917.uc.r.appspot.com |
ASN16625 (AKAMAI-AS, US)
PTR: a104-111-228-123.deploy.static.akamaitechnologies.com
www.paypalobjects.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
paypalobjects.com
www.paypalobjects.com |
17 KB |
9 |
paypal.com
8 redirects
www.paypal.com images.paypal.com |
5 KB |
2 |
appspot.com
prismatic-vial-290917.uc.r.appspot.com |
9 KB |
14 | 3 |
Domain | Requested by | |
---|---|---|
11 | www.paypalobjects.com |
prismatic-vial-290917.uc.r.appspot.com
|
8 | www.paypal.com | 8 redirects |
2 | prismatic-vial-290917.uc.r.appspot.com | |
1 | images.paypal.com |
prismatic-vial-290917.uc.r.appspot.com
|
14 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.paypal.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.appspot.com GTS CA 1O1 |
2020-09-03 - 2020-11-26 |
3 months | crt.sh |
www.paypal.com DigiCert SHA2 Extended Validation Server CA |
2020-01-09 - 2022-01-12 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387
Frame ID: 5548F68D11C967BE402D808AA1FE3B9B
Requests: 14 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://prismatic-vial-290917.uc.r.appspot.com/ Page URL
- https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5u... Page URL
Detected technologies
Google App Engine (Web Servers) ExpandDetected patterns
- headers server /Google Frontend/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Secure
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://prismatic-vial-290917.uc.r.appspot.com/ Page URL
- https://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAPrZw%3D0387 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 2- https://www.paypal.com/js/pp_main.js HTTP 301
- https://www.paypalobjects.com/js/pp_main.js
- http://www.paypalobjects.com/en_US/i/logo/paypal_logo.gif HTTP 307
- https://www.paypalobjects.com/en_US/i/logo/paypal_logo.gif
- https://www.paypal.com/en_US/i/nav/P_on_my_account.gif HTTP 301
- https://www.paypalobjects.com/en_US/i/nav/P_on_my_account.gif
- http://www.paypalobjects.com/en_US/i/scr/pixel.gif HTTP 307
- https://www.paypalobjects.com/en_US/i/scr/pixel.gif
- https://www.paypal.com/en_US/i/nav/P_off_send_money.gif HTTP 301
- https://www.paypalobjects.com/en_US/i/nav/P_off_send_money.gif
- https://www.paypal.com/en_US/i/nav/P_off_request_money.gif HTTP 301
- https://www.paypalobjects.com/en_US/i/nav/P_off_request_money.gif
- https://www.paypal.com/en_US/i/nav/P_off_merchant_tools.gif HTTP 301
- https://www.paypalobjects.com/en_US/i/nav/P_off_merchant_tools.gif
- https://www.paypal.com/en_US/i/nav/P_off_auction_tools.gif HTTP 301
- https://www.paypalobjects.com/en_US/i/nav/P_off_auction_tools.gif
- http://www.paypal.com/images/ebay_co.gif HTTP 307
- https://www.paypal.com/images/ebay_co.gif HTTP 301
- https://www.paypalobjects.com/images/ebay_co.gif
- http://www.paypal.com/images/tabs/bg.gif HTTP 307
- https://www.paypal.com/images/tabs/bg.gif HTTP 301
- https://www.paypalobjects.com/images/tabs/bg.gif
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
prismatic-vial-290917.uc.r.appspot.com/ |
137 B 526 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
Primary Request
file.html
prismatic-vial-290917.uc.r.appspot.com/ |
33 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pp_styles_082102.css
www.paypalobjects.com/css/ |
10 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pp_main.js
www.paypalobjects.com/js/ Redirect Chain
|
35 KB 10 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
paypal_logo.gif
www.paypalobjects.com/en_US/i/logo/ Redirect Chain
|
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
P_on_my_account.gif
www.paypalobjects.com/en_US/i/nav/ Redirect Chain
|
399 B 607 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pixel.gif
www.paypalobjects.com/en_US/i/scr/ Redirect Chain
|
43 B 279 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
P_off_send_money.gif
www.paypalobjects.com/en_US/i/nav/ Redirect Chain
|
239 B 477 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
P_off_request_money.gif
www.paypalobjects.com/en_US/i/nav/ Redirect Chain
|
261 B 468 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
P_off_merchant_tools.gif
www.paypalobjects.com/en_US/i/nav/ Redirect Chain
|
250 B 487 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
P_off_auction_tools.gif
www.paypalobjects.com/en_US/i/nav/ Redirect Chain
|
225 B 462 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_cards_150x26.gif
images.paypal.com/images/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ebay_co.gif
www.paypalobjects.com/images/ Redirect Chain
|
524 B 762 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg.gif
www.paypalobjects.com/images/tabs/ Redirect Chain
|
154 B 363 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)72 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes boolean| NS function| safeSubmitGood function| safeSubmit function| blockIt function| openWindow function| openWindow640 function| openWindowWH function| openWindowDemo function| openWindowDemoSmall function| openWindowATC undefined| singlePop function| openSinglePop function| windowNamer function| writeWindow function| ToggleBoxes function| countChecked function| printit number| scrX number| scrY number| tgtX object| win1 object| win2 number| balloonFlag undefined| winTracker function| ContextOpenHelp function| ContextShowHideHelp function| ReloadLocalizedPage function| ReloadPage function| ToggleCheck function| ToggleCheck_image function| submitToSF function| displaySubindustry function| textCounter function| FillPrefix function| removeComment function| resizeShoppingCartWindow function| insertAutoText function| blockCountry function| unblockCountry function| submitAllOptions function| transfer function| changeCurrencySymbol function| getCurrencySymbol function| appendQString undefined| bankWin function| openOffCenteredWindow function| openBankWindow function| openNewWindowAndSubmit function| createArray function| toggleDisabled function| UpdateProperties function| webscrUpdate function| updSetup string| ptr number| updTries number| intID function| toggleDisplay function| showMoreFields function| showBlock function| closeAll function| closeIt function| closePopup function| checkElement function| setDefault function| disableFormElements function| disableObject function| enableFieldset function| setTransID function| CC_noErrors function| check_all function| snapIn0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
images.paypal.com
prismatic-vial-290917.uc.r.appspot.com
www.paypal.com
www.paypalobjects.com
104.111.228.123
151.101.65.21
173.0.84.200
2a00:1450:4001:821::2014
2e9167e631c60acd01f31c60f81b837253febe931f831de117be1e56ce5ec3f0
354cac498fd98fb9da08eee60231959dc2423ae44b3cb895fefd7458d35ff2a2
5e11305cdb3b64e188c04e2b7fe3d506c592b10e9ffc7212ff08a21e1dbcfcbc
5ec051f2547a010842f625c6fc6ee8f4df6ea2e60f8f83015cb23a2e4751317e
66e40f1dee3ded177d607518a4d0368f6c5741a9a09dc197a5edc8fbb2a1099a
759b02e5b12934710abd11fdee615a3b59871056bf8c8122cc0d228510a94874
812061246226b788c65561f8b90bd949f4cf63a2435a3041fed61fe8e975e106
a400916bfec70e3e4cfa58e272c216066be60656883bdaaaa8fbe518d4178e0f
ac51959ca107f9169ff0c21575c1e36f6aff0eed163eda1645e5da746daacf4a
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
d6f2dd544557b7f105ad05ca3cb7c445ef0e941df47bbf2faebc69dcaabb54d5
dda41981d2c9961339191152837c4131c1f5ca4156c74baf8e0490cb5af004f1
e31d5c7948fd43e290e71096a765f65a19537575e07f43a2db8f61ad2cb5e9b9
e4ccd781d0a2deedde96e626c7bae0b7bb82364b65abd2f63c0f20236089f05f