prismatic-vial-290917.uc.r.appspot.com Open in urlscan Pro
2a00:1450:4001:81b::2014 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
Submission: On October 09 via automatic, source openphish (October 9th 2020, 1:19:09 pm UTC)

Summary HTTP 13 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 13 HTTP transactions. The main IP is 2a00:1450:4001:81b::2014, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is prismatic-vial-290917.uc.r.appspot.com.

This is the only time prismatic-vial-290917.uc.r.appspot.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1	2a00:1450:400... 2a00:1450:4001:81b::2014	15169 (GOOGLE) (GOOGLE)
11	104.111.228.123 104.111.228.123	16625 (AKAMAI-AS) (AKAMAI-AS)
8 8	151.101.193.21 151.101.193.21	54113 (FASTLY) (FASTLY)
1	173.0.88.168 173.0.88.168	17012 (PAYPAL) (PAYPAL)
13	3

1 2a00:1450:4001:81b::2014 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

prismatic-vial-290917.uc.r.appspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 104.111.228.123 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-228-123.deploy.static.akamaitechnologies.com

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 151.101.193.21 (United States) 8 redirects

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.0.88.168 (United States)

ASN17012 (PAYPAL, US)
PTR: images.paypal.com

images.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	paypalobjects.com www.paypalobjects.com	17 KB
9	paypal.com 8 redirects www.paypal.com images.paypal.com	5 KB
1	appspot.com prismatic-vial-290917.uc.r.appspot.com	8 KB
13	3

	Domain	Requested by
11	www.paypalobjects.com	prismatic-vial-290917.uc.r.appspot.com
8	www.paypal.com	8 redirects
1	images.paypal.com	prismatic-vial-290917.uc.r.appspot.com
1	prismatic-vial-290917.uc.r.appspot.com
13	4

This site contains links to these domains. Also see Links.

Domain
www.paypal.com

Subject Issuer	Validity	Valid
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2020-01-09` - `2022-01-12`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
Frame ID: 389A5797B77585148420EA8DFCA86360
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Google App Engine (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /Google Frontend/i

Page Statistics

13
Requests

85 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

3
IPs

3
Countries

27 kB
Transfer

83 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: http://www.paypal.com/cgi-bin/webscr?cmd=_home

Search URL Search Domain Scan URL

URL: https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/Marketing/popup/WaxAboutPaypal-outside&justSecure=true
Title: Secure

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://www.paypal.com/js/pp_main.js HTTP 301
https://www.paypalobjects.com/js/pp_main.js

Request Chain 2

http://www.paypalobjects.com/en_US/i/logo/paypal_logo.gif HTTP 307
https://www.paypalobjects.com/en_US/i/logo/paypal_logo.gif

Request Chain 3

https://www.paypal.com/en_US/i/nav/P_on_my_account.gif HTTP 301
https://www.paypalobjects.com/en_US/i/nav/P_on_my_account.gif

Request Chain 4

http://www.paypalobjects.com/en_US/i/scr/pixel.gif HTTP 307
https://www.paypalobjects.com/en_US/i/scr/pixel.gif

Request Chain 5

https://www.paypal.com/en_US/i/nav/P_off_send_money.gif HTTP 301
https://www.paypalobjects.com/en_US/i/nav/P_off_send_money.gif

Request Chain 6

https://www.paypal.com/en_US/i/nav/P_off_request_money.gif HTTP 301
https://www.paypalobjects.com/en_US/i/nav/P_off_request_money.gif

Request Chain 7

https://www.paypal.com/en_US/i/nav/P_off_merchant_tools.gif HTTP 301
https://www.paypalobjects.com/en_US/i/nav/P_off_merchant_tools.gif

Request Chain 8

https://www.paypal.com/en_US/i/nav/P_off_auction_tools.gif HTTP 301
https://www.paypalobjects.com/en_US/i/nav/P_off_auction_tools.gif

Request Chain 10

http://www.paypal.com/images/ebay_co.gif HTTP 307
https://www.paypal.com/images/ebay_co.gif HTTP 301
https://www.paypalobjects.com/images/ebay_co.gif

Request Chain 11

http://www.paypal.com/images/tabs/bg.gif HTTP 307
https://www.paypal.com/images/tabs/bg.gif HTTP 301
https://www.paypalobjects.com/images/tabs/bg.gif

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request file.html Show response
prismatic-vial-290917.uc.r.appspot.com/ 33 KB
8 KB 168ms
132ms Document
text/html 2a00:1450:4001:81b::2014
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
Protocol: HTTP/1.1
Server: 2a00:1450:4001:81b::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: a400916bfec70e3e4cfa58e272c216066be60656883bdaaaa8fbe518d4178e0f

Request headers

Host: prismatic-vial-290917.uc.r.appspot.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 13:18:48 GMT
Expires: Fri, 09 Oct 2020 13:28:48 GMT
Cache-Control: public, max-age=600
ETag: "j1__hw"
X-Cloud-Trace-Context: 0e5d75acb7ceaf58750baf7a55d1c42d
Content-Type: text/html
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: Google Frontend

GET
H2 200 pp_styles_082102.css
www.paypalobjects.com/css/ 10 KB
2 KB 215ms
55ms Stylesheet
text/css 104.111.228.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/css/pp_styles_082102.css

Requested by

Host: prismatic-vial-290917.uc.r.appspot.com
URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-228-123.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

5ec051f2547a010842f625c6fc6ee8f4df6ea2e60f8f83015cb23a2e4751317e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 09 Oct 2020 13:18:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Jul 2020 23:04:55 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=3600
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 1835
expires: Fri, 09 Oct 2020 14:18:49 GMT

GET
H2

200

pp_main.js Show response
www.paypalobjects.com/js/
Redirect Chain

https://www.paypal.com/js/pp_main.js
https://www.paypalobjects.com/js/pp_main.js

35 KB
10 KB

54ms
54ms

Script
application/x-javascript

104.111.228.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/js/pp_main.js

Requested by

Host: prismatic-vial-290917.uc.r.appspot.com
URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-228-123.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e31d5c7948fd43e290e71096a765f65a19537575e07f43a2db8f61ad2cb5e9b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 09 Oct 2020 13:18:49 GMT
x-pad: avoid browser bug
x-content-type-options: nosniff
status: 200
content-encoding: gzip
vary: Accept-Encoding
content-length: 9449
last-modified: Thu, 30 Jul 2020 23:05:10 GMT
server: Apache
strict-transport-security: max-age=31536000
access-control-allow-methods: GET
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
expires: Fri, 09 Oct 2020 14:18:49 GMT

Redirect headers

date: Fri, 09 Oct 2020 13:18:49 GMT
via: 1.1 varnish, 1.1 varnish
x-timer: S1602249529.258040,VS0,VE191
x-served-by: cache-lhr7330-LHR, cache-hhn4042-HHN
status: 301
x-cache: MISS, MISS
content-type: text/html; charset=iso-8859-1
location: https://www.paypalobjects.com/js/pp_main.js
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: cd8ca3072bea
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes, bytes, bytes, bytes
dc: slc-b-origin-www-1.paypal.com
content-length: 251
x-cache-hits: 0, 0

GET
H2

200

paypal_logo.gif
www.paypalobjects.com/en_US/i/logo/
Redirect Chain

http://www.paypalobjects.com/en_US/i/logo/paypal_logo.gif
https://www.paypalobjects.com/en_US/i/logo/paypal_logo.gif

1 KB
1 KB

62ms
58ms

Image
image/png

104.111.228.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/en_US/i/logo/paypal_logo.gif

Requested by

Host: prismatic-vial-290917.uc.r.appspot.com
URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-228-123.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

66e40f1dee3ded177d607518a4d0368f6c5741a9a09dc197a5edc8fbb2a1099a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 09 Oct 2020 13:18:49 GMT
x-content-type-options: nosniff
x-check-cacheable: YES
x-serial: 300
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
cache-control: private, no-transform, max-age=43200
last-modified: Fri, 08 May 2020 01:20:36 GMT
content-length: 1279
server: Akamai Image Manager
expires: Sat, 10 Oct 2020 01:18:49 GMT

Redirect headers

Location: https://www.paypalobjects.com/en_US/i/logo/paypal_logo.gif
Non-Authoritative-Reason: HSTS

GET
H2

200

P_on_my_account.gif
www.paypalobjects.com/en_US/i/nav/
Redirect Chain

https://www.paypal.com/en_US/i/nav/P_on_my_account.gif
https://www.paypalobjects.com/en_US/i/nav/P_on_my_account.gif

399 B
607 B

56ms
56ms

Image
image/png

104.111.228.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/en_US/i/nav/P_on_my_account.gif

Requested by

Host: prismatic-vial-290917.uc.r.appspot.com
URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-228-123.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

812061246226b788c65561f8b90bd949f4cf63a2435a3041fed61fe8e975e106

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 09 Oct 2020 13:18:49 GMT
x-content-type-options: nosniff
last-modified: Fri, 04 Sep 2020 03:33:54 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
cache-control: private, no-transform, max-age=43200
content-length: 399
expires: Sat, 10 Oct 2020 01:18:49 GMT

Redirect headers

date: Fri, 09 Oct 2020 13:18:49 GMT
via: 1.1 varnish, 1.1 varnish
x-timer: S1602249529.376633,VS0,VE215
x-served-by: cache-lhr7360-LHR, cache-hhn4042-HHN
status: 301
x-cache: MISS, MISS
content-type: text/html; charset=iso-8859-1
location: https://www.paypalobjects.com/en_US/i/nav/P_on_my_account.gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: 742608998a465
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes, bytes, bytes, bytes
dc: phx-origin-www-3.paypal.com
content-length: 269
x-cache-hits: 0, 0

GET
H2

200

pixel.gif
www.paypalobjects.com/en_US/i/scr/
Redirect Chain

http://www.paypalobjects.com/en_US/i/scr/pixel.gif
https://www.paypalobjects.com/en_US/i/scr/pixel.gif

43 B
279 B

57ms
56ms

Image
image/gif

104.111.228.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/en_US/i/scr/pixel.gif

Requested by

Host: prismatic-vial-290917.uc.r.appspot.com
URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-228-123.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 09 Oct 2020 13:18:49 GMT
x-content-type-options: nosniff
x-check-cacheable: YES
x-serial: 56
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
cache-control: private, no-transform, max-age=43200
last-modified: Fri, 08 May 2020 01:21:33 GMT
content-length: 43
server: Akamai Image Manager
expires: Sat, 10 Oct 2020 01:18:49 GMT

Redirect headers

Location: https://www.paypalobjects.com/en_US/i/scr/pixel.gif
Non-Authoritative-Reason: HSTS

GET
H2

200

P_off_send_money.gif
www.paypalobjects.com/en_US/i/nav/
Redirect Chain

https://www.paypal.com/en_US/i/nav/P_off_send_money.gif
https://www.paypalobjects.com/en_US/i/nav/P_off_send_money.gif

239 B
477 B

56ms
56ms

Image
image/png

104.111.228.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/en_US/i/nav/P_off_send_money.gif

Requested by

Host: prismatic-vial-290917.uc.r.appspot.com
URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-228-123.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

5e11305cdb3b64e188c04e2b7fe3d506c592b10e9ffc7212ff08a21e1dbcfcbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 09 Oct 2020 13:18:49 GMT
x-content-type-options: nosniff
x-check-cacheable: YES
x-serial: 1079
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
cache-control: private, no-transform, max-age=43200
last-modified: Wed, 02 Sep 2020 11:34:06 GMT
content-length: 239
server: Akamai Image Manager
expires: Sat, 10 Oct 2020 01:18:49 GMT

Redirect headers

date: Fri, 09 Oct 2020 13:18:49 GMT
via: 1.1 varnish, 1.1 varnish
x-timer: S1602249530.561854,VS0,VE223
x-served-by: cache-lhr7330-LHR, cache-hhn4042-HHN
status: 301
x-cache: MISS, MISS
content-type: text/html; charset=iso-8859-1
location: https://www.paypalobjects.com/en_US/i/nav/P_off_send_money.gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: e07a48dc83506
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes, bytes, bytes, bytes
dc: ccg11-origin-www-1.paypal.com
content-length: 270
x-cache-hits: 0, 0

GET
H2

200

P_off_request_money.gif
www.paypalobjects.com/en_US/i/nav/
Redirect Chain

https://www.paypal.com/en_US/i/nav/P_off_request_money.gif
https://www.paypalobjects.com/en_US/i/nav/P_off_request_money.gif

261 B
468 B

58ms
57ms

Image
image/png

104.111.228.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/en_US/i/nav/P_off_request_money.gif

Requested by

Host: prismatic-vial-290917.uc.r.appspot.com
URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-228-123.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

dda41981d2c9961339191152837c4131c1f5ca4156c74baf8e0490cb5af004f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 09 Oct 2020 13:18:49 GMT
x-content-type-options: nosniff
last-modified: Sun, 13 Sep 2020 09:53:08 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
cache-control: private, no-transform, max-age=43200
content-length: 261
expires: Sat, 10 Oct 2020 01:18:49 GMT

Redirect headers

date: Fri, 09 Oct 2020 13:18:49 GMT
via: 1.1 varnish, 1.1 varnish
x-timer: S1602249530.562441,VS0,VE233
x-served-by: cache-lhr7335-LHR, cache-hhn4042-HHN
status: 301
x-cache: MISS, MISS
content-type: text/html; charset=iso-8859-1
location: https://www.paypalobjects.com/en_US/i/nav/P_off_request_money.gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: 9617276108615
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes, bytes, bytes, bytes
dc: ccg11-origin-www-2.paypal.com
content-length: 273
x-cache-hits: 0, 0

GET
H2

200

P_off_merchant_tools.gif
www.paypalobjects.com/en_US/i/nav/
Redirect Chain

https://www.paypal.com/en_US/i/nav/P_off_merchant_tools.gif
https://www.paypalobjects.com/en_US/i/nav/P_off_merchant_tools.gif

250 B
487 B

57ms
57ms

Image
image/png

104.111.228.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/en_US/i/nav/P_off_merchant_tools.gif

Requested by

Host: prismatic-vial-290917.uc.r.appspot.com
URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-228-123.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

759b02e5b12934710abd11fdee615a3b59871056bf8c8122cc0d228510a94874

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 09 Oct 2020 13:18:49 GMT
x-content-type-options: nosniff
x-check-cacheable: YES
x-serial: 1263
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
cache-control: private, no-transform, max-age=43200
last-modified: Fri, 08 May 2020 01:52:55 GMT
content-length: 250
server: Akamai Image Manager
expires: Sat, 10 Oct 2020 01:18:49 GMT

Redirect headers

date: Fri, 09 Oct 2020 13:18:49 GMT
via: 1.1 varnish, 1.1 varnish
x-timer: S1602249530.562624,VS0,VE255
x-served-by: cache-lhr7367-LHR, cache-hhn4042-HHN
status: 301
x-cache: MISS, MISS
content-type: text/html; charset=iso-8859-1
location: https://www.paypalobjects.com/en_US/i/nav/P_off_merchant_tools.gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: 644b593531466
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes, bytes, bytes, bytes
dc: phx-origin-www-3.paypal.com
content-length: 274
x-cache-hits: 0, 0

GET
H2

200

P_off_auction_tools.gif
www.paypalobjects.com/en_US/i/nav/
Redirect Chain

https://www.paypal.com/en_US/i/nav/P_off_auction_tools.gif
https://www.paypalobjects.com/en_US/i/nav/P_off_auction_tools.gif

225 B
432 B

55ms
55ms

Image
image/png

104.111.228.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/en_US/i/nav/P_off_auction_tools.gif

Requested by

Host: prismatic-vial-290917.uc.r.appspot.com
URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-228-123.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

ac51959ca107f9169ff0c21575c1e36f6aff0eed163eda1645e5da746daacf4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 09 Oct 2020 13:18:49 GMT
x-content-type-options: nosniff
last-modified: Mon, 07 Sep 2020 18:05:54 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
cache-control: private, no-transform, max-age=43200
content-length: 225
expires: Sat, 10 Oct 2020 01:18:49 GMT

Redirect headers

date: Fri, 09 Oct 2020 13:18:49 GMT
via: 1.1 varnish, 1.1 varnish
x-timer: S1602249530.562617,VS0,VE222
x-served-by: cache-lhr7382-LHR, cache-hhn4042-HHN
status: 301
x-cache: MISS, MISS
content-type: text/html; charset=iso-8859-1
location: https://www.paypalobjects.com/en_US/i/nav/P_off_auction_tools.gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: 929b9064e81f8
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes, bytes, bytes, bytes
dc: ccg11-origin-www-1.paypal.com
content-length: 273
x-cache-hits: 0, 0

GET
H/1.1 200
OK logo_cards_150x26.gif
images.paypal.com/images/ 2 KB
2 KB 401ms
367ms Image
image/gif 173.0.88.168
PAYPAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://images.paypal.com/images/logo_cards_150x26.gif
Requested by: Host: prismatic-vial-290917.uc.r.appspot.com
URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
Protocol: HTTP/1.1
Server: 173.0.88.168 , United States, ASN17012 (PAYPAL, US),
Reverse DNS: images.paypal.com
Software: Apache /
Resource Hash: 354cac498fd98fb9da08eee60231959dc2423ae44b3cb895fefd7458d35ff2a2

Request headers

Referer: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 13:18:49 GMT
Last-Modified: Fri, 16 Aug 2019 04:57:39 GMT
Server: Apache
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1780

GET
H2

200

ebay_co.gif
www.paypalobjects.com/images/
Redirect Chain

http://www.paypal.com/images/ebay_co.gif
https://www.paypal.com/images/ebay_co.gif
https://www.paypalobjects.com/images/ebay_co.gif

524 B
762 B

58ms
58ms

Image
image/png

104.111.228.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/images/ebay_co.gif

Requested by

Host: prismatic-vial-290917.uc.r.appspot.com
URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-228-123.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

2e9167e631c60acd01f31c60f81b837253febe931f831de117be1e56ce5ec3f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 09 Oct 2020 13:18:49 GMT
x-content-type-options: nosniff
x-check-cacheable: YES
x-serial: 1155
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
cache-control: private, no-transform, max-age=43200
last-modified: Sun, 06 Sep 2020 14:52:06 GMT
content-length: 524
server: Akamai Image Manager
expires: Sat, 10 Oct 2020 01:18:49 GMT

Redirect headers

date: Fri, 09 Oct 2020 13:18:49 GMT
via: 1.1 varnish, 1.1 varnish
x-timer: S1602249530.640609,VS0,VE155
x-served-by: cache-lhr7361-LHR, cache-hhn4042-HHN
status: 301
x-cache: MISS, MISS
location: https://www.paypalobjects.com/images/ebay_co.gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: a7367fe5c821e
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes, bytes, bytes, bytes
dc: slc-b-origin-www-2.paypal.com
content-length: 0
x-cache-hits: 0, 0

GET
H2

200

bg.gif
www.paypalobjects.com/images/tabs/
Redirect Chain

http://www.paypal.com/images/tabs/bg.gif
https://www.paypal.com/images/tabs/bg.gif
https://www.paypalobjects.com/images/tabs/bg.gif

154 B
354 B

56ms
55ms

Image
image/webp

104.111.228.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/images/tabs/bg.gif

Requested by

Host: prismatic-vial-290917.uc.r.appspot.com
URL: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-228-123.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

d6f2dd544557b7f105ad05ca3cb7c445ef0e941df47bbf2faebc69dcaabb54d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: http://prismatic-vial-290917.uc.r.appspot.com/file.html?paypal.com/b/ref=si3_store_su?ie=utf8&node=293522011blv1kxdr2oe5uaprzw=0387
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 09 Oct 2020 13:18:49 GMT
x-content-type-options: nosniff
last-modified: Wed, 02 Sep 2020 22:48:30 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/webp
status: 200
cache-control: private, max-age=705598
content-length: 154
expires: Sat, 17 Oct 2020 17:18:47 GMT

Redirect headers

date: Fri, 09 Oct 2020 13:18:49 GMT
via: 1.1 varnish, 1.1 varnish
x-timer: S1602249530.641853,VS0,VE160
x-served-by: cache-lhr7362-LHR, cache-hhn4042-HHN
status: 301
x-cache: MISS, MISS
location: https://www.paypalobjects.com/images/tabs/bg.gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: ebe9ab7b1485d
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes, bytes, bytes, bytes
dc: ccg11-origin-www-2.paypal.com
content-length: 0
x-cache-hits: 0, 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

72 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

images.paypal.com
prismatic-vial-290917.uc.r.appspot.com
www.paypal.com
www.paypalobjects.com
104.111.228.123
151.101.193.21
173.0.88.168
2a00:1450:4001:81b::2014
2e9167e631c60acd01f31c60f81b837253febe931f831de117be1e56ce5ec3f0
354cac498fd98fb9da08eee60231959dc2423ae44b3cb895fefd7458d35ff2a2
5e11305cdb3b64e188c04e2b7fe3d506c592b10e9ffc7212ff08a21e1dbcfcbc
5ec051f2547a010842f625c6fc6ee8f4df6ea2e60f8f83015cb23a2e4751317e
66e40f1dee3ded177d607518a4d0368f6c5741a9a09dc197a5edc8fbb2a1099a
759b02e5b12934710abd11fdee615a3b59871056bf8c8122cc0d228510a94874
812061246226b788c65561f8b90bd949f4cf63a2435a3041fed61fe8e975e106
a400916bfec70e3e4cfa58e272c216066be60656883bdaaaa8fbe518d4178e0f
ac51959ca107f9169ff0c21575c1e36f6aff0eed163eda1645e5da746daacf4a
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
d6f2dd544557b7f105ad05ca3cb7c445ef0e941df47bbf2faebc69dcaabb54d5
dda41981d2c9961339191152837c4131c1f5ca4156c74baf8e0490cb5af004f1
e31d5c7948fd43e290e71096a765f65a19537575e07f43a2db8f61ad2cb5e9b9

prismatic-vial-290917.uc.r.appspot.com Open in urlscan Pro 2a00:1450:4001:81b::2014 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

13 Requests

85 %HTTPS

25 %IPv6

3 Domains

4 Subdomains

3 IPs

3 Countries

27 kBTransfer

83 kBSize

0 Cookies

2 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

72 JavaScript Global Variables

0 Cookies

Indicators

prismatic-vial-290917.uc.r.appspot.com Open in urlscan Pro
2a00:1450:4001:81b::2014 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

85 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

3
IPs

3
Countries

27 kB
Transfer

83 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!