urlscan.io logo urlscan.io
SecurityTrails logo

revoke-transaction-db-usgovnetworks.codeanyapp.com Open in urlscan Pro
198.199.109.95  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://s.id/19szv
Effective URL: https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com&utm_campaign=order-confirmation-email&utm_medium=email&utm_content=bu...
Submission: On June 20 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 4 countries across 8 domains to perform 21 HTTP transactions. The main IP is 198.199.109.95, located in San Francisco, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is revoke-transaction-db-usgovnetworks.codeanyapp.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on August 20th 2021. Valid for: a year.
This is the only time revoke-transaction-db-usgovnetworks.codeanyapp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

IP Address AS Autonomous System
2 2 45.126.58.78 132647 (IDNIC-PAN...)
1 1 23.227.38.36 13335 (CLOUDFLAR...)
3 198.199.109.95 14061 (DIGITALOC...)
12 192.229.221.25 15133 (EDGECAST)
1 2a00:1450:400... 15169 (GOOGLE)
1 3 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
21 6
2    45.126.58.78 (Indonesia)

ASN132647 (IDNIC-PANDI-AS-ID Pengelola Nama Domain Internet Indonesia, ID)
s.id
1    23.227.38.36 (Ottawa, Canada)

ASN13335 (CLOUDFLARENET, US)
freshhoods.com
3    198.199.109.95 (San Francisco, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: codeanyproxy.com
revoke-transaction-db-usgovnetworks.codeanyapp.com
12    192.229.221.25 (United States)

ASN15133 (EDGECAST, US)
www.paypalobjects.com
1    2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
3    2a00:1450:4001:811::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
Apex Domain
Subdomains		 Transfer
12 paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 1917
245 KB
3 google.com
www.google.com — Cisco Umbrella Rank: 9
16 KB
3 codeanyapp.com
revoke-transaction-db-usgovnetworks.codeanyapp.com
6 KB
2 google.de
www.google.de — Cisco Umbrella Rank: 5111
731 B
2 s.id
s.id — Cisco Umbrella Rank: 183813
446 B
1 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 55
2 KB
1 freshhoods.com
freshhoods.com — Cisco Umbrella Rank: 856935
1 KB
0 Failed
function sub() { [native code] }. Failed
21 8
Domain Requested by
12 www.paypalobjects.com revoke-transaction-db-usgovnetworks.codeanyapp.com
www.paypalobjects.com
3 www.google.com 1 redirects revoke-transaction-db-usgovnetworks.codeanyapp.com
3 revoke-transaction-db-usgovnetworks.codeanyapp.com revoke-transaction-db-usgovnetworks.codeanyapp.com
2 www.google.de revoke-transaction-db-usgovnetworks.codeanyapp.com
2 s.id 2 redirects
1 googleads.g.doubleclick.net revoke-transaction-db-usgovnetworks.codeanyapp.com
1 freshhoods.com 1 redirects
0 undefined Failed revoke-transaction-db-usgovnetworks.codeanyapp.com
21 8

This site contains no links.

Subject Issuer Validity Valid
*.codeanyapp.com
Sectigo RSA Domain Validation Secure Server CA		 2021-08-20 -
2022-08-20		 a year crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2022-04-25 -
2023-04-25		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-05-30 -
2022-08-22		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-05-30 -
2022-08-22		 3 months crt.sh
www.google.de
GTS CA 1C3		 2022-05-30 -
2022-08-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com&utm_campaign=order-confirmation-email&utm_medium=email&utm_content=button&utm_term=view-order-amp-delivery-status&utm_source=OrderlyEmails
Frame ID: 286806076E240E6C9B4B2C599B658817
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

PayPal

Page URL History Show full URLs

  1. http://s.id/19szv HTTP 308
    https://s.id/19szv HTTP 301
    https://freshhoods.com/tools/emails/click/order-confirmation/1/button/view-order-amp-delivery-statu... HTTP 302
    https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com&utm_campaign=order-confirmation-email&utm_medium=... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • paypalobjects\.com

Page Statistics

21
Requests

90 %
HTTPS

43 %
IPv6

8
Domains

8
Subdomains

6
IPs

4
Countries

268 kB
Transfer

574 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://s.id/19szv HTTP 308
    https://s.id/19szv HTTP 301
    https://freshhoods.com/tools/emails/click/order-confirmation/1/button/view-order-amp-delivery-status?url=https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com HTTP 302
    https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com&utm_campaign=order-confirmation-email&utm_medium=email&utm_content=button&utm_term=view-order-amp-delivery-status&utm_source=OrderlyEmails Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://www.google.com/pagead/1p-conversion/1006288171/?random=1650592370286&cv=9&fst=1650592370286&num=1&label=TUZCCNnXxP4CEKv66t8D&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=9&u_tz=-300&u_java=false&u_nplug=5&u_nmime=2&gtm=2oi4f0&sendb=1&ig=0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fauthflow%2Fentry%2F%3FreturnUri%3D%252Fsignin%252Freturn%253FflowFrom%253Danw-stepup%2526ctxId%253Dstep_up5211b769b6a8464eace94d2a1c7738c8%26country.x%3DBG%26locale.x%3Den_US%26acnw_dep%3Dul%26stepupContext%3Dde5798b817723b6aada32fa8820741f4%26ctxId%3Dstep_up5211b769b6a8464eace94d2a1c7738c8&ref=https%3A%2F%2Fwww.paypal.com%2Fsignin&tiba=PayPal&hn=www.google.com&gcp=1&sscte=1&ct_cookie_present=1&async=1&rfmt=3&fmt=4 HTTP 302
  • https://www.google.de/pagead/1p-conversion/1006288171/?random=1650592370286&cv=9&fst=1650592370286&num=1&label=TUZCCNnXxP4CEKv66t8D&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=9&u_tz=-300&u_java=false&u_nplug=5&u_nmime=2&gtm=2oi4f0&sendb=1&ig=0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fauthflow%2Fentry%2F%3FreturnUri%3D%252Fsignin%252Freturn%253FflowFrom%253Danw-stepup%2526ctxId%253Dstep_up5211b769b6a8464eace94d2a1c7738c8%26country.x%3DBG%26locale.x%3Den_US%26acnw_dep%3Dul%26stepupContext%3Dde5798b817723b6aada32fa8820741f4%26ctxId%3Dstep_up5211b769b6a8464eace94d2a1c7738c8&ref=https%3A%2F%2Fwww.paypal.com%2Fsignin&tiba=PayPal&hn=www.google.com&gcp=1&sscte=1&ct_cookie_present=1&async=1&rfmt=3&fmt=4&ipr=y&prhg=0

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/
Redirect Chain
  • http://s.id/19szv
  • https://s.id/19szv
  • https://freshhoods.com/tools/emails/click/order-confirmation/1/button/view-order-amp-delivery-status?url=https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com
  • https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com&utm_campaign=order-confirmation-email&utm_medium=email&utm_content=button&utm_term=view-order-amp-delivery-stat...
10 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com&utm_campaign=order-confirmation-email&utm_medium=email&utm_content=button&utm_term=view-order-amp-delivery-status&utm_source=OrderlyEmails
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.199.109.95 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
codeanyproxy.com
Software
openresty/1.13.6.2 /
Resource Hash
baf5b042b74cc35985446af4da04613d2bc8602e2a1e7f9995fd98ee34cfda96

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-length
3671
content-type
text/html; charset=UTF-8
date
Mon, 20 Jun 2022 01:00:46 GMT
server
openresty/1.13.6.2
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, no-store
cf-cache-status
DYNAMIC
cf-ray
71e09ec17c069950-FRA
content-type
text/html;charset=utf-8
date
Mon, 20 Jun 2022 01:09:38 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location
https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com&utm_campaign=order-confirmation-email&utm_medium=email&utm_content=button&utm_term=view-order-amp-delivery-status&utm_source=OrderlyEmails
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KG1umD%2Fzi9dNXq%2FpFa7cuZpg3UqjhelIqQpo4cDMWMHHyRjP0Oz5wYD9vEKc3b6B%2B6c69QctxkLnxqY2LB7LXlGPEqsS8eTlRP8DBRxDJ1BAiNBOixaFgRMsrd7FZ3nSblRN3zgFmYO5mpI%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
via
1.1 vegur
x-content-type-options
nosniff
x-dc
gcp-europe-west3,gcp-europe-west3
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
bf7bb907-ba1e-4a33-bfec-ffbe70766216
x-sorting-hat-podid
76
x-sorting-hat-shopid
23093869
x-storefront-renderer-rendered
1
x-xss-protection
1; mode=block
app.css
www.paypalobjects.com/web/res/eef/cb4cc5c9414786cbed7c4d7c7b10e/css/ 		148 KB
22 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/web/res/eef/cb4cc5c9414786cbed7c4d7c7b10e/css/app.css
Requested by
Host: revoke-transaction-db-usgovnetworks.codeanyapp.com
URL: https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com&utm_campaign=order-confirmation-email&utm_medium=email&utm_content=button&utm_term=view-order-amp-delivery-status&utm_source=OrderlyEmails
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FDF) /
Resource Hash
77f47ab609a84db4e21746c9cfd903ffb7b21df2e17a17a140c03be28c97de0d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://revoke-transaction-db-usgovnetworks.codeanyapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Mon, 20 Jun 2022 01:09:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT
paypal-debug-id
5117db213f4da
strict-transport-security
max-age=63072000; includeSubDomains; preload
dc
ccg11-origin-www-1.paypal.com
content-length
22203
last-modified
Fri, 15 Apr 2022 17:58:46 GMT
server
ECAcc (frc/8FDF)
etag
W/"6259b256-250b6"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000, s-maxage=31536000
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
expires
Tue, 20 Jun 2023 01:09:39 GMT
12.2e4d3453d92fa382c1f6.chunk.js
www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/ 		56 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/12.2e4d3453d92fa382c1f6.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm
Requested by
Host: revoke-transaction-db-usgovnetworks.codeanyapp.com
URL: https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com&utm_campaign=order-confirmation-email&utm_medium=email&utm_content=button&utm_term=view-order-amp-delivery-status&utm_source=OrderlyEmails
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F39) /
Resource Hash
9678dd86513c236593527c9b89e5a95d64621c8b7dbe5f27638ab6c5c858a106
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://revoke-transaction-db-usgovnetworks.codeanyapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Mon, 20 Jun 2022 01:09:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT
paypal-debug-id
848996052fe4a
strict-transport-security
max-age=63072000; includeSubDomains; preload
dc
ccg11-origin-www-1.paypal.com
content-length
16285
last-modified
Tue, 11 Jan 2022 00:19:32 GMT
server
ECAcc (frc/8F39)
etag
"61dccd14-e017"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
expires
Mon, 20 Jun 2022 02:09:39 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1006288171/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1006288171/?random=1650592370285&cv=9&fst=1650592370285&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=9&u_tz=-300&u_java=false&u_nplug=5&u_nmime=2&gtm=2oi4f0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fauthflow%2Fentry%2F%3FreturnUri%3D%252Fsignin%252Freturn%253FflowFrom%253Danw-stepup%2526ctxId%253Dstep_up5211b769b6a8464eace94d2a1c7738c8%26country.x%3DBG%26locale.x%3Den_US%26acnw_dep%3Dul%26stepupContext%3Dde5798b817723b6aada32fa8820741f4%26ctxId%3Dstep_up5211b769b6a8464eace94d2a1c7738c8&ref=https%3A%2F%2Fwww.paypal.com%2Fsignin&tiba=PayPal&hn=www.google.com&async=1&rfmt=3&fmt=4
Requested by
Host: revoke-transaction-db-usgovnetworks.codeanyapp.com
URL: https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com&utm_campaign=order-confirmation-email&utm_medium=email&utm_content=button&utm_term=view-order-amp-delivery-status&utm_source=OrderlyEmails
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c2efb0e84392766df9ed2280ae799f730f0504f19b839dada482351b2cc8e073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://revoke-transaction-db-usgovnetworks.codeanyapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 20 Jun 2022 01:09:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1216
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-conversion/1006288171/
Redirect Chain
  • https://www.google.com/pagead/1p-conversion/1006288171/?random=1650592370286&cv=9&fst=1650592370286&num=1&label=TUZCCNnXxP4CEKv66t8D&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1080&u...
  • https://www.google.de/pagead/1p-conversion/1006288171/?random=1650592370286&cv=9&fst=1650592370286&num=1&label=TUZCCNnXxP4CEKv66t8D&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1080&u_...
43 B
612 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.de/pagead/1p-conversion/1006288171/?random=1650592370286&cv=9&fst=1650592370286&num=1&label=TUZCCNnXxP4CEKv66t8D&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=9&u_tz=-300&u_java=false&u_nplug=5&u_nmime=2&gtm=2oi4f0&sendb=1&ig=0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fauthflow%2Fentry%2F%3FreturnUri%3D%252Fsignin%252Freturn%253FflowFrom%253Danw-stepup%2526ctxId%253Dstep_up5211b769b6a8464eace94d2a1c7738c8%26country.x%3DBG%26locale.x%3Den_US%26acnw_dep%3Dul%26stepupContext%3Dde5798b817723b6aada32fa8820741f4%26ctxId%3Dstep_up5211b769b6a8464eace94d2a1c7738c8&ref=https%3A%2F%2Fwww.paypal.com%2Fsignin&tiba=PayPal&hn=www.google.com&gcp=1&sscte=1&ct_cookie_present=1&async=1&rfmt=3&fmt=4&ipr=y&prhg=0
Requested by
Host: revoke-transaction-db-usgovnetworks.codeanyapp.com
URL: https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com&utm_campaign=order-confirmation-email&utm_medium=email&utm_content=button&utm_term=view-order-amp-delivery-status&utm_source=OrderlyEmails
Protocol
H2
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://revoke-transaction-db-usgovnetworks.codeanyapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Mon, 20 Jun 2022 01:09:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
63
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
text/javascript; charset=UTF-8
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Mon, 20 Jun 2022 01:09:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
63
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
text/javascript; charset=UTF-8
location
https://www.google.de/pagead/1p-conversion/1006288171/?random=1650592370286&cv=9&fst=1650592370286&num=1&label=TUZCCNnXxP4CEKv66t8D&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=9&u_tz=-300&u_java=false&u_nplug=5&u_nmime=2&gtm=2oi4f0&sendb=1&ig=0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fauthflow%2Fentry%2F%3FreturnUri%3D%252Fsignin%252Freturn%253FflowFrom%253Danw-stepup%2526ctxId%253Dstep_up5211b769b6a8464eace94d2a1c7738c8%26country.x%3DBG%26locale.x%3Den_US%26acnw_dep%3Dul%26stepupContext%3Dde5798b817723b6aada32fa8820741f4%26ctxId%3Dstep_up5211b769b6a8464eace94d2a1c7738c8&ref=https%3A%2F%2Fwww.paypal.com%2Fsignin&tiba=PayPal&hn=www.google.com&gcp=1&sscte=1&ct_cookie_present=1&async=1&rfmt=3&fmt=4&ipr=y&prhg=0
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
4.bee7caf079144a7b9980.chunk.js
www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/4.bee7caf079144a7b9980.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm
Requested by
Host: revoke-transaction-db-usgovnetworks.codeanyapp.com
URL: https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com&utm_campaign=order-confirmation-email&utm_medium=email&utm_content=button&utm_term=view-order-amp-delivery-status&utm_source=OrderlyEmails
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FC5) /
Resource Hash
ea680c36b1e632fc0a96cd21231f1d9e17db700b8b68729328c5b8972e2d3622
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://revoke-transaction-db-usgovnetworks.codeanyapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Mon, 20 Jun 2022 01:09:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT
paypal-debug-id
99ec2e2621631
strict-transport-security
max-age=63072000; includeSubDomains; preload
dc
ccg11-origin-www-1.paypal.com
content-length
1231
last-modified
Tue, 11 Jan 2022 00:19:32 GMT
server
ECAcc (frc/8FC5)
etag
"61dccd14-9ed"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
expires
Mon, 20 Jun 2022 02:09:39 GMT
1.1303dc17a61da0f506d3.chunk.js
www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/ 		29 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/1.1303dc17a61da0f506d3.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm
Requested by
Host: revoke-transaction-db-usgovnetworks.codeanyapp.com
URL: https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com&utm_campaign=order-confirmation-email&utm_medium=email&utm_content=button&utm_term=view-order-amp-delivery-status&utm_source=OrderlyEmails
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FCB) /
Resource Hash
e7d287b90b3a071aed8c9860f22cff01bcb34fcfc45bd90319bac450226d1e6d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://revoke-transaction-db-usgovnetworks.codeanyapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Mon, 20 Jun 2022 01:09:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT
paypal-debug-id
a72767476d554
strict-transport-security
max-age=63072000; includeSubDomains; preload
dc
ccg11-origin-www-1.paypal.com
content-length
6602
last-modified
Tue, 11 Jan 2022 00:19:32 GMT
server
ECAcc (frc/8FCB)
etag
"61dccd14-7257"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
expires
Mon, 20 Jun 2022 02:09:39 GMT
17.0e47ac923c1fa85e46cf.chunk.js
www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/ 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/17.0e47ac923c1fa85e46cf.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm
Requested by
Host: revoke-transaction-db-usgovnetworks.codeanyapp.com
URL: https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com&utm_campaign=order-confirmation-email&utm_medium=email&utm_content=button&utm_term=view-order-amp-delivery-status&utm_source=OrderlyEmails
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F5B) /
Resource Hash
b3a8d966d249beda7f50ac3c2bfbb549109d5aee49c948aaba10cffade528715
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://revoke-transaction-db-usgovnetworks.codeanyapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Mon, 20 Jun 2022 01:09:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT
paypal-debug-id
2dc3543342733
strict-transport-security
max-age=63072000; includeSubDomains; preload
dc
ccg11-origin-www-1.paypal.com
content-length
7762
last-modified
Tue, 11 Jan 2022 00:19:32 GMT
server
ECAcc (frc/8F5B)
etag
"61dccd14-4a99"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
expires
Mon, 20 Jun 2022 02:09:39 GMT
warning.svg
revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/ 		692 B
848 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/warning.svg
Requested by
Host: revoke-transaction-db-usgovnetworks.codeanyapp.com
URL: https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com&utm_campaign=order-confirmation-email&utm_medium=email&utm_content=button&utm_term=view-order-amp-delivery-status&utm_source=OrderlyEmails
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.199.109.95 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
codeanyproxy.com
Software
openresty/1.13.6.2 /
Resource Hash
851a38f2a2884e104fad5410e8538c97633bb697af56e9b233d32670f3b478fb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com&utm_campaign=order-confirmation-email&utm_medium=email&utm_content=button&utm_term=view-order-amp-delivery-status&utm_source=OrderlyEmails
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Mon, 20 Jun 2022 01:00:47 GMT
last-modified
Thu, 16 Jun 2022 12:20:01 GMT
server
openresty/1.13.6.2
accept-ranges
bytes
etag
"2b4-5e18fa829234d"
content-length
692
content-type
image/svg+xml
conversion_async.js
www.google.com/pagead/ 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/pagead/conversion_async.js
Requested by
Host: revoke-transaction-db-usgovnetworks.codeanyapp.com
URL: https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com&utm_campaign=order-confirmation-email&utm_medium=email&utm_content=button&utm_term=view-order-amp-delivery-status&utm_source=OrderlyEmails
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
cc1eec92daa4a07867caaf8e5aa8744a68bd1b91810ea50e44b36fa20d3e5593
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://revoke-transaction-db-usgovnetworks.codeanyapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Mon, 20 Jun 2022 01:09:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14997
x-xss-protection
0
server
cafe
etag
12027565673797176221
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 20 Jun 2022 01:09:39 GMT
analytics.js
www.paypalobjects.com/pa/mi/3p/gtag/ 		44 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/pa/mi/3p/gtag/analytics.js
Requested by
Host: revoke-transaction-db-usgovnetworks.codeanyapp.com
URL: https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com&utm_campaign=order-confirmation-email&utm_medium=email&utm_content=button&utm_term=view-order-amp-delivery-status&utm_source=OrderlyEmails
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8E85) /
Resource Hash
62bb5685d837089cd6aedb6f5fe5375c83ce5facc879632628e1e63e51399580
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://revoke-transaction-db-usgovnetworks.codeanyapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Mon, 20 Jun 2022 01:09:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT
paypal-debug-id
347286e111f80
strict-transport-security
max-age=63072000; includeSubDomains; preload
dc
ccg11-origin-www-1.paypal.com
content-length
17980
last-modified
Sat, 13 Feb 2021 00:27:05 GMT
server
ECAcc (frc/8E85)
etag
"60271cd9-aed9"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
expires
Mon, 20 Jun 2022 02:09:39 GMT
bs.js
www.paypalobjects.com/tagmgmt/ 		19 B
121 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/tagmgmt/bs.js
Requested by
Host: revoke-transaction-db-usgovnetworks.codeanyapp.com
URL: https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com&utm_campaign=order-confirmation-email&utm_medium=email&utm_content=button&utm_term=view-order-amp-delivery-status&utm_source=OrderlyEmails
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F0D) /
Resource Hash
be5c4f71eea822cbdcaefcf92963ab573e903f75a60b8bc0793e4eec935a1187
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://revoke-transaction-db-usgovnetworks.codeanyapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Mon, 20 Jun 2022 01:09:39 GMT
x-content-type-options
nosniff
x-cache
HIT
paypal-debug-id
96842eaff2bb7
dc
ccg11-origin-www-1.paypal.com
content-length
19
last-modified
Sat, 13 Feb 2021 00:28:58 GMT
server
ECAcc (frc/8F0D)
etag
"60271d4a-13"
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
expires
Mon, 20 Jun 2022 02:09:39 GMT
messaging-opener-mts.js
undefined/messaging/auth/v1/ 		0
0
gtag.js
www.paypalobjects.com/pa/mi/3p/gtag/ 		79 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/pa/mi/3p/gtag/gtag.js
Requested by
Host: revoke-transaction-db-usgovnetworks.codeanyapp.com
URL: https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com&utm_campaign=order-confirmation-email&utm_medium=email&utm_content=button&utm_term=view-order-amp-delivery-status&utm_source=OrderlyEmails
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FB3) /
Resource Hash
f982a9dad50b916735a08b8e6f40efa7f97163106b18da079b144764c86a44a1
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://revoke-transaction-db-usgovnetworks.codeanyapp.com/
Origin
https://revoke-transaction-db-usgovnetworks.codeanyapp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Mon, 20 Jun 2022 01:09:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT
paypal-debug-id
fd447084ca626
strict-transport-security
max-age=63072000; includeSubDomains; preload
dc
ccg11-origin-www-1.paypal.com
content-length
31297
last-modified
Sat, 13 Feb 2021 00:27:05 GMT
server
ECAcc (frc/8FB3)
etag
"60271cd9-13bba"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
expires
Mon, 20 Jun 2022 02:09:39 GMT
script.js
revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/script.js
Requested by
Host: revoke-transaction-db-usgovnetworks.codeanyapp.com
URL: https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com&utm_campaign=order-confirmation-email&utm_medium=email&utm_content=button&utm_term=view-order-amp-delivery-status&utm_source=OrderlyEmails
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.199.109.95 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
codeanyproxy.com
Software
openresty/1.13.6.2 /
Resource Hash
3744f4ab6f962e078ef0bf847b740a77250f6eb7aa64314b23eb7caf1f8a7f52

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com&utm_campaign=order-confirmation-email&utm_medium=email&utm_content=button&utm_term=view-order-amp-delivery-status&utm_source=OrderlyEmails
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Mon, 20 Jun 2022 01:00:47 GMT
content-encoding
gzip
last-modified
Thu, 16 Jun 2022 12:20:01 GMT
server
openresty/1.13.6.2
etag
"b36-5e18fa8291b7d-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
1103
/
www.google.com/pagead/1p-user-list/1006288171/ 		42 B
119 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/1006288171/?random=1650592370285&cv=9&fst=1650589200000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=9&u_tz=-300&u_java=false&u_nplug=5&u_nmime=2&gtm=2oi4f0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fauthflow%2Fentry%2F%3FreturnUri%3D%252Fsignin%252Freturn%253FflowFrom%253Danw-stepup%2526ctxId%253Dstep_up5211b769b6a8464eace94d2a1c7738c8%26country.x%3DBG%26locale.x%3Den_US%26acnw_dep%3Dul%26stepupContext%3Dde5798b817723b6aada32fa8820741f4%26ctxId%3Dstep_up5211b769b6a8464eace94d2a1c7738c8&ref=https%3A%2F%2Fwww.paypal.com%2Fsignin&tiba=PayPal&async=1&fmt=3&is_vtc=1&random=366837695&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: revoke-transaction-db-usgovnetworks.codeanyapp.com
URL: https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com&utm_campaign=order-confirmation-email&utm_medium=email&utm_content=button&utm_term=view-order-amp-delivery-status&utm_source=OrderlyEmails
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://revoke-transaction-db-usgovnetworks.codeanyapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 20 Jun 2022 01:09:39 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/1006288171/ 		42 B
119 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/1006288171/?random=1650592370285&cv=9&fst=1650589200000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=9&u_tz=-300&u_java=false&u_nplug=5&u_nmime=2&gtm=2oi4f0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.paypal.com%2Fauthflow%2Fentry%2F%3FreturnUri%3D%252Fsignin%252Freturn%253FflowFrom%253Danw-stepup%2526ctxId%253Dstep_up5211b769b6a8464eace94d2a1c7738c8%26country.x%3DBG%26locale.x%3Den_US%26acnw_dep%3Dul%26stepupContext%3Dde5798b817723b6aada32fa8820741f4%26ctxId%3Dstep_up5211b769b6a8464eace94d2a1c7738c8&ref=https%3A%2F%2Fwww.paypal.com%2Fsignin&tiba=PayPal&async=1&fmt=3&is_vtc=1&random=366837695&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: revoke-transaction-db-usgovnetworks.codeanyapp.com
URL: https://revoke-transaction-db-usgovnetworks.codeanyapp.com/pay/cancel/?freshhoods.com&utm_campaign=order-confirmation-email&utm_medium=email&utm_content=button&utm_term=view-order-amp-delivery-status&utm_source=OrderlyEmails
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://revoke-transaction-db-usgovnetworks.codeanyapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 20 Jun 2022 01:09:39 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
monogram@2x.png
www.paypalobjects.com/images/shared/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/images/shared/monogram@2x.png
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/web/res/eef/cb4cc5c9414786cbed7c4d7c7b10e/css/app.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FE0) /
Resource Hash
2a2cacf1f67863eedabdf29f70e2ad64391a1a1cb005f722fea3fe5e3c47230d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paypalobjects.com/web/res/eef/cb4cc5c9414786cbed7c4d7c7b10e/css/app.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Mon, 20 Jun 2022 01:09:39 GMT
x-content-type-options
nosniff
last-modified
Sat, 13 Feb 2021 00:20:23 GMT
accept-ch
DPR, Viewport-Width, Width, ECT, Downlink
etag
"60271b47-7e4"
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
content-type
image/png
paypal-debug-id
fcacf5dcbb3ce
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
dc
ccg11-origin-www-1.paypal.com
content-length
2020
server
ECAcc (frc/8FE0)
expires
Mon, 20 Jun 2022 02:09:39 GMT
PayPalSansBig-Light.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ 		48 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/PayPalSansBig-Light.woff
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/web/res/eef/cb4cc5c9414786cbed7c4d7c7b10e/css/app.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F19) /
Resource Hash
c599c554590d1a336ffcb9627f6caaac34b6228f60e15f5f25454bff38facb7e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypalobjects.com/web/res/eef/cb4cc5c9414786cbed7c4d7c7b10e/css/app.css
Origin
https://revoke-transaction-db-usgovnetworks.codeanyapp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Mon, 20 Jun 2022 01:09:39 GMT
x-content-type-options
nosniff
last-modified
Wed, 30 Sep 2015 05:09:04 GMT
server
ECAcc (frc/8F19)
etag
"560b6e70-bfdb"
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
content-type
font/woff
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
paypal-debug-id
b424cd40f70f3
accept-ranges
bytes
dc
ccg11-origin-www-1.paypal.com
content-length
49115
expires
Mon, 20 Jun 2022 02:09:39 GMT
PayPalSansSmall-Light.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ 		46 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/PayPalSansSmall-Light.woff
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/web/res/eef/cb4cc5c9414786cbed7c4d7c7b10e/css/app.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FB6) /
Resource Hash
843e67ad522a908162007f4b7601819a5bbfef00e38ac7aec778766da8b7b2ab
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypalobjects.com/web/res/eef/cb4cc5c9414786cbed7c4d7c7b10e/css/app.css
Origin
https://revoke-transaction-db-usgovnetworks.codeanyapp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Mon, 20 Jun 2022 01:09:39 GMT
x-content-type-options
nosniff
last-modified
Wed, 30 Sep 2015 05:09:04 GMT
server
ECAcc (frc/8FB6)
etag
"560b6e70-b66f"
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
content-type
font/woff
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
paypal-debug-id
94dc41acc615c
accept-ranges
bytes
dc
ccg11-origin-www-1.paypal.com
content-length
46703
expires
Mon, 20 Jun 2022 02:09:39 GMT
PayPalSansSmall-Regular.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ 		46 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/PayPalSansSmall-Regular.woff
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/web/res/eef/cb4cc5c9414786cbed7c4d7c7b10e/css/app.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FB2) /
Resource Hash
ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypalobjects.com/web/res/eef/cb4cc5c9414786cbed7c4d7c7b10e/css/app.css
Origin
https://revoke-transaction-db-usgovnetworks.codeanyapp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Mon, 20 Jun 2022 01:09:39 GMT
x-content-type-options
nosniff
last-modified
Wed, 30 Sep 2015 05:09:04 GMT
server
ECAcc (frc/8FB2)
etag
"560b6e70-b8eb"
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
content-type
font/woff
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
paypal-debug-id
a957130434936
accept-ranges
bytes
dc
ccg11-origin-www-1.paypal.com
content-length
47339
expires
Mon, 20 Jun 2022 02:09:39 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
undefined
URL
https://undefined/messaging/auth/v1/messaging-opener-mts.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation object| WAFQualtricsWebpackJsonP-hosted-1.64.1 boolean| google_noFurtherRedirects object| google_tag_data function| ga object| gaplugins function| GooglemKTybQhCsO function| google_trackConversion object| google_tag_manager object| gDataLayer number| clicked function| myFunction function| show

7 Cookies

Domain/Path Name / Value
.freshhoods.com/ Name: _y
Value: cf4b0b6d-3781-4cae-b0ef-d1ce744e378b
freshhoods.com/ Name: localization
Value: US
.freshhoods.com/ Name: _s
Value: f72347fe-95ee-4517-911f-cea2f983d71c
.freshhoods.com/ Name: _shopify_y
Value: cf4b0b6d-3781-4cae-b0ef-d1ce744e378b
.freshhoods.com/ Name: _shopify_s
Value: f72347fe-95ee-4517-911f-cea2f983d71c
freshhoods.com/ Name: secure_customer_sig
Value:
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission

1 Console Messages

Source Level URL
Text
network error URL: https://undefined/messaging/auth/v1/messaging-opener-mts.js
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

freshhoods.com
googleads.g.doubleclick.net
revoke-transaction-db-usgovnetworks.codeanyapp.com
s.id
undefined
www.google.com
www.google.de
www.paypalobjects.com
undefined
192.229.221.25
198.199.109.95
23.227.38.36
2a00:1450:4001:811::2004
2a00:1450:4001:812::2003
2a00:1450:4001:813::2002
45.126.58.78
2a2cacf1f67863eedabdf29f70e2ad64391a1a1cb005f722fea3fe5e3c47230d
3744f4ab6f962e078ef0bf847b740a77250f6eb7aa64314b23eb7caf1f8a7f52
62bb5685d837089cd6aedb6f5fe5375c83ce5facc879632628e1e63e51399580
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
77f47ab609a84db4e21746c9cfd903ffb7b21df2e17a17a140c03be28c97de0d
843e67ad522a908162007f4b7601819a5bbfef00e38ac7aec778766da8b7b2ab
851a38f2a2884e104fad5410e8538c97633bb697af56e9b233d32670f3b478fb
9678dd86513c236593527c9b89e5a95d64621c8b7dbe5f27638ab6c5c858a106
ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8
b3a8d966d249beda7f50ac3c2bfbb549109d5aee49c948aaba10cffade528715
baf5b042b74cc35985446af4da04613d2bc8602e2a1e7f9995fd98ee34cfda96
be5c4f71eea822cbdcaefcf92963ab573e903f75a60b8bc0793e4eec935a1187
c2efb0e84392766df9ed2280ae799f730f0504f19b839dada482351b2cc8e073
c599c554590d1a336ffcb9627f6caaac34b6228f60e15f5f25454bff38facb7e
cc1eec92daa4a07867caaf8e5aa8744a68bd1b91810ea50e44b36fa20d3e5593
e7d287b90b3a071aed8c9860f22cff01bcb34fcfc45bd90319bac450226d1e6d
ea680c36b1e632fc0a96cd21231f1d9e17db700b8b68729328c5b8972e2d3622
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f982a9dad50b916735a08b8e6f40efa7f97163106b18da079b144764c86a44a1