wxdxbbgzivsfdkfjzkmg3w.on.drv.tw
Open in
urlscan Pro
47.254.94.70
Malicious Activity!
Public Scan
Submission Tags: phishing malicious Search All
Submission: On April 03 via api from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on March 25th 2022. Valid for: 3 months.
This is the only time wxdxbbgzivsfdkfjzkmg3w.on.drv.tw was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 47.254.94.70 47.254.94.70 | 45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.) | |
17 | 184.25.158.196 184.25.158.196 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 20.50.153.39 20.50.153.39 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
6 | 192.229.221.25 192.229.221.25 | 15133 (EDGECAST) (EDGECAST) | |
1 | 2a00:1450:400... 2a00:1450:4001:808::2008 | 15169 (GOOGLE) (GOOGLE) | |
28 | 5 |
ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)
wxdxbbgzivsfdkfjzkmg3w.on.drv.tw | |
drv.tw |
ASN16625 (AKAMAI-AS, US)
PTR: a184-25-158-196.deploy.static.akamaitechnologies.com
www.paypalobjects.com |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 1951 |
2 MB |
6 |
paypal.com
t.paypal.com — Cisco Umbrella Rank: 3494 |
3 KB |
4 |
drv.tw
wxdxbbgzivsfdkfjzkmg3w.on.drv.tw drv.tw — Cisco Umbrella Rank: 384396 www.drv.tw — Cisco Umbrella Rank: 978624 |
25 KB |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 70 |
39 KB |
28 | 4 |
Domain | Requested by | |
---|---|---|
17 | www.paypalobjects.com |
wxdxbbgzivsfdkfjzkmg3w.on.drv.tw
www.paypalobjects.com |
6 | t.paypal.com |
wxdxbbgzivsfdkfjzkmg3w.on.drv.tw
|
2 | wxdxbbgzivsfdkfjzkmg3w.on.drv.tw |
www.paypalobjects.com
|
1 | www.googletagmanager.com |
www.drv.tw
|
1 | www.drv.tw |
wxdxbbgzivsfdkfjzkmg3w.on.drv.tw
|
1 | drv.tw |
wxdxbbgzivsfdkfjzkmg3w.on.drv.tw
|
28 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.paypal.com |
developer.paypal.com |
wxdxbbgzivsfdkfjzkmg3w-on.drv.tw |
www.paapal.net |
app.adjust.com |
newsroom.paypal-corp.com |
investor.paypal-corp.com |
publicpolicy.paypal-corp.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
drv.tw R3 |
2022-03-25 - 2022-06-23 |
3 months | crt.sh |
www.paypal.com DigiCert SHA2 Extended Validation Server CA |
2022-02-04 - 2022-10-31 |
9 months | crt.sh |
www.drv.tw GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1 |
2022-01-23 - 2022-07-23 |
6 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2022-03-17 - 2022-06-09 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://wxdxbbgzivsfdkfjzkmg3w.on.drv.tw/www.paapal.net/paypal.html
Frame ID: 16EF33957C5C840D71208D4986777377
Requests: 28 HTTP requests in this frame
Screenshot
Page Title
Send Money, Pay Online or Set Up a Merchant Account - PayPalDetected technologies
PayPal (Payment Processors) ExpandDetected patterns
- paypalobjects\.com
React (JavaScript Frameworks) Expand
Detected patterns
- react(?:-with-addons)?[.-]([\d.]*\d)[^/]*\.js
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtag/js
Page Statistics
41 Outgoing links
These are links going to different origins than the main page.
Title: PayPal
Search URL Search Domain Scan URL
Title: How PayPal WorksSee how PayPal simplifies your life
Search URL Search Domain Scan URL
Title: PayPal AppPay in person, send money, and track activity
Search URL Search Domain Scan URL
Title: Buy and ShopA fast and secure way to buy online and in person
Search URL Search Domain Scan URL
Title: Send and Request MoneyTransfer to friends or get paid back
Search URL Search Domain Scan URL
Title: PayPal Credit and CardsOur credit, debit, prepaid cards, and PayPal Credit
Search URL Search Domain Scan URL
Title: Start SellingGet paid by customers and clients
Search URL Search Domain Scan URL
Title: Business
Search URL Search Domain Scan URL
Title: Accept Payments
Search URL Search Domain Scan URL
Title: Make Payments
Search URL Search Domain Scan URL
Title: Manage Risk
Search URL Search Domain Scan URL
Title: Accelerate Growth
Search URL Search Domain Scan URL
Title: Streamline Operations
Search URL Search Domain Scan URL
Title: Enterprises
Search URL Search Domain Scan URL
Title: Platforms & Marketplaces
Search URL Search Domain Scan URL
Title: Getting Started
Search URL Search Domain Scan URL
Title: Pricing
Search URL Search Domain Scan URL
Title: Business Resource Center
Search URL Search Domain Scan URL
Title: Nonprofits
Search URL Search Domain Scan URL
Title: Developer
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Title: Sign Up
Search URL Search Domain Scan URL
Title: Download the App
Search URL Search Domain Scan URL
Title: Learn More
Search URL Search Domain Scan URL
Title: we?re responding to COVID-19
Search URL Search Domain Scan URL
Title: help your business adapt
Search URL Search Domain Scan URL
Title: Fees
Search URL Search Domain Scan URL
Title: Security
Search URL Search Domain Scan URL
Title: Apps
Search URL Search Domain Scan URL
Title: Shop
Search URL Search Domain Scan URL
Title: Newsroom
Search URL Search Domain Scan URL
Title: Jobs
Search URL Search Domain Scan URL
Title: Investor Relations
Search URL Search Domain Scan URL
Title: Social Innovation
Search URL Search Domain Scan URL
Title: Public Policy
Search URL Search Domain Scan URL
Title: Sitemap
Search URL Search Domain Scan URL
Title: Enterprise
Search URL Search Domain Scan URL
Title: Partners
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Legal
Search URL Search Domain Scan URL
Title: Learn more and manage your cookies
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
28 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
paypal.html
wxdxbbgzivsfdkfjzkmg3w.on.drv.tw/www.paapal.net/ |
98 KB 23 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalSansSmall-Regular.woff2
www.paypalobjects.com/digitalassets/c/paypal-ui/fonts/ |
18 KB 18 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalSansBig-Light.woff2
www.paypalobjects.com/digitalassets/c/paypal-ui/fonts/ |
18 KB 18 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eb419198434f125e3e772612b3ebd1d9c0892c.css
www.paypalobjects.com/marketing-resources/css/10/ |
298 KB 48 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
covid-icon.png
www.paypalobjects.com/marketing/web/us/en/home/ |
2 KB 2 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
react-16_6_3-bundle.js
www.paypalobjects.com/digitalassets/c/website/js/ |
109 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bs-chunk.js
www.paypalobjects.com/tagmgmt/ |
19 B 354 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pa.js
www.paypalobjects.com/pa/js/min/ |
54 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
open-chat.js
www.paypalobjects.com/helpcenter/smartchat/sales/v1/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marketingIntentsV2.js
www.paypalobjects.com/activation/js/ |
554 B 667 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wd.js
drv.tw/inc/ |
362 B 566 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wd.js
www.drv.tw/inc/ |
690 B 737 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPal_UltimateHomepage_Desktop_1600x800_Dollar-left.mp4
www.paypalobjects.com/marketing/web/us/en/home/everydayessential/v5/ |
2 MB 2 MB |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pp_fc_hl.svg
www.paypalobjects.com/digitalassets/c/website/logo/full-text/ |
11 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalSansSmall-Regular.woff2
www.paypalobjects.com/digitalassets/c/paypal-ui/fonts/ |
18 KB 18 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalSansBig-Light.woff2
www.paypalobjects.com/digitalassets/c/paypal-ui/fonts/ |
18 KB 18 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ts
t.paypal.com/ |
42 B 652 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
99 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ts
t.paypal.com/ |
42 B 437 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ts
t.paypal.com/ |
42 B 391 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eligibility
wxdxbbgzivsfdkfjzkmg3w.on.drv.tw/smartchat/open/ |
2 KB 1 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ts
t.paypal.com/ |
42 B 437 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ts
t.paypal.com/ |
42 B 343 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
50552279252e81a1555200b7085d342e153b3b.js
www.paypalobjects.com/marketing-resources/js/9d/ |
1 MB 280 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opinionLab-2.1.0.js
www.paypalobjects.com/digitalassets/c/website/marketing/global/kui/js/ |
41 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Yellow_Yoga.png
www.paypalobjects.com/marketing/web/us/en/home/Everyday-Essentials/v5/ |
12 KB 12 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Groceries_phone_US_New_v3.gif
www.paypalobjects.com/marketing/web/us/en/home/everydayessential/v5/ |
255 KB 256 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ts
t.paypal.com/ |
42 B 389 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)23 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails object| antiClickjack object| modelData function| bindGdprEvents object| dataLayer object| PAYPAL object| fpti string| fptiserverurl object| _ifpti object| React object| ReactDOM function| hideGdprBanner function| showGdprBanner function| gtag function| t object| google_tag_manager function| openSalesChat object| OOo object| PageBundle object| __core-js_shared__4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
wxdxbbgzivsfdkfjzkmg3w.on.drv.tw/ | Name: uid Value: rBEPrmJJWalPwAopkH8jAg== |
|
.paypal.com/ | Name: ts_c Value: vr%3D491069935b8ae62%26vt%3D1aaf186e10766e62 |
|
.paypal.com/ | Name: ts Value: vreXpYrS%3D1743668651%26vteXpYrS%3D1648976051%26vr%3D491069935b8ae62%26vt%3D1aaf186e10766e62 |
|
drv.tw/ | Name: uid Value: rBEPrmJJWatPwAopkH9AAg== |
6 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
drv.tw
t.paypal.com
www.drv.tw
www.googletagmanager.com
www.paypalobjects.com
wxdxbbgzivsfdkfjzkmg3w.on.drv.tw
184.25.158.196
192.229.221.25
20.50.153.39
2a00:1450:4001:808::2008
47.254.94.70
036f5ec2d493c1c70c99b98eb3a666241af203a93f3fc3b8b64316794b4dcd3f
0d4d4b0ee4bdbbbfdf2fa8cc4c0ba0332a3798c2629cb806d249712f6a7063e3
15213b958a0af95e33fb82a50fc1a68ef2f171b3762662957e91ef1d834291f8
4be8b546dbb09a4b486f6efab312ee3e5c94cb12e05dbe389c20d5cf391e3da2
4f33b00ff60ba75c03cfd1a1a5d0be37fb7bba6718ef54bf9898a53e1c72f87f
590ba6417790d5d47ce990ca21163f43d4e6a7332722933e233bab152efd52d0
641625995cc79fdc5f058ac4603cc5cdb2eea6b83a9aaac4d11320dedc38731f
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6dba70861f12d2d6ba63b482eb8f07b1ee79bc472119d2a759bb27198df0e551
76bb0ebcaa27696249404ee67aa46a2d91e020499513af45d96ae08fee1ed55d
7e9eaa7554a2f6581952711e2245a579e4f85945ee46de092c1f91e6f92661ef
814f9fb1692be6f1929d73131141529b8c097e7f0a835714ab77198d57660ee4
85f574d067710e364e8c7f65da87c22f073b456c222dbe680137fa4160dc942d
a6cb296cc17962a45f2e1ec8caa628f675def3f2296af7c66a40ab9bfe17bd3a
ab04ea00add135d1972e76d4ca04beb8e497bf72554c2ab074ec4470cf81d319
af93d1d952b2dc42c029871cbbb92988835b31c86d4f0cb6a9674b1d1714a20f
be5c4f71eea822cbdcaefcf92963ab573e903f75a60b8bc0793e4eec935a1187
da3177d9f38349f23abc99dcc0a87a8e1178a1576f0b27192821b20ebecc45e3
ddc2d28c6818ca1661476cad9604af4159e7baf3fc7d02d0c07c65ae3b6ed040
e2c610afed7aa887ff1b24a9df40d57d8d1889f3cf214e8cc131a8aadfe0fc1f
f01e2a55910d835e028d405e001076efc11ac807b090289bfebbf1543dc56a40