heirheads.co.za Open in urlscan Pro
197.242.144.104 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://pipingvidya.com/kolo.php?k=s
Effective URL:
https://heirheads.co.za/.well-known/true/info/
Submission Tags: @ipnigh
Submission: On July 11 via api (July 11th 2019, 9:42:24 am UTC) from GB

Summary HTTP 22 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 4 domains to perform 22 HTTP transactions. The main IP is 197.242.144.104, located in South Africa and belongs to Afrihost, ZA. The main domain is heirheads.co.za.
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 7th 2019. Valid for: 3 months.

This is the only time heirheads.co.za was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1	167.86.115.117 167.86.115.117	51167 (CONTABO) (CONTABO)
12	197.242.144.104 197.242.144.104	37611 (Afrihost) (Afrihost)
1 10	23.210.248.226 23.210.248.226	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1 1	104.111.225.214 104.111.225.214	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
22	3

1 167.86.115.117 (Nuremberg, Germany)

ASN51167 (CONTABO, DE)
PTR: vmi267632.contaboserver.net

pipingvidya.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 197.242.144.104 (South Africa)

ASN37611 (Afrihost, ZA)
PTR: dot.aserv.co.za

heirheads.co.za	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 23.210.248.226 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-210-248-226.deploy.static.akamaitechnologies.com

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.225.214 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-225-214.deploy.static.akamaitechnologies.com

ak1s.abmr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	heirheads.co.za heirheads.co.za	638 KB
10	paypalobjects.com 1 redirects www.paypalobjects.com	37 KB
1	abmr.net 1 redirects ak1s.abmr.net	726 B
1	pipingvidya.com pipingvidya.com	13 KB
22	4

	Domain	Requested by
12	heirheads.co.za	pipingvidya.com heirheads.co.za
10	www.paypalobjects.com	1 redirects heirheads.co.za
1	ak1s.abmr.net	1 redirects
1	pipingvidya.com
22	4

This site contains no links.

Subject Issuer	Validity	Valid
pipingvidya.com cPanel, Inc. Certification Authority	`2019-06-04` - `2019-09-02`	3 months	crt.sh
heirheads.co.za cPanel, Inc. Certification Authority	`2019-07-07` - `2019-10-05`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2018-08-14` - `2020-08-18`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://heirheads.co.za/.well-known/true/info/
Frame ID: 3270303DFE9B172664AC88AB963FA518
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://pipingvidya.com/kolo.php?k=s Page URL
https://heirheads.co.za/.well-known/true/info/ Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

22
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

687 kB
Transfer

681 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://pipingvidya.com/kolo.php?k=s Page URL
https://heirheads.co.za/.well-known/true/info/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19

https://www.paypalobjects.com/webstatic/mktg/consumer/pages/home/homepage-gradient-top.png HTTP 302
https://ak1s.abmr.net/is/www.paypalobjects.com?U=/webstatic/mktg/consumer/pages/home/homepage-gradient-top.png&V=3-UQrwtqoEgzhL%2fet3DI9xQFwXd6Ue6KZvNSfOfpykHWhAa3qRdlVempSPfSV9vVAY&I=4ECFEB15347CF85&D=paypalobjects.com&01AD=1& HTTP 302
https://www.paypalobjects.com/webstatic/mktg/consumer/pages/home/homepage-gradient-top.png?01AD=3ftvhFEh-H2BrwHbALoSpjXl86udmiQKoHdArwvUfP30FpHqxC4criA&01RI=4ECFEB15347CF85&01NA=na

22 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK kolo.php
pipingvidya.com/ 12 KB
13 KB 1435ms
12ms Document
text/html 167.86.115.117
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://pipingvidya.com/kolo.php?k=s
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 167.86.115.117 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi267632.contaboserver.net
Software: Apache /
Resource Hash

Request headers

Host: pipingvidya.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 11 Jul 2019 09:41:57 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK Primary Request / Show response
heirheads.co.za/.well-known/true/info/ 14 KB
15 KB 2333ms
184ms Document
text/html 197.242.144.104
Afrihost

General

Check archive.org

Show headers Download Go to

Full URL: https://heirheads.co.za/.well-known/true/info/
Requested by: Host: pipingvidya.com
URL: https://pipingvidya.com/kolo.php?k=s
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 197.242.144.104 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: dot.aserv.co.za
Software: Apache /
Resource Hash: 7bbc65e95b36ececb089c29be61503025be358653b7deb3af505ae1e880a08a1

Request headers

Host: heirheads.co.za
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: https://pipingvidya.com/kolo.php?k=s
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://pipingvidya.com/kolo.php?k=s

Response headers

Date: Thu, 11 Jul 2019 09:41:58 GMT
Server: Apache
Last-Modified: Sat, 11 Jan 2014 00:38:26 GMT
ETag: "3944-4efa70f882480"
Accept-Ranges: bytes
Content-Length: 14660
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

GET
H/1.1 200
OK style.css
heirheads.co.za/.well-known/true/info/i/ 91 KB
92 KB 183ms
181ms Stylesheet
text/css 197.242.144.104
Afrihost

General

Check archive.org

Show headers Download Go to

Full URL: https://heirheads.co.za/.well-known/true/info/i/style.css
Requested by: Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 197.242.144.104 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: dot.aserv.co.za
Software: Apache /
Resource Hash: 7ee817ef7aab069bd57e8a3082f62ba70ed249e8f7faff7f1cc3b503fbe0fc7d

Request headers

Referer: https://heirheads.co.za/.well-known/true/info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 11 Jul 2019 09:41:58 GMT
Last-Modified: Sun, 08 Dec 2013 07:56:48 GMT
Server: Apache
ETag: "16d29-4ed0138a61000"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 93481

GET
H/1.1 200
OK style1.css
heirheads.co.za/.well-known/true/info/i/ 80 KB
80 KB 551ms
183ms Stylesheet
text/css 197.242.144.104
Afrihost

General

Check archive.org

Show headers Download Go to

Full URL: https://heirheads.co.za/.well-known/true/info/i/style1.css
Requested by: Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 197.242.144.104 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: dot.aserv.co.za
Software: Apache /
Resource Hash: 7cabfc220823b90e666f378d3835c89b9c715279a2adf5ec4eb621c6781f7cf4

Request headers

Referer: https://heirheads.co.za/.well-known/true/info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 11 Jul 2019 09:41:58 GMT
Last-Modified: Sun, 08 Dec 2013 08:04:40 GMT
Server: Apache
ETag: "13e5d-4ed0154c83600"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 81501

GET
H/1.1 200
OK style4.css
heirheads.co.za/.well-known/true/info/i/ 3 KB
4 KB 1085ms
181ms Stylesheet
text/css 197.242.144.104
Afrihost

General

Check archive.org

Show headers Download Go to

Full URL: https://heirheads.co.za/.well-known/true/info/i/style4.css
Requested by: Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 197.242.144.104 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: dot.aserv.co.za
Software: Apache /
Resource Hash: 9db0dabd50fbadf8c46bda6dc6bc6f1ae53ccf8332921098b1fec4b0e7f772ee

Request headers

Referer: https://heirheads.co.za/.well-known/true/info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 11 Jul 2019 09:41:59 GMT
Last-Modified: Sun, 08 Dec 2013 08:10:50 GMT
Server: Apache
ETag: "d19-4ed016ad5f680"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 3353

GET
H/1.1 200
OK style5.css
heirheads.co.za/.well-known/true/info/i/ 9 KB
9 KB 1266ms
181ms Stylesheet
text/css 197.242.144.104
Afrihost

General

Check archive.org

Show headers Download Go to

Full URL: https://heirheads.co.za/.well-known/true/info/i/style5.css
Requested by: Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 197.242.144.104 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: dot.aserv.co.za
Software: Apache /
Resource Hash: 26f4d159a73ab641c683f4595d75e97ebde21740cede826ae73f4d036b3386b1

Request headers

Referer: https://heirheads.co.za/.well-known/true/info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 11 Jul 2019 09:41:59 GMT
Last-Modified: Sun, 08 Dec 2013 08:11:20 GMT
Server: Apache
ETag: "24ac-4ed016c9fba00"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 9388

GET
H/1.1 200
OK 1.js Show response
heirheads.co.za/.well-known/true/info/i/ 14 KB
14 KB 1383ms
183ms Script
application/javascript 197.242.144.104
Afrihost

General

Check archive.org

Show headers Download Go to

Full URL: https://heirheads.co.za/.well-known/true/info/i/1.js
Requested by: Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 197.242.144.104 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: dot.aserv.co.za
Software: Apache /
Resource Hash: a5e7ed4cc2cf01ddc29aa7bca5fd6d2c93a9c081c2d9f9de65d68c77b35c78d5

Request headers

Referer: https://heirheads.co.za/.well-known/true/info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 11 Jul 2019 09:41:59 GMT
Last-Modified: Sun, 08 Dec 2013 08:38:34 GMT
Server: Apache
ETag: "38df-4ed01ce049680"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 14559

GET
H/1.1 200
OK logopaypal.png
heirheads.co.za/.well-known/true/info/i/ 983 B
1 KB 1458ms
182ms Image
image/png 197.242.144.104
Afrihost

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://heirheads.co.za/.well-known/true/info/i/logopaypal.png
Requested by: Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 197.242.144.104 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: dot.aserv.co.za
Software: Apache /
Resource Hash: 042af5e5bcafb1c47c62475fb00a65bc522992e2bfb7a55edf243e04590dc0ba

Request headers

Referer: https://heirheads.co.za/.well-known/true/info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 11 Jul 2019 09:41:59 GMT
Last-Modified: Sun, 08 Dec 2013 08:50:46 GMT
Server: Apache
ETag: "3d7-4ed01f9a60580"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 983

GET
H/1.1 200
OK homepage-buy.png
heirheads.co.za/.well-known/true/info/i/ 14 KB
14 KB 669ms
184ms Image
image/png 197.242.144.104
Afrihost

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://heirheads.co.za/.well-known/true/info/i/homepage-buy.png
Requested by: Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 197.242.144.104 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: dot.aserv.co.za
Software: Apache /
Resource Hash: b1294cdd8fd123c39e49b9a69c03d4b30043395338297d1ff4c0535a39cfb239

Request headers

Referer: https://heirheads.co.za/.well-known/true/info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 11 Jul 2019 09:41:59 GMT
Last-Modified: Sun, 08 Dec 2013 09:06:40 GMT
Server: Apache
ETag: "3817-4ed023282e800"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 14359

GET
H/1.1 200
OK homepage-sell.png
heirheads.co.za/.well-known/true/info/i/ 16 KB
16 KB 191ms
190ms Image
image/png 197.242.144.104
Afrihost

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://heirheads.co.za/.well-known/true/info/i/homepage-sell.png
Requested by: Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 197.242.144.104 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: dot.aserv.co.za
Software: Apache /
Resource Hash: 44394b743f692cfabfeeb2e5e5bfa82eda8b38cd8948f51e420ace08db5d377c

Request headers

Referer: https://heirheads.co.za/.well-known/true/info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 11 Jul 2019 09:42:00 GMT
Last-Modified: Sun, 08 Dec 2013 09:07:04 GMT
Server: Apache
ETag: "3f69-4ed0233f11e00"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 16233

GET
H/1.1 200
OK homepage-transfer.png
heirheads.co.za/.well-known/true/info/i/ 15 KB
15 KB 190ms
189ms Image
image/png 197.242.144.104
Afrihost

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://heirheads.co.za/.well-known/true/info/i/homepage-transfer.png
Requested by: Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 197.242.144.104 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: dot.aserv.co.za
Software: Apache /
Resource Hash: c4539b6d99ff1b7e97943f3dcbb3a1eb45b77b81248455e3c15f374487ddf9eb

Request headers

Referer: https://heirheads.co.za/.well-known/true/info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 11 Jul 2019 09:42:00 GMT
Last-Modified: Sun, 08 Dec 2013 09:07:28 GMT
Server: Apache
ETag: "3a8c-4ed02355f5400"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 14988

GET
H/1.1 200
OK 2.js Show response
heirheads.co.za/.well-known/true/info/i/ 276 KB
276 KB 182ms
182ms Script
application/javascript 197.242.144.104
Afrihost

General

Check archive.org

Show headers Download Go to

Full URL: https://heirheads.co.za/.well-known/true/info/i/2.js
Requested by: Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 197.242.144.104 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: dot.aserv.co.za
Software: Apache /
Resource Hash: 9d40b569e56eb45951b82c076f76386c2d36efef6ba320d92be4af99e67c3575

Request headers

Referer: https://heirheads.co.za/.well-known/true/info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 11 Jul 2019 09:42:00 GMT
Last-Modified: Sun, 08 Dec 2013 13:36:42 GMT
Server: Apache
ETag: "44ee8-4ed05f839ce80"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 282344

GET
H2 200 scr_gray-bkgd.png
www.paypalobjects.com/webstatic/i/ex_ce2/scr/ 2 KB
2 KB 37ms
36ms Image
image/png 23.210.248.226
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/i/ex_ce2/scr/scr_gray-bkgd.png

Requested by

Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/i/1.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a23-210-248-226.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

8989f902aac638178b44581ddfd4245ea17d61c77c450657bf752083c95c688f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://heirheads.co.za/.well-known/true/info/i/style1.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 11 Jul 2019 09:42:01 GMT
x-content-type-options: nosniff
last-modified: Tue, 07 Jan 2014 00:36:45 GMT
server: Apache
strict-transport-security: max-age=31536000
p3p: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-type: image/png
content-length: 1706
expires: Thu, 11 Jul 2019 09:42:01 GMT

GET
H2 200 scr_content-bkgd.png
www.paypalobjects.com/webstatic/i/ex_ce2/scr/ 3 KB
3 KB 32ms
32ms Image
image/png 23.210.248.226
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/i/ex_ce2/scr/scr_content-bkgd.png

Requested by

Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a23-210-248-226.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0de9dc4df795b30e9fa458090c49ab8137e65a7901803c81895cef56ac543d13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://heirheads.co.za/.well-known/true/info/i/style1.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 11 Jul 2019 09:42:01 GMT
x-content-type-options: nosniff
last-modified: Tue, 07 Jan 2014 00:36:46 GMT
server: Apache
strict-transport-security: max-age=31536000
p3p: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-type: image/png
content-length: 2681
expires: Thu, 11 Jul 2019 09:42:01 GMT

GET
H2 200 scr_gray-bkgd.png
www.paypalobjects.com/webstatic/i/sparta/scr/ 2 KB
2 KB 34ms
34ms Image
image/png 23.210.248.226
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/i/sparta/scr/scr_gray-bkgd.png

Requested by

Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a23-210-248-226.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

8989f902aac638178b44581ddfd4245ea17d61c77c450657bf752083c95c688f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://heirheads.co.za/.well-known/true/info/i/style1.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 11 Jul 2019 09:42:01 GMT
x-content-type-options: nosniff
last-modified: Tue, 07 Jan 2014 00:36:55 GMT
server: Apache
strict-transport-security: max-age=31536000
p3p: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-type: image/png
content-length: 1706
expires: Thu, 11 Jul 2019 09:42:01 GMT

GET
H2 200 sprite_ia.png
www.paypalobjects.com/webstatic/i/sparta/sprite/ 18 KB
19 KB 42ms
42ms Image
image/png 23.210.248.226
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/i/sparta/sprite/sprite_ia.png

Requested by

Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a23-210-248-226.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

fb2434a896e3e106be72dbbcb361d048b3e1edc30239ae94113becd33ec4fa39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://heirheads.co.za/.well-known/true/info/i/style1.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 11 Jul 2019 09:42:01 GMT
x-content-type-options: nosniff
last-modified: Tue, 07 Jan 2014 00:36:55 GMT
server: Apache
strict-transport-security: max-age=31536000
p3p: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-type: image/png
content-length: 18929
expires: Thu, 11 Jul 2019 09:42:01 GMT

GET
H2 200 interior-gradient-bottom.png
www.paypalobjects.com/webstatic/mktg/consumer/gradients/ 951 B
1 KB 34ms
33ms Image
image/png 23.210.248.226
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/mktg/consumer/gradients/interior-gradient-bottom.png

Requested by

Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a23-210-248-226.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b960c231e8e59f6c73ba9e3af6e76dbe04b8c75b430ddac77f6f42e6ba47b98e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://heirheads.co.za/.well-known/true/info/i/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 11 Jul 2019 09:42:01 GMT
x-content-type-options: nosniff
last-modified: Tue, 07 Jan 2014 00:43:12 GMT
server: Apache
strict-transport-security: max-age=31536000
p3p: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-type: image/png
content-length: 951
expires: Thu, 11 Jul 2019 09:42:01 GMT

GET
H2 200 interior-gradient-top.png
www.paypalobjects.com/webstatic/mktg/consumer/gradients/ 952 B
1 KB 31ms
31ms Image
image/png 23.210.248.226
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/mktg/consumer/gradients/interior-gradient-top.png

Requested by

Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a23-210-248-226.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

f2c173be6a198adf60868c86f6e093f3b850bef0da34689e981fe218ad2a43a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://heirheads.co.za/.well-known/true/info/i/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 11 Jul 2019 09:42:01 GMT
x-content-type-options: nosniff
last-modified: Tue, 07 Jan 2014 00:43:12 GMT
server: Apache
strict-transport-security: max-age=31536000
p3p: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-type: image/png
content-length: 952
expires: Thu, 11 Jul 2019 09:42:01 GMT

GET
H/1.1 200
OK hero_signup_counter.jpg
heirheads.co.za/.well-known/true/info/i/ 102 KB
102 KB 333ms
183ms Image
image/jpeg 197.242.144.104
Afrihost

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://heirheads.co.za/.well-known/true/info/i/hero_signup_counter.jpg
Requested by: Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 197.242.144.104 , South Africa, ASN37611 (Afrihost, ZA),
Reverse DNS: dot.aserv.co.za
Software: Apache /
Resource Hash: 883315dca8d8b7c8096c2b3371dda718cebcabd7a4966c0811eb2eb7dc63b4bb

Request headers

Referer: https://heirheads.co.za/.well-known/true/info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 11 Jul 2019 09:42:00 GMT
Last-Modified: Sun, 08 Dec 2013 08:18:34 GMT
Server: Apache
ETag: "198ed-4ed01867e0a80"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 104685

GET
H2 200 vertical-gradient-sprite.png
www.paypalobjects.com/webstatic/mktg/consumer/pages/home/ 1 KB
2 KB 40ms
40ms Image
image/png 23.210.248.226
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/mktg/consumer/pages/home/vertical-gradient-sprite.png

Requested by

Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a23-210-248-226.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

713be2b4e284567cbe1052bf8b5e43b0e4f6cf232b4f0cb429e51c1a748bac22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://heirheads.co.za/.well-known/true/info/i/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 11 Jul 2019 09:42:01 GMT
x-content-type-options: nosniff
last-modified: Tue, 07 Jan 2014 00:43:02 GMT
server: Apache
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 1482
expires: Thu, 11 Jul 2019 09:42:01 GMT

GET
H2

200

homepage-gradient-top.png
www.paypalobjects.com/webstatic/mktg/consumer/pages/home/
Redirect Chain

https://www.paypalobjects.com/webstatic/mktg/consumer/pages/home/homepage-gradient-top.png
https://ak1s.abmr.net/is/www.paypalobjects.com?U=/webstatic/mktg/consumer/pages/home/homepage-gradient-top.png&V=3-UQrwtqoEgzhL%2fet3DI9xQFwXd6Ue6KZvNSfOfpykHWhAa3qRdlVempSPfSV9vVAY&I=4ECFEB15347CF...
https://www.paypalobjects.com/webstatic/mktg/consumer/pages/home/homepage-gradient-top.png?01AD=3ftvhFEh-H2BrwHbALoSpjXl86udmiQKoHdArwvUfP30FpHqxC4criA&01RI=4ECFEB15347CF85&01NA=na

955 B
1 KB

230ms
229ms

Image
image/png

23.210.248.226
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/mktg/consumer/pages/home/homepage-gradient-top.png?01AD=3ftvhFEh-H2BrwHbALoSpjXl86udmiQKoHdArwvUfP30FpHqxC4criA&01RI=4ECFEB15347CF85&01NA=na

Requested by

Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a23-210-248-226.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

bbf40134304a63796fa2b6a75466a19d6e675c205af5cb0c41387def3841bd04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://heirheads.co.za/.well-known/true/info/i/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 11 Jul 2019 09:42:08 GMT
x-content-type-options: nosniff
last-modified: Tue, 07 Jan 2014 00:43:02 GMT
server: Apache
strict-transport-security: max-age=31536000
p3p: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-type: image/png
content-length: 955
expires: Thu, 11 Jul 2019 09:42:08 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 11 Jul 2019 09:42:08 GMT
P3P: policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"
Location: https://www.paypalobjects.com/webstatic/mktg/consumer/pages/home/homepage-gradient-top.png?01AD=3ftvhFEh-H2BrwHbALoSpjXl86udmiQKoHdArwvUfP30FpHqxC4criA&01RI=4ECFEB15347CF85&01NA=na
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Expires: Thu, 11 Jul 2019 09:42:08 GMT

GET
H2 200 sprite_header_footer_94.png
www.paypalobjects.com/webstatic/i/sparta/sprite/ 5 KB
5 KB 36ms
36ms Image
image/png 23.210.248.226
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/i/sparta/sprite/sprite_header_footer_94.png

Requested by

Host: heirheads.co.za
URL: https://heirheads.co.za/.well-known/true/info/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.210.248.226 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a23-210-248-226.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0d20242be67c0597e0203dacb7f9b5cec66c3ad056045929faf4605142e854a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://heirheads.co.za/.well-known/true/info/i/style1.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 11 Jul 2019 09:42:01 GMT
x-content-type-options: nosniff
last-modified: Tue, 07 Jan 2014 00:36:55 GMT
server: Apache
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
cache-control: max-age=7776000
accept-ranges: bytes
content-length: 4984
expires: Wed, 09 Oct 2019 09:42:01 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ak1s.abmr.net
heirheads.co.za
pipingvidya.com
www.paypalobjects.com
104.111.225.214
167.86.115.117
197.242.144.104
23.210.248.226
042af5e5bcafb1c47c62475fb00a65bc522992e2bfb7a55edf243e04590dc0ba
0d20242be67c0597e0203dacb7f9b5cec66c3ad056045929faf4605142e854a2
0de9dc4df795b30e9fa458090c49ab8137e65a7901803c81895cef56ac543d13
26f4d159a73ab641c683f4595d75e97ebde21740cede826ae73f4d036b3386b1
44394b743f692cfabfeeb2e5e5bfa82eda8b38cd8948f51e420ace08db5d377c
713be2b4e284567cbe1052bf8b5e43b0e4f6cf232b4f0cb429e51c1a748bac22
7bbc65e95b36ececb089c29be61503025be358653b7deb3af505ae1e880a08a1
7cabfc220823b90e666f378d3835c89b9c715279a2adf5ec4eb621c6781f7cf4
7ee817ef7aab069bd57e8a3082f62ba70ed249e8f7faff7f1cc3b503fbe0fc7d
883315dca8d8b7c8096c2b3371dda718cebcabd7a4966c0811eb2eb7dc63b4bb
8989f902aac638178b44581ddfd4245ea17d61c77c450657bf752083c95c688f
9d40b569e56eb45951b82c076f76386c2d36efef6ba320d92be4af99e67c3575
9db0dabd50fbadf8c46bda6dc6bc6f1ae53ccf8332921098b1fec4b0e7f772ee
a5e7ed4cc2cf01ddc29aa7bca5fd6d2c93a9c081c2d9f9de65d68c77b35c78d5
b1294cdd8fd123c39e49b9a69c03d4b30043395338297d1ff4c0535a39cfb239
b960c231e8e59f6c73ba9e3af6e76dbe04b8c75b430ddac77f6f42e6ba47b98e
bbf40134304a63796fa2b6a75466a19d6e675c205af5cb0c41387def3841bd04
c4539b6d99ff1b7e97943f3dcbb3a1eb45b77b81248455e3c15f374487ddf9eb
f2c173be6a198adf60868c86f6e093f3b850bef0da34689e981fe218ad2a43a1
fb2434a896e3e106be72dbbcb361d048b3e1edc30239ae94113becd33ec4fa39

heirheads.co.za Open in urlscan Pro 197.242.144.104 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

22 Requests

100 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

3 IPs

3 Countries

687 kBTransfer

681 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

0 Cookies

Indicators

heirheads.co.za Open in urlscan Pro
197.242.144.104 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

687 kB
Transfer

681 kB
Size

0
Cookies

22 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!