a3cc-p21ay9al.com
Open in
urlscan Pro
68.65.121.239
Malicious Activity!
Public Scan
Effective URL: https://a3cc-p21ay9al.com/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2FhybBEwbuWbV&AccessTo...
Submission: On April 09 via manual from US
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 8th 2021. Valid for: a year.
This is the only time a3cc-p21ay9al.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 11 | 68.65.121.239 68.65.121.239 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
10 | 1 |
ASN22612 (NAMECHEAP-NET, US)
PTR: premium95-2.web-hosting.com
a3cc-p21ay9al.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
a3cc-p21ay9al.com
1 redirects
a3cc-p21ay9al.com |
164 KB |
10 | 1 |
Domain | Requested by | |
---|---|---|
11 | a3cc-p21ay9al.com |
1 redirects
a3cc-p21ay9al.com
|
10 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
a3cc-p21ay9al.com Sectigo RSA Domain Validation Secure Server CA |
2021-04-08 - 2022-04-08 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://a3cc-p21ay9al.com/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2FhybBEwbuWbV&AccessToken=ETJnvoLYbGUSQCxCTmUWuxXFEKwxIpbAfShpqzzvvxyzhSHLlSJ
Frame ID: 7AEC4A586D87D2A2FC1248F30732CF10
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://a3cc-p21ay9al.com/
HTTP 301
https://a3cc-p21ay9al.com/ Page URL
- https://a3cc-p21ay9al.com/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2F... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://a3cc-p21ay9al.com/
HTTP 301
https://a3cc-p21ay9al.com/ Page URL
- https://a3cc-p21ay9al.com/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2FhybBEwbuWbV&AccessToken=ETJnvoLYbGUSQCxCTmUWuxXFEKwxIpbAfShpqzzvvxyzhSHLlSJ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://a3cc-p21ay9al.com/ HTTP 301
- https://a3cc-p21ay9al.com/
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
a3cc-p21ay9al.com/ Redirect Chain
|
273 B 531 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
Notification.php
a3cc-p21ay9al.com/ |
297 KB 39 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fonts.css
a3cc-p21ay9al.com/world/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
library.css
a3cc-p21ay9al.com/world/ |
104 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
extra.css
a3cc-p21ay9al.com/world/ |
2 KB 473 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
paypal-logo-129x32.svg
a3cc-p21ay9al.com/world/rock/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalSansSmall-Regular.woff2
a3cc-p21ay9al.com/world/ |
18 KB 18 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalVXIcons-Regular.woff2
a3cc-p21ay9al.com/world/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalSansBig-Light.woff2
a3cc-p21ay9al.com/world/ |
37 KB 37 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalSansSmall-Medium.woff2
a3cc-p21ay9al.com/world/ |
38 KB 38 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
a3cc-p21ay9al.com/ | Name: PHPSESSID Value: c1feef61f650b6a3e96fbc44febd6a4a |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
a3cc-p21ay9al.com
68.65.121.239
2bd489558b2373c5faeecbdf17bfd8a619cf5db1cad8d648dcbd40d98d3d980d
31c3473acb3ac19aaee7724d24ab302e81d2cd04edde55d3fa54f84cd7e362ac
4619d70d7bd1b3d7572940e9ee7f31bc4c07f4c9cad6ae2d3e5b2eb555b6a2c0
708f7e048ad0ea171993ca4963ff6fb5d7272d305a76857a88e729ae380c0714
784e5ff54cbb821973f77ec3cca61018292a62d40836d39d68406d921de9b419
af93d1d952b2dc42c029871cbbb92988835b31c86d4f0cb6a9674b1d1714a20f
b337b4723a05881b0fdbc54695b0558d288b13ab9d98ff45d091e51d78fd6ed0
e7732075c1658de8aa753e0eee55aaaa03d3bd2d4cb59cf77ee5ecbf52977ae2
f23001c6e7b6598945187f0720151e76b3b147c678e103abc1c9e1a60107713b
f91ce69f5d6223d76701c7aa9507fa542ff026e153aab119187294c5eedd0b3f