![](/screenshots/0d150840-28d7-4cc8-acf5-8fcb889e94c0.png)
billing.disneypay.do
Open in
urlscan Pro
104.21.14.242
Malicious Activity!
Public Scan
Effective URL: http://billing.disneypay.do/home/dplus-login.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLa...
Submission: On April 09 via api from PL — Scanned from PL
Summary
This is the only time billing.disneypay.do was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Disney (Entertainment)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 11 | 104.21.14.242 104.21.14.242 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
10 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
disneypay.do
1 redirects
billing.disneypay.do |
206 KB |
10 | 1 |
Domain | Requested by | |
---|---|---|
11 | billing.disneypay.do |
1 redirects
billing.disneypay.do
|
10 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://billing.disneypay.do/home/dplus-login.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMS4wLjU1NjMuMTQ2IFNhZmFyaS81MzcuMzYxNzYuNjcuODYuMTY2MjAyMzpBcHI6U3Vu
Frame ID: BAA34E97482B9511E2BA73F3904FEDC3
Requests: 10 HTTP requests in this frame
Screenshot
![](/screenshots/0d150840-28d7-4cc8-acf5-8fcb889e94c0.png)
Page Title
Login | Disney+Page URL History Show full URLs
- http://billing.disneypay.do/ Page URL
-
http://billing.disneypay.do/home/
HTTP 302
http://billing.disneypay.do/home/dplus-login.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7I... Page URL
Detected technologies
Detected patterns
- \.php(?:$|\?)
![](/vendor/wappa/icons/React.png)
Detected patterns
- <[^>]+data-react
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://billing.disneypay.do/ Page URL
-
http://billing.disneypay.do/home/
HTTP 302
http://billing.disneypay.do/home/dplus-login.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMS4wLjU1NjMuMTQ2IFNhZmFyaS81MzcuMzYxNzYuNjcuODYuMTY2MjAyMzpBcHI6U3Vu Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
billing.disneypay.do/ |
104 B 816 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
dplus-login.php
billing.disneypay.do/home/ Redirect Chain
|
8 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app_styles_bundle.css
billing.disneypay.do/style/ |
298 KB 46 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
billing.disneypay.do/style/ |
29 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
react.css
billing.disneypay.do/style/ |
40 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-loader-32@3x.png
billing.disneypay.do/img/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.svg
billing.disneypay.do/img/ico/ |
7 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
billing.disneypay.do/js/ |
86 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Avenir-Heavy-05.woff
billing.disneypay.do/fonts/ |
56 KB 57 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Avenir-Roman-12.woff
billing.disneypay.do/fonts/ |
42 KB 43 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Disney (Entertainment)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
billing.disneypay.do
104.21.14.242
0029f1286a69af2513ce3bc9b9818f73b1dae86d6e69e6190e32e8ceb20404d8
0efae8927c3a86e353d09d08ec7f30d5e18260295b589d68c66a24dff5ba944a
1920ca5153bc2ae87e17795a12ac5835113513b922c95d0bf44ee026200b8631
23248741c76ca3d003122a50aacffd608d0d568c7048b296ef73a1ec1ca59c5d
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a
4442cba812240f56b7adde799c1a97c7970875d0d01cbf1c5667e25c6beed2cf
5acc14f1488930083712f8ed8aa2a253d377a7b46112509ab3b6fdea19908aca
6a7eb353b38a935a0ec168fb6429a2705ee9a9b5003831787f8fa66b6a6b3554
7f969dfd78c9a121df069f10e78d4b6072b83276a27f0908041db9a2fb46967f
893f8711ea9d5dd2d3088528641d44fe48814667ffc9f8b262eede784735cc87