billing.disneypay.do Open in urlscan Pro
104.21.14.242 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://billing.disneypay.do/
Effective URL:
http://billing.disneypay.do/home/dplus-login.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLa...
Submission: On April 09 via api (April 9th 2023, 5:00:17 pm UTC) from PL — Scanned from PL

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 104.21.14.242, located in and belongs to CLOUDFLARENET, US. The main domain is billing.disneypay.do.

This is the only time billing.disneypay.do was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Disney (Entertainment)

Domain & IP information

	IP Address		AS Autonomous System
1 11	104.21.14.242 104.21.14.242		13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	1

11 104.21.14.242 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

billing.disneypay.do	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	disneypay.do 1 redirects billing.disneypay.do	206 KB
10	1

	Domain	Requested by
11	billing.disneypay.do	1 redirects billing.disneypay.do
10	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://billing.disneypay.do/home/dplus-login.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMS4wLjU1NjMuMTQ2IFNhZmFyaS81MzcuMzYxNzYuNjcuODYuMTY2MjAyMzpBcHI6U3Vu
Frame ID: BAA34E97482B9511E2BA73F3904FEDC3
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login | Disney+

Page URL History Show full URLs

http://billing.disneypay.do/ Page URL
http://billing.disneypay.do/home/ HTTP 302
http://billing.disneypay.do/home/dplus-login.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7I... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

205 kB
Transfer

570 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://billing.disneypay.do/ Page URL
http://billing.disneypay.do/home/ HTTP 302
http://billing.disneypay.do/home/dplus-login.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMS4wLjU1NjMuMTQ2IFNhZmFyaS81MzcuMzYxNzYuNjcuODYuMTY2MjAyMzpBcHI6U3Vu Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response billing.disneypay.do/	104 B 816 B	313ms 108ms	Document text/html	104.21.14.242 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://billing.disneypay.do/ Protocol HTTP/1.1 Server 104.21.14.242 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0efae8927c3a86e353d09d08ec7f30d5e18260295b589d68c66a24dff5ba944a` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 accept-language pl-PL,pl;q=0.9 Response headers CF-Cache-Status DYNAMIC CF-RAY 7b544e122b7a350a-WAW Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Sun, 09 Apr 2023 17:00:12 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LjUi10gvrrpvoJjKAZCyccafbhX1xcaQZClZoqC2ssvyYfn29uyBBnvttzvhPxgbyqZv2d%2ByQDz4arhEdx0kms4vbGFZJ7C2Ns4ljGbV9%2BqOSZf2umb9iPTBDBJPFWZpfpWPNUeJvg%3D%3D"}],"group":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Vary Accept-Encoding X-Proxy-Cache DISABLED alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H/1.1	200 OK	Primary Request dplus-login.php Show response billing.disneypay.do/home/ Redirect Chain http://billing.disneypay.do/home/ http://billing.disneypay.do/home/dplus-login.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMS4wLjU1NjMuMTQ2IFNhZm...	8 KB 3 KB	66ms 66ms	Document text/html	104.21.14.242 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://billing.disneypay.do/home/dplus-login.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMS4wLjU1NjMuMTQ2IFNhZmFyaS81MzcuMzYxNzYuNjcuODYuMTY2MjAyMzpBcHI6U3Vu Protocol HTTP/1.1 Server 104.21.14.242 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `893f8711ea9d5dd2d3088528641d44fe48814667ffc9f8b262eede784735cc87` Request headers Referer http://billing.disneypay.do/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 accept-language pl-PL,pl;q=0.9 Response headers CF-Cache-Status DYNAMIC CF-RAY 7b544e136cd2350a-WAW Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Sun, 09 Apr 2023 17:00:12 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eesy%2FMmjxxKZhr4NRRzx8VncKgxLWgGH0MZZrAcUcJ1Ih9atzKw6lln0P7StnENIDidosH4HxOozgbakpt%2BUXoVMlnFuHgX4FoMQCjWQS0pLAwZjeCcSUI9kdHGk9PzgxkX0YQUz5A%3D%3D"}],"group":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Vary Accept-Encoding X-Proxy-Cache DISABLED alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 Redirect headers CF-Cache-Status DYNAMIC CF-RAY 7b544e130c6c350a-WAW Connection keep-alive Content-Type text/html; charset=UTF-8 Date Sun, 09 Apr 2023 17:00:12 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P8P%2FtZfgayQao80JddgiqvgMRT4Gehk3%2Fh%2BYXYGm%2BET8l%2BfrF74TG9n71dO61HT4khYI7P%2Fr7SAyI250HaFhJWOn1oINMFnM%2FXFbET4vnhAV8KFNw2NbHzu1GgnmpEemcyjiPNNJVg%3D%3D"}],"group":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked X-Proxy-Cache DISABLED alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 location dplus-login.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMS4wLjU1NjMuMTQ2IFNhZmFyaS81MzcuMzYxNzYuNjcuODYuMTY2MjAyMzpBcHI6U3Vu
GET H/1.1	200 OK	app_styles_bundle.css billing.disneypay.do/style/	298 KB 46 KB	109ms 109ms	Stylesheet text/css	104.21.14.242 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://billing.disneypay.do/style/app_styles_bundle.css Requested by Host: billing.disneypay.do URL: http://billing.disneypay.do/home/dplus-login.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMS4wLjU1NjMuMTQ2IFNhZmFyaS81MzcuMzYxNzYuNjcuODYuMTY2MjAyMzpBcHI6U3Vu Protocol HTTP/1.1 Server 104.21.14.242 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0029f1286a69af2513ce3bc9b9818f73b1dae86d6e69e6190e32e8ceb20404d8` Request headers accept-language pl-PL,pl;q=0.9 Referer http://billing.disneypay.do/home/dplus-login.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMS4wLjU1NjMuMTQ2IFNhZmFyaS81MzcuMzYxNzYuNjcuODYuMTY2MjAyMzpBcHI6U3Vu User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Sun, 09 Apr 2023 17:00:12 GMT Content-Encoding gzip CF-Cache-Status MISS Last-Modified Thu, 06 Apr 2023 01:40:08 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uQESA9x6ZTsGwMTwVUGpLPFF9S%2Bh5g%2B%2FBhqD0Ro7CJQSNX21P89fhTgcUq5v1ERI1okddDGjRNZLLApj3N6jiaFzltMiJVYf%2BWOSDUDyU%2B%2B0vkigqwyX7yRBfkdBG2bIKl18AYwPjA%3D%3D"}],"group":"cf-nel","max_age":604800} Cache-Control max-age=14400 Connection keep-alive CF-RAY 7b544e13dd4e350a-WAW alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 X-Proxy-Cache DISABLED
GET H/1.1	200 OK	main.css billing.disneypay.do/style/	29 KB 5 KB	120ms 91ms	Stylesheet text/css	104.21.14.242 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://billing.disneypay.do/style/main.css Requested by Host: billing.disneypay.do URL: http://billing.disneypay.do/home/dplus-login.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMS4wLjU1NjMuMTQ2IFNhZmFyaS81MzcuMzYxNzYuNjcuODYuMTY2MjAyMzpBcHI6U3Vu Protocol HTTP/1.1 Server 104.21.14.242 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7f969dfd78c9a121df069f10e78d4b6072b83276a27f0908041db9a2fb46967f` Request headers accept-language pl-PL,pl;q=0.9 Referer http://billing.disneypay.do/home/dplus-login.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMS4wLjU1NjMuMTQ2IFNhZmFyaS81MzcuMzYxNzYuNjcuODYuMTY2MjAyMzpBcHI6U3Vu User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Sun, 09 Apr 2023 17:00:12 GMT Content-Encoding gzip CF-Cache-Status MISS Last-Modified Thu, 06 Apr 2023 01:40:08 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iewnvFRim9f02Eacyzisnl9fwgWmuvHYDVDC2GXR%2FcXGKDnVn0NZKHG%2FkrmEiC%2FdsBdj1JeYKb4R8z%2FtM%2BXvYAzsuL7eVCcvdHaAH4fuCg9n4ydNMMBT2ZWgbHe8y8md7F3c%2Fjvz9A%3D%3D"}],"group":"cf-nel","max_age":604800} Cache-Control max-age=14400 Connection keep-alive CF-RAY 7b544e140e3434b8-WAW alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 X-Proxy-Cache DISABLED
GET H/1.1	200 OK	react.css billing.disneypay.do/style/	40 KB 9 KB	119ms 91ms	Stylesheet text/css	104.21.14.242 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://billing.disneypay.do/style/react.css Requested by Host: billing.disneypay.do URL: http://billing.disneypay.do/home/dplus-login.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMS4wLjU1NjMuMTQ2IFNhZmFyaS81MzcuMzYxNzYuNjcuODYuMTY2MjAyMzpBcHI6U3Vu Protocol HTTP/1.1 Server 104.21.14.242 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5acc14f1488930083712f8ed8aa2a253d377a7b46112509ab3b6fdea19908aca` Request headers accept-language pl-PL,pl;q=0.9 Referer http://billing.disneypay.do/home/dplus-login.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMS4wLjU1NjMuMTQ2IFNhZmFyaS81MzcuMzYxNzYuNjcuODYuMTY2MjAyMzpBcHI6U3Vu User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Sun, 09 Apr 2023 17:00:12 GMT Content-Encoding gzip CF-Cache-Status MISS Last-Modified Thu, 06 Apr 2023 01:40:08 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tp7I8Fe4Eskl9B4CkZtC9PI1gNrEXVGrMqpE0CY9B6vBzpMWAa7chiLwJquj0jZWImAVX1izN4SfhSSsxyS7F0X7fOhD4AyEU7G3%2FUo%2BgJRySxXHahDWQksLXkK6iufjLdO4dbjxvA%3D%3D"}],"group":"cf-nel","max_age":604800} Cache-Control max-age=14400 Connection keep-alive CF-RAY 7b544e14092d34a6-WAW alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 X-Proxy-Cache DISABLED
GET H/1.1	200 OK	icon-loader-32@3x.png billing.disneypay.do/img/	4 KB 5 KB	79ms 79ms	Image image/png	104.21.14.242 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://billing.disneypay.do/img/icon-loader-32@3x.png Requested by Host: billing.disneypay.do URL: http://billing.disneypay.do/home/dplus-login.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMS4wLjU1NjMuMTQ2IFNhZmFyaS81MzcuMzYxNzYuNjcuODYuMTY2MjAyMzpBcHI6U3Vu Protocol HTTP/1.1 Server 104.21.14.242 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `23248741c76ca3d003122a50aacffd608d0d568c7048b296ef73a1ec1ca59c5d` Request headers accept-language pl-PL,pl;q=0.9 Referer http://billing.disneypay.do/home/dplus-login.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMS4wLjU1NjMuMTQ2IFNhZmFyaS81MzcuMzYxNzYuNjcuODYuMTY2MjAyMzpBcHI6U3Vu User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Sun, 09 Apr 2023 17:00:12 GMT CF-Cache-Status MISS Last-Modified Thu, 06 Apr 2023 01:40:08 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9VnJXr6zDl4NH%2F0XglnbZJClJvqiGWFL8%2BObyQDoyJ%2FizMvgK0bOmfSUHKixt%2FoR4shdjuyGlDVTxY3b4GKTLbSNDkZ54UDpQ5Sl7X%2Fgl2nvLAbm2aOdN9trFmQ4nY2Q0CuqnI1aKg%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type image/png Cache-Control max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 7b544e14be44350a-WAW alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 Content-Length 4567 X-Proxy-Cache DISABLED
GET H/1.1	200 OK	logo.svg billing.disneypay.do/img/ico/	7 KB 4 KB	88ms 88ms	Image image/svg+xml	104.21.14.242 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://billing.disneypay.do/img/ico/logo.svg Requested by Host: billing.disneypay.do URL: http://billing.disneypay.do/home/dplus-login.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMS4wLjU1NjMuMTQ2IFNhZmFyaS81MzcuMzYxNzYuNjcuODYuMTY2MjAyMzpBcHI6U3Vu Protocol HTTP/1.1 Server 104.21.14.242 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6a7eb353b38a935a0ec168fb6429a2705ee9a9b5003831787f8fa66b6a6b3554` Request headers accept-language pl-PL,pl;q=0.9 Referer http://billing.disneypay.do/home/dplus-login.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMS4wLjU1NjMuMTQ2IFNhZmFyaS81MzcuMzYxNzYuNjcuODYuMTY2MjAyMzpBcHI6U3Vu User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Sun, 09 Apr 2023 17:00:12 GMT Content-Encoding gzip CF-Cache-Status MISS Last-Modified Thu, 06 Apr 2023 01:40:08 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5haKrZ6dtYMLCc6oPGULcn4Gc5MGRmiQTOL2z7%2BiVUlL%2FC8YD%2BImetpn6odDZmrL%2FrhupjHtwvpgr8sYiuVDhc8ekyYbfzqPMZXRDvTFk%2BR3Xw9w9%2B1nrvCWKKVxdulfBDvHShfzwQ%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type image/svg+xml Vary Accept-Encoding Cache-Control max-age=14400 Connection keep-alive CF-RAY 7b544e14c9df34a6-WAW alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 X-Proxy-Cache DISABLED
GET H/1.1	200 OK	jquery.min.js Show response billing.disneypay.do/js/	86 KB 34 KB	107ms 107ms	Script application/javascript	104.21.14.242 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://billing.disneypay.do/js/jquery.min.js Requested by Host: billing.disneypay.do URL: http://billing.disneypay.do/home/dplus-login.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMS4wLjU1NjMuMTQ2IFNhZmFyaS81MzcuMzYxNzYuNjcuODYuMTY2MjAyMzpBcHI6U3Vu Protocol HTTP/1.1 Server 104.21.14.242 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a` Request headers accept-language pl-PL,pl;q=0.9 Referer http://billing.disneypay.do/home/dplus-login.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMS4wLjU1NjMuMTQ2IFNhZmFyaS81MzcuMzYxNzYuNjcuODYuMTY2MjAyMzpBcHI6U3Vu User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Sun, 09 Apr 2023 17:00:12 GMT Content-Encoding gzip CF-Cache-Status MISS Last-Modified Thu, 06 Apr 2023 01:40:08 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pqkzOMtkQI36QoW9C9bx6OOhfZVh6cW67Ew9pTnbLwTJ7Oj9FKFRD6riT4rU%2BfLUJqLInid3x80TiarlYaqx%2FB7JNXXq9bhyBSlp6QRRsiOy9KhW0HUn%2BVu7nACZK4KT%2FLLEgEVssQ%3D%3D"}],"group":"cf-nel","max_age":604800} Cache-Control max-age=14400 Connection keep-alive CF-RAY 7b544e149ee134b8-WAW alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 X-Proxy-Cache DISABLED
GET H/1.1	200 OK	Avenir-Heavy-05.woff billing.disneypay.do/fonts/	56 KB 57 KB	172ms 144ms	Font font/woff	104.21.14.242 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://billing.disneypay.do/fonts/Avenir-Heavy-05.woff Requested by Host: billing.disneypay.do URL: http://billing.disneypay.do/style/main.css Protocol HTTP/1.1 Server 104.21.14.242 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1920ca5153bc2ae87e17795a12ac5835113513b922c95d0bf44ee026200b8631` Request headers Referer http://billing.disneypay.do/style/main.css Origin http://billing.disneypay.do accept-language pl-PL,pl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Sun, 09 Apr 2023 17:00:13 GMT CF-Cache-Status MISS Last-Modified Thu, 06 Apr 2023 01:40:08 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cHTvYF306PmxneCqwSsZNq38A1RoLnMaGcb5WTAd0sJe2w5j8Jp3yWzAT5E4MRu07hHY8uOpgvKRlOeKGgGpZaQxYSV4Ze5FZULkj27qdAk228CiRGl2%2F9fyXU5yRc7HA1tV0v%2FoeA%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type font/woff Cache-Control max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 7b544e14ff9d35cf-WAW alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 Content-Length 57168 X-Proxy-Cache DISABLED
GET H/1.1	200 OK	Avenir-Roman-12.woff billing.disneypay.do/fonts/	42 KB 43 KB	140ms 112ms	Font font/woff	104.21.14.242 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://billing.disneypay.do/fonts/Avenir-Roman-12.woff Requested by Host: billing.disneypay.do URL: http://billing.disneypay.do/style/main.css Protocol HTTP/1.1 Server 104.21.14.242 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4442cba812240f56b7adde799c1a97c7970875d0d01cbf1c5667e25c6beed2cf` Request headers Referer http://billing.disneypay.do/style/main.css Origin http://billing.disneypay.do accept-language pl-PL,pl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Sun, 09 Apr 2023 17:00:13 GMT CF-Cache-Status MISS Last-Modified Thu, 06 Apr 2023 01:40:08 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CyhdyeSdD0OO5zqfPuIuETbdX1yPLdHJLTwP6DTst0mUO5aLmca3QONtvvkPVd3AiOlhQ5ddCP3F25pd5nee7I8eZKNK%2FCF%2BGEgYymyPrJPPT8ygIuvGjBbNoO1gbSJOHbvo4wAK%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type font/woff Cache-Control max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 7b544e14f9d93557-WAW alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 Content-Length 43112 X-Proxy-Cache DISABLED

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Disney (Entertainment)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| $ function| jQuery

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

billing.disneypay.do
104.21.14.242
0029f1286a69af2513ce3bc9b9818f73b1dae86d6e69e6190e32e8ceb20404d8
0efae8927c3a86e353d09d08ec7f30d5e18260295b589d68c66a24dff5ba944a
1920ca5153bc2ae87e17795a12ac5835113513b922c95d0bf44ee026200b8631
23248741c76ca3d003122a50aacffd608d0d568c7048b296ef73a1ec1ca59c5d
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a
4442cba812240f56b7adde799c1a97c7970875d0d01cbf1c5667e25c6beed2cf
5acc14f1488930083712f8ed8aa2a253d377a7b46112509ab3b6fdea19908aca
6a7eb353b38a935a0ec168fb6429a2705ee9a9b5003831787f8fa66b6a6b3554
7f969dfd78c9a121df069f10e78d4b6072b83276a27f0908041db9a2fb46967f
893f8711ea9d5dd2d3088528641d44fe48814667ffc9f8b262eede784735cc87

billing.disneypay.do Open in urlscan Pro 104.21.14.242 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

205 kBTransfer

570 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Indicators

billing.disneypay.do Open in urlscan Pro
104.21.14.242 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

205 kB
Transfer

570 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!