index.pay-customer2.support Open in urlscan Pro
91.215.85.178 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://index.pay-customer2.support/
Effective URL:
https://index.pay-customer2.support/web/login.php?7da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f3...
Submission: On March 23 via manual (March 23rd 2024, 8:22:17 am UTC) from JP — Scanned from JP

Summary HTTP 20 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 20 HTTP transactions. The main IP is 91.215.85.178, located in Russian Federation and belongs to PROSPERO-AS, RU. The main domain is index.pay-customer2.support.
TLS certificate: Issued by R3 on March 23rd 2024. Valid for: 3 months.

This is the only time index.pay-customer2.support was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPay (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 20	91.215.85.178 91.215.85.178	200593 (PROSPERO-AS) (PROSPERO-AS)
1	99.84.133.6 99.84.133.6	16509 (AMAZON-02) (AMAZON-02)
20	2

20 91.215.85.178 (Russian Federation) 1 redirects

ASN200593 (PROSPERO-AS, RU)

index.pay-customer2.support	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.133.6 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-133-6.nrt57.r.cloudfront.net

assets.withdesk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	pay-customer2.support 1 redirects index.pay-customer2.support	691 KB
1	withdesk.com assets.withdesk.com
20	2

	Domain	Requested by
20	index.pay-customer2.support	1 redirects index.pay-customer2.support
1	assets.withdesk.com	index.pay-customer2.support
20	2

This site contains links to these domains. Also see Links.

Domain
help.paypay-bank.co.jp

Subject Issuer	Validity	Valid
index.pay-customer2.support R3	`2024-03-23` - `2024-06-21`	3 months	crt.sh
assets.withdesk.com Amazon RSA 2048 M02	`2024-02-15` - `2025-03-14`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://index.pay-customer2.support/web/login.php?7da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd0365
Frame ID: 9C343ADA9884CBC6521A69AAB4D77571
Requests: 15 HTTP requests in this frame

Frame: https://index.pay-customer2.support/web/1_files/saved_resource.html
Frame ID: F275C7B3BEA8C1B0172E74631CBC38C0
Requests: 1 HTTP requests in this frame

Frame: https://index.pay-customer2.support/web/1_files/saved_resource(1).html
Frame ID: 059BE5845004F3C4187F850F120667C7
Requests: 1 HTTP requests in this frame

Frame: https://index.pay-customer2.support/web/1_files/saved_resource(2).html
Frame ID: C8065CA263E8FEEE40D93CE3781C4133
Requests: 1 HTTP requests in this frame

Frame: https://index.pay-customer2.support/web/1_files/saved_resource(3).html
Frame ID: 30487AC962886EF013989D09CAD7A988
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

本人確認 - PayPay銀行

Page URL History Show full URLs

https://index.pay-customer2.support/ HTTP 302
https://index.pay-customer2.support/web/login.php?7da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd0... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

20
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

691 kB
Transfer

769 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://help.paypay-bank.co.jp/hc/ja

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://index.pay-customer2.support/ HTTP 302
https://index.pay-customer2.support/web/login.php?7da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd0365 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login.php Show response
index.pay-customer2.support/web/
Redirect Chain

https://index.pay-customer2.support/
https://index.pay-customer2.support/web/login.php?7da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f3...

11 KB
4 KB

312ms
311ms

Document
text/html

91.215.85.178
PROSPERO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://index.pay-customer2.support/web/login.php?7da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd0365

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

91.215.85.178 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx /

Resource Hash

bedf93ff259ef3315106e0a0cb2c5b2a3c6a5adfaac1428b67cbce107130fcb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11; LM-Q710(FGN)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
accept-language: ja-JP

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=Shift_JIS
date: Sat, 23 Mar 2024 08:21:56 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-type: text/html; charset=UTF-8
date: Sat, 23 Mar 2024 08:21:56 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: ./web/login.php?7da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd0365
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000

GET
H2 200 reset.css
index.pay-customer2.support/web/1_files/ 608 B
811 B 311ms
307ms Stylesheet
text/css 91.215.85.178
PROSPERO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://index.pay-customer2.support/web/1_files/reset.css

Requested by

Host: index.pay-customer2.support
URL: https://index.pay-customer2.support/web/login.php?7da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd0365

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

91.215.85.178 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx /

Resource Hash

2af026c006bf89cac540b75b5a34a84cb98b7401c5c03dadd40af95547848717

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: ja-JP
Referer: https://index.pay-customer2.support/web/login.php?7da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd0365
User-Agent: Mozilla/5.0 (Linux; Android 11; LM-Q710(FGN)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Sat, 23 Mar 2024 08:21:57 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 21 Feb 2023 11:03:48 GMT
server: nginx
etag: "63f4a514-260"
content-type: text/css
cache-control: max-age=43200
accept-ranges: bytes
content-length: 608
expires: Sat, 23 Mar 2024 20:21:57 GMT

GET
H2 200 component_smt.css
index.pay-customer2.support/web/1_files/ 21 KB
6 KB 316ms
313ms Stylesheet
text/css 91.215.85.178
PROSPERO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://index.pay-customer2.support/web/1_files/component_smt.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

91.215.85.178 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx /

Resource Hash

3b2651beae0c35ab4b21b9b3e40daabb5b9f9328f21c3c340db62ad3ec34cc37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: ja-JP
Referer: https://index.pay-customer2.support/web/login.php?7da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd0365
User-Agent: Mozilla/5.0 (Linux; Android 11; LM-Q710(FGN)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Sat, 23 Mar 2024 08:21:57 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Tue, 21 Feb 2023 11:03:48 GMT
server: nginx
etag: W/"63f4a514-54a4"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
expires: Sat, 23 Mar 2024 20:21:57 GMT

GET
H2 200 login_common_smt.css
index.pay-customer2.support/web/1_files/ 2 KB
1 KB 317ms
314ms Stylesheet
text/css 91.215.85.178
PROSPERO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://index.pay-customer2.support/web/1_files/login_common_smt.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

91.215.85.178 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx /

Resource Hash

0fafc0a3ea7584f1917ecdace6e8a75fe043ded92846985ff026373a4d48d385

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: ja-JP
Referer: https://index.pay-customer2.support/web/login.php?7da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd0365
User-Agent: Mozilla/5.0 (Linux; Android 11; LM-Q710(FGN)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Sat, 23 Mar 2024 08:21:57 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Tue, 21 Feb 2023 11:03:48 GMT
server: nginx
etag: W/"63f4a514-9d4"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
expires: Sat, 23 Mar 2024 20:21:57 GMT

GET
H2 200 main_logo.png
index.pay-customer2.support/web/1_files/ 5 KB
5 KB 905ms
899ms Image
image/png 91.215.85.178
PROSPERO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://index.pay-customer2.support/web/1_files/main_logo.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

91.215.85.178 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx /

Resource Hash

49cc5f6a48d5342d35aaa1439f849074f9da36d24ac4c36f5096059bd9d12560

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: ja-JP
Referer: https://index.pay-customer2.support/web/login.php?7da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd0365
User-Agent: Mozilla/5.0 (Linux; Android 11; LM-Q710(FGN)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Sat, 23 Mar 2024 08:21:57 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 21 Feb 2023 11:04:08 GMT
server: nginx
etag: "63f4a528-12ec"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 4844
expires: Mon, 22 Apr 2024 08:21:57 GMT

GET
H2 200 header_faq.png
index.pay-customer2.support/web/1_files/ 1 KB
1 KB 906ms
901ms Image
image/png 91.215.85.178
PROSPERO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://index.pay-customer2.support/web/1_files/header_faq.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

91.215.85.178 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx /

Resource Hash

62c7ab03d6d92ae39a651edcf68d9f7d9cc77719a64748be3eafd4db079857f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: ja-JP
Referer: https://index.pay-customer2.support/web/login.php?7da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd0365
User-Agent: Mozilla/5.0 (Linux; Android 11; LM-Q710(FGN)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Sat, 23 Mar 2024 08:21:57 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 21 Feb 2023 11:04:08 GMT
server: nginx
etag: "63f4a528-47f"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 1151
expires: Mon, 22 Apr 2024 08:21:57 GMT

GET
H2 200 footer_logo.png
index.pay-customer2.support/web/1_files/ 10 KB
10 KB 610ms
608ms Image
image/png 91.215.85.178
PROSPERO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://index.pay-customer2.support/web/1_files/footer_logo.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

91.215.85.178 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx /

Resource Hash

fe56bf45aaa0c3b74cd90b27319ff6351ce73b45100d9e7bea1c946eb1271f9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: ja-JP
Referer: https://index.pay-customer2.support/web/login.php?7da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd0365
User-Agent: Mozilla/5.0 (Linux; Android 11; LM-Q710(FGN)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Sat, 23 Mar 2024 08:21:57 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 21 Feb 2023 11:04:10 GMT
server: nginx
etag: "63f4a52a-271b"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 10011
expires: Mon, 22 Apr 2024 08:21:57 GMT

GET
H2 200 login_img001.gif
index.pay-customer2.support/web/1_files/ 43 B
247 B 907ms
903ms Image
image/gif 91.215.85.178
PROSPERO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://index.pay-customer2.support/web/1_files/login_img001.gif

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

91.215.85.178 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx /

Resource Hash

d3005a63604dec4786aa3e3aa7620601a0f247dd87ecaaef827910e883b02783

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: ja-JP
Referer: https://index.pay-customer2.support/web/login.php?7da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd0365
User-Agent: Mozilla/5.0 (Linux; Android 11; LM-Q710(FGN)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Sat, 23 Mar 2024 08:21:57 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 21 Feb 2023 11:04:10 GMT
server: nginx
etag: "63f4a52a-2b"
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 43
expires: Mon, 22 Apr 2024 08:21:57 GMT

GET
H2 200 86975.gif
index.pay-customer2.support/web/1_files/ 43 B
247 B 611ms
610ms Image
image/gif 91.215.85.178
PROSPERO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://index.pay-customer2.support/web/1_files/86975.gif

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

91.215.85.178 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx /

Resource Hash

ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: ja-JP
Referer: https://index.pay-customer2.support/web/login.php?7da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd0365
User-Agent: Mozilla/5.0 (Linux; Android 11; LM-Q710(FGN)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Sat, 23 Mar 2024 08:21:57 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 21 Feb 2023 11:04:10 GMT
server: nginx
etag: "63f4a52a-2b"
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 43
expires: Mon, 22 Apr 2024 08:21:57 GMT

GET
H2 200 impression
index.pay-customer2.support/web/1_files/ 43 B
203 B 908ms
904ms Image
application/octet-stream 91.215.85.178
PROSPERO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://index.pay-customer2.support/web/1_files/impression

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

91.215.85.178 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: ja-JP
Referer: https://index.pay-customer2.support/web/login.php?7da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd0365
User-Agent: Mozilla/5.0 (Linux; Android 11; LM-Q710(FGN)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Sat, 23 Mar 2024 08:21:57 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 21 Feb 2023 11:04:10 GMT
server: nginx
etag: "63f4a52a-2b"
content-type: application/octet-stream
accept-ranges: bytes
content-length: 43

GET
H2 200 0
index.pay-customer2.support/web/1_files/ 0
149 B 908ms
905ms Image
application/octet-stream 91.215.85.178
PROSPERO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://index.pay-customer2.support/web/1_files/0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

91.215.85.178 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: ja-JP
Referer: https://index.pay-customer2.support/web/login.php?7da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd0365
User-Agent: Mozilla/5.0 (Linux; Android 11; LM-Q710(FGN)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Sat, 23 Mar 2024 08:21:57 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 21 Feb 2023 11:04:12 GMT
server: nginx
etag: "63f4a52c-0"
content-type: application/octet-stream
accept-ranges: bytes
content-length: 0

GET
H2 200 bundle.a1ee95cd-92f2-4bac-91b1-cf1b8225df23.js.%E4%B8%8B%E8%BD%BD Show response
index.pay-customer2.support/web/1_files/ 622 KB
623 KB 909ms
906ms Script
application/octet-stream 91.215.85.178
PROSPERO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://index.pay-customer2.support/web/1_files/bundle.a1ee95cd-92f2-4bac-91b1-cf1b8225df23.js.%E4%B8%8B%E8%BD%BD

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

91.215.85.178 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx /

Resource Hash

df5d61a002fbf5f3f0fac53a9b5582297e0487c16d7f14de8fd3ff2852710e86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: ja-JP
Referer: https://index.pay-customer2.support/web/login.php?7da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd0365
User-Agent: Mozilla/5.0 (Linux; Android 11; LM-Q710(FGN)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Sat, 23 Mar 2024 08:21:57 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 21 Feb 2023 11:04:12 GMT
server: nginx
etag: "63f4a52c-9b833"
content-type: application/octet-stream
accept-ranges: bytes
content-length: 636979

GET
H2 200 jquery-1.11.1.min.js Show response
index.pay-customer2.support/js/ 94 KB
37 KB 610ms
603ms Script
application/javascript 91.215.85.178
PROSPERO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://index.pay-customer2.support/js/jquery-1.11.1.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

91.215.85.178 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx /

Resource Hash

540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: ja-JP
Referer: https://index.pay-customer2.support/web/login.php?7da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd0365
User-Agent: Mozilla/5.0 (Linux; Android 11; LM-Q710(FGN)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Sat, 23 Mar 2024 08:21:57 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 14 Aug 2019 17:12:30 GMT
server: nginx
etag: W/"5d5440fe-1762a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Sat, 23 Mar 2024 20:21:57 GMT

GET
H2 200 saved_resource.html Show response
index.pay-customer2.support/web/1_files/ Frame F275 187 B
339 B 1191ms
1190ms Document
text/html 91.215.85.178
PROSPERO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://index.pay-customer2.support/web/1_files/saved_resource.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

91.215.85.178 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx /

Resource Hash

26b46f719acd871d8928be4395181f2074907960165f42e81a82401dd046a230

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://index.pay-customer2.support/web/login.php?7da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd0365
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11; LM-Q710(FGN)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
accept-language: ja-JP

Response headers

accept-ranges: bytes
content-length: 187
content-type: text/html
date: Sat, 23 Mar 2024 08:21:57 GMT
etag: "63f4a52c-bb"
last-modified: Tue, 21 Feb 2023 11:04:12 GMT
server: nginx
strict-transport-security: max-age=31536000

GET
H2 200 saved_resource(1).html Show response
index.pay-customer2.support/web/1_files/ Frame 059B 187 B
339 B 1189ms
1188ms Document
text/html 91.215.85.178
PROSPERO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://index.pay-customer2.support/web/1_files/saved_resource(1).html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

91.215.85.178 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx /

Resource Hash

121cc01d594765771bb714f0fb294a3f6ceb3b897b14b72831c6d3777f464acd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://index.pay-customer2.support/web/login.php?7da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd0365
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11; LM-Q710(FGN)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
accept-language: ja-JP

Response headers

accept-ranges: bytes
content-length: 187
content-type: text/html
date: Sat, 23 Mar 2024 08:21:57 GMT
etag: "63f4a52c-bb"
last-modified: Tue, 21 Feb 2023 11:04:12 GMT
server: nginx
strict-transport-security: max-age=31536000

GET
H2 200 saved_resource(2).html Show response
index.pay-customer2.support/web/1_files/ Frame C806 250 B
402 B 1156ms
1155ms Document
text/html 91.215.85.178
PROSPERO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://index.pay-customer2.support/web/1_files/saved_resource(2).html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

91.215.85.178 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx /

Resource Hash

6438332b741c6c04349080475ed0f06f74236a2999bad1eed62017e57f34d64c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://index.pay-customer2.support/web/login.php?7da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd0365
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11; LM-Q710(FGN)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
accept-language: ja-JP

Response headers

accept-ranges: bytes
content-length: 250
content-type: text/html
date: Sat, 23 Mar 2024 08:21:57 GMT
etag: "63f4a52c-fa"
last-modified: Tue, 21 Feb 2023 11:04:12 GMT
server: nginx
strict-transport-security: max-age=31536000

GET
H2 200 saved_resource(3).html Show response
index.pay-customer2.support/web/1_files/ Frame 3048 471 B
623 B 1156ms
1155ms Document
text/html 91.215.85.178
PROSPERO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://index.pay-customer2.support/web/1_files/saved_resource(3).html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

91.215.85.178 , Russian Federation, ASN200593 (PROSPERO-AS, RU),

Reverse DNS

Software

nginx /

Resource Hash

260c35c397e6443a128562d4156ab5e679ad0dba4eef42de1313d4c9d1dc78ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://index.pay-customer2.support/web/login.php?7da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd03657da39f66a28a2c2f32ebeca010bd0365=7da39f66a28a2c2f32ebeca010bd0365
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11; LM-Q710(FGN)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
accept-language: ja-JP

Response headers

accept-ranges: bytes
content-length: 471
content-type: text/html
date: Sat, 23 Mar 2024 08:21:57 GMT
etag: "63f4a52c-1d7"
last-modified: Tue, 21 Feb 2023 11:04:12 GMT
server: nginx
strict-transport-security: max-age=31536000

GET
H2 404 ic_visual002.svg
index.pay-customer2.support/commontpl/images/ 548 B
548 B 880ms
878ms Image
text/html 91.215.85.178
PROSPERO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://index.pay-customer2.support/commontpl/images/ic_visual002.svg
Requested by: Host: index.pay-customer2.support
URL: https://index.pay-customer2.support/web/1_files/component_smt.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 91.215.85.178 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

Request headers

accept-language: ja-JP
Referer: https://index.pay-customer2.support/web/1_files/component_smt.css
User-Agent: Mozilla/5.0 (Linux; Android 11; LM-Q710(FGN)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Sat, 23 Mar 2024 08:21:57 GMT
server: nginx
content-length: 548
content-type: text/html

GET
H2 404 ic_link001.svg
index.pay-customer2.support/commontpl/images/ 548 B
548 B 880ms
879ms Image
text/html 91.215.85.178
PROSPERO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://index.pay-customer2.support/commontpl/images/ic_link001.svg
Requested by: Host: index.pay-customer2.support
URL: https://index.pay-customer2.support/web/1_files/component_smt.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 91.215.85.178 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

Request headers

accept-language: ja-JP
Referer: https://index.pay-customer2.support/web/1_files/component_smt.css
User-Agent: Mozilla/5.0 (Linux; Android 11; LM-Q710(FGN)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Sat, 23 Mar 2024 08:21:57 GMT
server: nginx
content-length: 548
content-type: text/html

GET
H2 403 bundle.a1ee95cd-92f2-4bac-91b1-cf1b8225df23.js
assets.withdesk.com/widget/js/ Frame 3048 0
0 121ms
66ms Script
application/xml 99.84.133.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.withdesk.com/widget/js/bundle.a1ee95cd-92f2-4bac-91b1-cf1b8225df23.js
Requested by: Host: index.pay-customer2.support
URL: https://index.pay-customer2.support/web/1_files/saved_resource(3).html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.133.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-133-6.nrt57.r.cloudfront.net
Software: /
Resource Hash

Request headers

accept-language: ja-JP
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11; LM-Q710(FGN)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPay (Financial)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			index.pay-customer2.support/	1969-12-31 23:59:59	Name: PHPSESSID Value: 66racil0t85nmtah56noe97pq6

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://index.pay-customer2.support/commontpl/images/ic_visual002.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://index.pay-customer2.support/commontpl/images/ic_link001.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://assets.withdesk.com/widget/js/bundle.a1ee95cd-92f2-4bac-91b1-cf1b8225df23.js Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.withdesk.com
index.pay-customer2.support
91.215.85.178
99.84.133.6
0fafc0a3ea7584f1917ecdace6e8a75fe043ded92846985ff026373a4d48d385
121cc01d594765771bb714f0fb294a3f6ceb3b897b14b72831c6d3777f464acd
260c35c397e6443a128562d4156ab5e679ad0dba4eef42de1313d4c9d1dc78ae
26b46f719acd871d8928be4395181f2074907960165f42e81a82401dd046a230
2af026c006bf89cac540b75b5a34a84cb98b7401c5c03dadd40af95547848717
3b2651beae0c35ab4b21b9b3e40daabb5b9f9328f21c3c340db62ad3ec34cc37
49cc5f6a48d5342d35aaa1439f849074f9da36d24ac4c36f5096059bd9d12560
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
62c7ab03d6d92ae39a651edcf68d9f7d9cc77719a64748be3eafd4db079857f1
6438332b741c6c04349080475ed0f06f74236a2999bad1eed62017e57f34d64c
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bedf93ff259ef3315106e0a0cb2c5b2a3c6a5adfaac1428b67cbce107130fcb0
d3005a63604dec4786aa3e3aa7620601a0f247dd87ecaaef827910e883b02783
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
df5d61a002fbf5f3f0fac53a9b5582297e0487c16d7f14de8fd3ff2852710e86
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b
fe56bf45aaa0c3b74cd90b27319ff6351ce73b45100d9e7bea1c946eb1271f9b

index.pay-customer2.support Open in urlscan Pro 91.215.85.178 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

691 kBTransfer

769 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

1 Cookies

3 Console Messages

Security Headers

Indicators

index.pay-customer2.support Open in urlscan Pro
91.215.85.178 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

691 kB
Transfer

769 kB
Size

1
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!