payqay.top
Open in
urlscan Pro
192.161.164.249
Malicious Activity!
Public Scan
Effective URL: https://payqay.top/index/login.html
Submission: On November 12 via manual from JP — Scanned from JP
Summary
TLS certificate: Issued by TrustAsia TLS RSA CA on November 11th 2021. Valid for: a year.
This is the only time payqay.top was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPay (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 11 | 192.161.164.249 192.161.164.249 | 8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL) | |
1 3 | 104.16.125.175 104.16.125.175 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 218.11.8.124 218.11.8.124 | 4837 (CHINA169-...) (CHINA169-BACKBONE CHINA UNICOM China169 Backbone) | |
3 | 112.132.32.81 112.132.32.81 | 4837 (CHINA169-...) (CHINA169-BACKBONE CHINA UNICOM China169 Backbone) | |
16 | 4 |
ASN8100 (ASN-QUADRANET-GLOBAL, US)
PTR: 192.161.164.249.static.quadranet.com
payqay.top |
ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN)
cdn.bootcdn.net |
ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN)
PTR: 81.32.132.112.adsl-pool.ah.cnuninet.net
cdn.bootcss.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
payqay.top
1 redirects
payqay.top |
344 KB |
3 |
bootcss.com
cdn.bootcss.com |
15 KB |
3 |
unpkg.com
1 redirects
unpkg.com |
39 KB |
1 |
bootcdn.net
cdn.bootcdn.net |
84 KB |
16 | 4 |
Domain | Requested by | |
---|---|---|
11 | payqay.top |
1 redirects
payqay.top
|
3 | cdn.bootcss.com |
payqay.top
cdn.bootcss.com |
3 | unpkg.com |
1 redirects
payqay.top
|
1 | cdn.bootcdn.net |
payqay.top
|
16 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.paypay.ne.jp |
Subject Issuer | Validity | Valid | |
---|---|---|---|
payqay.top TrustAsia TLS RSA CA |
2021-11-11 - 2022-11-10 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-07-02 - 2022-07-01 |
a year | crt.sh |
*.bootcdn.net R3 |
2021-10-20 - 2022-01-18 |
3 months | crt.sh |
*.bootcss.com R3 |
2021-10-20 - 2022-01-18 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://payqay.top/index/login.html
Frame ID: FA71E50A1E793507B6D346A706ABF3BE
Requests: 16 HTTP requests in this frame
Screenshot
Page Title
PayPayPage URL History Show full URLs
-
https://payqay.top/
HTTP 302
https://payqay.top/index/login.html Page URL
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: パスワードをお忘れですか?
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://payqay.top/
HTTP 302
https://payqay.top/index/login.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://unpkg.com/element-ui/lib/theme-chalk/index.css HTTP 302
- https://unpkg.com/element-ui@2.15.6/lib/theme-chalk/index.css
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login.html
payqay.top/index/ Redirect Chain
|
15 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.css
unpkg.com/element-ui@2.15.6/lib/theme-chalk/ Redirect Chain
|
233 KB 37 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
element-icons.woff
payqay.top/static/index/css/fonts/ |
8 KB 8 KB |
Stylesheet
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
load.css
payqay.top/static/index/css/ |
2 KB 617 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
payqay.top/static/index/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Y.png
payqay.top/static/index/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
payqay.top/static/index/js/ |
87 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vue.js
payqay.top/static/index/js/ |
336 KB 105 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
element.min.js
payqay.top/static/index/js/ |
556 KB 168 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
axios.min.js
payqay.top/static/index/js/ |
14 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vue-cookies.js
unpkg.com/vue-cookies@1.7.4/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
cdn.bootcdn.net/ajax/libs/jquery/3.6.0/ |
282 KB 84 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
layer.min.js
cdn.bootcss.com/layer/3.0.1/ |
21 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
layer.css
cdn.bootcss.com/layer/3.0.1/skin/default/ |
14 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1.png
payqay.top/static/index/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
layer.css
cdn.bootcss.com/layer/3.0.1/skin/default/ |
14 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPay (Financial)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| $ function| jQuery function| Vue object| __core-js_shared__ object| ELEMENT function| axios object| $cookies object| layer undefined| timer0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.bootcdn.net
cdn.bootcss.com
payqay.top
unpkg.com
104.16.125.175
112.132.32.81
192.161.164.249
218.11.8.124
0731a391e8500bc942280febc67fd112e1a547a930817f09f130fb787768b737
1fe2bb5390a75e5d61e72c107cab528fc3c29a837d69aab7d200e1dbb5dcd239
24b9a49d375465e659dbaecb3fda81fbf0d3eedbf138e29cb5229e502d8a4fa1
30b6e89fb24f1272f1b3d9dd1d3dc99fed47269b37380887e0dfca02450bf469
5036fa1736799bb7392ab24029036440119f123d85514f9b110b29b8ea4897af
5ae82ced18f26ecb4117409ff2d4bdda73abde9f5a0e20ac42a8fa1ac9b34585
69b75483b270421e1a89426dd59387ba090772313561c3e9fa415396a78e8936
781811760fd0db49c57a4953ca9f761fc46a25fb2aa0690a6e390c79c2d9eaa7
85a22fbdbbb8db72c5eaace4af0fd5d0f2c97de98482237620739eea022d778f
a066a4f0457d94f672f74c58fffc5aa365c3ebba4fc63fcf17f4075b2d034b47
a5d4b2a8abd43ac8806555216ad48ec96dd6a26d25ec006d3bcc3b2e33c0def5
b0324bfc823184920bf852354aef5a8e9fdc95148061b70a72d08793c96ef7af
b4ed5d24c92f99371c49023c1f7da9597cac7f23d3c9efe7c07025bc4a5d7386
d8230d8972a90b89e5a4b429cb600cf1070a77164643e530b550930e3345cdaa
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e