ppay8pl-rstd91.com Open in urlscan Pro
162.0.215.16  Malicious Activity! Public Scan

Submitted URL: http://ppay8pl-rstd91.com/
Effective URL: https://ppay8pl-rstd91.com/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2FqMHKgPsWzbyi&AccessT...
Submission Tags: falconsandbox
Submission: On April 09 via api from US

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 162.0.215.16, located in United States and belongs to NAMECHEAP-NET, US. The main domain is ppay8pl-rstd91.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 9th 2021. Valid for: a year.
This is the only time ppay8pl-rstd91.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

IP Address AS Autonomous System
1 11 162.0.215.16 22612 (NAMECHEAP...)
10 1
Apex Domain
Subdomains
Transfer
11 ppay8pl-rstd91.com
ppay8pl-rstd91.com
164 KB
10 1
Domain Requested by
11 ppay8pl-rstd91.com 1 redirects ppay8pl-rstd91.com
10 1

This site contains no links.

Subject Issuer Validity Valid
ppay8pl-rstd91.com
Sectigo RSA Domain Validation Secure Server CA
2021-04-09 -
2022-04-09
a year crt.sh

This page contains 1 frames:

Primary Page: https://ppay8pl-rstd91.com/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2FqMHKgPsWzbyi&AccessToken=FUhmZESlxlAdcvJLwNdcUuVJaUalRpvtZmCORvsmsFzKo
Frame ID: 7F2CC6814CA209D79EEA4CB567E2A41B
Requests: 10 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://ppay8pl-rstd91.com/ HTTP 301
    https://ppay8pl-rstd91.com/ Page URL
  2. https://ppay8pl-rstd91.com/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2F... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

164 kB
Transfer

516 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ppay8pl-rstd91.com/ HTTP 301
    https://ppay8pl-rstd91.com/ Page URL
  2. https://ppay8pl-rstd91.com/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2FqMHKgPsWzbyi&AccessToken=FUhmZESlxlAdcvJLwNdcUuVJaUalRpvtZmCORvsmsFzKo Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://ppay8pl-rstd91.com/ HTTP 301
  • https://ppay8pl-rstd91.com/

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
ppay8pl-rstd91.com/
Redirect Chain
  • http://ppay8pl-rstd91.com/
  • https://ppay8pl-rstd91.com/
268 B
527 B
Document
General
Full URL
https://ppay8pl-rstd91.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.215.16 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
premium182-5.web-hosting.com
Software
Apache / PHP/7.2.34
Resource Hash
102e270a8b300dd4f7a00b8db4b58fad0b59a029297749f945115c259e246be5

Request headers

:method
GET
:authority
ppay8pl-rstd91.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Apr 2021 23:16:16 GMT
server
Apache
x-powered-by
PHP/7.2.34
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
set-cookie
PHPSESSID=21d88564367d8349bd15517f36475e83; path=/
vary
Accept-Encoding
content-encoding
gzip
content-length
244
content-type
text/html; charset=UTF-8

Redirect headers

date
Fri, 09 Apr 2021 23:16:15 GMT
server
Apache
location
https://ppay8pl-rstd91.com/
content-length
235
content-type
text/html; charset=iso-8859-1
Primary Request Notification.php
ppay8pl-rstd91.com/
297 KB
39 KB
Document
General
Full URL
https://ppay8pl-rstd91.com/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2FqMHKgPsWzbyi&AccessToken=FUhmZESlxlAdcvJLwNdcUuVJaUalRpvtZmCORvsmsFzKo
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.215.16 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
premium182-5.web-hosting.com
Software
Apache / PHP/7.2.34
Resource Hash
971533c11734cb086f8b509e11c4030ad66fa450ef9030e16406f512d893e95b

Request headers

:method
GET
:authority
ppay8pl-rstd91.com
:scheme
https
:path
/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2FqMHKgPsWzbyi&AccessToken=FUhmZESlxlAdcvJLwNdcUuVJaUalRpvtZmCORvsmsFzKo
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://ppay8pl-rstd91.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
PHPSESSID=21d88564367d8349bd15517f36475e83
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ppay8pl-rstd91.com/

Response headers

date
Fri, 09 Apr 2021 23:16:17 GMT
server
Apache
x-powered-by
PHP/7.2.34
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
vary
Accept-Encoding
content-encoding
gzip
content-length
40117
content-type
text/html; charset=UTF-8
fonts.css
ppay8pl-rstd91.com/world/
7 KB
2 KB
Stylesheet
General
Full URL
https://ppay8pl-rstd91.com/world/fonts.css?IuNzWtSajGSFZwHxvNvxfYwwNoMD
Requested by
Host: ppay8pl-rstd91.com
URL: https://ppay8pl-rstd91.com/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2FqMHKgPsWzbyi&AccessToken=FUhmZESlxlAdcvJLwNdcUuVJaUalRpvtZmCORvsmsFzKo
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.215.16 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
premium182-5.web-hosting.com
Software
Apache /
Resource Hash
31c3473acb3ac19aaee7724d24ab302e81d2cd04edde55d3fa54f84cd7e362ac

Request headers

Referer
https://ppay8pl-rstd91.com/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2FqMHKgPsWzbyi&AccessToken=FUhmZESlxlAdcvJLwNdcUuVJaUalRpvtZmCORvsmsFzKo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Apr 2021 23:16:18 GMT
content-encoding
gzip
last-modified
Wed, 01 Apr 2020 10:46:26 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
1992
library.css
ppay8pl-rstd91.com/world/
104 KB
17 KB
Stylesheet
General
Full URL
https://ppay8pl-rstd91.com/world/library.css
Requested by
Host: ppay8pl-rstd91.com
URL: https://ppay8pl-rstd91.com/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2FqMHKgPsWzbyi&AccessToken=FUhmZESlxlAdcvJLwNdcUuVJaUalRpvtZmCORvsmsFzKo
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.215.16 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
premium182-5.web-hosting.com
Software
Apache /
Resource Hash
f23001c6e7b6598945187f0720151e76b3b147c678e103abc1c9e1a60107713b

Request headers

Referer
https://ppay8pl-rstd91.com/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2FqMHKgPsWzbyi&AccessToken=FUhmZESlxlAdcvJLwNdcUuVJaUalRpvtZmCORvsmsFzKo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Apr 2021 23:16:18 GMT
content-encoding
gzip
last-modified
Wed, 01 Apr 2020 10:46:04 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
17242
extra.css
ppay8pl-rstd91.com/world/
2 KB
473 B
Stylesheet
General
Full URL
https://ppay8pl-rstd91.com/world/extra.css?apElnYlRwWQLSGQlQEndRDaIaUn
Requested by
Host: ppay8pl-rstd91.com
URL: https://ppay8pl-rstd91.com/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2FqMHKgPsWzbyi&AccessToken=FUhmZESlxlAdcvJLwNdcUuVJaUalRpvtZmCORvsmsFzKo
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.215.16 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
premium182-5.web-hosting.com
Software
Apache /
Resource Hash
708f7e048ad0ea171993ca4963ff6fb5d7272d305a76857a88e729ae380c0714

Request headers

Referer
https://ppay8pl-rstd91.com/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2FqMHKgPsWzbyi&AccessToken=FUhmZESlxlAdcvJLwNdcUuVJaUalRpvtZmCORvsmsFzKo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Apr 2021 23:16:18 GMT
content-encoding
gzip
last-modified
Wed, 01 Apr 2020 10:46:14 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
330
paypal-logo-129x32.svg
ppay8pl-rstd91.com/world/rock/
5 KB
2 KB
Image
General
Full URL
https://ppay8pl-rstd91.com/world/rock/paypal-logo-129x32.svg
Requested by
Host: ppay8pl-rstd91.com
URL: https://ppay8pl-rstd91.com/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2FqMHKgPsWzbyi&AccessToken=FUhmZESlxlAdcvJLwNdcUuVJaUalRpvtZmCORvsmsFzKo
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.215.16 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
premium182-5.web-hosting.com
Software
Apache /
Resource Hash
e7732075c1658de8aa753e0eee55aaaa03d3bd2d4cb59cf77ee5ecbf52977ae2

Request headers

Referer
https://ppay8pl-rstd91.com/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2FqMHKgPsWzbyi&AccessToken=FUhmZESlxlAdcvJLwNdcUuVJaUalRpvtZmCORvsmsFzKo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Apr 2021 23:16:18 GMT
content-encoding
gzip
last-modified
Wed, 01 Apr 2020 07:35:26 GMT
server
Apache
vary
Accept-Encoding
content-type
image/svg+xml
accept-ranges
bytes
content-length
1924
PayPalSansSmall-Regular.woff2
ppay8pl-rstd91.com/world/
18 KB
18 KB
Font
General
Full URL
https://ppay8pl-rstd91.com/world/PayPalSansSmall-Regular.woff2
Requested by
Host: ppay8pl-rstd91.com
URL: https://ppay8pl-rstd91.com/world/fonts.css?IuNzWtSajGSFZwHxvNvxfYwwNoMD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.215.16 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
premium182-5.web-hosting.com
Software
Apache /
Resource Hash
af93d1d952b2dc42c029871cbbb92988835b31c86d4f0cb6a9674b1d1714a20f

Request headers

Origin
https://ppay8pl-rstd91.com
Referer
https://ppay8pl-rstd91.com/world/fonts.css?IuNzWtSajGSFZwHxvNvxfYwwNoMD
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Apr 2021 23:16:18 GMT
last-modified
Wed, 01 Apr 2020 10:44:48 GMT
server
Apache
accept-ranges
bytes
content-length
18320
content-type
font/woff2
PayPalVXIcons-Regular.woff2
ppay8pl-rstd91.com/world/
9 KB
9 KB
Font
General
Full URL
https://ppay8pl-rstd91.com/world/PayPalVXIcons-Regular.woff2
Requested by
Host: ppay8pl-rstd91.com
URL: https://ppay8pl-rstd91.com/world/library.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.215.16 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
premium182-5.web-hosting.com
Software
Apache /
Resource Hash
2bd489558b2373c5faeecbdf17bfd8a619cf5db1cad8d648dcbd40d98d3d980d

Request headers

Origin
https://ppay8pl-rstd91.com
Referer
https://ppay8pl-rstd91.com/world/library.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Apr 2021 23:16:18 GMT
last-modified
Wed, 01 Apr 2020 10:44:48 GMT
server
Apache
accept-ranges
bytes
content-length
8960
content-type
font/woff2
PayPalSansBig-Light.woff2
ppay8pl-rstd91.com/world/
37 KB
37 KB
Font
General
Full URL
https://ppay8pl-rstd91.com/world/PayPalSansBig-Light.woff2
Requested by
Host: ppay8pl-rstd91.com
URL: https://ppay8pl-rstd91.com/world/fonts.css?IuNzWtSajGSFZwHxvNvxfYwwNoMD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.215.16 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
premium182-5.web-hosting.com
Software
Apache /
Resource Hash
4619d70d7bd1b3d7572940e9ee7f31bc4c07f4c9cad6ae2d3e5b2eb555b6a2c0

Request headers

Origin
https://ppay8pl-rstd91.com
Referer
https://ppay8pl-rstd91.com/world/fonts.css?IuNzWtSajGSFZwHxvNvxfYwwNoMD
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Apr 2021 23:16:18 GMT
last-modified
Wed, 01 Apr 2020 10:44:48 GMT
server
Apache
accept-ranges
bytes
content-length
38225
content-type
font/woff2
PayPalSansSmall-Medium.woff2
ppay8pl-rstd91.com/world/
38 KB
38 KB
Font
General
Full URL
https://ppay8pl-rstd91.com/world/PayPalSansSmall-Medium.woff2
Requested by
Host: ppay8pl-rstd91.com
URL: https://ppay8pl-rstd91.com/world/extra.css?apElnYlRwWQLSGQlQEndRDaIaUn
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.215.16 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
premium182-5.web-hosting.com
Software
Apache /
Resource Hash
b337b4723a05881b0fdbc54695b0558d288b13ab9d98ff45d091e51d78fd6ed0

Request headers

Origin
https://ppay8pl-rstd91.com
Referer
https://ppay8pl-rstd91.com/world/extra.css?apElnYlRwWQLSGQlQEndRDaIaUn
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Apr 2021 23:16:18 GMT
last-modified
Wed, 01 Apr 2020 10:44:48 GMT
server
Apache
accept-ranges
bytes
content-length
38606
content-type
font/woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated

1 Cookies

Domain/Path Name / Value
ppay8pl-rstd91.com/ Name: PHPSESSID
Value: 21d88564367d8349bd15517f36475e83