ppay8pl-rstd91.com
Open in
urlscan Pro
162.0.215.16
Malicious Activity!
Public Scan
Effective URL: https://ppay8pl-rstd91.com/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2FqMHKgPsWzbyi&AccessT...
Submission Tags: falconsandbox
Submission: On April 09 via api from US
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 9th 2021. Valid for: a year.
This is the only time ppay8pl-rstd91.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 11 | 162.0.215.16 162.0.215.16 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
10 | 1 |
ASN22612 (NAMECHEAP-NET, US)
PTR: premium182-5.web-hosting.com
ppay8pl-rstd91.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
ppay8pl-rstd91.com
1 redirects
ppay8pl-rstd91.com |
164 KB |
10 | 1 |
Domain | Requested by | |
---|---|---|
11 | ppay8pl-rstd91.com |
1 redirects
ppay8pl-rstd91.com
|
10 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ppay8pl-rstd91.com Sectigo RSA Domain Validation Secure Server CA |
2021-04-09 - 2022-04-09 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://ppay8pl-rstd91.com/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2FqMHKgPsWzbyi&AccessToken=FUhmZESlxlAdcvJLwNdcUuVJaUalRpvtZmCORvsmsFzKo
Frame ID: 7F2CC6814CA209D79EEA4CB567E2A41B
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://ppay8pl-rstd91.com/
HTTP 301
https://ppay8pl-rstd91.com/ Page URL
- https://ppay8pl-rstd91.com/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2F... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://ppay8pl-rstd91.com/
HTTP 301
https://ppay8pl-rstd91.com/ Page URL
- https://ppay8pl-rstd91.com/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2FqMHKgPsWzbyi&AccessToken=FUhmZESlxlAdcvJLwNdcUuVJaUalRpvtZmCORvsmsFzKo Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://ppay8pl-rstd91.com/ HTTP 301
- https://ppay8pl-rstd91.com/
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
ppay8pl-rstd91.com/ Redirect Chain
|
268 B 527 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
Notification.php
ppay8pl-rstd91.com/ |
297 KB 39 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fonts.css
ppay8pl-rstd91.com/world/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
library.css
ppay8pl-rstd91.com/world/ |
104 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
extra.css
ppay8pl-rstd91.com/world/ |
2 KB 473 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
paypal-logo-129x32.svg
ppay8pl-rstd91.com/world/rock/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalSansSmall-Regular.woff2
ppay8pl-rstd91.com/world/ |
18 KB 18 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalVXIcons-Regular.woff2
ppay8pl-rstd91.com/world/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalSansBig-Light.woff2
ppay8pl-rstd91.com/world/ |
37 KB 37 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalSansSmall-Medium.woff2
ppay8pl-rstd91.com/world/ |
38 KB 38 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ppay8pl-rstd91.com/ | Name: PHPSESSID Value: 21d88564367d8349bd15517f36475e83 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ppay8pl-rstd91.com
162.0.215.16
102e270a8b300dd4f7a00b8db4b58fad0b59a029297749f945115c259e246be5
2bd489558b2373c5faeecbdf17bfd8a619cf5db1cad8d648dcbd40d98d3d980d
31c3473acb3ac19aaee7724d24ab302e81d2cd04edde55d3fa54f84cd7e362ac
4619d70d7bd1b3d7572940e9ee7f31bc4c07f4c9cad6ae2d3e5b2eb555b6a2c0
708f7e048ad0ea171993ca4963ff6fb5d7272d305a76857a88e729ae380c0714
971533c11734cb086f8b509e11c4030ad66fa450ef9030e16406f512d893e95b
af93d1d952b2dc42c029871cbbb92988835b31c86d4f0cb6a9674b1d1714a20f
b337b4723a05881b0fdbc54695b0558d288b13ab9d98ff45d091e51d78fd6ed0
e7732075c1658de8aa753e0eee55aaaa03d3bd2d4cb59cf77ee5ecbf52977ae2
f23001c6e7b6598945187f0720151e76b3b147c678e103abc1c9e1a60107713b