wysyjdhl.com
Open in
urlscan Pro
2606:4700:3036::ac43:9122
Malicious Activity!
Public Scan
Submission Tags: 6893477
Submission: On December 17 via api from NL
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 16th 2020. Valid for: a year.
This is the only time wysyjdhl.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayU (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
13 | 2606:4700:303... 2606:4700:3036::ac43:9122 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
13 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
wysyjdhl.com
wysyjdhl.com |
643 KB |
13 | 1 |
Domain | Requested by | |
---|---|---|
13 | wysyjdhl.com |
wysyjdhl.com
|
13 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-12-16 - 2021-12-15 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://wysyjdhl.com/xhKIhfeQvy7/ENHEAQ
Frame ID: CE6ACCA7866BC7DCC37BAE3E0D47DFC1
Requests: 13 HTTP requests in this frame
Screenshot
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
ENHEAQ
wysyjdhl.com/xhKIhfeQvy7/ |
13 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
c4120be120b2d879bdeac73dd5ded5baf.css
wysyjdhl.com/xhKIhfeQvy7/css/ |
38 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
wysyjdhl.com/xhKIhfeQvy7/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8db21e5eb172333fc55b6a1ec8240f1f.jpg
wysyjdhl.com/xhKIhfeQvy7/css/ |
59 KB 60 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dd64d6884305ad88da952d126b4da414.png
wysyjdhl.com/xhKIhfeQvy7/css/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3f049cc411b5f5721d22941b58d5a364.png
wysyjdhl.com/xhKIhfeQvy7/css/ |
135 KB 135 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
871c20db5b98a965b485b821f6463379.png
wysyjdhl.com/xhKIhfeQvy7/css/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-regular-webfont.woff
wysyjdhl.com/xhKIhfeQvy7/css/fonts/ |
87 KB 88 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-light-webfont.woff
wysyjdhl.com/xhKIhfeQvy7/css/fonts/ |
84 KB 84 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-semibold-webfont.woff
wysyjdhl.com/xhKIhfeQvy7/css/fonts/ |
89 KB 89 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PFBeauSansPro-Bold.woff
wysyjdhl.com/xhKIhfeQvy7/css/fonts/ |
142 KB 136 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
online.php
wysyjdhl.com/xhKIhfeQvy7/ |
0 476 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
online.php
wysyjdhl.com/xhKIhfeQvy7/ |
0 303 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayU (Financial)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| q730d0284 function| online6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
wysyjdhl.com/ | Name: PHPSESSID Value: 5m3ue3imjnef1mfpn713bme2r0 |
|
.wysyjdhl.com/ | Name: __cfduid Value: dcf2cd962a09c3c5e64a35369451903e61608191952 |
|
wysyjdhl.com/xhKIhfeQvy7 | Name: a61e76548d3d1cc9d5dabb0c006611e2 Value: 1928829249 |
|
wysyjdhl.com/xhKIhfeQvy7 | Name: 1554ea19f45e4a9426afc14108d17b8f Value: 3770235641 |
|
wysyjdhl.com/xhKIhfeQvy7 | Name: 1925b13ea0aac82609b1a8956ac457d7 Value: 927192572 |
|
wysyjdhl.com/xhKIhfeQvy7 | Name: 0ee60402a9cf160bb9d5f1715d1ea729 Value: 3331518524 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
wysyjdhl.com
2606:4700:3036::ac43:9122
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0fe491e2047389b9deb7a06fd36de7fec03af2791ec29461be02571cbebdb4ab
378f8e8426d3361e6cbe0a472cb095d421f99d9d3319185f23cb7e61d354b603
431817115e31ff8604ab76a86ce6ed55d02cd5ea7332bd0ed3d15d9b5bf9aaae
9650a5ba277274205e90974e7fb4183289ca51653c33fc291ad064bf8dd998e1
b22840c868fb3ca2c9c4e5f30ff9675f86e0b627e8111d91ce636f0997f61ca6
c8b380cdc92601f7195d0cd34c777bcdee7dcd285e110534a8cf48bfa7d8b2e8
d72274dbf0c052840c85f64f5f2839fed31a20b62324d2c4e1e26a06995578a8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e56b9dbcbaf2d0f9ec9819b16484401b5fad3e895f26ff22f7cb3aa9d84310e1
ef18beec7f32bba252486840252b1292abf8a349eac2db989b6f92a16030adc4
ef786c830034d6aeb712b56313c33cab973cb14401fb2d02c177041f6f52020a