www.2paynow.com - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 54.93.166.196, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is www.2paynow.com.
TLS certificate: Issued by Amazon RSA 2048 M01 on September 23rd 2023. Valid for: a year.

This is the only time www.2paynow.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
5	54.93.166.196 54.93.166.196		16509 (AMAZON-02) (AMAZON-02)
6	2

5 54.93.166.196 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-93-166-196.eu-central-1.compute.amazonaws.com

www.2paynow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	2paynow.com www.2paynow.com	213 KB
6	1

	Domain	Requested by
5	www.2paynow.com	www.2paynow.com
6	1

This site contains no links.

Subject Issuer	Validity	Valid
2paynow.com Amazon RSA 2048 M01	`2023-09-23` - `2024-10-21`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.2paynow.com/zhifu/lightspeed/pay_page.php?pic_url=http://www.2paynow.com/zhifu/?r=site/qrCode
Frame ID: 9717EF81003843AC1F8029ADC5F846AD
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

payment

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

6
Requests

83 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

213 kB
Transfer

209 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request pay_page.php Show response www.2paynow.com/zhifu/lightspeed/	3 KB 4 KB	240ms 29ms	Document text/html	54.93.166.196 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.2paynow.com/zhifu/lightspeed/pay_page.php?pic_url=http://www.2paynow.com/zhifu/?r=site/qrCode Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.93.166.196 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-93-166-196.eu-central-1.compute.amazonaws.com Software Apache/2.4.54 (Amazon) OpenSSL/1.0.2k-fips PHP/5.6.40 / PHP/5.6.40 Resource Hash `0def48dccd1a8e2615441660207c6364c0286a23d030583cf1d76e983acfb7de` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-origin * content-length 3180 content-type text/html; charset=UTF-8 date Fri, 27 Oct 2023 15:12:56 GMT server Apache/2.4.54 (Amazon) OpenSSL/1.0.2k-fips PHP/5.6.40 x-powered-by PHP/5.6.40
GET H2	400	/ www.2paynow.com/zhifu/	1 KB 1 KB	74ms 72ms	Image text/html	54.93.166.196 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.2paynow.com/zhifu/?r=site/qrCode&size=15 Requested by Host: www.2paynow.com URL: https://www.2paynow.com/zhifu/lightspeed/pay_page.php?pic_url=http://www.2paynow.com/zhifu/?r=site/qrCode Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.93.166.196 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-93-166-196.eu-central-1.compute.amazonaws.com Software Apache/2.4.54 (Amazon) OpenSSL/1.0.2k-fips PHP/5.6.40 / PHP/5.6.40 Resource Hash `763ddbeb1e2024e5598f5183db172e3111a2e3981729e380a98e41479dda7dc7` Request headers accept-language de-DE,de;q=0.9 Referer https://www.2paynow.com/zhifu/lightspeed/pay_page.php?pic_url=http://www.2paynow.com/zhifu/?r=site/qrCode User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Fri, 27 Oct 2023 15:12:56 GMT server Apache/2.4.54 (Amazon) OpenSSL/1.0.2k-fips PHP/5.6.40 x-powered-by PHP/5.6.40 content-length 1503 content-type text/html; charset=UTF-8
GET H2	200	jquery.min.js Show response www.2paynow.com/zhifu/mobile/js/	82 KB 83 KB	29ms 27ms	Script text/javascript	54.93.166.196 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.2paynow.com/zhifu/mobile/js/jquery.min.js Requested by Host: www.2paynow.com URL: https://www.2paynow.com/zhifu/lightspeed/pay_page.php?pic_url=http://www.2paynow.com/zhifu/?r=site/qrCode Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.93.166.196 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-93-166-196.eu-central-1.compute.amazonaws.com Software Apache/2.4.54 (Amazon) OpenSSL/1.0.2k-fips PHP/5.6.40 / Resource Hash `797e79e220fdb3c48f6df26b879543102479491611940c8acc81a905da5c6858` Request headers accept-language de-DE,de;q=0.9 Referer https://www.2paynow.com/zhifu/lightspeed/pay_page.php?pic_url=http://www.2paynow.com/zhifu/?r=site/qrCode User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Fri, 27 Oct 2023 15:12:56 GMT last-modified Mon, 11 Dec 2017 08:21:10 GMT server Apache/2.4.54 (Amazon) OpenSSL/1.0.2k-fips PHP/5.6.40 accept-ranges bytes etag "14914-5600c37776980" content-length 84244 content-type text/javascript
GET H2	200	bg1.png www.2paynow.com/zhifu/images/	122 KB 123 KB	25ms 23ms	Image image/png	54.93.166.196 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.2paynow.com/zhifu/images/bg1.png Requested by Host: www.2paynow.com URL: https://www.2paynow.com/zhifu/lightspeed/pay_page.php?pic_url=http://www.2paynow.com/zhifu/?r=site/qrCode Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.93.166.196 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-93-166-196.eu-central-1.compute.amazonaws.com Software Apache/2.4.54 (Amazon) OpenSSL/1.0.2k-fips PHP/5.6.40 / Resource Hash `9d9b0e9a2a90914e6e3cccddde6402a3fc3a44906923e9d552c1dd0b3add7301` Request headers accept-language de-DE,de;q=0.9 Referer https://www.2paynow.com/zhifu/lightspeed/pay_page.php?pic_url=http://www.2paynow.com/zhifu/?r=site/qrCode User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Fri, 27 Oct 2023 15:12:56 GMT last-modified Tue, 14 Sep 2021 00:16:13 GMT server Apache/2.4.54 (Amazon) OpenSSL/1.0.2k-fips PHP/5.6.40 accept-ranges bytes etag "1e7ac-5cbe97d444d40" content-length 124844 content-type image/png
GET H2	200	icon-red.png www.2paynow.com/zhifu/images/	358 B 1 KB	47ms 45ms	Image image/png	54.93.166.196 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.2paynow.com/zhifu/images/icon-red.png Requested by Host: www.2paynow.com URL: https://www.2paynow.com/zhifu/lightspeed/pay_page.php?pic_url=http://www.2paynow.com/zhifu/?r=site/qrCode Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.93.166.196 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-93-166-196.eu-central-1.compute.amazonaws.com Software Apache/2.4.54 (Amazon) OpenSSL/1.0.2k-fips PHP/5.6.40 / Resource Hash `cf0416cb71c714339b7620cc8f9e41032864917de08161ee2566a54899267863` Request headers accept-language de-DE,de;q=0.9 Referer https://www.2paynow.com/zhifu/lightspeed/pay_page.php?pic_url=http://www.2paynow.com/zhifu/?r=site/qrCode User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Fri, 27 Oct 2023 15:12:56 GMT last-modified Tue, 24 Apr 2018 07:36:00 GMT server Apache/2.4.54 (Amazon) OpenSSL/1.0.2k-fips PHP/5.6.40 accept-ranges bytes etag "166-56a9334ac5800" content-length 358 content-type image/png
POST		queryTrans.php www.2paynow.com/zhifu/lightspeed/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.2paynow.com
URL: https://www.2paynow.com/zhifu/lightspeed/queryTrans.php?mid=&trade_no=

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.2paynow.com/	1970-01-20 15:57:04	Name: AWSALBTG Value: g0qVhQ5zr+0OY1JaBfrXs93jHmru7kdMY8IESgI9H5uWh0BOXPy36ToCg9mxh9tq86/Bf+pYeAtug7ykOQDSaI9LPjmHJ4CBcWR9YgIXi/jsLdkj5HP7J2Pxg09qRNclAzyY0JLDaBCRdKAkpS04k5ZR16BfZqp0hIzAkuve0iIGMMlzCYk=
www.2paynow.com/	1970-01-20 15:57:04	Name: AWSALBTGCORS Value: g0qVhQ5zr+0OY1JaBfrXs93jHmru7kdMY8IESgI9H5uWh0BOXPy36ToCg9mxh9tq86/Bf+pYeAtug7ykOQDSaI9LPjmHJ4CBcWR9YgIXi/jsLdkj5HP7J2Pxg09qRNclAzyY0JLDaBCRdKAkpS04k5ZR16BfZqp0hIzAkuve0iIGMMlzCYk=
www.2paynow.com/	1970-01-20 15:57:04	Name: AWSALB Value: eGI/gUEbdoJ31U7ZMZZVB1vggWwZrBWfveC7XDKFfXBcS4BGPMgcvLhwHSSYPdPf8LzEsO9CgUH3MfbG1C2CNUuLIURUr0+Ctq/vM+7tUVR41/r68gXpfHR2aW0h
www.2paynow.com/	1970-01-20 15:57:04	Name: AWSALBCORS Value: eGI/gUEbdoJ31U7ZMZZVB1vggWwZrBWfveC7XDKFfXBcS4BGPMgcvLhwHSSYPdPf8LzEsO9CgUH3MfbG1C2CNUuLIURUr0+Ctq/vM+7tUVR41/r68gXpfHR2aW0h

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://www.2paynow.com/zhifu/lightspeed/pay_page.php?pic_url=http://www.2paynow.com/zhifu/?r=site/qrCode Message: Mixed Content: The page at 'https://www.2paynow.com/zhifu/lightspeed/pay_page.php?pic_url=http://www.2paynow.com/zhifu/?r=site/qrCode' was loaded over HTTPS, but requested an insecure element 'http://www.2paynow.com/zhifu/?r=site/qrCode&size=15'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://www.2paynow.com/zhifu/lightspeed/pay_page.php?pic_url=http://www.2paynow.com/zhifu/?r=site/qrCode(Line 79) Message: Mixed Content: The page at 'https://www.2paynow.com/zhifu/lightspeed/pay_page.php?pic_url=http://www.2paynow.com/zhifu/?r=site/qrCode' was loaded over HTTPS, but requested an insecure element 'http://www.2paynow.com/zhifu/?r=site/qrCode&size=15'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
network	error	URL: https://www.2paynow.com/zhifu/?r=site/qrCode&size=15 Message: Failed to load resource: the server responded with a status of 400 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.2paynow.com
www.2paynow.com
54.93.166.196
0def48dccd1a8e2615441660207c6364c0286a23d030583cf1d76e983acfb7de
763ddbeb1e2024e5598f5183db172e3111a2e3981729e380a98e41479dda7dc7
797e79e220fdb3c48f6df26b879543102479491611940c8acc81a905da5c6858
9d9b0e9a2a90914e6e3cccddde6402a3fc3a44906923e9d552c1dd0b3add7301
cf0416cb71c714339b7620cc8f9e41032864917de08161ee2566a54899267863

www.2paynow.com Open in urlscan Pro 54.93.166.196 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

6 Requests

83 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

213 kBTransfer

209 kBSize

4 Cookies

0 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

4 Cookies

3 Console Messages

Indicators

www.2paynow.com Open in urlscan Pro
54.93.166.196 Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

83 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

213 kB
Transfer

209 kB
Size

4
Cookies

6 HTTP transactions
0 data transactions