bussfor.com
Open in
urlscan Pro
91.227.16.121
Malicious Activity!
Public Scan
URL:
https://bussfor.com/new/checkout/pay/?id=512792295&l=5
Submission: On May 04 via automatic, source phishtank
Submission: On May 04 via automatic, source phishtank
Summary
This website contacted 3 IPs
in 3 countries
across 3 domains to perform 10 HTTP transactions.
The main IP is 91.227.16.121, located in
Russian Federation and
belongs to EXIMIUS-AS, RU.
The main domain is bussfor.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on May 2nd 2020. Valid for: 3 months.
This is the only time bussfor.com was scanned on urlscan.io!
TLS certificate: Issued by Let's Encrypt Authority X3 on May 2nd 2020. Valid for: 3 months.
This is the only time bussfor.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayU (Financial)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 5 | 91.227.16.121 91.227.16.121 | 207027 (EXIMIUS-AS) (EXIMIUS-AS) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:824::200a | 15169 (GOOGLE) (GOOGLE) | |
| 4 | 23.67.128.199 23.67.128.199 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 10 | 3 |
4
23.67.128.199
(Netherlands)
ASN20940 (AKAMAI-ASN1, EU)
PTR: a23-67-128-199.deploy.static.akamaitechnologies.com
ASN20940 (AKAMAI-ASN1, EU)
PTR: a23-67-128-199.deploy.static.akamaitechnologies.com
| static.payu.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 5 |
bussfor.com
bussfor.com |
82 KB |
| 4 |
payu.com
static.payu.com |
404 KB |
| 1 |
googleapis.com
ajax.googleapis.com |
29 KB |
| 10 | 3 |
| Domain | Requested by | |
|---|---|---|
| 5 | bussfor.com |
bussfor.com
|
| 4 | static.payu.com |
bussfor.com
|
| 1 | ajax.googleapis.com |
bussfor.com
|
| 10 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| secure.payu.com |
| static.payu.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| bussfor.com Let's Encrypt Authority X3 |
2020-05-02 - 2020-07-31 |
3 months | crt.sh |
| upload.video.google.com GTS CA 1O1 |
2020-04-07 - 2020-06-30 |
3 months | crt.sh |
| static.payu.com Entrust Certification Authority - L1K |
2019-07-01 - 2021-07-01 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://bussfor.com/new/checkout/pay/?id=512792295&l=5
Frame ID: F9DDCB146E4822CE0F2FC3943C35E310
Requests: 10 HTTP requests in this frame
Screenshot
Detected technologies
Nginx
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
URL: https://secure.payu.com/pay/?orderId=SQ8N5RFKMG200501GUEST000P01&token=eyJhbGciOiJIUzI1NiJ9.eyJvcmRlcklkIjoiU1E4TjVSRktNRzIwMDUwMUdVRVNUMDAwUDAxIiwicG9zSWQiOiI2TFRaNm5FbiIsImF1dGhvcml0aWVzIjpbIlJPTEVfQ0xJRU5UIl0sInBheWVyRW1haWwiOiJsb3lpa2k2MjQyQGthdGFtbzEuY29tIiwiZXhwIjoxNTg4NDI1MjY2LCJpc3MiOiJQQVlVIiwiYXVkIjoiYXBpLWdhdGV3YXkiLCJzdWIiOiJQYXlVIHN1YmplY3QiLCJqdGkiOiI5ZDI2ZWY2OS04YzM1LTRjYjgtYmU5Yy0wYzZiNmJmNGMxMDQifQ.8vhPj3PU74v388a2zYUhulwHPTwvWx1pOeImEWOiyTs
Title: прочитать полностью
Title: прочитать полностью
Search URL Search Domain Scan URL
URL: https://static.payu.com/sites/terms/files/PayU_cookies_policy.pdf
Title: Политикие Файлов Cookies
Title: Политикие Файлов Cookies
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
bussfor.com/new/checkout/pay/ |
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
all.css
bussfor.com/new/checkout/pay/css/ |
43 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.0/ |
84 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.maskedinput.min.js
bussfor.com/new/checkout/pay/js/ |
4 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
background_1920x1200.jpg
bussfor.com/new/checkout/pay/images/ |
59 KB 59 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sprites.png
bussfor.com/new/checkout/pay/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
opensans-regular-webfont.woff
static.payu.com/fonts/ |
87 KB 88 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
opensans-light-webfont.woff
static.payu.com/fonts/ |
84 KB 84 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
opensans-semibold-webfont.woff
static.payu.com/fonts/ |
89 KB 89 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
PFBeauSansPro-Bold.woff
static.payu.com/fonts/ |
142 KB 142 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayU (Financial)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Strict-Transport-Security | max-age=31536000; |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
bussfor.com
static.payu.com
23.67.128.199
2a00:1450:4001:824::200a
91.227.16.121
0fe491e2047389b9deb7a06fd36de7fec03af2791ec29461be02571cbebdb4ab
1dbb56e774834e5cf44bbacfacde7e486ce47b9ce6e77a6113c92450ad255cde
431817115e31ff8604ab76a86ce6ed55d02cd5ea7332bd0ed3d15d9b5bf9aaae
58c5fb14d40e03a30b242153b35222ef2c66912229fe98e3bad88afd8bb4aa37
8a102873a33f24f7eb22221e6b23c4f718e29f85168ecc769a35bfaed9b12cce
8cf0f7599a86dcd917f82e7ff99fdd450bafb7b7ed4145d046ca93fef44bada3
9650a5ba277274205e90974e7fb4183289ca51653c33fc291ad064bf8dd998e1
a0a33167458793b8d1107632f9fbeca224bf2160ca067ee99569923f7f6a99ba
ab913fc4215a2376ad3aa5cbaf715ac12a26cc4ec59370e2df475105bb88f55d
c8b380cdc92601f7195d0cd34c777bcdee7dcd285e110534a8cf48bfa7d8b2e8