rst28-payp5l03.com
Open in
urlscan Pro
198.187.31.215
Malicious Activity!
Public Scan
Effective URL: https://rst28-payp5l03.com/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2FQvKTXutujNUyN&Access...
Submission: On April 14 via manual from GB
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 7th 2021. Valid for: a year.
This is the only time rst28-payp5l03.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 13 | 198.187.31.215 198.187.31.215 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
12 | 1 |
ASN22612 (NAMECHEAP-NET, US)
PTR: premium98-3.web-hosting.com
rst28-payp5l03.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
rst28-payp5l03.com
1 redirects
rst28-payp5l03.com |
164 KB |
12 | 1 |
Domain | Requested by | |
---|---|---|
13 | rst28-payp5l03.com |
1 redirects
rst28-payp5l03.com
|
12 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
rst28-payp5l03.com Sectigo RSA Domain Validation Secure Server CA |
2021-04-07 - 2022-04-07 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://rst28-payp5l03.com/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2FQvKTXutujNUyN&AccessToken=MgBwVUtMAxueiMbZGxYtKnrvLkPynvFRJVUpTthOWu
Frame ID: 2D40BD07A0DCFD13E550692609172D76
Requests: 12 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://rst28-payp5l03.com/world/
HTTP 301
https://rst28-payp5l03.com/world/ Page URL
- https://rst28-payp5l03.com/ Page URL
- https://rst28-payp5l03.com/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2F... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://rst28-payp5l03.com/world/
HTTP 301
https://rst28-payp5l03.com/world/ Page URL
- https://rst28-payp5l03.com/ Page URL
- https://rst28-payp5l03.com/Notification.php?local.x=INTL&retURL=http%3A%2F%2Fwww.pay%21%40%23pal.com%2FQvKTXutujNUyN&AccessToken=MgBwVUtMAxueiMbZGxYtKnrvLkPynvFRJVUpTthOWu Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://rst28-payp5l03.com/world/ HTTP 301
- https://rst28-payp5l03.com/world/
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
rst28-payp5l03.com/world/ Redirect Chain
|
49 B 169 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
rst28-payp5l03.com/ |
266 B 526 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
Notification.php
rst28-payp5l03.com/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fonts.css
rst28-payp5l03.com/world/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
library.css
rst28-payp5l03.com/world/ |
104 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
extra.css
rst28-payp5l03.com/world/ |
2 KB 473 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
note.css
rst28-payp5l03.com/world/ |
290 KB 38 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
paypal-logo-129x32.svg
rst28-payp5l03.com/world/rock/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalSansSmall-Regular.woff2
rst28-payp5l03.com/world/ |
18 KB 18 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalVXIcons-Regular.woff2
rst28-payp5l03.com/world/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalSansBig-Light.woff2
rst28-payp5l03.com/world/ |
37 KB 37 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalSansSmall-Medium.woff2
rst28-payp5l03.com/world/ |
38 KB 38 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
rst28-payp5l03.com/ | Name: PHPSESSID Value: 419fb38c6f93e0eca6a52218592080ae |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
rst28-payp5l03.com
198.187.31.215
020c19d4c33d863315bd6da3c493f6436410bdfcfa12a5f5ff8bb8c396c97ddd
2bd489558b2373c5faeecbdf17bfd8a619cf5db1cad8d648dcbd40d98d3d980d
31c3473acb3ac19aaee7724d24ab302e81d2cd04edde55d3fa54f84cd7e362ac
4619d70d7bd1b3d7572940e9ee7f31bc4c07f4c9cad6ae2d3e5b2eb555b6a2c0
708f7e048ad0ea171993ca4963ff6fb5d7272d305a76857a88e729ae380c0714
9869864bd8b6e013d17ae80e4a5dc38997a7060a22ec1305c721d1281ed01012
af93d1d952b2dc42c029871cbbb92988835b31c86d4f0cb6a9674b1d1714a20f
b337b4723a05881b0fdbc54695b0558d288b13ab9d98ff45d091e51d78fd6ed0
b9719292e5eecdee0910efbf1fad5641a2bb044133c4ed90f8d54a11811faf3d
d659ec70cfcb253eb6d2c03bbb596e04ba2f148ae1f695867b61fa631c4b5470
e7732075c1658de8aa753e0eee55aaaa03d3bd2d4cb59cf77ee5ecbf52977ae2
f23001c6e7b6598945187f0720151e76b3b147c678e103abc1c9e1a60107713b