billsleek.in
Open in
urlscan Pro
188.114.97.3
Malicious Activity!
Public Scan
Effective URL: https://billsleek.in/pl5/de/ppal/Login.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMg...
Submission: On November 09 via api from US — Scanned from CH
Summary
TLS certificate: Issued by GTS CA 1P5 on November 5th 2023. Valid for: 3 months.
This is the only time billsleek.in was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 31.130.207.8 31.130.207.8 | 56740 (DATAHATA-AS) (DATAHATA-AS) | |
2 29 | 188.114.97.3 188.114.97.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 192.229.221.25 192.229.221.25 | 15133 (EDGECAST) (EDGECAST) | |
30 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
29 |
billsleek.in
2 redirects
billsleek.in |
148 KB |
2 |
paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 2612 |
43 KB |
2 |
belladacha.by
2 redirects
belladacha.by |
251 B |
30 | 3 |
Domain | Requested by | |
---|---|---|
29 | billsleek.in |
2 redirects
billsleek.in
|
2 | www.paypalobjects.com |
billsleek.in
|
2 | belladacha.by | 2 redirects |
30 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
billsleek.in GTS CA 1P5 |
2023-11-05 - 2024-02-03 |
3 months | crt.sh |
www.paypal.com DigiCert SHA2 Extended Validation Server CA |
2023-10-12 - 2024-10-31 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://billsleek.in/pl5/de/ppal/Login.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzE0LjEuMiBNb2JpbGUvMTVFMTQ4IFNhZmFyaS82MDQuMTgwLjIxOS4xMi4yMDMyMDIzOk5vdjpUaHU=
Frame ID: 7458D6FBEF01A71397B332258378CC29
Requests: 30 HTTP requests in this frame
Screenshot
Page Title
PaypallPage URL History Show full URLs
-
https://billsleek.in/pl5/de/
HTTP 302
https://billsleek.in/pl5/de/ppal/index.php HTTP 302
https://billsleek.in/pl5/de/ppal/Login.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAx... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
PayPal (Payment Processors) Expand
Detected patterns
- paypalobjects\.com
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://billsleek.in/pl5/de/
HTTP 302
https://billsleek.in/pl5/de/ppal/index.php HTTP 302
https://billsleek.in/pl5/de/ppal/Login.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzE0LjEuMiBNb2JpbGUvMTVFMTQ4IFNhZmFyaS82MDQuMTgwLjIxOS4xMi4yMDMyMDIzOk5vdjpUaHU= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://belladacha.by/vg0 HTTP 301
- https://belladacha.by/vg0/ HTTP 302
- https://billsleek.in/pl5/
30 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
billsleek.in/pl5/ Redirect Chain
|
0 545 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
Login.php
billsleek.in/pl5/de/ppal/ Redirect Chain
|
13 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Style.css
billsleek.in/pl5/de/ppal/assets/ |
193 KB 27 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3570673e.png
billsleek.in/pl5/de/ppal/img/ |
52 KB 52 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jq.js
billsleek.in/pl5/de/panel/res/ |
150 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m.js
billsleek.in/pl5/de/ppal/inc/ |
23 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v.js
billsleek.in/pl5/de/ppal/inc/ |
51 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalSansBig-Regular.woff2
www.paypalobjects.com/paypal-ui/fonts/ |
25 KB 25 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalSansBig-Medium.woff2
www.paypalobjects.com/paypal-ui/fonts/ |
18 KB 18 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
processor.php
billsleek.in/pl5/de/panel/process/ |
0 354 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
sp.php
billsleek.in/pl5/de/ppal/ |
0 266 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
processor.php
billsleek.in/pl5/de/panel/process/ |
0 267 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
processor.php
billsleek.in/pl5/de/panel/process/ |
0 267 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
processor.php
billsleek.in/pl5/de/panel/process/ |
1 B 306 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
processor.php
billsleek.in/pl5/de/panel/process/ |
0 270 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
processor.php
billsleek.in/pl5/de/panel/process/ |
0 268 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
processor.php
billsleek.in/pl5/de/panel/process/ |
0 265 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
processor.php
billsleek.in/pl5/de/panel/process/ |
1 B 276 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
processor.php
billsleek.in/pl5/de/panel/process/ |
0 356 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
processor.php
billsleek.in/pl5/de/panel/process/ |
0 368 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
processor.php
billsleek.in/pl5/de/panel/process/ |
1 B 268 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
processor.php
billsleek.in/pl5/de/panel/process/ |
0 288 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
processor.php
billsleek.in/pl5/de/panel/process/ |
0 269 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
processor.php
billsleek.in/pl5/de/panel/process/ |
0 264 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
processor.php
billsleek.in/pl5/de/panel/process/ |
1 B 282 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
processor.php
billsleek.in/pl5/de/panel/process/ |
0 268 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
processor.php
billsleek.in/pl5/de/panel/process/ |
0 266 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
processor.php
billsleek.in/pl5/de/panel/process/ |
1 B 271 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
processor.php
billsleek.in/pl5/de/panel/process/ |
0 266 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
processor.php
billsleek.in/pl5/de/panel/process/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- billsleek.in
- URL
- https://billsleek.in/pl5/de/panel/process/processor.php
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| $ function| jQuery object| targets string| redirect function| clearRedirections number| c1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
billsleek.in/ | Name: PHPSESSID Value: 09280d75a17d6c174f3f793cc486cb0e |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
belladacha.by
billsleek.in
www.paypalobjects.com
billsleek.in
188.114.97.3
192.229.221.25
31.130.207.8
15ee53f565d93504c7e5fc62732b0d14ae6ea98237d0ffccb51dee3898431ccb
1f70ff447ed799a34f4c3ae37ef1f49ed4af71123ba2c2aefe354565354284be
2ae6779c6c3579643ab6deb5cfb822e843bf637d006a4ec25d9857ec7fb6d8c1
57a291dc5dae55dc081a025bd53a1a558aae6af0e78748101d6a04875332f734
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8
c5d85d054886c5b1438c896e06123d5d18a0f530f2da3c46271047b1b40cef00
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5fd777f1560d2eb9b6b335eff85d886a4f02cf6ea5ccc9c3b63496bca1f8777
fdc92c47c5e9d1bbd3e18fdcddf0efbadf97bc6edf2a1a2c3dcf6dc76913178f