paypay-cfw.tokyo Open in urlscan Pro
2606:4700:3035::6815:cb9 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://paypay-cfw.tokyo/login
Submission Tags: @phishunt_io
Submission: On April 28 via api (April 28th 2022, 1:12:56 am UTC) from DE — Scanned from DE

Summary HTTP 24 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 3 domains to perform 24 HTTP transactions. The main IP is 2606:4700:3035::6815:cb9, located in United States and belongs to CLOUDFLARENET, US. The main domain is paypay-cfw.tokyo.
TLS certificate: Issued by E1 on April 27th 2022. Valid for: 3 months.

This is the only time paypay-cfw.tokyo was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPay (Financial)

Domain & IP information

	IP Address	AS Autonomous System
16	2606:4700:303... 2606:4700:3035::6815:cb9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	18.177.162.193 18.177.162.193	16509 (AMAZON-02) (AMAZON-02)
1	54.150.35.190 54.150.35.190	16509 (AMAZON-02) (AMAZON-02)
1	104.111.224.61 104.111.224.61	16625 (AKAMAI-AS) (AKAMAI-AS)
24	5

16 2606:4700:3035::6815:cb9 (United States)

ASN13335 (CLOUDFLARENET, US)

paypay-cfw.tokyo	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.177.162.193 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-177-162-193.ap-northeast-1.compute.amazonaws.com

tjmbk.paypay-bank.co.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.150.35.190 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-150-35-190.ap-northeast-1.compute.amazonaws.com

cciky.paypay-bank.co.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.224.61 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-224-61.deploy.static.akamaitechnologies.com

login.paypay-bank.co.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	paypay-cfw.tokyo paypay-cfw.tokyo	80 KB
5	paypay-bank.co.jp tjmbk.paypay-bank.co.jp cciky.paypay-bank.co.jp login.paypay-bank.co.jp	75 KB
0	advanced-web-analytics.com Failed awapne4.advanced-web-analytics.com Failed
24	3

	Domain	Requested by
16	paypay-cfw.tokyo	paypay-cfw.tokyo
3	tjmbk.paypay-bank.co.jp	paypay-cfw.tokyo
1	login.paypay-bank.co.jp	paypay-cfw.tokyo
1	cciky.paypay-bank.co.jp	paypay-cfw.tokyo
0	awapne4.advanced-web-analytics.com Failed	paypay-cfw.tokyo
24	5

This site contains links to these domains. Also see Links.

Domain
www.paypay-bank.co.jp
help.paypay-bank.co.jp
www.japannetbank.co.jp

Subject Issuer	Validity	Valid
*.paypay-cfw.tokyo E1	`2022-04-27` - `2022-07-26`	3 months	crt.sh
tjmbk.paypay-bank.co.jp Cybertrust Japan SureServer CA G4	`2021-07-07` - `2022-07-07`	a year	crt.sh
cciky.paypay-bank.co.jp Cybertrust Japan SureServer CA G4	`2021-07-07` - `2022-07-07`	a year	crt.sh
login.paypay-bank.co.jp Cybertrust Japan SureServer EV CA G3	`2022-03-24` - `2023-04-23`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://paypay-cfw.tokyo/login
Frame ID: 272E92FBBDE47A9188A4336CD0D75D5A
Requests: 20 HTTP requests in this frame

Frame: https://tjmbk.paypay-bank.co.jp/336450/VOdz.html?si=0&e=https%3A%2F%2Fpaypay-cfw.tokyo&LSESSIONID=eyJpIjoieGhuQm5GZTN3WUlVMFwvRVFlUzltdWc9PSIsImUiOiJmcEVKVXJ5RGQ0Mk51STZEbENwZGt2bXNKZjFRTkN1VENodjZ5bDJPNCs3ODZSWUJyQnFhQXkwOVhndkxxcVllQXB4bWFvZVpRUjBMMjJob2VWMEZcL3EwbjNJN1oxMFRYcmFrRmJoYXJUOGRDeTdWUmY2RkoxOGZyQ05UMXFISzNqemZ6RmcrN1I5ak5vZ0lhR2NcL29iQT09In0%3D.03f384c99c8f8e3f.NjdjZDM5NWIxNjIwNDEzYjZjYWZjYTI0ZDM0ZGVhNzlmOWY5YTUzYTlhN2ViZTZmZDY0Y2M0NTRmNjRjN2NkOA%3D%3D&t=xframe&eu=https%3A%2F%2Fpaypay-cfw.tokyo%2Flogin&icid=165110837299613760
Frame ID: B821E0DA4EF2D9422010519F35FCC41A
Requests: 1 HTTP requests in this frame

Frame: https://tjmbk.paypay-bank.co.jp/336450/Sxzs.html/?cid=5&si=0&e=https%3A%2F%2Fpaypay-cfw.tokyo&LSESSIONID=eyJpIjoieGhuQm5GZTN3WUlVMFwvRVFlUzltdWc9PSIsImUiOiJmcEVKVXJ5RGQ0Mk51STZEbENwZGt2bXNKZjFRTkN1VENodjZ5bDJPNCs3ODZSWUJyQnFhQXkwOVhndkxxcVllQXB4bWFvZVpRUjBMMjJob2VWMEZcL3EwbjNJN1oxMFRYcmFrRmJoYXJUOGRDeTdWUmY2RkoxOGZyQ05UMXFISzNqemZ6RmcrN1I5ak5vZ0lhR2NcL29iQT09In0%3D.03f384c99c8f8e3f.NjdjZDM5NWIxNjIwNDEzYjZjYWZjYTI0ZDM0ZGVhNzlmOWY5YTUzYTlhN2ViZTZmZDY0Y2M0NTRmNjRjN2NkOA%3D%3D&t=xframe&eu=https%3A%2F%2Fpaypay-cfw.tokyo%2Flogin&icid=165110837300820422
Frame ID: D4F16DE7460CAFB06B6B4EE3E7E3823C
Requests: 1 HTTP requests in this frame

Frame: https://awapne4.advanced-web-analytics.com/336450/ikyek.html?e=https%3A%2F%2Fpaypay-cfw.tokyo&es=eyJpIjoieGhuQm5GZTN3WUlVMFwvRVFlUzltdWc9PSIsImUiOiJmcEVKVXJ5RGQ0Mk51STZEbENwZGt2bXNKZjFRTkN1VENodjZ5bDJPNCs3ODZSWUJyQnFhQXkwOVhndkxxcVllQXB4bWFvZVpRUjBMMjJob2VWMEZcL3EwbjNJN1oxMFRYcmFrRmJoYXJUOGRDeTdWUmY2RkoxOGZyQ05UMXFISzNqemZ6RmcrN1I5ak5vZ0lhR2NcL29iQT09In0%3D.03f384c99c8f8e3f.NjdjZDM5NWIxNjIwNDEzYjZjYWZjYTI0ZDM0ZGVhNzlmOWY5YTUzYTlhN2ViZTZmZDY0Y2M0NTRmNjRjN2NkOA%3D%3D&re=https%3A%2F%2Fpaypay-cfw.tokyo%2Flogin&eu=https%3A%2F%2Fpaypay-cfw.tokyo%2Flogin&icid=165110837304999420
Frame ID: 4BFAECCAFFFBCBDB14ADAB43505C3BC9
Requests: 1 HTTP requests in this frame

Frame: https://cciky.paypay-bank.co.jp/336450/hyperlink.html?sui=ee29685d07fedffbcb26f34e5e752f25b2ce600e5e04d41395ccf0eeb4db2814
Frame ID: 2C0F6013EE72CC234E2FBC35754BAF24
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ログイン - PayPay銀行

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

24
Requests

88 %
HTTPS

25 %
IPv6

3
Domains

5
Subdomains

5
IPs

3
Countries

155 kB
Transfer

463 kB
Size

5
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.paypay-bank.co.jp/

Search URL Search Domain Scan URL

URL: https://help.paypay-bank.co.jp/hc/ja

Search URL Search Domain Scan URL

URL: https://www.japannetbank.co.jp/cn_login.html
Title: ログインできません

Search URL Search Domain Scan URL

URL: https://www.paypay-bank.co.jp/support/customer.html#others
Title: チャットでお問い合わせ

Search URL Search Domain Scan URL

URL: https://www.paypay-bank.co.jp/regulation/index.html
Title: 取引規定集

Search URL Search Domain Scan URL

URL: https://www.paypay-bank.co.jp/policy/privacy/index.html
Title: プライバシーポリシー

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request login Show response
paypay-cfw.tokyo/ 13 KB
5 KB 629ms
599ms Document
text/html 2606:4700:3035::6815:cb9
CLOUDFLARENET

General

Domain/Path	Expires	Name / Value
paypay-cfw.tokyo/	1969-12-31 23:59:59	Name: mercar:sid Value: s%3A1d69d8c7-af8b-4e18-9c87-e7ef6bce009a.d0H8Ylpy2HyzVx5ov92acbUTjCOTWl5eTD00lVDFBN0
paypay-cfw.tokyo/	1969-12-31 23:59:59	Name: LSESSIONID Value: eyJpIjoieGhuQm5GZTN3WUlVMFwvRVFlUzltdWc9PSIsImUiOiJmcEVKVXJ5RGQ0Mk51STZEbENwZGt2bXNKZjFRTkN1VENodjZ5bDJPNCs3ODZSWUJyQnFhQXkwOVhndkxxcVllQXB4bWFvZVpRUjBMMjJob2VWMEZcL3EwbjNJN1oxMFRYcmFrRmJoYXJUOGRDeTdWUmY2RkoxOGZyQ05UMXFISzNqemZ6RmcrN1I5ak5vZ0lhR2NcL29iQT09In0%3D.03f384c99c8f8e3f.NjdjZDM5NWIxNjIwNDEzYjZjYWZjYTI0ZDM0ZGVhNzlmOWY5YTUzYTlhN2ViZTZmZDY0Y2M0NTRmNjRjN2NkOA%3D%3D
paypay-cfw.tokyo/	1970-01-20 20:09:40	Name: __gdic Value: l2ibam9jrfrva4q87op
paypay-cfw.tokyo/	1970-01-20 20:09:40	Name: ___r336450 Value: 0.3906368453742
paypay-cfw.tokyo/	1969-12-31 23:59:59	Name: ___so336450 Value: eyJsc2giOjE2OTMxMzA5NSwicmVmZXJyZXIiOiJodHRwczovL3BheXBheS1jZncudG9reW8vbG9naW4iLCJzZCI6bnVsbCwic2RjIjpudWxsLCJhZnAiOnRydWV9

paypay-cfw.tokyo Open in urlscan Pro 2606:4700:3035::6815:cb9 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

24 Requests

88 %HTTPS

25 %IPv6

3 Domains

5 Subdomains

5 IPs

3 Countries

155 kBTransfer

463 kBSize

5 Cookies

6 Outgoing links

Redirected requests

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

72 JavaScript Global Variables

5 Cookies

Indicators

paypay-cfw.tokyo Open in urlscan Pro
2606:4700:3035::6815:cb9 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

24
Requests

88 %
HTTPS

25 %
IPv6

3
Domains

5
Subdomains

5
IPs

3
Countries

155 kB
Transfer

463 kB
Size

5
Cookies

24 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!