global-pay.site Open in urlscan Pro
2606:4700:3034::6818:7424  Malicious Activity! Public Scan

URL: https://global-pay.site/
Submission: On December 20 via automatic, source certstream-suspicious

Summary

This website contacted 7 IPs in 3 countries across 6 domains to perform 17 HTTP transactions. The main IP is 2606:4700:3034::6818:7424, located in United States and belongs to CLOUDFLARENET, US. The main domain is global-pay.site.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 7th 2020. Valid for: a year.
This is the only time global-pay.site was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Visa (Financial)

Domain & IP information

IP Address AS Autonomous System
5 2606:4700:303... 13335 (CLOUDFLAR...)
3 151.101.112.133 54113 (FASTLY)
3 3.120.125.124 16509 (AMAZON-02)
1 2a04:4e42:1b:... 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
17 7
Domain Requested by
5 global-pay.site global-pay.site
4 fonts.gstatic.com fonts.googleapis.com
3 escrowbox.uapay.ua global-pay.site
3 raw.githubusercontent.com global-pay.site
1 fonts.googleapis.com global-pay.site
1 cdn.jsdelivr.net global-pay.site
17 6

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-12-07 -
2021-12-06
a year crt.sh
www.github.com
DigiCert SHA2 High Assurance Server CA
2020-05-06 -
2022-04-14
2 years crt.sh
*.escrowbox.uapay.ua
Sectigo RSA Domain Validation Secure Server CA
2020-07-16 -
2021-07-16
a year crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2020-10-26 -
2021-04-17
6 months crt.sh
upload.video.google.com
GTS CA 1O1
2020-11-10 -
2021-02-02
3 months crt.sh
*.gstatic.com
GTS CA 1O1
2020-11-10 -
2021-02-02
3 months crt.sh

This page contains 1 frames:

Primary Page: https://global-pay.site/
Frame ID: C878A47F7D396017861811F9D3AD5ED9
Requests: 18 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

17
Requests

100 %
HTTPS

67 %
IPv6

6
Domains

6
Subdomains

7
IPs

3
Countries

180 kB
Transfer

275 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
global-pay.site/
12 KB
3 KB
Document
General
Full URL
https://global-pay.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6818:7424 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.2.34
Resource Hash
eefc7cde130583eee112b2303d032da49b611375227e990fc6565d609a9fa436

Request headers

:method
GET
:authority
global-pay.site
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 13:51:24 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=dd0979e88bec83d94fea07b26526f2d901608472284; expires=Tue, 19-Jan-21 13:51:24 GMT; path=/; domain=.global-pay.site; HttpOnly; SameSite=Lax; Secure
vary
Accept-Encoding
x-powered-by
PHP/7.2.34
cf-cache-status
DYNAMIC
cf-request-id
07220466590000bec9a3bfd000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=RwqNRId3WBCBr5FcQZ87EvL2th0PuNZOHdTNJ3MLKDrTPtYDCKf%2FNKsdQ0gXiTZWZimfl2w3wD2vsypLr8BUi5Bw%2Fjd4gwxAx8u5Jdi%2BCFVSFwB9y3ISXbm0K%2Bc%3D"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6049d683cfdfbec9-FRA
content-encoding
br
style.css
global-pay.site/css/
16 KB
3 KB
Stylesheet
General
Full URL
https://global-pay.site/css/style.css?9a91120c166addc59319128e93a60fbd32d8b0e0
Requested by
Host: global-pay.site
URL: https://global-pay.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6818:7424 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
76c8b98a98c37517da571805b22b5063a0a43962b86f4d826f05e76ee3505a0b

Request headers

Referer
https://global-pay.site/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 13:51:24 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 17 Dec 2020 06:12:27 GMT
server
cloudflare
etag
W/"5fdaf6cb-3e2c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=yZDmNqQ8O901cBE4p%2BnibpsITqrm8W3gK3YyyvYXcGPFxWruPftWE%2FWe3SLiU66W4HKEfK101bMQjctXpQwBnsfVsz62B87XxyMLUriWeBLNILL%2FW9W5U10E9Ig%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=315360000
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
6049d6841808bec9-FRA
cf-request-id
072204668e0000bec9ab264000000001
expires
Thu, 31 Dec 2037 23:55:55 GMT
chip.png
raw.githubusercontent.com/muhammederdem/credit-card-form/master/src/assets/images/
16 KB
17 KB
Image
General
Full URL
https://raw.githubusercontent.com/muhammederdem/credit-card-form/master/src/assets/images/chip.png
Requested by
Host: global-pay.site
URL: https://global-pay.site/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
612d3c3f8efad0b9073b164950a2c3b5ed6d73e214fe539e6c21b4f18fed0ad8
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://global-pay.site/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Fastly-Request-ID
668d6efb7bcea485d074974215cbe0405f4a7f56
Content-Security-Policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
Via
1.1 varnish (Varnish/6.0), 1.1 varnish
X-Content-Type-Options
nosniff
X-Cache
HIT, HIT
X-Cache-Hits
5, 2
Connection
keep-alive
Vary
Authorization,Accept-Encoding, Accept-Encoding
Content-Length
16470
X-XSS-Protection
1; mode=block
X-Served-By
cache-hhn4034-HHN
X-GitHub-Request-Id
ABF8:4206:2DC8D07:3003A51:5FDF4C5B
X-Timer
S1608472285.869320,VS0,VE0
X-Frame-Options
deny
Date
Sun, 20 Dec 2020 13:51:24 GMT
Source-Age
260
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=300
ETag
W/"0eef0729fb842b647b8e55e6077eb705bfff46d0f861a866fe759566cb54d035"
Accept-Ranges
bytes
Expires
Sun, 20 Dec 2020 13:56:24 GMT
37d19cd741fa8b0d5b31ef959af12d0c.png
escrowbox.uapay.ua/
4 KB
5 KB
Image
General
Full URL
https://escrowbox.uapay.ua/37d19cd741fa8b0d5b31ef959af12d0c.png
Requested by
Host: global-pay.site
URL: https://global-pay.site/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.120.125.124 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-120-125-124.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
c651f8363d7a98f99ae6eebfaf0ad26417c09cd3fe60c84fff08ca58bd816840
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://global-pay.site/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 20 Dec 2020 13:51:24 GMT
Last-Modified
Sun, 15 Nov 2020 22:10:18 GMT
Server
nginx
ETag
"5fb1a74a-1177"
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4471
39dc5a4f4372fe6b3bab7185f42abf2a.png
escrowbox.uapay.ua/
5 KB
5 KB
Image
General
Full URL
https://escrowbox.uapay.ua/39dc5a4f4372fe6b3bab7185f42abf2a.png
Requested by
Host: global-pay.site
URL: https://global-pay.site/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.120.125.124 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-120-125-124.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
b9d6f18a82265c2f3142e8ce35a61728a06f9cee0f24bdb851f40c477309d77f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://global-pay.site/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 20 Dec 2020 13:51:24 GMT
Last-Modified
Sun, 15 Nov 2020 22:10:18 GMT
Server
nginx
ETag
"5fb1a74a-13d8"
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5080
2d594643828523135ea057dbc3d00f20.png
escrowbox.uapay.ua/
4 KB
4 KB
Image
General
Full URL
https://escrowbox.uapay.ua/2d594643828523135ea057dbc3d00f20.png
Requested by
Host: global-pay.site
URL: https://global-pay.site/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.120.125.124 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-120-125-124.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
a09403abdc35a739030b810bc9962ee86025a114193f1ca9b98c4f9b89b9be96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://global-pay.site/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 20 Dec 2020 13:51:24 GMT
Last-Modified
Sun, 15 Nov 2020 22:10:18 GMT
Server
nginx
ETag
"5fb1a74a-f49"
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3913
vue@2.6.12
cdn.jsdelivr.net/npm/
91 KB
34 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/vue@2.6.12
Requested by
Host: global-pay.site
URL: https://global-pay.site/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
29296ccacaa9ed35ed168fc51e36f54fd6f8db9c7786bbf38cc59a27229ba5c2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://global-pay.site/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
2676319
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
content-length
34100
etag
W/"16de6-5V3x99bCiO5z1Dm6sm3QBv/uevM"
x-served-by
cache-fra19142-FRA, cache-hhn4077-HHN
date
Sun, 20 Dec 2020 13:51:24 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
script.js
global-pay.site/js/
3 KB
1 KB
Script
General
Full URL
https://global-pay.site/js/script.js?8cce896fcdead24f9f017c98e412c48bfcc39da4
Requested by
Host: global-pay.site
URL: https://global-pay.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6818:7424 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8688df1a628060277da9d552c1f3eddc4e58c7a3f33c54af1fd188f6bd3054b

Request headers

Referer
https://global-pay.site/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 13:51:24 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 17 Dec 2020 06:12:29 GMT
server
cloudflare
etag
W/"5fdaf6cd-bcf"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ZzqGSW4Nw5W7UXZNbPGxO40Sr8nPIuq28m6MEp54x73%2BZpuOPCdt%2FBdXl0b8aLykS5n16KcdSynEUazwyIYMEb73K2w95ZDqHE7cxntkndZOF9MvjagaL6KIHs4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=315360000
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
6049d6841809bec9-FRA
cf-request-id
072204668f0000bec9b2b9d000000001
expires
Thu, 31 Dec 2037 23:55:55 GMT
telegramSend.js
global-pay.site/js/
4 KB
1 KB
Script
General
Full URL
https://global-pay.site/js/telegramSend.js?8cce896fcdead24f9f017c98e412c48bfcc39da4
Requested by
Host: global-pay.site
URL: https://global-pay.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6818:7424 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
224a8b93e048a306435fc1d87777589a6f4ed060bf2a8f30b5c4a1e401f18551

Request headers

Referer
https://global-pay.site/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 13:51:24 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 17 Dec 2020 06:12:29 GMT
server
cloudflare
etag
W/"5fdaf6cd-e22"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Iq8m9UGv3%2BHDmR0bjt%2FSuCaPqBIYO%2B2gvvnDKMVJPeLIEEbSkgtm5Prhw4TUBsV8k6wkwPGbwpb6gf6wxB579nxMurOtDd49jMj2Z9NiB2nQuI%2FDmPi0oIH%2Fgc4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=315360000
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
6049d684180bbec9-FRA
cf-request-id
072204668f0000bec98f83e000000001
expires
Thu, 31 Dec 2037 23:55:55 GMT
css
fonts.googleapis.com/
15 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Source+Code+Pro:400,500,600,700|Source+Sans+Pro:400,600,700&display=swap
Requested by
Host: global-pay.site
URL: https://global-pay.site/css/style.css?9a91120c166addc59319128e93a60fbd32d8b0e0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1437e8feeeb06db15306819c5abfef699017de902840630900e634f943127dbb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://global-pay.site/css/style.css?9a91120c166addc59319128e93a60fbd32d8b0e0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 20 Dec 2020 13:51:24 GMT
server
ESF
date
Sun, 20 Dec 2020 13:51:24 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 20 Dec 2020 13:51:24 GMT
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7lujVj9w.woff2
fonts.gstatic.com/s/sourcesanspro/v14/
13 KB
13 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7lujVj9w.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Code+Pro:400,500,600,700|Source+Sans+Pro:400,600,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ecf76895be1cf9e8b3edb254030e9c9c1d8f3c2efc1f9dc7e04ceff29eccae9c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://global-pay.site
Referer
https://fonts.googleapis.com/css?family=Source+Code+Pro:400,500,600,700|Source+Sans+Pro:400,600,700&display=swap
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Dec 2020 21:51:51 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:10:14 GMT
server
sffe
age
230373
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13324
x-xss-protection
0
expires
Fri, 17 Dec 2021 21:51:51 GMT
truncated
/
426 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1d00c6f0cc689179cfc4dab54f10163635df53e0472ec87fb40790a74f4dbce2

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
loading.svg
global-pay.site/
1 KB
708 B
Image
General
Full URL
https://global-pay.site/loading.svg
Requested by
Host: global-pay.site
URL: https://global-pay.site/css/style.css?9a91120c166addc59319128e93a60fbd32d8b0e0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6818:7424 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8b0d6dd69b259e5fb9ba8aa1b3939b5be6309f9d33303278d60786c5129ac82

Request headers

Referer
https://global-pay.site/css/style.css?9a91120c166addc59319128e93a60fbd32d8b0e0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 13:51:24 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 17 Dec 2020 06:12:26 GMT
server
cloudflare
etag
W/"5fdaf6ca-538"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=S%2BzgAy6cP2dFKTkHHUR6NrG1k2MY3DV5Jfm%2BndLAH4Pt52QLf%2Bn5coBChItq0H12UTFGeBfzugAmtn5gAZ31RvkMiyVXTvgArNUmkXqcD1WwjTouCdjzXaig22I%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=315360000
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
6049d684b848bec9-FRA
cf-request-id
07220466f80000bec996bd6000000001
expires
Thu, 31 Dec 2037 23:55:55 GMT
HI_XiYsKILxRpg3hIP6sJ7fM7PqtzsjDs-cq7Gq0DA.woff2
fonts.gstatic.com/s/sourcecodepro/v13/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcecodepro/v13/HI_XiYsKILxRpg3hIP6sJ7fM7PqtzsjDs-cq7Gq0DA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Code+Pro:400,500,600,700|Source+Sans+Pro:400,600,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
59fd4f207936792ab9910baa7df5f1f7bff899e35e0428df34ab9a1319184052
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://global-pay.site
Referer
https://fonts.googleapis.com/css?family=Source+Code+Pro:400,500,600,700|Source+Sans+Pro:400,600,700&display=swap
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 18 Dec 2020 11:13:07 GMT
x-content-type-options
nosniff
last-modified
Thu, 24 Sep 2020 23:57:48 GMT
server
sffe
age
182297
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11232
x-xss-protection
0
expires
Sat, 18 Dec 2021 11:13:07 GMT
HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevWnsUnxg.woff2
fonts.gstatic.com/s/sourcecodepro/v13/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcecodepro/v13/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevWnsUnxg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Code+Pro:400,500,600,700|Source+Sans+Pro:400,600,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9ad58bb5360bb0ac3964d9af1781d36e4e91e91be40e506bf6a174be865b7e4e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://global-pay.site
Referer
https://fonts.googleapis.com/css?family=Source+Code+Pro:400,500,600,700|Source+Sans+Pro:400,600,700&display=swap
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 18 Dec 2020 10:45:50 GMT
x-content-type-options
nosniff
last-modified
Thu, 24 Sep 2020 23:57:59 GMT
server
sffe
age
183934
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11444
x-xss-protection
0
expires
Sat, 18 Dec 2021 10:45:50 GMT
6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu3cOWxw.woff2
fonts.gstatic.com/s/sourcesanspro/v14/
13 KB
13 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu3cOWxw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Code+Pro:400,500,600,700|Source+Sans+Pro:400,600,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
487f2e9da2ff0740755a5ef01dc15a2888b89537795895203a831b13b199d8bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://global-pay.site
Referer
https://fonts.googleapis.com/css?family=Source+Code+Pro:400,500,600,700|Source+Sans+Pro:400,600,700&display=swap
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 18 Dec 2020 10:54:48 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:10:11 GMT
server
sffe
age
183396
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12976
x-xss-protection
0
expires
Sat, 18 Dec 2021 10:54:48 GMT
10.jpeg
raw.githubusercontent.com/muhammederdem/credit-card-form/master/src/assets/images/
49 KB
50 KB
Image
General
Full URL
https://raw.githubusercontent.com/muhammederdem/credit-card-form/master/src/assets/images/10.jpeg
Requested by
Host: global-pay.site
URL: https://global-pay.site/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c32752eded58f2f33586175a50ae7cd97349eb786f688621dfab87998dab9e22
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://global-pay.site/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Fastly-Request-ID
1c51d2789d8815ebddc079246fec58b2198c72e5
Content-Security-Policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
Via
1.1 varnish (Varnish/6.0), 1.1 varnish
X-Content-Type-Options
nosniff
X-Cache
MISS, HIT
X-Cache-Hits
0, 1
Connection
keep-alive
Vary
Authorization,Accept-Encoding, Accept-Encoding
Content-Length
50617
X-XSS-Protection
1; mode=block
X-Served-By
cache-hhn4034-HHN
X-GitHub-Request-Id
A584:F6AD:2FB8607:320B07E:5FDF0F41
X-Timer
S1608472285.986781,VS0,VE83
X-Frame-Options
deny
Date
Sun, 20 Dec 2020 13:51:25 GMT
Source-Age
31
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=300
ETag
W/"86c697a9d5750c41c238b5c226c455f5c238de155e50170ba5bfa3e07871fce0"
Accept-Ranges
bytes
Expires
Sun, 20 Dec 2020 13:56:25 GMT
visa.png
raw.githubusercontent.com/muhammederdem/credit-card-form/master/src/assets/images/
6 KB
7 KB
Image
General
Full URL
https://raw.githubusercontent.com/muhammederdem/credit-card-form/master/src/assets/images/visa.png
Requested by
Host: global-pay.site
URL: https://global-pay.site/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1a9548347c9b338b3168bc5eb94c8206490a3462efc3c674632e9e9236785d54
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://global-pay.site/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Fastly-Request-ID
38d202fdf2fb3a4e21ea7dd8afcf0aa2fcf20ac0
Content-Security-Policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
Via
1.1 varnish (Varnish/6.0), 1.1 varnish
X-Content-Type-Options
nosniff
X-Cache
HIT, HIT
X-Cache-Hits
6, 1
Connection
keep-alive
Vary
Authorization,Accept-Encoding, Accept-Encoding
Content-Length
5927
X-XSS-Protection
1; mode=block
X-Served-By
cache-hhn4074-HHN
X-GitHub-Request-Id
825E:94CF:1808D2E:1947188:5FDF45BE
X-Timer
S1608472285.032845,VS0,VE167
X-Frame-Options
deny
Date
Sun, 20 Dec 2020 13:51:25 GMT
Source-Age
0
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=300
ETag
W/"a85601928a11d6b5e6b530a1393acefc80f47d2fe589cadd27da82060323bd15"
Accept-Ranges
bytes
Expires
Sun, 20 Dec 2020 13:56:25 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Visa (Financial)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| Vue function| space undefined| el

1 Cookies

Domain/Path Name / Value
.global-pay.site/ Name: __cfduid
Value: dd0979e88bec83d94fea07b26526f2d901608472284

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
escrowbox.uapay.ua
fonts.googleapis.com
fonts.gstatic.com
global-pay.site
raw.githubusercontent.com
151.101.112.133
2606:4700:3034::6818:7424
2a00:1450:4001:802::200a
2a00:1450:4001:81e::2003
2a04:4e42:1b::621
3.120.125.124
1437e8feeeb06db15306819c5abfef699017de902840630900e634f943127dbb
1a9548347c9b338b3168bc5eb94c8206490a3462efc3c674632e9e9236785d54
1d00c6f0cc689179cfc4dab54f10163635df53e0472ec87fb40790a74f4dbce2
224a8b93e048a306435fc1d87777589a6f4ed060bf2a8f30b5c4a1e401f18551
29296ccacaa9ed35ed168fc51e36f54fd6f8db9c7786bbf38cc59a27229ba5c2
487f2e9da2ff0740755a5ef01dc15a2888b89537795895203a831b13b199d8bb
59fd4f207936792ab9910baa7df5f1f7bff899e35e0428df34ab9a1319184052
612d3c3f8efad0b9073b164950a2c3b5ed6d73e214fe539e6c21b4f18fed0ad8
76c8b98a98c37517da571805b22b5063a0a43962b86f4d826f05e76ee3505a0b
9ad58bb5360bb0ac3964d9af1781d36e4e91e91be40e506bf6a174be865b7e4e
a09403abdc35a739030b810bc9962ee86025a114193f1ca9b98c4f9b89b9be96
b9d6f18a82265c2f3142e8ce35a61728a06f9cee0f24bdb851f40c477309d77f
c32752eded58f2f33586175a50ae7cd97349eb786f688621dfab87998dab9e22
c651f8363d7a98f99ae6eebfaf0ad26417c09cd3fe60c84fff08ca58bd816840
e8688df1a628060277da9d552c1f3eddc4e58c7a3f33c54af1fd188f6bd3054b
e8b0d6dd69b259e5fb9ba8aa1b3939b5be6309f9d33303278d60786c5129ac82
ecf76895be1cf9e8b3edb254030e9c9c1d8f3c2efc1f9dc7e04ceff29eccae9c
eefc7cde130583eee112b2303d032da49b611375227e990fc6565d609a9fa436