global-pay.site
Open in
urlscan Pro
2606:4700:3034::6818:7424
Malicious Activity!
Public Scan
Submission: On December 20 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 7th 2020. Valid for: a year.
This is the only time global-pay.site was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Visa (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 2606:4700:303... 2606:4700:3034::6818:7424 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 151.101.112.133 151.101.112.133 | 54113 (FASTLY) (FASTLY) | |
3 | 3.120.125.124 3.120.125.124 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a04:4e42:1b:... 2a04:4e42:1b::621 | 54113 (FASTLY) (FASTLY) | |
1 | 2a00:1450:400... 2a00:1450:4001:802::200a | 15169 (GOOGLE) (GOOGLE) | |
4 | 2a00:1450:400... 2a00:1450:4001:81e::2003 | 15169 (GOOGLE) (GOOGLE) | |
17 | 7 |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-125-124.eu-central-1.compute.amazonaws.com
escrowbox.uapay.ua |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
global-pay.site
global-pay.site |
9 KB |
4 |
gstatic.com
fonts.gstatic.com |
48 KB |
3 |
uapay.ua
escrowbox.uapay.ua |
14 KB |
3 |
githubusercontent.com
raw.githubusercontent.com |
74 KB |
1 |
googleapis.com
fonts.googleapis.com |
1 KB |
1 |
jsdelivr.net
cdn.jsdelivr.net |
34 KB |
17 | 6 |
Domain | Requested by | |
---|---|---|
5 | global-pay.site |
global-pay.site
|
4 | fonts.gstatic.com |
fonts.googleapis.com
|
3 | escrowbox.uapay.ua |
global-pay.site
|
3 | raw.githubusercontent.com |
global-pay.site
|
1 | fonts.googleapis.com |
global-pay.site
|
1 | cdn.jsdelivr.net |
global-pay.site
|
17 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-12-07 - 2021-12-06 |
a year | crt.sh |
www.github.com DigiCert SHA2 High Assurance Server CA |
2020-05-06 - 2022-04-14 |
2 years | crt.sh |
*.escrowbox.uapay.ua Sectigo RSA Domain Validation Secure Server CA |
2020-07-16 - 2021-07-16 |
a year | crt.sh |
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3 |
2020-10-26 - 2021-04-17 |
6 months | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-11-10 - 2021-02-02 |
3 months | crt.sh |
*.gstatic.com GTS CA 1O1 |
2020-11-10 - 2021-02-02 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://global-pay.site/
Frame ID: C878A47F7D396017861811F9D3AD5ED9
Requests: 18 HTTP requests in this frame
Screenshot
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
global-pay.site/ |
12 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
global-pay.site/css/ |
16 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
chip.png
raw.githubusercontent.com/muhammederdem/credit-card-form/master/src/assets/images/ |
16 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
37d19cd741fa8b0d5b31ef959af12d0c.png
escrowbox.uapay.ua/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
39dc5a4f4372fe6b3bab7185f42abf2a.png
escrowbox.uapay.ua/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2d594643828523135ea057dbc3d00f20.png
escrowbox.uapay.ua/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vue@2.6.12
cdn.jsdelivr.net/npm/ |
91 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script.js
global-pay.site/js/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
telegramSend.js
global-pay.site/js/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
15 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7lujVj9w.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ |
13 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
426 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loading.svg
global-pay.site/ |
1 KB 708 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
HI_XiYsKILxRpg3hIP6sJ7fM7PqtzsjDs-cq7Gq0DA.woff2
fonts.gstatic.com/s/sourcecodepro/v13/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevWnsUnxg.woff2
fonts.gstatic.com/s/sourcecodepro/v13/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu3cOWxw.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ |
13 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
10.jpeg
raw.githubusercontent.com/muhammederdem/credit-card-form/master/src/assets/images/ |
49 KB 50 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
visa.png
raw.githubusercontent.com/muhammederdem/credit-card-form/master/src/assets/images/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Visa (Financial)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| Vue function| space undefined| el1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.global-pay.site/ | Name: __cfduid Value: dd0979e88bec83d94fea07b26526f2d901608472284 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
escrowbox.uapay.ua
fonts.googleapis.com
fonts.gstatic.com
global-pay.site
raw.githubusercontent.com
151.101.112.133
2606:4700:3034::6818:7424
2a00:1450:4001:802::200a
2a00:1450:4001:81e::2003
2a04:4e42:1b::621
3.120.125.124
1437e8feeeb06db15306819c5abfef699017de902840630900e634f943127dbb
1a9548347c9b338b3168bc5eb94c8206490a3462efc3c674632e9e9236785d54
1d00c6f0cc689179cfc4dab54f10163635df53e0472ec87fb40790a74f4dbce2
224a8b93e048a306435fc1d87777589a6f4ed060bf2a8f30b5c4a1e401f18551
29296ccacaa9ed35ed168fc51e36f54fd6f8db9c7786bbf38cc59a27229ba5c2
487f2e9da2ff0740755a5ef01dc15a2888b89537795895203a831b13b199d8bb
59fd4f207936792ab9910baa7df5f1f7bff899e35e0428df34ab9a1319184052
612d3c3f8efad0b9073b164950a2c3b5ed6d73e214fe539e6c21b4f18fed0ad8
76c8b98a98c37517da571805b22b5063a0a43962b86f4d826f05e76ee3505a0b
9ad58bb5360bb0ac3964d9af1781d36e4e91e91be40e506bf6a174be865b7e4e
a09403abdc35a739030b810bc9962ee86025a114193f1ca9b98c4f9b89b9be96
b9d6f18a82265c2f3142e8ce35a61728a06f9cee0f24bdb851f40c477309d77f
c32752eded58f2f33586175a50ae7cd97349eb786f688621dfab87998dab9e22
c651f8363d7a98f99ae6eebfaf0ad26417c09cd3fe60c84fff08ca58bd816840
e8688df1a628060277da9d552c1f3eddc4e58c7a3f33c54af1fd188f6bd3054b
e8b0d6dd69b259e5fb9ba8aa1b3939b5be6309f9d33303278d60786c5129ac82
ecf76895be1cf9e8b3edb254030e9c9c1d8f3c2efc1f9dc7e04ceff29eccae9c
eefc7cde130583eee112b2303d032da49b611375227e990fc6565d609a9fa436