topwysylka.cloud
Open in
urlscan Pro
104.21.91.198
Malicious Activity!
Public Scan
Effective URL: https://topwysylka.cloud/xZW40uz0udB4E3/OZsaNl
Submission: On May 30 via manual from PL — Scanned from PL
Summary
TLS certificate: Issued by GTS CA 1P5 on May 30th 2023. Valid for: 3 months.
This is the only time topwysylka.cloud was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayU (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 12 | 104.21.91.198 104.21.91.198 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
11 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
topwysylka.cloud
1 redirects
topwysylka.cloud |
646 KB |
11 | 1 |
Domain | Requested by | |
---|---|---|
12 | topwysylka.cloud |
1 redirects
topwysylka.cloud
|
11 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
topwysylka.cloud GTS CA 1P5 |
2023-05-30 - 2023-08-28 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://topwysylka.cloud/xZW40uz0udB4E3/OZsaNl
Frame ID: 2F80F6E0218F1D120E29344999F4BB17
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
PayUPage URL History Show full URLs
-
https://topwysylka.cloud/605948798
HTTP 302
https://topwysylka.cloud/xZW40uz0udB4E3/OZsaNl Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://topwysylka.cloud/605948798
HTTP 302
https://topwysylka.cloud/xZW40uz0udB4E3/OZsaNl Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
OZsaNl
topwysylka.cloud/xZW40uz0udB4E3/ Redirect Chain
|
13 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
c1caf3f69e2f71b74f19d7c28d9b9d32e.css
topwysylka.cloud/xZW40uz0udB4E3/css/ |
38 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.js
topwysylka.cloud/xZW40uz0udB4E3/ |
86 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
663c655cb96076883a1296a5b3eda52b.jpg
topwysylka.cloud/xZW40uz0udB4E3/css/ |
59 KB 60 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
e597075ccfc97157313bcfa2e611524c.png
topwysylka.cloud/xZW40uz0udB4E3/css/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
928e67ca537c204e59e23176b8945dfe.png
topwysylka.cloud/xZW40uz0udB4E3/css/ |
135 KB 135 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
8873ae045f0b9696bbb44a3a33e832a8.png
topwysylka.cloud/xZW40uz0udB4E3/css/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
opensans-regular-webfont.woff
topwysylka.cloud/xZW40uz0udB4E3/css/fonts/ |
87 KB 88 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
opensans-light-webfont.woff
topwysylka.cloud/xZW40uz0udB4E3/css/fonts/ |
84 KB 84 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
opensans-semibold-webfont.woff
topwysylka.cloud/xZW40uz0udB4E3/css/fonts/ |
89 KB 90 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
PFBeauSansPro-Bold.woff
topwysylka.cloud/xZW40uz0udB4E3/css/fonts/ |
142 KB 136 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayU (Financial)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery object| b9e82f03 function| online7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
topwysylka.cloud/xZW40uz0udB4E3 | Name: 95bee1d7ed151c390eeb37d300a3173f Value: 1829961922 |
|
topwysylka.cloud/xZW40uz0udB4E3 | Name: 9c049898620da1e1cca918456cb56590 Value: 1407873786 |
|
topwysylka.cloud/xZW40uz0udB4E3 | Name: a61ba0502eee3df70b3cbeb7b6c964f3 Value: 913932924 |
|
topwysylka.cloud/xZW40uz0udB4E3 | Name: 4442d8d680de60a07570c90a54b45125 Value: 311722239 |
|
topwysylka.cloud/xZW40uz0udB4E3 | Name: 835522b2b73fea5dc4d5e47870d426e8 Value: 2245029574 |
|
topwysylka.cloud/xZW40uz0udB4E3 | Name: 314b9fd66049b8b0b327a5dc7633a2c8 Value: 2286064546 |
|
topwysylka.cloud/ | Name: PHPSESSID Value: q1afvac3lf4ns87gmoh32im003 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
topwysylka.cloud
104.21.91.198
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0aa93b2b5ff71c1169db0b297fc0d0bd2162772ae317d5f778a705b3764976c7
0fe491e2047389b9deb7a06fd36de7fec03af2791ec29461be02571cbebdb4ab
1a8a8689d9dda8732299493ac31b34b52a2ae411d72cbf8f283da25327b7ef9c
431817115e31ff8604ab76a86ce6ed55d02cd5ea7332bd0ed3d15d9b5bf9aaae
5d9e925b2595668979581204e5a82bf9559c3861b24a4953cabe82c4c7d759ab
8e1114b5aeb8d1b59307b48c8d3d451cfdf7944b9c6d1a98bcb6f35f6ecdee04
9650a5ba277274205e90974e7fb4183289ca51653c33fc291ad064bf8dd998e1
a11e8ea01381f86b936d51e14b18f8814f3ba2ef538cfc6c24307b19efb9980c
ba660a5d470d7e0c1120c30024551a73f6367caafc6905566a83adf9c5e5fc74
c8b380cdc92601f7195d0cd34c777bcdee7dcd285e110534a8cf48bfa7d8b2e8