www.bpay.billing.xkv9-services.com Open in urlscan Pro
188.241.58.119 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.bpay.billing.xkv9-services.com:443/
Effective URL:
https://www.bpay.billing.xkv9-services.com/
Submission: On July 30 via api (July 30th 2024, 2:37:38 am UTC) from US — Scanned from US

Summary HTTP 15 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 2 domains to perform 15 HTTP transactions. The main IP is 188.241.58.119, located in Romania and belongs to THCPROJECTS, RO. The main domain is www.bpay.billing.xkv9-services.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 27th 2024. Valid for: 3 months.

This is the only time www.bpay.billing.xkv9-services.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Binance (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
10	188.241.58.119 188.241.58.119	51177 (THCPROJECTS) (THCPROJECTS)
2	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	158.220.96.98 158.220.96.98	51167 (CONTABO) (CONTABO)
15	4

10 188.241.58.119 (Romania)

ASN51177 (THCPROJECTS, RO)
PTR: bitcompany.online

www.bpay.billing.xkv9-services.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 158.220.96.98 (Düsseldorf, Germany)

ASN51167 (CONTABO, DE)
PTR: vmi1506127.contaboserver.net

bpay-m-server.xkv9-services.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	xkv9-services.com www.bpay.billing.xkv9-services.com bpay-m-server.xkv9-services.com Failed	151 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 336	82 KB
15	2

	Domain	Requested by
10	www.bpay.billing.xkv9-services.com	www.bpay.billing.xkv9-services.com
2	cdnjs.cloudflare.com	www.bpay.billing.xkv9-services.com cdnjs.cloudflare.com
1	bpay-m-server.xkv9-services.com	www.bpay.billing.xkv9-services.com
15	3

This site contains links to these domains. Also see Links.

Domain
xkv9-services.com

Subject Issuer	Validity	Valid
bpay.billing.xkv9-services.com cPanel, Inc. Certification Authority	`2024-07-27` - `2024-10-25`	3 months	crt.sh
cdnjs.cloudflare.com E1	`2024-06-02` - `2024-08-31`	3 months	crt.sh
bpay-m-server.xkv9-services.com E6	`2024-07-24` - `2024-10-22`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.bpay.billing.xkv9-services.com/
Frame ID: 7CBFFEA5E9FB1874B821866E46270765
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Binance Merchant Pay - Cryptocurrency invoicing

Page URL History Show full URLs

http://www.bpay.billing.xkv9-services.com:443/ HTTP 307
https://www.bpay.billing.xkv9-services.com/ Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

15
Requests

87 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

4
IPs

3
Countries

233 kB
Transfer

324 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://xkv9-services.com/privacy-policy/
Title: terms of service and privacy policy

Search URL Search Domain Scan URL

URL: https://xkv9-services.com/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.bpay.billing.xkv9-services.com:443/ HTTP 307
https://www.bpay.billing.xkv9-services.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
www.bpay.billing.xkv9-services.com/
Redirect Chain

http://www.bpay.billing.xkv9-services.com:443/
https://www.bpay.billing.xkv9-services.com/

11 KB
3 KB

853ms
245ms

Document
text/html

188.241.58.119
THCPROJECTS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bpay.billing.xkv9-services.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 188.241.58.119 , Romania, ASN51177 (THCPROJECTS, RO),
Reverse DNS: bitcompany.online
Software: Apache /
Resource Hash: ca9dcd87632bb29356a320cf9d40a223c3568e40d0cf1765588e3f346a6db587

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 2762
Content-Type: text/html
Date: Tue, 30 Jul 2024 02:37:31 GMT
Keep-Alive: timeout=5, max=100
Last-Modified: Thu, 11 Jul 2024 13:08:05 GMT
Server: Apache
Vary: Accept-Encoding

Redirect headers

Location: https://www.bpay.billing.xkv9-services.com/
Non-Authoritative-Reason: HttpsUpgrades

GET
H/1.1 200
OK style.css
www.bpay.billing.xkv9-services.com/ 35 KB
7 KB 252ms
242ms Stylesheet
text/css 188.241.58.119
THCPROJECTS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bpay.billing.xkv9-services.com/style.css
Requested by: Host: www.bpay.billing.xkv9-services.com
URL: https://www.bpay.billing.xkv9-services.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 188.241.58.119 , Romania, ASN51177 (THCPROJECTS, RO),
Reverse DNS: bitcompany.online
Software: Apache /
Resource Hash: 34bd1b3dde08f4d19f5437fbf1ca3360b03b22f1d4e422f4d78cdfe249a538de

Request headers

Referer: https://www.bpay.billing.xkv9-services.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Tue, 30 Jul 2024 02:37:31 GMT
Content-Encoding: gzip
Last-Modified: Thu, 25 Apr 2024 23:21:50 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 6410
Expires: Wed, 30 Jul 2025 02:37:31 GMT

GET
H3 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
6 KB 184ms
81ms Stylesheet
text/css 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: www.bpay.billing.xkv9-services.com
URL: https://www.bpay.billing.xkv9-services.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bpay.billing.xkv9-services.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 02:37:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 467449
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 5631
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7918"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B9L6PD3PM9xNbBTJbGZ%2Bz6u6vdTl5OIWSMpchCZFY9qddFDsQY6rsex6WoXlU7IC3cEOFvZUyxn3Dq6UmrEhEJtwRWEB6kCG1awLlLLIzPDxcgCnWDtA9lqTiWvG%2FvCkxqFIOA2e"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8ab1f7a1aedefa05-SJC
expires: Sun, 20 Jul 2025 02:37:31 GMT

GET
H/1.1 200
OK notification.css
www.bpay.billing.xkv9-services.com/css/ 3 KB
1 KB 504ms
245ms Stylesheet
text/css 188.241.58.119
THCPROJECTS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bpay.billing.xkv9-services.com/css/notification.css
Requested by: Host: www.bpay.billing.xkv9-services.com
URL: https://www.bpay.billing.xkv9-services.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 188.241.58.119 , Romania, ASN51177 (THCPROJECTS, RO),
Reverse DNS: bitcompany.online
Software: Apache /
Resource Hash: b449b20b0550e803134c5027a4c17a7c5064f0c4ba8c633d03b3aab8a8ef6f05

Request headers

Referer: https://www.bpay.billing.xkv9-services.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Tue, 30 Jul 2024 02:37:32 GMT
Content-Encoding: gzip
Last-Modified: Tue, 23 Apr 2024 11:19:40 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 761
Expires: Wed, 30 Jul 2025 02:37:32 GMT

GET
H/1.1 200
OK cmain.js Show response
www.bpay.billing.xkv9-services.com/ 50 KB
18 KB 723ms
247ms Script
application/javascript 188.241.58.119
THCPROJECTS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bpay.billing.xkv9-services.com/cmain.js
Requested by: Host: www.bpay.billing.xkv9-services.com
URL: https://www.bpay.billing.xkv9-services.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 188.241.58.119 , Romania, ASN51177 (THCPROJECTS, RO),
Reverse DNS: bitcompany.online
Software: Apache /
Resource Hash: 2397f1c1f6a358ad017bf933a33476706e27dfa0cf56a37f4374d2c4316f77f0

Request headers

Referer: https://www.bpay.billing.xkv9-services.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Tue, 30 Jul 2024 02:37:32 GMT
Content-Encoding: gzip
Last-Modified: Thu, 25 Jul 2024 13:22:01 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 17985
Expires: Wed, 30 Jul 2025 02:37:32 GMT

GET
H/1.1 200
OK Binance_logo.svg
www.bpay.billing.xkv9-services.com/img/ 4 KB
4 KB 464ms
240ms Image
image/svg+xml 188.241.58.119
THCPROJECTS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bpay.billing.xkv9-services.com/img/Binance_logo.svg
Requested by: Host: www.bpay.billing.xkv9-services.com
URL: https://www.bpay.billing.xkv9-services.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 188.241.58.119 , Romania, ASN51177 (THCPROJECTS, RO),
Reverse DNS: bitcompany.online
Software: Apache /
Resource Hash: 53513e352a3559410d4202a1f0a80a7ac2e5390a34ea4b60dbc4d4a9c31380c8

Request headers

Referer: https://www.bpay.billing.xkv9-services.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Tue, 30 Jul 2024 02:37:32 GMT
Last-Modified: Wed, 14 Jun 2023 20:34:35 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 3899

GET
H/1.1 200
OK logo.png
www.bpay.billing.xkv9-services.com/ 55 KB
55 KB 502ms
237ms Image
image/png 188.241.58.119
THCPROJECTS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bpay.billing.xkv9-services.com/logo.png
Requested by: Host: www.bpay.billing.xkv9-services.com
URL: https://www.bpay.billing.xkv9-services.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 188.241.58.119 , Romania, ASN51177 (THCPROJECTS, RO),
Reverse DNS: bitcompany.online
Software: Apache /
Resource Hash: f77353348ce50952f07c21774a35717167cc27330db6db9c132802e6c72ec172

Request headers

Referer: https://www.bpay.billing.xkv9-services.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Tue, 30 Jul 2024 02:37:32 GMT
Last-Modified: Thu, 15 Jun 2023 18:49:23 GMT
Server: Apache
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 55929
Expires: Wed, 30 Jul 2025 02:37:32 GMT

GET
H/1.1 206
Partial Content payment_completed.mp3
www.bpay.billing.xkv9-services.com/sfx/ 15 KB
15 KB 243ms
242ms Media
audio/mpeg 188.241.58.119
THCPROJECTS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bpay.billing.xkv9-services.com/sfx/payment_completed.mp3
Requested by: Host: www.bpay.billing.xkv9-services.com
URL: https://www.bpay.billing.xkv9-services.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 188.241.58.119 , Romania, ASN51177 (THCPROJECTS, RO),
Reverse DNS: bitcompany.online
Software: Apache /
Resource Hash: 67882ed6cfdf529aba4e12d48f67109e1995ddc624c5921c5f9201ee628aa83c

Request headers

Referer: https://www.bpay.billing.xkv9-services.com/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

Date: Tue, 30 Jul 2024 02:37:32 GMT
Last-Modified: Sun, 21 Apr 2024 21:18:31 GMT
Server: Apache
Content-Type: audio/mpeg
Content-Range: bytes 0-15024/15025
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 15025

GET
H/1.1 206
Partial Content payment_failed.mp3
www.bpay.billing.xkv9-services.com/sfx/ 45 KB
45 KB 243ms
242ms Media
audio/mpeg 188.241.58.119
THCPROJECTS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bpay.billing.xkv9-services.com/sfx/payment_failed.mp3
Requested by: Host: www.bpay.billing.xkv9-services.com
URL: https://www.bpay.billing.xkv9-services.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 188.241.58.119 , Romania, ASN51177 (THCPROJECTS, RO),
Reverse DNS: bitcompany.online
Software: Apache /
Resource Hash: 16098fa3e3c9b98a9b53397f935edbcc8bb6970d991a0fbad6305811585d7796

Request headers

Referer: https://www.bpay.billing.xkv9-services.com/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

Date: Tue, 30 Jul 2024 02:37:32 GMT
Last-Modified: Sun, 21 Apr 2024 21:18:31 GMT
Server: Apache
Content-Type: audio/mpeg
Content-Range: bytes 0-45974/45975
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 45975

GET
H3 200 fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ 75 KB
76 KB 198ms
110ms Font
application/octet-stream 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Origin: https://www.bpay.billing.xkv9-services.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 02:37:32 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 998463
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 77160
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-12d68"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HamAwH8VP1ZguLjn2KI6W2sUnZBu0FiZmt0Ni%2BlyBkXIR5he8IlwBTEb%2Fbd%2BMBhtum%2BTd%2BTxFLti%2BMPdUSSPhEqUk3oTfgZ5rN4C5dpCML08rR%2BUg3z%2F3wGnnQ5vHkfjKSLUMsuJ"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8ab1f7a82992f987-SJC
expires: Sun, 20 Jul 2025 02:37:32 GMT

GET
H/1.1 200
OK chevron.svg
www.bpay.billing.xkv9-services.com/img/ 619 B
865 B 248ms
245ms Image
image/svg+xml 188.241.58.119
THCPROJECTS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bpay.billing.xkv9-services.com/img/chevron.svg
Requested by: Host: www.bpay.billing.xkv9-services.com
URL: https://www.bpay.billing.xkv9-services.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 188.241.58.119 , Romania, ASN51177 (THCPROJECTS, RO),
Reverse DNS: bitcompany.online
Software: Apache /
Resource Hash: 6d3f797fa4b357594eae857b58f5ffaedd993510d7b2022eb0c107b88afd5718

Request headers

Referer: https://www.bpay.billing.xkv9-services.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Tue, 30 Jul 2024 02:37:32 GMT
Last-Modified: Wed, 14 Jun 2023 20:34:35 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 619

POST /
bpay-m-server.xkv9-services.com/bpay-req/ 0
0

GET order-status
bpay-m-server.xkv9-services.com/bpay-req/ 0
0

OPTIONS
H/1.1 200
OK /
bpay-m-server.xkv9-services.com/bpay-req/ 0
0 745ms
223ms Preflight
text/html 158.220.96.98
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://bpay-m-server.xkv9-services.com:8443/bpay-req/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 158.220.96.98 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi1506127.contaboserver.net
Software: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.bpay.billing.xkv9-services.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://bpay.billing.xkv9-services.com
Access-Control-Max-Age: 86400
Connection: Keep-Alive
Content-Length: 618
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 30 Jul 2024 02:37:33 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4

GET
H/1.1 200
OK cropped-Icon_Site-32x32.png
www.bpay.billing.xkv9-services.com/ 2 KB
2 KB 237ms
237ms Other
image/png 188.241.58.119
THCPROJECTS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bpay.billing.xkv9-services.com/cropped-Icon_Site-32x32.png
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 188.241.58.119 , Romania, ASN51177 (THCPROJECTS, RO),
Reverse DNS: bitcompany.online
Software: Apache /
Resource Hash: e2db2c437c7c95926e5582f1f7e836f7206e685b50a2aeca65a7298b05c7566b

Request headers

Referer: https://www.bpay.billing.xkv9-services.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Tue, 30 Jul 2024 02:37:33 GMT
Last-Modified: Tue, 13 Jun 2023 10:00:59 GMT
Server: Apache
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 1706
Expires: Wed, 30 Jul 2025 02:37:33 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: bpay-m-server.xkv9-services.com
URL: https://bpay-m-server.xkv9-services.com:8443/bpay-req/

Domain: bpay-m-server.xkv9-services.com
URL: https://bpay-m-server.xkv9-services.com:8443/bpay-req/order-status

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Binance (Crypto Exchange)

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
intervention	info	URL: https://www.bpay.billing.xkv9-services.com/cmain.js Message: Slow network is detected. See https://www.chromestatus.com/feature/5636954674692096 for more details. Fallback font will be used while loading: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
javascript	error	URL: https://www.bpay.billing.xkv9-services.com/ Message: Access to fetch at 'https://bpay-m-server.xkv9-services.com:8443/bpay-req/' from origin 'https://www.bpay.billing.xkv9-services.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header has a value 'https://bpay.billing.xkv9-services.com' that is not equal to the supplied origin. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://bpay-m-server.xkv9-services.com:8443/bpay-req/ Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.bpay.billing.xkv9-services.com/ Message: Access to resource at 'https://bpay-m-server.xkv9-services.com:8443/bpay-req/order-status' from origin 'https://www.bpay.billing.xkv9-services.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://bpay.billing.xkv9-services.com' that is not equal to the supplied origin.
network	error	URL: https://bpay-m-server.xkv9-services.com:8443/bpay-req/order-status Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bpay-m-server.xkv9-services.com
cdnjs.cloudflare.com
www.bpay.billing.xkv9-services.com
bpay-m-server.xkv9-services.com
104.17.25.14
158.220.96.98
188.241.58.119
16098fa3e3c9b98a9b53397f935edbcc8bb6970d991a0fbad6305811585d7796
2397f1c1f6a358ad017bf933a33476706e27dfa0cf56a37f4374d2c4316f77f0
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
34bd1b3dde08f4d19f5437fbf1ca3360b03b22f1d4e422f4d78cdfe249a538de
53513e352a3559410d4202a1f0a80a7ac2e5390a34ea4b60dbc4d4a9c31380c8
67882ed6cfdf529aba4e12d48f67109e1995ddc624c5921c5f9201ee628aa83c
6d3f797fa4b357594eae857b58f5ffaedd993510d7b2022eb0c107b88afd5718
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
b449b20b0550e803134c5027a4c17a7c5064f0c4ba8c633d03b3aab8a8ef6f05
ca9dcd87632bb29356a320cf9d40a223c3568e40d0cf1765588e3f346a6db587
e2db2c437c7c95926e5582f1f7e836f7206e685b50a2aeca65a7298b05c7566b
f77353348ce50952f07c21774a35717167cc27330db6db9c132802e6c72ec172

www.bpay.billing.xkv9-services.com Open in urlscan Pro 188.241.58.119 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

87 %HTTPS

0 %IPv6

2 Domains

3 Subdomains

4 IPs

3 Countries

233 kBTransfer

324 kBSize

0 Cookies

2 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

40 JavaScript Global Variables

0 Cookies

5 Console Messages

Indicators

www.bpay.billing.xkv9-services.com Open in urlscan Pro
188.241.58.119 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

87 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

4
IPs

3
Countries

233 kB
Transfer

324 kB
Size

0
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!