peypets.net
Open in
urlscan Pro
2606:4700:3031::6812:3d41
Malicious Activity!
Public Scan
Effective URL: https://peypets.net/xh671oI0S/V7FXdK
Submission: On December 14 via manual from PL
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 10th 2020. Valid for: a year.
This is the only time peypets.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayU (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 14 | 2606:4700:303... 2606:4700:3031::6812:3d41 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
13 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
peypets.net
1 redirects
peypets.net |
644 KB |
13 | 1 |
Domain | Requested by | |
---|---|---|
14 | peypets.net |
1 redirects
peypets.net
|
13 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-12-10 - 2021-12-09 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://peypets.net/xh671oI0S/V7FXdK
Frame ID: 10FC5C9B3416749EE3FB75D081C6C392
Requests: 13 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://peypets.net/xh671oI0S/V7FXdK
HTTP 301
https://peypets.net/xh671oI0S/V7FXdK Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://peypets.net/xh671oI0S/V7FXdK
HTTP 301
https://peypets.net/xh671oI0S/V7FXdK Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
V7FXdK
peypets.net/xh671oI0S/ Redirect Chain
|
13 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
c870cff15bc1ac67617b272b6ecf448c5.css
peypets.net/xh671oI0S/css/ |
38 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
peypets.net/xh671oI0S/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
42544908169ba30e5407a9e3f83ce842.jpg
peypets.net/xh671oI0S/css/ |
59 KB 60 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7e13629e9e3fec4948dd2a43a8a00d09.png
peypets.net/xh671oI0S/css/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
00166634a06054f12c9180ae1b8807d6.png
peypets.net/xh671oI0S/css/ |
135 KB 135 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dd03257a1408e262ab716cdbed06bcea.png
peypets.net/xh671oI0S/css/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-regular-webfont.woff
peypets.net/xh671oI0S/css/fonts/ |
87 KB 88 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-light-webfont.woff
peypets.net/xh671oI0S/css/fonts/ |
84 KB 84 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-semibold-webfont.woff
peypets.net/xh671oI0S/css/fonts/ |
89 KB 89 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PFBeauSansPro-Bold.woff
peypets.net/xh671oI0S/css/fonts/ |
142 KB 136 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
online.php
peypets.net/xh671oI0S/ |
0 478 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
online.php
peypets.net/xh671oI0S/ |
0 311 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayU (Financial)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| w417bb3d6 function| online6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
peypets.net/ | Name: PHPSESSID Value: a8vv7rknjo6shcgnkbhj60dn25 |
|
.peypets.net/ | Name: __cfduid Value: db24c5cea0a17bdf1a89c0b162e8c26f31607956150 |
|
peypets.net/xh671oI0S | Name: 5a86563bc09ab5cf9cb3628463210ba6 Value: 194062736 |
|
peypets.net/xh671oI0S | Name: a868ec434b3d5daac1ec226b742aaba4 Value: 100914420 |
|
peypets.net/xh671oI0S | Name: 313f0e1c9b7391955803f0800b5c8345 Value: 144118511 |
|
peypets.net/xh671oI0S | Name: 7663167df059b97f6c6ca15cd7bbacc9 Value: 4173475442 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
peypets.net
2606:4700:3031::6812:3d41
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0e2f344157c0ce5d8ce793d7118be8a4d99b2530434590007cc91163815a04c0
0fe491e2047389b9deb7a06fd36de7fec03af2791ec29461be02571cbebdb4ab
431817115e31ff8604ab76a86ce6ed55d02cd5ea7332bd0ed3d15d9b5bf9aaae
881ef11f805d79dfaab799731e9a3a64ddd4d70023896d1ea807193e6fdff131
9650a5ba277274205e90974e7fb4183289ca51653c33fc291ad064bf8dd998e1
b90e47fffb95ab790463c9926fd06efaf9c92db5457bc322c2e8e043167c078c
c8b380cdc92601f7195d0cd34c777bcdee7dcd285e110534a8cf48bfa7d8b2e8
c8f2734bba0b1cac56fa062f9b79a25c29ae682c17bf6a7881c27921dca57d57
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4f8870baac64a13db88b06a7eaada0d0412a51ffc6123a07fa90c1886217b6e
e78bc216b244dc5ddb8a7e6f1c18265a7be737d7f0cdbacedc443efec401c035