verf-ltdpay.solde-confirmation.ltd
Open in
urlscan Pro
68.65.122.160
Malicious Activity!
Public Scan
Submission Tags: phishing malicious Search All
Submission: On November 22 via api from US
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 13th 2020. Valid for: a year.
This is the only time verf-ltdpay.solde-confirmation.ltd was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 68.65.122.160 68.65.122.160 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
11 | 1 |
ASN22612 (NAMECHEAP-NET, US)
PTR: server116-5.web-hosting.com
verf-ltdpay.solde-confirmation.ltd |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
solde-confirmation.ltd
verf-ltdpay.solde-confirmation.ltd |
612 KB |
11 | 1 |
Domain | Requested by | |
---|---|---|
11 | verf-ltdpay.solde-confirmation.ltd |
verf-ltdpay.solde-confirmation.ltd
|
11 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
verf-ltdpay.solde-confirmation.ltd Sectigo RSA Domain Validation Secure Server CA |
2020-07-13 - 2021-07-13 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://verf-ltdpay.solde-confirmation.ltd/connexion
Frame ID: 82E469DA5D1DE4E5C3DE37E9B8C61138
Requests: 11 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
connexion
verf-ltdpay.solde-confirmation.ltd/ |
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.ltr.css
verf-ltdpay.solde-confirmation.ltd/public/css/ |
225 KB 40 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
page.c9a650b6b85d7c2bdddc.css
verf-ltdpay.solde-confirmation.ltd/public/css/ |
173 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
contextualLogin.css
verf-ltdpay.solde-confirmation.ltd/public/css/ |
106 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vx-lib.min.js
verf-ltdpay.solde-confirmation.ltd/public/js/ |
9 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor.js
verf-ltdpay.solde-confirmation.ltd/public/js/ |
889 KB 254 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
flowBundle.js
verf-ltdpay.solde-confirmation.ltd/public/js/ |
875 KB 216 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pa.js
verf-ltdpay.solde-confirmation.ltd/public/js/ |
41 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mylogo-logo-129x32.svg
verf-ltdpay.solde-confirmation.ltd/public/img/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalSansBig-Light.woff2
verf-ltdpay.solde-confirmation.ltd/public/fonts/ |
18 KB 18 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalSansSmall-Regular.woff2
verf-ltdpay.solde-confirmation.ltd/public/fonts/ |
18 KB 18 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)25 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| VX object| webpackJsonp object| core object| __core-js_shared__ object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| CW object| PAYPAL object| fpti string| fptiserverurl0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
verf-ltdpay.solde-confirmation.ltd
68.65.122.160
0d4d4b0ee4bdbbbfdf2fa8cc4c0ba0332a3798c2629cb806d249712f6a7063e3
0f866e33e0052a7791648151f590ab82ae78b42fb1c66ac6d4b3bd1e6304ecb1
51bea40c42667db2ee01b3a9c587062b85b569e12b0c582f6b54cca0da212be3
acd804c4e26fb9a9a2d8511426e9fd8f583048eed7b5d52e83bac0f20813b71f
af93d1d952b2dc42c029871cbbb92988835b31c86d4f0cb6a9674b1d1714a20f
c1d772162ba3772214f4260dc83d75ac8f9da4b4e9bc7edabb4f800313c30b3b
c9f4c7838fb4a2e3dfbbfe1bc17e1473336ef0d2e111702def29562c99448362
cd708f0de021ca42b742fd5b20debbefeb48a8a5f566b74b6014f8d72c521554
f043b2877f74c808428d890e23848d9bc996363bc1ec4c9181b36aa001012d2d
f09f6c5b8970779be19412b98e8ce4df8db12777ade87d28d20ef2b2fb92c757
fb09c511a746af8737671bd1bd11245f3607a988293c567d2403f1bbadc75e90