Submitted URL: https://paypal.sc/
Effective URL: https://pyusdsc.xyz:3389/
Submission: On October 12 via automatic, source certstream-suspicious — Scanned from US

Summary

This website contacted 7 IPs in 3 countries across 5 domains to perform 18 HTTP transactions. The main IP is 107.148.47.97, located in United States and belongs to PEG-HK, US. The main domain is pyusdsc.xyz.
TLS certificate: Issued by R11 on October 9th 2024. Valid for: 3 months.
This is the only time pyusdsc.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

IP Address AS Autonomous System
1 47.238.167.41 45102 (ALIBABA-C...)
1 47.76.114.22 45102 (ALIBABA-C...)
12 107.148.47.97 398478 (PEG-HK)
1 2a04:4e42:400... 54113 (FASTLY)
2 47.79.80.1 45102 (ALIBABA-C...)
1 2408:4005:30a... 37963 (ALIBABA-C...)
18 7
Apex Domain
Subdomains
Transfer
12 pyusdsc.xyz
pyusdsc.xyz
1 MB
2 aliyuncs.com
pp-offical.oss-ap-northeast-1.aliyuncs.com
1 dcloud.net.cn
cdn.dcloud.net.cn — Cisco Umbrella Rank: 66425
579 B
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 311
166 KB
1 paypal.sc
paypal.sc
3 KB
18 5
Domain Requested by
12 pyusdsc.xyz 47.76.114.22
pyusdsc.xyz
2 pp-offical.oss-ap-northeast-1.aliyuncs.com pyusdsc.xyz
1 cdn.dcloud.net.cn pyusdsc.xyz
1 cdn.jsdelivr.net pyusdsc.xyz
1 paypal.sc
18 5

This site contains no links.

Subject Issuer Validity Valid
paypal.sc
ZeroSSL RSA Domain Secure Site CA
2024-10-10 -
2025-01-08
3 months crt.sh
47.76.114.22
ZeroSSL RSA Domain Secure Site CA
2024-10-10 -
2025-01-08
3 months crt.sh
pyusdsc.xyz
R11
2024-10-09 -
2025-01-07
3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2024 Q3
2024-07-30 -
2025-08-31
a year crt.sh
ap-northeast-1.oss.aliyuncs.com
GlobalSign Organization Validation CA - SHA256 - G3
2023-11-21 -
2024-12-22
a year crt.sh
*.dcloud.net.cn
Certum Domain Validation CA SHA2
2024-08-12 -
2025-09-11
a year crt.sh

This page contains 1 frames:

Primary Page: https://pyusdsc.xyz:3389/
Frame ID: 93F1C79F85390FA8EEF823889E6A6AD2
Requests: 31 HTTP requests in this frame

Screenshot

Page Title

paypalscfs

Page URL History Show full URLs

  1. https://paypal.sc/ Page URL
  2. https://47.76.114.22:60535/?search=a1 Page URL
  3. https://pyusdsc.xyz:3389/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

18
Requests

100 %
HTTPS

33 %
IPv6

5
Domains

5
Subdomains

7
IPs

3
Countries

1529 kB
Transfer

19566 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://paypal.sc/ Page URL
  2. https://47.76.114.22:60535/?search=a1 Page URL
  3. https://pyusdsc.xyz:3389/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
paypal.sc/
5 KB
3 KB
Document
General
Full URL
https://paypal.sc/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
47.238.167.41 Hong Kong, Hong Kong, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
nginx/1.24.0 (Ubuntu) /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Sat, 12 Oct 2024 13:09:00 GMT
ETag
W/"67078648-1357"
Last-Modified
Thu, 10 Oct 2024 07:46:16 GMT
Server
nginx/1.24.0 (Ubuntu)
Transfer-Encoding
chunked
/
47.76.114.22/
5 KB
3 KB
Document
General
Full URL
https://47.76.114.22:60535/?search=a1
Requested by
Host: paypal.sc
URL: https://paypal.sc/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
47.76.114.22 Hong Kong, Hong Kong, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
nginx/1.24.0 (Ubuntu) /
Resource Hash

Request headers

Referer
https://paypal.sc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Sat, 12 Oct 2024 13:09:01 GMT
ETag
W/"670a5221-158d"
Last-Modified
Sat, 12 Oct 2024 10:40:33 GMT
Server
nginx/1.24.0 (Ubuntu)
Transfer-Encoding
chunked
Primary Request /
pyusdsc.xyz/
2 KB
1 KB
Document
General
Full URL
https://pyusdsc.xyz:3389/
Requested by
Host: 47.76.114.22
URL: https://47.76.114.22:60535/?search=a1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.148.47.97 , United States, ASN398478 (PEG-HK, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
4d4ded1d6de5765fd33c06fdf26cd231a0f0775878650a40fd3f2a4e25404cc4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000 max-age=31536000; includeSubDomains
X-Frame-Options sameorigin

Request headers

Referer
https://47.76.114.22:60535/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-length
1223
content-security-policy
frame-ancestors 'self'
content-type
text/html
date
Sat, 12 Oct 2024 13:09:04 GMT
etag
W/"6709df77-9ee"
last-modified
Sat, 12 Oct 2024 02:31:19 GMT
server
nginx/1.22.1
strict-transport-security
max-age=31536000 max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-cache
BYPASS
x-frame-options
sameorigin
conf.js
pyusdsc.xyz/static/
205 B
271 B
Script
General
Full URL
https://pyusdsc.xyz:3389/static/conf.js
Requested by
Host: pyusdsc.xyz
URL: https://pyusdsc.xyz:3389/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.148.47.97 , United States, ASN398478 (PEG-HK, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
d6d398abd957887a7b71877084f86f10d475296a34605cfc0a67424466020c84
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options sameorigin

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pyusdsc.xyz:3389/

Response headers

content-security-policy
frame-ancestors 'self'
etag
"6709df77-cd"
accept-ranges
bytes
x-cache
HIT, policy, disk
content-length
205
date
Sat, 12 Oct 2024 11:42:05 GMT
content-type
application/javascript
last-modified
Sat, 12 Oct 2024 11:42:05 GMT
server
nginx/1.22.1
x-frame-options
sameorigin
TronWeb.min.js
cdn.jsdelivr.net/npm/tronweb@2.8.1/dist/
680 KB
166 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/tronweb@2.8.1/dist/TronWeb.min.js
Requested by
Host: pyusdsc.xyz
URL: https://pyusdsc.xyz:3389/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7f443465eda6265fdfa690f1cac4f27d22e76134cea3ab609327c64503f8b9f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pyusdsc.xyz:3389/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"a9ffd-opWAsLsy3P8eH7ImJC9yyj3IwMk"
age
1476496
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Sat, 12 Oct 2024 13:09:04 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-eddf8230133-FRA, cache-ewr-kewr1740064-EWR
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
169067
x-jsd-version
2.8.1
index.2da1efab.css
pyusdsc.xyz/static/
94 KB
29 KB
Stylesheet
General
Full URL
https://pyusdsc.xyz:3389/static/index.2da1efab.css
Requested by
Host: pyusdsc.xyz
URL: https://pyusdsc.xyz:3389/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.148.47.97 , United States, ASN398478 (PEG-HK, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
e97de9a247807f12d74101e9f736250b2410be4e1ed3d17ed875e4b08cf66c83
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options sameorigin

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pyusdsc.xyz:3389/

Response headers

x-frame-options
sameorigin
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
etag
W/"6709df8a-178f9"
x-cache
HIT, policy, disk
date
Sat, 12 Oct 2024 11:42:05 GMT
content-type
text/css
last-modified
Sat, 12 Oct 2024 11:42:05 GMT
server
nginx/1.22.1
vary
Accept-Encoding
chunk-vendors.fb7f846c.js
pyusdsc.xyz/static/js/
3 MB
1 MB
Script
General
Full URL
https://pyusdsc.xyz:3389/static/js/chunk-vendors.fb7f846c.js
Requested by
Host: pyusdsc.xyz
URL: https://pyusdsc.xyz:3389/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.148.47.97 , United States, ASN398478 (PEG-HK, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
1eb5021c73acefa7a7c197be600ede6db4f85c0ec98d8a88778dd63426ac3799
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options sameorigin

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pyusdsc.xyz:3389/

Response headers

x-frame-options
sameorigin
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
etag
W/"6709df8b-2c8bf6"
x-cache
HIT, policy, disk
date
Sat, 12 Oct 2024 11:42:05 GMT
content-type
application/javascript
last-modified
Sat, 12 Oct 2024 11:42:06 GMT
server
nginx/1.22.1
vary
Accept-Encoding
index.65800c18.js
pyusdsc.xyz/static/js/
743 KB
255 KB
Script
General
Full URL
https://pyusdsc.xyz:3389/static/js/index.65800c18.js
Requested by
Host: pyusdsc.xyz
URL: https://pyusdsc.xyz:3389/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.148.47.97 , United States, ASN398478 (PEG-HK, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
995bcf3febc682cf87b4017602cb9f0b30bc60d5985971beb621e76693435862
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options sameorigin

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pyusdsc.xyz:3389/

Response headers

x-frame-options
sameorigin
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
etag
W/"6709df8c-b9b8c"
x-cache
HIT, policy, disk
date
Sat, 12 Oct 2024 11:11:33 GMT
content-type
application/javascript
last-modified
Sat, 12 Oct 2024 11:11:33 GMT
server
nginx/1.22.1
vary
Accept-Encoding
pages-aHome.baf768f2.js
pyusdsc.xyz/static/js/
36 KB
17 KB
Script
General
Full URL
https://pyusdsc.xyz:3389/static/js/pages-aHome.baf768f2.js
Requested by
Host: pyusdsc.xyz
URL: https://pyusdsc.xyz:3389/static/js/index.65800c18.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.148.47.97 , United States, ASN398478 (PEG-HK, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
03fae2ff0c52786f6645f4e235c685774292b72cee44e552a8dbcc30f6ebeea4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options sameorigin

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pyusdsc.xyz:3389/

Response headers

x-frame-options
sameorigin
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
etag
W/"6709df8c-90e5"
x-cache
HIT, policy, disk
date
Sat, 12 Oct 2024 11:13:50 GMT
content-type
application/javascript
last-modified
Sat, 12 Oct 2024 11:13:50 GMT
server
nginx/1.22.1
vary
Accept-Encoding
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0ccf8dd29c61715a6364ea9ec36d32c295e82ca837488590130c51cee298b7d3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
sys_info_get
pyusdsc.xyz/api/pp/
410 B
820 B
XHR
General
Full URL
https://pyusdsc.xyz:3389/api/pp/sys_info_get?nocache=1728738547127
Requested by
Host: pyusdsc.xyz
URL: https://pyusdsc.xyz:3389/static/js/chunk-vendors.fb7f846c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.148.47.97 , United States, ASN398478 (PEG-HK, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
63021054eaa0a168af4685de882b94ad144baf7175f17aeadcc69689e7f221b8
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000, max-age=31536000; includeSubDomains
X-Frame-Options sameorigin

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pyusdsc.xyz:3389/

Response headers

access-control-max-age
86400
access-control-expose-headers
Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers
access-control-allow-methods
GET, HEAD, POST, PATCH, PUT, DELETE
traceparent
00-d1489356d3700e23005150b396afb034-923a263809cfd23a-00
x-cache
MISS
date
Sat, 12 Oct 2024 13:09:07 GMT
content-type
application/json; charset=utf-8
vary
Origin
x-frame-options
sameorigin
access-control-allow-headers
Content-Type, Origin, X-CSRF-Token, Authorization, AccessToken, Token, Range
strict-transport-security
max-age=31536000, max-age=31536000; includeSubDomains
content-security-policy
frame-ancestors 'self'
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-origin
content-length
410
server
nginx/1.22.1
truncated
/
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4023a94b26df56040024e31a6e81172751d98e11e645edcca1a9b0f7c505e483

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/
325 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1fa5d5b459e69f37a2e5163ae975c36ccdfbac6b299a25c21877b1dd3bcee6e6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
msg.df47225f.svg
pyusdsc.xyz/static/img/
1 KB
1 KB
Image
General
Full URL
https://pyusdsc.xyz:3389/static/img/msg.df47225f.svg
Requested by
Host: pyusdsc.xyz
URL: https://pyusdsc.xyz:3389/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.148.47.97 , United States, ASN398478 (PEG-HK, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
608d473065c6758418604a674828fcb2fbb1cb4fe7aca0d5acf1f218de6aa3ea
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options sameorigin

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pyusdsc.xyz:3389/

Response headers

content-security-policy
frame-ancestors 'self'
etag
"6709df87-59a"
accept-ranges
bytes
x-cache
HIT, policy, disk
content-length
1434
date
Sat, 12 Oct 2024 11:42:06 GMT
content-type
image/svg+xml
last-modified
Sat, 12 Oct 2024 11:42:06 GMT
server
nginx/1.22.1
x-frame-options
sameorigin
cs.36841475.svg
pyusdsc.xyz/static/img/
1 KB
1 KB
Image
General
Full URL
https://pyusdsc.xyz:3389/static/img/cs.36841475.svg
Requested by
Host: pyusdsc.xyz
URL: https://pyusdsc.xyz:3389/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.148.47.97 , United States, ASN398478 (PEG-HK, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
9c50f201ba85ac2e21c7a96a4d0164603f14be4e88187d8fee8bde7482390cdd
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options sameorigin

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pyusdsc.xyz:3389/

Response headers

content-security-policy
frame-ancestors 'self'
etag
"6709df7c-4dc"
accept-ranges
bytes
x-cache
HIT, policy, disk
content-length
1244
date
Sat, 12 Oct 2024 11:42:06 GMT
content-type
image/svg+xml
last-modified
Sat, 12 Oct 2024 11:42:06 GMT
server
nginx/1.22.1
x-frame-options
sameorigin
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8451eca2f88656170afb6be081e74f47ce1cc810dc741c4ef86b9651f0d1867c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
home_0.ae546e37.svg
pyusdsc.xyz/static/img/
4 KB
4 KB
Image
General
Full URL
https://pyusdsc.xyz:3389/static/img/home_0.ae546e37.svg
Requested by
Host: pyusdsc.xyz
URL: https://pyusdsc.xyz:3389/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.148.47.97 , United States, ASN398478 (PEG-HK, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
471894b84da5f200d674f3ff62791d44b642098d410ac372c13b1e0b886f9d93
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options sameorigin

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pyusdsc.xyz:3389/

Response headers

content-security-policy
frame-ancestors 'self'
etag
"6709df81-10b8"
accept-ranges
bytes
x-cache
HIT, policy, disk
content-length
4280
date
Sat, 12 Oct 2024 11:13:50 GMT
content-type
image/svg+xml
last-modified
Sat, 12 Oct 2024 11:13:50 GMT
server
nginx/1.22.1
x-frame-options
sameorigin
truncated
/
988 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
87497b7f9b268450ed8dec40efd515bd3ffd647f9fd5d6b50b5031e5357fd2ad

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/
265 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1611b7288840c0e828fb65c29e1a1653ad6c48a32b5bd68a0e6c668c82a794c6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/
998 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fdacc8603472a5782d203c9e4e6311d01f8500c0dc6bf1e5921d1c38af8132df

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/
650 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6f9ae45dde1d01283a9086ee5616f271fa106ae06a515c8b38ed76a460a8f5e5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/
310 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ae2302c7cbe652a019027bc43cd2bd5dc015a8295296093333a668ac7515ad84

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3eb4cbe545bb8c7293ce48294c456f1297ebe15bfc5b11e5517b4dd9c2441f59

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/
747 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9d287037bf1c229f726aa23355d51a649061a86ad675965423428c5a7d9a0f37

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
gif_en.gif
pp-offical.oss-ap-northeast-1.aliyuncs.com/
8 MB
0
Image
General
Full URL
https://pp-offical.oss-ap-northeast-1.aliyuncs.com/gif_en.gif
Requested by
Host: pyusdsc.xyz
URL: https://pyusdsc.xyz:3389/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.79.80.1 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pyusdsc.xyz:3389/

Response headers

Content-MD5
pDh6jcQnMJFCL07oN9i0PQ==
x-oss-storage-class
Standard
ETag
"A4387A8DC4273091422F4EE837D8B43D"
x-oss-object-type
Normal
Date
Sat, 12 Oct 2024 13:09:08 GMT
x-oss-server-time
2
Content-Disposition
attachment
Content-Type
image/gif
Last-Modified
Wed, 09 Oct 2024 15:22:03 GMT
x-oss-ec
0048-00000113
x-oss-hash-crc64ecma
12943021492965009390
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
9869429
x-oss-request-id
670A74F4D1811A30378A654A
x-oss-force-download
true
Server
AliyunOSS
gif_zh.gif
pp-offical.oss-ap-northeast-1.aliyuncs.com/
7 MB
0
Image
General
Full URL
https://pp-offical.oss-ap-northeast-1.aliyuncs.com/gif_zh.gif
Requested by
Host: pyusdsc.xyz
URL: https://pyusdsc.xyz:3389/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.79.80.1 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pyusdsc.xyz:3389/

Response headers

Content-MD5
/UXy1uqMIvcocjz+g3ZygQ==
x-oss-storage-class
Standard
ETag
"FD45F2D6EA8C22F728723CFE83767281"
x-oss-object-type
Normal
Date
Sat, 12 Oct 2024 13:09:08 GMT
x-oss-server-time
14
Content-Disposition
attachment
Content-Type
image/gif
Last-Modified
Wed, 09 Oct 2024 15:21:56 GMT
x-oss-ec
0048-00000113
x-oss-hash-crc64ecma
16935537539966711475
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
11020684
x-oss-request-id
670A74F43D84613830A280E9
x-oss-force-download
true
Server
AliyunOSS
truncated
/
236 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2b907d46fe1353c80642586f844aff1f32307edc2bfbcb2c7c440e81e3715aeb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9e509b7c503005378041ff074292c5b388ea45f275e89a823008eb2f72d2a2e0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
home_5.bee1f455.svg
pyusdsc.xyz/static/img/
433 B
524 B
Image
General
Full URL
https://pyusdsc.xyz:3389/static/img/home_5.bee1f455.svg
Requested by
Host: pyusdsc.xyz
URL: https://pyusdsc.xyz:3389/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.148.47.97 , United States, ASN398478 (PEG-HK, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
58c8e5dc98475171e6a2bb92df1930597e9573f5f62fa1918485e61c190ac6f7
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options sameorigin

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pyusdsc.xyz:3389/

Response headers

content-security-policy
frame-ancestors 'self'
etag
"6709df82-1b1"
accept-ranges
bytes
x-cache
HIT, policy, disk
content-length
433
date
Sat, 12 Oct 2024 11:45:48 GMT
content-type
image/svg+xml
last-modified
Sat, 12 Oct 2024 11:45:48 GMT
server
nginx/1.22.1
x-frame-options
sameorigin
home_6.dc22dcc0.svg
pyusdsc.xyz/static/img/
806 B
852 B
Image
General
Full URL
https://pyusdsc.xyz:3389/static/img/home_6.dc22dcc0.svg
Requested by
Host: pyusdsc.xyz
URL: https://pyusdsc.xyz:3389/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.148.47.97 , United States, ASN398478 (PEG-HK, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
b52d01219e88601ff6e9839b9338c56b84fc836dede3f0096a8a71978c1f13c6
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options sameorigin

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pyusdsc.xyz:3389/

Response headers

content-security-policy
frame-ancestors 'self'
etag
"6709df83-326"
accept-ranges
bytes
x-cache
HIT, policy, disk
content-length
806
date
Sat, 12 Oct 2024 11:45:48 GMT
content-type
image/svg+xml
last-modified
Sat, 12 Oct 2024 11:45:48 GMT
server
nginx/1.22.1
x-frame-options
sameorigin
shadow-grey.png
cdn.dcloud.net.cn/img/
136 B
579 B
Image
General
Full URL
https://cdn.dcloud.net.cn/img/shadow-grey.png
Requested by
Host: pyusdsc.xyz
URL: https://pyusdsc.xyz:3389/static/index.2da1efab.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2408:4005:30a:4302:6218:d8d9:db29:5dd2 , China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
nginx /
Resource Hash
ad4ebea1c3496dd2924789ee009174a2c6289d1200e9811f458fd46f172d1d6f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pyusdsc.xyz:3389/

Response headers

Cache-Control
max-age=7200
ETag
"5cf8b5bf-88"
Connection
close
Expires
Sat, 12 Oct 2024 15:09:09 GMT
Accept-Ranges
bytes
Content-Length
136
Date
Sat, 12 Oct 2024 13:09:09 GMT
Content-Type
image/png
Last-Modified
Thu, 06 Jun 2019 06:42:07 GMT
Server
nginx

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| coverSupport object| conf object| regeneratorRuntime function| setImmediate function| clearImmediate function| TronWeb function| init function| checkDevTools function| onKrLoadNewScene object| webpackJsonp object| __uniConfig object| __uniRoutes function| UniApp object| UniViewJSBridge object| UniServiceJSBridge object| uni object| wx function| getApp function| getCurrentPages

1 Cookies

Domain/Path Name / Value
.dcloud.net.cn/ Name: __uni__uid
Value: 2yld0mcKdPUSXWfiAyafAg==

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.dcloud.net.cn
cdn.jsdelivr.net
paypal.sc
pp-offical.oss-ap-northeast-1.aliyuncs.com
pyusdsc.xyz
107.148.47.97
2408:4005:30a:4302:6218:d8d9:db29:5dd2
2a04:4e42:400::485
47.238.167.41
47.76.114.22
47.79.80.1
03fae2ff0c52786f6645f4e235c685774292b72cee44e552a8dbcc30f6ebeea4
0ccf8dd29c61715a6364ea9ec36d32c295e82ca837488590130c51cee298b7d3
1611b7288840c0e828fb65c29e1a1653ad6c48a32b5bd68a0e6c668c82a794c6
1eb5021c73acefa7a7c197be600ede6db4f85c0ec98d8a88778dd63426ac3799
1fa5d5b459e69f37a2e5163ae975c36ccdfbac6b299a25c21877b1dd3bcee6e6
2b907d46fe1353c80642586f844aff1f32307edc2bfbcb2c7c440e81e3715aeb
3eb4cbe545bb8c7293ce48294c456f1297ebe15bfc5b11e5517b4dd9c2441f59
4023a94b26df56040024e31a6e81172751d98e11e645edcca1a9b0f7c505e483
471894b84da5f200d674f3ff62791d44b642098d410ac372c13b1e0b886f9d93
4d4ded1d6de5765fd33c06fdf26cd231a0f0775878650a40fd3f2a4e25404cc4
58c8e5dc98475171e6a2bb92df1930597e9573f5f62fa1918485e61c190ac6f7
608d473065c6758418604a674828fcb2fbb1cb4fe7aca0d5acf1f218de6aa3ea
63021054eaa0a168af4685de882b94ad144baf7175f17aeadcc69689e7f221b8
6f9ae45dde1d01283a9086ee5616f271fa106ae06a515c8b38ed76a460a8f5e5
7f443465eda6265fdfa690f1cac4f27d22e76134cea3ab609327c64503f8b9f7
8451eca2f88656170afb6be081e74f47ce1cc810dc741c4ef86b9651f0d1867c
87497b7f9b268450ed8dec40efd515bd3ffd647f9fd5d6b50b5031e5357fd2ad
995bcf3febc682cf87b4017602cb9f0b30bc60d5985971beb621e76693435862
9c50f201ba85ac2e21c7a96a4d0164603f14be4e88187d8fee8bde7482390cdd
9d287037bf1c229f726aa23355d51a649061a86ad675965423428c5a7d9a0f37
9e509b7c503005378041ff074292c5b388ea45f275e89a823008eb2f72d2a2e0
ad4ebea1c3496dd2924789ee009174a2c6289d1200e9811f458fd46f172d1d6f
ae2302c7cbe652a019027bc43cd2bd5dc015a8295296093333a668ac7515ad84
b52d01219e88601ff6e9839b9338c56b84fc836dede3f0096a8a71978c1f13c6
d6d398abd957887a7b71877084f86f10d475296a34605cfc0a67424466020c84
e97de9a247807f12d74101e9f736250b2410be4e1ed3d17ed875e4b08cf66c83
fdacc8603472a5782d203c9e4e6311d01f8500c0dc6bf1e5921d1c38af8132df