pyusdsc.xyz
Open in
urlscan Pro
107.148.47.97
Malicious Activity!
Public Scan
Effective URL: https://pyusdsc.xyz:3389/
Submission: On October 12 via automatic, source certstream-suspicious — Scanned from US
Summary
TLS certificate: Issued by R11 on October 9th 2024. Valid for: 3 months.
This is the only time pyusdsc.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 47.238.167.41 47.238.167.41 | 45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.) | |
1 | 47.76.114.22 47.76.114.22 | 45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.) | |
12 | 107.148.47.97 107.148.47.97 | 398478 (PEG-HK) (PEG-HK) | |
1 | 2a04:4e42:400... 2a04:4e42:400::485 | 54113 (FASTLY) (FASTLY) | |
2 | 47.79.80.1 47.79.80.1 | 45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.) | |
1 | 2408:4005:30a... 2408:4005:30a:4302:6218:d8d9:db29:5dd2 | 37963 (ALIBABA-C...) (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.) | |
18 | 7 |
ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)
paypal.sc |
ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)
47.76.114.22 |
ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)
pp-offical.oss-ap-northeast-1.aliyuncs.com |
ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN)
cdn.dcloud.net.cn |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
pyusdsc.xyz
pyusdsc.xyz |
1 MB |
2 |
aliyuncs.com
pp-offical.oss-ap-northeast-1.aliyuncs.com |
|
1 |
dcloud.net.cn
cdn.dcloud.net.cn — Cisco Umbrella Rank: 66425 |
579 B |
1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 311 |
166 KB |
1 |
paypal.sc
paypal.sc |
3 KB |
18 | 5 |
Domain | Requested by | |
---|---|---|
12 | pyusdsc.xyz |
47.76.114.22
pyusdsc.xyz |
2 | pp-offical.oss-ap-northeast-1.aliyuncs.com |
pyusdsc.xyz
|
1 | cdn.dcloud.net.cn |
pyusdsc.xyz
|
1 | cdn.jsdelivr.net |
pyusdsc.xyz
|
1 | paypal.sc | |
18 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
paypal.sc ZeroSSL RSA Domain Secure Site CA |
2024-10-10 - 2025-01-08 |
3 months | crt.sh |
47.76.114.22 ZeroSSL RSA Domain Secure Site CA |
2024-10-10 - 2025-01-08 |
3 months | crt.sh |
pyusdsc.xyz R11 |
2024-10-09 - 2025-01-07 |
3 months | crt.sh |
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3 |
2024-07-30 - 2025-08-31 |
a year | crt.sh |
ap-northeast-1.oss.aliyuncs.com GlobalSign Organization Validation CA - SHA256 - G3 |
2023-11-21 - 2024-12-22 |
a year | crt.sh |
*.dcloud.net.cn Certum Domain Validation CA SHA2 |
2024-08-12 - 2025-09-11 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://pyusdsc.xyz:3389/
Frame ID: 93F1C79F85390FA8EEF823889E6A6AD2
Requests: 31 HTTP requests in this frame
Screenshot
Page Title
paypalscfsPage URL History Show full URLs
- https://paypal.sc/ Page URL
- https://47.76.114.22:60535/?search=a1 Page URL
- https://pyusdsc.xyz:3389/ Page URL
Detected technologies
jsDelivr (CDN) ExpandDetected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://paypal.sc/ Page URL
- https://47.76.114.22:60535/?search=a1 Page URL
- https://pyusdsc.xyz:3389/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
paypal.sc/ |
5 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
47.76.114.22/ |
5 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
pyusdsc.xyz/ |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
conf.js
pyusdsc.xyz/static/ |
205 B 271 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
TronWeb.min.js
cdn.jsdelivr.net/npm/tronweb@2.8.1/dist/ |
680 KB 166 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.2da1efab.css
pyusdsc.xyz/static/ |
94 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chunk-vendors.fb7f846c.js
pyusdsc.xyz/static/js/ |
3 MB 1 MB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.65800c18.js
pyusdsc.xyz/static/js/ |
743 KB 255 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pages-aHome.baf768f2.js
pyusdsc.xyz/static/js/ |
36 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sys_info_get
pyusdsc.xyz/api/pp/ |
410 B 820 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
325 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
msg.df47225f.svg
pyusdsc.xyz/static/img/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cs.36841475.svg
pyusdsc.xyz/static/img/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
home_0.ae546e37.svg
pyusdsc.xyz/static/img/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
988 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
265 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
998 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
650 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
310 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
747 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gif_en.gif
pp-offical.oss-ap-northeast-1.aliyuncs.com/ |
8 MB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gif_zh.gif
pp-offical.oss-ap-northeast-1.aliyuncs.com/ |
7 MB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
236 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
home_5.bee1f455.svg
pyusdsc.xyz/static/img/ |
433 B 524 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
home_6.dc22dcc0.svg
pyusdsc.xyz/static/img/ |
806 B 852 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shadow-grey.png
cdn.dcloud.net.cn/img/ |
136 B 579 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| coverSupport object| conf object| regeneratorRuntime function| setImmediate function| clearImmediate function| TronWeb function| init function| checkDevTools function| onKrLoadNewScene object| webpackJsonp object| __uniConfig object| __uniRoutes function| UniApp object| UniViewJSBridge object| UniServiceJSBridge object| uni object| wx function| getApp function| getCurrentPages1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.dcloud.net.cn/ | Name: __uni__uid Value: 2yld0mcKdPUSXWfiAyafAg== |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.dcloud.net.cn
cdn.jsdelivr.net
paypal.sc
pp-offical.oss-ap-northeast-1.aliyuncs.com
pyusdsc.xyz
107.148.47.97
2408:4005:30a:4302:6218:d8d9:db29:5dd2
2a04:4e42:400::485
47.238.167.41
47.76.114.22
47.79.80.1
03fae2ff0c52786f6645f4e235c685774292b72cee44e552a8dbcc30f6ebeea4
0ccf8dd29c61715a6364ea9ec36d32c295e82ca837488590130c51cee298b7d3
1611b7288840c0e828fb65c29e1a1653ad6c48a32b5bd68a0e6c668c82a794c6
1eb5021c73acefa7a7c197be600ede6db4f85c0ec98d8a88778dd63426ac3799
1fa5d5b459e69f37a2e5163ae975c36ccdfbac6b299a25c21877b1dd3bcee6e6
2b907d46fe1353c80642586f844aff1f32307edc2bfbcb2c7c440e81e3715aeb
3eb4cbe545bb8c7293ce48294c456f1297ebe15bfc5b11e5517b4dd9c2441f59
4023a94b26df56040024e31a6e81172751d98e11e645edcca1a9b0f7c505e483
471894b84da5f200d674f3ff62791d44b642098d410ac372c13b1e0b886f9d93
4d4ded1d6de5765fd33c06fdf26cd231a0f0775878650a40fd3f2a4e25404cc4
58c8e5dc98475171e6a2bb92df1930597e9573f5f62fa1918485e61c190ac6f7
608d473065c6758418604a674828fcb2fbb1cb4fe7aca0d5acf1f218de6aa3ea
63021054eaa0a168af4685de882b94ad144baf7175f17aeadcc69689e7f221b8
6f9ae45dde1d01283a9086ee5616f271fa106ae06a515c8b38ed76a460a8f5e5
7f443465eda6265fdfa690f1cac4f27d22e76134cea3ab609327c64503f8b9f7
8451eca2f88656170afb6be081e74f47ce1cc810dc741c4ef86b9651f0d1867c
87497b7f9b268450ed8dec40efd515bd3ffd647f9fd5d6b50b5031e5357fd2ad
995bcf3febc682cf87b4017602cb9f0b30bc60d5985971beb621e76693435862
9c50f201ba85ac2e21c7a96a4d0164603f14be4e88187d8fee8bde7482390cdd
9d287037bf1c229f726aa23355d51a649061a86ad675965423428c5a7d9a0f37
9e509b7c503005378041ff074292c5b388ea45f275e89a823008eb2f72d2a2e0
ad4ebea1c3496dd2924789ee009174a2c6289d1200e9811f458fd46f172d1d6f
ae2302c7cbe652a019027bc43cd2bd5dc015a8295296093333a668ac7515ad84
b52d01219e88601ff6e9839b9338c56b84fc836dede3f0096a8a71978c1f13c6
d6d398abd957887a7b71877084f86f10d475296a34605cfc0a67424466020c84
e97de9a247807f12d74101e9f736250b2410be4e1ed3d17ed875e4b08cf66c83
fdacc8603472a5782d203c9e4e6311d01f8500c0dc6bf1e5921d1c38af8132df