019lj4u.cn Open in urlscan Pro
23.94.211.52 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://019lj4u.cn/
Effective URL:
https://019lj4u.cn/wctx1D1DFxFDg.do.php
Submission: On December 12 via api (December 12th 2021, 4:07:34 pm UTC) from JP — Scanned from JP

Summary HTTP 16 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 16 HTTP transactions. The main IP is 23.94.211.52, located in Seattle, United States and belongs to AS-COLOCROSSING, US. The main domain is 019lj4u.cn.
TLS certificate: Issued by R3 on December 12th 2021. Valid for: 3 months.

This is the only time 019lj4u.cn was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPay (Financial)

Domain & IP information

	IP Address		AS Autonomous System
1 17	23.94.211.52 23.94.211.52		36352 (AS-COLOCR...) (AS-COLOCROSSING)
16	1

17 23.94.211.52 (Seattle, United States) 1 redirects

ASN36352 (AS-COLOCROSSING, US)
PTR: 23-94-211-52-host.colocrossing.com

019lj4u.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	019lj4u.cn 1 redirects 019lj4u.cn	134 KB
16	1

	Domain	Requested by
17	019lj4u.cn	1 redirects 019lj4u.cn
16	1

This site contains links to these domains. Also see Links.

Domain
www.paypay-bank.co.jp
help.japannetbank.co.jp
www.japannetbank.co.jp
login.japannetbank.co.jp

Subject Issuer	Validity	Valid
019lj4u.cn R3	`2021-12-12` - `2022-03-12`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://019lj4u.cn/wctx1D1DFxFDg.do.php
Frame ID: C2A5F176750C3C9A765DE5E9EAAA4B65
Requests: 13 HTTP requests in this frame

Frame: https://019lj4u.cn/index_1.html
Frame ID: 8837BBDBE65E6C06AF08FF4A1AC46CA2
Requests: 1 HTTP requests in this frame

Frame: https://019lj4u.cn/index_2.html
Frame ID: DEB0E59B1178C8FE5024C2530AF1B494
Requests: 1 HTTP requests in this frame

Frame: https://019lj4u.cn/index_3.html
Frame ID: 68F51DC390851566761737B8EB8F59CB
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ログイン - PayPay銀行

Page URL History Show full URLs

https://019lj4u.cn/ HTTP 302
https://019lj4u.cn/wctx1D1DFxFDg.do.php Page URL

Page Statistics

16
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

134 kB
Transfer

164 kB
Size

1
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://www.paypay-bank.co.jp/namechange/index.html
Title: 詳しくはこちら【更新】

Search URL Search Domain Scan URL

URL: https://help.japannetbank.co.jp/hc/ja
Title: よくあるご質問

Search URL Search Domain Scan URL

URL: https://www.japannetbank.co.jp/
Title: PayPay銀行ホーム

Search URL Search Domain Scan URL

URL: https://login.japannetbank.co.jp/wctx/LoginAction.do?loginIdFlg=1
Title: ログインページ（ログインIDあり）へ

Search URL Search Domain Scan URL

URL: https://www.japannetbank.co.jp/news/general2015/151028.html
Title: SSL証明書の「SHA-2」方式への変更について

Search URL Search Domain Scan URL

URL: https://login.japannetbank.co.jp/wctx/NBG12390G11.do
Title: はじめてのログイン（初期設定）

Search URL Search Domain Scan URL

URL: https://www.japannetbank.co.jp/cn_login.html
Title: チェック項目

Search URL Search Domain Scan URL

URL: https://login.japannetbank.co.jp/balogin_L.html
Title: BA-PLUS専用ログイン

Search URL Search Domain Scan URL

URL: https://www.japannetbank.co.jp/security/safety/index.html
Title: ログインパスワードや暗証番号は定期的な変更をおすすめいたします。

Search URL Search Domain Scan URL

URL: https://www.japannetbank.co.jp/security/crime/prv_phsh.html
Title: フィッシングに注意

Search URL Search Domain Scan URL

URL: https://www.paypay-bank.co.jp/regulation/index.html
Title: 取引規定集

Search URL Search Domain Scan URL

URL: https://www.paypay-bank.co.jp/policy/privacy/index.html
Title: プライバシーポリシー

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://019lj4u.cn/ HTTP 302
https://019lj4u.cn/wctx1D1DFxFDg.do.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request wctx1D1DFxFDg.do.php Show response 019lj4u.cn/ Redirect Chain https://019lj4u.cn/ https://019lj4u.cn/wctx1D1DFxFDg.do.php	9 KB 4 KB	312ms 312ms	Document text/html	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://019lj4u.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `cfcf12ebf1f853c9f28147586cb4428d771b30cd14aee4550d1edfbf13af0d6e` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Response headers date Sun, 12 Dec 2021 16:07:29 GMT server Apache expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache vary Accept-Encoding content-encoding gzip content-length 3643 content-type text/html; charset=UTF-8 Redirect headers date Sun, 12 Dec 2021 16:07:23 GMT server Apache expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache location ./wctx1D1DFxFDg.do.php content-length 0 content-type text/html; charset=UTF-8
GET H2	200	reset.css 019lj4u.cn/static/	611 B 450 B	120ms 119ms	Stylesheet text/css	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://019lj4u.cn/static/reset.css Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `2af026c006bf89cac540b75b5a34a84cb98b7401c5c03dadd40af95547848717` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 16:07:29 GMT content-encoding gzip last-modified Fri, 16 Jul 2021 03:27:14 GMT server Apache etag "263-5c73529f6a512-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 361
GET H2	200	common_smt.css 019lj4u.cn/static/	17 KB 4 KB	120ms 119ms	Stylesheet text/css	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://019lj4u.cn/static/common_smt.css Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `3beb5f5516445bf2c2040611814d07a4ab76099d234df5428bf60ed281dc4c18` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 16:07:29 GMT content-encoding gzip last-modified Fri, 16 Jul 2021 06:40:53 GMT server Apache etag "4458-5c737de8416d6-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 4343
GET H2	200	login_smt.css 019lj4u.cn/static/	5 KB 2 KB	121ms 120ms	Stylesheet text/css	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://019lj4u.cn/static/login_smt.css Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `b320c763f50c93041a4693f2c1f7b5cb10c0d76dca7312995cc457d05e6fcc43` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 16:07:29 GMT content-encoding gzip last-modified Thu, 08 Jul 2021 16:12:50 GMT server Apache etag "1460-5c69eed2f8480-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 1785
GET H2	200	common_pc.css 019lj4u.cn/static/	10 KB 3 KB	121ms 120ms	Stylesheet text/css	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://019lj4u.cn/static/common_pc.css Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `00bee62b8f3a382e2d7ccf4da11c70397136da2c72f2c9c3b2302f7c65dd9d8a` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 16:07:29 GMT content-encoding gzip last-modified Fri, 16 Jul 2021 03:27:14 GMT server Apache etag "2964-5c73529f76418-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 2973
GET H2	200	login_pc.css 019lj4u.cn/static/	4 KB 1 KB	121ms 121ms	Stylesheet text/css	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://019lj4u.cn/static/login_pc.css Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `933b2c7ddb1a5c467c9e3397d41aabcd2a6e7bb1a0ead71b5125cdff570d5fc8` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 16:07:29 GMT content-encoding gzip last-modified Thu, 08 Jul 2021 16:12:50 GMT server Apache etag "e37-5c69eed2f8480-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 1407
GET H2	200	main_logo.png 019lj4u.cn/static/	5 KB 5 KB	235ms 233ms	Image image/png	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://019lj4u.cn/static/main_logo.png Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `49cc5f6a48d5342d35aaa1439f849074f9da36d24ac4c36f5096059bd9d12560` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 16:07:29 GMT last-modified Fri, 16 Jul 2021 03:27:14 GMT server Apache accept-ranges bytes etag "12ec-5c73529f6b0c1" content-length 4844 content-type image/png
GET H2	200	header_faq.png 019lj4u.cn/static/	1 KB 1 KB	235ms 234ms	Image image/png	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://019lj4u.cn/static/header_faq.png Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `62c7ab03d6d92ae39a651edcf68d9f7d9cc77719a64748be3eafd4db079857f1` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 16:07:29 GMT last-modified Fri, 16 Jul 2021 03:27:14 GMT server Apache accept-ranges bytes etag "47f-5c73529f69d47" content-length 1151 content-type image/png
GET H2	200	login_cash_card.png 019lj4u.cn/static/	101 KB 102 KB	235ms 234ms	Image image/png	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://019lj4u.cn/static/login_cash_card.png Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `a3b931d280eb1fd8e65222317d9818c57b2f6e4a03e5f239775b5ecf43769057` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 16:07:29 GMT last-modified Thu, 08 Jul 2021 16:12:50 GMT server Apache accept-ranges bytes etag "19480-5c69eed2f8480" content-length 103552 content-type image/png
GET H2	200	footer_logo.png 019lj4u.cn/static/	10 KB 10 KB	337ms 336ms	Image image/png	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://019lj4u.cn/static/footer_logo.png Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `fe56bf45aaa0c3b74cd90b27319ff6351ce73b45100d9e7bea1c946eb1271f9b` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 16:07:29 GMT last-modified Fri, 16 Jul 2021 03:27:14 GMT server Apache accept-ranges bytes etag "271b-5c73529f75869" content-length 10011 content-type image/png
GET H2	404	login_img001.gif 019lj4u.cn/	257 B 257 B	337ms 336ms	Image text/html	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://019lj4u.cn/login_img001.gif Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `5e3befbec5e3d1801fad7131e5113fce10ee3f32aeae85fc0b6220ecf6b684af` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 16:07:29 GMT server Apache content-length 257 content-type text/html; charset=iso-8859-1
GET H2	404	86975.gif 019lj4u.cn/	257 B 257 B	337ms 336ms	Image text/html	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://019lj4u.cn/86975.gif Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `5e3befbec5e3d1801fad7131e5113fce10ee3f32aeae85fc0b6220ecf6b684af` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 16:07:29 GMT server Apache content-length 257 content-type text/html; charset=iso-8859-1
GET H2	404	index_1.html Show response 019lj4u.cn/ Frame 8837	257 B 307 B	229ms 229ms	Document text/html	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://019lj4u.cn/index_1.html Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `5e3befbec5e3d1801fad7131e5113fce10ee3f32aeae85fc0b6220ecf6b684af` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/wctx1D1DFxFDg.do.php Response headers date Sun, 12 Dec 2021 16:07:29 GMT server Apache content-length 257 content-type text/html; charset=iso-8859-1
GET H2	404	index_2.html Show response 019lj4u.cn/ Frame DEB0	257 B 285 B	229ms 229ms	Document text/html	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://019lj4u.cn/index_2.html Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `5e3befbec5e3d1801fad7131e5113fce10ee3f32aeae85fc0b6220ecf6b684af` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/wctx1D1DFxFDg.do.php Response headers date Sun, 12 Dec 2021 16:07:29 GMT server Apache content-length 257 content-type text/html; charset=iso-8859-1
GET H2	404	index_3.html Show response 019lj4u.cn/ Frame 68F5	257 B 285 B	228ms 228ms	Document text/html	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://019lj4u.cn/index_3.html Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `5e3befbec5e3d1801fad7131e5113fce10ee3f32aeae85fc0b6220ecf6b684af` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/wctx1D1DFxFDg.do.php Response headers date Sun, 12 Dec 2021 16:07:29 GMT server Apache content-length 257 content-type text/html; charset=iso-8859-1
GET H2	200	link_win_open1.gif 019lj4u.cn/static/	67 B 145 B	205ms 204ms	Image image/gif	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://019lj4u.cn/static/link_win_open1.gif Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/static/common_smt.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `0eb4c067d7d725b04fc3939e0f7fb1079f0d3bf99751476ef6dd096b05a1c0ec` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/static/common_smt.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 16:07:30 GMT last-modified Fri, 16 Jul 2021 03:27:14 GMT server Apache accept-ranges bytes etag "43-5c73529f748d7" content-length 67 content-type image/gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPay (Financial)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			019lj4u.cn/	1969-12-31 23:59:59	Name: PHPSESSID Value: i4m4nijtktpprka63vej61n9q0

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://019lj4u.cn/index_1.html Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://019lj4u.cn/index_2.html Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://019lj4u.cn/index_3.html Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://019lj4u.cn/login_img001.gif Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://019lj4u.cn/86975.gif Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

019lj4u.cn
23.94.211.52
00bee62b8f3a382e2d7ccf4da11c70397136da2c72f2c9c3b2302f7c65dd9d8a
0eb4c067d7d725b04fc3939e0f7fb1079f0d3bf99751476ef6dd096b05a1c0ec
2af026c006bf89cac540b75b5a34a84cb98b7401c5c03dadd40af95547848717
3beb5f5516445bf2c2040611814d07a4ab76099d234df5428bf60ed281dc4c18
49cc5f6a48d5342d35aaa1439f849074f9da36d24ac4c36f5096059bd9d12560
5e3befbec5e3d1801fad7131e5113fce10ee3f32aeae85fc0b6220ecf6b684af
62c7ab03d6d92ae39a651edcf68d9f7d9cc77719a64748be3eafd4db079857f1
933b2c7ddb1a5c467c9e3397d41aabcd2a6e7bb1a0ead71b5125cdff570d5fc8
a3b931d280eb1fd8e65222317d9818c57b2f6e4a03e5f239775b5ecf43769057
b320c763f50c93041a4693f2c1f7b5cb10c0d76dca7312995cc457d05e6fcc43
cfcf12ebf1f853c9f28147586cb4428d771b30cd14aee4550d1edfbf13af0d6e
fe56bf45aaa0c3b74cd90b27319ff6351ce73b45100d9e7bea1c946eb1271f9b

019lj4u.cn Open in urlscan Pro 23.94.211.52 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

16 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

134 kBTransfer

164 kBSize

1 Cookies

12 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

1 Cookies

5 Console Messages

Indicators

019lj4u.cn Open in urlscan Pro
23.94.211.52 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

134 kB
Transfer

164 kB
Size

1
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!