019lj4u.cn
Open in
urlscan Pro
23.94.211.52
Malicious Activity!
Public Scan
Effective URL: https://019lj4u.cn/wctx1D1DFxFDg.do.php
Submission: On December 12 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by R3 on December 12th 2021. Valid for: 3 months.
This is the only time 019lj4u.cn was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPay (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 17 | 23.94.211.52 23.94.211.52 | 36352 (AS-COLOCR...) (AS-COLOCROSSING) | |
16 | 1 |
ASN36352 (AS-COLOCROSSING, US)
PTR: 23-94-211-52-host.colocrossing.com
019lj4u.cn |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
019lj4u.cn
1 redirects
019lj4u.cn |
134 KB |
16 | 1 |
Domain | Requested by | |
---|---|---|
17 | 019lj4u.cn |
1 redirects
019lj4u.cn
|
16 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.paypay-bank.co.jp |
help.japannetbank.co.jp |
www.japannetbank.co.jp |
login.japannetbank.co.jp |
Subject Issuer | Validity | Valid | |
---|---|---|---|
019lj4u.cn R3 |
2021-12-12 - 2022-03-12 |
3 months | crt.sh |
This page contains 4 frames:
Primary Page:
https://019lj4u.cn/wctx1D1DFxFDg.do.php
Frame ID: C2A5F176750C3C9A765DE5E9EAAA4B65
Requests: 13 HTTP requests in this frame
Frame:
https://019lj4u.cn/index_1.html
Frame ID: 8837BBDBE65E6C06AF08FF4A1AC46CA2
Requests: 1 HTTP requests in this frame
Frame:
https://019lj4u.cn/index_2.html
Frame ID: DEB0E59B1178C8FE5024C2530AF1B494
Requests: 1 HTTP requests in this frame
Frame:
https://019lj4u.cn/index_3.html
Frame ID: 68F51DC390851566761737B8EB8F59CB
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
ログイン - PayPay銀行Page URL History Show full URLs
-
https://019lj4u.cn/
HTTP 302
https://019lj4u.cn/wctx1D1DFxFDg.do.php Page URL
Page Statistics
12 Outgoing links
These are links going to different origins than the main page.
Title: 詳しくはこちら【更新】
Search URL Search Domain Scan URL
Title: よくあるご質問
Search URL Search Domain Scan URL
Title: PayPay銀行 ホーム
Search URL Search Domain Scan URL
Title: ログインページ(ログインIDあり)へ
Search URL Search Domain Scan URL
Title: SSL証明書の「SHA-2」方式への変更について
Search URL Search Domain Scan URL
Title: はじめてのログイン(初期設定)
Search URL Search Domain Scan URL
Title: チェック項目
Search URL Search Domain Scan URL
Title: BA-PLUS専用ログイン
Search URL Search Domain Scan URL
Title: ログインパスワードや暗証番号は定期的な変更をおすすめいたします。
Search URL Search Domain Scan URL
Title: フィッシングに注意
Search URL Search Domain Scan URL
Title: 取引規定集
Search URL Search Domain Scan URL
Title: プライバシーポリシー
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://019lj4u.cn/
HTTP 302
https://019lj4u.cn/wctx1D1DFxFDg.do.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
wctx1D1DFxFDg.do.php
019lj4u.cn/ Redirect Chain
|
9 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
reset.css
019lj4u.cn/static/ |
611 B 450 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common_smt.css
019lj4u.cn/static/ |
17 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login_smt.css
019lj4u.cn/static/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common_pc.css
019lj4u.cn/static/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login_pc.css
019lj4u.cn/static/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main_logo.png
019lj4u.cn/static/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
header_faq.png
019lj4u.cn/static/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login_cash_card.png
019lj4u.cn/static/ |
101 KB 102 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer_logo.png
019lj4u.cn/static/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login_img001.gif
019lj4u.cn/ |
257 B 257 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
86975.gif
019lj4u.cn/ |
257 B 257 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index_1.html
019lj4u.cn/ Frame 8837 |
257 B 307 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index_2.html
019lj4u.cn/ Frame DEB0 |
257 B 285 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index_3.html
019lj4u.cn/ Frame 68F5 |
257 B 285 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
link_win_open1.gif
019lj4u.cn/static/ |
67 B 145 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPay (Financial)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
019lj4u.cn/ | Name: PHPSESSID Value: i4m4nijtktpprka63vej61n9q0 |
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
019lj4u.cn
23.94.211.52
00bee62b8f3a382e2d7ccf4da11c70397136da2c72f2c9c3b2302f7c65dd9d8a
0eb4c067d7d725b04fc3939e0f7fb1079f0d3bf99751476ef6dd096b05a1c0ec
2af026c006bf89cac540b75b5a34a84cb98b7401c5c03dadd40af95547848717
3beb5f5516445bf2c2040611814d07a4ab76099d234df5428bf60ed281dc4c18
49cc5f6a48d5342d35aaa1439f849074f9da36d24ac4c36f5096059bd9d12560
5e3befbec5e3d1801fad7131e5113fce10ee3f32aeae85fc0b6220ecf6b684af
62c7ab03d6d92ae39a651edcf68d9f7d9cc77719a64748be3eafd4db079857f1
933b2c7ddb1a5c467c9e3397d41aabcd2a6e7bb1a0ead71b5125cdff570d5fc8
a3b931d280eb1fd8e65222317d9818c57b2f6e4a03e5f239775b5ecf43769057
b320c763f50c93041a4693f2c1f7b5cb10c0d76dca7312995cc457d05e6fcc43
cfcf12ebf1f853c9f28147586cb4428d771b30cd14aee4550d1edfbf13af0d6e
fe56bf45aaa0c3b74cd90b27319ff6351ce73b45100d9e7bea1c946eb1271f9b