lju.npf.temporary.site
Open in
urlscan Pro
192.185.52.101
Malicious Activity!
Public Scan
Submission: On August 22 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by R11 on August 20th 2024. Valid for: 3 months.
This is the only time lju.npf.temporary.site was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 192.185.52.101 192.185.52.101 | 19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING) | |
2 | 192.229.221.25 192.229.221.25 | 15133 (EDGECAST) (EDGECAST) | |
11 | 2 |
ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: gator4138.hostgator.com
lju.npf.temporary.site |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
temporary.site
lju.npf.temporary.site |
193 KB |
2 |
paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 3281 |
24 KB |
11 | 2 |
Domain | Requested by | |
---|---|---|
9 | lju.npf.temporary.site |
lju.npf.temporary.site
|
2 | www.paypalobjects.com |
lju.npf.temporary.site
|
11 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
mail.friedrichkie.site R11 |
2024-08-20 - 2024-11-18 |
3 months | crt.sh |
www.paypal.com DigiCert SHA2 Extended Validation Server CA |
2024-06-13 - 2025-06-12 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/4.php
Frame ID: B252B1A1642DB744215DFB2DF5CD33FC
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
Melden Sie sich bei Ihrem PayPal-Konto anDetected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
PayPal (Payment Processors) Expand
Detected patterns
- paypalobjects\.com
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
4.php
lju.npf.temporary.site/website_be533e50/oakr01ta/secure/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.min.js
lju.npf.temporary.site/website_be533e50/oakr01ta/secure/56ce037aad0253/ |
85 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
stylogino.css
lju.npf.temporary.site/website_be533e50/oakr01ta/secure/statics/ |
66 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
flagcountry.css
lju.npf.temporary.site/website_be533e50/oakr01ta/secure/statics/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
plugins.js
lju.npf.temporary.site/website_be533e50/oakr01ta/secure/0de0fb0f/ |
55 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.js
lju.npf.temporary.site/website_be533e50/oakr01ta/secure/0de0fb0f/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pdf.png
lju.npf.temporary.site/website_be533e50/oakr01ta/secure/statics/images/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sprite_form_2x.png
www.paypalobjects.com/webstatic/i/consumer/onboarding/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all-flag.png
lju.npf.temporary.site/website_be533e50/oakr01ta/secure/statics/images/img/ |
108 KB 108 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalSansBig-Medium.woff2
www.paypalobjects.com/paypal-ui/fonts/ |
18 KB 18 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
myfavi.ico
lju.npf.temporary.site/website_be533e50/oakr01ta/secure/statics/images/img/ |
5 KB 5 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| _0xfc4d function| $ function| jQuery function| validateEmail0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
lju.npf.temporary.site
www.paypalobjects.com
192.185.52.101
192.229.221.25
1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
21f89c7c27f0eab13388645aea1eedb4a342c06333a14d74c1a10dfca04d6455
2ae6779c6c3579643ab6deb5cfb822e843bf637d006a4ec25d9857ec7fb6d8c1
40018c15ae45f4265cdc58cb3703ecdada5a69990976d2e499ba9f09c5bfab6a
42e7b111308859983ca55376d0878f84ae8562a51c881856c236cff8eba244b9
57eacf79cc2fd4dbcf05d083bb4736ef4c10117b26e2ac8c5292a3e43ef3641d
656b81fc8ce755e7cdacde6bcb9e9c2af44902025e0c10cd1ac897ca3945dacb
a9cb021d2bf22fd7b002d027be449f491ed1c34928a9d49abb9551cda88ee727
d662747018528e56e73f581f4ac187dffe16319c79d9822dae27b33ff69593e6
ef9d53838631fa6adaf861f047dc36844cf716ca0e25d6673d5fb8b22ecdd400
f65097de26a69f4441361502879888c86efde568de00761c31afc4f51531343a