urlscan.io logo urlscan.io
SecurityTrails logo

lju.npf.temporary.site Open in urlscan Pro
192.185.52.101  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/4.php
Submission: On August 22 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 11 HTTP transactions. The main IP is 192.185.52.101, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is lju.npf.temporary.site.
TLS certificate: Issued by R11 on August 20th 2024. Valid for: 3 months.
This is the only time lju.npf.temporary.site was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

IP Address AS Autonomous System
9 192.185.52.101 19871 (NETWORK-S...)
2 192.229.221.25 15133 (EDGECAST)
11 2
Apex Domain
Subdomains		 Transfer
9 temporary.site
lju.npf.temporary.site
193 KB
2 paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 3281
24 KB
11 2
Domain Requested by
9 lju.npf.temporary.site lju.npf.temporary.site
2 www.paypalobjects.com lju.npf.temporary.site
11 2

This site contains no links.

Subject Issuer Validity Valid
mail.friedrichkie.site
R11		 2024-08-20 -
2024-11-18		 3 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2024-06-13 -
2025-06-12		 a year crt.sh

This page contains 1 frames:

Primary Page: https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/4.php
Frame ID: B252B1A1642DB744215DFB2DF5CD33FC
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Melden Sie sich bei Ihrem PayPal-Konto an

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • paypalobjects\.com
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

217 kB
Transfer

358 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 4.php
lju.npf.temporary.site/website_be533e50/oakr01ta/secure/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/4.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.52.101 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
gator4138.hostgator.com
Software
nginx/1.23.4 /
Resource Hash
57eacf79cc2fd4dbcf05d083bb4736ef4c10117b26e2ac8c5292a3e43ef3641d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cache-control
max-age=7200
content-encoding
gzip
content-length
1520
content-type
text/html; charset=UTF-8
date
Thu, 22 Aug 2024 14:29:27 GMT
expires
Thu, 22 Aug 2024 16:29:26 GMT
server
nginx/1.23.4
vary
Accept-Encoding
x-content-type-options
nosniff
x-newfold-cache-level
2
x-proxy-cache
EXPIRED
x-server-cache
true
x-xss-protection
1; mode=block
jquery-3.2.1.min.js
lju.npf.temporary.site/website_be533e50/oakr01ta/secure/56ce037aad0253/ 		85 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/56ce037aad0253/jquery-3.2.1.min.js
Requested by
Host: lju.npf.temporary.site
URL: https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/4.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.52.101 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
gator4138.hostgator.com
Software
Apache /
Resource Hash
a9cb021d2bf22fd7b002d027be449f491ed1c34928a9d49abb9551cda88ee727
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/4.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 22 Aug 2024 14:29:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 17 Nov 2022 14:24:04 GMT
server
Apache
vary
Accept-Encoding
x-newfold-cache-level
2
content-type
application/javascript
cache-control
max-age=86400
accept-ranges
bytes
x-xss-protection
1; mode=block
expires
Fri, 23 Aug 2024 14:29:27 GMT
stylogino.css
lju.npf.temporary.site/website_be533e50/oakr01ta/secure/statics/ 		66 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/statics/stylogino.css
Requested by
Host: lju.npf.temporary.site
URL: https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/4.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.52.101 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
gator4138.hostgator.com
Software
Apache /
Resource Hash
42e7b111308859983ca55376d0878f84ae8562a51c881856c236cff8eba244b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/4.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 22 Aug 2024 14:29:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 17 Nov 2022 08:26:14 GMT
server
Apache
vary
Accept-Encoding
x-newfold-cache-level
2
content-type
text/css
cache-control
max-age=86400
accept-ranges
bytes
x-xss-protection
1; mode=block
expires
Fri, 23 Aug 2024 14:29:27 GMT
flagcountry.css
lju.npf.temporary.site/website_be533e50/oakr01ta/secure/statics/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/statics/flagcountry.css
Requested by
Host: lju.npf.temporary.site
URL: https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/4.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.52.101 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
gator4138.hostgator.com
Software
Apache /
Resource Hash
ef9d53838631fa6adaf861f047dc36844cf716ca0e25d6673d5fb8b22ecdd400
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/4.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 22 Aug 2024 14:29:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 17 Nov 2022 08:24:22 GMT
server
Apache
vary
Accept-Encoding
x-newfold-cache-level
2
content-type
text/css
cache-control
max-age=86400
accept-ranges
bytes
content-length
1784
x-xss-protection
1; mode=block
expires
Fri, 23 Aug 2024 14:29:27 GMT
plugins.js
lju.npf.temporary.site/website_be533e50/oakr01ta/secure/0de0fb0f/ 		55 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/0de0fb0f/plugins.js
Requested by
Host: lju.npf.temporary.site
URL: https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/4.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.52.101 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
gator4138.hostgator.com
Software
Apache /
Resource Hash
656b81fc8ce755e7cdacde6bcb9e9c2af44902025e0c10cd1ac897ca3945dacb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/4.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 22 Aug 2024 14:29:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 17 Nov 2022 14:24:32 GMT
server
Apache
vary
Accept-Encoding
x-newfold-cache-level
2
content-type
application/javascript
cache-control
max-age=86400
accept-ranges
bytes
x-xss-protection
1; mode=block
expires
Fri, 23 Aug 2024 14:29:27 GMT
login.js
lju.npf.temporary.site/website_be533e50/oakr01ta/secure/0de0fb0f/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/0de0fb0f/login.js
Requested by
Host: lju.npf.temporary.site
URL: https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/4.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.52.101 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
gator4138.hostgator.com
Software
Apache /
Resource Hash
40018c15ae45f4265cdc58cb3703ecdada5a69990976d2e499ba9f09c5bfab6a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/4.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 22 Aug 2024 14:29:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 17 Nov 2022 09:23:30 GMT
server
Apache
vary
Accept-Encoding
x-newfold-cache-level
2
content-type
application/javascript
cache-control
max-age=86400
accept-ranges
bytes
content-length
1038
x-xss-protection
1; mode=block
expires
Fri, 23 Aug 2024 14:29:27 GMT
pdf.png
lju.npf.temporary.site/website_be533e50/oakr01ta/secure/statics/images/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/statics/images/img/pdf.png
Requested by
Host: lju.npf.temporary.site
URL: https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/statics/stylogino.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.52.101 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
gator4138.hostgator.com
Software
Apache /
Resource Hash
d662747018528e56e73f581f4ac187dffe16319c79d9822dae27b33ff69593e6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/statics/stylogino.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 22 Aug 2024 14:29:28 GMT
x-content-type-options
nosniff
last-modified
Thu, 17 Feb 2022 10:22:54 GMT
server
Apache
x-newfold-cache-level
2
content-type
image/png
cache-control
max-age=86400
accept-ranges
bytes
content-length
1848
x-xss-protection
1; mode=block
expires
Fri, 23 Aug 2024 14:29:28 GMT
sprite_form_2x.png
www.paypalobjects.com/webstatic/i/consumer/onboarding/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/webstatic/i/consumer/onboarding/sprite_form_2x.png
Requested by
Host: lju.npf.temporary.site
URL: https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/statics/stylogino.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CF6) /
Resource Hash
f65097de26a69f4441361502879888c86efde568de00761c31afc4f51531343a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://lju.npf.temporary.site/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 22 Aug 2024 14:29:28 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-cache
HIT
paypal-debug-id
727b429adc615
dc
ccg11-origin-www-1.paypal.com
content-length
5461
last-modified
Tue, 02 Sep 2014 09:03:25 GMT
accept-ch
DPR, Viewport-Width, Width, ECT, Downlink
server
ECAcc (frc/4CF6)
traceparent
00-0000000000000000000727b429adc615-9db797a5681bd508-01
etag
"540587dd-1555"
content-type
image/png
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Thu, 22 Aug 2024 15:29:28 GMT
all-flag.png
lju.npf.temporary.site/website_be533e50/oakr01ta/secure/statics/images/img/ 		108 KB
108 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/statics/images/img/all-flag.png
Requested by
Host: lju.npf.temporary.site
URL: https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/statics/flagcountry.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.52.101 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
gator4138.hostgator.com
Software
Apache /
Resource Hash
21f89c7c27f0eab13388645aea1eedb4a342c06333a14d74c1a10dfca04d6455
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/statics/flagcountry.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 22 Aug 2024 14:29:28 GMT
x-content-type-options
nosniff
last-modified
Thu, 17 Feb 2022 09:50:38 GMT
server
Apache
x-newfold-cache-level
2
content-type
image/png
cache-control
max-age=86400
accept-ranges
bytes
content-length
110177
x-xss-protection
1; mode=block
expires
Fri, 23 Aug 2024 14:29:28 GMT
PayPalSansBig-Medium.woff2
www.paypalobjects.com/paypal-ui/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/paypal-ui/fonts/PayPalSansBig-Medium.woff2
Requested by
Host: lju.npf.temporary.site
URL: https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/statics/stylogino.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4C95) /
Resource Hash
2ae6779c6c3579643ab6deb5cfb822e843bf637d006a4ec25d9857ec7fb6d8c1
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://lju.npf.temporary.site/
Origin
https://lju.npf.temporary.site
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 22 Aug 2024 14:29:28 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-cache
HIT
paypal-debug-id
5a0de23c5ba09
dc
ccg11-origin-www-1.paypal.com
content-length
18508
last-modified
Sat, 13 Feb 2021 00:27:06 GMT
server
ECAcc (frc/4C95)
traceparent
00-00000000000000000005a0de23c5ba09-e72be53f1dd7d803-01
etag
"60271cda-484c"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Thu, 22 Aug 2024 15:29:28 GMT
myfavi.ico
lju.npf.temporary.site/website_be533e50/oakr01ta/secure/statics/images/img/ 		5 KB
5 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/statics/images/img/myfavi.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.52.101 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
gator4138.hostgator.com
Software
nginx/1.23.4 /
Resource Hash
1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/4.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-proxy-cache
HIT
date
Thu, 22 Aug 2024 14:29:28 GMT
x-content-type-options
nosniff
last-modified
Fri, 20 Nov 2020 04:17:44 GMT
server
nginx/1.23.4
x-server-cache
true
x-newfold-cache-level
2
content-type
image/x-icon
cache-control
max-age=31536000
accept-ranges
bytes
content-length
5430
x-xss-protection
1; mode=block
expires
Fri, 22 Aug 2025 08:35:49 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _0xfc4d function| $ function| jQuery function| validateEmail

0 Cookies

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://lju.npf.temporary.site/website_be533e50/oakr01ta/secure/4.php
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block