user.llppooaa.top
Open in
urlscan Pro
103.255.44.8
Malicious Activity!
Public Scan
URL:
https://user.llppooaa.top/
Submission: On January 23 via automatic, source certstream-suspicious — Scanned from DE
Submission: On January 23 via automatic, source certstream-suspicious — Scanned from DE
Summary
This website contacted 2 IPs
in 1 countries
across 1 domains to perform 23 HTTP transactions.
The main IP is 103.255.44.8, located in
Hong Kong and
belongs to COMING-AS ABCDE GROUP COMPANY LIMITED, HK.
The main domain is user.llppooaa.top.
TLS certificate: Issued by R3 on January 23rd 2024. Valid for: 3 months.
This is the only time user.llppooaa.top was scanned on urlscan.io!
TLS certificate: Issued by R3 on January 23rd 2024. Valid for: 3 months.
This is the only time user.llppooaa.top was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telegram (Instant Messenger)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 18 | 103.255.44.8 103.255.44.8 | 133201 (COMING-AS...) (COMING-AS ABCDE GROUP COMPANY LIMITED) | |
| 23 | 2 |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 18 |
llppooaa.top
user.llppooaa.top |
286 KB |
| 23 | 1 |
| Domain | Requested by | |
|---|---|---|
| 18 | user.llppooaa.top |
user.llppooaa.top
|
| 23 | 1 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| user.llppooaa.top R3 |
2024-01-23 - 2024-04-22 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://user.llppooaa.top/
Frame ID: 8C77B2A9BD7DDA240054EBB954C447A3
Requests: 20 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
user.llppooaa.top/ |
13 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
index-ee5db018.js
user.llppooaa.top/ |
122 KB 48 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-3.6.1.min.js
user.llppooaa.top/ |
88 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
index-75cbdc15.css
user.llppooaa.top/ |
424 KB 92 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
login.js
user.llppooaa.top/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
red.js
user.llppooaa.top/ |
6 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
mtproto.worker-a2c6d3dd.js
user.llppooaa.top/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
crypto.worker-b2b2021e.js
user.llppooaa.top/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
369 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
crypto.worker-b2b2021e.js
user.llppooaa.top/ |
67 KB 26 KB |
Fetch
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
lang-49055ff2.js
user.llppooaa.top/ |
113 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
langSign-66e8939d.js
user.llppooaa.top/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
countries-5301fc59.js
user.llppooaa.top/ |
24 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
pageSignQR-99b43efe.js
user.llppooaa.top/ |
5 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
page-f4384e73.js
user.llppooaa.top/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
button-af00bb43.js
user.llppooaa.top/ |
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
putPreloader-f439c452.js
user.llppooaa.top/ |
699 B 912 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
textToSvgURL-c6ebb454.js
user.llppooaa.top/ |
357 B 570 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
qr-code-styling-8a04fb73.js
user.llppooaa.top/ |
65 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
_commonjsHelpers-725317a4.js
user.llppooaa.top/ |
290 B 503 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
868e8e29-d9a0-4795-a448-b9488f8fe0de
https://user.llppooaa.top/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
6effd3c3-19b0-42b1-afd3-7bbb49edecb5
https://user.llppooaa.top/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
8b7b0466-101b-488d-988d-cd9841174896
https://user.llppooaa.top/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo_padded.svg
user.llppooaa.top/assets/img/ |
1 KB 1 KB |
Fetch
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- user.llppooaa.top
- URL
- https://user.llppooaa.top/mtproto.worker-a2c6d3dd.js
- Domain
- user.llppooaa.top
- URL
- https://user.llppooaa.top/crypto.worker-b2b2021e.js
- Domain
- user.llppooaa.top
- URL
- blob:https://user.llppooaa.top/868e8e29-d9a0-4795-a448-b9488f8fe0de
- Domain
- user.llppooaa.top
- URL
- blob:https://user.llppooaa.top/6effd3c3-19b0-42b1-afd3-7bbb49edecb5
- Domain
- user.llppooaa.top
- URL
- blob:https://user.llppooaa.top/8b7b0466-101b-488d-988d-cd9841174896
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telegram (Instant Messenger)35 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| getPhone function| getpass function| login_status object| rootScope function| deferredPromise function| AppStorage object| stateStorage function| wrapUrl object| I18n object| webpWorkerController object| appStorage object| singleInstance object| webPushApiManager object| telegramMeWebManager object| opusDecodeController object| cryptoMessagePort object| mtprotoMessagePort object| serviceMessagePort object| apiManagerProxy function| calcImageInBox object| mediaSizes object| customProperties object| windowSize object| liteMode object| themeController object| overlayCounter function| formatDateAccordingToTodayNew function| fillTipDates function| $ function| jQuery object| userid_data function| dispatchHeavyAnimationEvent object| pagesManager object| sequentialDom function| putPreloader0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
user.llppooaa.top
user.llppooaa.top
103.255.44.8
0bbb5d1f1cef9e3b34a0ada567026c0172cd33db89c45d384a9f72d019a300ed
1b58f13a4a6a472ae93c91076b73ff754e8f7d4b3573764aed63a13e184d6fb1
1ed792830eb2dd0a6652ad8ce6596f4ab0053b3be9660252760cb2e7852647a1
31a8644683053f94547e314e43afa9883f5e9ab571cc1823e6b8c98df20ba877
58fafa3a075d804360271b6b081e9c3c46ba344659ef3cb10d5561afc1147448
62ba5e078c4aaa3ff5c8c24cb8216de89afaa7dd10bfd364a0396913bbd34663
6f2cf0c99091af44641cb27eee6a0f32a56aa85f446f60a9482864f2ade413d4
7b4921656e143af35794b7fc9d4d23580fa232ffcf179bc8569317e424032d80
9002d6469a28d1d921f23dc5766abd9479c25b0b4e461df1c77cb721465e281d
a0deb3db03812f898408ee9378e913de97f8b658565a723dcc5f1f89308811dc
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
a927d269fd72fcf5197166bd497f24a377036feda5269cc985580f5faa980bed
b674de0be04f81566e265ba4e8e8468697e4cab6e34c934f97ce0a4f9c99c1f8
d1a29ba0fd951b2a770ae28c821d5ff0030ccc3bc1128178eb764cbc006d6c01
d4bd31f6caed27939299469a7153f57f0691f4ffcd556af0d40b1b92f02d47f2
d7d3232bf40cc555ad219d6b688afe4b2427e7fa00ae719e5f7fa4152dc0857f
e7298e3e0c6c43b35b2b3c064ff5ef063cdc19dd7bb1c8d219307353d23ddcf0
ed04d160e6f45e3e7c32b1a769ebb6cb0c86b6da539354b9bb119a2f07600022
eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4