019lj4u.cn Open in urlscan Pro
23.94.211.52 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://019lj4u.cn/m/wctx1D1DFxFDg.do.php
Submission Tags: [phishing]
Submission: On December 12 via api (December 12th 2021, 3:06:45 pm UTC) from JP — Scanned from JP

Summary HTTP 12 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 12 HTTP transactions. The main IP is 23.94.211.52, located in Seattle, United States and belongs to AS-COLOCROSSING, US. The main domain is 019lj4u.cn.
TLS certificate: Issued by R3 on December 12th 2021. Valid for: 3 months.

This is the only time 019lj4u.cn was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPay (Financial)

Domain & IP information

	IP Address		AS Autonomous System
12	23.94.211.52 23.94.211.52		36352 (AS-COLOCR...) (AS-COLOCROSSING)
12	1

12 23.94.211.52 (Seattle, United States)

ASN36352 (AS-COLOCROSSING, US)
PTR: 23-94-211-52-host.colocrossing.com

019lj4u.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	019lj4u.cn 019lj4u.cn	27 KB
12	1

	Domain	Requested by
12	019lj4u.cn	019lj4u.cn
12	1

This site contains links to these domains. Also see Links.

Domain
www.paypay-bank.co.jp
help.japannetbank.co.jp
www.japannetbank.co.jp
login.japannetbank.co.jp

Subject Issuer	Validity	Valid
019lj4u.cn R3	`2021-12-12` - `2022-03-12`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://019lj4u.cn/m/wctx1D1DFxFDg.do.php
Frame ID: 847730E1B1D35D3E877576FCB67E0995
Requests: 10 HTTP requests in this frame

Frame: https://019lj4u.cn/m/index_1.html
Frame ID: F450010ED14161E7B2939680589E704E
Requests: 1 HTTP requests in this frame

Frame: https://019lj4u.cn/m/index_2.html
Frame ID: B61671B011111CD9A8D0F1D1DCFBB4AE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ログイン - PayPay銀行

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

27 kB
Transfer

48 kB
Size

1
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://www.paypay-bank.co.jp/namechange/index.html
Title: 詳しくはこちら【更新】

Search URL Search Domain Scan URL

URL: https://help.japannetbank.co.jp/hc/ja

Search URL Search Domain Scan URL

URL: https://www.japannetbank.co.jp/
Title: PayPay銀行ホーム

Search URL Search Domain Scan URL

URL: https://login.japannetbank.co.jp/wctx/LoginAction.do?loginIdFlg=1
Title: ログインページ（ログインIDあり）へ

Search URL Search Domain Scan URL

URL: https://www.japannetbank.co.jp/news/general2015/151028.html
Title: SSL証明書の「SHA-2」方式への変更について

Search URL Search Domain Scan URL

URL: https://login.japannetbank.co.jp/wctx/NBG12390G11.do
Title: はじめてのログイン（初期設定）

Search URL Search Domain Scan URL

URL: https://www.japannetbank.co.jp/cn_login.html
Title: チェック項目

Search URL Search Domain Scan URL

URL: https://login.japannetbank.co.jp/balogin_L.html
Title: BA-PLUS専用ログイン

Search URL Search Domain Scan URL

URL: https://www.japannetbank.co.jp/security/safety/index.html
Title: ログインパスワードや暗証番号は定期的な変更をおすすめいたします。

Search URL Search Domain Scan URL

URL: https://www.japannetbank.co.jp/security/crime/prv_phsh.html
Title: フィッシングに注意

Search URL Search Domain Scan URL

URL: https://www.paypay-bank.co.jp/regulation/index.html
Title: 取引規定集

Search URL Search Domain Scan URL

URL: https://www.paypay-bank.co.jp/policy/privacy/index.html
Title: プライバシーポリシー

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request wctx1D1DFxFDg.do.php Show response 019lj4u.cn/m/	10 KB 4 KB	555ms 331ms	Document text/html	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://019lj4u.cn/m/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `4884e5bdab9832cf946ceb4c3cb2ec245ae15331823c3d14e369ab2eb98a13c4` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Response headers date Sun, 12 Dec 2021 15:06:40 GMT server Apache expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache vary Accept-Encoding content-encoding gzip content-length 4027 content-type text/html; charset=UTF-8
GET H2	200	reset.css 019lj4u.cn/m/static/	611 B 472 B	111ms 111ms	Stylesheet text/css	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://019lj4u.cn/m/static/reset.css Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/m/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `2af026c006bf89cac540b75b5a34a84cb98b7401c5c03dadd40af95547848717` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/m/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 15:06:41 GMT content-encoding gzip last-modified Thu, 19 Aug 2021 12:56:24 GMT server Apache etag "263-5c9e914052e00-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 361
GET H2	200	common_smt.css 019lj4u.cn/m/static/	17 KB 4 KB	112ms 112ms	Stylesheet text/css	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://019lj4u.cn/m/static/common_smt.css Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/m/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `969d91fca8528dc16f9880ec6c839fbb68ae182d88c7bb90b3d84854469e8eef` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/m/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 15:06:41 GMT content-encoding gzip last-modified Thu, 19 Aug 2021 12:56:24 GMT server Apache etag "4455-5c9e914052e00-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 4344
GET H2	200	login_smt.css 019lj4u.cn/m/static/	5 KB 2 KB	113ms 112ms	Stylesheet text/css	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://019lj4u.cn/m/static/login_smt.css Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/m/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `b320c763f50c93041a4693f2c1f7b5cb10c0d76dca7312995cc457d05e6fcc43` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/m/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 15:06:41 GMT content-encoding gzip last-modified Thu, 19 Aug 2021 12:56:24 GMT server Apache etag "1460-5c9e914052e00-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 1785
GET H2	200	main_logo.png 019lj4u.cn/m/static/	5 KB 5 KB	216ms 215ms	Image image/png	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://019lj4u.cn/m/static/main_logo.png Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/m/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `49cc5f6a48d5342d35aaa1439f849074f9da36d24ac4c36f5096059bd9d12560` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/m/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 15:06:41 GMT last-modified Thu, 19 Aug 2021 12:56:24 GMT server Apache accept-ranges bytes etag "12ec-5c9e914052e00" content-length 4844 content-type image/png
GET H2	404	header_faq.png 019lj4u.cn/m/	257 B 257 B	217ms 216ms	Image text/html	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://019lj4u.cn/m/header_faq.png Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/m/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `5e3befbec5e3d1801fad7131e5113fce10ee3f32aeae85fc0b6220ecf6b684af` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/m/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 15:06:41 GMT server Apache content-length 257 content-type text/html; charset=iso-8859-1
GET H2	200	footer_logo.png 019lj4u.cn/m/static/	10 KB 10 KB	217ms 217ms	Image image/png	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://019lj4u.cn/m/static/footer_logo.png Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/m/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `fe56bf45aaa0c3b74cd90b27319ff6351ce73b45100d9e7bea1c946eb1271f9b` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/m/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 15:06:41 GMT last-modified Thu, 19 Aug 2021 12:56:24 GMT server Apache accept-ranges bytes etag "271b-5c9e914052e00" content-length 10011 content-type image/png
GET H2	200	login_img001.gif 019lj4u.cn/m/static/	43 B 97 B	218ms 217ms	Image image/gif	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://019lj4u.cn/m/static/login_img001.gif Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/m/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `d3005a63604dec4786aa3e3aa7620601a0f247dd87ecaaef827910e883b02783` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/m/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 15:06:41 GMT last-modified Thu, 19 Aug 2021 12:56:24 GMT server Apache accept-ranges bytes etag "2b-5c9e914052e00" content-length 43 content-type image/gif
GET H2	200	86975.gif 019lj4u.cn/m/static/	43 B 89 B	218ms 218ms	Image image/gif	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://019lj4u.cn/m/static/86975.gif Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/m/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/m/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 15:06:41 GMT last-modified Thu, 19 Aug 2021 12:56:24 GMT server Apache accept-ranges bytes etag "2b-5c9e914052e00" content-length 43 content-type image/gif
GET H2	404	index_1.html Show response 019lj4u.cn/m/ Frame F450	257 B 285 B	252ms 252ms	Document text/html	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://019lj4u.cn/m/index_1.html Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/m/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `5e3befbec5e3d1801fad7131e5113fce10ee3f32aeae85fc0b6220ecf6b684af` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/m/wctx1D1DFxFDg.do.php Response headers date Sun, 12 Dec 2021 15:06:41 GMT server Apache content-length 257 content-type text/html; charset=iso-8859-1
GET H2	404	index_2.html Show response 019lj4u.cn/m/ Frame B616	257 B 285 B	253ms 253ms	Document text/html	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://019lj4u.cn/m/index_2.html Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/m/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `5e3befbec5e3d1801fad7131e5113fce10ee3f32aeae85fc0b6220ecf6b684af` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/m/wctx1D1DFxFDg.do.php Response headers date Sun, 12 Dec 2021 15:06:41 GMT server Apache content-length 257 content-type text/html; charset=iso-8859-1
GET H2	200	link_win_open1.gif 019lj4u.cn/m/static/	67 B 113 B	136ms 136ms	Image image/gif	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://019lj4u.cn/m/static/link_win_open1.gif Requested by Host: 019lj4u.cn URL: https://019lj4u.cn/m/static/common_smt.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `0eb4c067d7d725b04fc3939e0f7fb1079f0d3bf99751476ef6dd096b05a1c0ec` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://019lj4u.cn/m/static/common_smt.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 15:06:41 GMT last-modified Thu, 19 Aug 2021 12:56:24 GMT server Apache accept-ranges bytes etag "43-5c9e914052e00" content-length 67 content-type image/gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPay (Financial)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			019lj4u.cn/	1969-12-31 23:59:59	Name: PHPSESSID Value: 7sljgsq68n9oedmbi12kajvr83

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://019lj4u.cn/m/header_faq.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://019lj4u.cn/m/index_1.html Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://019lj4u.cn/m/index_2.html Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

019lj4u.cn
23.94.211.52
0eb4c067d7d725b04fc3939e0f7fb1079f0d3bf99751476ef6dd096b05a1c0ec
2af026c006bf89cac540b75b5a34a84cb98b7401c5c03dadd40af95547848717
4884e5bdab9832cf946ceb4c3cb2ec245ae15331823c3d14e369ab2eb98a13c4
49cc5f6a48d5342d35aaa1439f849074f9da36d24ac4c36f5096059bd9d12560
5e3befbec5e3d1801fad7131e5113fce10ee3f32aeae85fc0b6220ecf6b684af
969d91fca8528dc16f9880ec6c839fbb68ae182d88c7bb90b3d84854469e8eef
b320c763f50c93041a4693f2c1f7b5cb10c0d76dca7312995cc457d05e6fcc43
d3005a63604dec4786aa3e3aa7620601a0f247dd87ecaaef827910e883b02783
ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b
fe56bf45aaa0c3b74cd90b27319ff6351ce73b45100d9e7bea1c946eb1271f9b

019lj4u.cn Open in urlscan Pro 23.94.211.52 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

12 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

27 kBTransfer

48 kBSize

1 Cookies

12 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

1 Cookies

3 Console Messages

Indicators

019lj4u.cn Open in urlscan Pro
23.94.211.52 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

27 kB
Transfer

48 kB
Size

1
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!