019lj4u.cn
Open in
urlscan Pro
23.94.211.52
Malicious Activity!
Public Scan
Submission Tags: [phishing]
Submission: On December 12 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by R3 on December 12th 2021. Valid for: 3 months.
This is the only time 019lj4u.cn was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPay (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 23.94.211.52 23.94.211.52 | 36352 (AS-COLOCR...) (AS-COLOCROSSING) | |
12 | 1 |
ASN36352 (AS-COLOCROSSING, US)
PTR: 23-94-211-52-host.colocrossing.com
019lj4u.cn |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
019lj4u.cn
019lj4u.cn |
27 KB |
12 | 1 |
Domain | Requested by | |
---|---|---|
12 | 019lj4u.cn |
019lj4u.cn
|
12 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.paypay-bank.co.jp |
help.japannetbank.co.jp |
www.japannetbank.co.jp |
login.japannetbank.co.jp |
Subject Issuer | Validity | Valid | |
---|---|---|---|
019lj4u.cn R3 |
2021-12-12 - 2022-03-12 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
https://019lj4u.cn/m/wctx1D1DFxFDg.do.php
Frame ID: 847730E1B1D35D3E877576FCB67E0995
Requests: 10 HTTP requests in this frame
Frame:
https://019lj4u.cn/m/index_1.html
Frame ID: F450010ED14161E7B2939680589E704E
Requests: 1 HTTP requests in this frame
Frame:
https://019lj4u.cn/m/index_2.html
Frame ID: B61671B011111CD9A8D0F1D1DCFBB4AE
Requests: 1 HTTP requests in this frame
12 Outgoing links
These are links going to different origins than the main page.
Title: 詳しくはこちら【更新】
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: PayPay銀行 ホーム
Search URL Search Domain Scan URL
Title: ログインページ(ログインIDあり)へ
Search URL Search Domain Scan URL
Title: SSL証明書の「SHA-2」方式への変更について
Search URL Search Domain Scan URL
Title: はじめてのログイン(初期設定)
Search URL Search Domain Scan URL
Title: チェック項目
Search URL Search Domain Scan URL
Title: BA-PLUS専用ログイン
Search URL Search Domain Scan URL
Title: ログインパスワードや暗証番号は定期的な変更をおすすめいたします。
Search URL Search Domain Scan URL
Title: フィッシングに注意
Search URL Search Domain Scan URL
Title: 取引規定集
Search URL Search Domain Scan URL
Title: プライバシーポリシー
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
wctx1D1DFxFDg.do.php
019lj4u.cn/m/ |
10 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
reset.css
019lj4u.cn/m/static/ |
611 B 472 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common_smt.css
019lj4u.cn/m/static/ |
17 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login_smt.css
019lj4u.cn/m/static/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main_logo.png
019lj4u.cn/m/static/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
header_faq.png
019lj4u.cn/m/ |
257 B 257 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer_logo.png
019lj4u.cn/m/static/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login_img001.gif
019lj4u.cn/m/static/ |
43 B 97 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
86975.gif
019lj4u.cn/m/static/ |
43 B 89 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index_1.html
019lj4u.cn/m/ Frame F450 |
257 B 285 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index_2.html
019lj4u.cn/m/ Frame B616 |
257 B 285 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
link_win_open1.gif
019lj4u.cn/m/static/ |
67 B 113 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPay (Financial)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
019lj4u.cn/ | Name: PHPSESSID Value: 7sljgsq68n9oedmbi12kajvr83 |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
019lj4u.cn
23.94.211.52
0eb4c067d7d725b04fc3939e0f7fb1079f0d3bf99751476ef6dd096b05a1c0ec
2af026c006bf89cac540b75b5a34a84cb98b7401c5c03dadd40af95547848717
4884e5bdab9832cf946ceb4c3cb2ec245ae15331823c3d14e369ab2eb98a13c4
49cc5f6a48d5342d35aaa1439f849074f9da36d24ac4c36f5096059bd9d12560
5e3befbec5e3d1801fad7131e5113fce10ee3f32aeae85fc0b6220ecf6b684af
969d91fca8528dc16f9880ec6c839fbb68ae182d88c7bb90b3d84854469e8eef
b320c763f50c93041a4693f2c1f7b5cb10c0d76dca7312995cc457d05e6fcc43
d3005a63604dec4786aa3e3aa7620601a0f247dd87ecaaef827910e883b02783
ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b
fe56bf45aaa0c3b74cd90b27319ff6351ce73b45100d9e7bea1c946eb1271f9b