cnofqu.cn
Open in
urlscan Pro
2606:4700:3033::6815:41c2
Malicious Activity!
Public Scan
Submission: On May 21 via manual from JP — Scanned from JP
Summary
TLS certificate: Issued by E1 on May 21st 2022. Valid for: 3 months.
This is the only time cnofqu.cn was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
31 | 2606:4700:303... 2606:4700:3033::6815:41c2 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
33 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
31 |
cnofqu.cn
cnofqu.cn |
309 KB |
0 |
cloudflareresearch.com
Failed
tls-ech-experiment-c.cloudflareresearch.com Failed tls-ech-experiment.cloudflareresearch.com Failed |
|
33 | 2 |
Domain | Requested by | |
---|---|---|
31 | cnofqu.cn |
cnofqu.cn
|
0 | tls-ech-experiment.cloudflareresearch.com Failed |
cnofqu.cn
|
0 | tls-ech-experiment-c.cloudflareresearch.com Failed |
cnofqu.cn
|
33 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.paypal.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.cnofqu.cn E1 |
2022-05-21 - 2022-08-19 |
3 months | crt.sh |
This page contains 7 frames:
Primary Page:
https://cnofqu.cn/login/
Frame ID: 00A114937EC3DA9DAE34D0ADC99A4C71
Requests: 20 HTTP requests in this frame
Frame:
https://cnofqu.cn/login/index_2.html
Frame ID: F048D95D6C6DE2026A19F574F97AA857
Requests: 3 HTTP requests in this frame
Frame:
https://cnofqu.cn/login/index_1.html
Frame ID: 79BF42E385B2C71F246E8F8F7A7C3009
Requests: 3 HTTP requests in this frame
Frame:
https://cnofqu.cn/login/index_4.html
Frame ID: 1D41EF21BD09A7955A9AEC64129A9474
Requests: 3 HTTP requests in this frame
Frame:
https://cnofqu.cn/login/index_5.html
Frame ID: D8B53430666C9200692E10FBEAE90AC4
Requests: 2 HTTP requests in this frame
Frame:
https://cnofqu.cn/login/index_3.html
Frame ID: 79557E25FDF7E0FC5DDF73377B589906
Requests: 1 HTTP requests in this frame
Frame:
https://cnofqu.cn/login/index_6.html
Frame ID: C4FDA533FEA2C1B509C6986D0D0F877D
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
PayPalアカウントへのログインPage URL History Show full URLs
- https://cnofqu.cn/login/ Page URL
- https://cnofqu.cn/login/ Page URL
Page Statistics
8 Outgoing links
These are links going to different origins than the main page.
Title: 日本語
Search URL Search Domain Scan URL
Title: English
Search URL Search Domain Scan URL
Title: パスワードをお忘れの場合
Search URL Search Domain Scan URL
Title: お問い合わせください
Search URL Search Domain Scan URL
Title: お問い合わせ
Search URL Search Domain Scan URL
Title: プライバシー
Search URL Search Domain Scan URL
Title: 規約
Search URL Search Domain Scan URL
Title: 世界中の
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://cnofqu.cn/login/ Page URL
- https://cnofqu.cn/login/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
33 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
cnofqu.cn/login/ |
10 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v1
cnofqu.cn/cdn-cgi/challenge-platform/h/g/orchestrate/jsch/ |
41 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
transparent.gif
cnofqu.cn/cdn-cgi/images/trace/jschal/js/ |
42 B 220 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
transparent.gif
cnofqu.cn/cdn-cgi/images/trace/jschal/nojs/ |
42 B 101 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
98e1b0b02a5460f
cnofqu.cn/cdn-cgi/challenge-platform/h/g/flow/ov1/0.06219518370531878:1653134819:51782ba8e5c62f751f5067baff42b7f68349efe081e15593745df0b04977bb1d/70ed5b72dd0f1d6f/ |
121 KB 64 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
probe
tls-ech-experiment-c.cloudflareresearch.com/.well-known/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
probe
tls-ech-experiment.cloudflareresearch.com/.well-known/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
5jkyGmy43rZK1Ph
cnofqu.cn/cdn-cgi/challenge-platform/h/g/img/70ed5b72dd0f1d6f/1653136581824/ |
61 B 512 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
98e1b0b02a5460f
cnofqu.cn/cdn-cgi/challenge-platform/h/g/flow/ov1/0.06219518370531878:1653134819:51782ba8e5c62f751f5067baff42b7f68349efe081e15593745df0b04977bb1d/70ed5b72dd0f1d6f/ |
3 KB 3 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
Primary Request
/
cnofqu.cn/login/ |
73 KB 18 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
contextualLoginElementalUIv2.css
cnofqu.cn/login/ |
117 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
api.js
cnofqu.cn/cdn-cgi/bm/cv/669835187/ |
35 KB 9 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
momgram@2x.png
cnofqu.cn/login/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
PayPalSansBig-Regular.woff2
cnofqu.cn/login/ |
25 KB 25 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-PN-check.png
cnofqu.cn/login/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
glyph_alert_critical_big-2x.png
cnofqu.cn/login/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index_2.html
cnofqu.cn/login/ Frame F048 |
3 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index_1.html
cnofqu.cn/login/ Frame 79BF |
573 B 947 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index_4.html
cnofqu.cn/login/ Frame 1D41 |
605 B 959 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
email-decode.min.js
cnofqu.cn/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sprite_countries_flag4.png
cnofqu.cn/login/ |
71 KB 71 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
PayPalSansBig-Medium.woff2
cnofqu.cn/login/ |
18 KB 19 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
result
cnofqu.cn/cdn-cgi/bm/cv/ |
0 660 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
api.js
cnofqu.cn/cdn-cgi/bm/cv/669835187/ Frame 79BF |
35 KB 9 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
result
cnofqu.cn/cdn-cgi/bm/cv/ Frame 79BF |
0 664 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
api.js
cnofqu.cn/cdn-cgi/bm/cv/669835187/ Frame F048 |
35 KB 9 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
api.js
cnofqu.cn/cdn-cgi/bm/cv/669835187/ Frame 1D41 |
35 KB 9 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index_5.html
cnofqu.cn/login/ Frame D8B5 |
8 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index_3.html
cnofqu.cn/login/ Frame 7955 |
97 B 594 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
result
cnofqu.cn/cdn-cgi/bm/cv/ Frame 1D41 |
0 663 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
result
cnofqu.cn/cdn-cgi/bm/cv/ Frame F048 |
0 655 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
styles__ltr.css
cnofqu.cn/login/ Frame D8B5 |
24 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index_6.html
cnofqu.cn/login/ Frame C4FD |
97 B 591 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- tls-ech-experiment-c.cloudflareresearch.com
- URL
- https://tls-ech-experiment-c.cloudflareresearch.com/.well-known/probe
- Domain
- tls-ech-experiment.cloudflareresearch.com
- URL
- https://tls-ech-experiment.cloudflareresearch.com/.well-known/probe
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails object| a0_0x433e function| a0_0x3d7e object| __CF$cv$params6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cnofqu.cn/cdn-cgi/challenge-platform/h/g/flow/ov1/0.06219518370531878:1653134819:51782ba8e5c62f751f5067baff42b7f68349efe081e15593745df0b04977bb1d/70ed5b72dd0f1d6f | Name: cf_chl_seq_98e1b0b02a5460f Value: dnX_X9epLCkw3L1 |
|
cnofqu.cn/ | Name: cf_chl_2 Value: 98e1b0b02a5460f |
|
cnofqu.cn/ | Name: cf_chl_prog Value: x12 |
|
.cnofqu.cn/ | Name: cf_clearance Value: QHvH.eCE.kY8RRko04PaN4cPj6PnZRbPFsOFisH316Y-1653136582-0-150 |
|
cnofqu.cn/ | Name: PHPSESSID Value: r51is56p8b6l2honevjrqp1u73 |
|
.cnofqu.cn/ | Name: __cf_bm Value: VIl3L2B51sggnsRwBZrEijmTfP2pKkj17ID1f3AM598-1653136583-0-AWSsxMgMQLkD0io5z48XrUfibL64JswTr2xw669wvKxP6jZ/3wVn8TBbjddqiAU3XmZdAEO1M3r/KHSZu8l6Fq3dCMTPECGlp7qQXScYdxPJpXuHmxrfga4DPEXT31vwDQ== |
7 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cnofqu.cn
tls-ech-experiment-c.cloudflareresearch.com
tls-ech-experiment.cloudflareresearch.com
tls-ech-experiment-c.cloudflareresearch.com
tls-ech-experiment.cloudflareresearch.com
2606:4700:3033::6815:41c2
0d3118e306c6a26f1d2efcb698984e6922c5e7e155c94a84760e36e5592a3c11
0de7a23402a20ec54542f2d054e7bd9c69ce4f210673e6f86b3e2d434479f307
1de2d01bc3004467c611914daac4cf93fce2f5e6966e6cd252f837da38545ded
1f5f6bf3f1a799bd052ccd946d0abd5c50566fb0f66a2f317ec38ccf34d16f88
1f70ff447ed799a34f4c3ae37ef1f49ed4af71123ba2c2aefe354565354284be
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2ae6779c6c3579643ab6deb5cfb822e843bf637d006a4ec25d9857ec7fb6d8c1
3de2c358acd98dd93f54af55a7d89ae64cca5757d76fb95ae74db8bd63389bdd
4b16c98214d45bedb1513b7fd53a02ce204f6a2091a920c3122fb213168c3139
58c7ba3633269dabe0c93a7832e49970648cd6ea8496561beee9905627d91afe
6131882d03cf90ad07df6e91d3dd3f6191988a16e9ab7b2589153ac49bda670f
6161c9da7924014b1716f550b95140c9b0d846a5266376b9cdb43bc94b989409
729360cf0dbedbd2d9f1267d941d91bb8f6f9574a853dcdaca819a1c56320b85
803354187fcc5909401ba609bd27aa36ae498505b333d89d960ae615cfe972c7
8274869333011c5034e473ebc63eb19f5f100ebb9a88e0b572d6b56d7432f507
9c14b809ca4d5de12a569239d46ab8ef5f7ac1b3804c9801583cbafb66d3e550
a23c3d0c02c2b443dff7b5091f8cf91f3f2e3326801ba7bc88c6e4bc1ca96968
b3f1bf1d5e25838bcad8535a2b700486644f4ea888e46c77d3e82783cb9da1b4
d2847bea03b68a100caf41aca4d972b58368b4ee956ab13dde15963d905d7c24
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f13d3d57565c97a76c9a73591f4e3994c0406e80a1c2fe619a98c99ab6cd4852
f986152d762e2691efa4cd4ee3607dfb8cc0927ab42c52bb30e2c5c5c7e4d020