forum.lccmg.org
Open in
urlscan Pro
157.7.184.15
Malicious Activity!
Public Scan
Effective URL: http://forum.lccmg.org/wp-modules/confirm/new/update/d13933cd662fb155d6cdb37e8c922ce6/secureaccount.php?country.x=DE&lo...
Submission: On April 22 via manual from US
Summary
This is the only time forum.lccmg.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 194.55.12.222 194.55.12.222 | 197540 (NETCUP-AS...) (NETCUP-AS netcup GmbH) | |
3 8 | 157.7.184.15 157.7.184.15 | 7506 (INTERQ GM...) (INTERQ GMO Internet) | |
5 | 23.210.248.226 23.210.248.226 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
11 | 3 |
ASN197540 (NETCUP-AS netcup GmbH, DE)
PTR: v22018107160276001.nicesrv.de
gutscheinkartenshop24.de |
ASN7506 (INTERQ GMO Internet,Inc, JP)
PTR: e5.valueserver.jp
forum.lccmg.org |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-210-248-226.deploy.static.akamaitechnologies.com
www.paypalobjects.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
lccmg.org
3 redirects
forum.lccmg.org |
48 KB |
5 |
paypalobjects.com
www.paypalobjects.com |
148 KB |
1 |
gutscheinkartenshop24.de
gutscheinkartenshop24.de |
407 B |
11 | 3 |
Domain | Requested by | |
---|---|---|
8 | forum.lccmg.org |
3 redirects
forum.lccmg.org
|
5 | www.paypalobjects.com |
forum.lccmg.org
|
1 | gutscheinkartenshop24.de | |
11 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
gutscheinkartenshop24.de Let's Encrypt Authority X3 |
2019-03-06 - 2019-06-04 |
3 months | crt.sh |
www.paypal.com DigiCert SHA2 Extended Validation Server CA |
2018-08-14 - 2020-08-18 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://forum.lccmg.org/wp-modules/confirm/new/update/d13933cd662fb155d6cdb37e8c922ce6/secureaccount.php?country.x=DE&locale.x=de_DE&customer.x=ID-PA$1$V.Sx.h0H$KEPhs4udjDnc/a/J7/H8S.&safety=M6HVL36yzafwl81AkI13Pdsdft83Q2o94b1Z0N40YdKi2bd6j0SeOD9b61p5uF10vemRrTadU8xW474ecnqECa7hX1GJgB
Frame ID: EDF35F29673C31503D83BABB6029B1BC
Requests: 11 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://gutscheinkartenshop24.de/home/redirect.html Page URL
-
http://forum.lccmg.org/wp-modules/confirm/new/update/
HTTP 302
http://forum.lccmg.org/wp-modules/confirm/new/update/to.php HTTP 302
http://forum.lccmg.org/wp-modules/confirm/new/update/d13933cd662fb155d6cdb37e8c922ce6 HTTP 301
http://forum.lccmg.org/wp-modules/confirm/new/update/d13933cd662fb155d6cdb37e8c922ce6/ Page URL
- http://forum.lccmg.org/wp-modules/confirm/new/update/d13933cd662fb155d6cdb37e8c922ce6/secureaccount... Page URL
Detected technologies
Debian (Operating Systems) ExpandDetected patterns
- headers server /Debian/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://gutscheinkartenshop24.de/home/redirect.html Page URL
-
http://forum.lccmg.org/wp-modules/confirm/new/update/
HTTP 302
http://forum.lccmg.org/wp-modules/confirm/new/update/to.php HTTP 302
http://forum.lccmg.org/wp-modules/confirm/new/update/d13933cd662fb155d6cdb37e8c922ce6 HTTP 301
http://forum.lccmg.org/wp-modules/confirm/new/update/d13933cd662fb155d6cdb37e8c922ce6/ Page URL
- http://forum.lccmg.org/wp-modules/confirm/new/update/d13933cd662fb155d6cdb37e8c922ce6/secureaccount.php?country.x=DE&locale.x=de_DE&customer.x=ID-PA$1$V.Sx.h0H$KEPhs4udjDnc/a/J7/H8S.&safety=M6HVL36yzafwl81AkI13Pdsdft83Q2o94b1Z0N40YdKi2bd6j0SeOD9b61p5uF10vemRrTadU8xW474ecnqECa7hX1GJgB Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- http://forum.lccmg.org/wp-modules/confirm/new/update/ HTTP 302
- http://forum.lccmg.org/wp-modules/confirm/new/update/to.php HTTP 302
- http://forum.lccmg.org/wp-modules/confirm/new/update/d13933cd662fb155d6cdb37e8c922ce6 HTTP 301
- http://forum.lccmg.org/wp-modules/confirm/new/update/d13933cd662fb155d6cdb37e8c922ce6/
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
redirect.html
gutscheinkartenshop24.de/home/ |
101 B 407 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
/
forum.lccmg.org/wp-modules/confirm/new/update/d13933cd662fb155d6cdb37e8c922ce6/ Redirect Chain
|
285 B 670 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
secureaccount.php
forum.lccmg.org/wp-modules/confirm/new/update/d13933cd662fb155d6cdb37e8c922ce6/ |
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
forum.lccmg.org/wp-modules/confirm/new/update/d13933cd662fb155d6cdb37e8c922ce6/open/js/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
xappx.css
forum.lccmg.org/wp-modules/confirm/new/update/d13933cd662fb155d6cdb37e8c922ce6/open/css/ |
108 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
xsecx.js
forum.lccmg.org/wp-modules/confirm/new/update/d13933cd662fb155d6cdb37e8c922ce6/open/js/ |
268 B 489 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
monogram@2x.png
www.paypalobjects.com/images/shared/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
animation-oval.png
www.paypalobjects.com/images/shared/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalSansBig-Light.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ |
48 KB 48 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalSansSmall-Light.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ |
46 KB 46 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PayPalSansSmall-Regular.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ |
46 KB 47 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
forum.lccmg.org
gutscheinkartenshop24.de
www.paypalobjects.com
157.7.184.15
194.55.12.222
23.210.248.226
12bec3e411f30e9f988a001dc06817aef7a8d2513fb2e78c989d75a4946714de
2a2cacf1f67863eedabdf29f70e2ad64391a1a1cb005f722fea3fe5e3c47230d
51aea49d9646a985092c42d01189362d1a02c4127f01ec689f83153bd1078f7a
544dfa59462862db7bafc2d2e4b3925ac3eacb11e52834916df02bd1cda19b1d
843e67ad522a908162007f4b7601819a5bbfef00e38ac7aec778766da8b7b2ab
92cb65c1ae82f34349e9e5ab6b5b05f536d08f649f8c6e7dda94a80aeb93a770
ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8
c599c554590d1a336ffcb9627f6caaac34b6228f60e15f5f25454bff38facb7e
cb6a38ebe62ef1e28c8202542df0e148c4d369f389b8ec4f88e5e5a156bfbd5c
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d
fd7b4a21981e9d86de41dba75185c948797d7c4f10944f8a202bee6fe8f03b7b