onion.live
Open in
urlscan Pro
2606:4700:3033::6815:164d
Malicious Activity!
Public Scan
Submission: On May 04 via manual from SE
Summary
TLS certificate: Issued by R3 on April 29th 2021. Valid for: 3 months.
This is the only time onion.live was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 2606:4700:303... 2606:4700:3033::6815:164d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 190.2.139.23 190.2.139.23 | 49981 (WORLDSTREAM) (WORLDSTREAM) | |
3 | 217.23.10.44 217.23.10.44 | 49981 (WORLDSTREAM) (WORLDSTREAM) | |
12 | 4 |
ASN49981 (WORLDSTREAM, NL)
PTR: server73-vm12.openfrost.com
www.haofbi.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
onion.live
onion.live |
208 KB |
3 |
cleverjump.org
cleverjump.org |
6 KB |
1 |
haofbi.com
www.haofbi.com |
5 KB |
0 |
nba1001.net
Failed
web.nba1001.net Failed |
|
12 | 4 |
Domain | Requested by | |
---|---|---|
7 | onion.live |
onion.live
|
3 | cleverjump.org |
www.haofbi.com
cleverjump.org |
1 | www.haofbi.com |
onion.live
|
0 | web.nba1001.net Failed |
onion.live
|
12 | 4 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.onion.live R3 |
2021-04-29 - 2021-07-28 |
3 months | crt.sh |
gothictemple.net R3 |
2021-04-24 - 2021-07-23 |
3 months | crt.sh |
cleverjump.org R3 |
2021-04-05 - 2021-07-04 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://onion.live/
Frame ID: A9466D7FAB8A77D23A2FE05339BCBA68
Requests: 12 HTTP requests in this frame
Screenshot
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
26 Outgoing links
These are links going to different origins than the main page.
Title: לוחות גבס מחיר זאפ
Search URL Search Domain Scan URL
Title: luxury furniture wholesale
Search URL Search Domain Scan URL
Title: how to install popsloader on 5.00
Search URL Search Domain Scan URL
Title: tư vấn quần áo trẻ em thiết kế
Search URL Search Domain Scan URL
Title: summerbreeze
Search URL Search Domain Scan URL
Title: aero booking
Search URL Search Domain Scan URL
Title: dark circles fillers cost
Search URL Search Domain Scan URL
Title: video production tv
Search URL Search Domain Scan URL
Title: อ่านราคาบอล
Search URL Search Domain Scan URL
Title: purchase quality xanax alprazolam bars 2mg tablets online in
Search URL Search Domain Scan URL
Title: dv seo nghia mai
Search URL Search Domain Scan URL
Title: 百 家 樂 推薦
Search URL Search Domain Scan URL
Title: sex escort kl
Search URL Search Domain Scan URL
Title: spider vein adalah
Search URL Search Domain Scan URL
Title: fate the winx saga segunda temporada
Search URL Search Domain Scan URL
Title: citodon 500 mg 30 mg pris
Search URL Search Domain Scan URL
Title: prix carton la poste
Search URL Search Domain Scan URL
Title: 汽車 增 貸 問題
Search URL Search Domain Scan URL
Title: pinay real sex scandal
Search URL Search Domain Scan URL
Title: buy o-dsmt online shopping
Search URL Search Domain Scan URL
Title: huis kopen ibiza
Search URL Search Domain Scan URL
Title: buybestnasdrives.com
Search URL Search Domain Scan URL
Title: ром галиновка
Search URL Search Domain Scan URL
Title: köp hydrokodonpulver
Search URL Search Domain Scan URL
Title: viserotic.com
Search URL Search Domain Scan URL
Title: g suite smtp limit
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
onion.live/ |
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
app.css
onion.live/css/ |
119 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
jquery.js
onion.live/css/ |
276 KB 76 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
jquery.maskedinput.js
onion.live/css/ |
10 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
tongji.js
web.nba1001.net/tj/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
w.js
www.haofbi.com/js/ |
22 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
dixon_card_confirm.PNG
onion.live/css/ |
105 KB 105 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
sprites_cc_global.png
onion.live/css/ |
153 B 153 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
dixon_onboarding_form.png
onion.live/css/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
counter.js
cleverjump.org/ |
5 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hit
cleverjump.org/ |
0 357 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
get-uid.php
cleverjump.org/hit/ |
30 B 326 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- web.nba1001.net
- URL
- https://web.nba1001.net:8888/tj/tongji.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery boolean| shbNetLoaded function| type_carte string| CJSource object| CleverJump1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.onion.live/ | Name: __cfduid Value: db931976337a199f5c46aae148e323e0e1620148070 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cleverjump.org
onion.live
web.nba1001.net
www.haofbi.com
web.nba1001.net
190.2.139.23
217.23.10.44
2606:4700:3033::6815:164d
2c59f4ca58280942a126c626e55193163f215cc852190475369b2e163e736dba
4c52c7d9903a6323363044510ab141e49d23d8f4806443c476ca435c027f7ceb
4f5e849f11b1f3d348b4f504b570ab268f89e735079d46330a80f4df498b96be
79c034a784dce62ea0059b2a0d147e9a13869638cb2ecc50de5b59be6925eeb2
a8ee6706d662cac7d2b85da5498d2e43644fba07a2a1872ba8098ad328c0f21e
a9cfad6fcadd564e96feb3863931fc9b8fd11ca911f4310cb320eac29d7cd63b
c75ef4ed711014b31fe4cc01e7b96ee7723d2fe8b77c7158f45a885f1a15d4ad
cb1ef4607e93916a5dd30beae4617069924cb5f10edb65d8f93468c3fbdc1dc4
cd6eefcff316ce129d620cbaccda166d51e2afcd17b799ccf89e4ad47fbdbc32
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fd9c3b5363ffa083a4efd9ac61e7e6a83f1a9f240db0a2d43fe2904eecb73fff