![](/screenshots/b0e26846-dae2-4536-a013-cdeea28cee69.png)
corporatefunlivd.com
Open in
urlscan Pro
213.226.123.49
Malicious Activity!
Public Scan
Submission: On May 22 via automatic, source openphish — Scanned from DE
Summary
This is the only time corporatefunlivd.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 6 | 213.226.123.49 213.226.123.49 | 49943 (ITRESHENI...) (ITRESHENIYA-AS) | |
1 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 4 | 151.101.129.21 151.101.129.21 | 54113 (FASTLY) (FASTLY) | |
1 | 162.19.88.68 162.19.88.68 | 16276 (OVH) (OVH) | |
8 | 4 |
ASN49943 (ITRESHENIYA-AS, RU)
corporatefunlivd.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
corporatefunlivd.com
2 redirects
corporatefunlivd.com |
422 KB |
4 |
paypal.com
2 redirects
www.paypal.com — Cisco Umbrella Rank: 2338 |
256 B |
1 |
postimg.cc
i.postimg.cc — Cisco Umbrella Rank: 17824 |
2 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 199 |
27 KB |
8 | 4 |
Domain | Requested by | |
---|---|---|
6 | corporatefunlivd.com |
2 redirects
corporatefunlivd.com
|
4 | www.paypal.com |
2 redirects
corporatefunlivd.com
|
1 | i.postimg.cc |
corporatefunlivd.com
|
1 | cdnjs.cloudflare.com |
corporatefunlivd.com
|
8 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
postimg.cc R3 |
2023-04-19 - 2023-07-18 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://corporatefunlivd.com/info/6462926990a81
Frame ID: 908FFFFDB37A51BBF3B1F6DE60229CF1
Requests: 8 HTTP requests in this frame
Screenshot
![](/screenshots/b0e26846-dae2-4536-a013-cdeea28cee69.png)
Page Title
LoginDetected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- http://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js HTTP 307
- https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
- http://corporatefunlivd.com/info/bootstrap.min.css HTTP 302
- https://www.paypal.com/ HTTP 302
- https://www.paypal.com/de/home
- http://corporatefunlivd.com/info/sample.css HTTP 302
- https://www.paypal.com/ HTTP 302
- https://www.paypal.com/de/home
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
6462926990a81
corporatefunlivd.com/info/ |
15 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
multilang.js
corporatefunlivd.com/js/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/ Redirect Chain
|
85 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
home
www.paypal.com/de/ Redirect Chain
|
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
home
www.paypal.com/de/ Redirect Chain
|
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jatch.png
i.postimg.cc/1Rvjw8kq/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
languages.json
corporatefunlivd.com/js/orra/ |
415 KB 416 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
online
corporatefunlivd.com/user/ |
0 0 |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| MultiLang function| $ function| jQuery object| multilang function| onLoad function| langSelectChange function| initList function| refreshLabels object| form9 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
corporatefunlivd.com/ | Name: PHPSESSID Value: 4uta40k8e8mrbbddiddsnellj4 |
|
.paypal.com/ | Name: enforce_policy Value: gdpr_v2.1 |
|
.paypal.com/ | Name: cookie_check Value: yes |
|
.paypal.com/ | Name: LANG Value: de_DE%3BDE |
|
.paypal.com/ | Name: tsrce Value: mppnodeweb |
|
.paypal.com/ | Name: x-pp-s Value: eyJ0IjoiMTY4NDc0NjQzMDM3NyIsImwiOiIwIiwibSI6IjAifQ |
|
www.paypal.com/ | Name: nsid Value: s%3AH_tjVhGufMyksNgUVEGPTRUF60pnjZzc.AfTSShhEDcDqICLiE10bShAGefmWASKlpl%2Fk9XTx07U |
|
.paypal.com/ | Name: ts Value: vreXpYrS%3D1779440830%26vteXpYrS%3D1684748230%26vr%3D42b6665a1880ad009efe712eff4eef4d%26vt%3D42b6665a1880ad009efe712eff4eef4c%26vtyp%3Dnew |
|
.paypal.com/ | Name: ts_c Value: vr%3D42b6665a1880ad009efe712eff4eef4d%26vt%3D42b6665a1880ad009efe712eff4eef4c |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
corporatefunlivd.com
i.postimg.cc
www.paypal.com
151.101.129.21
162.19.88.68
213.226.123.49
2606:4700::6811:180e
14951a95bd430379268e6aee0d25b3fc67a8db3b197ffc04c5b2a46341473df9
469508b4664c2f85861164e12c8842efebc42797533b4203a3691c3bc462b165
46f41440725e888ad2fc80cf56ed824bd9da5102e4c0df3236b8ad6d70d51db1
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
c06fe39e97388fb234ddc75ea9a630d44e5462078da4f5b9692d2d4e0b9e6bba
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855